Pointers, Callers and Branch To Link

[doomkaiber001]

Ok, pointers... I really don't understand these. In one of Benny3t3's posts dcx2 (I think) refered to pointers and callers. I would like an in depth description on it, as I didn't quite understand the link in dcx2's post. I'd also like some info on Branch to Link (Register). I'd like to know exactly what it is. Thanks.

[Link]

Pointers:

Sometimes data in the memory moves around. And admittedly, whenever you change the stage it has changed its position. A pointer is an address in memory which countains the address of another memory area.
So imagine the following fact:

The value you look for is located at 80E44800 when you are in stage 1 of a game.
In stage 2 it is located at 80E54800.

As you can see: the location has changed by 10000. A pointer would be a value in memory which points towards the area of that address. So let's assume your pointer would be located 80442644 .
When you are in stage 1 the value of this address is: 80E44000
In stage 2 the same value says: 80E54000

Now as you can see: the address of the pointer is identical, just its value increased by 10000. If you add 800 to the value of the pointer you have the address of the 2 values above.
So now you know: your value is at address [80442644]+800 . (those [xxx] mean: take the value at xxx)

In stage one that would mean:
[80442644] + 800 = 80E44000 + 800 = 80E44800 <-- correct address!

stage two:
[80442644] + 800 = 80E54000 + 800 = 80E54800 <-- again correct address!


There are multiple ways to find pointers, just in case of Wii hacking they are essential. Some people use WiiRd, some use pointer searching applications, others (like me) find them by reading game assembly. In general there is no ultimate solution, each way has its advantages and disadvantage (WiiRd and pointer apps for example are easy to learn, yet they will fail at complicated pointer trees - where you'd require a pointer which leads to another pointer which maybe even leads to a pointer in another memory area - Assembly will always work however, it hard to trace pointers within it, it's often easier to patch the assembly code then).



For branch to link register (blr command): please refer to benny3t3's post I replied to them there http://wiird.l0nk.org/forum/index.php/topic,7160.0.html

[dcx2]

Take Mario as an example.  Mario is a very complicated thing; he has a position, a velocity, previous positions, a state that may be affected by power-ups, and so on.  The amount of data that represents Mario may be quite large.  To make life easier, we bundle all that data up into an object.  This object cannot fit inside a register in the CPU, which is only 32 bits.

We deal with this by using pointers.  A pointer "points" at the beginning of an object in memory.  The various pieces of information inside the object are referred to with offsets from that pointer.

So let's say the Mario object currently lives at memory address 80E44000.  And let's say that Mario's HP is located at offset 0x800 from the start of the Mario object.  If you searched for Mario's HP using equals searches and getting hit and healing, you'd find the address 80E44000 + 0x800 = 80E44800.

However, the pointer is actually something else that has the address 80E44000 (the start of Mario in memory).  For instance, if you set a breakpoint on the Mario HP address, and you get hit, you might see something like stw r0, 2048(r3).  r0 would have the new HP value, 2048 is the offset 0x800 in decimal, and r3 would hold the value 80E44000.  In this case, r3 is the pointer to Mario.  We may say that here, [r3] + 0x800 is where Mario's HP is

The pointer may also be located at some other address.  For example, the address 91023444 may hold the value 80E44000.  In this case, 91023444 has the pointer instead of r3, so we say [91023444] + 0x800 = 80E44000 + 0x800 = 80E44800

This can become very cumbersome at times.  The Mario object may hold pointers to other sub-objects, like the Yoshi that Mario is riding.  So we may have a pointer to Mario, and some offset that holds a pointer to Yoshi, and some offset from that pointer that holds the state information like whether he's holding anything in his mouth and what it is...

There may be multiple levels of pointers.  Pointers to pointers to pointers to pointers...

[doomkaiber001]

Ok, my understanding of pointers is a bit clearer now. But I have one question; if you found     li r5, 90(r3) (or anything similar), is the pointer definately the contents of r3, and 90 is always the offset?

[megazig]

sort of. it might not have been a pointer in C/C++ code, but it is a pointer in the sense that r3 points to a memory address.

that to me looks like a class/struct instance and dereferencing of one of the members, where 0x90 is the offset to the member in the class/struct pointed to by r3

[wiiztec]

Ok, my understanding of pointers is a bit clearer now. But I have one question; if you found     li r5, 90(r3) (or anything similar), is the pointer definately the contents of r3, and 90 is always the offset?

The li instruction does not include the syntax of a register in parenthesis  assuming you meant lwz r5,90(r3) then no r3 does not always hold the correct pointer, the ASM instruction might read from multiple RAM addresses, you can find out by setting an execute breakpoint on the ASM instruction then settting a condition r3!=(contents of r3 at first break) and seeing if it still breaks when you set it again

[doomkaiber001]

Thanks. I understand now, I think. I did mean lwz, but I was in a rush. :)