SMILing since 2003
-> Documents -> Metroid Fusion ASM tutorial
This tutorial will teach you some of the basics of ASM hacking for Metroid Fusion.
Metroid Fusion ROM
Hex Editor (preferably Hex Workshop)
no$gba debugger (or a version of VBA with debugging features)
First off, here are the most basic THUMB instructions:
add: Adds values ldr/ldrh/ldrb: Loads a value from the RAM to a register
sub: Subtracts values mov: Moves a value in a specified way
cmp: Compares values str/strh/strb: Stores a value to the RAM from a register
bl: links to another routine/subroutine nop: negates a RAM address's operation
Now that you know all that, let's start some ASM hacking. Open your debugging emulator and open the ROM. Start playing the game until you get to an area with an enemy. Click in the window with all the game code to pause the game. Open the "Go To" dialog(usually you can press Ctrl+G) and go to address $03001310. This is where your current health status is stored. Now, we want to see when it is written to, and which address writes to it. How do we do this? Open the Breakpoint dialog(usually Ctrl=B) and type !. This mean that emulation will stop and find the address that writes to it on any slight writes that occur. This is useful for finding immediate writes to a specified RAM address. After typing ! and pressing enter, click on the game window again and run into an enemy.
The emulation will freeze and you will be brought to an address with a bold square next to it, in this case $0800FEE0. Select the address right above it($0800FEDE) and pull up the "Assemble into Memory" dialog. Type "nop" and hit enter. Now resume the game and run into another enemy. You no longer take damage from it, and you are nearly invincible! Now go to a room with lava, acid, or electrified water, and fall in it. What? You are taking damage? Ok, this means that there are separate addresses for enemy damage and foreground effects damage. You have only disabled one of the addresses so far, so you are only invincible to enemies. But now, pull up the Breakpoint dialog again, type ! again, and hit enter. Touch the lava/acid/etc and you will be brought to a different address than the first time you did this for enemies.
You probably know now which address to nop, so I'll let you find that on your own. After that, touch the hazardous liquid again, and you will take no damage. With both operations nop'ed, you are completely invincible! Now, open the ROM in a hex editor. The debugger does not save the ASM hack to the ROM(it only saves it to the debugger, at least in no$gba), so we'll have to save it this way.
Go to address 0x0000FEDE(which is RAM address $0800FEDE, but you must remove the extra first digit in some cases when adding ASM changes to hex). Then look in your debugger at the number to the right of that address. It should say 46C0(which is the value that represents a nop). At 0x0000FEDE in the hex editor, reverse that number from 46C0 to C0 46 and type it in. Do the ame with the other address that you found through the second breakpoint. Save the ROM, and now you will take no damage
Congratulate yourself, as you have just completed your first ASM hack! Not so hard as they say, eh? Well, you need to know what you're doing before nop'ing everything important to the game. Below is a video of this first ASM hack.
> Watch on YouTube
> Download in better quality
Take a moment to reflect on what you just learned:
Finding an address
Finding a breakpoint
Nop'ing out operations of an address
Saving ASM changes to hex
There are plenty of things you can try with this, so always be on a lookout for new things to try. However, be sure to look at the RAM Map so that you know what you are doing. Good luck, and happy hacking!