trainers(right?) and pointer...stuff

[Stuff]

Mainly this trainer stuff(I think that's what it's called from what I see). You know, the text that doesn't really belong there. Like how MID does it and the newer ECA does it. I was playing around with the game's text and I wanted to see what would happen if I put %x in the text.

[spoiler=at the bottom left][/spoiler]

awesome. I like what I see. But where did that value come from? I did it to a different text in the same location and it was the same value, but what is this random variable? also %p displays the same value but that address holds nothing significant.

But what I really want to know is how do you find the hook to something on the screen. I think the same asm goes through the whole text for more than just one string, so how would I tell it to display my text when it reads a specific string?

------------

So I noticed kirby had alot of 48 codes and I didn't really see them so much in mh3 since data doesn't move around like in kirby. But how do you find those pointers? I'm used to searching for the whatever I'm looking for and it just being there always. None of that pointer stuff where it leads you to the right area and you just gotta offset from there. >.>

[dcx2]

The game is using printf to write to the screen.  For instance, when it says "Select equipment:", some game function is calling printf, and passing it a bunch of arguments.  The first is the string to print.  The string contains formatters like %x and %d and %s and such.  printf has a variable number of arguments, one for each % formatter.

When you added %x, it told printf to grab the next argument and print it as a hexadecimal number.  If there was an argument for printf, then you're seeing that argument as hex.  It could have been a number to print (i.e. attack power), it could have been a pointer to a string (i.e. name of weapon), that sort of thing.

Now, if the printf had no arguments, and you added an argument, then...well...there's no telling where it got that number from.  It could be a random number from the stack, wherever the printf argument would have been.  It could be a random number from one of the registers, whichever the printf argument would have been.

---

They found pointers using pointer search.  If you're good at reading ASM you can follow a call stack back to get a list of pointers, too.

[Stuff]

ah. :/ I thought it might've had some significance, but I guess it's just from the stack. but I didn't see anything happening at that address at all. I want to know how you find whatever calls printf(). Messing with MID I saw that it puts some arguments in some registers and then it branches to the thing that pops values in and out of the stack. Which probably calls printf()..but idk. It also puzzles me how it doesn't mess up the screen somehow(even though the custom MID does, but ignoring that one..)

I wanted to make a small display that would show my current value kind of like in this video:

http://www.youtube.com/watch?v=MoqKVSZOBIQ

I was gonna make a sharpness roller to scroll through each sharpness now that it makes sense. I was add poking it to see each type of sharpness, but then I wanted to see the value on the screen. So then I started messing with the text. A RBP at "Select equipment:" lead to nothing special, afaik. There were like 3 or 4 different RBPs and all of them where lbz.

---

ah. I guess I'll mess with pointer search. It's one of those thing that I haven't used. The following the call stack back, not so much. >.<

[dcx2]

The RBPs on "Select Equipment:" are probably hitting inside the printf as it reads each character from the string.  You'll want to look at the caller to determine who is calling printf and what other arguments it may be passing.

printf may be a leaf function, so it would be best to right-click Step Out and then click "Walk to blr".  This will always find the end of the function regardless of whether it is a leaf or not.  However, if the printf is looping over a lot of bytes then it may take a while to walk to the end.

[Stuff]

\o/ that is pretty awesome. I'm not sure if this is the same RBP I was looking at before but finding the caller this way is great(there's 4 RBP atm and this one is the only one that changed the screen when I modified the instruction. It also didn't freeze).
[spoiler]
800040F0:  89240000   lbz   r9,0(r4) ##RBP here

walk to blr, step into:

8045DB18:  9421FFF0   stwu   r1,-16(r1)
8045DB1C:  7C0802A6   mflr   r0
8045DB20:  90010014   stw   r0,20(r1)
8045DB24:  93E1000C   stw   r31,12(r1)
8045DB28:  93C10008   stw   r30,8(r1)
8045DB2C:  7C7E1B78   mr   r30,r3
8045DB30:  80C30008   lwz   r6,8(r3)
8045DB34:  80E30004   lwz   r7,4(r3)
8045DB38:  7C062A14   add   r0,r6,r5
8045DB3C:  7C003840   cmplw   r0,r7
8045DB40:  7FE63850   sub   r31,r7,r6
8045DB44:  41810008   bgt-   0x8045db4c
8045DB48:  7CBF2B78   mr   r31,r5
8045DB4C:  80030000   lwz   r0,0(r3)
8045DB50:  7FE5FB78   mr   r5,r31
8045DB54:  7C603214   add   r3,r0,r6
8045DB58:  4BBA64A9   bl   0x80004000
8045DB5C:  801E0008   lwz   r0,8(r30) ##of course the last one must be the caller
8045DB60:  38600001   li   r3,1
8045DB64:  7C00FA14   add   r0,r0,r31
8045DB68:  901E0008   stw   r0,8(r30)
8045DB6C:  83E1000C   lwz   r31,12(r1)
8045DB70:  83C10008   lwz   r30,8(r1)
8045DB74:  80010014   lwz   r0,20(r1)
8045DB78:  7C0803A6   mtlr   r0
8045DB7C:  38210010   addi   r1,r1,16
8045DB80:  4E800020   blr   [/spoiler]

r6, r7, r0, r5, r30, and then I guess r31 but it's the same as r5 at this point. That's what I'm getting from this. But it looks like r4 and r3 are important:

80004000:  28850000   cmplwi   cr1,r5,0
80004004:  4D860020   beqlr-   cr1
80004008:  7C841840   cmplw   cr1,r4,r3
8000400C:  4184016C   blt-   cr1,0x80004178
80004010:  4D860020   beqlr-   cr1
...
When I looked at MID, it was branching from something similar to the spoiler I think. I'm using that as an example. I'll paste some stuff that I see MID doing.

I'll mess with it more later cuz I'm doing this on today's last little bit of energy(falling asleep here. Been typing this for quite some time now). But after this, I feel like I'd want to make a custom display for everything with text XD.