Hijacking and YOU
Hijacking? Yes. It sounds scary. But, it's really not! All it is is just finding a code and make your own run alongside it. How do you hijack? Well, that's what I'll tell you.
To hijack, you must first have some ASM code you want to have run somewhere, like this:
[code]LDA #$01
STA $19[/code]
This will always make Mario big. Why? I don't know. It's just an example.
Now, how do we get it to run somewhere? We hijack.
The first step in hijacking is to look in all.log for the start of a routine that you could tell runs every frame. Now, this is actually easy. Look down a little bit and see if you can find something that you could just tell by looking at the name that it would have to run every frame.
For example, I'll use $008650. It has to do with a controller update thing. You could just tell that it would have to do this every frame.
Now, look at the start of the code in all.log. You can't see the $008650 because it doesn't feel like it. You can tell that it's there because the next one in $008653, and above that, you can see that there's three bytes, so you can tell that's where the start is.
So, we need to write the instructions to jump all the way to our code somewhere else in the ROM. Here's how we start:
[code]org $8650[/code]
But how do we write those instructions? Look at this:
See how I highlighted those 5 bytes? This is important. What we want to do for this whole hijack is overwrite a little bit of code so we can put our own in, then eventually restore that code that we overwrote later. We can't just delete the code altogether. It would insue a music.
So, the reason I highlighted those bytes is because to overwrite this code, we have to fill in those bytes with the instruction to go to our code. For some places you hijack, you'll have to do different ways of telling the SNES to go to our code.
Now, just for reference, it takes 4 bytes to JSL to somewhere, which is what you want to do. You want to JSL to your code. Now, because there's an opcode group that takes 3 bytes here, we have to use the next group of opcodes, which is 2. So, 5-4=1. That means we're 1 byte missing we have to overwrite. How do we do this? I'll show you.
[code]org $8650
NOP
JSL OurCode[/code]
NOPing takes 1 byte. So, if you have to in any hijack ever, fill space with a NOP or two, then JSL to your code. Sometimes, you don't even have to NOP. That happens when at the start of a routine, there's two groups of 2 byte opcode groups. Now, let's make our code. And we need to make sure we set some freespace.
[code]org $8650
NOP
JSL OurCode
org $138000 ;here's some for example
OurCode:
LDA #$01
STA $19[/code]
Wait, don't we have to restore code and return to what we were at? Yes. So let's look at whatever those bytes meant in ASM:
It meant LDA.W $4218 : AND.B #$F0. Now, I'll tell you right now, the .W and teh .B won't work here. Why? I don't know for sure. Sometimes it probably does, sometimes it doesn't. For now, just get rid of those. In any other time, see if it works with whatever is on the end if you patch it with xkas. If not, just get rid of them.
Now, let's restore the code and return so that the rest of the code after the spot we hijacked can continue. And since we used a JSL, we RTL.
[code]org $8650
NOP
JSL OurCode
org $138000
OurCode:
LDA #$01
STA $19
LDA $4218
AND #$F0
RTL[/code]
Cool! We did it! We hijacked!
But, there's one more thing to do to make sure our code doesn't get overwritten. We need to add a RATS tag. Here's how you do it:
[code]org $8650
NOP
JSL OurCode
org $138000
!CodeSize = OurCodeEnd-OurCodeStart
db "STAR"
dw !CodeSize-$01
dw !CodeSize-$01^$FFFF
OurCodeStart:
LDA #$01
STA $19
LDA $4218
AND #$F0
RTL
OurCodeEnd:[/code]
That's it. Notice I changed the labels.
So we're done! I hope now you understand how to hijack. Leave comments and stuff if you need help or have suggestions.