Romhacking.net

Romhacking => ROM Hacking Discussion => Topic started by: YukiNa on April 15, 2021, 08:22:26 am

Title: How to spot RAM Value equivalent in the ROM ?
Post by: YukiNa on April 15, 2021, 08:22:26 am
Hello,I started my very first modification for a Gameboy Advance game, Driver 2 Advance, last January.

I learned the basics of rom modification by doing so, like the ROM being something injected into the RAM, which I played with a lot first, so I could modify many things already in the game (textures, sprites, even raycaster blocks), and I then found the same things in the ROM so I could overwrite it with a Hex editor.

I could modify the camera's position height in the RAM... yet I haven't found the corresponding value(s) in the ROM. Someone told me to use the Tracer of the no$gba emulator, but I have no idea how to use it. So how could I see the ROM adresses of something I'm modifying myself in real time in the RAM ?
Title: Re: How to spot RAM Value equivalent in the ROM ?
Post by: FAST6191 on April 16, 2021, 07:44:15 am
That is an odd way of setting about things. Certainly I will try to find basic text, graphics, palettes and maybe stats tables in RAM and then try to search the ROM for those but it is a limited technique -- compression and anything the game alters to use it during running being things that will trip you up somewhat there. Also often quite a tedious way to go about things when you have things like relative search for text, compression searching, and simply opening the ROM up in a tile editor and pressing page down a lot.

Beyond that the ROM is usually the ROM and the RAM is things that the game devs could not have stored in the ROM like the particular unique aspects of your run of the game.


Anyway two approaches.
If you have a value in RAM and simply want to hold it at a given location there are tools that can hardpatch a cheat (a cheat being little more than a RAM address you force to be something else) into the ROM for you.
https://gbatemp.net/threads/gba-auto-trainer-maker-gbaatm.99334/ and a new fork called GBAATM-rebirth (can be found in later posts in that thread) being where most start.
Do have limited conditional support https://gamehacking.org/wiki/Hacking_Game_Boy_Advance as well if you just want it to be higher in specific cases.


After that then yeah you have to look for the code in the ROM that changes the camera height in RAM. Tracing is how you do that
I usually link https://www.romhacking.net/documents/361/ as a basic guide to tracing. It uses the older vba-sdl-h emulator rather than no$gba but if you can follow along with that in no$gba you have enough to be getting started with.
http://problemkaputt.de/gbatek-breakpoints.htm has some usage for no$gba debugger (though check the whole chapter).
Presumably then you would set a break on write to the location you found in RAM and run the game. When it next alters that value the emulator will pause, say this opcode altered this value and thus you have a start. Now usually in these situations the last opcode to alter something is a simple RAM write and you are more interested in everything that came before (though if you are just needing a simple value then altering this memory write to force your own chosen value in there is a good way of hardcoding a cheat) and the debugger should tell you the last few instructions entered.
http://www.romhacking.net/forum/index.php/topic,14708.0.html has a few other examples of things too, though more for the DS (same general principles though).
For the basics of assembly we had a thread the other day
http://www.romhacking.net/forum/index.php?topic=32527
http://www.coranac.com/tonc/text/asm.htm is also good stuff.
Title: Re: How to spot RAM Value equivalent in the ROM ?
Post by: MysticLord on April 17, 2021, 12:27:12 am
This thread is similar to what you have in mind.
https://www.romhacking.net/forum/index.php?topic=32612

My recommendation is you take maybe 16 bytes from where you found the camera position, and search for them in the ROM. This is very simple, easy, and fast and IMO should be the first thing you try before you attempt the more involved methods... unless your goal is to completely understand a routine, in which case you should do what Fast6191 says.
Title: Re: How to spot RAM Value equivalent in the ROM ?
Post by: YukiNa on April 17, 2021, 06:12:54 am
Thanks FAST6191 for the consequent documentation and explanation. I'll try the auto-trainer thing, get VBA-SDL-H and follow the tutorial you sent me. Ohterwise, yes, playing with the Memory viewer was a long process, but it was so fun breaking the game to see what could be modified.

@MysticLord : I think hard-coding the RAM value cheat code is not a clean way to do it... The height - and I forgot to mention the distance from the character - values are only 2 bits each, next to 6 unused (null / 0) bits in the RAM - yet I think it's set quite differently in the ROM, being much more condensed and having less null values.


EDIT : I finally found the values I needed by using my Hex editing software and searching the values I already found in the RAM by using the "Find Next" option, and modifying in real-time with VBA to see what's being modified - as MysticLord suggested. As I imagined the values were at the start of the ROM since I like to imagine the Hex values as the code written by the developpers, hence the values had to be by the start of the code.

I tried to use VBA-SDL-H and no$gba's Breakpoint things but I'm still unsure of how it work. On VBA-SDL-H, even when I defined a Breakpoint in the console, I got no Breakpoint values by returning in the game and back into the console. On no$gba, the values indicated by clicking "Trace" multiple times are just about other things like "3D" Sprites offsets.

There's something more complex I would like to modify in the game but it would require a whole other topic (displaying the game in full screen / modifying how the raycaster tiles are drawn).
Title: Re: How to spot RAM Value equivalent in the ROM ?
Post by: MysticLord on April 19, 2021, 07:15:56 am
Not quite related to what you're doing, but if you ever need to find a table - like, item data or something - and you know both the order of the table entries (item order, like bronze sword, iron sword, steel sword, etc) and the values of two attributes of each entry (attack power, perhaps), then you can use wildcards and XVI32 to find the table.

Let's say bronze sword has 24 attack power, iron sword has 27 attack power, steel sword has 30 attack power, and they are adjacent to each other. Simply count occurrences for 27 and 30 in hexadecimal (1b 1e), check to see if they are preceded by 24 in hexadecimal (18), and if none of the occurrences match then add a wildcard character between them and repeat the process.

You can find a table in like 15 minutes that normally takes a few hours of code tracing, assuming the values don't have use the higher bits of your chosen byte for bit flags or it's not signed.
Title: Re: How to spot RAM Value equivalent in the ROM ?
Post by: phonymike on April 20, 2021, 02:48:02 am
Hi. I made a tutorial on how to find GBA pointers using no$gba, but the tutorial will work for locating any data in ROM from RAM addresses as well.

I made the post here (https://www.romhacking.net/forum/index.php?topic=31881.0), or you can download the tutorial directly here (https://phonymike.com/RHDN/Finding_GBA_pointers_draft_1.zip).

Start at step 8 and enter your RAM address instead of ROM address 946CCBE. Your RAM address should start with a 2 or 3 (20xxxxx external WRAM or 300xxxx internal WRAM), while ROM addresses are anything higher than 8000000. Let me know if it works.