GBARunner2
GBARunner2 copied to clipboard
Gericom
Roms (hacks) with code above a couple of megabyte don't work
Its seems that some rom hacks of pokemon fire red games that expand the rom from 16mb to 32 mb seem to not be supported and always white screen after bios intro.
That's because they usually append code at the end of the rom. It's currently impossible to execute code above 2 or 3 MB
Is there any eventual plan to fix this issue? Pokemon rom hack community is large. Not demanding a fix im just curious.
It will never fully be fixed, but on dsi and 3ds the extra memory available could probably be used. On 3ds there's 32 MB available
I remember reading from older logs an idea about code caves, basically the current section executed is a small area, and older sections are tossed/updated and code is relative from the GBA side to that section. So when the code would be outside the scope, another codecave'd have to be filled in.
That would solve games reading relative stuff outside the 2.8~MB range. And in extreme cases, another "external" code cave'd be required for inmediate values outside the current code cave.
That way literally everything would work... and the prefetch abort handler could help in there to catch edge cases speeding up exceptions.
edit: I mean it's just an idea but this could potentially fix rom hacks (as these are mapped outside the 2.8~MB range because binaries are built as compact as possible)
Wouldn't it be very hard to manage. The size of protection regions is also at least 4kb and we don't have many of them. If you meant like using mirrors of main memory, then that also doesn't fully work on ds, since we only have 16MB of mirror.
in fact mirrors can just aid in resolving timing stuff, but these aren't critical to get stuff running.
Basically both "code cave events" would trigger when:
-
Data abort based event: would trigger everytime we are outside the code cave (MPU based protection). Real life example: Literally trying to read/write SRAM area (as currently does), or reading outside the codecave scope
-
Prefetch abort based event: When the code tries to run code directly from the GBA ROM area, which is unmapped, and happens currently, and that is triggered in the "instruction pipeline" stage rather than "instruction execution" (because that would mean data abort event), and that happens earlier. Real life example: Branch with link's resulting address pointing to an unmapped region area (such as the GBA ROM)
How would you resolve a branch from 0x02040000 (gba rom 0x08000000) to 0x03000000 (gba rom 0x08FC0000, but also iwram) then? You can't know if it was a relative branch or not.
- First of all, the address can be read from the inmediate value bits, from a register or if branch with link, from two half word bytes. So you need to keep track of the current relative offset from within the code cave, and the global offset (the gba map it's supposed to).
Second, the prefetch abort will raise exceptions if the memory resolved in the prefetcher unit is not mapped. So for code caves you need to keep both (above) offsets, and for the prefetch exception, keep the current offset from the current code cave - the global offset. That one should be added to the new relocated code within the new code cave. Then if a new code cave is reloaded, both the global and the code cave size - current code cave offset should be added and used to relocate the upcoming code cave.
And third, the offsets are hardcoded in the GBA ROM, and these point to 0x08000000 onwards. And the prefetch abort will raise the exception if any inmediate, rd or branch with link.
As long as you keep these two offsets, and identify when LDR pc,=NxNNNNNNNN and branches within the GBA ROM map take place, code should be patched to run within a code cave. And normally code that goes to 0x03000000 or 0x02000000 or others will run in there, same for static code within these areas.
How would you resolve a branch from 0x02040000 (gba rom 0x08000000) to 0x03000000 (gba rom 0x08FC0000, but also iwram) then? You can't know if it was a relative branch or not.
save stack, read registers scope , if 0x08000000 then patch and relocate code, jump to codecave, execute code cave, before jumping to restore code, decide if the upcoming PC runs from unmapped area, and decide wether jump to new code cave (and update global offsets), or simply restore and execute (which means patching PC) and updating the code cave stuff.
And there is a way to know if a relative branch takes place, because relative branches are calculated within the current PC offset, +- an inmediate value, a RD or a branch with link (constructed new address). So in this case if the current code runs from within the 0x08000000, the PC address must be subsequently relocated to a new code cave if memory is unmapped.
...
- Or Well, or code the prefetch abort handler to read the source aborted PC, and let it prefetch abort and run code cave and restore to an upcoming possible abort PC address and update the offsets (that should speed up things).
I do hope rom hacks will soon bee able to work, because I know someone who is making a Pokemon Uranium hack for FireRed, and I really want to play it on my DSi XL on the go when its done.
Tested pokemon fire red hack pokemon adventure red chapter. With the most recent c Release It works to a degree. The rtc doesn't function and it crashes at the first battle.
Tested pokemon fire red hack pokemon adventure red chapter. With the most recent c Release It works to a degree. The rtc doesn't function and it crashes at the first battle.
FireRed don’t support rtc
Tested pokemon fire red hack pokemon adventure red chapter. With the most recent c Release It works to a degree. The rtc doesn't function and it crashes at the first battle.
FireRed don’t support rtc
I know but this rom hack adds it.
@Gericom I got the rtc to work by changing the Rom id with a header editor and applying the patch if will link. So the only problem with this rom hack now afaik is that it black screens at the first battle with the music playing in the background during the black screen Gonna test a couple more rom hacks with this method now will edit wit results
@TriforceOfPwnage have you tried this Romhack on the hicode release https://github.com/Gericom/GBARunner2/releases/tag/v20200812-130512_d5dc8d8 ?
yup i have and it works fine. Sorry I forgot to update this issue. I completely forgot I authored it lol
@Kirit29 I have the same problem for the first battle in pokemon red chapter. It turns black and then the music plays. If you've solved it can you please tell me how? Thanks again.
@AhsanAmeer1066 sorry for the late reply. to fix the rtc problem you have to hex edit the rom. open it in a hex editor and look for the line that reads POKÉMON FIRE BPRE and change it to POKÉMON Ruby AXVE. Then use the hybrid gbarunner 2 build included in twilight menu ++ 3ds. Then you should be all set. Also you have to apply the patch to your adventure red rom that i linked above before you do any of this.
@Kirit29 Hi, thanks for the reply I tried it, but it freezes at the gameboy loadup. Do you know what the issue is?
try turning off the bios intro. see if the rom loads in another emulator just just in case the rom got corrupted
@Kirit29 Yes it loads now, except the time now is stuck at 00:00:00 instead of a bunch of question marks
@Kirit29 Yes, it works now, I remembered I had already patched the rom with the ips a few days ago so re patching it was messing it up. Thank you for your help.
@Kirit29 Hi I have the same problem with pokemon clover and pokemon glazed white screen at startup. Where on the sd card should the hybrid version be stored? (I have a Dsixl)
