Item cycler for Eldar Saga (RVPK99)

[Patedj]

So, can anyone help me out on making this nicer.

Item cycler code
[spoiler]0410C1B8 A8840000
203CB80A 00000010
C210C1B8 00000003
AA040000 3A200001
7E508A14 B2440000
A8840000 00000000
E0000000 80008000[/spoiler]

ASM
[spoiler]lha r16,0(r4)
li r17,1
add r18,r16,r17
sth r18,0(r4)
lha r4,0(r4)
[/spoiler]



Registers
[spoiler]  CR:40200042  XER:20000000  CTR:802D8848 DSIS:00400000
DAR:804FAFEA SRR0:8010C1B4 SRR1:0000B032   LR:800FB928
 r0:00000005   r1:8062AF40   r2:8061FA20   r3:804F9110
 r4:804FAFE8   r5:00000000   r6:804F9110   r7:804F9110
 r8:00000000   r9:00000001  r10:00000030  r11:8062AEF0
r12:802D8848  r13:8061D200  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:00000000
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:00000000  r25:803C0000  r26:00000001  r27:909CA300
r28:909BA300  r29:909BA300  r30:804FAFD8  r31:00000001

 f0:00000000   f1:C2EA0000   f2:42000000   f3:59800004
 f4:C30F0000   f5:00000000   f6:42AC0000   f7:43810000
 f8:410AAAAB   f9:41F00000  f10:59800004  f11:00000000
f12:00000000  f13:BF7FFFFF  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:00000000[/spoiler]

Function
[spoiler]8010C0F0:  3CC08050   lis   r6,-32688
8010C0F4:  38E00000   li   r7,0
8010C0F8:  38C69110   subi   r6,r6,28400
8010C0FC:  8806730D   lbz   r0,29453(r6)
8010C100:  2C000000   cmpwi   r0,0
8010C104:  41820008   beq-   0x8010c10c
8010C108:  7CC73378   mr   r7,r6
8010C10C:  2C050000   cmpwi   r5,0
8010C110:  4182002C   beq-   0x8010c13c
8010C114:  2C030001   cmpwi   r3,1
8010C118:  40820024   bne-   0x8010c13c
8010C11C:  3CC08050   lis   r6,-32688
8010C120:  38E00000   li   r7,0
8010C124:  38C69110   subi   r6,r6,28400
8010C128:  38A6730D   addi   r5,r6,29453
8010C12C:  88057310   lbz   r0,29456(r5)
8010C130:  2C000000   cmpwi   r0,0
8010C134:  41820008   beq-   0x8010c13c
8010C138:  38E67310   addi   r7,r6,29456
8010C13C:  2C030002   cmpwi   r3,2
8010C140:  41820044   beq-   0x8010c184
8010C144:  40800014   bge-   0x8010c158
8010C148:  2C030000   cmpwi   r3,0
8010C14C:  41820018   beq-   0x8010c164
8010C150:  40800024   bge-   0x8010c174
8010C154:  48000054   b   0x8010c1a8
8010C158:  2C030004   cmpwi   r3,4
8010C15C:  4080004C   bge-   0x8010c1a8
8010C160:  4800003C   b   0x8010c19c
8010C164:  1C04011C   mulli   r0,r4,284
8010C168:  7C670214   add   r3,r7,r0
8010C16C:  38831ED8   addi   r4,r3,7896
8010C170:  48000038   b   0x8010c1a8
8010C174:  1C04011C   mulli   r0,r4,284
8010C178:  7C670214   add   r3,r7,r0
8010C17C:  38836168   addi   r4,r3,24936
8010C180:  48000028   b   0x8010c1a8
8010C184:  1C04011C   mulli   r0,r4,284
8010C188:  3C608051   lis   r3,-32687
8010C18C:  38632EC0   addi   r3,r3,11968
8010C190:  7C630214   add   r3,r3,r0
8010C194:  38830008   addi   r4,r3,8
8010C198:  48000010   b   0x8010c1a8
8010C19C:  1C04011C   mulli   r0,r4,284
8010C1A0:  7C670214   add   r3,r7,r0
8010C1A4:  38834020   addi   r4,r3,16416
8010C1A8:  A8040004   lha   r0,4(r4)
8010C1AC:  2C000000   cmpwi   r0,0
8010C1B0:  41820010   beq-   0x8010c1c0
8010C1B4:  A0640002   lhz   r3,2(r4)
8010C1B8:  A8840000   lha   r4,0(r4)
8010C1BC:  4800000C   b   0x8010c1c8
8010C1C0:  38600000   li   r3,0
8010C1C4:  4E800020   blr   
[/spoiler]

This what I'd like to do, then I would make another one to subtract as well as this one with button condition -.
[spoiler]lha   r16,0(r4) ---> load the half word algebricly of r4 to r16
li r17, 0x0001 ----> load immediately  0001 ( because the value of the address is 000x000y where x is the
                          item and y is the class)
add r18, r16, r17 ----> add to r18 the sum of r17 and the item "name/value" which is the first 16 bytes of
                               r4
li r19, 0x0050 ----> load immediately r19 with 0050
ori r19, r19, 0x0002 ----> or immediately 00500002 for r19
cmpwi r18, r19 ----> so compare now the new item with 50 because that's the last item possible in the
                            game
beq -0x8 ----> will then branch to the lha r4,0(r4)  step instead of the sth r18, 0(r4)
sth r18, 0(r4) ---> store the next item into r4's first 16 bytes
lha   r4,0(r4) ---> the addresses original code. Load r4's first 16 bytes value
[/spoiler]
But it'll stop the game eventually (usually at 11... why?)


so I've got to
1. get a pause option so that'll only move it from one if press the the button ( 1 hold = only 1 addition to r4)
2. stop it from freezing when I roam for the items...

[Patedj]

Problem 2
Item cycler viewer
I was trying to make a assembly to see where exactly the items would be.

for example if item 1 = 000a then my money would display 1 too

here's the code but it freezes the game

money address is 80500368

[spoiler]
lha r16,0(r4)
li r17,1
add r18,r16,r17
sth r18,0(r4)
sth r19,5380(r4) ----> = money address and half word of r4 = item
lha r19,5380(r4)
lha r4,0(r4)
[/spoiler]

[dcx2]

1) Why are you using r16,r17,r18,r19?  Those are volatile registers.  I don't see you using any stack frame (stwu/stmw/[ASM]/lmw/addi).  This could be why your code is crashing.  Do not EVER use volatile registers without a stack frame

2) You don't need to li r17,1 and then use add.  Just use addi.

3) lha = load halfword algebraic; this means that the half-word will be sign-extended to fill the upper 16 bits of rD.  This is how you would load a value that could potentially be interpreted as negative, so that the 16-bit negative value still looks the same as the 32-bit negative value.  If you know the value can't be negative, then use lhz instead, which zeroes the upper 16-bits out.  If you're not sure what any of that means, use lhz.

EDIT: since the original game code is using lha, we should probably stick with lha in this instance.  Although I wouldn't imagine that an item value could be negative...except maybe as a flag (item = -1 means no item)

4) When pasting disassembly, please bold the instruction that's at the current breakpoint.  Sure, we can look at SRR0 in the register dump...but it just makes life easier.  Thanks.

5) Your code at the end...you li r19,0x50, but I think you mean lis.  The s means that it's done on the upper 16 bits instead of the lower 16 bits of rD.

6) Four and eight bytes after the "typical" button activator are usually more button activators.  They momentarily contain the value 1 during the frame that a button has transitioned from down to up, or vice versa.  That will achieve your "pause after pressing the button once" effect.  Depending on the hook that Gecko OS started the game with, some games may occasionally run the code handler more than once per "frame" so sometimes you may get "two" presses instead of just one.  There are other tricks to get around this in some post around on the forum somewhere...

Try this

lha r12,0(r4)  # load item
cmpwi r12,0x50  # is it the last item?
beq- NO_ADDI  # if yes, skip the addi/sth
addi r12,r12,1  # increment the item
sth r12,0(r4)  # store the item

NO_ADDI:
lha r4,0(r4)  # original instruction

[Bully@Wiiplaza]

Hey dcx2,
even if you won´t help me again, I can still read your help for other members and learn something. ???

@Patedj:
For substracting an item, you should use this:

lha r12,0(r4)  # load item
cmpwi r12,0x0  # are we down to 0? (is the last item 0, or another value?)
beq- NO_SUBI  # if yes, skip the subi/sth
subi r12,r12,1  # decrement the item
sth r12,0(r4)  # store the item
NO_SUBI: # branch will take you here
lha r4,0(r4)  # original instruction

Code Select Expand


C210C1B8 00000004
A9840000 2C0C0000
4182000C 398CFFFF
B1840000 A8840000
60000000 00000000


[Patedj]

I should reread your teachings again. dcx2... Could you create an exam for me? Then I'll understand exactly where I stand. I can also grow faster!

I was using r16 to r19 because I was scared to use anything else. The address break was also at the end of the function and therefore, figured that the registers would have stopped changing ( volatile ). I initially used r12. Because r12 tends to be safe like I remember you explaining, and it crashed. Something else might have happened but I blamed it on r12. I then used crt, but couldn't get my head around using it properly.


The lha, lhz is explained well, thank you. I understand that this item cycler should zero out (0000) and shouldn't negative (FFFF) but the code function states that so the programmers said to do it ( weird ). I thought this address is safe to use. I simply reload the data like they did just in case. ha that's what you wrote too! excellent!

That's funny I just asked someone to do something similar for the function :)

That's great for the button activator. So my button address is A)803CB80A = xxxxyyyy
and the next address is B)803CB80E 0000yyyy
A) button activated
B)?? the amount that it's pushed?
y=my button pressed

I'll go search for the posts. Thanks! I would love to hear the other ways of doing that. I'll search the posts for them. Crossing my fingers  O0

so what's the cleanest way to send it to the game?
[spoiler]1.anti-code
2.button condition B
3. ASM
4. reset 8000 to 8000[/spoiler]

or
something else?

btw. Is it possible to have a variant asm code on the same address break?

[Patedj]

So the codes are working! I did a little tampering, and voila!

[spoiler]
lha r12,0(r4)
cmpwi r12,0x50
beq- 0x08
addi r12,r12,1
sth r12,0(r4)
lha r4,0(r4)
[/spoiler]

and in case the asm crashes  when there's two asm on the same address

[spoiler]0410C1B4 A0640002
203CB80A 00001000
C210C1B4 00000004
A1840000 2C0C0000
41820008 398CFFFF
B1840000 A0640002
60000000 00000000
E0000000 80008000
[/spoiler]

the only thing I don't understand is why beq- 0x0c bully?

[Patedj]

I've done it thanks to you two! and thomas83lin's post on special button activator [spoiler]http://wiird.l0nk.org/forum/index.php/topic,7514.0.html[/spoiler]

Here's the code
Add 1 to item
[spoiler]0410C1B8 A8840000
283CB80E 00000010
22001550 00000001
04001550 00000001
C210C1B8 00000004
A9840000 2C0C0050
41820008 398C0001
B1840000 A8840000
60000000 00000000
E0000000 80008000
2A3CB80E 00000010
04001550 00000000
E0000000 80008000
[/spoiler]
-1 to item
[spoiler]0410C1B4 A0640002
283CB80E 00001000
22001550 00000001
04001550 00000001
C210C1B4 00000004
A1840000 2C0C0000
41820008 398CFFFF
B1840000 A0640002
60000000 00000000
E0000000 80008000
2A3CB80E 00001000
04001550 00000000
E0000000 80008000
[/spoiler]

[Bully@Wiiplaza]

the only thing I don't understand is why beq- 0x0c bully?

The only thing, you need to know in this case is, that beq means "if equal".
Note that b stands for branch and eq for equal.
For instance, ble- would mean branch if less than.

ASM WiiRd is calculating the offset for you (here it´s 0x0C)

If you put this assembly into ASM WiiRd

[spoiler]lha r12,0(r4)
cmpwi r12,0
beq- _NO_SUBI
subi r12,r12,1
sth r12,0(r4)
_NO_SUBI:
lha r4,0(r4)
[/spoiler]

it will give you a code, which re-converted gives you:
[spoiler]
lha r12,0(r4)
cmpwi r12,0
beq- 0x0C
subi r12,r12,1
sth r12,0(r4)
lha r4,0(r4)
nop
[/spoiler]
These two ASM coding are exactly the same, just with the difference that the second one already has the offset in it (0x0C) to know how many instructions to skip, if branch is taken. If you use branch labels (like NO_SUBI, you will show the program, where to keep going after the branch and it calculates the distance for you)

-------------------------------
If you want to use +1 and -1 items at the same time, just put the coding together under 1 hook adress...
You know how?

[dcx2]

Hey, you found the epic post I was thinking about, Patedj.  That's the one that goes over the multiple ways to make one-shot activators.

Because of the way you wrote this code, it unhooks itself every time it is run.  You could in theory hook the same address, then, because you don't need both hooks to execute during the same frame.  The button activators will ensure only one hook at a time is run.

You said you used r16 etc because you were scared to use anything else.  If you are ever unsure, just create a stack frame and you can use r14-r31 without fear.

Also, if you wish to see the "second" and "third" button activators, the ones that only pop up for a single frame...

1) make sure BPNext is checked on the About tab
2) Go to the button activator address in Memory Viewer
3) Click pause
4) Press a button on the Wiimote
5) Click next frame

You should see the "second" button activator appear after the "first" button activator

6) Keep holding the button on the Wiimote
7) Click next frame again

The "first" activator will show the button is still down, but the second does not anymore!

8 ) Release Wiimote button
9) Click next frame again

The typical activator will show the button is released, but now you'll see the button in a third activator

[Patedj]

Oh wow guys!
I didn't know asm converter did that like that.
For the fear factor, stacking sounds like it's the way to do things.

For hooking at the same address, both of you are making perfect sense. I'm glad I asked, I wasn't too sure.

I'm having a great time working out things with you guys backing me up!!  O0

Make sure that you feel comfortable asking me for help too!