改版杂项集合
本帖最后由 jiangzhengwenjz 于 2020-2-29 23:03 编辑由于一些东西的内容不足以支撑整个主题帖,因此我单开一贴,记录这些源码或修改,目前量还非常少,不过会不断扩充
不会编译源码的看这里:http://tieba.baidu.com/p/3552794531
之后更新的有些内容甚至称不上研究,只是对一些东西的分析,做个记录,希望能长期更新
当然所有代码限于火红
一、连锁技能回合数自定义与扩充【反向追踪后归结于对战斗命令0x8d与0x8e改建
1. 破除显示位数限制: (1→2)
在0x8028224写入00 48 00 47 00 00框内部分是以下程序指针(thumb模式+1).thumb
.align 2
mov r0, #0x1
strb r0,
strb r0,
strb r2,
mov r0, #0x2
strb r0,
ldr r0, =0x802822f
bx r02. 自定义攻击回合数上下限:
于0x281f2写入: 25 28 40 28 F9 DB 20 70 00 00 00 00 00 00 00 00 00 00注意勿使上限十进制值超过99,以及遵循下限小于上限的默认条件.
预览:(后面有些卡并非游戏问题)
http://i869.photobucket.com/albums/ab256/jiangzhengwenjz/Untitled_zps7q15o1hq.gif
二、跳过性别选择:
于0x12fdbc写入a1 00 13 08三、菜单扩容:
【本来差不多完成了,但源码却由于某些偶然原因暂时无法重新入手,等何时找回补上
终于得到了源码,但因为年代久远有些忘了。。所以这个可能有疏漏
首先这是我的源码以及前期工作:
hook1.asm
Code:.thumb
.align 2
@insert at 0806f39c
bx r0
lsl r0, r0, #0hook2.asm
Code:@insert at 0806edf4
.thumb
.align 2
ldr r2, =main2.asm的地址+1
bx r2main1.asm
Code:.thumb
.align 2
ldr r0, =0x0806F4E9
cmp r1, r0
beq return
ldr r0, =下面老外程序的地址+1
cmp r1, r0
beq return
ldr r0, =0x0806f3a1
bx r0
return:
pop {r0}
bx r0main2.asm
Code:.thumb
.align 2
ldr r2, =0x0806ed95
bl linker
mov r0, #9
ldr r2, =0x0806ed95
bl linker
pop {r0}
bx r0
linker:
bx r2另这里有个从老外那里搞来的运行菜单脚本源码、我就不修改了,直接放出,原理当然也是极为简单的。。.thumb
Main:
push {r0,lr}
bl CERRAR_MENU
bl RUTINASONICARVALHO
pop {r0,pc}
CERRAR_MENU:
ldr r0, RUTINA_EXIT
bx r0
RUTINASONICARVALHO:
push {lr}
ldr r0, SCRIPT_ADRESS
bl SCRIPT_ROUTINE
pop {pc}
SCRIPT_ROUTINE:
ldr r1, SCRIPT_EXECUTER
bx r1
.align 2
RUTINA_EXIT:
.word 0x0806f541
SCRIPT_ADRESS:
.word 0x08XXXXXX @此处改成脚本地址,并删掉我这个注释
SCRIPT_EXECUTER:
.word 0x08069ae5需要做的:
1. 重定向位于0x3a7344的表格,格式为[名称文本指针][该选项程序指针]........
2. 重定向位于0x3a7390的表格,格式为[介绍文本指针]...........
3. 将0806F3C0的指针改去指向main1.asm(thumb模式+1)
4. 根据源码中的位置提示在指定位置修改,并写入这些源码
5. 在2个表格中新增对应内容【废话
然后应该就行了,但可能也有些错误。。当然嫌介绍碍眼直接阉掉估计也并无不可,等有空弄吧。。
四、绿宝石对战前动画:
http://i869.photobucket.com/albums/ab256/jiangzhengwenjz/7-8_zpsiwx42jwk.png
1. 修改以下字节0x147C6A - 00 00 00 00
0xB13FD - 78
0x5C8F90 - CD 6A 0F 73 51 7B 93 7F D5 7F FF 7F
0x5C8F70 - CD 6A 0F 73 51 7B 93 7F D5 7F FF 7F
0x5C8F50 - CD 6A 0F 73 51 7B 93 7F D5 7F FF 7F2. 找空位写入下面的源码并作相应的字节变换:
写入00 48 00 47 AA AA AA 08于 0xB0F44, AA AA AA 08是下面源码指针(thumb模式+1).thumb
.align 2
ldrb r2,
cmp r2, #0
beq normal
ldr r0, =0x80B0F5D
bx r0
normal:
ldrh r2,
lsl r0, r2, #2
add r0, r0, r2
lsl r0, r0, #3
add r0, r0, r1
ldr r1, =0x80B0F4F
bx r1 写入00 48 00 47 BB BB BB 08于 0xB5E78, BB BB BB 08是下面源码指针(thumb模式+1).thumb
.align 2
cmp r4, #0x47
beq normal
cmp r4, #0x48
beq normal
ldr r0, =0x2038BCA
ldrh r0,
lsl r5, r0, #2
add r5, r0, r5
lsl r0, r5, #3
ldr r5, =0x806E4C4
ldr r5,
add r0, r0, r5
ldrb r4,
normal:
add r5, r1, #0
add r6, r2, #0
mov r9, r3
ldr r7,
ldr r0, =0x80B5E81
bx r0 写入01 49 08 47 00 00 CC CC CC 08于 0x147C42, CC CC CC 08是下面源码指针(thumb模式+1)
并将源码中0x8FFFFFF改为你的新色板表格
表格结构为[指针1][指针2][指针3]................
每个指针都应指向32字节的未压缩色板数据。.thumb
main:
ldr r1, ramoffset
ldrh r1,
lsl r0, r1, #0x2
add r0, r0, r1
lsl r1, r0, #0x3
ldr r0, trainertable
ldr r0,
add r1, r0, r1
ldrb r1,
cmp r1, #0x1f
beq oldway
cmp r1, #0x26
beq oldway
ldr r1, ramoffset
ldrb r1,
sub r1, #0x1
lsl r1, r1, #0x2
ldr r0, table2
add r1, r1, r0
ldr r0,
b back
oldway: ldr r1, table
mov r2, r8
mov r3, #0x26
ldrh r0,
lsl r0, r0, #0x2
add r0, r0, r1
ldr r0,
back: ldr r1, return
bx r1
.align 2
ramoffset: .word 0x02038BCA
trainertable: .word 0x0806E4C4
table:.word 0x085C8FDC
table2:.word 0x08FFFFFF
return:.word 0x08147C51如何在脚本中触发:trainerbattle 0(战斗类型,可更改) 0x50(对战的训练师ID) 0x0100 @pointertomsg1(文本指针1) @pointertomsg2(文本指针2)其中0x0100代表你的位于0x8FFFFFF的表格中的1号色板,0x0200为2号,0x0300为3号..................0xFF00为255号(0则代表不触发此动画),表格中最多堆放255个色板指针
一些游戏中使用的色板数据,可以用APE来修改他们以达到你的要求:(在不更改图片和raw的情况下,颜色要对应上,所以必须对应修改)D5 18 CE 39 52 4A D6 5A 5A 6B 17 5C 59 64 9B 6C DD 74 1F 7D CD 6A 0F 73 51 7B 93 7F D5 7F FF 7FD5 18 CE 39 52 4A D6 5A 5A 6B 41 07 A4 13 C6 1B E9 27 EF 3F FC 45 3E 4E 7F 56 BF 5E FF 66 FC 45若使用请注上Jambo51和jirachiwish的名字。
五、 火红自定义givepokemon:.thumb
/*脚本中使用方法:
lock
faceplayer
setvar 0x8000 0x19A //种族编号
setvar 0x8001 0x28 //等级
setvar 0x8002 0x8F //携带道具
setvar 0x8007 0x1F //6个个体值
setvar 0x8008 0x1F
setvar 0x8009 0x1F
setvar 0x800A 0x1F
setvar 0x800B 0x1F
setvar 0x800D 0x1F
setvar 0x800F 0x1 //闪光=1 不闪光=0
setvar 0x8014 0x1 //怪兽球编号
callasm 0x8LLLLLL //LLLLLL改为本源码地址+1,相当于加强版givepokemon
release
end*/
main_func:
push {r4-r7, lr}
sub sp, sp, #0x20
mov r0, #0x64
ldr r1, .malloc
bl jump_r1
mov r8, r0
ldr r1, .clear
bl jump_r1
mov r0, r8
ldr r1, .clear2
bl jump_r1
ldr r1, .random
bl jump_r1
mov r4, r0
ldr r0, .saveblockptr
ldr r2,
add r2, #0xA @OTID_loc
add r6, r2, #0
ldrh r1,
ldrh r5,
eor r5, r1 @TID xor SID
ldr r3, .var
ldrh r3,
ldr r1, .random
bl jump_r1
bl shinycheck
/*r0 = PID1, r4 = PID2*/
lsl r0, r0, #0x10
ldr r2, .var
add r2, #0x20
strh r4,
orr r0, r4 @PID
mov r1, #0
ldr r2, .var
add r2, #0x1C
str r0,
mov r0, r8
ldr r3, .setter1
bl jump_r3
mov r0, r8
ldr r3, .setter1
mov r1, #1
add r2, r6, #0
bl jump_r3
mov r0, r8
ldr r1, .checksum
bl jump_r1
ldr r2, .var
add r2, #0x1C
strh r0,
mov r0, r8
mov r1, #9
ldr r3, .setter1
bl jump_r3
mov r0, r8
ldr r1, .encrypt
bl jump_r1
mov r0, sp
ldr r1, .var
ldrh r1,
ldr r3, .loadname
bl jump_r3
mov r0, r8
mov r1, #2
mov r2, sp
ldr r3, .setter1
bl jump_r3
ldr r2, .language
mov r0, r8
mov r1, #3
ldr r3, .setter1
bl jump_r3
mov r0, r8
ldr r5, .saveblockptr
ldr r2,
mov r1, #7
ldr r3, .setter1
bl jump_r3
mov r0, r8
mov r1, #0xb
ldr r2, .var
ldr r3, .setter1
bl jump_r3
ldr r4, .stat
ldr r2, .var
ldrh r1,
lsl r0, r1, #3
sub r0, r0, r1
lsl r0, r0, #2
add r0, r0, r4
ldrb r1,
mov r0, #0xCA
lsl r0, r0, #1
add r2, r1, #0
mul r2, r0
ldr r0, .var
ldrb r0,
lsl r0, r0, #2
ldr r1, .exp
add r0, r0, r1
add r2, r2, r0
mov r0, r8
mov r1, #0x19
ldr r3, .setter1
bl jump_r3
ldr r1, .var
ldrh r0,
lsl r2, r0, #3
sub r2, r2, r0
lsl r2, r2, #2
add r4, #0x12
add r2, r2, r4
mov r0, r8
mov r1, #0x20
ldr r3, .setter1
bl jump_r3
ldr r1, .catchlocation
bl jump_r1
lsl r0, r0, #0x18
lsr r0, r0, #0x18
mov r1, #0x23
ldr r2, .var
add r2, #0x1C
str r0,
mov r0, r8
ldr r3, .setter1
bl jump_r3
mov r0, r8
mov r1, #0x24
ldr r2, .var
add r2, r2, #2
ldr r3, .setter1
bl jump_r3
mov r0, r8
ldr r2, .version
mov r1, #0x25
ldr r3, .setter1
bl jump_r3
ldr r2, .var
add r2, #0x26
mov r1, #0x26
mov r0, r8
ldr r3, .setter1
bl jump_r3
ldr r2,
add r2, #8
mov r0, r8
mov r1, #0x31
ldr r3, .setter1
bl jump_r3
bl iv_encrypt
ldr r2, .stat
ldr r3, .var
ldrh r1,
lsl r0, r1, #3
sub r0, r0, r1
lsl r0, r0, #2
add r0, r0, r2
ldrb r0,
cmp r0, #0
beq end
ldr r2, .var
add r2, #0x1C
ldrh r0,
mov r1, #1
and r0, r1
str r0,
mov r0, r8
mov r1, #0x2E
ldr r3, .setter1
bl jump_r3
end:
mov r0, r8
ldr r1, .sub_803E9E0
bl jump_r1
mov r0, r8
mov r1, #0x38
ldr r2, .var
add r2, r2, #2
ldr r3, .setter2
bl jump_r3
mov r0, r8
mov r1, #0x40
ldr r2, .var
add r2, #0x1C
mov r3, #0xFF
str r3,
ldr r3, .setter2
bl jump_r3
mov r0, r8
ldr r1, .recalculation
bl jump_r1
mov r0, r8
mov r1, #0xC
ldr r2, .var
add r2, #4
ldr r3, .setter2
bl jump_r3
mov r0, r8
ldr r1, .catch
bl jump_r1
lsl r0, r0, #0x18
lsr r4, r0, #0x18
ldr r0, .var
ldrh r0,
ldr r1, .convert
bl jump_r1
lsl r0, r0, #0x10
lsr r5, r0, #0x10
cmp r4, #1
bgt back
cmp r4, #0
blt back
add r0, r5, #0
mov r1, #2
ldr r3, .dexcheck
bl jump_r3
add r0, r5, #0
mov r1, #3
ldr r3, .dexcheck
bl jump_r3
back:
mov r0, r8
ldr r1, .free
bl jump_r1
add r0, r4, #0
ldr r4, .var
strh r0,
add sp, sp, #0x20
mov r0, #0
pop {r4-r7, pc}
shinycheck:
push {lr}
cmp r3, #0
beq jump_pc
ldr r1, .random
bl jump_r1
mov r1, #7
and r0, r1
eor r0, r5
eor r0, r4
jump_pc:
pop {pc}
iv_encrypt:
push {lr}
mov r7, #0
loop_iv:
ldr r2, .var
add r2, #0xE
mov r0, r8
ldr r3, .setter1
add r1, r7, #0
add r1, #0x27
lsl r6, r7, #1
add r2, r2, r6
bl jump_r3
add r7, r7, #1
cmp r7, #6
bne loop_iv
pop {pc}
jump_r1:
bx r1
jump_r3:
bx r3
.align 2
.malloc: .word 0x08002BB1
.clear: .word 0x0803D995
.clear2: .word 0x0803D97D
.random: .word 0x8044EC9
.setter1: .word 0x080404D1
.saveblockptr: .word 0x300500C
.var: .word 0x020370B8
.checksum: .word 0x0803E3E9
.encrypt: .word 0x0803F8F9
.loadname: .word 0x08040FD1
.language: .word 0x081E9F11
.stat: .word 0x08254784
.exp: .word 0x08253AE4
.catchlocation: .word 0x08056261
.version: .word 0x081E9F10
.sub_803E9E0: .word 0x0803E9E1
.setter2: .word 0x0804037D
.recalculation: .word 0x0803E47D
.catch: .word 0x08040B15
.convert: .word 0x08043299
.dexcheck: .word 0x08088E75
.free: .word 0x08002BC5六、翻动式多选框自定义:
实例:
http://i869.photobucket.com/albums/ab256/jiangzhengwenjz/1_zps67abpsw8.png.thumb
.align 2
initialize_func:
push {r4, r5, lr}
ldr r0, =0x809D6D5
ldr r1, =0x81119D5
bl call_via_r1
lsl r0, r0, #0x18
lsr r0, r0, #0x18
cmp r0, #1
beq back
mov r0, pc
add r0, #0x43
mov r1, #8
ldr r2, =0x0807741D
bl call_via_r2
lsl r0, r0, #0x18
lsr r5, r0, #0x18
lsl r0, r5, #2
add r0, r0, r5
lsl r0, r0, #3
ldr r1, =0x03005090
add r3, r0, r1
mov r2, #0
ldr r1, =0x020370B8
ldrh r0,
strh r0, @row_quantity
ldrh r0,
strh r0, @option_quantity
ldrh r0,
strh r0, @bottom_red_arrow_Y_coordinate
ldrh r0,
strh r0, @X_coordinate
ldrh r0,
strh r0, @Y_coordinate
mov r0, #8
strh r0,
mov r0, #0
strh r0,
strh r5,
ldrh r0,
strh r0,
ldrh r0,
strh r0,
back:
pop {r4, r5, pc}
main_func:
push {r4-r7, lr}
mov r7, r10
mov r6, r9
mov r5, r8
push {r5-r7}
sub sp, sp, #0x20
lsl r0, r0, #0x18
lsr r7, r0, #0x18
lsl r0, r7, #2
add r0, r0, r7
lsl r0, r0, #3
ldr r1, =0x03005090
add r5, r0, r1
ldr r1, =0x03000F28
mov r0, #1
strb r0,
ldr r0, =0x2039A18
ldr r1, =0x2039A0E
ldrh r1,
strh r1,
ldr r4, =0x2039A14
mov r1, #0xA
ldrsh r0,
lsl r0, r0, #3
ldr r1, =0x8002BB1
bl call_via_r1
str r0,
ldr r2, =0x80CBA7D
bl call_via_r2
mov r6, #0
mov r4, #0
mov r2, #0xA
ldrsh r0,
lsl r3, r7, #2
mov r10, r3
add r1, sp, #0x18
mov r9, r1
cmp r6, r0
bge .L_0
ldr r2, table
ldr r1, =0x020370B8
ldrh r1,
lsl r1, r1, #0x2
add r2, r2, r1
ldr r2,
mov r8, r2
.L_1:
ldr r0, =0x2039A14
ldr r0,
lsl r3, r4, #3
add r3, r3, r0
lsl r2, r4, #2
add r2, r8
ldr r1,
str r1,
str r4,
mov r0, #2
mov r2, #0
push {r4}
ldr r4, =0x8005ED5
bl call_via_r4
pop {r4}
cmp r0, r6
ble .L_2
add r6, r0, #0
.L_2:
add r0, r4, #1
lsl r0, r0, #0x18
lsr r4, r0, #0x18
mov r3, #0xA
ldrsh r0,
cmp r4, r0
blt .L_1
.L_0:
mov r0, r6
add r0, #9
cmp r0, #0
bge .L_3
add r0, #7
.L_3:
asr r0, r0, #3
add r2, r0, #1
strh r2,
mov r1, #0xC
ldrsh r0,
mov r3, #0x10
ldrsh r1,
add r0, r0, r1
cmp r0, #0x1D
ble .L_4
mov r0, #0x1D
sub r0, r0, r2
strh r0,
.L_4:
ldrb r2,
ldrb r3,
ldr r1, =0x020370B8
ldrh r0,
str r0, @width
ldrh r0,
str r0, @height
mov r0, #0xF
str r0, @palette?
mov r0, #0x38
str r0,
add r0, sp, #0x10
mov r1, #0
ldr r4, =0x0810FE51
bl call_via_r4
ldr r0,
ldr r1,
str r0,
str r1,
mov r0, r9
ldr r4, =0x08003CE5
bl call_via_r4
lsl r0, r0, #0x18
lsr r0, r0, #0x18
strh r0,
mov r1, #0
ldr r4, =0x80F7751
bl call_via_r4
ldr r4, =0x3005360
ldrh r0,
strh r0,
ldrh r0,
strh r0,
ldrh r0,
strb r0,
mov r0, r7
ldr r1, =0x80CBCC1
bl call_via_r1
ldrh r1,
ldrh r2,
mov r0, r4
ldr r3, =0x8106FF9
bl call_via_r3
lsl r0, r0, #0x18
lsr r0, r0, #0x18
strh r0,
ldrh r0,
lsl r0, r0, #0x18
lsr r0, r0, #0x18
ldr r1, =0x8003FA1
bl call_via_r1
ldrh r0,
lsl r0, r0, #0x18
lsr r0, r0, #0x18
mov r1, #3
ldr r3, =0x8003F21
bl call_via_r3
ldr r1, =0x03005090
mov r2, r10
add r0, r2, r7
lsl r0, r0, #3
add r0, r0, r1
ldr r1, =0x80CBB29
str r1,
add sp, sp, #0x20
pop {r3-r5}
mov r8, r3
mov r9, r4
mov r10, r5
pop {r4-r7, pc}
call_via_r1:
bx r1
call_via_r2:
bx r2
call_via_r3:
bx r3
call_via_r4:
bx r4
.align 2
table: .word 0x8表格地址需自建表格,表格1的地址填入源码,由指针构成,每个指针都指向一个表格(表格2),表格2亦由指针构成,每个指针都指向文本(0xff结尾)。
范例脚本:#org @specialhack
lock
setvar 0x8000 0x1 //行数量
setvar 0x8001 0x7 //选项数量
setvar 0x8002 0xA //X坐标
setvar 0x8003 0x5 //Y坐标
setvar 0x8004 0x0 //起始选项编号
setvar 0x8005 0x0 //初始框中的光标位置
setvar 0x8006 0x0 //框编号(对应于表格)
setvar 0x8007 0x8 //宽度
setvar 0x8008 0x2 //高度
setvar 0x8009 0xA //下面红色箭头的Y坐标
callasm 0x8[本程序地址 + 1]
waitstate
release
end 本帖最后由 殇月 于 2015-8-19 19:33 编辑
赞顶虽然最后的看不太懂。 这是什么东西?我根本看不懂啊。 我也来加一个
火红跳过对手名字选择130690处改成d1 07 13 08 忙碌的德国君 赞,感谢楼主分享
页:
[1]