News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Help with "DTE - you can do it, we can help"  (Read 3608 times)

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Help with "DTE - you can do it, we can help"
« on: January 21, 2020, 05:12:14 pm »
Hey there. I'm using this guide from here called "DTE - you can do it, we can help" to try and get into ASM.

I'm not positive, but with the game I'm using, DBZ II for Famicom, I legitimately believe there's no free space in the bank where I can put the ASM.

Funnily enough, there's a table of names that can be used from the dictionary, like F9 = Freeza or something. But I see no other space that's free. I put the jumping code in there and some of the game will still work until it tries to read something from the dictionary (which makes sense).

If I at least wanted to play around, is there a good method for this?

I determined the original text routine to start @ 03E6DC
Text routine replaced by jump to area (step 4 of the guide):


Example of ending the previous entry at 1 character and adding my "original text routine code + a jump back":


The above example works until I go into the item menu or certain other screens, like selecting a card (which usually leads to a battle).

Here's the only space I could find in the bank (of either 00 or FF):


The game doesn't crash like this, but it will behave oddly sometimes in that sentences don't stop where they're supposed to.

At any rate, what direction should I go in to work this? I'm assuming those aren't enough 00s, so maybe I need to find a way to get rid of that dictionary that exists? But I don't know how to do it without breaking the game.

Edit: I moved along and found a potentially free byte in RAM and used the EE, high byte, low byte at the end of my dte hack and readded the 60 at the end to jump back. So far no issues with that, at least.
« Last Edit: January 21, 2020, 05:25:16 pm by Gyroballer »

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #1 on: January 21, 2020, 06:14:26 pm »
Quote
I legitimately believe there's no free space in the bank where I can put the ASM.



You were saying?

Also, your F0 + D8 bytes are most likely what is causing troubles. Do you know what code you are actually writting with them?
« Last Edit: January 21, 2020, 06:22:34 pm by Cyneprepou4uk »
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #2 on: January 21, 2020, 06:31:54 pm »
You were saying?

Also, your F0 + D8 bytes are most likely what is causing troubles. Do you know what code you are actually writting with them?

This is present in my rom:


But if that wasn't in the original Japanese version, maybe I can do without the stuff here and figure out a better place for it after the DTE.

It's the original text routine stuff that I overwrote. Following the guide, it says to write 20, then the memory address, then EA as a NOP. Then you go to where it pointed and you write the first four bytes of the text routine that you overwrote with 20xxxxEA and then 60 to return. A later piece of info in the guide told me to add EE+xxxx and EA for an always blank/free space in memory, so I put that between the 60 and the end of the rerouted original function.

Code: [Select]
B15AF0D8EE4040E860B15AF0D8 is the part I had to overwrite with 20B4E1EA so that I could work @ E1B4 on the DTE routine, but it's still currently the text routine, so at E1B4, I have to write B15AF0D8 before anything else.

Edit: Using that space you declared (in the Japanese rom, not my translation) gives me similar results as to when I was previously writing within that dictionary. The game freezes when selecting a card or item.

(Presumably due to this quoted text from the guide: "If the game uses it, cartridge RAM is usually $6000-7FFF. But some cartridge mappers can disable it. So avoid using it if you can.")
« Last Edit: January 21, 2020, 07:41:38 pm by Gyroballer »

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #3 on: January 21, 2020, 08:27:12 pm »
Quote
It's the original text routine stuff that I overwrote. Following the guide, it says to write 20, then the memory address, then EA as a NOP. Then you go to where it pointed and you write the first four bytes of the text routine that you overwrote with 20xxxxEA and then 60 to return

Well, basically it's true. But only basically. You should be aware of where you're trying to insert your JSR instruction. You've chosen wrong instructions to be transfered to another area. One of those 2 instructions is a branch (BEQ) to a nearby area. Since previous "nearby area" is different from the one you've put it into, code breaks coz it branches to wrong place.
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

pirate_sephiroth

  • Jr. Member
  • **
  • Posts: 14
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #4 on: January 22, 2020, 07:10:41 am »
you should be looking at a disassembler to understand what you're doing

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #5 on: January 23, 2020, 08:11:42 am »
I'm using FCEUX which has a debugger that shows all the hex (whether data or code) as potential 6502 ASM.

I've done assembly projects in college. My job is programming.

It's obviously not helpful to just say I need to "understand what you're doing".

I'm clearly trying and getting limited help. I hesitate to believe that anyone got good at this by not asking for help, but every time I try on here, it's like I'm reaching for the void or something.

I'd probably pay money to get a legitimate tutoring session on how this stuff is supposed to work, but it's been obtuse to me for a decade or so.

Just reading 6502 documentation tells me some basic info that I already sort of understand. LDA means load to accumulator meaning the value on the right side, whether it's a literal value or an address to go look for the value, is put into the accumulator register, kinda similar to a modern day variable.

JSR jumps to a sub routine, just like calling a modern day function inside of another function.

Here in hex, 60 is moving back to the original function that did a jump.

I'm not stupid or inept completely, but I need a real push from a helpful hand (clearly a bunch of people here have done ASM hacks on NES games), but I feel like I'm getting the bootstraps lecture more than cooperation.

Sorry for the rant and sorry if this offends anyone, but I'm sincerely struggling and try sincerely hard at solving these problems and reading a bunch of documentation and always giving up and trying "an even easier ASM hack" or an even lower hanging fruit and having real trouble, but rarely any real assistance.

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #6 on: January 23, 2020, 08:16:37 am »
Let's get started then. Show me a screenshot of the code that you're trying to edit.
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #7 on: January 23, 2020, 08:49:08 am »
Let's get started then. Show me a screenshot of the code that you're trying to edit.

First of all, thank you for what you already did above, but also offering to help within minutes. Unfortunately, I gotta head to work in 15 minutes or so and will be there for about 8 hours.

The screenshots above are what I was trying to edit. I understand, to an extent, what you meant when you said "Since previous "nearby area" is different from the one you've put it into, code breaks coz it branches to wrong place".

Does this mean I'm in the wrong bank? Or I used the wrong jump back command? Or something else entirely?

I'm using a tutorial that was intended for Ys III, but I felt there's no point in both me reinventing the wheel on Ys III and on painting by numbers. I was trying to do the hard work of making something similar work in DBZ II.

And I'm trying DTE because it's, according to RedComet and possibly King Mike (the tutorial-maker in this case), it's supposed to be an easier ASM hack than most.

What I really want to eventually accomplish is writing to the dakuten/handakuten line (so that I effectively get double screen space -- as opposed to double PRG/ROM space with DTE), which RedComet provided his source code for DBZ I and DBZ III. The RAM addresses for where it writes characters to go to PPU match DBZ III pretty much, and the routine for DBZ I is closer to solving the issue.

(To be clear, if I get double screen space, it's probable that I'd need extra ROM space, too, but I was getting decent mileage with some pointer maneuvering and many, many ligatures -- I could use less if I had more screen space (although then I need a tiny bit more ROM space, right?)

The main issue I had with that was that I was just using his dbz1 handakuten hack even though maybe like 20% of the hack relies on a rewritten text routine and referencing it correctly.

Again, thank you very much for offering to help.

Edit: I can add screenshots of any and all of this after work, if that's reasonable.

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #8 on: January 23, 2020, 09:02:54 am »
Despite I can read code by looking at bytes, anyone would prefer reading it by looking at instructions in debugger. So I'll explain it afterwards when you post it.

You're gonna need a screenshot of the original unmodified code, and a screenshot of the subroutine to where you transfer instructions and add 60 (RTS) in the end.
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #9 on: January 23, 2020, 11:47:26 pm »
Despite I can read code by looking at bytes, anyone would prefer reading it by looking at instructions in debugger. So I'll explain it afterwards when you post it.

You're gonna need a screenshot of the original unmodified code, and a screenshot of the subroutine to where you transfer instructions and add 60 (RTS) in the end.
Sorry for the long wait.

Original:


Modified (2 screenshots) - (First is the original code displaced):



Example of glitch where it goes beyond the text:

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #10 on: January 24, 2020, 12:33:54 am »
Check out where BEQ instruction branches in original and in your code. Look at the address next to it. Disable ROM offsets checkmark.

You can add an execute breakpoint with condition Z==#01 for the address at the left from BEQ to see how does it screws up your plans in "creating a subroutine while leaving everything intact".

I took a quick look at the manual you've mentioned earlier. That dude made a JSR on top of the LDY + LDA instructions. Don't know why you didn't follow his example.
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #11 on: January 24, 2020, 03:12:11 pm »
Check out where BEQ instruction branches in original and in your code. Look at the address next to it. Disable ROM offsets checkmark.

You can add an execute breakpoint with condition Z==#01 for the address at the left from BEQ to see how does it screws up your plans in "creating a subroutine while leaving everything intact".

I took a quick look at the manual you've mentioned earlier. That dude made a JSR on top of the LDY + LDA instructions. Don't know why you didn't follow his example.

What do you mean by "the address at the left from BEQ"?

Edit: Also, I didn't forget the JSR, I'm pretty sure. Go back to my post before this and look at the third picture (where nothing's highlighted).

@ 0x03E6DC You'll see 20 B4E1 EA --> JSR to E1B4 in RAM and NOP (EA)

Btw, this is how far I got, and I may have misread, but I think I was following everything he said to do that wasn't greyed out (which he said was deprecated info).
Part of the manual I got to:
« Last Edit: January 24, 2020, 03:17:27 pm by Gyroballer »

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #12 on: January 24, 2020, 03:16:56 pm »
"the address at the left from BEQ" means the address at the left from BEQ



I never said you forgot JSR.
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #13 on: January 24, 2020, 03:22:10 pm »
"the address at the left from BEQ" means the address at the left from BEQ



I never said you forgot JSR.

Checking the BEQ will probably have to wait until I get home so I can use all the necessary programs and be at my own PC, etc.

For the JSR, you did say this though "That dude made a JSR on top of the LDY + LDA instructions. Don't know why you didn't follow his example."

I'm not sure what I messed up with JSR compared to his example. I saw him overwrite the first 4 bytes of the text-writing routine that he found via debugger with 20 address EA. I did the same thing, as far as I can tell.

If it's something he does later, then of course I haven't gotten that far yet because he said play the game and make sure nothing's broken, but stuff is broken.

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #14 on: January 24, 2020, 03:29:20 pm »
He said "We should trying to overwrite LDY #$00 and LDA ($9B),Y"



And this is what you overwtore


iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with \"DTE - you can do it, we can help\"
« Reply #15 on: January 24, 2020, 03:32:17 pm »
Wow, so I'm just bad at reading  :laugh:

I bet if I fix that, things will slide into place and the BEQ thing might not even be an issue (but of course I'll try to understand the context of it, regardless).

Thanks for being patient with me, or at least answering me. I sincerely appreciate your help since I'm becoming able to understand what's going on better with ASM.

Edit: Like magic, that fixed it. I don't know why I was so sure I needed to start at the LDA instead of the LDY.
Having said that, I'm working with like six 00 bytes and I still am not sure where to find more, but I'll mess with RAM and message back. Thanks!

January 24, 2020, 05:16:26 pm - (Auto Merged - Double Posts are not allowed before 7 days.)
Is there any reason this wouldn't work? It's code to check if the letter "o" came in, and if it did, change it to "p". Either way, just RTS like normal.

Code: [Select]
0F:FF31: A4 55     LDY $55 = #$4A
0F:FF33: B1 5A     LDA ($5A),Y @ $B2D8 = #$00
0F:FF35: C9 2C     CMP #$2C
0F:FF37: D0 02     BNE $FF3B
0F:FF39: A9 2D     LDA #$2D
0F:FF3B: 60        RTS -----------------------------------------

I've seen this portion:
0F:FF33: B1 5A     LDA ($5A),Y @ $B2D8 = #$00
where it's equal to #$2C, so it should go to the LDA #$2D, but I think it's like too late or something. I see the #$2C maybe 6 or more characters before it's really printed on the screen, and if I "Step Into" it, it goes through the motions and doesn't skip the LDA #$2D, but it's like it doesn't change the outcome.
« Last Edit: January 24, 2020, 05:27:23 pm by Gyroballer »

Cyneprepou4uk

  • Sr. Member
  • ****
  • Posts: 329
  • I am the baldest romhacker
    • View Profile
Re: Help with "DTE - you can do it, we can help"
« Reply #16 on: January 24, 2020, 06:41:10 pm »
In order to change something, this value needs to be written somewhere.

Original code does some checks on value from ($5A),Y, and depending on results it goes further in 1 of 3 directions - $E6A8, $E6EA or $E6D4. Either way this value from A isn't going to be written anywhere in any of these 3 routes, the game will overwrite A with another value.

So changing it from 2C to 2D in that particular place isn't doing anything useful.
« Last Edit: January 24, 2020, 06:47:25 pm by Cyneprepou4uk »
iromhacker.ru - NES ROM hacking tutorials for beginners. Please use Google Translate browser extension

PhOeNiX

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
Re: Help with \"DTE - you can do it, we can help\"
« Reply #17 on: February 13, 2020, 04:17:08 pm »
I'm working with like six 00 bytes and I still am not sure where to find more, but I'll mess with RAM and message back. Thanks!
One option is to extract some text from the game, compress it with your DTEs before even writing down your DTE routine, and putting it back into the ROM. The remaining space after/before the new compressed text should be enough to implement your routine in the ROM.

Gyroballer

  • RHDN Patreon Supporter!
  • Jr. Member
  • *****
  • Posts: 36
    • View Profile
Re: Help with \"DTE - you can do it, we can help\"
« Reply #18 on: February 16, 2020, 03:57:26 pm »
One option is to extract some text from the game, compress it with your DTEs before even writing down your DTE routine, and putting it back into the ROM. The remaining space after/before the new compressed text should be enough to implement your routine in the ROM.

That's a really ingenious idea. Thanks for the tip!