Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PARv3 pointer codes not working properly #2026

Closed
flingrocks opened this issue Jan 26, 2021 · 2 comments
Closed

PARv3 pointer codes not working properly #2026

flingrocks opened this issue Jan 26, 2021 · 2 comments

Comments

@flingrocks
Copy link

@flingrocks flingrocks commented Jan 26, 2021

For GBA Action Replay v3 pointer codes, currently only the 32-bit pointer codetype is working properly. The 8-bit and 16-bit pointer codetype aren't functioning as intended and may even crash mGBA. This has to do with the address offset (available on 8/16-bit type).

Pointer Write
Write to the [address located in base address] + offset.

40aaaaaa yyyyyyxx, baseAddress = 0a0aaaaa, offset = yyyyyy
42aaaaaa yyyyxxxx, baseAddress = 0a0aaaaa, offset = yyyy*2
44aaaaaa xxxxxxxx, baseAddress = 0a0aaaaa

The current calculation:
address = _readMem(device->p, address + cheat->addressOffset, 4);

This is adding the offset to the base address.
But instead, we should be reading the base address first, and adding the offset to that. Something like:
address = _readMem(device->p, address, 4) + cheat->addressOffset;

@endrift
Copy link
Member

@endrift endrift commented Jan 26, 2021

Do you have examples of codes that use this type? I'd like things to compare against when testing.

@flingrocks
Copy link
Author

@flingrocks flingrocks commented Jan 26, 2021

I think perhaps Pokémon Emerald/FireRed/LeafGreen would have the most pointer codes. To counter cheat devices, some sensitive data in these games dynamically moves around, but the pointer codetype can tap the game's own pointers to accurately target the data.

Some examples from Pokémon Emerald:

Fly Anywhere on Map + Access Fly Map (L+R)
D600F8D4 5067F0E4
FED9F725 94C01506
B6C5368A 08BE8FF4
06C3D04B A7C35638

-Pointer code writes value 0x02 to [address located in 0x0203A148] + 0xA.

1st PC Item (99): Kings Rock
ED3F5DD3 C15D1F01
AD9CA52F 09F43F9B

-First pointer code writes value 0x00BB to [address located in 0x03005D8C] + (0x24C * 2). Final address if static by using Anti-DMA code should be 0x02025E98.

Event on TV: Blend Master
3487D398 E1ABB132
3C3CD486 FCF6157D
ED2670EF 5469CBBC

An old Codejunkies (M) code targeted the game's item encryption key using:
38EBB91D 36FE8458
BCF15887 85F2256A
but it was removed since erasing the CryptKey messed up bag item quantities, rather than their intention to decrypt them.
The CryptKey address if made static is 0x02024B00.

@endrift endrift closed this in b1a06ed Jan 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants