Kodewerx

Our culture has advanced beyond all that you could possibly comprehend with one hundred percent of your brain.
It is currently Thu Feb 20, 2020 7:50 pm

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 159 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
PostPosted: Sat Jun 23, 2007 12:40 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
Hiei-YYH wrote:
kenobi, can you explain something to me

94000130 FCFF0000
B21C4D28 00000000
B0000004 00000000 < this line, i don't get it, it loads from the same offset +4 ?
0000AA3C EDB88320
2000AA68 00000007
D2000000 00000000


Nope.
First we assume that the offset is cleared before your codes (offset=0).
Then let's say that at 0x021C4D28 you have 0x02000000, and that at 0x02000004 you have 0x02234568

Now B21C4D28 00000000 loads the value at [offset+0x021C4D28] into the offset. That means the offset is now 0x02000000.

B0000004 00000000 loads the value at [offset+0x00000004] into the offset. As the offset was 0x02000000, the offset is now [0x02000004] = 0x02234568.

After that, your code
0000AA3C EDB88320
writes 0xEDB88320 at [offset+0x0000AA3C], ie at 0x02234568+0x0000AA3C = 0x223EFA4.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 23, 2007 2:49 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
Hiei-YYH wrote:
HyperHacker wrote:
I don't think Renegade needs to be updated for that, just find the address emulated RAM is stored at and update emulators.cfg.


if you're talking about the search functionality maybe not, but in geral it needs updates, i can't find any pointer that point to the start of the nds ram (in no$gba) that didn't change after i closed the emulator, i just found pointers that point to the start of the data block (like -10000h of difference) which by the way, all the emulators give me memory allocation errors so all the pointers (and the ram specific addresses) that is in emulator.cfg may be fixed for who wrote the file. but not for me and the others... "RAM is not the same for everyone" only if the emulator coding has a specific address for pointer in the coding. And for ards support, just 2 ards code types that are supported, and just the normal 8/16/32bit are working without any bugs, the pointer codes just write in 32bit mode, it doesn't matter if you use 2 1 or 0 as code type and this sometimes is big problem.
Sounds like No$GBA may be a case of pointer-to-pointer-to-data, where the data and second pointer move around. It may even be intentionally trying to make this procedure difficult. If nothing else, you can locate the RAM and edit emulators.cfg every time you run the emulator.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 25, 2007 2:04 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Sun May 27, 2007 7:43 pm
Posts: 775
Location: Makai
Title: The HENTAI M@ster
HyperHacker wrote:
Hiei-YYH wrote:
HyperHacker wrote:
I don't think Renegade needs to be updated for that, just find the address emulated RAM is stored at and update emulators.cfg.


if you're talking about the search functionality maybe not, but in geral it needs updates, i can't find any pointer that point to the start of the nds ram (in no$gba) that didn't change after i closed the emulator, i just found pointers that point to the start of the data block (like -10000h of difference) which by the way, all the emulators give me memory allocation errors so all the pointers (and the ram specific addresses) that is in emulator.cfg may be fixed for who wrote the file. but not for me and the others... "RAM is not the same for everyone" only if the emulator coding has a specific address for pointer in the coding. And for ards support, just 2 ards code types that are supported, and just the normal 8/16/32bit are working without any bugs, the pointer codes just write in 32bit mode, it doesn't matter if you use 2 1 or 0 as code type and this sometimes is big problem.
Sounds like No$GBA may be a case of pointer-to-pointer-to-data, where the data and second pointer move around. It may even be intentionally trying to make this procedure difficult. If nothing else, you can locate the RAM and edit emulators.cfg every time you run the emulator.


i just use the +10000h pointer, and all the codes that i use there i just add those 10000h, i hope viper fixes that later.

@kenobi
Then this is like a addition to the offset? like your hack.

_________________
Image
DO NOT send me code requests/conversions via pm. I DON'T GIVE PERMISSION, READ THE FUCKING RULES.
I Hate You So Much!!! Fuck & Peace!

Everyone has AIDS!
My grandma and my dog 'ol blue
My father
My sister
My uncle and my cousin and her best friend
The pope has got it and so do you.


My SITE

My Official Code Breaker DS Codes


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 25, 2007 2:36 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
Does the pointer always point to 0x10000 before the beginning of RAM? Maybe all that's needed then is the ability to add an offset to the pointer.

Actually NDS RAM could be a problem, since it has remappable VRAM and ITCM. Who knows how a given emulator handles that...

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 25, 2007 5:58 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Sun May 27, 2007 7:43 pm
Posts: 775
Location: Makai
Title: The HENTAI M@ster
HyperHacker wrote:
Does the pointer always point to 0x10000 before the beginning of RAM? Maybe all that's needed then is the ability to add an offset to the pointer.

Actually NDS RAM could be a problem, since it has remappable VRAM and ITCM. Who knows how a given emulator handles that...


yes, there are only fixed pointers with +10000h of distance or more. i checked in a debugger, it's coded in the emulator, so this pointer is fixed.

i was talking with Viper in mirc, if he can use the artmoney emulator configuration file as base, since it works with me and believe with everyone lol

NO$GBA 2.4b;NO$GBA.EXE
;NDSRAM 4mb;02000000;P0046D998,10000;400000

;text;Base address;pointer address;pointer offset add or sub;ram size

_________________
Image
DO NOT send me code requests/conversions via pm. I DON'T GIVE PERMISSION, READ THE FUCKING RULES.
I Hate You So Much!!! Fuck & Peace!

Everyone has AIDS!
My grandma and my dog 'ol blue
My father
My sister
My uncle and my cousin and her best friend
The pope has got it and so do you.


My SITE

My Official Code Breaker DS Codes


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Sun Jul 15, 2007 4:56 pm 
Offline
Kommunist
Kommunist

Joined: Mon Jul 09, 2007 3:57 pm
Posts: 1
Parasyte wrote:
Here are some universal Activator codes which will work on all games:

Activator 1 (GBA buttons):
94000130 xxxx0000

For xxxx:
FFFE: A
FFFD: B
FFFB: Select
FFF7: Start
FFEF: Right
FFDF: Left
FFBF: Up
FF7F: Down
FEFF: R
FDFF: L


Activator 2 (NDS buttons):
927FFFA8 xxxx0000

For xxxx:
FBFF: X
F7FF: Y
DFFF: Debug Button (not available on commercial NDS)
7FFF: NDS not folded


To combine one or more buttons together, use bitwise AND:

(A & B) = (FFFE & FFFD) = FFFC



I don't really get how to combine the buttons.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 15, 2007 5:58 pm 
BITWISE AND!


Top
  
Reply with quote  
PostPosted: Sat Jul 21, 2007 6:14 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Sun May 27, 2007 7:43 pm
Posts: 775
Location: Makai
Title: The HENTAI M@ster
dlong wrote:
BITWISE AND!


I think this will make him more confused :lol:

_________________
Image
DO NOT send me code requests/conversions via pm. I DON'T GIVE PERMISSION, READ THE FUCKING RULES.
I Hate You So Much!!! Fuck & Peace!

Everyone has AIDS!
My grandma and my dog 'ol blue
My father
My sister
My uncle and my cousin and her best friend
The pope has got it and so do you.


My SITE

My Official Code Breaker DS Codes


Top
 Profile  
Reply with quote  
PostPosted: Sat Jul 21, 2007 10:47 am 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:46 pm
Posts: 2331
Location: *poof*
Title: The Mad Hacker
Windows calculator has an AND button so have at it.

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Sat Jul 21, 2007 11:51 am 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
That is, if he can figure out how to put it in Scientific mode. Assuming he has a brain, it shouldn't be difficult.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 06, 2007 7:14 pm 
Offline
Kommunist
Kommunist

Joined: Tue Feb 27, 2007 12:06 pm
Posts: 51
Just an early heads up, new Action Replay DS firmware is due out later this week or next week.

Only thing new are the code types present in the Trainer Toolkit that the AR itself didn't have.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 23, 2007 2:26 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
Just upgraded to 1.54.

They seem to have made some "big" changes in their code handler's code type handling (they use a table instead of fixed jumps, so some 'old' ar hack would not work anymore). I'll study it and report what's new/changed.

Edit :
NDS AR HACKs #4 and #5 should still be working correctly (ie. asm execution hack, and memory copy hack). However the registers used changed, so if your hack relied on the AR's Code handler register, it'll not work properly.

Codes type C4, C5 and C6 have been added (check the TT's code list to know what they do).

Code type DB's bug is corrected.

The TT's code handler seems to be the same than the one that came with the AR 1.52 (its versions are : body v0.08, hook v0.04, patcher v0.03, code engine v1.22...).

And if an "IF" code type's address is zeroed, the offset is used.


Edit2 :
Small warning about the C5 code type. It doesn't work the same way on the AR v1.54 and the Trainer Toolkit :/
On the AR, the counter is increased each time a C5 code type is encountered (even if the execution status is false), compared on the TT where is it 'timer based'. That is bad, because if two different person make codes using the C5 code type, the result will be wrong (the counter will be increased by 2 everytime the AR code handler is executed). Also, the address at which the counter is stored is weird (it's 023200B8 - that could be/is in the middle of the game data?).
So I advice not using the C5 code type until it has been fixed. I'll make some hack(s) later (at least to change the address).


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 28, 2007 12:16 am 
Offline
Kommunist
Kommunist

Joined: Wed Jun 27, 2007 10:25 am
Posts: 14
is it possible for it to be use on an emulator?


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 28, 2007 12:32 am 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
No$GBA can run the ROM, but there's no way to load a game.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 28, 2007 2:16 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
Small hack for some AR v1.54 codes type (they'll only work for the AR v1.54, using the auto hook system (ie. when no custom (m) code are used)):

This hack will make the C5's code type's counter be inside the code handler (at 0x023FE578) :
523FE324 E5923000
023FE324 E59F324C
023FE32C E58F3244
D2000000 00000000
Could prevent some crashes/bugs when using the C5 code type.


This other 'hack' will make the C5's code type work 'properly', ie. the counter will only be increased once each time the code handler is executed (and not each time a C5 code is executed), and the counter will be inside the code handler (at 0x023FE578) :
523FE324 E5923000
023FE324 E59F324C
023FE328 E1A00000
023FE32C E58F3244
D2000000 00000000
D9000000 023FE578
D4000000 00000001
D6000000 023FE578
D2000000 00000000


Finally, this hack will make the AR If... codes use address+offset if the address of the code is not 0ed (instead of the address alone). Not quite sure if it'll be useful or not... :
Enable address+offset on If... codes :
023FE128 11A04005

Disable address+offset on If... codes :
023FE128 11A04000

I might update the docs in the first post later on.


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 24, 2007 9:41 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Thu Nov 15, 2007 9:59 am
Posts: 3
Location: Arnstadt (Germany)
With firmware v1.54 and the asm hack, what's the current status of the register usage?

I already learned the hard way that I must preserve r6 now. Can I still use r8 and r12 freely? (I assume there's no problem with r0-r3).

Can I still calculate and put the offset into r10 in order to be used outside the asm afterwards?


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 24, 2007 11:00 am 
Why don't you just push everything before your routine and pop everything afterwords?


Top
  
Reply with quote  
 Post subject:
PostPosted: Sat Nov 24, 2007 2:08 pm 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
But the best part about AR hack #4 is not having to find hooks OR push registers! :/

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 24, 2007 2:41 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Thu Nov 15, 2007 9:59 am
Posts: 3
Location: Arnstadt (Germany)
dlong wrote:
Why don't you just push everything before your routine and pop everything afterwords?
Well, why spend cycles pushpopping when you don't need to? According to no$gba, stmfd [r13]!, {r0-r12, r14} takes a whopping 15 cycles and the corresponding ldmfd even 16 cycles on the ARM7TDMI, and those are probably only machine cycles not taking into account memory access.

Anyways, sometimes one wants to make use of the registers that have useful functions, and thus one might want to know what the exact functions are ...


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 24, 2007 6:15 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
I'll look at the new registers soon, and update the informations.


Top
 Profile  
Reply with quote  
PostPosted: Sun Nov 25, 2007 10:29 am 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
Bleh that previous post was unneeded, now I have to double post to let you know I added the data in the from page.

Here is what I added :

Update : ARv1.54 Registers :
These ones can be used freely :
r0 = holds the address of the E code type plus the offset (0XXXXXXX + offset)
r1 = holds the starting address of the E code type data (what I used for the bx)
r2 = Data (holds the number of bytes of data you entered in the E code type)
r3 = Code type (0x0000000E)
r4 = Address (without code type), or offset if address=0.
r5 = holds the address of the E code type plus the offset (0XXXXXXX + offset)
r8 = holds what the next 'execution status' data would look when set to true
r11 = holds what the next 'execution status' data would look when set to false
r12 = Current execution status


These ones shouldn't be changed, unless you know what you are doing :
r6 = (holds the number of bytes of data you entered in the E code type)
r7 = Holds the offset of the E code type data
r9 = Offset
r10 = (holds the 'execution status' data)
r13 = (SP)
r14 = (LR)


Last edited by kenobi on Tue Nov 27, 2007 4:43 am, edited 2 times in total.

Top
 Profile  
Reply with quote  
PostPosted: Sun Nov 25, 2007 10:57 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Thu Nov 15, 2007 9:59 am
Posts: 3
Location: Arnstadt (Germany)
That's excellent, it helps me a lot :D Thank you so much.


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 26, 2007 2:02 am 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
I corrected the r7 register information (used to be 'address of the next code to be executed').

FYI, the address of the next code to be executed is somewhat computed like that :
x = r7+(((r6+7)>>3)<<3)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Nov 26, 2007 12:18 pm 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
Does it seriously do two shifts when a bit clear does the same thing? XD

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Tue Nov 27, 2007 4:40 am 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
Erm sorry. I guess I was a bit tired (stupid excuse, heh?).
r7 is not the address, but an offset (to add to the starting address of the code list).

So my phrase should be changed to :

"FYI, the offset of the next code to be executed is computed like that :
x = r7+(((r6+7)>>3)<<1)"

Then the AR adds that offset<<2 to the starting address of the code list.

I might also add that :
[r13] = # of times to repeat when a D1/2 code is encountered (=data of the C code type)
[r13+4h] = offset of the code to go to when a repeat is executed.
[r13+8h] = execution status poped when a repeat is executed.
[r13+Ch] = Dx Data register
[r13+10h] = # of codes in the code list
[r13+14h] = address in ram of the start of the code list


Top
 Profile  
Reply with quote  
PostPosted: Thu Dec 20, 2007 2:31 pm 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
Updated ASM to ARDS to version 1.01. Added support for the Trainer Toolkit and Nitro Hax.
Check the bottom of the first post of this thread to find the tool.


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 02, 2008 9:54 am 
Offline
Kommunist
Kommunist

Joined: Sat Aug 11, 2007 11:50 am
Posts: 39
I'm looking at this code type:

Code:
Add a value to the Dx Data Register :
-------------------------------------

Type D4 : adds the value of the code to the data register used by D6~DB.
D4000000 XXXXXXXX : adds XXXXXXXX to the 'Dx data'.
More arithmetical/logical operations can be set using the 'NDS AR HACK #2'.


and I'm wondering - is there a way to do the reverse? I mean, instead of add the value, subtract it? I used to do some code hacking on the PS1 Gameshark/AR, and it had code types for both incrementing and decrementing, which is why I'm surprised I don't see an obvious way to do this on DS.


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 02, 2008 11:59 am 
Offline
Kommunist
Kommunist

Joined: Tue Oct 10, 2006 9:32 am
Posts: 445
A substract code is 'useless'. To substract Y, just add the 32-bits value not(Y)+1...

Ie. if you want to substract 1, add 0xFFFFFFFF. If you want to subtract 0x123, add 0xFFFFFEDD...


Top
 Profile  
Reply with quote  
 Post subject: Re: QUESTIONS
PostPosted: Fri Jun 13, 2008 1:33 pm 
Offline
Kommunist
Kommunist

Joined: Tue Jun 03, 2008 12:53 pm
Posts: 10
kenobi wrote:
Just posted NDS AR HACK #4 : Execute custom asm routine.
Here is a concrete exemple on how it works, tested on the real HW, for Super Mario 64 DS (ASMEN1J12 / 1J22) :

023FE074 E3520003 // first part
E2098930 00000004
00000001 00000000
94000130 FCFF0000 // second part
023FE074 012FFF31
E0000000 00000014
E59F0008 E3A02063
E5802000 E12FFF1E
02098930 00000000
D2000000 00000000


The first part of this code is the 'normal' E code type, that will copy 00000001 to the address where the lives are stored.
So you get one life.

The second part of the code uses the hack I made.
When L+R are pressed, it will execute the following ASM code :
E59F0008 // ldr r0,=02098930h
E3A02063 // mov r2,63h
E5802000 // str r2,[r0]
E12FFF1E // bx r14
02098930 // (data used by the first instruction)

which gives you 99 (63h) lives.




hello,i am trying to understand and use ar codes and asm with it.i have trying using this code on my ds,(i use TTDS card,i have mario ds original cartidge and this for homebrew,and because it has ar chat ,i use also for experiment with cheats.
After several attempts ,and i thought maybe this card only support normal ar cheats and doent this kind of chats (executing asm) ,i was able to make it run.
The version is EU .

And this is the code:


023FE074 E3520003
E2098930 00000004 //02098930 is memory region for lives in eu cartidge
00000001 00000000
023FE074 012FFF11
94000130 FFF30000 //it does not run
E0000000 00000014
E59F0008 E3A02063
E5802000 E12FFF1E
02098930 00000000 //02098930 is memory region for lives in eu cartidge
D2000000 00000000
0209F2F4 00000063


I dont understand why you put 023FE074 012FFF31 if according your info is 11,altough it works also

and can you explain what do the two last lines,if i dont use ,it doesnt run,but it is suppoused the code ends when you freeze the hack and finish with the data used by the first instruction


The patch key also doesnt work,i use also the r4cce editor and add it with it ,but the code runs without press the key


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 14, 2008 11:34 am 
Offline
Kommunist
Kommunist

Joined: Sat Nov 18, 2006 10:11 am
Posts: 108
Code:
023FE074 E3520003
E2098930 00000004 //02098930 is memory region for lives in eu cartidge
00000001 00000000
023FE074 012FFF11
94000130 FFF30000 //it does not run
E0000000 00000014
E59F0008 E3A02063
E5802000 E12FFF1E
02098930 00000000 //02098930 is memory region for lives in eu cartidge
D2000000 00000000
0209F2F4 00000063


My question would be why you have 0209F2F4 00000063 after ending the code with D2... if you wanted to end the if statement it should be D0.

_________________
Image


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 159 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot], Yandex [RuBot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group