Hello guys.... Since all the IB crap from High School is done with for 2 weeks, I now have the time to start out on attempting to hack Brawl.... Which I've wanted to do since I got my USBGecko, but never had the time to do this....
I'm assuming that the code I'm trying to do will be out of my reach, however it doesn't stop me from trying :P
Anyway, I have basic knowledge on how to start out with the USBGecko, thanks to Foxx's Video tutorial with Mario Galaxy...
I am attempting to start on a "double final smash effects" fix in which more than final smash can have their "effects"... not just the last person who got the "Final Smash Standby"...
I'm a loooooong way away from this... however, I tried starting out today just finding out the location from which the data is loaded....
Here's the situation on my code searches:
I do Ike and Marth on 5 stock, Final Destination, Smash Balls only on High....
Activated Codes from WiiRD Gui:
Taunt to do your character's Final Smash Animation (I apologize, I dunno who made the code, please someone tell me who did so I can give credit, I think this was from the action modifier):
4A000000 8077F780
D2000000 00000004
2C030000 41820010
2C1C010C 40820008
3B800116 60000000
939E0038 00000000
I was going to use this to test if anything changes whenever I poke an address....
I did an 16-Bit Unknown Value Search with "Equal to" Compare type as Ike glows with FS (Assuming that Final Smash effects are loaded)....
I did it many times as the Final Smash Progressed with a Hit on Marth....
After the final hit and stopped "glowing".... I did a "Not Equal" Compare type, following a few "Equal" comparison dumps while he wasn't glowing to reduce the amount of addresses I had to work with....
I did another "Not equal" compare type when I got the smash ball again.... NOT hit Marth this time and to make Ike not glow again, and did another "not equal" compare type.... and then a few "equal" comparison dumps...
I'm assuming by this point that you understand my method....
I narrowed it down to about 90 codes and started poking (don't ask me why, I dunno why I didn't narrow it down further...)
After I poked each time, I pressed the taunt button (without hitting Marth) to see if the Final Smash animation for Ike had its effects in contrast to the "Holy Aether" (His sword effects are "white" instead of Flames and the "energy waves" during each slash)
After a few times... the regular attacks didn't have their "effects".... I considered this "progress"....
After a few pokes, it froze when I tried to test it with the taunt.... it had a value of "0000" before....
Reset the Wii... started again...
And when I did the method... Different Addresses... so I assume I will need pointers or something.....
Did the same method.... This time, narrowed down to 21 codes Froze again....
Attempt #3
I notice that the ones that freeze me seem to have the same value of "0000" before Ike's Final Smash effects are loaded....
Same method.... narrowed down to 21 codes... seems strange that I ended up with the same number..... Hmm..... Saved the search....
I notice that there's a group of addresses near each other... also starting with a value of "0000" before Ike's FS data is loaded....
I use a breakpoint (never used it before).... and set it so that everytime it writes to one of them.... that it pauses....
Well whaddya know.... It pauses the game right as the smash ball is broken...
Progress...
I poke... and freeze....
Here's the picture of the saved search of the 21 addresses:
[spoiler](http://i22.photobucket.com/albums/b336/shadowofchaos725/13655656.jpg)
(http://i22.photobucket.com/albums/b336/shadowofchaos725/13654876.jpg)[/spoiler]
You see what I mean by them being "next to each other"? I seriously think they're related to each other somehow when it comes to the "Effects" issue....
Now my question is... where do I go from here?
I don't think a code like that could be done with a simple RAM write.
maybe ASM but to me it just feels impossible.
gl tho
Quote from: hetoan2 on December 21, 2008, 12:51:05 PM
I don't think a code like that could be done with a simple RAM write.
maybe ASM but to me it just feels impossible.
gl tho
Somehow, I knew someone would say that ASM is needed here....
Well, time to get reading...
(Btw, sorry for double posting... but I didn't want to start a whole new thread on the same issue...)
Well, since I have another day to get studying on this stuff after Final Exams have been over and all the other stuff out of the way...
I've got some work to do with this...
I've changed my method and I'm not using the code for forcing the Final Smash Animation to test a poke in the memory... From what I've seen in the many failed attempts and poking the memory dumps to a freeze... it might seem that the animations for the final smash might be contained in more than just a single address... I had a "Duh" moment there it seems...
As it is now, I don't have any hope of being able to do this...
As, beyond pointers and the codetypes, I don't have any experience with ASM... I've been reading up on it the last time I was doing the memory dumps...
I got some part of it down, however, I'm having a little direction trouble...
With the breakpoints, do the windows show the instructions that ran in that instant on the registers? And are those registers with zeroes ones not used in that situation? Could those be used in ASM to be able to store information if there's empty space on RAM... For example, like the effects that the game loads whenever the character starts to glow, and then when the "effects" are no longer needed?
Here's the screenshots of the breakpoints... I just need clarification on how to use this tool...
[spoiler](http://i22.photobucket.com/albums/b336/shadowofchaos725/26971434.jpg)
(http://i22.photobucket.com/albums/b336/shadowofchaos725/26943026.jpg)[/spoiler]
Those are just a few screenshots just to get the "jist" of it enyway...
I will be reading up on ASM again before making any more moves... however, can anyone point me the way to understanding the Breakpoints screen and the purpose of the "Disassembler"? (I've been wondering for a while what that does...)
Quote from: shadowofchaos on January 19, 2009, 10:17:01 AM
With the breakpoints, do the windows show the instructions that ran in that instant on the registers?
Yes
Quote from: shadowofchaos on January 19, 2009, 10:17:01 AM
And are those registers with zeroes ones not used in that situation? Could those be used in ASM to be able to store information if there's empty space on RAM...
Zeros are often empty/unused/free registers. However sometimes it might be wanted to store a 0 in memory. Like for counters.. those initialize with 0 and count up. Counters are most likely stored in registers too!
Quote from: shadowofchaos on January 19, 2009, 10:17:01 AM
Here's the screenshots of the breakpoints... I just need clarification on how to use this tool...
The upper part shows you the registers (rXX = integer register, fXX = floating point) as you correctly guessed. The lower part shows you the assembly instruction which hit the breakpoint. Additionally it shows some of the following instructions!
I suppose this may not be the most appropriate place to ask this, but I figure it isn't worth a whole thread and it'll end up being relevant here anyways: Is there a completely comprehensive list of the ASM codetypes available? I know of http://class.ee.iastate.edu/cpre211/labs/quickrefPPC.html (http://class.ee.iastate.edu/cpre211/labs/quickrefPPC.html) and http://www.pds.twi.tudelft.nl/vakken/in101/labcourse/instruction-set/ (http://www.pds.twi.tudelft.nl/vakken/in101/labcourse/instruction-set/), but every now and then I'll stumble across an unknown thing that won't show up on them, and it's really quite vexing.
Also, does the Breakpoint viewer show a PO/BA? Are those run by Brawl or are they part of the Code Handler? If the latter, are they stored somewhere in memory?
From the way I was thinking about this... I really can't tell whether it's a 16 bit value for the effects, or 32-bit, or both... Breakpoints all break when it comes to the last 32-60 addresses that come up when I do the dumps...
I kind of don't know where to go from here...
As from the testing I've done, the effects seem to be for everyone as soon as it's loaded... to test, I did 1 Ike and 2 Links... I had one of the Links get the smash ball, while the other one do his final smash animation with the code in the first post... The Link that did the Final Smash had the effect...
From the breakpoints that I've been doing... I still believe that we can load at least two final smash animations at once... that is, if I get some help from an experienced hacker...
Anyway, moving on... I did the memory viewer with auto refresh on... and the values that all come up when someone gets the smash ball ONLY changes when someone does so... and the values are also different depending on who gets it...
The problem is... to find a pointer, the two different instances of the same thing, must have the same value yes? Well, it seems that in all the dumps I have, no two addresses from different dumps have any of the same value for the same character's loaded final smash...
Hmm.. maybe I should do an unknown value dump and find a value for when a final smash loads... and then do a specific value search for the second dump?
Problem is that when you narrow your searches down its most likely that all these addresses will cause a breakpoint anyway, i can tell you from my experience that these kind of effects on the characters ingame will most likely be within the 81 range.
These are two "special codes" for PAL that ive come across when searching for move addresses.
Quote
Rob LED Always On (P1) [Fred]
0527231B 0000000C
Lucario Fake Blink (P1) [Fred]
0527E438 80F9F33C
These are regular moveset "effects" found from starting with a not equal search when a game starts and narrowing down with "greater than" and less than when doing the move (greater than untill it ends) and less than after its over. This should give you certain effects like those posted above and i would suggest to test this for easy effect with a easy RAM search and then try onto the final smashes.
Remember that doing the opposite kind of search might also reveal some hidden features.
ASM will truely let you go into more advanced type of codes for sure, but sometimes its as easy as a poke in a certain address.
These effects will can actually be as simple as a 8bit code to a 32bit code, even sometimes a 1(on) and 0(off) kind of thing.
Quote from: Fred on January 20, 2009, 12:17:58 AM
Problem is that when you narrow your searches down its most likely that all these addresses will cause a breakpoint anyway, i can tell you from my experience that these kind of effects on the characters ingame will most likely be within the 81 range.
These are two "special codes" for PAL that ive come across when searching for move addresses.
Quote
Rob LED Always On (P1) [Fred]
0527231B 0000000C
Lucario Fake Blink (P1) [Fred]
0527E438 80F9F33C
These are regular moveset "effects" found from starting with a not equal search when a game starts and narrowing down with "greater than" and less than when doing the move (greater than untill it ends) and less than after its over. This should give you certain effects like those posted above and i would suggest to test this for easy effect with a easy RAM search and then try onto the final smashes.
Remember that doing the opposite kind of search might also reveal some hidden features.
ASM will truely let you go into more advanced type of codes for sure, but sometimes its as easy as a poke in a certain address.
These effects will can actually be as simple as a 8bit code to a 32bit code, even sometimes a 1(on) and 0(off) kind of thing.
Thank you very much for the advice.... (Btw, I dunno why, but you don't have a "Thank Post" button for me to thank you, or is it that these forums have a "one thank you per day" thing?)
Hmmm... so... I could be looking at the wrong place completely by doing the equal, not equal method I've been doing?
I don't understand the greater than, less than search though... as doesn't the Final Smash effects get loaded onto memory for that character once they get the smash ball or "get the final smash standby" mode when I taunt with Phantom Wing's code on?
I've been trying to look at this from another perspective ever since I saw that Link's Final Smash worked with effects without being on "standby" mode...
Edit: Question... if different characters overwrite each other's effects when another person gets a final smash, is it safe to assume that it won't be character specific effects?
Edit #2: I think I'm confident that it's a 16-bit value... I had Phantom Wing's Smash Ball Activator and the Taunt to get a final smash code on....
On the memory viewer, I had 3 addresses of particular interest... I looked at them with Auto Refresh on... and it seems that the addresses changed whenever someone started to glow... and even changed to different values as the final smash "effects" are supposedly loaded and "released".....
A more interesting thing... whenever someone else got the Final Smash while the first character was still glowing... Two of the addresses stayed the same (as if a "yes or no" value) while one changed depending on the character who got it... I took a screenshot of the three of particualr interest... however, when I poked at the last one that changed according to the character who's final smash effects are supposedly loaded... It's a freeze... goodness man.. the obstacles never cease... but that's why this is a challenge that I refuse to give up on!!! Another day will be ahead for me to attempt another hack!!!!
If there's any more advice someone can give me... I appreciate it!!! I'll continue this when I have the time again... I say "Thank you!!!" to the whole WiiRD community!!!
Quote from: shadowofchaos on January 20, 2009, 12:44:52 AM
Thank you very much for the advice.... (Btw, I dunno why, but you don't have a "Thank Post" button for me to thank you, or is it that these forums have a "one thank you per day" thing?)
Hmmm... so... I could be looking at the wrong place completely by doing the equal, not equal method I've been doing?
I don't understand the greater than, less than search though... as doesn't the Final Smash effects get loaded onto memory for that character once they get the smash ball or "get the final smash standby" mode when I taunt with Phantom Wing's code on?
I've been trying to look at this from another perspective ever since I saw that Link's Final Smash worked with effects without being on "standby" mode...
Edit: Question... if different characters overwrite each other's effects when another person gets a final smash, is it safe to assume that it won't be character specific effects?
Edit #2: I think I'm confident that it's a 16-bit value... I had Phantom Wing's Smash Ball Activator and the Taunt to get a final smash code on....
On the memory viewer, I had 3 addresses of particular interest... I looked at them with Auto Refresh on... and it seems that the addresses changed whenever someone started to glow... and even changed to different values as the final smash "effects" are supposedly loaded and "released".....
A more interesting thing... whenever someone else got the Final Smash while the first character was still glowing... Two of the addresses stayed the same (as if a "yes or no" value) while one changed depending on the character who got it... I took a screenshot of the three of particualr interest... however, when I poked at the last one that changed according to the character who's final smash effects are supposedly loaded... It's a freeze... goodness man.. the obstacles never cease... but that's why this is a challenge that I refuse to give up on!!! Another day will be ahead for me to attempt another hack!!!!
If there's any more advice someone can give me... I appreciate it!!! I'll continue this when I have the time again... I say "Thank you!!!" to the whole WiiRD community!!!
As for greater than and less than its as simple as thinking about the value going up, lets say that either you start from zero and go up, lets say 0A this would be a value to search "greater than" for. And when these things has been used up most codes would return to zero "0" or less than.
As for question "edit" one... so far in my RAM hacking experience with brawl these codes have their own memory for each character or a memory that addresses all at once (same with Players, some can work for all and others must be addressed for each one), but this varies final smash glowing could be within the same memory range or not for each characters. Popo and Nana must have some kind of other memory range as far as i am concerned. Can't really tell you more, i am not familiar with hacking the final smashes.
As for edit 2, you shouldnt always be confident that its a 16bit code, sure it can be one but those you mentioned is following in a trend of activators.
If the address changes constantly it might be the colour fs glow thats being changed, wild guess.
If you are starting off with this hack i would advice to search for other codes and try to understand how some codes follows up the same "trend", hack with different methodes and maybe you'll find some codes you didnt even expect to find!
Quote from: Fred on January 20, 2009, 04:12:33 PM
As for greater than and less than its as simple as thinking about the value going up, lets say that either you start from zero and go up, lets say 0A this would be a value to search "greater than" for. And when these things has been used up most codes would return to zero "0" or less than.
As for question "edit" one... so far in my RAM hacking experience with brawl these codes have their own memory for each character or a memory that addresses all at once (same with Players, some can work for all and others must be addressed for each one), but this varies final smash glowing could be within the same memory range or not for each characters. Popo and Nana must have some kind of other memory range as far as i am concerned. Can't really tell you more, i am not familiar with hacking the final smashes.
As for edit 2, you shouldnt always be confident that its a 16bit code, sure it can be one but those you mentioned is following in a trend of activators.
If the address changes constantly it might be the colour fs glow thats being changed, wild guess.
If you are starting off with this hack i would advice to search for other codes and try to understand how some codes follows up the same "trend", hack with different methodes and maybe you'll find some codes you didnt even expect to find!
Hmm... Thank you again for helping me with this... I don't really have the time to attempt to hack again today... but you're advice is very helpful and I appreciate it!!!
Edit: I still can't see a "Thank you" Button on your post... DX
Quote from: shadowofchaos on January 21, 2009, 01:00:26 AM
I still can't see a "Thank you" Button on your post... DX
Thats because you can only thank once per thread
or it's because of his theme. Babylon doesn't have it :|
Quote from: hetoan2 on January 21, 2009, 10:05:23 PM
or it's because of his theme. Babylon doesn't have it :|
that because most packs are made for SMF default only :(
The data regarding who has a FS could be stored in a couple of locations (for example, once in the character's field saying "I have a final smash", and another elsewhere saying "X has a final smash). Creating an inconsistency by poking only one value could possibly cause a freeze.
I would suggest using Breakpoints of 'write' on the locations of interest to see if you can find the ASM code that prompts the change. That said it may well update every single cycle through memory even if it doesn't change.
Thanks you guys for all the helpful support!!!
I'm trying again today... Wish me luck!!!
Edit: Attempt today... I've decided that to understand how to figure this stuff out... I need to figure out what those ASM on the breakpoints mean...
I'm understanding more and more each time... however, I still need help while learning....
(I still have the game paused with WiiRD while watching TV)
Anyway... Here's the thing now....
Breakpoint set to "806299B3"
While I get the smashball.. it gets triggered... (btw, what's the significance if it doesn't trigger when I check "exact match"?)
I have these results....
Upper WindowCR : 44004088 XER : 20000000 CTR : 80046A24 DSIS: 02400000
DAR : 806299B0 SRR0: 80044964 SRR1: 0000B032 LR : 8004587C
r0 : 00000008 r1 : 805B4E60 r2 : 805A9320 r3 : 806299A8
r4 : 806292EC r5 : 00000007 r6 : 00000000 r7 : 00000080
r8 : 00000001 r9 : 00000000 r10 : 805B4E90 r11 : 805B4E90
r12 : 80046A24 r13 : 805A4420 r14 : 00000000 r15 : 00000000
r16 : 00000000 r17 : 00000000 r18 : 00000000 r19 : 00000000
r20 : 00000001 r21 : 43300000 r22 : 80000000 r23 : 00000000
r24 : 80629980 r25 : 00010000 r26 : 806292EC r27 : 8062F3E0
r28 : 00000000 r29 : 00000001 r30 : 80B84EE0 r31 : 00000000
f0 : 3F800000 f1 : 4101999A f2 : 4101999A f3 : 4101999A
f4 : 4101999A f5 : 43700000 f6 : 43A00000 f7 : 43A00000
f8 : C3700000 f9 : 4B7FFF58 f10 : 36397ED0 f11 : 3E088888
f12 : 3CB327A4 f13 : 3B6B6916 f14 : 00000000 f15 : 00000000
f16 : 00000000 f17 : 00000000 f18 : 00000000 f19 : 00000000
f20 : 00000000 f21 : 00000000 f22 : 00000000 f23 : 00000000
f24 : 00000000 f25 : 00000000 f26 : 00000000 f27 : 3F7FA371
f28 : 59800004 f29 : 59800000 f30 : 3F800000 f31 : 426FC29F
Lower Window:80044964:
90030008 stw r0,8(r3)
80044968:
4E800020 blr
8004496C:
80A40000 lwz r5,0(r4)
80044970:
80C40004 lwz r6,4(r4)
80044974:
2C050000 cmpwi r5,0
80044978:
4182000C beq- 0x80044984
8004497C:
90C50004 stw r6,4(r5)
80044980:
48000008 b 0x80044988
80044984:
90C30004 stw r6,4(r3)
80044988:
2C060000 cmpwi r6,0
8004498C:
4182000C beq - 0x80044998
80044990:
90A60000 stw r5,0(r6)
80044994:
48000008 b 0x8004499c
80044998:
90A30000 stw r5,0(r3)
8004499C:
38000000 li r0,0
800449A0:
90040004 stw r0,4(r4)
*Wait... from the bolded part... it's the code that appears in the Assembly code itself in the form of what is injected in your own ASM instructions?
It says: Do not break on "80044964"...
My question is... How is that significant when it comes to ASM and the breakpoint?
To understand this... I've been looking at Black_Wolf's ASM tutorial on the Moonjump code...
From what I see from Dr. Pepper's posts about injection... If theoretically I was to inject an ASM code... it would be on "80044968"? If not, how would you determine where to inject the ASM code?
If my understanding of the lower window is incorrect,
PLEASE correct me...
80044964: 90030008 stw r0,8(r3) // Store the value in r0 into the address r3 is pointing to + 8
80044968: 4E800020 blr // End Program (Is this where you're able to inject the ASM?)
8004496C: 80A40000 lwz r5,0(r4) // Load the value in the address in r4 or the "word" (like if the value of the address is 0x00001234, it would load the "0x1234" into r5?)
80044970: 80C40004 lwz r6,4(r4) // Load the value in the address in r4 of the "word" + 4?
80044974: 2C050000 cmpwi r5,0 // Subtracts 0 from r5 to confirm?
80044978: 4182000C beq- 0x80044984 // Branch to this value (Address?) if equal? What's the "-" for then?
8004497C: 90C50004 stw r6,4(r5) // load the word from r6 into the address in r5 + 4?
80044980: 48000008 b 0x80044988 // Branch to this address? (Go to this address?)
80044984: 90C30004 stw r6,4(r3) //Store the word from r6 into the "address" in r3 + 4?
80044988: 2C060000 cmpwi r6,0 // Confirm by subracting zero to compare...
8004498C: 4182000C beq - 0x80044998 //... and branch to address if they are equal
80044990: 90A60000 stw r5,0(r6) //store the word value from r5 into the address pointed to by r6
80044994: 48000008 b 0x8004499c // branch always to address
80044998: 90A30000 stw r5,0(r3) //store word from r5 into the address in r3
8004499C: 38000000 li r0,0 // load immediately the value "0" in r0
800449A0: 90040004 stw r0,4(r4) // store the value from r0 to the address in r4 + 4
Edit #2: Does "Branch" mean "go to"? and the "Branch to link register" from the PowerPC tutorial is always at the end of the code in the tutorial... I don't see it in ASM code here though... is it because the end of the codes always go back to the original code assembly instructions after it's injected?
I'm just trying to make sense of this as I'm looking at the concepts... not necessarily this being the key to it all... My question is... did I understand the instructions right?
Edit #3: From my guess... the "bne -" that I was wondering about is causing the code to "recheck" by redoing the operation to compare by subracting a zero? "bne" and then - or + would cause shift one line in either direction and a more specific value would be like what Black_Wolf did was to skip three lines in his moon jump code by putting in "bne +0x12".... But wait... doesn't HEX for lines go in 4's... and therefore would be "bne +0x0C"?
Quote from: Black_Wolf on October 10, 2008, 09:55:13 AM
-co-ordinates are at 0x80CC4584
-controller address is at 0x80496AC0
-The button we want to activate has a value of 0x00000200
-We want to add 0x004C to the Z Co-ords
- We are injecting our routine at the address 0x804568C8
lis r0, 0x8049 //Loads first 2 bytes of Control address
lwz r1, 0x6AC0(r0) //Loads the full value of the control address into r1
li r2, 0x00000200 //Loads the value for the button we want to be the activator into r2
lis r3, 0x80CC //Loads first 2 bytes of co-ords
lwz r4, 0x4584(r3) //Loads the full value of the z-co-ords into r4
li r5, 0x0000004C //Loads the value we want to add to co-ords (jump speed) into r5
cmpw r1, r2 //Compares the BUTTON value and the CONTROLLER address (check if we are holding our activator or not)
bne +0x12 //If we are NOT holding the button activator, jump to the end i.e cancel
add r6, r4, r5 // If we ARE, add 0x004C to our z-co-ord value (increase our height)
stw r6, 0x4584(r3) //Store the modified co-ords back to their address!
And thats pretty much it lol. In theory this should increase our height if holding a button, therefore "jumping" into the air. Now there might be some mistakes in the above routine, I'm very new to this type of asm, I'm good at mips but some of the syntaxes are very confusing, so bear with me if there some errors. This should however, give you a fair idea of how its done.
This is exactly how my ASM program looked:
(http://img129.imageshack.us/img129/1983/asmea1.th.png) (http://img129.imageshack.us/my.php?image=asmea1.png)(http://img129.imageshack.us/images/thpix.gif) (http://g.imageshack.us/thpix.php)
Edit #4: Hmm... when I look at this... I'm feeling like the values on here with the addresses might have the instructions that "activate" the final smashes?
I might want to inject a similar code in ASM for Final Smash effects?
Edit #5: Hmm... When I get the smash ball with link on the same address set to a breakpoint... I get this screen....
Upper Window of Breakpoint:CR : 88004088 XER : 20000000 CTR : 0000000D DSIS: 02400000
DAR : 806299B0 SRR0: 800449B0 SRR1: 0000B032 LR : 80045F70
r0 : 00000007 r1 : 805B4CF0 r2 : 805A9320 r3 : 806299A8
r4 : 00000008 r5 : 00000000 r6 : 80628B98 r7 : 00000053
r8 : 00000914 r9 : 80627DD0 r10 : F0000000 r11 : 805B4D10
r12 : 8084FCC8 r13 : 805A4420 r14 : 00000000 r15 : 00000000
r16 : 00000000 r17 : 00000000 r18 : 00000000 r19 : 00000000
r20 : 00000001 r21 : 80624810 r22 : 80000000 r23 : 80AD7E40
r24 : 80627920 r25 : 00000022 r26 : 00000000 r27 : 00000000
r28 : 0000000C r29 : 80629980 r30 : 00000000 r31 : 80629324
f0 : 3D8F5C29 f1 : 42480000 f2 : 4179BF28 f3 : 418212C7
f4 : 4221F01F f5 : 42193A11 f6 : 410745FA f7 : 3F266666
f8 : 00000000 f9 : 3E689917 f10 : BE1ACA6D f11 : 3F734C91
f12 : BF6F8E7F f13 : 3E28C16C f14 : 00000000 f15 : 00000000
f16 : 00000000 f17 : 00000000 f18 : 00000000 f19 : 00000000
f20 : 00000000 f21 : 00000000 f22 : 00000000 f23 : 00000000
f24 : 00000000 f25 : 00000000 f26 : 00000000 f27 : 3F7EB1BC
f28 : 59800004 f29 : 42480000 f30 : 42480000 f31 : 00000000
Upper Window of Breakpoint800449B0: 90030008 stw r0,8(r3)
800449B4: 4E800020 blr
800449B8: 80030008 lwz r0,8(r3)
800449BC: 2C000000 cmpwi r0,0
800449C0: 4182002C beq- 0x800449ec
800449C4: 80C30000 lwz r6,0(r3)
800449C8: 38A00000 li r5,0
800449CC: 48000018 b 0x800449e4
800449D0: 7C062040 cmplw r6,r4
800449D4: 40820008 bne- 0x800449dc
800449D8: 48000018 b 0x800449f0
800449DC: 80C60000 lwz r6,0(r6)
800449E0: 38A50001 addi r5,r5,1
800449E4: 2C060000 cmpwi r6,0
800449E8: 4082FFE8 bne+ 0x800449d0
800449EC: 38A0FFFF li r5,-1
Hmmm.... Looks very similar....
From what I can tell.. all the values that "change" when I get a final smash... the addresses are all pointed to by the assembly instructions...
Anyone have any suggestions on what I shoud do next?
Edit #6: At least someone can call this "progress"... XD
That's almost correct, but blr does not mean end program.
blr is branch to link register, it branches to the address in LR
The last 8 characters of an ASM code must always be 00000000. This is because the code handler will put in a line to branch back to just after where you put your branch in.
Thus, branching at a BLR isn't necessary. However, I personally find it more 'neat' to do it at a BLR whenever possible. It just feels more appropriate.
I would advise setting a break (Execute) about 0x10 earlier, to view what is actually going on. All you're seeing is the line which writes to the location - it could be useful to find out how that information is gotten.
That said, I'm not certain how you plan to achieve your final goal with this.
You can use the step function to see what happens.
Ouch... It's from Phantom Wings himself...
My hopes just got shut down...
Quote from: Phantom Wings from GSCentral BoardsAllow Multiple Final Smashes:
Not possible unfortunately - unless someone supplies a method of being able to rapidly re-allocate memory that is read from the disk... When someone collects a smash ball, a file is read from the disk which goes something like Fit<character>Final.pac... This file provides everything needed for the final smashes, and because there's expected to only be able to have one FS at a time, there is only enough space set aside for a single file. When a second smash ball is collected, the original get's overwritten - while it's still being used... Keep in mind that many of the FS effects are crucial to the complete FS working(Landmaster, Darkbeast Ganon, etc.) so removing the need for the file itself is also out of the question...
Hmm... Although I'm not gonna give up that easily...
I'm gonna keep trying... no matter what...
He is right, i had this problem when i was doing my FS texture hacks.
The FS effects file(for link its, ef_FinLink.pac) is only loaded when link gets a smash ball, so i had to load it at that exact instant.
(http://elitesmashhackers.files.wordpress.com/2009/01/super-smash-brothers-brawl-na_0351.jpg)
Quote from: Igglyboo on January 25, 2009, 02:09:41 PM
He is right, i had this problem when i was doing my FS texture hacks.
The FS effects file(for link its, ef_FinLink.pac) is only loaded when link gets a smash ball, so i had to load it at that exact instant.
Well... I guess I'll just have to settle for the other codes I want to do then... XD
Thank you for all the support that you guys have given me!!!
Although it's deemed "impossible" right now... I'm still holding on to the hope that someone is able to find space to re-allocate that memory to be able to at least load two files...
You guys have been great!!!
Wow, I didn't realize how much work you've put into trying to make this work. You've put a lot of effort into this... Try not to think to badly about how this project turned out, at least you learned a lot from it. It took many of these kind of failures to finally get to where I'm currently at.
There's always the chance that you could return to this project later. Lately I've been working on an uploader system that can upload files directly from the SD card at runtime. If there was a space in memory that's large enough to hold a complete FS.pac file, then it may be possible to have one Final Smash always loaded in one section while another Final Smash is loaded in the standard dynamic location. So that could be an option for the future.
I don't think it works like that but I might be wrong.
I have edited the FS textures and the FS effects textures(i.e, kirby's pot would be the FS and the fire would be an effect).
I haven't seen anything that looks like that glow in either of them.
It could be a lighting type thing that is handled by the game, like the trippy colors code i made(which just fucked up RGB triplets).
Yeah, I've been able to conjure the glowing aura at any time, so I think it's generated as part of the standard effects that are granted at the start of the match - the rest of the final smash though, appears to be restricted to it's .pac file.
Quote from: Phantom Wings on January 26, 2009, 04:09:24 AM
There's always the chance that you could return to this project later. Lately I've been working on an uploader system that can upload files directly from the SD card at runtime. If there was a space in memory that's large enough to hold a complete FS.pac file, then it may be possible to have one Final Smash always loaded in one section while another Final Smash is loaded in the standard dynamic location. So that could be an option for the future.
Dude... You really are one worthy of being worshipped by the Hacking community...
Thanks for the encouragement!!!
As, I've said in the first post... I really didn't expect for it to work fully, but I enjoyed gaining some knowledge on how this stuff actually works.... I used to think that this stuff could only be done by those people like Datel who had access to the most sophisticated stuff for hacking games... I want you guys to know that every bit of advice that was contributed to this is appreciated!!! I appreciate all the input and all the kindness for helping me start out!!!! Thank you people!!!
Hmm... with the SD upload feature you're working on... I'm assuming that's what you and Igglyboo are working on as a method for Texture hacks right?
Edit: Btw, I'm wondering... what method of an unknown value search was used to get the address at which the Final Smash Effects .pac file is loaded at? You guys don't need to answer as this "project" is closed until there's another method to do this... lol
Well, the texture method is done, we are just waiting for gecko 2.0 to be released.
But the SD upload method PW is working on will be much better than what we have now.
Quote from: Igglyboo on January 27, 2009, 03:03:16 AM
Well, the texture method is done, we are just waiting for gecko 2.0 to be released.
But the SD upload method PW is working on will be much better than what we have now.
You guys are the Greatest!!!
Replay value for games skyrocket because of guys like you!!!
Quote from: shadowofchaos on January 27, 2009, 02:40:14 AM
Edit: Btw, I'm wondering... what method of an unknown value search was used to get the address at which the Final Smash Effects .pac file is loaded at? You guys don't need to answer as this "project" is closed until there's another method to do this... lol
I don't know, but I think they searched in the Memory Viewer for the ASCII text ".pac".
Just a wild guess (http://i108.photobucket.com/albums/n31/Romaap/cf1a750f.jpg)
That wont work
The .pac is not in memory, that is just the extension on the FST.
but you did search for ASCII in memory viewer, right?