hi...
I've tried around to make a infinty ammo code for resident evil 4 with more intructions.
so my idea:
first load into address and then change value with branch...
but yep here are my original instructions:
bp write:
80035F88 subi r0,r3,1
80035F94 sth r4,8(r31)
bp read:
80036430 lhz r0,8(r31)
so my idea:
80035F88 38030001 <--addi r0,r3,1
80035F94 60000000 <-- nop
80036430 A25F0002 <-- lhz r18,8(r31)
code:
lis r12,0x8003 <-- load into address 80035F88
ori r12,12,0x5F88
lwz r12,0(r12)
lis r12,0x3803 <--- write value 38030001 (addi r0,r3,1)
ori r12,r12,0x0001
stw r12,0(r12)
addi r0,r3,1
beq- THE_END <--- branch
lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop)
ori r12,r12,0x0000
stw r12,0(r12)
beq- THE_END <--- branch
lis r12,0x8003 <--- load into address 80036430
ori r12,12,0x6430
lwz r12,0(r12)
lis r12,0xA25F <-- write value lhz r18,2(r31) (A25F0002)
ori r12,r12,0x0002
stw r12,0(r12)
THE_END:
lhz r18,8(r31)
assembly:
C2035F88 0000000C
3D808003 618C5F88
818C0000 3D803803
618C0001 918C0000
38030001 41820038
3D808003 618C5F94
818C0000 3D806000
618C0000 918C0000
4182001C 3D808003
618C643C 818C0000
3D80A25F 618C0002
918C0000 A25F0002
60000000 00000000
the game doesn't freez by apply but by shoting.
dcx2 I hope now you can see, how I suck.
thanks for any help
btw I think it's by THE END branch.
I should write a step by step branch but I've no idea how to do.
I think I see what you want to do, but I'm still confused. Your hook is at address 80035F88, and yet your code is over-writing that same address. That's going to be a problem.
It also looks like you don't understand how branching works. Branches skip over instructions.
beq- is a conditional branch. Sometimes it takes the branch, sometimes it doesn't. Whether or not the branch is taken depends on whether the equals bit of the CR is set - hence beq is Branch EQuals.
What is the condition for branching that you wanted? Was it your intent to skip those instructions? Because it seems like you want all of your instructions to execute every time.
---
That said, there are several other issues.
lis r12,0x8003 <-- load into address 80035F88
ori r12,12,0x5F88
lwz r12,0(r12)
At this point, r12 has the value it read from 80035F88. But, in the very next instruction, you over-write r12, so the value you just read is lost.
lis r12,0x3803 <--- write value 38030001 (addi r0,r3,1)
---
I don't know why you have an addi r0,r3,1 before the beq-
---
lis r12,0x6000 <-- write value 60000000 (nop)
ori r12,r12,0x0000
stw r12,0(r12)
This will write 0x60000000 to address 60000000. Does that seem wrong to you? (hint: there is no address 60000000).
ok sry I think, I didn't explained it right.
80035F94 sth r4,8(r31) <--- to nop (doesn't loose ammo)
80035F88 subi r0,r3,1 <--- to addi (add ammo) -- i know that make no sense, just a example code.
80036430 lhz r0,8(r31) <--- to lhz r18,8(r31) (load new ammo value) [148]
so you mean if I write every time r12, it will be overwritten?
and my branches are not the right branches?
a step by step branch.
lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)
Quote from: Deathwolf on August 05, 2010, 10:12:09 PM
so you mean if I write every time r12, it will be overwritten?
Correct. r12 can only have one value at a time in it. If you put something else in r12, you lose what was there already.
This fact forms the essence of "safe registers". Registers can only have one value. If you over-write an important value, you lose that value and the game will freeze.
If you need more registers, you can try r10. It is mostly safe, but not always.
Quote
and my branches are not the right branches?
a step by step branch.
lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)
I don't think you understand how branches work.
Do you ever use the Step button in wiird? Computers execute programs in order, one instruction after the other.
Instead of going to the _next_ instruction, a branch causes the computer to go to a totally different instruction. It is used to skip instructions.
Like a button activator. If the button is not pressed, we branch over the instructions that we don't want to execute.
yep I'll try these safe registers.
r0 safe
r1 Stack pointer
r2 Table of Contents (TOC) pointer
r3 safe
r4 not safe
r5 safe
r6 ba
r7 gr addresses
r8 code execution status
r9 safe
r10 safe
r11 safe
r12 safe
r13 not safe (reserved)
r14 safe
r15 code line address
r16 not used
r17 safe
r18 safe
r19 safe
r20 po
r21-r31 unknown
yes you are right.I've never use branchs and this is the first time I'll do this.
if you do something,activate code without a new C2 code via loading into address. (like button activator)
will this work the first time?
lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)
I want to execute all the same time!but
NO! DO NOT USE THOSE REGISTERS!
That is for the C0 code only! The author of the original post with those registers was looking through the code handler to see what is safe and what isn't.
No, that won't work.
lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz r12,0(r12) <--- over-writes the pointer in r12
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)
Try this instead.
lis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94
Quote from: dcx2 on August 05, 2010, 10:30:58 PM
NO! DO NOT USE THOSE REGISTERS!
That is for the C0 code only! The author of the original post with those registers was looking through the code handler to see what is safe and what isn't.
ohhh now it see O_O
is there another list for free registers?
lis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94
yes I understand now what you mean.
load address into r12.
write 60000000 into 10.
store nop into r10 and load into r12. ;D
Quote from: Deathwolf on August 05, 2010, 10:41:06 PM
is there another list for free registers?
There is no such thing as a list of safe registers for C2 codes. There never will be. The safety of a register for a C2 code depends ENTIRELY on the instructions around the C2 code.
You will need to read and understand "On the Safety of Registers" to find safe registers for C2. The best I can do is suggest r12, then r10, then r9. r12 is the safest, and will always work. r10 is the second safest...it will usually work, but not always. r9 is even less safe than r10, etc.
Quotelis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94
yes I understand now what you mean.
load address into r12.
write 60000000 into 10.
store nop into r10 and load into r12. ;D
load address into r12
load nop into r10
write r10 to the address in r12
Quote from: dcx2 on August 05, 2010, 10:51:55 PM
Quote from: Deathwolf on August 05, 2010, 10:41:06 PM
is there another list for free registers?
There is no such thing as a list of safe registers for C2 codes. There never will be. The safety of a register for a C2 code depends ENTIRELY on the instructions around the C2 code.
You will need to read and understand "On the Safety of Registers" to find safe registers for C2. The best I can do is suggest r12, then r10, then r9. r12 is the safest, and will always work. r10 is the second safest...it will usually work, but not always. r9 is even less safe than r10, etc.
Quotelis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94
yes I understand now what you mean.
load address into r12.
write 60000000 into 10.
store nop into r10 and load into r12. ;D
load address into r12
load nop into r10
write r10 to the address in r12
oh yes you are right...write r10 to the address in r12.
I'll try these registers.
thanks.
Remember. Prefer r12 first. Then prefer r10. Then r9. The registers get less safe as you go down.
just a example:
lis r12,0x8003
ori r12,r12,0x5F94
lis r10,0x6000
stw r10,0(r12)
lis r9,0x8003
ori r9,9,0x6430
lis r8,0xA25F
ori r8,r8,0x0002
stw r8,0(r9)
lis r7,0x8003
ori r7,7,0x5F88
lis r6,0x3803
ori r6,r6,0x0001
stw r6,0(r7)
code:
C2035F88 00000008
3D808003 618C5F94
3D406000 914C0000
3D208003 61296430
3D00A25F 61080002
91090000 3CE08003
60E75F88 3CC03803
60C60001 90C70000
60000000 00000000
Too many registers. Each register is less safe than the next. Only use r10 when you can't use r12. Only use r12 r9 when you can't use r12 or r10.
Remember, only r12 is always safe. Every other register might not be safe; you need to look at the instructions around the hook to determine safety. My suggestion for r10 is based on the fact that it's the least dangerous. But that does not mean it is safe.
You can re-use a register once you don't need the value anymore.
lis r12,0x8003
ori r12,r12,0x5F94
lis r10,0x6000
stw r10,0(r12)
lis r12,0x8003
ori r12,9,0x6430
lis r10,0xA25F
ori r10,r10,0x0002
stw r10,0(r12)
lis r12,0x8003
ori r12,7,0x5F88
lis r10,0x3803
ori r10,r10,0x0001
stw r10,0(r12)
at the first time, I was a little confussed lol but now I understand what you mean.
that's a nice way to do this!
thanks alot.
and for this I don't need any branches right?
Branches skip over instructions. Do you ever want to skip any of those instructions?
nvm load into address is enough :)
thanks alot dcx2
dcx2 I've tried your code but it still freez.
it want load into the first address but not in other.
your code:
lis r12,0x8003
ori r12,r12,0x5F94
lis r10,0x6000
stw r10,0(r12)
lis r12,0x8003
ori r12,9,0x6430
lis r10,0xA25F
ori r10,r10,0x0002
stw r10,0(r12)
lis r12,0x8003
ori r12,7,0x5F88
lis r10,0x3803
ori r10,r10,0x0001
stw r10,0(r12)
C2035F94 00000008
3D808003 618C5F94
3D406000 914C0000
3D808003 612C6430
3D40A25F 614A0002
914C0000 3D808003
60EC5F88 3D403803
614A0001 914C0000
60000000 00000000
maybe wrong registers?
hmm okay I've done another code:
C2035F88 00000008
3D808003 618C5F94
3D406000 914C0000
3D208003 61296430
3D00A25F 61080002
91090000 3CE08003
60E75F88 3CC03803
60C60001 90C70000
60000000 00000000
D2035F50 0000000A
40820014 7FC3F378
38800072 4BFFEF99
48000080 28000010
40820014 7FC3F378
38800011 4BFFEF81
48000068 A09F0008
548304FF 41820058
3C630001 3D808003
618C5F94 3D406000
914C0000 00000000
lis r12,-32765
ori r12,r12,24468
lis r10,24576
stw r10,0(r12)
lis r9,-32765
ori r9,r9,25648
lis r8,-23969
ori r8,r8,2
stw r8,0(r9)
lis r7,-32765
ori r7,r7,24456
lis r6,14339
ori r6,r6,1
stw r6,0(r7)
nop
.word 0x0000
lfs f16,24400(r3)
.word 0x0000
bne- 0x0000
mr r3,r30
li r4,114
bl 0x0000
b 0x0000
cmplwi r0,16
bne- 0x0000
mr r3,r30
li r4,17
bl 0x0000
b 0x0000
lhz r4,8(r31)
rlwinm. r3,r4,0,19,31
beq- 0x0000
addis r3,r3,1
lis r12,-32765
ori r12,r12,24468
lis r10,24576
stw r10,0(r12)
C0000000 00000005
3D808003 3D406000
914C5F94 3D40A25F
614A0002 914C6430
3D403803 614A0001
914C5F88 4E800020
Try this.
yep it's the same^^
but thx and good work ;)
Why do you wanna ASM code instead of 32 bits Write code? ASM codes will make the simple codes be complicated. ???
Are you sure those registers are free?
r12,r10,r9,r8,r7,r6 are free
why not use a stack frame to make sure :\
00000000 != free
stack frame? o,o
00000000 is free? okay lol...
r12 have sometimes 80XXXXXX
Quote from: Deathwolf on August 09, 2010, 02:18:27 PM
stack frame? o,o
00000000 is free? okay lol...
r12 have sometimes 80XXXXXX
!= means not equal.
I didn't use any register with 00000000
why not use a stack frame... change the registers to 14 - 31
then use this at the beginning:
stwu r1,-80(r1) #allocate room for r14-r31
stmw r14,8(r1) #load r14-r31 into stackframe
and this at the end:
lmw r14,8(r1) #read registers r14 to r31 from stack
addi r1,r1,80 #free stackframe
you mean, with this I can use r14-r31? :eek:
yes.
stwu r1,-80(r1)
stmw r14,8(r1)
lis r14,0x8003
ori r14,r14,0x5F94
lis r15,0x6000
ori r15,r15,0x0000
stw r15,0(r14)
lis r16,0x8003
ori r16,r16,0x6430
lis r17,0xA25F
ori r17,r17,0x0002
stw r17,0(r16)
lis r18,0x8003
ori r18,r18,0x5F88
lis r19,0x3803
ori r19,r19,0x0001
stw r19,0(r18)
lmw r14,8(r1)
addi r1,r1,80
assembly:
C2035F94 0000000A
9421FFB0 BDC10008
3DC08003 61CE5F94
3DE06000 61EF0000
91EE0000 3E008003
61306430 3E20A25F
61510002 92300000
3E408003 62525F88
3E603803 62730001
92720000 B9C10008
38210050 00000000
freez :/
I think you should use C0 code type instead of C2.
Quote from: AlexWong on August 08, 2010, 04:31:42 PM
C0000000 00000005
3D808003 3D406000
914C5F94 3D40A25F
614A0002 914C6430
3D403803 614A0001
914C5F88 4E800020
Try this.
btw your code is wrong
you are not loading into a address.
you just write 3D808003 and then nop...
C0 code type doesn't need an address to load. It's not the same as C2 code type. You can test my codes in the game first.
Execute ASM
C0000000 NNNNNNNN
ZZZZZZZZ ZZZZZZZZ
ZZZZZZZZ ZZZZZZZZ
4E800020 00000000
Executes the NNNNNNNN lines of instruction placed under the code.
The instructions MUST end with a blr (0x4E800020).