Author
|
Topic: [GBA] Need advice to learn graphic editing (Read 1568 times)
|
lastevil
Guest
|
 |
« Reply #15 on: July 23, 2007, 02:44:44 pm » |
|
That don't really help me :\\ I mean i have very few knowledges about asm and gba architecture. Editing this kind of graphics is really hard for someone like me ^^. Must learn asm. But seems asm is different for each kind of processor. I don't know where to begin. GBA will drive me crazy  |
|
|
|
|
RadioShadow
Guest
|
|
« Reply #16 on: July 23, 2007, 03:10:22 pm » |
|
There is this GBA tool that is really good for editing .png/.bmp images, and then converting them into the correct gba data. Its called 'Usenti' and it may help in changing the 256 colour background images in gba roms. I'll see if I can find the link to the tool. Once I find the link, have a go with it. But it looks like you got to find where the image you plan to edit is stored by ASM hacking which is something I need to learn.  |
|
|
|
|
lastevil
Guest
|
|
« Reply #17 on: July 23, 2007, 03:20:14 pm » |
|
Lol we can create a club ^^ "The ones who must learn asm hacking". Anyway, i look forward for your link.
|
|
|
|
|
|
|
labmaster
Guest
|
|
« Reply #19 on: July 23, 2007, 04:06:20 pm » |
|
There is nothing like that in my log. Should i check only swi logging options? Or another?
About the link to find my title screen with VBA-H, can smeone explain me this line (asm) :
080d0f08 c307 stmia r3!, {r0-r2}
(This is the line directly before the one with breakpoint.)
vba sdl H says > R3 : 040000e0 / R0 : 02002204 / R2 : 84000ED0
(on the text of labmaster, he got something like 080adf3c 6090 str r0, [r2, #0x8] at this moment).
Thx
Once again, this document is where I'm getting my info from. The stmia instruction is a 'multiple store', it stores the values in the register range provided (in this case r0, r1 and r2, in that order) to the address (r3). The destination you have (the value of r3 before the stmia instruction is executed) is 040000d4. Addresses in the 04xxxxxx range map to I/O registers, those particular addresses control the third DMA transfer channel. A DMA transfer is a way of copying blocks of data from one area in memory to another. 40000D4h 4 W DMA3SAD DMA 3 Source Address
40000D8h 4 W DMA3DAD DMA 3 Destination Address
40000DCh 2 W DMA3CNT_L DMA 3 Word Count
40000DEh 2 R/W DMA3CNT_H DMA 3 Control
The stmia wrote to 040000d4, so that means at that point, r0 held the value of the source address, r1 the destination address, and r2 had the word count (0x0ED0) and control flags (0x8400). So, your graphics data is being copied from EWRAM, the value of r0 (02002204). This is a common thing to see - graphics data gets copied into a buffer (could be decompressed), and then DMA'd into VRAM at the next VBlank. Your next step is to determine how the data gets to 02002204, so you'll be wanting to set a write breakpoint on that address. |
|
|
|
|
lastevil
Guest
|
|
« Reply #20 on: July 23, 2007, 05:06:13 pm » |
|
Ok then. After placing a breakcode on 02002204 (and only if i put the breakcode during the spash screen before the titlescreen).
The line immediatly before is :
080d1502 800c strh r4, [r1, #0x0] (with r04 > 0000001e / r01 > 02002204)
If i understand, the opcode strh mean "store 16bit data HALFWORD[Rb+Ro] = Rd" (from your database).
SO for me that say register 02002204 to r04.
If im right, now i have to put another breakpoint on that?
what the hell ^^ im telling non sens x_X useless to place breakcode to the same place x_X
I put another breakpoint on the same adress.
Game runs, show title screen (with the Start i try to locate so picture is already loaded) then debugger came out when i press start on titlescreen.
There is what i got one line up:
080d3798 df0c swi $0c
From the document you gave me :
Bit Expl.
15-8 Opcode
11011111b: SWI nn ;software interrupt
So i guess this SWI has nothing to do with my picture. Should be a thing to wait while the user press start? (?)
Should i remake a try on the first breakcode and see more line up?
|
|
|
|
« Last Edit: July 23, 2007, 05:17:46 pm by lastevil »
|
|
|
|
labmaster
Guest
|
|
« Reply #21 on: July 23, 2007, 05:28:01 pm » |
|
Just to clarify, you want to put the breakpoint on before whatever image you're trying to locate gets shown onto the screen. You're looking for the break that writes the data that eventually ends up in VRAM. When VBA reaches the breakpoint, it'll tell you what the new value of the address is - this should match the value that ends up in VRAM. If the address you've set the breakpoint on has a trivial value (like 0000) such that you can't be sure that you're at the right break, you can always try a different address (e.g. add 4 or whatever), that is still part of the graphics data and thus will be copied/decompressed by the same method.
If you do get a SWI, the section in the document you'll want to look at is 'BIOS Functions'. This tells you what each SWI does - SWI 0x0C is CpuFastSet, which is also used to copy blocks of data around. The parameters for this SWI are in r0-r2.
|
|
|
|
|
lastevil
Guest
|
|
« Reply #22 on: July 23, 2007, 05:37:40 pm » |
|
About last message, if we take the breakpoint before the picture is loaded, then we should consider : 080d1502 strh r4, [r1, #0x0] So if strh do what i think, he register r1+#0x0 in r4 r1 was 02002204. seems to be a nonsense x_X. Another thing i want to point out : There is nothing like that in my log. Should i check only swi logging options? Or another?
About the link to find my title screen with VBA-H, can smeone explain me this line (asm) :
080d0f08 c307 stmia r3!, {r0-r2}
(This is the line directly before the one with breakpoint.)
vba sdl H says > R3 : 040000e0 / R0 : 02002204 / R2 : 84000ED0
(on the text of labmaster, he got something like 080adf3c 6090 str r0, [r2, #0x8] at this moment).
Thx
Once again, this document is where I'm getting my info from. The stmia instruction is a 'multiple store', it stores the values in the register range provided (in this case r0, r1 and r2, in that order) to the address (r3). The destination you have (the value of r3 before the stmia instruction is executed) is 040000d4. Addresses in the 04xxxxxx range map to I/O registers, those particular addresses control the third DMA transfer channel. A DMA transfer is a way of copying blocks of data from one area in memory to another. 40000D4h 4 W DMA3SAD DMA 3 Source Address
40000D8h 4 W DMA3DAD DMA 3 Destination Address
40000DCh 2 W DMA3CNT_L DMA 3 Word Count
40000DEh 2 R/W DMA3CNT_H DMA 3 Control
The stmia wrote to 040000d4, so that means at that point, r0 held the value of the source address, r1 the destination address, and r2 had the word count (0x0ED0) and control flags (0x8400). So, your graphics data is being copied from EWRAM, the value of r0 (02002204). This is a common thing to see - graphics data gets copied into a buffer (could be decompressed), and then DMA'd into VRAM at the next VBlank. Your next step is to determine how the data gets to 02002204, so you'll be wanting to set a write breakpoint on that address. R3 contains 040000e0 and not 040000d4 as you told me in this post. If we look the document it say : 40000E0h - - Not used The only see i think, is maybe i should restart from the beginning with another part of the Start picture. |
|
|
|
|
labmaster
Guest
|
|
« Reply #23 on: July 23, 2007, 05:44:22 pm » |
|
About last message, if we take the breakpoint before the picture is loaded, then we should consider :
080d1502 strh r4, [r1, #0x0]
So if strh do what i think, he register r1+#0x0 in r4
r1 was 02002204. seems to be a nonsense x_X.
The strh stores the 16-bit value in r4 to the address in r1 + 0 (02002204, which is why the breakpoint was triggered). What's the value in r4, and does this match the value that gets transferred to VRAM by the DMA? Another thing i want to point out : There is nothing like that in my log. Should i check only swi logging options? Or another?
About the link to find my title screen with VBA-H, can smeone explain me this line (asm) :
080d0f08 c307 stmia r3!, {r0-r2}
(This is the line directly before the one with breakpoint.)
vba sdl H says > R3 : 040000e0 / R0 : 02002204 / R2 : 84000ED0
(on the text of labmaster, he got something like 080adf3c 6090 str r0, [r2, #0x8] at this moment).
Thx
Once again, this document is where I'm getting my info from. The stmia instruction is a 'multiple store', it stores the values in the register range provided (in this case r0, r1 and r2, in that order) to the address (r3). The destination you have (the value of r3 before the stmia instruction is executed) is 040000d4. Addresses in the 04xxxxxx range map to I/O registers, those particular addresses control the third DMA transfer channel. A DMA transfer is a way of copying blocks of data from one area in memory to another. 40000D4h 4 W DMA3SAD DMA 3 Source Address
40000D8h 4 W DMA3DAD DMA 3 Destination Address
40000DCh 2 W DMA3CNT_L DMA 3 Word Count
40000DEh 2 R/W DMA3CNT_H DMA 3 Control
The stmia wrote to 040000d4, so that means at that point, r0 held the value of the source address, r1 the destination address, and r2 had the word count (0x0ED0) and control flags (0x8400). So, your graphics data is being copied from EWRAM, the value of r0 (02002204). This is a common thing to see - graphics data gets copied into a buffer (could be decompressed), and then DMA'd into VRAM at the next VBlank. Your next step is to determine how the data gets to 02002204, so you'll be wanting to set a write breakpoint on that address. R3 contains 040000e0 and not 040000d4 as you told me in this post. If we look the document it say : 40000E0h - - Not used The only see i think, is maybe i should restart from the beginning with another part of the Start picture. R3 contains 040000e0 because that is the value of r3 -after- the stmia is executed. stmia instructions are a bit different to your average store, as they increment the destination register as it is executed. Just to clarify, exactly which picture are you working on? I'm getting the game now so that I can take a look. |
|
|
|
|
lastevil
Guest
|
|
« Reply #24 on: July 23, 2007, 05:49:15 pm » |
|
Im trying to get the Start you can see in the Title screen. It's not the Titlescreen, just the button to launch the game.
During the breakpoint R4 is set to 00000000
I can give you the others if you need them.
|
|
|
|
« Last Edit: July 23, 2007, 06:05:18 pm by lastevil »
|
|
|
|
labmaster
Guest
|
|
« Reply #25 on: July 23, 2007, 06:22:22 pm » |
|
This is going to be brief since I have class in half an hour  I just got the game, and took a look. The 'start' is a sprite/object, the tile data starts at 06016c00. Because the data at 06016c00 is zeroes, I'm going to be using 06016c10 to do the trace, since this has data that I can recognize. Putting a bpw on 06016c10 gave: Breakpoint (on write) address 06016c10 old:c9c2cfcf new:5446ddce
R00=02005d44 R04=02005d44 R08=02008b38 R12=03006df8
R01=06016c00 R05=00006cf0 R09=03006de0 R13=03006dd0
R02=84000070 R06=03006df8 R10=03006de8 R14=08008ec1
R03=040000e0 R07=02001fb4 R11=00000000 R15=080d0f0c
CPSR=0000003f (......T Mode: 1f)
080d0f0a 4770 bx lr
debugger>
Note, this data gets written right at the start of the game, before even the Natsume logo is shown. The previous instruction is: 080d0f08 c307 stmia r3!, {r0-r2}
Hopefully you should recognize this as another transfer via DMA3. Putting a breakpoint on 02005d54 (I'm using 02005d54, not 02005d44, because 5d54 corresponds to the data which I put my original breakpoint on), gives: Breakpoint (on write) address 02005d54 old:0000 new:ddce
R00=08749930 R04=0000ddce R08=02006bce R12=080d13d4
R01=02005d54 R05=00000000 R09=080d11cb R13=03007a68
R02=e0741b00 R06=0000000e R10=000000ce R14=080d11d1
R03=00000019 R07=03007a74 R11=000003d8 R15=080d13bc
CPSR=0000003f (......T Mode: 1f)
080d13ba 46a2 mov r10, r4
debugger> dt 080d13b0
080d13b0 07cd lsl r5, r1, #0x1f
080d13b2 d402 bmi $080d13ba
080d13b4 0224 lsl r4, r4, #0x08
080d13b6 4454 add r4, r10
080d13b8 800c strh r4, [r1, #0x0]
080d13ba 46a2 mov r10, r4
I'm going to have to leave you there for now (lecture time  ), but worst case scenario this could be some non-standard decompression. |
|
|
|
|
lastevil
Guest
|
|
« Reply #26 on: July 23, 2007, 06:27:59 pm » |
|
Ok thanks for taking time to help me. Here its 1h30 morning. I will read that then i think i will go to my bed Weird thing. Seems our two roms don't give the same answer. <code> debugger> bpw 06016c10 1 Added break on write at 06016c10 for 1 bytes debugger> c Breakpoint (on write) address 06016c10 old:00000000 new:c9c2cfcf R00=02002204 R04=02002204 R08=00780000 R12=03006df8 R01=06013b40 R05=00000000 R09=03006de0 R13=03006dd0 R02=84000ed0 R06=03006df8 R10=03006de8 R14=08008ec1 R03=040000e0 R07=02001fb4 R11=00000000 R15=080d0f0c CPSR=0000003f (......T Mode: 1f) 080d0f0a 4770 bx lr </code> We end on the same adresse but look r0. While you got 02005d44, i have 02002204. My rom have a Team Spash screen. I dont know if it can change something. I think not. R5 R2 R1are also different values. I think we must use the same rom or it could be problematic . I will make an upload and send you a link by MP. If needed, i can find you the asm routin added to the game. |
|
|
|
« Last Edit: July 23, 2007, 06:40:41 pm by lastevil »
|
|
|
|
RadioShadow
Guest
|
|
« Reply #27 on: July 24, 2007, 02:15:17 pm » |
|
My rom have a Team Spash screen. I dont know if it can change something. I think not.
Can you take a screenshot of this 'Team Splash' screen? I think you may have a rom which has had a hacked intro added. The one I got doesn't have it. Hacked intros are what idiot rom dumpers like to add to advertise they dumped it. This means some roms will have it and some won't. This problem happens with Advance Wars 2 and a IPS has to be applied to get rid of it otherwise hacks just corrupt the rom. You best bet is to download the rom from another site. Ever that, or labmaster or you are using the US version. |
|
|
|
|
lastevil
Guest
|
|
« Reply #28 on: July 24, 2007, 03:24:05 pm » |
|
Im the one who should be called an idiot sicne im the one who have added a spash screen in order to learn new things. BTW, it's not really hard to ged rid of it if needed.
Main reason for what i have done this will seems a little odd lol. Before knowing labmaster and this forum, I was already trying to look for a method to locate title screen. It's why I added one more. The fact is this hasen't helped me to learn how to find mode4 picture in a rom...
|
|
|
|
|
labmaster
Guest
|
|
« Reply #29 on: July 24, 2007, 04:42:24 pm » |
|
The splash screen shouldn't be changing anything in the original ROM, and we've definitely got the same version. Note, this data gets written right at the start of the game, before even the Natsume logo is shown.
I don't know why I said this. It's blatantly untrue >_<. The thing is 06016C10 gets written to twice, once the Natsume logo dissolves. The first write is the one that you're getting. However, this isn't the right place - note that the new value is 'c9c2cfcf'. If you look at 06016c10 with a memory editor whilst the 'start' text is showing, you'll see that the value is '5446ddce'. This is what happens the second time it breaks. |
|
|
|
|
|
