News: 11 March 2016 - Forum Rules

Author Topic: GBA - breakpoint on changing RAM address?  (Read 3141 times)

PRIZZA

  • Jr. Member
  • **
  • Posts: 23
    • View Profile
    • Aeon Rivals
GBA - breakpoint on changing RAM address?
« on: January 14, 2014, 02:24:31 am »
Sorry for this flurry of posts.



I'm tracing a GBA rom and I wanted to change how much damage a particular attack does. I found the attack damage value. I highlighted in pink the value; the value is taken from an address in the sp (030007DB4) and it deals 2 damage. How do I find what modifies 030007DB4? I can't set a break on it because it constantly changes in RAM.

FAST6191

  • Hero Member
  • *****
  • Posts: 3244
    • View Profile
Re: GBA - breakpoint on changing RAM address?
« Reply #1 on: January 14, 2014, 07:36:23 am »
no$gba then.

I am not quite sure what stage you are at and if it has caused you to ask an odd question.

Are you thinking this is a dynamically allocated memory address (usually referred to as pointer codes when making cheats) used to hold values?
Do you mean you have a value that changes all the time as part of normal gameplay anyway but you do not want to be pressing next every 2 seconds?
Alternatively it sounds like you might have only half traced it or missed out on the actual trace and found the variable sitting there waiting to be used but got interrupted along the way.

For the first it sounds like just a single pointer which is stored in the end of the WRAM (the game's stack pointer is at 030007DB4 you say? Such a location would be fairly in line with standard practice). It looks like you are in thumb mode there so it should be the stack pointer (ARM mode can have it as a general register).

For the latter.... if it changes radically (alternates between 00 and 01 but goes to 02 when damage calculation) then you can set a conditional breakpoint for the location. Alternatively.... nobody said assembly hacking was glamorous, you might well have to press advance several dozen times.

Otherwise yeah you are almost there, you might have just found the variable between it being loaded/generated and it being used if it got pushed to allow the game to do something.

PRIZZA

  • Jr. Member
  • **
  • Posts: 23
    • View Profile
    • Aeon Rivals
Re: GBA - breakpoint on changing RAM address?
« Reply #2 on: January 14, 2014, 09:45:33 am »
In the instructions on the left, the following happens: ldr r0[sp,0x4] loads the stack pointer with an address to the 32bit value I want to change (030007DB4). The next set of instructions load in the enemies health (r0) and subtracts r1 (attack damage) from it. From other tests I've done it looks like it's using the value from r7.

When I do anything like trying to set a break on [030007DB4] it causes the debugger to break constantly, not allowing any time for me to input controls before tracing.

Maybe someone knows a better approach? I'm just just in the dark.  :-\

EDIT: So I just kept following function calls and I eventually found where the game calls the function. After a bit on tinkering I can find where the value is stored for each attack. It's in the format mov r0,0xY, where "Y" is the amount of damage (byte).

I found some really interesting information on how the attacks work, including how much each attack does and how the collision of each attack works. Did you know a falling stone attack does more damage than a direct hit from missile?  :crazy:
« Last Edit: January 16, 2014, 10:29:37 pm by PRIZZA »