Help with DS reverseing

Discussion of development of software for any "obsolete" computer or video game system. See the WSdev wiki and ObscureDev wiki for more information on certain platforms.
Post Reply
Oziphantom
Posts: 1565
Joined: Tue Feb 07, 2017 2:03 am

Help with DS reverseing

Post by Oziphantom »

effect.BMP
effect.BMP (288.05 KiB) Viewed 9981 times
So I'm trying to find the code that does the fancy reveal effect on the top screen.. but I can't work out how it is done.
Nothing in sprites or the Backgrounds. there is no HBlank IRQ set that I can see, so it not changing the window "HDMA" style..
Its on Engine B so its not using the "3D" engine as that is being used on the bottom screen...

any ideas on what I can detect?
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: Help with DS reverseing

Post by tepples »

Even if it doesn't set any IRQ, does it set one of the DMA channels to move the window?
Shonumi
Posts: 342
Joined: Sun Jan 26, 2014 9:31 am

Re: Help with DS reverseing

Post by Shonumi »

Initially, I suspected something like using HDMA to manipulate one of the Windows per-scanline, and just adjust the brightness for all affected backgrounds. Apparently that's not the case. On Engine B (top-screen in this case), the game is actually alpha blending a pure-black background (BG2) on top of the other two layers (battle background and UI elements) and OBJs. As for how it makes those staggered lines, some of the pixels in some of the tiles that make up BG2 are in fact transparent (using Color 0 of the palette) instead of black. So, the staggering is essentially pre-rendered at the edges of the background. This way, HDMA and interrupts are unnecessary; all the game has to do is pan BG2 from left to right until it goes offscreen, which can be done in VBlank.

Basically, the game is pasting a semi-transparent layer on-top of the screen with some fancy lines already cutout. Overall, a simple (and rather direct) approach to this kind of effect. The NDS has the backgrounds and VRAM to spare for this sort of thing, so it's neat to see that they didn't try anything too tricky.
Shonumi
Posts: 342
Joined: Sun Jan 26, 2014 9:31 am

Re: Help with DS reverseing

Post by Shonumi »

One more note that just occurred to me, BG2 is also an affine-transformed (scale/rotation) layer. I believe this game only changes one affine parameter (Parameter A, also known as "dx"). Basically it stretches it across the X-axis. This seems intended to make the transparent gaps longer than they'd normally be without any scaling.
Oziphantom
Posts: 1565
Joined: Tue Feb 07, 2017 2:03 am

Re: Help with DS reverseing

Post by Oziphantom »

indeed it does, I was looking at the text mode registers not the affine registers XD

Sadly the code the modifies them is thrice removed and it seems the code that holds the data for the transforms is newed from a bucket.. which makes finding the code that sets up said operations tricky..

are there any tools that actually work on NDS, radare claims to but I was getting garbage out of it.. a see quite a few other reverse engineer tools that have GBA support but not NDS support.. made worse is the code I'm tracking is in the ITCM which won't show in said tools as its not in ROM space...
Shonumi
Posts: 342
Joined: Sun Jan 26, 2014 9:31 am

Re: Help with DS reverseing

Post by Shonumi »

are there any tools that actually work on NDS, radare claims to but I was getting garbage out of it.. a see quite a few other reverse engineer tools that have GBA support but not NDS support..
no$gba is the best tool I've used for NDS debugging. I can't think of anything else that even comes close. If you're trying to track down where the code comes from, I'd attempt to set a write breakpoint for one of the instructions in ITCM. Either trap all writes, or wait for a specific byte to change to a specific value, and you should find what the NDS does to put that code in ITCM in the first place (manual copy loop, DMA, SWI, etc).
Oziphantom
Posts: 1565
Joined: Tue Feb 07, 2017 2:03 am

Re: Help with DS reverseing

Post by Oziphantom »

Indeed, just for this kind of work I feel having something that lets me look around the code base, and breaks up functions, understands param passing etc would really help. As basically I'm looking for "code sets 1 bit somewhere" this then causes the screen transition to happen.. this goes through a lot of other code twice removed.. might even be Arm 7 -> 9 as the game might be using the GBA core and still be on the 7 etc On the SNES I would have found the bool in an hour XD So far I've been able to get by with just "writing lua scripts that look for special settings in the registers" but its a hacky solution that has "false positives".

Trying to find the durability values is also proving difficult, it seems as if it new's the weapon again to make it one less, either that or DSemus cheat search is broken, I should try in No$GBA...

Also if the Save states worked that would really help.. they sometimes work in the same session, but never across sessions..
Oziphantom
Posts: 1565
Joined: Tue Feb 07, 2017 2:03 am

Re: Help with DS reverseing

Post by Oziphantom »

Is there any way to search ram in No$GBA, I can use DSemu to find an address but because the game dynamically allocs everything the address doesn't mean anything when I run it in No$GBA.
Being able to search the snapshots would do, but there doesn't seem to be any docs on its format, and its a 2MB file for a machine that has 4MB of RAM.. so I guess it has compression in it...
Post Reply