News:

As a consequence of the forum being updated and repaired, the chatbox has been lost.
However, you can still come say hi on our Discord server!

Main Menu

Gba Programming For Beginners

Started by charleysdrpepper, 09, July, 2009, 10:32:00 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Daddy Poi's Oily Gorillas

http://www.loirak.com/gameboy/gbatutor.php

Look through it, you will love it!! I decided to post this as soon as I was able to get HI to come up on my GBA emulator, fascinating.

If you have any questions ask here. ~Thank you.


P.S. when we upload files and link to, it is okay to link to .c extensions if you custom make them?

This post has been edited by charleysdrpepper on Jul 9 2009, 09:36 PM
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)

Salanewt

Oh, thank you. This should be very helpful when I am trying to edit games (since if you make your own ROM, then you can practice easily with HEX editing (you might know what everything is).

Have a nice day.
:MercurySet:  :MercuryDjinni:  
Oh yeah baby, £ me harder.

Fusion is just a cheap tactic to make weak Adepts stronger.

Yoshi's Lighthouse is a hacking website in progress. Why not check it out if you like Yoshi or the Mario & Luigi games?

Daddy Poi's Oily Gorillas

HEX editing, uhh I don't know about that..?


This is pretty much made with C programming language, right?, so those who know C have a benefit!


Not saying all roms are made from C though, because I don't know.

This post has been edited by charleysdrpepper on Jul 9 2009, 10:04 PM
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)

Charon

Hex editing is quite literally changing the bytes one by one in Hex. Hex Bytes are two numbers long, such as 0x00, 0x50 or 0xA7. You can use Windows Calculator to convert Decimal to Hex, but there's also a way to do it on paper.

Take the number 32. Since Hex is base 16, we need to divide it by different values of 16, like 1 (16^0), 16 (16^1), 256 (16^3) ect. First we divide it by the biggest possible value. That's 16, and it goes in two times. This is out place 2 number, so we put in 2.

0x2?

Now we divide what's left over by 1. Nothing's left over, so you get 0.

0x20.

Now you know. :3

To convert back works the opposite way. The different place values, as I pointed out before, are based on multiples of 16. So the first place is 1, second place are 16s, third place are 256's...

So then you just multiply the place values with their corresponding multiple number, then add them together.

0x0 = 0
16x2 = 32.

Don't forget A=10, B=11, C=12, D=13, E=14 and F=15.

Also...

The processor of the GBA is known as ARM7, and the language is often times called ASM (for assembly). There are two kinds of ASM codes - ARM and THUMB (you may have noticed this in the disassembler); the real difference I believe is their bit, which affects performance (ARM is more versatile while THUMB is faster, I believe). With ASM not much hex editing is involved (unless you're grabbing a code from someone); the compiler turns the code into a .bin file, which can be opened in a hex editor to copy to another game, or you can just change the file extension to .gba to play the rom in VBA or some other emulator.

Knowing one programming language is bound to help though.

Also, this is hacking, so I'll move that there.

Salanewt

Thanks for explaining it Charon. I know a little bit of HEX because I often use Action Replay, but I did not know about multiplying them or dividing them. Thank you. Oh yes, I saw a video once... They made Yoshi in Super Mario World Flutter Jump after jumping... I would like to be able to copy the data of Golden Sun, and have two Piers (so one can be changed). Anyway, not to ramble on, I thank you again. Also, by multiplying them, do we get Big Endian, or are the Endians not affected by multiplying? Arm7... I will try to get it a version of it, and start practising.

Have a nice day.
:MercurySet:  :MercuryDjinni:  
Oh yeah baby, £ me harder.

Fusion is just a cheap tactic to make weak Adepts stronger.

Yoshi's Lighthouse is a hacking website in progress. Why not check it out if you like Yoshi or the Mario & Luigi games?

Charon

Actually, that only explains how to convert numbers to and from hex.

The important thing to remember with different value bases is that each place value is the base number to whatever power the place value is. For example, the third place value in hex would be 16^2 power, or multiples of 256. Then, the second place value in hex would be 16^1 power, or multiples of 16. The first place value in hex would be 16^0 power, or multiples of 1.

Remember when adding and subtracting in hex that the numbers go up to 15, so when you get 0x9+0x1 it's really 0xA, NOT 0x10.

Actually, all bases (Binary, Oct ect.) work in this fashion. Even decimal, which is base 10, works in this way.

So, if I do another conversion...

0x3A9 = what in Decimal?

3* 256=768.
A=10, so
10*16 = 160.
9*1 = 9.

768 + 160 + 9 = 937, which is 0x3A9 in hex.

Salanewt

This is useful information. Thank you. By editing HEX, it is possible to add things into the game, right? Also, I remember that I had a some practice with a HEX editor for Ocarina of Time, but it also supported translation. Anyway, is there anything when HEX editing that I should not change? I think it is the first few lins, but I am not sure.

Thank you again, and please have a nice day.
:MercurySet:  :MercuryDjinni:
I am getting used to using different emoticons, so using these confused me for a second...

EDIT: Thanks for the quotation from the website.

This post has been edited by Salanewt on Jul 10 2009, 03:44 PM
Oh yeah baby, £ me harder.

Fusion is just a cheap tactic to make weak Adepts stronger.

Yoshi's Lighthouse is a hacking website in progress. Why not check it out if you like Yoshi or the Mario & Luigi games?

Charon

You should never change the first 160 or so bytes in a Rom - those are the same in every single rom and is what makes them work in the GBA. In fact, those bytes are licensed by Nintendo, so when you see a game with the "seal of quality", that means that Nintendo gave the rights to use those bytes in the game to make it work, thus being legal. This is also part of the reason why Rom distribution is illegal - anyone could access those bytes without Nintendo's permission.

Also, when hacking, you should never change anything you don't know what it means. For example, if you stumble along some ASM (and you will) and you don't understand it, then DON'T EDIT IT.

Also, be careful when editing pointers and arguments - putting in the wrong byte can cause the game to crash.

EDIT:

QuoteThe first 192 bytes at 8000000h-80000BFh in ROM are used as cartridge header. The same header is also used for Multiboot images at 2000000h-20000BFh (plus some additional multiboot entries at 20000C0h and up).

Header Overview

  Address Bytes Expl.
  000h    4     ROM Entry Point  (32bit ARM branch opcode, eg. "B rom_start")
  004h    156   Nintendo Logo    (compressed bitmap, required!)
  0A0h    12    Game Title       (uppercase ascii, max 12 characters)
  0ACh    4     Game Code        (uppercase ascii, 4 characters)
  0B0h    2     Maker Code       (uppercase ascii, 2 characters)
  0B2h    1     Fixed value      (must be 96h, required!)
  0B3h    1     Main unit code   (00h for current GBA models)
  0B4h    1     Device type      (usually 00h)
  0B5h    7     Reserved Area    (should be zero filled)
  0BCh    1     Software version (usually 00h)
  0BDh    1     Complement check (header checksum, required!)
  0BEh    2     Reserved Area    (should be zero filled)
  --- Additional Multiboot Header Entries ---
  0C0h    4     RAM Entry Point  (32bit ARM branch opcode, eg. "B ram_start")
  0C4h    1     Boot mode        (init as 00h - BIOS overwrites this value!)
  0C5h    1     Slave ID Number  (init as 00h - BIOS overwrites this value!)
  0C6h    26    Not used         (seems to be unused)
  0E0h    4     JOYBUS Entry Pt. (32bit ARM branch opcode, eg. "B joy_start")

Note: With all entry points, the CPU is initially set into system mode.

000h - Entry Point, 4 Bytes
Space for a single 32bit ARM opcode that redirects to the actual startaddress of the cartridge, this should be usually a "B <start>" instruction.
Note: This entry is ignored by Multiboot slave GBAs (in fact, the entry is then overwritten and redirected to a separate Multiboot Entry Point, as described below).

004h..09Fh - Nintendo Logo, 156 Bytes
Contains the Nintendo logo which is displayed during the boot procedure. Cartridge won't work if this data is missing or modified.
In detail: This area contains Huffman compression data (but excluding the compression header which is hardcoded in the BIOS, so that it'd be probably not possible to hack the GBA by producing de-compression buffer overflows).
A copy of the compression data is stored in the BIOS, the GBA will compare this data and lock-up itself if the BIOS data isn't exactly the same as in the cartridge (or multiboot header). The only exception are the two entries below which are allowed to have variable settings in some bits.

09Ch Bit 2,7 - Debugging Enable
This is part of the above Nintendo Logo area, and must be commonly set to 21h, however, Bit 2 and Bit 7 may be set to other values.
When both bits are set (ie. A5h), the FIQ/Undefined Instruction handler in the BIOS becomes unlocked, the handler then forwards these exceptions to the user handler in cartridge ROM (entry point defined in 80000B4h, see below).
Other bit combinations currently do not seem to have special functions.

09Eh Bit 0,1 - Cartridge Key Number MSBs
This is part of the above Nintendo Logo area, and must be commonly set to F8h, however, Bit 0-1 may be set to other values.
During startup, the BIOS performs some dummy-reads from a stream of pre-defined addresses, even though these reads seem to be meaningless, they might be intended to unlock a read-protection inside of commercial cartridge. There are 16 pre-defined address streams - selected by a 4bit key number - of which the upper two bits are gained from 800009Eh Bit 0-1, and the lower two bits from a checksum across header bytes 09Dh..0B7h (bytewise XORed, divided by 40h).

0A0h - Game Title, Uppercase Ascii, max 12 characters
Space for the game title, padded with 00h (if less than 12 chars).

0ACh - Game Code, Uppercase Ascii, 4 characters
This is the same code as the AGB-UTTD code which is printed on the package and sticker on (commercial) cartridges (excluding the leading "AGB-" part).

  U  Unique Code          (usually "A" or "B" or special meaning)
  TT Short Title          (eg. "PM" for Pac Man)
  D  Destination/Language (usually "J" or "E" or "P" or specific language)

The first character (U) is usually "A" or "B", in detail:

  A  Normal game; Older titles (mainly 2001..2003)
  B  Normal game; Newer titles (2003..)
  C  Normal game; Not used yet, but might be used for even newer titles
  F  Classic NES Series (software emulated NES games)
  K  Yoshi and Koro Koro Puzzle (acceleration sensor)
  P  e-Reader (dot-code scanner)
  R  Warioware Twisted (cartridge with rumble and z-axis gyro sensor)
  U  Boktai 1 and 2 (cartridge with RTC and solar sensor)
  V  Drill Dozer (cartridge with rumble)

The second/third characters (TT) are:

  Usually an abbreviation of the game title (eg. "PM" for "Pac Man") (unless
  that gamecode was already used for another game, then TT is just random)

The fourth character (D) indicates Destination/Language:

  J  Japan             P  Europe/Elsewhere   F  French          S  Spanish
  E  USA/English       D  German             I  Italian


0B0h - Maker code, Uppercase Ascii, 2 characters
Identifies the (commercial) developer. For example, "01"=Nintendo.

0B2h - Fixed value, 1 Byte
Must be 96h.

0B3h - Main unit code, 1 Byte
Identifies the required hardware. Should be 00h for current GBA models.

0B4h - Device type, 1 Byte
Normally, this entry should be zero. With Nintendo's hardware debugger Bit 7 identifies the debugging handlers entry point and size of DACS (Debugging And Communication System) memory: Bit7=0: 9FFC000h/8MBIT DACS, Bit7=1: 9FE2000h/1MBIT DACS. The debugging handler can be enabled in 800009Ch (see above), normal cartridges do not have any memory (nor any mirrors) at these addresses though.

0B5h - Reserved Area, 7 Bytes
Reserved, zero filled.

0BCh - Software version number
Version number of the game. Usually zero.

0BDh - Complement check, 1 Byte
Header checksum, cartridge won't work if incorrect. Calculate as such:
chk=0:for i=0A0h to 0BCh:chk=chk-:next:chk=(chk-19h) and 0FFh

0BEh - Reserved Area, 2 Bytes
Reserved, zero filled.

Below required for Multiboot/slave programs only. For Multiboot, the above 192 bytes are required to be transferred as header-block (loaded to 2000000h-20000BFh), and some additional header-information must be located at the beginning of the actual program/data-block (loaded to 20000C0h and up). This extended header consists of Multiboot Entry point(s) which must be set up correctly, and of two reserved bytes which are overwritten by the boot procedure:

0C0h - Normal/Multiplay mode Entry Point
This entry is used only if the GBA has been booted by using Normal or Multiplay transfer mode (but not by Joybus mode).
Typically deposit a ARM-32bit "B <start>" branch opcode at this location, which is pointing to your actual initialization procedure.

0C4h (BYTE) - Boot mode
The slave GBA download procedure overwrites this byte by a value which is indicating the used multiboot transfer mode.

  Value  Expl.
  01h    Joybus mode
  02h    Normal mode
  03h    Multiplay mode

Typically set this byte to zero by inserting DCB 00h in your source.
Be sure that your uploaded program does not contain important program code or data at this location, or at the ID-byte location below.

0C5h (BYTE) - Slave ID Number
If the GBA has been booted in Normal or Multiplay mode, this byte becomes overwritten by the slave ID number of the local GBA (that'd be always 01h for normal mode).

  Value  Expl.
  01h    Slave #1
  02h    Slave #2
  03h    Slave #3

Typically set this byte to zero by inserting DCB 00h in your source.
When booted in Joybus mode, the value is NOT changed and remains the same as uploaded from the master GBA.

0C6h..0DFh - Not used
Appears to be unused.

0E0h - Joybus mode Entry Point
If the GBA has been booted by using Joybus transfer mode, then the entry point is located at this address rather than at 20000C0h. Either put your initialization procedure directly at this address, or redirect to the actual boot procedure by depositing a "B <start>" opcode here (either one using 32bit ARM code). Or, if you are not intending to support joybus mode (which is probably rarely used), ignore this entry.

Salanewt

Oh, thank you for telling me. Is there any way to find out what something is if you do not know, or is it safer to not even try if you do not know?

Have a nice day.
:MercurySet:  :MercuryDjinni:  
Oh yeah baby, £ me harder.

Fusion is just a cheap tactic to make weak Adepts stronger.

Yoshi's Lighthouse is a hacking website in progress. Why not check it out if you like Yoshi or the Mario & Luigi games?

Charon

Of course, Atrius is an excellent source of information. You can also try GBAtek, but the information is for more experienced hackers, and you may find it very confusing.

Salanewt

Thanks Charon. I will be sure to look through that.

Have a nice day.
:MercurySet:  :MercuryDjinni:  
Oh yeah baby, £ me harder.

Fusion is just a cheap tactic to make weak Adepts stronger.

Yoshi's Lighthouse is a hacking website in progress. Why not check it out if you like Yoshi or the Mario & Luigi games?

Charon

I updated my post above with a quote from GBAtek. That may be able to help you know what not to edit in the beginning of a Rom.

Daddy Poi's Oily Gorillas

thanks for GBAtek link, I'll definitely make sure I look through that in hopes to learn something.
Golden Sun Docs: Broken Seal - The Lost Age - Dark Dawn | Mario Sports Docs: Mario Golf & Mario Tennis | Misc. Docs
Refer to Yoshi's Lighthouse for any M&L hacking needs...

Sometimes I like to compare apples to oranges. (Figuratively) ... They are both fruits, but which one would you eat more? (If taken literally, I'd probably choose apples.)
Maybe it is over-analyzing, but it doesn't mean the information is useless.


The only GS Discord servers with significance are:
Golden Sun Hacking Community
GS Speedrunning
/r/Golden Sun
GS United Nations
Temple of Kraden

Can you believe how small the Golden Sun Community is?

2+2=5 Don't believe me? Those are rounded decimal numbers. Take that, flat earth theorists! :)