改版杂项集合

jiangzhengwenjz

由于一些东西的内容不足以支撑整个主题帖，因此我单开一贴，记录这些源码或修改，目前量还非常少，不过会不断扩充

不会编译源码的看这里：http://tieba.baidu.com/p/3552794531
之后更新的有些内容甚至称不上研究，只是对一些东西的分析，做个记录，希望能长期更新
当然所有代码限于火红

一、连锁技能回合数自定义与扩充【反向追踪后归结于对战斗命令0x8d与0x8e改建
1. 破除显示位数限制: (1→2)
在0x8028224写入

1. 00 48 00 47 [XX+1 XX XX 08/09] 00 00

复制代码

框内部分是以下程序指针(thumb模式+1)

1. .thumb
   
2. .align 2
   
3. mov r0, #0x1
   
4. strb r0, [r1, #9]
   
5. strb r0, [r1, #0xa]
   
6. strb r2, [r1, #0xc]
   
7. mov r0, #0x2
   
8. strb r0, [r1, #0xb]
   
9. ldr r0, =0x802822f
   
10. bx r0

复制代码

2. 自定义攻击回合数上下限:
于0x281f2写入:

1. [1字节上限] 25 28 40 [1字节下限] 28 F9 DB 20 70 00 00 00 00 00 00 00 00 00 00

复制代码

注意勿使上限十进制值超过99,以及遵循下限小于上限的默认条件.

预览：(后面有些卡并非游戏问题)


二、跳过性别选择：
于0x12fdbc写入

1. a1 00 13 08

复制代码

三、菜单扩容：
【本来差不多完成了，但源码却由于某些偶然原因暂时无法重新入手，等何时找回补上
终于得到了源码，但因为年代久远有些忘了。。所以这个可能有疏漏
首先这是我的源码以及前期工作：
hook1.asm
Code:

1. .thumb
   
2. .align 2
   
3. @insert at 0806f39c
   
4. bx r0
   
5. lsl r0, r0, #0

复制代码

hook2.asm
Code:

1. @insert at 0806edf4
   
2. .thumb
   
3. .align 2
   
4. ldr r2, =main2.asm的地址+1
   
5. bx r2

复制代码

main1.asm
Code:

1. .thumb
   
2. .align 2
   
3. ldr r0, =0x0806F4E9
   
4. cmp r1, r0
   
5. beq return
   
6. ldr r0, =下面老外程序的地址+1
   
7. cmp r1, r0
   
8. beq return
   
9. ldr r0, =0x0806f3a1
   
10. bx r0
    
11. 
    
12. return:
    
13. pop {r0}
    
14. bx r0

复制代码

main2.asm
Code:

1. .thumb
   
2. .align 2
   
3. ldr r2, =0x0806ed95
   
4. bl linker
   
5. mov r0, #9
   
6. ldr r2, =0x0806ed95
   
7. bl linker
   
8. pop {r0}
   
9. bx r0
   
10. 
    
11. 
    
12. linker:
    
13. bx r2

复制代码

另这里有个从老外那里搞来的运行菜单脚本源码、我就不修改了，直接放出，原理当然也是极为简单的。。

1. .thumb
   
2. 
   
3. Main:
   
4.         push {r0,lr}
   
5.         bl CERRAR_MENU
   
6.         bl RUTINASONICARVALHO
   
7.         pop {r0,pc}
   
8. 
   
9. CERRAR_MENU:
   
10.         ldr r0, RUTINA_EXIT
    
11.         bx r0
    
12. 
    
13. RUTINASONICARVALHO:
    
14.         push {lr}
    
15.         ldr r0, SCRIPT_ADRESS
    
16.         bl SCRIPT_ROUTINE
    
17.         pop {pc}
    
18. 
    
19. SCRIPT_ROUTINE:
    
20.         ldr r1, SCRIPT_EXECUTER
    
21.         bx r1
    
22. 
    
23. .align 2
    
24. 
    
25. RUTINA_EXIT:
    
26.         .word 0x0806f541
    
27. SCRIPT_ADRESS:
    
28.         .word 0x08XXXXXX @此处改成脚本地址，并删掉我这个注释
    
29. SCRIPT_EXECUTER:
    
30.         .word 0x08069ae5

复制代码

需要做的：
1. 重定向位于0x3a7344的表格，格式为[名称文本指针][该选项程序指针]........
2. 重定向位于0x3a7390的表格，格式为[介绍文本指针]...........
3. 将0806F3C0的指针改去指向main1.asm（thumb模式+1）
4. 根据源码中的位置提示在指定位置修改，并写入这些源码
5. 在2个表格中新增对应内容【废话

然后应该就行了，但可能也有些错误。。当然嫌介绍碍眼直接阉掉估计也并无不可，等有空弄吧。。

四、绿宝石对战前动画：

1. 修改以下字节

1. 0x147C6A - 00 00 00 00
   
2. 0xB13FD - 78
   
3. 0x5C8F90 - CD 6A 0F 73 51 7B 93 7F D5 7F FF 7F
   
4. 0x5C8F70 - CD 6A 0F 73 51 7B 93 7F D5 7F FF 7F
   
5. 0x5C8F50 - CD 6A 0F 73 51 7B 93 7F D5 7F FF 7F

复制代码

2. 找空位写入下面的源码并作相应的字节变换：
写入00 48 00 47 AA AA AA 08于 0xB0F44, AA AA AA 08是下面源码指针(thumb模式+1)

1. .thumb
   
2. .align 2
   
3. ldrb r2, [r4, #7]
   
4. cmp r2, #0
   
5. beq normal
   
6. ldr r0, =0x80B0F5D
   
7. bx r0
   
8. 
   
9. normal:
   
10. ldrh r2, [r4]
    
11. lsl r0, r2, #2
    
12. add r0, r0, r2
    
13. lsl r0, r0, #3
    
14. add r0, r0, r1
    
15. ldr r1, =0x80B0F4F
    
16. bx r1

复制代码

写入00 48 00 47 BB BB BB 08于 0xB5E78, BB BB BB 08是下面源码指针(thumb模式+1)

1. .thumb
   
2. .align 2
   
3. cmp r4, #0x47
   
4. beq normal
   
5. cmp r4, #0x48
   
6. beq normal
   
7. ldr r0, =0x2038BCA
   
8. ldrh r0, [r0]
   
9. lsl r5, r0, #2
   
10. add r5, r0, r5
    
11. lsl r0, r5, #3
    
12. ldr r5, =0x806E4C4
    
13. ldr r5, [r5]
    
14. add r0, r0, r5
    
15. ldrb r4, [r0, #3]
    
16. 
    
17. normal:
    
18. add r5, r1, #0
    
19. add r6, r2, #0
    
20. mov r9, r3
    
21. ldr r7, [sp, #0x34]
    
22. ldr r0, =0x80B5E81
    
23. bx r0

复制代码

写入01 49 08 47 00 00 CC CC CC 08于 0x147C42, CC CC CC 08是下面源码指针(thumb模式+1)
并将源码中0x8FFFFFF改为你的新色板表格
表格结构为[指针1][指针2][指针3]................
每个指针都应指向32字节的未压缩色板数据。

1. .thumb
   
2. main:
   
3. ldr r1, ramoffset
   
4. ldrh r1, [r1, #0x0]
   
5. lsl r0, r1, #0x2
   
6. add r0, r0, r1
   
7. lsl r1, r0, #0x3
   
8. ldr r0, trainertable
   
9. ldr r0, [r0, #0x0]
   
10. add r1, r0, r1
    
11. ldrb r1, [r1, #0x1]
    
12. cmp r1, #0x1f
    
13. beq oldway
    
14. cmp r1, #0x26
    
15. beq oldway
    
16. ldr r1, ramoffset
    
17. ldrb r1, [r1, #0x7]
    
18. sub r1, #0x1
    
19. lsl r1, r1, #0x2
    
20. ldr r0, table2
    
21. add r1, r1, r0
    
22. ldr r0, [r1, #0x0]
    
23. b back
    
24. oldway: ldr r1, table
    
25. mov r2, r8
    
26. mov r3, #0x26
    
27. ldrh r0, [r2, r3]
    
28. lsl r0, r0, #0x2
    
29. add r0, r0, r1
    
30. ldr r0, [r0, #0x0]
    
31. back: ldr r1, return
    
32. bx r1
    
33. 
    
34. .align 2
    
35. ramoffset: .word 0x02038BCA
    
36. trainertable: .word 0x0806E4C4
    
37. table:  .word 0x085C8FDC
    
38. table2:  .word 0x08FFFFFF
    
39. return:  .word 0x08147C51

复制代码

如何在脚本中触发：

1. trainerbattle 0(战斗类型，可更改) 0x50(对战的训练师ID) 0x0100 @pointertomsg1(文本指针1) @pointertomsg2(文本指针2)

复制代码

其中0x0100代表你的位于0x8FFFFFF的表格中的1号色板，0x0200为2号，0x0300为3号..................0xFF00为255号(0则代表不触发此动画)，表格中最多堆放255个色板指针

一些游戏中使用的色板数据，可以用APE来修改他们以达到你的要求：（在不更改图片和raw的情况下，颜色要对应上，所以必须对应修改）

1. D5 18 CE 39 52 4A D6 5A 5A 6B 17 5C 59 64 9B 6C DD 74 1F 7D CD 6A 0F 73 51 7B 93 7F D5 7F FF 7F

复制代码

1. D5 18 CE 39 52 4A D6 5A 5A 6B 41 07 A4 13 C6 1B E9 27 EF 3F FC 45 3E 4E 7F 56 BF 5E FF 66 FC 45

复制代码

若使用请注上Jambo51和jirachiwish的名字。

五、 火红自定义givepokemon：

1. .thumb
   
2. /*脚本中使用方法：
   
3. lock
   
4. faceplayer
   
5. setvar 0x8000 0x19A //种族编号
   
6. setvar 0x8001 0x28 //等级
   
7. setvar 0x8002 0x8F //携带道具
   
8. setvar 0x8007 0x1F //6个个体值
   
9. setvar 0x8008 0x1F
   
10. setvar 0x8009 0x1F
    
11. setvar 0x800A 0x1F
    
12. setvar 0x800B 0x1F
    
13. setvar 0x800D 0x1F
    
14. setvar 0x800F 0x1 //闪光=1 不闪光=0
    
15. setvar 0x8014 0x1 //怪兽球编号
    
16. callasm 0x8LLLLLL //LLLLLL改为本源码地址+1，相当于加强版givepokemon
    
17. release
    
18. end*/
    
19. 
    
20. main_func:
    
21. push {r4-r7, lr}
    
22. sub sp, sp, #0x20
    
23. mov r0, #0x64
    
24. ldr r1, .malloc
    
25. bl jump_r1
    
26. mov r8, r0
    
27. ldr r1, .clear
    
28. bl jump_r1
    
29. mov r0, r8
    
30. ldr r1, .clear2
    
31. bl jump_r1
    
32. ldr r1, .random
    
33. bl jump_r1
    
34. mov r4, r0
    
35. ldr r0, .saveblockptr
    
36. ldr r2, [r0]
    
37. add r2, #0xA @OTID_loc
    
38. add r6, r2, #0
    
39. ldrh r1, [r2]
    
40. ldrh r5, [r2, #2]
    
41. eor r5, r1 @TID xor SID
    
42. ldr r3, .var
    
43. ldrh r3, [r3, #0x1A]
    
44. ldr r1, .random
    
45. bl jump_r1
    
46. bl shinycheck
    
47. /*r0 = PID1, r4 = PID2*/
    
48. lsl r0, r0, #0x10
    
49. ldr r2, .var
    
50. add r2, #0x20
    
51. strh r4, [r2]
    
52. orr r0, r4 @PID
    
53. mov r1, #0
    
54. ldr r2, .var
    
55. add r2, #0x1C
    
56. str r0, [r2]
    
57. mov r0, r8
    
58. ldr r3, .setter1
    
59. bl jump_r3
    
60. mov r0, r8
    
61. ldr r3, .setter1
    
62. mov r1, #1
    
63. add r2, r6, #0
    
64. bl jump_r3
    
65. mov r0, r8
    
66. ldr r1, .checksum
    
67. bl jump_r1
    
68. ldr r2, .var
    
69. add r2, #0x1C
    
70. strh r0, [r2]
    
71. mov r0, r8
    
72. mov r1, #9
    
73. ldr r3, .setter1
    
74. bl jump_r3
    
75. mov r0, r8
    
76. ldr r1, .encrypt
    
77. bl jump_r1
    
78. mov r0, sp
    
79. ldr r1, .var
    
80. ldrh r1, [r1]
    
81. ldr r3, .loadname
    
82. bl jump_r3
    
83. mov r0, r8
    
84. mov r1, #2
    
85. mov r2, sp
    
86. ldr r3, .setter1
    
87. bl jump_r3
    
88. ldr r2, .language
    
89. mov r0, r8
    
90. mov r1, #3
    
91. ldr r3, .setter1
    
92. bl jump_r3
    
93. mov r0, r8
    
94. ldr r5, .saveblockptr
    
95. ldr r2, [r5]
    
96. mov r1, #7
    
97. ldr r3, .setter1
    
98. bl jump_r3
    
99. mov r0, r8
    
100. mov r1, #0xb
     
101. ldr r2, .var
     
102. ldr r3, .setter1
     
103. bl jump_r3
     
104. ldr r4, .stat
     
105. ldr r2, .var
     
106. ldrh r1, [r2]
     
107. lsl r0, r1, #3
     
108. sub r0, r0, r1
     
109. lsl r0, r0, #2
     
110. add r0, r0, r4
     
111. ldrb r1, [r0, #0x13]
     
112. mov r0, #0xCA
     
113. lsl r0, r0, #1
     
114. add r2, r1, #0
     
115. mul r2, r0
     
116. ldr r0, .var
     
117. ldrb r0, [r0, #2]
     
118. lsl r0, r0, #2
     
119. ldr r1, .exp
     
120. add r0, r0, r1
     
121. add r2, r2, r0
     
122. mov r0, r8
     
123. mov r1, #0x19
     
124. ldr r3, .setter1
     
125. bl jump_r3
     
126. ldr r1, .var
     
127. ldrh r0, [r1]
     
128. lsl r2, r0, #3
     
129. sub r2, r2, r0
     
130. lsl r2, r2, #2
     
131. add r4, #0x12
     
132. add r2, r2, r4
     
133. mov r0, r8
     
134. mov r1, #0x20
     
135. ldr r3, .setter1
     
136. bl jump_r3
     
137. ldr r1, .catchlocation
     
138. bl jump_r1
     
139. lsl r0, r0, #0x18
     
140. lsr r0, r0, #0x18
     
141. mov r1, #0x23
     
142. ldr r2, .var
     
143. add r2, #0x1C
     
144. str r0, [r2]
     
145. mov r0, r8
     
146. ldr r3, .setter1
     
147. bl jump_r3
     
148. mov r0, r8
     
149. mov r1, #0x24
     
150. ldr r2, .var
     
151. add r2, r2, #2
     
152. ldr r3, .setter1
     
153. bl jump_r3
     
154. mov r0, r8
     
155. ldr r2, .version
     
156. mov r1, #0x25
     
157. ldr r3, .setter1
     
158. bl jump_r3
     
159. ldr r2, .var
     
160. add r2, #0x26
     
161. mov r1, #0x26
     
162. mov r0, r8
     
163. ldr r3, .setter1
     
164. bl jump_r3
     
165. ldr r2, [r5]
     
166. add r2, #8
     
167. mov r0, r8
     
168. mov r1, #0x31
     
169. ldr r3, .setter1
     
170. bl jump_r3
     
171. bl iv_encrypt
     
172. ldr r2, .stat
     
173. ldr r3, .var
     
174. ldrh r1, [r3]
     
175. lsl r0, r1, #3
     
176. sub r0, r0, r1
     
177. lsl r0, r0, #2
     
178. add r0, r0, r2
     
179. ldrb r0, [r0, #0x17]
     
180. cmp r0, #0
     
181. beq end
     
182. ldr r2, .var
     
183. add r2, #0x1C
     
184. ldrh r0, [r2, #4]
     
185. mov r1, #1
     
186. and r0, r1
     
187. str r0, [r2]
     
188. mov r0, r8
     
189. mov r1, #0x2E
     
190. ldr r3, .setter1
     
191. bl jump_r3
     
192. 
     
193. end:
     
194. mov r0, r8
     
195. ldr r1, .sub_803E9E0
     
196. bl jump_r1
     
197. mov r0, r8
     
198. mov r1, #0x38
     
199. ldr r2, .var
     
200. add r2, r2, #2
     
201. ldr r3, .setter2
     
202. bl jump_r3
     
203. mov r0, r8
     
204. mov r1, #0x40
     
205. ldr r2, .var
     
206. add r2, #0x1C
     
207. mov r3, #0xFF
     
208. str r3, [r2]
     
209. ldr r3, .setter2
     
210. bl jump_r3
     
211. mov r0, r8
     
212. ldr r1, .recalculation
     
213. bl jump_r1
     
214. mov r0, r8
     
215. mov r1, #0xC
     
216. ldr r2, .var
     
217. add r2, #4
     
218. ldr r3, .setter2
     
219. bl jump_r3
     
220. mov r0, r8
     
221. ldr r1, .catch
     
222. bl jump_r1
     
223. lsl r0, r0, #0x18
     
224. lsr r4, r0, #0x18
     
225. ldr r0, .var
     
226. ldrh r0, [r0]
     
227. ldr r1, .convert
     
228. bl jump_r1
     
229. lsl r0, r0, #0x10
     
230. lsr r5, r0, #0x10
     
231. cmp r4, #1
     
232. bgt back
     
233. cmp r4, #0
     
234. blt back
     
235. add r0, r5, #0
     
236. mov r1, #2
     
237. ldr r3, .dexcheck
     
238. bl jump_r3
     
239. add r0, r5, #0
     
240. mov r1, #3
     
241. ldr r3, .dexcheck
     
242. bl jump_r3
     
243. 
     
244. back:
     
245. mov r0, r8
     
246. ldr r1, .free
     
247. bl jump_r1
     
248. add r0, r4, #0
     
249. ldr r4, .var
     
250. strh r0, [r4, #0x18]
     
251. add sp, sp, #0x20
     
252. mov r0, #0
     
253. pop {r4-r7, pc}
     
254. 
     
255. shinycheck:
     
256. push {lr}
     
257. cmp r3, #0
     
258. beq jump_pc
     
259. ldr r1, .random
     
260. bl jump_r1
     
261. mov r1, #7
     
262. and r0, r1
     
263. eor r0, r5
     
264. eor r0, r4
     
265. 
     
266. jump_pc:
     
267. pop {pc}
     
268. 
     
269. iv_encrypt:
     
270. push {lr}
     
271. mov r7, #0
     
272. loop_iv:
     
273. ldr r2, .var
     
274. add r2, #0xE
     
275. mov r0, r8
     
276. ldr r3, .setter1
     
277. add r1, r7, #0
     
278. add r1, #0x27
     
279. lsl r6, r7, #1
     
280. add r2, r2, r6
     
281. bl jump_r3
     
282. add r7, r7, #1
     
283. cmp r7, #6
     
284. bne loop_iv
     
285. pop {pc}
     
286. 
     
287. jump_r1:
     
288. bx r1
     
289. 
     
290. jump_r3:
     
291. bx r3
     
292. 
     
293. .align 2
     
294. .malloc: .word 0x08002BB1
     
295. .clear: .word 0x0803D995
     
296. .clear2: .word 0x0803D97D
     
297. .random: .word 0x8044EC9
     
298. .setter1: .word 0x080404D1
     
299. .saveblockptr: .word 0x300500C
     
300. .var: .word 0x020370B8
     
301. .checksum: .word 0x0803E3E9
     
302. .encrypt: .word 0x0803F8F9
     
303. .loadname: .word 0x08040FD1
     
304. .language: .word 0x081E9F11
     
305. .stat: .word 0x08254784
     
306. .exp: .word 0x08253AE4
     
307. .catchlocation: .word 0x08056261
     
308. .version: .word 0x081E9F10
     
309. .sub_803E9E0: .word 0x0803E9E1
     
310. .setter2: .word 0x0804037D
     
311. .recalculation: .word 0x0803E47D
     
312. .catch: .word 0x08040B15
     
313. .convert: .word 0x08043299
     
314. .dexcheck: .word 0x08088E75
     
315. .free: .word 0x08002BC5

复制代码

六、翻动式多选框自定义：
实例：

1. .thumb
   
2. .align 2
   
3. initialize_func:
   
4. push {r4, r5, lr}
   
5. ldr r0, =0x809D6D5
   
6. ldr r1, =0x81119D5
   
7. bl call_via_r1
   
8. lsl r0, r0, #0x18
   
9. lsr r0, r0, #0x18
   
10. cmp r0, #1
    
11. beq back
    
12. mov r0, pc
    
13. add r0, #0x43
    
14. mov r1, #8
    
15. ldr r2, =0x0807741D
    
16. bl call_via_r2
    
17. lsl r0, r0, #0x18
    
18. lsr r5, r0, #0x18
    
19. lsl r0, r5, #2
    
20. add r0, r0, r5
    
21. lsl r0, r0, #3
    
22. ldr r1, =0x03005090
    
23. add r3, r0, r1
    
24. mov r2, #0
    
25. ldr r1, =0x020370B8
    
26. ldrh r0, [r1]
    
27. strh r0, [r3, #8] @row_quantity
    
28. ldrh r0, [r1, #2]
    
29. strh r0, [r3, #0xA] @option_quantity
    
30. ldrh r0, [r1, #0x12]
    
31. strh r0, [r3, #0x12] @bottom_red_arrow_Y_coordinate
    
32. ldrh r0, [r1, #4]
    
33. strh r0, [r3, #0xC] @X_coordinate
    
34. ldrh r0, [r1, #6]
    
35. strh r0, [r3, #0xE] @Y_coordinate
    
36. mov r0, #8
    
37. strh r0, [r3, #0x10]
    
38. mov r0, #0
    
39. strh r0, [r3, #0x14]
    
40. strh r5, [r3, #0x26]
    
41. ldrh r0, [r1, #8]
    
42. strh r0, [r3, #0x16]
    
43. ldrh r0, [r1, #0xA]
    
44. strh r0, [r3, #0x18]
    
45. back:
    
46. pop {r4, r5, pc}
    
47. main_func:
    
48. push {r4-r7, lr}
    
49. mov r7, r10
    
50. mov r6, r9
    
51. mov r5, r8
    
52. push {r5-r7}
    
53. sub sp, sp, #0x20
    
54. lsl r0, r0, #0x18
    
55. lsr r7, r0, #0x18
    
56. lsl r0, r7, #2
    
57. add r0, r0, r7
    
58. lsl r0, r0, #3
    
59. ldr r1, =0x03005090
    
60. add r5, r0, r1
    
61. ldr r1, =0x03000F28
    
62. mov r0, #1
    
63. strb r0, [r1]
    
64. ldr r0, =0x2039A18
    
65. ldr r1, =0x2039A0E
    
66. ldrh r1, [r1]
    
67. strh r1, [r0]
    
68. ldr r4, =0x2039A14
    
69. mov r1, #0xA
    
70. ldrsh r0, [r5, r1]
    
71. lsl r0, r0, #3
    
72. ldr r1, =0x8002BB1
    
73. bl call_via_r1
    
74. str r0, [r4]
    
75. ldr r2, =0x80CBA7D
    
76. bl call_via_r2
    
77. mov r6, #0
    
78. mov r4, #0
    
79. mov r2, #0xA
    
80. ldrsh r0, [r5, r2]
    
81. lsl r3, r7, #2
    
82. mov r10, r3
    
83. add r1, sp, #0x18
    
84. mov r9, r1
    
85. cmp r6, r0
    
86. bge .L_0
    
87. ldr r2, table
    
88. ldr r1, =0x020370B8
    
89. ldrh r1, [r1, #0xC]
    
90. lsl r1, r1, #0x2
    
91. add r2, r2, r1
    
92. ldr r2, [r2]
    
93. mov r8, r2
    
94. .L_1:
    
95. ldr r0, =0x2039A14
    
96. ldr r0, [r0]
    
97. lsl r3, r4, #3
    
98. add r3, r3, r0
    
99. lsl r2, r4, #2
    
100. add r2, r8
     
101. ldr r1, [r2]
     
102. str r1, [r3]
     
103. str r4, [r3, #4]
     
104. mov r0, #2
     
105. mov r2, #0
     
106. push {r4}
     
107. ldr r4, =0x8005ED5
     
108. bl call_via_r4
     
109. pop {r4}
     
110. cmp r0, r6
     
111. ble .L_2
     
112. add r6, r0, #0
     
113. .L_2:
     
114. add r0, r4, #1
     
115. lsl r0, r0, #0x18
     
116. lsr r4, r0, #0x18
     
117. mov r3, #0xA
     
118. ldrsh r0, [r5, r3]
     
119. cmp r4, r0
     
120. blt .L_1
     
121. .L_0:
     
122. mov r0, r6
     
123. add r0, #9
     
124. cmp r0, #0
     
125. bge .L_3
     
126. add r0, #7
     
127. .L_3:
     
128. asr r0, r0, #3
     
129. add r2, r0, #1
     
130. strh r2, [r5, #0x10]
     
131. mov r1, #0xC
     
132. ldrsh r0, [r5, r1]
     
133. mov r3, #0x10
     
134. ldrsh r1, [r5, r3]
     
135. add r0, r0, r1
     
136. cmp r0, #0x1D
     
137. ble .L_4
     
138. mov r0, #0x1D
     
139. sub r0, r0, r2
     
140. strh r0, [r5, #0xC]
     
141. .L_4:
     
142. ldrb r2, [r5, #0xC]
     
143. ldrb r3, [r5, #0xE]
     
144. ldr r1, =0x020370B8
     
145. ldrh r0, [r1, #0xE]
     
146. str r0, [sp] @width
     
147. ldrh r0, [r1, #0x10]
     
148. str r0, [sp, #4] @height
     
149. mov r0, #0xF
     
150. str r0, [sp, #8] @palette?
     
151. mov r0, #0x38
     
152. str r0, [sp, #0xC]
     
153. add r0, sp, #0x10
     
154. mov r1, #0
     
155. ldr r4, =0x0810FE51
     
156. bl call_via_r4
     
157. ldr r0, [sp, #0x10]
     
158. ldr r1, [sp, #0x14]
     
159. str r0, [sp, #0x18]
     
160. str r1, [sp, #0x1C]
     
161. mov r0, r9
     
162. ldr r4, =0x08003CE5
     
163. bl call_via_r4
     
164. lsl r0, r0, #0x18
     
165. lsr r0, r0, #0x18
     
166. strh r0, [r5, #0x22]
     
167. mov r1, #0
     
168. ldr r4, =0x80F7751
     
169. bl call_via_r4
     
170. ldr r4, =0x3005360
     
171. ldrh r0, [r5, #0xA]
     
172. strh r0, [r4, #0xC]
     
173. ldrh r0, [r5, #8]
     
174. strh r0, [r5, #0xE]
     
175. ldrh r0, [r5, #0x22]
     
176. strb r0, [r4, #0x10]
     
177. mov r0, r7
     
178. ldr r1, =0x80CBCC1
     
179. bl call_via_r1
     
180. ldrh r1, [r5, #0x16]
     
181. ldrh r2, [r5, #0x18]
     
182. mov r0, r4
     
183. ldr r3, =0x8106FF9
     
184. bl call_via_r3
     
185. lsl r0, r0, #0x18
     
186. lsr r0, r0, #0x18
     
187. strh r0, [r5, #0x24]
     
188. ldrh r0, [r5, #0x22]
     
189. lsl r0, r0, #0x18
     
190. lsr r0, r0, #0x18
     
191. ldr r1, =0x8003FA1
     
192. bl call_via_r1
     
193. ldrh r0, [r5, #0x22]
     
194. lsl r0, r0, #0x18
     
195. lsr r0, r0, #0x18
     
196. mov r1, #3
     
197. ldr r3, =0x8003F21
     
198. bl call_via_r3
     
199. ldr r1, =0x03005090
     
200. mov r2, r10
     
201. add r0, r2, r7
     
202. lsl r0, r0, #3
     
203. add r0, r0, r1
     
204. ldr r1, =0x80CBB29
     
205. str r1, [r0]
     
206. add sp, sp, #0x20
     
207. pop {r3-r5}
     
208. mov r8, r3
     
209. mov r9, r4
     
210. mov r10, r5
     
211. pop {r4-r7, pc}
     
212. call_via_r1:
     
213. bx r1
     
214. call_via_r2:
     
215. bx r2
     
216. call_via_r3:
     
217. bx r3
     
218. call_via_r4:
     
219. bx r4
     
220. .align 2
     
221. table: .word 0x8表格地址

复制代码

需自建表格，表格1的地址填入源码，由指针构成，每个指针都指向一个表格（表格2），表格2亦由指针构成，每个指针都指向文本(0xff结尾)。
范例脚本：

1. #org @specialhack
   
2. lock
   
3. setvar 0x8000 0x1 //行数量
   
4. setvar 0x8001 0x7 //选项数量
   
5. setvar 0x8002 0xA //X坐标
   
6. setvar 0x8003 0x5 //Y坐标
   
7. setvar 0x8004 0x0 //起始选项编号
   
8. setvar 0x8005 0x0 //初始框中的光标位置
   
9. setvar 0x8006 0x0 //框编号(对应于表格)
   
10. setvar 0x8007 0x8 //宽度
    
11. setvar 0x8008 0x2 //高度
    
12. setvar 0x8009 0xA //下面红色箭头的Y坐标
    
13. callasm 0x8[本程序地址 + 1]
    
14. waitstate
    
15. release
    
16. end

复制代码

殇月

赞顶虽然最后的看不太懂。

WCY

这是什么东西？我根本看不懂啊。

判仔团

我也来加一个
火红跳过对手名字选择

1. 130690处改成d1 07 13 08

复制代码

zkhnet

忙碌的德国君

淡年华

赞，感谢楼主分享