psq_l Instruction?

[Bully@Wiiplaza]

Hi,
I tried to code another moonjump for smg2 and both, read and write breakpoint gave me a weird psq_I instruction.
Whatever... let´s hook anyways:

Address: 8000D750
lis r12, 0x8075
lhz r12, 0x0A02 (r12)
andi. r12,r12, 0x800
beq- _END
lis r11,16544
stw r11,4(r3)
_END:
psq_l f2,4(r3),0,0

What did happen then?

Instant freeze. Why?
The condition wasn´t true either.

Seems like a wrong BP is hit or something... the address is VERY low :confused:

2.) How do I find the "shake nunchuck" activator on other games?
On smg2 it seems like the value becomes 4XXXXXXX instead of 3F8XXXXX if the nunchuck is shaken.

[Patedj]

I don't remember why but, psq always crashed for me. I had to find another address so that I could use it as a moon jump. Check Eldar Saga moon jump that I had a go at. dcx2 might have explained it there.

[dcx2]

psq_l = Paired Single Quantized Load.  YAGD has some info http://hitmen.c02.at/files/yagcd/yagcd/chap3.html

I also used psq_l in my SMG2 multi-televitation code to copy 8 bytes with one load and one store.  http://wiird.l0nk.org/forum/index.php/topic,6517.0.html

I say that r11 is more dangerous than r12 precisely because the compiler has some liberties in the prologue and epilogue that may prevent you from seeing that r11 is being used.  The compiler performs no such tricks with r12 and it is always immediately obvious if r12 is being used.  Instead of using r11, I would re-use r12.

Shake will be in the same place relative to the "true" button activator for probably every Wii game ever.  At the very least, it will be near it.  MemView auto-update around the button activator address and wiggle the nunchuck to verify.

[Bully@Wiiplaza]

Shake will be in the same place relative to the "true" button activator for probably every Wii game ever.  At the very least, it will be near it.  MemView auto-update around the button activator address and wiggle the nunchuck to verify.

Already found it.
As you said, it was near the button address (a few lines below in the memory viewer)


Try that code for your MKWii 2 Player Mode :D
It´s NTSC-US.
It syncronisizes shake, nunchuck stick and pressed buttons with player two´s controller.
Epic to use.

[spoiler]
Gods Controller Wiimote + Nunchuck XeR/ [Bully@Wiiplaza]
C21978C0 00000003
2C1B0000 40A2000C
901F0000 901F0538
60000000 00000000
C21978C8 00000003
2C1B0000 40A2000C
901F0004 901F053C
60000000 00000000
C2195450 00000003
2C1B0000 40A2000C
D0040000 D0040538
60000000 00000000
C2197014 00000003
2C1B0000 4082000C
81830000 91830538
C0030000 00000000
C2196ED8 00000002
2C1B0001 41820008
D0030000 00000000[/spoiler]

---
How would you suggest making the moonjump when hooking the psq_I?
Can it be done?

[Patedj]

if you replace the lis r11,16544
lis r12,0x7F (or less)
and put all r12 to r13
would that work?

[dcx2]

If you found the function I'm thinking about, I'm pretty sure you won't be able to hook it.  Set an XBP on that hook and press Set a bunch of times.  If the XBP hits more than once per frame, it's a bad hook.

[Bully@Wiiplaza]

If you found the function I'm thinking about, I'm pretty sure you won't be able to hook it.

there you go:
[spoiler]8000D750:  E0430004   psq_l   f2,4(r3),0,0
8000D754:  E0240004   psq_l   f1,4(r4),0,0
8000D758:  E0030000   psq_l   f0,0(r3),0,0
8000D75C:  10420072   ps_mul   f2,f2,f1
8000D760:  E0240000   psq_l   f1,0(r4),0,0
8000D764:  1020107A   ps_madd   f1,f0,f1,f2
8000D768:  10211094   ps_sum0   f1,f1,f2,f2
8000D76C:  4E800020   blr   
[/spoiler]

[dcx2]

Set an XBP on that hook and press Set a bunch of times.  If the XBP hits more than once per frame, it's a bad hook.

[Bully@Wiiplaza]

Set an XBP on that hook and press Set a bunch of times.  If the XBP hits more than once per frame, it's a bad hook.

1.) does X Breakpoint mean, either read or write? (Both gave a Psq_I instruction, probably the same issue for the other one)
2.) How do I notice if it´s hit more than once per frame?
3.) Why is it then a "bad" hook?
If it´s the case of unfitting hook(s), I would move on to Pointer Search

[dcx2]

1) XBP = Execute BP.  Do it on the hook address, in your case 8000D750

2) Set XBP on hook address a bunch of times.  Count the number of frames that go past.  Divide the number of frames by the number of Set XBP's.

If >1 frame/set, probably good.  BP is only hit when "something happens"; be wary if other entities can make "something happen".

If 1 frame/set, good.  BP hits once per frame.  BP probably only affects the target entity.

If <1 frame/set, bad.  BP hits many times per frame, so it's probably handling more than one entity's data.

Looking at LR while pressing Set may also provide clues.

3) It's a bad hook because there is probably more than one entity using that function.  For instance, if this was "move entity" (it's probably not, but let's pretend), then this would get called when you move *or* when enemies move.