Language…
10 users online:  Atari2.0, Cristian Cardoso, Green, Isikoro, marvisjj, masl, Oskise, RenkoV2, SpacePea,  Telinc1 - Guests: 233 - Bots: 315
Users: 64,795 (2,377 active)
Latest user: mathew

How to Hijack

Hijacking and YOU



Hijacking? Yes. It sounds scary. But, it's really not! All it is is just finding a code and make your own run alongside it. How do you hijack? Well, that's what I'll tell you.

To hijack, you must first have some ASM code you want to have run somewhere, like this:

Code
LDA #$01
STA $19


This will always make Mario big. Why? I don't know. It's just an example.

Now, how do we get it to run somewhere? We hijack.

The first step in hijacking is to look in all.log for the start of a routine that you could tell runs every frame. Now, this is actually easy. Look down a little bit and see if you can find something that you could just tell by looking at the name that it would have to run every frame.

For example, I'll use $008650. It has to do with a controller update thing. You could just tell that it would have to do this every frame.

Now, look at the start of the code in all.log. You can't see the $008650 because it doesn't feel like it. You can tell that it's there because the next one in $008653, and above that, you can see that there's three bytes, so you can tell that's where the start is.

So, we need to write the instructions to jump all the way to our code somewhere else in the ROM. Here's how we start:

Code
org $8650


But how do we write those instructions? Look at this:



See how I highlighted those 5 bytes? This is important. What we want to do for this whole hijack is overwrite a little bit of code so we can put our own in, then eventually restore that code that we overwrote later. We can't just delete the code altogether. It would insue a music.

So, the reason I highlighted those bytes is because to overwrite this code, we have to fill in those bytes with the instruction to go to our code. For some places you hijack, you'll have to do different ways of telling the SNES to go to our code.

Now, just for reference, it takes 4 bytes to JSL to somewhere, which is what you want to do. You want to JSL to your code. Now, because there's an opcode group that takes 3 bytes here, we have to use the next group of opcodes, which is 2. So, 5-4=1. That means we're 1 byte missing we have to overwrite. How do we do this? I'll show you.

Code
org $8650
NOP
JSL OurCode


NOPing takes 1 byte. So, if you have to in any hijack ever, fill space with a NOP or two, then JSL to your code. Sometimes, you don't even have to NOP. That happens when at the start of a routine, there's two groups of 2 byte opcode groups. Now, let's make our code. And we need to make sure we set some freespace.

Code
org $8650
NOP
JSL OurCode

org $138000	;here's some for example

OurCode:
LDA #$01
STA $19


Wait, don't we have to restore code and return to what we were at? Yes. So let's look at whatever those bytes meant in ASM:



It meant LDA.W $4218 : AND.B #$F0. Now, I'll tell you right now, the .W and the .B won't work if you're using xkas. Why? That's because all.log is not in xkas format. So, just take them out if you see anything like this.

Now, let's restore the code and return so that the rest of the code after the spot we hijacked can continue. And since we used a JSL, we RTL.
Code
org $8650
NOP
JSL OurCode

org $138000

OurCode:
LDA #$01
STA $19
LDA $4218
AND #$F0
RTL


Cool! We did it! We hijacked!

But, there's one more thing to do to make sure our code doesn't get overwritten. We need to add a RATS tag. Here's how you do it:

Code
org $8650
NOP
JSL OurCode

org $138000

!CodeSize = OurCodeEnd-OurCodeStart
db "STAR"
dw !CodeSize-$01
dw !CodeSize-$01^$FFFF

OurCodeStart:
LDA #$01
STA $19
LDA $4218
AND #$F0
RTL
OurCodeEnd:


That's it. Notice I changed the labels.

So we're done! I hope now you understand how to hijack. Leave comments and stuff if you need help or have suggestions.
I have no idea what to change my layout it to...
Technically Iceguy already created a "Routine hacking and patch creating" tutorial that covers this, though I haven't read either to decide which is better, so I can't really say.
Oh well. I didn't know that at the time. I don't know who's is better, but I suppose the one that would relate to n00bs the most is the one made by the one closer to being a n00b. :>

I think I did a good job on it, and I hope some people learn about it.
I have no idea what to change my layout it to...
Great tutorial. I might add, however, while LDA.W and AND.B won't work in xkas, LDA.w and AND.b will. TRASM uses uppercase letters, xkas uses lowercase.
Originally posted by ZombieBanana
Great tutorial. I might add, however, while LDA.W and AND.B won't work in xkas, LDA.w and AND.b will. TRASM uses uppercase letters, xkas uses lowercase.

You don't even need to add those. Xkas does all the ".x" work for you.
This seems like a good place to logde a request. Do you approve TheGag96?
Merry Christmas!!
Originally posted by Jacobaco
This seems like a good place to logde a request. Do you approve TheGag96?

I disapprove. This fits either here or here.
<blm> zsnes users are the flatearthers of emulation
Originally posted by Alcaro
Originally posted by Jacobaco
This seems like a good place to logde a request. Do you approve TheGag96?

I disapprove. This fits either here or here.

Ok.
Merry Christmas!!