TT Rom Patcher v1.72 by Kenobi - Kodewerx rulez !



          !!! Don't try to unpatch a v1.50 (or higher) patched rom
 !!!

                      !!! using an older TTRomPatcher !!!

(means delete the old versions and only keep the latest one to avoir troubles)



Update in version 1.72 :


-fixed a problem in 1.71 changes, for games that have been patched with an
older version of the tool.

-fixed also another stupid bug (used 0xEA100000 instead of 0xE1A00000) I added
in 1.71, and which made some games not work on some devices.




Update in version 1.71 :


-fixed a problem with some games that had values written at 0x88 (or 0x1FC).
The original values are now backed up, and restored when unpatching.




Update in version 1.70 :


- added a new patch that fixes the Trainer Toolkit "communication crash" on some
devices. That means roms patched with TT Rom Patcher now work fine on EZ-Flash,
Yasu's firmware, and the next version of AKAIO (1.5).


- added support for parameters. That means, in case dropping a file on the tool
doesn't work on your OS, you can drag/drop the file on the executable itself
(or on a shorcut to the executable) and the path of the file will be used by
TT Rom Patcher when it starts. You can also run the tool using a command line,
giving the full path of the game as a parameter :

>TTRomPatcher c:\rom.nds

(if the tool is in the same folder than the game, you only need to enter the
game's file name, not the full path).

Thanks to Normmatt for the parameters' idea !


- Now, when you start a game :

*press right to totally disable the Trainer Toolkit hardware checks and the
hooking of the game. That way, if you don't have the Trainer Toolkit in your DS,
or if you use an emulator, you can still play the game normally.

*press left to only disable the Trainer Toolkit hardware checks. The hook will
still be applied. That means if you patched your game with the "Action Replay",
it'll work fine (the "Action Replay" will be executed normally). Of course, if
you patched your game using "Trainer Toolkit" and press left, the game might just
crash, as the hook will point to the Trainer Toolkit hardware which might not
have been initialised, and might contains random data.


FYI:

*CycloDS is still troublesome (because of it's "infinite loop"), so you need to
remove the Trainer Toolkit before loading the game, and reinsert it once the
game has loaded, on the white (or black, depends of the games) screens. A new
CycloDS firmware, that fixes this "infinite loop", is needed.

*AK2i official firmware is also giving troubles, and isn't compatible at all
with the Trainer Toolkit, despise all the tries I've done. A new AK2i firmware,
that enables GBA SLOT access to ARM7, is needed (or use AKAIO 1.5 when it'll be
out).

*Finally, some cards have their own patches that can crash games patched with
the TT Rom Patcher (like SCOne patches). So if you encounter any problem (crash
on loading), disable all the unnecesserary patches done by your flashcard
(like reset, save state...).




Update in version 1.50 :


- changed the patch applied to the ROM. Now the patch kinda waits for the
Trainer Toolkit's hardware to be ready before applying itself. I also changed
the location of the data to compress in ARM7, to avoid any conflict with the
devices' firmwares' patches. Finally, I try to force the EXMEMCNT value to
0xE880. These changes allow the TTRomPatcher's patches to work on almost all
devices/firmwares. However, for some of them, you'll get white screens. This
applies to CycloDS, EZVi, AKAIO, AK2i, and Yasu. To make the TT work for these
devices/firmwares, you need to remove the Trainer Toolkit's hardware before
launching the game, and insert it when you have two white screens. It might not
work for all games, and might create a desync between ARM7 and ARM9 (sound
problem)). To fix the compatibility for these devices, their firmware should be
updated to set EXMEMCNT (0x04000204) to 0xE880 (for AKAIO and AK2i), and all of
them must also check if the Trainer Toolkit is inserted (this check is simple :
str a value at 0x08800000, ldr the value from 0x08800000. If the value readen is
the same than the value written, that means the Trainer Toolkit is inserted and
no other GBA SLOT access should be made, else the Trainer Toolkit communication
will crash). Finally, the CycloDS hangs when starting a game (even a non-patched
one) when the Trainer Toolkit is inserted, so there could be an infinite loop
somewhere in the firmware that should be fixed. Some other combinaison of
games/firmwares could give white screens (like Tales of Innocence on the R4,
because the firmware 
patches the game to force EXMEMCNT to 0xE800, disabling
ARM7 access to the GBA Slot).



- added a "Action Replay" option. If you have a file with a code handler in ARM
and some codes, name it AR.bin and put it inside the TTRomPatcher's folder.
That way, when a game will be launched, the TTRomPatcher's patches will write
the code handler in the RAM and will create a hook for it (using ARM7). The code
handler and the codes must be in the same file. It allows you to apply cheats
even if your device(/emu) doesn't support them (properly).


- made that when the rom's header is changed (when using the "copy to rom"
option) some unused byte in the header are changed so the crc16 (used for
the CBDS ID CODE) and the crc32 (used for the ARDS ID CODE) will still be the
same. This feature adds a small delay when patching a rom. However, with this
v1.50 version, the "compress ARM7" should always be used switch to "copy to rom"
only if "compress ARM7" doesn't work - btw, the CycloDS doesn't support
"copy to rom" at all).




Update in version 1.10 :

- Added a 'Compress ARM7'/'Copy to ROM' option.
Compress ARM7 means the tool will work like v1.00 (it's on by default).
Copy to ROM means the ARM7 and the TT.bin data will be merged and
copied at the end of the rom file (if there are enought room), and the ARM7
informations will be updated in the ROM header. That mode might make the
patching more compatible with devices other than the R4/M3.
Note that for that mode to work, the free size at the end of the ROM must be
filled with 0xFF. The needed size is : ARM7 size + TT.bin size + 0x210.


- Added some waiting before and after accessing a file, to avoid exception due
to the slow access of the MicroSD cards. Makes the tool a bit slower :/




Trainer Toolkit v1.00 :


This tool allows you to inject a "program" in the Trainer Toolkit.
It will patch the rom for that purpose (compress the start of the ARM7,
insert the "program" and the decompressing/patching routines). It'll also create
a hook in the ARM7 executable, so the "program" gets executed hundreds of times
per seconds.

The "program" you're injecting can be anything (custom made code handler,
communication... Must be ARM, and end with a bx lr), but it can also be the
Trainer Toolkit executable. It must be named "TT.bin", and placed inside the
executable folder.

To make a dump of your Trainer Toolkit, you need a Trainer Toolkit and
an Action Replay (v1.52 or higher). Boot the DS with the AR and the TT
(plugged into the PC). Launch the TT software, open the Hex View, and make a
dump of the 0x08800000~0x08800930 area.

The tool allows you to patch and unpatch games. Also, if the M3/R4 cheat system
is used, it'll create the hook on it. Finally, if you patched your game but
don't wanna put the TT in the GBA slot for any reason (for exemple because you
are using another hardware, like the DSMotion), you can enable/disable the
patching by pressing Right on the Dpad when launching the game (else the game
will just crash).

It will also give you some info on the game you drag&dropped on it (internal
name, CBDS and ARDS ID Codes).

Finaly, the tool tries to patch the game in an "invisible" manner (ie. nothing
will be left in ram after it has been executed). So you shouldn't change the
"LZ77 routine address (F0h)" address (default is 0x03800000). In case you do,
the tool will make sure the new address doesn't overwrite the ARM9/ARM7
executables.

There are some limitations :

- as the TT must be plugged in the GBA port, the game must be launched with a
"Slot-1" device. (It's been tested on the M3(/R4)).

- as the "program" runs off the Trainer Toolkit hardware, the NDS must allow
the ARM7 to access the GBA port (AFAIK it's always "true" when the DS boots.
However the latests R4/M3 kernels patches some games (Tales of Innocence)
and disable the ARM7 GBA access. In this case, use an older R4/R3 kernel).

- the TT hardware seems to only allow 32bits accesses, and some of its addresses
are registers used for PC-communication purposes. Keep that in mind if you're
planning to use a custom "program".

- sometimes the ARDS hook found by the tool will freeze the game at some points,
and will disable the touchscreen functions. That happens for exemple on DDKR
(when a race starts). I tried to detect when this happens (you'll get a
warning), and the tool can also find the next "valid" hook. However that is not
perfect, and the next "valid" hook might not work, or a supposely problematic
hook is actually working fine. So if you have any freezing, try changing the
hook code number, and/or disable the "Fix ARDS hook Freezing". You'll know
you'll need to change the hook when, while the game is freezing, auto-refreshing
the Hex View unfreezes it temporarily. You can also use the "Para's IH ARM7"
hook (but it won't get executed as much times as the ARDS hook, so it could be
problematic when testing/creating codes for the ARDS.).

- as the tool patches the rom in an "invisible" manner, it should work with any
game. However, the codes created might need a custom ARDS (m) code to work
properly on the ARDS hardware (like ACWW). That being said, the "devices" need
to patch the game, and might not find the data they need to patch especially
when the "compression" option of the TTRomPatcher is used. So Prefer the
"Copy to Rom" option (but this option needs some empty data at the end of the
rom file, so don't trim them too much).



