Help with DS reverseing
-
- Posts: 1565
- Joined: Tue Feb 07, 2017 2:03 am
Help with DS reverseing
Nothing in sprites or the Backgrounds. there is no HBlank IRQ set that I can see, so it not changing the window "HDMA" style..
Its on Engine B so its not using the "3D" engine as that is being used on the bottom screen...
any ideas on what I can detect?
Re: Help with DS reverseing
Even if it doesn't set any IRQ, does it set one of the DMA channels to move the window?
Re: Help with DS reverseing
Initially, I suspected something like using HDMA to manipulate one of the Windows per-scanline, and just adjust the brightness for all affected backgrounds. Apparently that's not the case. On Engine B (top-screen in this case), the game is actually alpha blending a pure-black background (BG2) on top of the other two layers (battle background and UI elements) and OBJs. As for how it makes those staggered lines, some of the pixels in some of the tiles that make up BG2 are in fact transparent (using Color 0 of the palette) instead of black. So, the staggering is essentially pre-rendered at the edges of the background. This way, HDMA and interrupts are unnecessary; all the game has to do is pan BG2 from left to right until it goes offscreen, which can be done in VBlank.
Basically, the game is pasting a semi-transparent layer on-top of the screen with some fancy lines already cutout. Overall, a simple (and rather direct) approach to this kind of effect. The NDS has the backgrounds and VRAM to spare for this sort of thing, so it's neat to see that they didn't try anything too tricky.
Basically, the game is pasting a semi-transparent layer on-top of the screen with some fancy lines already cutout. Overall, a simple (and rather direct) approach to this kind of effect. The NDS has the backgrounds and VRAM to spare for this sort of thing, so it's neat to see that they didn't try anything too tricky.
Re: Help with DS reverseing
One more note that just occurred to me, BG2 is also an affine-transformed (scale/rotation) layer. I believe this game only changes one affine parameter (Parameter A, also known as "dx"). Basically it stretches it across the X-axis. This seems intended to make the transparent gaps longer than they'd normally be without any scaling.
-
- Posts: 1565
- Joined: Tue Feb 07, 2017 2:03 am
Re: Help with DS reverseing
indeed it does, I was looking at the text mode registers not the affine registers XD
Sadly the code the modifies them is thrice removed and it seems the code that holds the data for the transforms is newed from a bucket.. which makes finding the code that sets up said operations tricky..
are there any tools that actually work on NDS, radare claims to but I was getting garbage out of it.. a see quite a few other reverse engineer tools that have GBA support but not NDS support.. made worse is the code I'm tracking is in the ITCM which won't show in said tools as its not in ROM space...
Sadly the code the modifies them is thrice removed and it seems the code that holds the data for the transforms is newed from a bucket.. which makes finding the code that sets up said operations tricky..
are there any tools that actually work on NDS, radare claims to but I was getting garbage out of it.. a see quite a few other reverse engineer tools that have GBA support but not NDS support.. made worse is the code I'm tracking is in the ITCM which won't show in said tools as its not in ROM space...
Re: Help with DS reverseing
no$gba is the best tool I've used for NDS debugging. I can't think of anything else that even comes close. If you're trying to track down where the code comes from, I'd attempt to set a write breakpoint for one of the instructions in ITCM. Either trap all writes, or wait for a specific byte to change to a specific value, and you should find what the NDS does to put that code in ITCM in the first place (manual copy loop, DMA, SWI, etc).are there any tools that actually work on NDS, radare claims to but I was getting garbage out of it.. a see quite a few other reverse engineer tools that have GBA support but not NDS support..
-
- Posts: 1565
- Joined: Tue Feb 07, 2017 2:03 am
Re: Help with DS reverseing
Indeed, just for this kind of work I feel having something that lets me look around the code base, and breaks up functions, understands param passing etc would really help. As basically I'm looking for "code sets 1 bit somewhere" this then causes the screen transition to happen.. this goes through a lot of other code twice removed.. might even be Arm 7 -> 9 as the game might be using the GBA core and still be on the 7 etc On the SNES I would have found the bool in an hour XD So far I've been able to get by with just "writing lua scripts that look for special settings in the registers" but its a hacky solution that has "false positives".
Trying to find the durability values is also proving difficult, it seems as if it new's the weapon again to make it one less, either that or DSemus cheat search is broken, I should try in No$GBA...
Also if the Save states worked that would really help.. they sometimes work in the same session, but never across sessions..
Trying to find the durability values is also proving difficult, it seems as if it new's the weapon again to make it one less, either that or DSemus cheat search is broken, I should try in No$GBA...
Also if the Save states worked that would really help.. they sometimes work in the same session, but never across sessions..
-
- Posts: 1565
- Joined: Tue Feb 07, 2017 2:03 am
Re: Help with DS reverseing
Is there any way to search ram in No$GBA, I can use DSemu to find an address but because the game dynamically allocs everything the address doesn't mean anything when I run it in No$GBA.
Being able to search the snapshots would do, but there doesn't seem to be any docs on its format, and its a 2MB file for a machine that has 4MB of RAM.. so I guess it has compression in it...
Being able to search the snapshots would do, but there doesn't seem to be any docs on its format, and its a 2MB file for a machine that has 4MB of RAM.. so I guess it has compression in it...