Hijacking and YOU
Hijacking? Yes. It sounds scary. But, it's really not! All it is is just finding a code and make your own run alongside it. How do you hijack? Well, that's what I'll tell you.
To hijack, you must first have some ASM code you want to have run somewhere, like this:
Code
LDA #$01 STA $19
This will always make Mario big. Why? I don't know. It's just an example.
Now, how do we get it to run somewhere? We hijack.
The first step in hijacking is to look in all.log for the start of a routine that you could tell runs every frame. Now, this is actually easy. Look down a little bit and see if you can find something that you could just tell by looking at the name that it would have to run every frame.
For example, I'll use $008650. It has to do with a controller update thing. You could just tell that it would have to do this every frame.
Now, look at the start of the code in all.log. You can't see the $008650 because it doesn't feel like it. You can tell that it's there because the next one in $008653, and above that, you can see that there's three bytes, so you can tell that's where the start is.
So, we need to write the instructions to jump all the way to our code somewhere else in the ROM. Here's how we start:
Code
org $8650
But how do we write those instructions? Look at this:
See how I highlighted those 5 bytes? This is important. What we want to do for this whole hijack is overwrite a little bit of code so we can put our own in, then eventually restore that code that we overwrote later. We can't just delete the code altogether. It would insue a music.
So, the reason I highlighted those bytes is because to overwrite this code, we have to fill in those bytes with the instruction to go to our code. For some places you hijack, you'll have to do different ways of telling the SNES to go to our code.
Now, just for reference, it takes 4 bytes to JSL to somewhere, which is what you want to do. You want to JSL to your code. Now, because there's an opcode group that takes 3 bytes here, we have to use the next group of opcodes, which is 2. So, 5-4=1. That means we're 1 byte missing we have to overwrite. How do we do this? I'll show you.
Code
org $8650 NOP JSL OurCode
NOPing takes 1 byte. So, if you have to in any hijack ever, fill space with a NOP or two, then JSL to your code. Sometimes, you don't even have to NOP. That happens when at the start of a routine, there's two groups of 2 byte opcode groups. Now, let's make our code. And we need to make sure we set some freespace.
Code
org $8650 NOP JSL OurCode org $138000 ;here's some for example OurCode: LDA #$01 STA $19
Wait, don't we have to restore code and return to what we were at? Yes. So let's look at whatever those bytes meant in ASM:
It meant LDA.W $4218 : AND.B #$F0. Now, I'll tell you right now, the .W and the .B won't work if you're using xkas. Why? That's because all.log is not in xkas format. So, just take them out if you see anything like this.
Now, let's restore the code and return so that the rest of the code after the spot we hijacked can continue. And since we used a JSL, we RTL.
Code
org $8650 NOP JSL OurCode org $138000 OurCode: LDA #$01 STA $19 LDA $4218 AND #$F0 RTL
Cool! We did it! We hijacked!
But, there's one more thing to do to make sure our code doesn't get overwritten. We need to add a RATS tag. Here's how you do it:
Code
org $8650 NOP JSL OurCode org $138000 !CodeSize = OurCodeEnd-OurCodeStart db "STAR" dw !CodeSize-$01 dw !CodeSize-$01^$FFFF OurCodeStart: LDA #$01 STA $19 LDA $4218 AND #$F0 RTL OurCodeEnd:
That's it. Notice I changed the labels.
So we're done! I hope now you understand how to hijack. Leave comments and stuff if you need help or have suggestions.
I have no idea what to change my layout it to...