Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: [Concept]Patching ROM On-The-Fly using ACE  (Read 138 times)

0 Members and 1 Guest are viewing this topic.

Parzival

  • The Betrayed, The Cleansed, The Reborn
  • GCLF Member
  • Offline Offline
  • It begins.
    • View Profile
[Concept]Patching ROM On-The-Fly using ACE
« on: May 20, 2017, 04:33:23 pm »
On the Discord server, I had a thought while fucking around with SmashStack which may prove very interesting if it can be pulled off: "Can we patch ROM on-the-fly with a middleman?"
Now, this sounds fucking impossible, because of things like "ROM is read-only" and "you sound fucking insane, what the hell is SmashStack and why is this post nowhere near properly worded?", but hear me out.
There's some homebrew that most people use with SmashStack, and it's called Riivolution. When the disc is accessed to load data, Riivolution intercepts this call, loads the data to unused RAM, patches it, then puts the modified data where it needs to be. We could do this with Pokemon Yellow. In GBc mode, the game does fucking nothing half the time because it only needs 4Mhz, and the double speed of the GBC fucks with it. This solves multiple problems we'd face, namely "this would slow the game down" and "we can't easily interrupt the game's path of execution and throw data everywhere without fucking s**t up". BECAUSE the game's doing nothing, it doesn't matter what we do, as long as we're back in the game's normal operation when it comes time to actually do something. Of course, with ACE, we can influence what "normal" is, which means we could copy the next bits of code needed from ROM to RAM, patch it, then run it, effectively being able to bend the game to our will by copying and patching more code after running the previous batch. We could merely allocate a certain amount of space in, say, SRAM, write code to the allocated space, then put the loop that writes and patches the next batch right after it. Of course, jumps, interrupts and the like will screw with it, but I'll bet my soul that there's a way around that.

Thanks for listening to me shout my insanity at you for like 20 minutes. Do you think this is possible? We've done some amazing s**t, but if we can pull this off we can all ascend into godhood, so it's worth a shot, right?
Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.

Caveat

  • The Metropolitan Mutant of Ark
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • Wrrrooooooaaaar! Peeko!
    • View Profile
Re: [Concept]Patching ROM On-The-Fly using ACE
« Reply #1 on: May 20, 2017, 04:44:08 pm »
If we can wield this thing and use it to execute arbitrary code IN OTHER GAMES, I think this just might be possible!
HOLD ME, I'M A PALE MACHINE
LIFE IS JUST OKAY OUT HERE, ANYONE CAN SEE
I'M LONELY, WITH MY PALE MACHINE
EYES WILL RUN WITH TIRED TEARS, LIVING LIKE A DREAM


Japanese Glitchdex
Petscop Thread

Twitter
(warning: contains bad grammar and copious rambling)

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: [Concept]Patching ROM On-The-Fly using ACE
« Reply #2 on: May 20, 2017, 07:05:30 pm »
If we can wield this thing and use it to execute arbitrary code IN OTHER GAMES, I think this just might be possible!
And then this comes into play ! :D
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Caveat

  • The Metropolitan Mutant of Ark
  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
  • Wrrrooooooaaaar! Peeko!
    • View Profile
Re: [Concept]Patching ROM On-The-Fly using ACE
« Reply #3 on: May 20, 2017, 07:45:39 pm »
That's what I meant!

If we have the power to transplant code into other games, I think we could modify ROM...
HOLD ME, I'M A PALE MACHINE
LIFE IS JUST OKAY OUT HERE, ANYONE CAN SEE
I'M LONELY, WITH MY PALE MACHINE
EYES WILL RUN WITH TIRED TEARS, LIVING LIKE A DREAM


Japanese Glitchdex
Petscop Thread

Twitter
(warning: contains bad grammar and copious rambling)

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: [Concept]Patching ROM On-The-Fly using ACE
« Reply #4 on: May 21, 2017, 03:52:58 am »
I just took the time to read the first post - it was 4am yesterday, don't blame me - and I'll share my thoughts.

First, modifying code would be hugely difficult, namely because of all the branching that would have to be patched. Doing this would be very time-consuming, and even double-speed mode would make it very difficult. Imagine, you'd have to turn all branching operations into something else, BUT you can't just look for the corresponding bytes, because they could be operands.

Second problem is, the game may spend most of its time doing nothing - that's actually good programming practice, it saves battery - it's not always the case. Watch the CPU activity meter in BGB, and you'll see sometimes it's full.

Third : the GB's memory is too small to be able to run code like that. Patching data reads is possibly feasible, but not code. "But the GBC has much more memory !" Yes, but it's banked. Meaning, if the code we run is in WRAM bank, say, 2, the data is in bank 1. And while there is unused memory in bank 1 (DEE2-DFA0~B0   <- DF00-DFFE is stack space, but the stack never goes past DFA0 unless using 9F) it's small. 128 bytes isn't enough in my opinion.

Fourth : interrupts. The VBlank interrupt uses WRAM bank 1, so we would have to disable the VBlank interrupt, eventually switch to bank 1 and wait for it.
This does imply patching all functions that wait for VBlank.


Here's my idea, which is somewhat a lighter version of this :
- Copy the modified versions of the routines at start-up in WRAM, including the overworld loop
- Have a loader in SRAM (probably bank 0) that provides functions to read and write to WRAM bank 1 (since code isn't in bank 1)
To know what to copy, we'd need an external storage, right ? Here are my solutions :
- Have a table transferred by serial cable from a cartridge whose SRAM is dedicated to that
- Save such a table in our own SRAM ; I'm not sure if that is really feasible, but for example we could remove the Hall of Fame functionalities to benefit from the whole SRAM bank 0.
   Of course, this also means no glitchmon sprites. But we could patch the sprite decompression routine to never overflow.
- Cartswap !


That's what I think of it. Main problem with this is that unlike the Wii, the GB has no "disc read" handlers, no threaded processing, nothing. We are much more limited, so I think your concept isn't possible, but by restricting ourselves it possibly could.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Parzival

  • The Betrayed, The Cleansed, The Reborn
  • GCLF Member
  • Offline Offline
  • It begins.
    • View Profile
Re: [Concept]Patching ROM On-The-Fly using ACE
« Reply #5 on: May 21, 2017, 07:16:51 am »
While these are all good points, you've missed a few things, probably because I forgot to put them into the above text wall. Prepare for another one. (My bad. :P)

1. I said SRAM, not WRAM. I was intending to use all of bank 1 (or 0, whatever one HoF resides in), so space and VBlank aren't as much of an issue.
2. I know that the game isn't always sitting on its ass doing nothing, but it still does so A LOT. Like, an insane amount for a GBC game. There's still plenty of time for us to s**t out new code.
3. I was thinking about the branching problem, and we could make a modification table somewhere in SRAM that would run as part of the copy routine to make sure we get the right code. For code that isn't modified, we can reuse at least some of it (y'know, anything with a RET at the end) and keep ACE.
Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: [Concept]Patching ROM On-The-Fly using ACE
« Reply #6 on: May 22, 2017, 12:05:10 pm »
You can't use all of bank 0. Right before HoF are sprite decompression buffers.
And they take a fair share of that SRAM bank.
Maybe you can store some extra code, IIRC there are unused memory segments in banks 1 to 3.

Your solution might be a pain to implement. But since I'm not going to try - I've got other things on my schedule lately - I can't tell for sure.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)