11 March 2016 - Forum Rules
Started by Sam123, October 17, 2014, 05:06:22 PM
Quote from: IIMarckus on October 17, 2014, 10:13:42 PMThis has been done before... see here for an example.
QuoteThe fix to this bug is simple, we just have to change the ret nz instruction before the three sla b to a ret z instruction that does exactly the opposite.
QuoteSo we'd just change the cp BURN HEAL to cp MOON STONE, whose constant is 08 (Burn heal's constant is 0A).
Quote from: KingMike on October 18, 2014, 01:31:07 PMPretty simple to make with little understanding of Z80 and an opcode table.http://gamehacking.org/faqs/GameBoy_Z80_Opcode_Map.htmlMaybe I'm looking at a different version, as the addresses seem off. I'm looking at the English Gold version.Looking for certain instructions, check a few around to see if it lines up.LOVE BALLLooking around that area for three SLA Bs (CB 20) in a row. That looks to be $EDAB. Since the instruction right before is the bad one, that means $EDAA should go from $C0 to $C8.EVOLVE ITEMFind the CP 0A. (opcode FE 0A)$ED58: 0A -> 08For the speed one, checking the opcode chart, the bad code starts with INC HL CP #FF. That's opcodes 23 FE FF. That instruction is at $EDCA.Reading the further post, it seems the right fix is to change CP C : JR NZ .next to CP C : JR Z. The bad instruction is B9 20 ?? (?? as that is branch length, we don't know unless we count the length of the skipped opcodes). Looking at the hex, it turns out the instruction is B9 20 0A. 0A is the branch length. 0A is at $EDD1.That means it skips the next 10 bytes after the instruction. Indeed that would put us at the following DEC D (15).We need to go back. The following instruction is a branch length of 0. We go backwards by starting at FF when pointing to the 0A. The CALL instruction should be easy to find (CD ?? ??). Find the CD and then it's one instruction before : 3E 0F. The 3E is at $EDC5. We need to count from the 0A to the 3E.Starting the count at FF with the cursor at 0A, we move back and count down. We get to F3 when pointing to the 3E.Therefore the fix is $EDD1: 0A -> F3.
Quote from: KingMike on October 18, 2014, 01:31:07 PMMaybe I'm looking at a different version, as the addresses seem off. I'm looking at the English Gold version.
Quote from: IIMarckus on October 24, 2014, 02:40:59 AMpatch against crystalWith the disassembly it was as simple as applying this diff.
Page created in 0.034 seconds with 20 queries.