Button and if codes in ASM [Enable/Dissable]

Started by Deathwolf, July 21, 2010, 07:27:14 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions

Deathwolf

#30
July 22, 2010, 08:42:44 PM Last Edit: July 22, 2010, 10:46:30 PM by Deathwolf
....

I've done one for Infinitiy Health with button activator.
button activator: 282F6DDA 0000YYYY

Infinity Health [Deathwolf]
C203CAE8 00000005
3D80802F 618C6DDA
A18C0000 718C2000
4182000C 3D800000
618C0BB8 919C01AC
80DC01AC 00000000

code:

lis r12,0x802F
ori r12,r12,0x6DDA
lhz r12,0(r12)   
andi. r12,0x2000
beq- 0x0C
lis r12,0x0000
ori r12,r12,0x0BB8
stw r12,428(r28)
lwz r6,428(r28)


does it looks right?
lolz

Deathwolf

#31
July 22, 2010, 09:40:31 PM
dcx2 I've tried your code and it freez....
lolz

dcx2

#32
July 22, 2010, 10:42:05 PM
No, your code doesn't look right.

1) andi. has three operands.  It should be "andi. r12,r12,0x2000".  You pointed this error out before.
2) lis r12, 0 is redundant.  li r12, 0xBB8 will clear the upper 16 bits to 0 for you.
3) More importantly, the branch distance was changed because you added another instruction after the branch.  The beq- must point to the final instruction (the one which is replaced by the hook).  Right now, with 0xC, it points to the stw.
4) You used 428(r28) in your previous code.  Is this code supposed to write to the same place?
5) You should learn how to step through your ASM codes so you can spot these kinds of problems.

Deathwolf

#33
July 22, 2010, 10:45:28 PM
Quote from: dcx2 on July 22, 2010, 07:25:42 PM
Doh!  Forgot the source register.

lis r12,0x8040
ori r12,r12,0xA5E0
lhz r12,0(r12)   
andi. r12,r12,0x2000
beq- 0x0C
lis r12,0x4100
stw r12,428(r28)
lwz r6,428(r28)

I mean this.
it freez
lolz

Deathwolf

#34
July 22, 2010, 10:48:32 PM Last Edit: July 22, 2010, 10:52:35 PM by Deathwolf
Quote from: dcx2 on July 22, 2010, 10:42:05 PM
No, your code doesn't look right.

1) andi. has three operands.  It should be "andi. r12,r12,0x2000".  You pointed this error out before.
2) lis r12, 0 is redundant.  li r12, 0xBB8 will clear the upper 16 bits to 0 for you.
3) More importantly, the branch distance was changed because you added another instruction after the branch.  The beq- must point to the final instruction (the one which is replaced by the hook).  Right now, with 0xC, it points to the stw.
4) You used 428(r28) in your previous code.  Is this code supposed to write to the same place?
5) You should learn how to step through your ASM codes so you can spot these kinds of problems.

Don't understand anything more...

btw you are soo good in ASM.
another problem. not fucking register will works.

breakpoint read:
800E5B10:  80040000   lwz   r0,0(r4)

lis rXX,0x40A0
stw rXX,0(r4)
lwz   r0,0(r4)

I've tried r12,13 and 14....
none of them will works
lolz

dcx2

#35
July 22, 2010, 10:53:04 PM
Without the game, I can't tell you why it froze, especially if you don't give me any details like what the registers and disassembly you're trying to hook, and what the registers/disassembly say when it freezes.

If you want my help, you have to put forth some effort.  If you don't start giving me enough details I will stop helping you.

dcx2

#36
July 22, 2010, 10:58:56 PM
Quote from: Deathwolf on July 22, 2010, 10:48:32 PM
lis rXX,0x40A0
stw rXX,0(r4)
lwz   r0,0(r4)

r0 is safe in this case (the original instruction, lwz r0,0(r4), writes to r0 without reading it).

lis r0,0x40A0
stw r0,0(r4)

Note that we don't need the original instruction anymore, because r0 already has the value we want in it, which was the purpose of the lwz r0.

However...0x40A00000 looks like a float.  Why are you lwz'ing a float?  The game should lfs floats.

Details, details, details!!!  What are you trying to do?  What's the complete disassembly?  etc.

Deathwolf

#37
July 22, 2010, 11:03:22 PM Last Edit: July 22, 2010, 11:10:27 PM by Deathwolf
omfg what's going on?

first you say  li lis ori stw blr lwz lhz and....
suddenly without lwz and only r0.
I tought u should NEVER save it to r0.

yes it's a breaked moonjump codes.
FLOATING VALUE u can see. that's right
lolz

Deathwolf

#38
July 22, 2010, 11:12:40 PM
ok...

address of moonjump: 90F0BC00

breakpoint read:

Code Select
CR  : 84000048  XER : 00000000  CTR : 800E5B10  DSIS: 00400000
DAR : 90F0BC04  SRR0: 800E5B10  SRR1: 0000A032  LR  : 800E5620
r0  : 00000028  r1  : 80768900  r2  : 8075A6E0  r3  : 00000081
r4  : 90F0BC04  r5  : 90F0BDFC  r6  : 000000FF  r7  : 800E5B10
r8  : 0000005B  r9  : 8082F4A8  r10 : 8082F358  r11 : 80768980
r12 : 8008405C  r13 : 80752260  r14 : 0000317A  r15 : 0000002A
r16 : 80560000  r17 : 00000000  r18 : FFFFFFFF  r19 : 80000000
r20 : 80560000  r21 : 80560000  r22 : 80530000  r23 : 80D87B00
r24 : 90F0C76C  r25 : 00000001  r26 : 90E859D4  r27 : 00000000
r28 : 00000001  r29 : 90F0BA00  r30 : 90F0BA00  r31 : 90F0C600

f0  : 00000000  f1  : 80000000  f2  : 3F400000  f3  : 3F800000
f4  : 441F2A0C  f5  : C1DC1E00  f6  : 4423A677  f7  : 00000000
f8  : 00000000  f9  : 00000000  f10 : 00000000  f11 : 00000000
f12 : 00000000  f13 : 80000000  f14 : 00000000  f15 : 00000000
f16 : 00000000  f17 : 00000000  f18 : 00000000  f19 : 00000000
f20 : 00000000  f21 : 00000000  f22 : 00000000  f23 : 00000000
f24 : 00000000  f25 : 00000000  f26 : 00000000  f27 : 3F800000
f28 : 59800004  f29 : 59800000  f30 : 3E000000  f31 : 00000000


Code Select
800E5B10:  80040000 lwz r0,0(r4)
800E5B14:  90180000 stw r0,0(r24)
800E5B18:  4BFFDD18 b 0x800e3830
800E5B1C:  7C600774 extsb r0,r3
800E5B20:  90180000 stw r0,0(r24)
800E5B24:  4BFFDD0C b 0x800e3830
800E5B28:  9061001C stw r3,28(r1)
800E5B2C:  C8010018 lfd f0,24(r1)
800E5B30:  EC00E828 fsubs f0,f0,f29
800E5B34:  EC0007B2 fmuls f0,f0,f30
800E5B38:  D0180000 stfs f0,0(r24)
800E5B3C:  4BFFDCF4 b 0x800e3830
800E5B40:  801A0000 lwz r0,0(r26)
800E5B44:  3B5A0004 addi r26,r26,4
800E5B48:  90180000 stw r0,0(r24)
800E5B4C:  4BFFDCE4 b 0x800e3830

lolz

dcx2

#39
July 22, 2010, 11:29:32 PM
Exact Breakpoint Fail.

Quoteaddress of moonjump: 90F0BC00
Quoter4  : 90F0BC04
Quote800E5B10:  80040000   lwz   r0,0(r4)

Do you see anything wrong here?

---

Quote from: Deathwolf on July 22, 2010, 11:03:22 PM
first you say  li lis ori stw blr lwz lhz and....
suddenly without lwz and only r0.
I tought u should NEVER save it to r0.

yes it's a breaked moonjump codes.
FLOATING VALUE u can see. that's right

1) li/lis/ori depend on whether you're doing 32- or 16-bit values.  Sometimes some of them are unnecessary if one half or the other is 0000.
2) I never said use blr.  Ever.  In fact, I said you should NEVER use a blr in a C2 code.
3) I said you can't use r0 with certain instructions as an address register.  You have to look up an ASM reference and see if it has "(rA|0)" to know whether you can use r0.
4) The value that you broke on is NOT A FLOAT.  Floats use lfs, stfs, fmuls, fsubs, fadds, etc.  Floats do not use lwz or stw!!!

Deathwolf

#40
July 23, 2010, 02:23:54 AM
oh no....

please give me just the code and I'll assembly it.

thanks alot but maybe I'm too stupid.
lolz

dcx2

#41
July 23, 2010, 03:09:23 AM
I gave you as much as I can.  You found the wrong breakpoint.  This happens a lot if you don't use Exact.

You said your breakpoint is on 90F0BC00, right?  But lwz r0,0(r4), and r4 is 90F0BC04.

BTW, if you would use Gecko.NET and you pressed "Show Mem" then you would see that your breakpoint isn't on the right address.

Deathwolf

#42
July 25, 2010, 09:17:39 PM Last Edit: July 25, 2010, 09:24:23 PM by Deathwolf
a example code:

Moonjump
C2056578 00000003
3DC04100 61CE0000
91DC01AC 80DC01AC
60000000 00000000

code:

lis r14,0x4100
ori r14,r14,0x0000
stw r14,428(r28)
lwz r6,428(r28)

Button address
2840A5E0 0000YYYY

C2056578 00000003
3DC04100 61CE0000
91DC01AC 80DC01AC
60000000 00000000

button address should be in ASM?

button ASM:
801C5EE8:  A0E50000   lhz   r7,0(r5)

code:
lis r12,0x8040
ori r12,r12,0xA5E0
lhz   r7,0(r5)
lolz
Print
Go Up Pages 1 2 3
User actions