WiiRd forum

Codes in MEM2 Help
I have alot of  codes i have found in mem2 and they works if i poke them.
even when i delete my save and start a new save they all still work.
I can not find any codes in mem1 so i started in mem2.
my problem is how do i convert it to work in Wiird gct. so i donot have to poke all the time.
I will not release this code as it is in mem2.
Its for me only.. hehehe
One off the codes 91D27EDO OOOOOO63
:confused

Quote from: memorris;5877Codes in MEM2 Help
I have alot of  codes i have found in mem2 and they works if i poke them.
even when i delete my save and start a new save they all still work.
I can not find any codes in mem1 so i started in mem2.
my problem is how do i convert it to work in Wiird gct. so i donot have to poke all the time.
I will not release this code as it is in mem2.
Its for me only.. hehehe
One off the codes 91D27EDO OOOOOO63
:confused

I think there are some mem2 codes posted for some games,you may want to look at those to get an idea of the code format..I think Fire Emblem used Mem2 codes....but I am not sure about that....

I've also just found a code for a game that stores a value at the address 91BEEBB4

How would I create a gct code that writes to it?

04BEEBB4 would write to the 80 range I presume?

4A000000 91000000
14BEEBB4 xxxxxxxx
E0000000 80008000 should work. (4A sets the Po to 91000000, 14 writes xxxxxxxx to the Po + the rest of the 14 part, and E0000000 80008000 resets the Po to 80)

Thanks for the help, Full Metal Kirby,It works,
 I appreciate it.:)Thank you.

yes you just have to think about the base address (ba) or pointer (po), they both always default to 80000000 and you can relocate these anywhere you like, be it mem1 or mem2.

The E0000000 code is a 'Full Terminator' code which will reset (ba) and (po) back to 80000000

glad it worked out. :)

Mem1 and Mem2 can be both used for code or data, but more than often Mem2 will be used for frame buffer, graphics and more than often 'variables' so even if the game code is running in Mem1 the location its pointing to or using can be anywhere. This is why sometimes codes need writes into Mem2.

If you set a read and write breakpoint on your Mem2 address when it halts, you can see in the disassembly where the code is running from in Mem1.

For the terminator thing:

I recommend all code hackers to really add the terminator after every code which changed the ba or pointer. Conisidering most codes are still in the MEM1 area: if there are codes missing the terminator it might be that simple codes do not work anymore because they interfere with codes which never used the terminated. These codes would always have to 4A to 80000000.

or if you want to be sure, couldn't you simply add the terminator to the top of your own code as well?

I realise I'm posting on what I'm doing a lot but I simply want to learn and the sooner I do the sooner I can stop posting and help someone else ;)

I am playing with Wii Sports and the Boxing Training where you have to punch the bag as many times as you can in 60 seconds

I set my break point at 91BEEBB4 and as soon as destroy the bag the game breaks and get this:

CR  : 28004088  XER : 20000000  CTR : 80072BEC  DSIS: 02400000
DAR : 91BEEBB4  SRR0: 802EA8DC  SRR1: 0000B032  LR  : 802EA8C8
r0  : 00000014  r1  : 80505838  r2  : 804F6C60  r3  : 00000000
r4  : 920B2048  r5  : 00000038  r6  : 0000000B  r7  : 920B2048
r8  : 0061D001  r9  : 000004B0  r10 : 00000008  r11 : 80505838
r12 : 80072BEC  r13 : 804F46A0  r14 : 00000000  r15 : 00000000
r16 : 00000000  r17 : 00000000  r18 : 00000000  r19 : 00000000
r20 : 00000000  r21 : 00000000  r22 : 00000000  r23 : 00000000
r24 : 00000009  r25 : 00000008  r26 : 91BEEB04  r27 : 00000008
r28 : 00000000  r29 : 00000004  r30 : 0000000C  r31 : 00000010


r27 is the score, on screen I have 7 and its about to become 8. I have checked this and watched is slowly go up.

I've been trying to research assembler language now to work out what everything is doing.

802EA8DC:  937A00B0   stw   r27,176(r26) <-- is this storing a modified r26 in r27?
802EA8E0:  901A0018   stw   r0,24(r26)
802EA8E4:  801A00B4   lwz   r0,180(r26)
802EA8E8:  7C00D800   cmpw   r0,r27 <-- this compares r0 with r27?
802EA8EC:  418200B0   beq-   0x802ea99c
802EA8F0:  2C1C0000   cmpwi   r28,0
802EA8F4:  418200A8   beq-   0x802ea99c
802EA8F8:  809A0008   lwz   r4,8(r26)
802EA8FC:  57BF13BA   rlwinm   r31,r29,2,14,29
802EA900:  807A0004   lwz   r3,4(r26)
802EA904:  7C84F82E   lwzx   r4,r4,r31
802EA908:  4BE7D549   bl   0x80167e50
802EA90C:  807A0008   lwz   r3,8(r26)
802EA910:  3C004330   lis   r0,17200
802EA914:  90010008   stw   r0,8(r1)
802EA918:  38C00000   li   r6,0

Apologies if this is copyright and shouldn't be posted publicly, don't want to cause problems.

Quote from: Panda On Smack;6096I realise I'm posting on what I'm doing a lot but I simply want to learn and the sooner I do the sooner I can stop posting and help someone else ;)

802EA8DC:  937A00B0   stw   r27,176(r26) <-- is this storing a modified r26 in r27?
802EA8E0:  901A0018   stw   r0,24(r26)
802EA8E4:  801A00B4   lwz   r0,180(r26)
802EA8E8:  7C00D800   cmpw   r0,r27 <-- this compares r0 with r27?

the word in register 27 is going to be stored at [r26]+0xB0
...
r0 gets a word loaded (+zeroed) from [r26]+0xB4 so 4 bytes above where your new score went and then compared with r27 which is your to be score

simple way of looking at that is storing goes from left to right, loading is right to left

Thanks for you help. Can you point me a bit closer as to what to look for please?

r26 = 91BEEB04 so that + 0xB0 = 91BEEBB4 which is my initial address

Not sure about the next line?

ta

Anyone? Still don't know what to do next. :(

Also, where can I learn what stw, lwz, cmpw and the other mean please?

Ta

Sorry but I don't understand what you're trying to do...?

Full Metal Kirby showed you the code :
4A000000 91000000
14BEEBB4 xxxxxxxx
E0000000 80008000

And if you wanna learn asm, you can check :
http://hpcf.nersc.gov/vendor_docs/ibm/asm/alangref02.htm#wq2793 (http://hpcf.nersc.gov/vendor_docs/ibm/asm/alangref02.htm#wq2793)
http://class.ee.iastate.edu/cpre211/labs/quickrefPPC.html (http://class.ee.iastate.edu/cpre211/labs/quickrefPPC.html)
http://www.freescale.com/files/product/doc/MPCFPE32B.pdf (http://www.freescale.com/files/product/doc/MPCFPE32B.pdf)


(and also here if you wanna start write your asm :
http://www.ibm.com/chips/techlib/techlib.nsf/techdocs/852569B20050FF77852569970071B0D6/$file/eabi_app.pdf (http://www.ibm.com/chips/techlib/techlib.nsf/techdocs/852569B20050FF77852569970071B0D6/$file/eabi_app.pdf))


Oh, and :
802EA8DC: 937A00B0 stw r27,176(r26) <-- Stores R27 at [R26 + 0xB0]
802EA8E0: 901A0018 stw r0,24(r26) <- Stores R0 à [R26 + 0x18]
802EA8E4: 801A00B4 lwz r0,180(r26) <- R0 = [R26+0xB4]
802EA8E8: 7C00D800 cmpw r0,r27 <-- Compares R0 and R27
802EA8EC: 418200B0 beq- 0x802ea99c <- If R0==R27 jump to 0x802EA99C
802EA8F0: 2C1C0000 cmpwi r28,0 <- Compares R28 and 0x0
802EA8F4: 418200A8 beq- 0x802ea99c <- If R28 == 0x0 jump to 0x802EA99C

(as R28==0 in your case, the next instruction to be executed is at 0x802EA99C).

Thanks, what I'm saying is that code doesn't work. When you poke 91BEEBB4 the score bounces like its about to change but it doesn't so that's why i set it as a breakpoint to try and see whats happening. I tried using that code to write a constant hex value to the address but the score doesn't change. I'm trying to work out where/how the score is being updated.

Thanks for the other info

When you found the code you only poke one code you can have more than one you now.
4A000000 91000000
14BEEBB4 001e0000
14c00740 001e0000
E0000000 80008000

Panda On Smack  you can have this code if its any good lol
by the way the score is at 30.This score is only when you are playing.On screen score not the actual score.

4A000000 91000000
14b6a7fc 001e0000
14a1e1fc 001e0000
E0000000 80008000
You can have this one two hehe.
One thing this code is a On screen score when you finish but not the score.lol
I do not want credit for them you have them i have enough codes up for Pal at the moment you re turn now.
I hope this helps you out.
Good luck Panda On Smack.

Don forget to test them you will see what i mean.

yeah memorris is exactly right, in many games, there is an adress for the ON SCEEN score, and an addresses for the ACTUAL score (one generally leads to the other though, if you follow the code). Poking the on screen address, will simply make it FLASH to what you poked, and then flash back, because obviously there is a line of code that says

On Screen Score = Real Score

So changing the on screen without changing the real one won't do anything

Thanks guys, so how do I find the actual score? ;)

I want to understand what is happening so i dont have to pester people everytime :)

How did you find these addresses:

14c00740 001e0000
14b6a7fc 001e0000
14a1e1fc 001e0000

Cheers!

It was a long time ago when i done this game.
I Just held back with them because i was unsure about mem2
I wood give you the code but that is no fun for you but i will
not put it up.I have some codes up at the moment.
Plus i am learning other things to.Like c++ and ASM.
But it is a code which does not change until you have finished boxing.
So you have to what until the match is finished to see if you have the right code(not a on screen code)
So you will not see if the code has worked until the end.
The 1st code i found searching when i was boxing.
the 2nd and 3rd code when the score is up at the end where it gives the medals.
If you alter this codes
where it give you the score at the end the score dose not go up or down.You can alter it before you finish
and it will change.Some codes do not Chang until you finish but have to be poke before you finish.
I hope this help you.:)

:mad:    I hate spell checker...........:mad:

forget it just found my answer in another post