Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ogre Battle Gaiden (Densetsu no Ogre Battle) Translation
#21
Loïc, could you post the source of the called function that pops the return and then retrieves some values? I assume it's quite short.

Also, what does that first bit of code do before the "jump" to call the "function?"
Card Fighters' Clash 2 English Translation ( http://cfc2english.blogspot.com/ )
Neo Geo Pocket Flash Cart and Linker Project ( http://www.flashmasta.com/ )
Avatar art thanks to Trev-Mun ( http://trevmun.deviantart.com/ )
Reply
#22
(04-10-2019, 12:30 AM)Flavor Wrote: Loïc, could you post the source of the called function that pops the return and then retrieves some values?  I assume it's quite short.

Also, what does that first bit of code do before the "jump" to call the "function?"

Values are set only as example...

as an example, jump are handled like that :

Code:
0x200180: LD XHL,(0x4006)                          : E1 06 40 23                |  
0x200184: LD XIX,0x0020018F                        : 44 8F 01 20 00             |  
0x200189: LD (0x4006),XIX                          : F1 06 40 64                |  
0x20018D: JP T,XHL                                 : B3 D8                      | here we can assume XHL eq 0x294CFE

Then we jump to  :

Code:
0x294CFE: PUSH XIY                                 : 3D                         |  
0x294CFF: LD XIY,0x00299592                        : 45 92 95 29 00             |  
0x294D04: LD IZ,0x0122                             : 36 22 01                   |  
0x294D07: LD IX,0x9C80                             : 34 80 9C                   |  
0x294D0A: CALL 0x200BAC                            : 1D AC 0B 20                |  
0x294D0E: POP XIY                                  : 5D                         |  
0x294D0F: CALL 0x20023C                            : 1D 3C 02 20                |  

From this point, the call operator push 0x294D11 to the stack.
Instead of a RET, the function pop 0x294D11 from the stack and uses it to retrieve other values.

Code:
0x20023C: POP XDE                                  : 5A                         |  
0x20023D: LD A,(XDE++1)                            : C5 E8 21                   |  
0x200240: LD XHL,0x002007A1                        : 43 A1 07 20 00             |  
0x200245: LD HL,(XHL + A)                          : D3 03 EC E0 23             |  
0x20024A: JP T,XHL                                 : B3 D8                      |  

note : We can reach this function either by a call 0x20023C or a jump 0x20023D


Here, I could find all the "CALL 0x20023C" to retrieve every single "A" value to find all XHL possible jump.

Up to now, though I'm able to find some text in the ROM, I couldn't find how they are addressed in the code. I found tables in Nigeronpa, but not here... maybe everithing is stored using base address + offset


I was lucky with Nigeronpa that was a lot easier to read !
Reply
#23
Code:
0x200180: LD XHL,(0x4006)                          : E1 06 40 23                |  
0x200184: LD XIX,0x0020018F                        : 44 8F 01 20 00             |  
0x200189: LD (0x4006),XIX                          : F1 06 40 64                |  
0x20018D: JP T,XHL                                 : B3 D8                      | here we can assume XHL eq 0x294CFE

That bit seems to use (0x4006) as something of a jump/return address.  Even the setup code uses (0x4006) to pull out the address that will be jumped to, then it puts the return address into (0x4006).  But, I don't see that being used in the "return" code.

Is there other code that reads (0x4006) to know to return to 0x0020018F (which would be the next instruction after the JP at 0x20018D)?
Card Fighters' Clash 2 English Translation ( http://cfc2english.blogspot.com/ )
Neo Geo Pocket Flash Cart and Linker Project ( http://www.flashmasta.com/ )
Avatar art thanks to Trev-Mun ( http://trevmun.deviantart.com/ )
Reply
#24
They are other part of ram that are used to store procedure/function locations (0x4002 too).

my concern is more about that part :


Code:
Code:
0x20023C: POP XDE                                  : 5A                         |  
0x20023D: LD A,(XDE++1)                            : C5 E8 21                   |  
0x200240: LD XHL,0x002007A1                        : 43 A1 07 20 00             |  
0x200245: LD HL,(XHL + A)                          : D3 03 EC E0 23             |  
0x20024A: JP T,XHL                                 : B3 D8                      |  


as we reach 0x20023C by a JUMP embedded in a CALL, so A receive the first byte immediately after the CALL address
Code:
0x2XXXX0 : CALL 0x20023C (4 bytes long instruction)
0x2XXXX4 : bb (1 byte value)

I don't know what kind of tool generates such code. 0x002007A1 is some kind of function offset table, accessing a range from 0x00200000 to 0x0020FFFF, giving a maximum number of function of 64 different offset (256/4).

On an other level, my disassembly tool was considering unconditioned jump or RET as a function ending. Here, I also have to consider CALL 0x20023C as a function exit.
Reply
#25
I think you're right. The byte after the operation "CALL 0x20023C" (labeled 'bb' above) will be an index into an array of return locations that the call would return to after executing 0x20023C.

Were you saying before that you haven't found the array of strings (the script) in the ROM, yet?
Card Fighters' Clash 2 English Translation ( http://cfc2english.blogspot.com/ )
Neo Geo Pocket Flash Cart and Linker Project ( http://www.flashmasta.com/ )
Avatar art thanks to Trev-Mun ( http://trevmun.deviantart.com/ )
Reply
#26
(04-10-2019, 06:59 AM)Flavor Wrote: I think you're right.  The byte after the operation "CALL 0x20023C" (labeled 'bb' above) will be an index into an array of return locations that the call would return to after executing 0x20023C.

Were you saying before that you haven't found the array of strings (the script) in the ROM, yet?

Yes, it doesn't seems to have 'direct' link to text (llike Nigeronpa did). I think that I need to find offset table(s), but I still need to find the base address, or to understand to source code...
Reply
#27
Have you tried a relative search program?
https://www.romhacking.net/?page=utiliti...lsearch=Go

I've heard about Monkey-Moore before. "Wanna search a Japanese ROM? Monkey-Moore is the way to go."
https://www.romhacking.net/utilities/513/
Card Fighters' Clash 2 English Translation ( http://cfc2english.blogspot.com/ )
Neo Geo Pocket Flash Cart and Linker Project ( http://www.flashmasta.com/ )
Avatar art thanks to Trev-Mun ( http://trevmun.deviantart.com/ )
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)