ASM explanations...

[Stuff]

r5 = 0 and I don't see it being used in the near future. It'll probably li r5, X at some point if it gets used.
-----

Many thanks. That's way better. So I sent this code:
Monsters have Regen
C212ED08 00000003
819F07A4 7D8C2670
801F07A0 7C006214
901F07A0 00000000

The hp is read at an unusual rate. I can't understand what makes it read. Not even hitting them makes it read. It just does. Can't really see a pattern either. But it's whenever, often or not often. Another thing is that it'll heal past it's max hp XD. I was thinking of doing that Goto in the beginning of the code to skip some asm that would handle if it's greater than max hp. So 3 more lines.

66000001 00000000 #skip to C2
mr r0, r12 #move r12 to r0(max hp->current)
b 0x1C #go to the stw at the end
C212ED08 00000004
lwz r12, 1956(r31)   # read max health
srawi r0,r12,8       # r12 = r12 / 64? needed to make the heal smaller.
lwz r5, 1952(r31)    # read current health
add r0, r5, r0       # healed by 5%
cmp r0, r12 #compare new hp to max hp
bgt -0x1C #branch to skipped code if greater than
stw r0, 1952(r31) ##store new hp
00000000 #that 0 that needs to be at the end.

I have to think about the branches...PyiiASMH didn't want to do b 0x1C. Had to increase the divider. I couldn't keep up with the healing. I can srawi up to 32, right?

[dcx2]

r5 = 0

Absolutely wrong.  0 does not mean safe.  This is a tutorial on register safety.

http://wiird.l0nk.org/forum/index.php/topic,6555.0.html

The short of it is: r12 is almost always safe. r11 is usually safe.  r10-r3 are of decreasing safety.  r14+ should never be considered safe without a thorough dependency analysis or a stack frame.

The hp is read at an unusual rate. I can't understand what makes it read.

Well, it's comparing the percentage of health to some float argument in f1.  What's in f1?  What does it look like the caller wants to do with the return value?

Another thing is that it'll heal past it's max hp XD. I was thinking of doing that Goto in the beginning of the code to skip some asm that would handle if it's greater than max hp. So 3 more lines.

66000001 00000000 #skip to C2
mr r0, r12 #move r12 to r0(max hp->current)
b 0x1C #go to the stw at the end
C212ED08 00000004
lwz r12, 1956(r31)   # read max health
srawi r0,r12,8       # r12 = r12 / 64? needed to make the heal smaller.
lwz r5, 1952(r31)    # read current health
add r0, r5, r0       # healed by 5%
cmp r0, r12 #compare new hp to max hp
bgt -0x1C #branch to skipped code if greater than
stw r0, 1952(r31) ##store new hp
00000000 #that 0 that needs to be at the end.

lol, I give you points for creativity.  You also knew that you couldn't just put ASM in the code list and that you had to protect it, in this case with a 66 Goto.  Although I'm not sure what lead you to believe you couldn't just put the ASM in with the C2 code...

Another thing you need to use are branch labels.  Branch labels automatically calculate the displacement operand necessary so you don't have to count bytes.  Yay not counting bytes!

"that 0" is actually allocating room for a back-branch.  The code handler will automatically write this back-branch with the correct address as part of carrying out the C2 code type.  That's why if there's not enough room, you need to add the nop.  Ironically, it doesn't have to be 0, you could make it anything you want because it will be over-written.

lwz r0, 1952(r31)    # read current health
lwz r12, 1956(r31)   # read max health
cmpw r0,r12          # is current >= max health?
bge- _END            # don't regen
srawi r12,r12,8       # r12 = r12 / 256
add r0, r12, r0       # healed by ~0.4%
stw r0, 1952(r31)  #store new hp
_END:

This has the side effect of healing them up to one regen over their max health.  Brimming full, so to speak.

I have to think about the branches...PyiiASMH didn't want to do b 0x1C. Had to increase the divider. I couldn't keep up with the healing. I can srawi up to 32, right?

Perhaps PyiiASMH expects everything that will exist in one single input.  The Encounter Roller I made is actually like 8 different C2 codes that all had to be entered at the same time so that they could access each other.  There's a degree of belly-rubbing and head-patting involved to make the assembler generate the code types.

It's a good idea to know the first ten powers of 2 by heart.  The next six are good to know, too.  2^8 = 256.  Therefore a right-shift by 8 bits will divide by 256.  2^6 = 64.  It can go up to 31, but at that point you would be dividing by 2^31 = 2,147,483,648.  (hint: calc shortcut for exponent is y; therefore 2y8 will give you 2^8 etc)

[Stuff]

r5 = 0

Absolutely wrong.  0 does not mean safe.

Many people confuse 0 for safe, but that is not the case.  Safety cannot be determined from the value of a register; it could be 0 when you're looking at it and a different value later.

Ah. ya got me. >.<

It's a very nice guide. I'll refrence to it until I just know.

Could I download your brain? :p

Did you ever upload it? I need the link. XD

lol, I give you points for creativity.  You also knew that you couldn't just put ASM in the code list and that you had to protect it, in this case with a 66 Goto.  Although I'm not sure what lead you to believe you couldn't just put the ASM in with the C2 code...

Another thing you need to use are branch labels.  Branch labels automatically calculate the displacement operand necessary so you don't have to count bytes.  Yay not counting bytes!

Well. I didn't think about branching to the end if >=. I was thinking if it's greater than the max, just rewrite the max. But if it's not, it would've went to the next instruction, which would've been my brach  anyway. The branch needed to be somewhere else. Branch labels are interesting. I know nothing about them. Can they be called _anything? Or was _END one of the many/few labels?

It's a good idea to know the first ten powers of 2 by heart.  The next six are good to know, too.  2^8 = 256.  Therefore a right-shift by 8 bits will divide by 256.  2^6 = 64.  It can go up to 31, but at that point you would be dividing by 2^31 = 2,147,483,648.  (hint: calc shortcut for exponent is y; therefore 2y8 will give you 2^8 etc)

Oh. I was looking at it wrong. >.< I thought 8^2.That was dumb. lol.

This was the code.

C212ED08 00000004
801F07A0 819F07A4
7C006000 40800010
7D8C4670 7C0C0214
901F07A0 00000000

It worked pretty nice. But that heal rate is so weird. it got annoying after a while. It was healing 10 hp each time. But at the rate it heals...Like, you can do a combo, sheathe your weapon, get hit, use a megapotion and nothing happens...and then out of nowhere, +10+10+10+10+10....+10+10..+10......>.>...<.<...:p..+10+10. XD. I'm gonna reduce it even more, but in the end, I might just do a +1/+2. It's a very nice code though. It's worthy of my gct.... When it gets tolerable.

The extra health wasn't a big deal. it went 9 hp over. 1 hit would get you back on track. And it's not like everyone uses MID >.>.

[dcx2]

Well. I didn't think about branching to the end if >=. I was thinking if it's greater than the max, just rewrite the max.

I originally thought that too, but then I figured I'd optimize it a bit.  This would be the other way.

lwz r0, 1952(r31)    # read current health
lwz r12, 1956(r31)   # read max health
srawi r10,r12,8       # r10 = r12 / 256
add r0, r10, r0       # healed by ~0.4%
cmpw r0,r12          # is current <= max health?
ble- _STORE         # skip the "ceiling"
mr r0,r12              # apply "ceiling" so that current hp goes no higher than max hp
_STORE:
stw r0, 1952(r31)  #store new hp

Branch labels are interesting. I know nothing about them. Can they be called _anything? Or was _END one of the many/few labels?

Branch labels can be pretty much anything, although there might be some rules about starting with numbers.  I usually prefix branch labels with _ by convention.  This is not a requirement, but it helps me recognize a branch label that's separate from a .set variable.  The label is declared with the name ending in a :  There must be only one branch label declared with a given name, though you can use many different branch labels.  To use a branch label you just put its name without the :  Branch labels can be subtracted to create offsets.  There's also some magic single-digit labels that can be re-used.

It worked pretty nice. But that heal rate is so weird. it got annoying after a while. It was healing 10 hp each time. But at the rate it heals...Like, you can do a combo, sheathe your weapon, get hit, use a megapotion and nothing happens...and then out of nowhere, +10+10+10+10+10....+10+10..+10......>.>...<.<...:p..+10+10. XD. I'm gonna reduce it even more, but in the end, I might just do a +1/+2. It's a very nice code though. It's worthy of my gct.... When it gets tolerable.

Again, you should be trying to figure out what f1 is.  You should also look at the caller and see what's going on there.

Another thing you can consider is finding a different hook that runs reliably.  It doesn't have to be related to health; the hook could be reading anything about the monster, because all you need is a hook that runs for every monster every frame or so.

[Stuff]

I like this new other way actually. If I have to make it do +1/+2 instead of +a percent, I would've had to end with a nop.

Putting the BP tab to text view makes it float registers show hex >.>. So if your talking about this line:
8012ED44:  FC000840   fcmpo   cr0,f0,f1
nothing looks like it changes it from the break point up to this and the value was 0.18 when it reached that line.  >.> But it did change. It was originally 0.18 and it changed back to 0.18 after this
8012ED38:  C8010010   lfd   f0,16(r1)

>.> but thats f0. before the fcmpo, f0 was 1 at max hp, 0.310077 at 800/2580 hp and 0.893023 at 2304/2580 hp. It almost looks kind of obvious that it's checking if the hp is less than 18%. It'll probably start to limp at this point. But I don't see how the next instructions would handle that. Well..idk what the next instructions are. >.<
Almost obvious because...you never know.

I'll check the call stack next and look for something else that reads every frame maybe. Probably rage.
----
yup. 18% is when Lagiacrus limps. But he's ready to capture before then.

[dcx2]

if your talking about this line:
8012ED44:  FC000840   fcmpo   cr0,f0,f1
nothing looks like it changes it from the break point up to this and the value was 0.18 when it reached that line.  >.> But it did change. It was originally 0.18 and it changed back to 0.18 after this
8012ED38:  C8010010   lfd   f0,16(r1)

>.> but thats f0. before the fcmpo, f0 was 1 at max hp, 0.310077 at 800/2580 hp and 0.893023 at 2304/2580 hp. It almost looks kind of obvious that it's checking if the hp is less than 18%. It'll probably start to limp at this point. But I don't see how the next instructions would handle that. Well..idk what the next instructions are. >.<

There ya go.  Now you see what it's trying to do.

I don't know why but sometimes the fregs are..."wrong".  And then they'll be "right" later.

The instructions that cause him to limp are probably handled by the caller.  All this function is supposed to do is determine if the monster's HP is <18% (or >18%?  I'm still not sure.  It really does look like it's masking the EQ bit off but that makes no sense, it should be masking LT or GT).

I'll check the call stack next and look for something else that reads every frame maybe. Probably rage.

That would be looking for new breakpoints based on the rage value.  You could even use something like a coordinates breakpoint, possibly.

[Stuff]

Maybe cuz the fregisters are 64 bits? And gecko.net reads it as 32bits or something and possibly, the next 32 bits overlap the first 32 bits of the next fregister. idk. Just an idea.

Coordinates sounds like a good idea. I found quite a few things that change while he moves in  +/-B18 from his hp. >.>

The first one looked good enough though. It looked like bully's teleport. here's a read BP and a write BP

[spoiler=read BP] CR:88200488  XER:00000000  CTR:800612A4 DSIS:00400000
DAR:9014B968 SRR0:800513CC SRR1:0000B032   LR:80073F88
  r0:800E1BF4   r1:807AD560   r2:8079DAA0   r3:9014B968
  r4:9014B968   r5:807AD590   r6:00000001   r7:00000001
  r8:00000001   r9:00000001  r10:00000001  r11:80000000
r12:800612A4  r13:80798E20  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:9014CF70  r19:816884E8
r20:817C5000  r21:00000020  r22:00000003  r23:00000000
r24:00000000  r25:00000000  r26:00000000  r27:8017F138
r28:9014B964  r29:00000000  r30:00000006  r31:9014B968

  f0:C09A029F   f1:BE567786   f2:80000000   f3:BBA68F4B
  f4:3F190000   f5:BD3ED35A   f6:3EB13A1E   f7:00000000
  f8:3D3E80E2   f9:BD4D4879  f10:3D886B35  f11:3D4BFE51
f12:380FE13C  f13:3B0A0AAD  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:40000000  f31:00000000

800513CC:  E0040000   psq_l   f0,0(r4),0,0 #break
800513D0:  E0250000   psq_l   f1,0(r5),0,0
800513D4:  1000082A   ps_add   f0,f0,f1
800513D8:  F0030000   psq_st   f0,0(r3),0,0
800513DC:  E0048008   psq_l   f0,8(r4),1,0
800513E0:  E0258008   psq_l   f1,8(r5),1,0
800513E4:  1000082A   ps_add   f0,f0,f1
800513E8:  F0038008   psq_st   f0,8(r3),1,0
800513EC:  4E800020   blr   
[/spoiler]

[spoiler=write BP]  CR:88200488  XER:00000000  CTR:800621E4 DSIS:02400000
DAR:9014B968 SRR0:80041E74 SRR1:0000B032   LR:80041E58
  r0:80138EB0   r1:807AD610   r2:8079DAA0   r3:9014B968
  r4:9014BAC8   r5:000000FF   r6:00000005   r7:00000001
  r8:00000001   r9:00000001  r10:00000001  r11:80000000
r12:800621E4  r13:80798E20  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:9014CF70  r19:816884E8
r20:817C5000  r21:00000020  r22:00000003  r23:00000000
r24:00000000  r25:00000000  r26:00000000  r27:8017F138
r28:FFFFFFFF  r29:9014B940  r30:9014B940  r31:9014B968

  f0:C418D77C   f1:3F7D70A4   f2:C53B8000   f3:4544E000
  f4:B6E607EB   f5:3DBA2FA0   f6:3D886C19   f7:3EAAAAAA
  f8:3E124924   f9:3DBA2E6E  f10:3D886B35  f11:3D4BDAEE
f12:3515D8CA  f13:380FC43F  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:00000000

80041E70:  C0040000   lfs   f0,0(r4)
80041E74:  D0030000   stfs   f0,0(r3) #break
80041E78:  C0040004   lfs   f0,4(r4)
80041E7C:  D0030004   stfs   f0,4(r3)
80041E80:  C0040008   lfs   f0,8(r4)
80041E84:  D0030008   stfs   f0,8(r3)
80041E88:  4E800020   blr   [/spoiler]
With either of these, I could still use X(r31). Just X has to be a lesser number. I'm leaning towards the write BP cuz the read BP uses psq >.>. I haven't seen that yet.

[dcx2]

Those might be bad hooks because they look like they run for everyone and not just enemies.

[Stuff]

o.O how do you see that? I'll go back to the rage idea then. I believe one of them is read often.

[dcx2]

I've looked for enough hooks that I can recognize some things.  Typically, small functions like that which don't create stack frames and primarily copy data from one address to another are run for most people.  Set an XBP on the same address the RBP or WBP found.  If you have to set many XBPs before a frame goes by, then each one is someone else that the function is working on.

[Stuff]

Hmm. That was pretty awesome. I did a XBP on the read one.

[spoiler]  CR:22200488  XER:20000000  CTR:8007DDFC DSIS:02400000
DAR:9014B945 SRR0:800513CC SRR1:0000B032   LR:800513B0
 r0:80292260   r1:807AD470   r2:8079DAA0   r3:807AD4F8
 r4:807AD584   r5:807AD4EC   r6:00000000   r7:00000142
 r8:00000001   r9:00000000  r10:00000001  r11:807AD5E0
r12:8007DDFC  r13:80798E20  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:9014AB7C  r19:0000FFFF
r20:00000142  r21:00000000  r22:806AC088  r23:00000000
r24:00000000  r25:00000001  r26:807AD68C  r27:807AD680
r28:00000000  r29:807AD4F8  r30:807AD584  r31:807AD4EC
[/spoiler]
Not only did the r31 jump from a nice X(r31) to a terrible one, r18 shows like it's working with player1 or player2. :/

well. rage trigger, rage counter, stamina, something weren't good hooks. But this one looks nice. It's a read BP at monster id. I couldn't get a write BP because..The id won't be changing ever. X(r3) looks good this time.

[spoiler]
 CR:24200488  XER:20000000  CTR:00000020 DSIS:00400000
DAR:9014B943 SRR0:800F3798 SRR1:0000B032   LR:800F377C
 r0:00000000   r1:807AD5B0   r2:8079DAA0   r3:9014B940
 r4:0000000C   r5:000000FF   r6:00000005   r7:00000000
 r8:00000017   r9:FFFFFFE9  r10:00000000  r11:807AD5F0
r12:8007DDFC  r13:80798E20  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:9014CF70  r19:816884E8
r20:817C5000  r21:00000020  r22:00000001  r23:00000000
r24:806A11B8  r25:9014A334  r26:00000000  r27:00000000
r28:00000000  r29:9014AB40  r30:806A11B8  r31:806A11B8

 f0:468CA000   f1:44E10000   f2:47938E00   f3:59800004
 f4:00000000   f5:3F800000   f6:3B4CCCCD   f7:3F800000
 f8:00000000   f9:40000000  f10:3F800000  f11:BB088889
f12:3ACCCCCD  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:00000000

800F3604:  9421FFC0   stwu   r1,-64(r1)
800F3608:  7C0802A6   mflr   r0
800F360C:  90010044   stw   r0,68(r1)
800F3610:  39610040   addi   r11,r1,64
800F3614:  483637DD   bl   0x80456df0
800F3618:  7C781B78   mr   r24,r3
800F361C:  38A00000   li   r5,0
800F3620:  98A301D9   stb   r5,473(r3)
800F3624:  3C800001   lis   r4,1
800F3628:  3804FFFF   subi   r0,r4,1
800F362C:  B00301DC   sth   r0,476(r3)
800F3630:  98A301E2   stb   r5,482(r3)
800F3634:  98A301E5   stb   r5,485(r3)
800F3638:  98A301E8   stb   r5,488(r3)
800F363C:  98A301EB   stb   r5,491(r3)
800F3640:  98A301DA   stb   r5,474(r3)
800F3644:  B00301DE   sth   r0,478(r3)
800F3648:  98A301E3   stb   r5,483(r3)
800F364C:  98A301E6   stb   r5,486(r3)
800F3650:  98A301E9   stb   r5,489(r3)
800F3654:  98A301EC   stb   r5,492(r3)
800F3658:  98A301DB   stb   r5,475(r3)
800F365C:  B00301E0   sth   r0,480(r3)
800F3660:  98A301E4   stb   r5,484(r3)
800F3664:  98A301E7   stb   r5,487(r3)
800F3668:  98A301EA   stb   r5,490(r3)
800F366C:  98A301ED   stb   r5,493(r3)
800F3670:  38600000   li   r3,0
800F3674:  4BFDC41D   bl   0x800cfa90
800F3678:  2C030000   cmpwi   r3,0
800F367C:  41820290   beq-   0x800f390c
800F3680:  3B232274   addi   r25,r3,8820
800F3684:  38600002   li   r3,2
800F3688:  4BFDC409   bl   0x800cfa90
800F368C:  7C7D1B78   mr   r29,r3
800F3690:  2C030000   cmpwi   r3,0
800F3694:  41820278   beq-   0x800f390c
800F3698:  4BFDBB81   bl   0x800cf218
800F369C:  5460063E   rlwinm   r0,r3,0,24,31
800F36A0:  28000002   cmplwi   r0,2
800F36A4:  4182001C   beq-   0x800f36c0
800F36A8:  4BFDBCDD   bl   0x800cf384
800F36AC:  7C600774   extsb   r0,r3
800F36B0:  1C000B20   mulli   r0,r0,2848
800F36B4:  7FBD0214   add   r29,r29,r0
800F36B8:  3B800000   li   r28,0
800F36BC:  48000008   b   0x800f36c4
800F36C0:  3B9D0B20   addi   r28,r29,2848
800F36C4:  482BA231   bl   0x803ad8f4
800F36C8:  5460063E   rlwinm   r0,r3,0,24,31
800F36CC:  2800000B   cmplwi   r0,11
800F36D0:  40820014   bne-   0x800f36e4
800F36D4:  7F03C378   mr   r3,r24
800F36D8:  7FA4EB78   mr   r4,r29
800F36DC:  4BFFFE11   bl   0x800f34ec
800F36E0:  4800022C   b   0x800f390c
800F36E4:  482BA211   bl   0x803ad8f4
800F36E8:  5460063E   rlwinm   r0,r3,0,24,31
800F36EC:  28000006   cmplwi   r0,6
800F36F0:  40820014   bne-   0x800f3704
800F36F4:  7F03C378   mr   r3,r24
800F36F8:  7FA4EB78   mr   r4,r29
800F36FC:  4BFFFE59   bl   0x800f3554
800F3700:  4800020C   b   0x800f390c
800F3704:  3B400000   li   r26,0
800F3708:  3B600000   li   r27,0
800F370C:  7F1FC378   mr   r31,r24
800F3710:  3AE00000   li   r23,0
800F3714:  3AC00001   li   r22,1
800F3718:  2C1A0003   cmpwi   r26,3
800F371C:  408001F0   bge-   0x800f390c
800F3720:  A0190006   lhz   r0,6(r25)
800F3724:  2C000000   cmpwi   r0,0
800F3728:  418201D4   beq-   0x800f38fc
800F372C:  A8190004   lha   r0,4(r25)
800F3730:  2C000000   cmpwi   r0,0
800F3734:  418201C8   beq-   0x800f38fc
800F3738:  80190000   lwz   r0,0(r25)
800F373C:  5403043E   rlwinm   r3,r0,0,16,31
800F3740:  3881000C   addi   r4,r1,12
800F3744:  38A10008   addi   r5,r1,8
800F3748:  48050E99   bl   0x801445e0
800F374C:  5460063E   rlwinm   r0,r3,0,24,31
800F3750:  28000001   cmplwi   r0,1
800F3754:  408201A8   bne-   0x800f38fc
800F3758:  8061000C   lwz   r3,12(r1)
800F375C:  88030000   lbz   r0,0(r3)
800F3760:  2C000000   cmpwi   r0,0
800F3764:  41820198   beq-   0x800f38fc
800F3768:  800301C8   lwz   r0,456(r3)
800F376C:  540007FE   rlwinm   r0,r0,0,31,31
800F3770:  2C000000   cmpwi   r0,0
800F3774:  41820188   beq-   0x800f38fc
800F3778:  480398B5   bl   0x8012d02c
800F377C:  2C030000   cmpwi   r3,0
800F3780:  4082017C   bne-   0x800f38fc
800F3784:  8061000C   lwz   r3,12(r1)
800F3788:  A003001A   lhz   r0,26(r3)
800F378C:  B01F01DC   sth   r0,476(r31)
800F3790:  7FD8D214   add   r30,r24,r26
800F3794:  8061000C   lwz   r3,12(r1)
800F3798:  88030003   lbz   r0,3(r3)  #break Gonna highlight these with blue from now on.
800F379C:  981E01E2   stb   r0,482(r30)
800F37A0:  4BFDBA79   bl   0x800cf218
800F37A4:  5460063E   rlwinm   r0,r3,0,24,31
800F37A8:  28000002   cmplwi   r0,2
800F37AC:  41820034   beq-   0x800f37e0
800F37B0:  8061000C   lwz   r3,12(r1)
800F37B4:  7FA4EB78   mr   r4,r29
800F37B8:  480398FD   bl   0x8012d0b4
800F37BC:  28030001   cmplwi   r3,1
800F37C0:  40820018   bne-   0x800f37d8
800F37C4:  8061000C   lwz   r3,12(r1)
800F37C8:  889D0008   lbz   r4,8(r29)
800F37CC:  4803E145   bl   0x80131910
800F37D0:  7C751B78   mr   r21,r3
800F37D4:  4800008C   b   0x800f3860
800F37D8:  3AA00000   li   r21,0
800F37DC:  48000084   b   0x800f3860
800F37E0:  8061000C   lwz   r3,12(r1)
800F37E4:  7FA4EB78   mr   r4,r29
800F37E8:  480398CD   bl   0x8012d0b4
800F37EC:  28030001   cmplwi   r3,1
800F37F0:  40820044   bne-   0x800f3834
800F37F4:  8061000C   lwz   r3,12(r1)
800F37F8:  889D0008   lbz   r4,8(r29)
800F37FC:  4803E115   bl   0x80131910
800F3800:  7C751B78   mr   r21,r3
800F3804:  2C030000   cmpwi   r3,0
800F3808:  40820058   bne-   0x800f3860
800F380C:  8061000C   lwz   r3,12(r1)
800F3810:  7F84E378   mr   r4,r28
800F3814:  480398A1   bl   0x8012d0b4
800F3818:  28030001   cmplwi   r3,1
800F381C:  40820044   bne-   0x800f3860
800F3820:  8061000C   lwz   r3,12(r1)
800F3824:  889C0008   lbz   r4,8(r28)
800F3828:  4803E0E9   bl   0x80131910
800F382C:  7C751B78   mr   r21,r3
800F3830:  48000030   b   0x800f3860
800F3834:  8061000C   lwz   r3,12(r1)
800F3838:  7F84E378   mr   r4,r28
800F383C:  48039879   bl   0x8012d0b4
800F3840:  28030001   cmplwi   r3,1
800F3844:  40820014   bne-   0x800f3858
800F3848:  8061000C   lwz   r3,12(r1)
800F384C:  889C0008   lbz   r4,8(r28)
800F3850:  4803E0C1   bl   0x80131910
800F3854:  48000008   b   0x800f385c
800F3858:  38600000   li   r3,0
800F385C:  7C751B78   mr   r21,r3
800F3860:  2C150000   cmpwi   r21,0
800F3864:  4082000C   bne-   0x800f3870
800F3868:  9AFE01E5   stb   r23,485(r30)
800F386C:  48000008   b   0x800f3874
800F3870:  9ADE01E5   stb   r22,485(r30)
800F3874:  8061000C   lwz   r3,12(r1)
800F3878:  88030003   lbz   r0,3(r3)
800F387C:  28000014   cmplwi   r0,20
800F3880:  4082003C   bne-   0x800f38bc
800F3884:  8803043D   lbz   r0,1085(r3)
800F3888:  28000001   cmplwi   r0,1
800F388C:  4182001C   beq-   0x800f38a8
800F3890:  28000002   cmplwi   r0,2
800F3894:  41820014   beq-   0x800f38a8
800F3898:  481BC3ED   bl   0x802afc84
800F389C:  5460063E   rlwinm   r0,r3,0,24,31
800F38A0:  28000003   cmplwi   r0,3
800F38A4:  4082000C   bne-   0x800f38b0
800F38A8:  9ADE01EB   stb   r22,491(r30)
800F38AC:  48000008   b   0x800f38b4
800F38B0:  9AFE01EB   stb   r23,491(r30)
800F38B4:  9AFE01E8   stb   r23,488(r30)
800F38B8:  48000038   b   0x800f38f0
800F38BC:  8803043D   lbz   r0,1085(r3)
800F38C0:  28000001   cmplwi   r0,1
800F38C4:  4082000C   bne-   0x800f38d0
800F38C8:  9ADE01EB   stb   r22,491(r30)
800F38CC:  48000008   b   0x800f38d4
800F38D0:  9AFE01EB   stb   r23,491(r30)
800F38D4:  8061000C   lwz   r3,12(r1)
800F38D8:  8803043D   lbz   r0,1085(r3)
800F38DC:  28000002   cmplwi   r0,2
800F38E0:  4082000C   bne-   0x800f38ec
800F38E4:  9ADE01E8   stb   r22,488(r30)
800F38E8:  48000008   b   0x800f38f0
800F38EC:  9AFE01E8   stb   r23,488(r30)
800F38F0:  9ADE01D9   stb   r22,473(r30)
800F38F4:  3BFF0002   addi   r31,r31,2
800F38F8:  3B5A0001   addi   r26,r26,1
800F38FC:  3B7B0001   addi   r27,r27,1
800F3900:  3B390010   addi   r25,r25,16
800F3904:  2C1B0006   cmpwi   r27,6
800F3908:  4180FE10   blt+   0x800f3718
800F390C:  39610040   addi   r11,r1,64
800F3910:  4836352D   bl   0x80456e3c
800F3914:  80010044   lwz   r0,68(r1)
800F3918:  7C0803A6   mtlr   r0
800F391C:  38210040   addi   r1,r1,64
800F3920:  4E800020   blr   
[/spoiler]
what is wrong with this code?

28?????? MMMMXXXX
C20F3798 00000002
800307A4 900307A0
88030003 00000000
E0000000 80008000
040F3798 88030003

This is how my map->hud is. I expected it to branch when I press the activator and then undo the change immediately, which should be enough time for the new instructions to run once. The C2 basically doesn't work like this, but it does look like it works by itself because it ends up doing inf hp.nvm. The order seems to matter. Probably because it needs the instruction until the end of the frame.

max heal all monsters
040F3798 88030003
28?????? MMMMXXXX
C20F3798 00000002
800307A4 900307A0
88030003 00000000
E0000000 80008000

lwz r0,1956(r3)
stw r0,1952(r3)
lbz r0,3(r3)

but 6 lines :/ All that for 1 less line XD.

I think I'll still use the hp BP for regen. That's a pretty cool code if you ask me.

[dcx2]

Yeah, an anti-code should come before the C2.  it will write the anti-code and then immediately write the hook if the activator is true.

Have you tried doing regeneration with that address?

lwz r0, 1952(r3)    # read current health
lwz r12, 1956(r3)   # read max health
srawi r10,r12,8       # r10 = r12 / 256
add r0, r10, r0       # healed by ~0.4%
cmpw r0,r12          # is current <= max health?
ble- _STORE         # skip the "ceiling"
mr r0,r12              # apply "ceiling" so that current hp goes no higher than max hp
_STORE:
stw r0, 1952(r3)    #store new hp
lbz r0,3(r3)

C20F3798 00000005
800307A0 818307A4
7D8A4670 7C0A0214
7C006000 40810008
7D806378 900307A0
88030003 00000000

[Stuff]

I did this with that hook.

lwz r0, 1952(r3)    # read current health
lwz r12, 1956(r3)   # read max health
li r10, 1                #addi r0, r0, 1 seemed to do li r0, 1 >.>
add r0, r0, r10       # healed by 1
cmpw r0,r12          # is current <= max health?
ble- _STORE         # skip the "ceiling"
mr r0,r12              # apply "ceiling" so that current hp goes no higher than max hp
_STORE:
stw r0, 1952(r3)    #store new hp
lbz r0,3(r3)

It heals 1 hp per frame I guess, but that was way too fast. It's faster recovery than when they sleep. lol. I poked lagiacrus's hp to 1 and started attacking him. His hp made it back to 2580. lol. I could probably do a loop that would only add 1 at the last cycle. But idk if that would let multiple frames pass. A small % per second would be good.

[dcx2]

Ah, I bet you found out you can't do addi r0,r0,1 huh?  addi is an rA|0 instruction.  So if you use r0 for rA, it will treat it as the value 0 instead of the value in r0. 

We can try this.  Write the anti-code, then use a counter-if before the C2 code.  Once per second this will heal them by 1 HP.  You can make it heal faster by lowering the counter value from 3C to e.g. 1E.  You can make it heal more by changing the addi from 1 to 2.

040F3798 88030003 # anti-code
A8000008 0000003C # 60 hz counter auto-reset counter
C20F3798 00000004
818307A0 800307A4
7C0C0000 4080000C
398C0001 918307A0
88030003 00000000
E0000000 80008000

lwz r12, 1952(r3)  # read current health
lwz r0, 1956(r3)   # read max health
cmpw r12,r0        # is current >= max health?
bge- _END          # skip healing
addi r12, r12, 1    # healed by 1
stw r12, 1952(r3) #store new hp
_END:
lbz r0,3(r3)

[Stuff]

That was awesome. Thanks. I didn't know you could do counter ifs without a if. I did this. addi r12, r12, 5 and it was tolerable. About every second, 5 hp gain. It's a nice recover rate with no "omg I can't do this.":

040F3798 88030003
A8000008 0000003C
C20F3798 00000004
818307A0 800307A4
7C0C0000 4080000C
398C0005 918307A0
88030003 00000000
E0000000 80008000

I'll mess with this a little bit before posting it. I might go back to %. Or even mess with monster level to determine the heal amount. XD. I wonder what it'll be like with the C2 max heal.

It only works on boss monsters. That was a little interesting.

--------------------
Hmm. What are those ps[q] instructions, if you don't mind explaining? They're not in the this: http://www.pds.twi.tudelft.nl/vakken/in101/labcourse/instruction-set/. They look like they're related somehow to lwz, stw, add.