I sometimes encounter this annoying problem.
I try to breakpoint read an adress and want to write with lis, ori, stb, lbz my new value. -> go to code template.
After I have applied the new code, I checked the value. No, it didn´t work, let´s set our read breakpoint again.
It hits and shows me the same instruction again, but with a different adress. I´ll hook this adress, got the same problem again.
What can I do to make it work finally? :confused:
the function:
[spoiler]8047C388: 9421FFA0 stwu r1,-96(r1)
8047C38C: 7C0802A6 mflr r0
8047C390: 90010064 stw r0,100(r1)
8047C394: 39610060 addi r11,r1,96
8047C398: 4BBE1ADD bl 0x8005de74
8047C39C: 7C7B1B78 mr r27,r3
8047C3A0: 7C9C2378 mr r28,r4
8047C3A4: 3FE080A2 lis r31,-32606
8047C3A8: 3BFF7750 addi r31,r31,30544
8047C3AC: 800337A8 lwz r0,14248(r3)
8047C3B0: 2C000000 cmpwi r0,0
8047C3B4: 4082000C bne- 0x8047c3c0
8047C3B8: 38600000 li r3,0
8047C3BC: 48000354 b 0x8047c710
8047C3C0: 80BF0160 lwz r5,352(r31)
8047C3C4: 88050018 lbz r0,24(r5) -> hit adress
8047C3C8: 2C000000 cmpwi r0,0
8047C3CC: 40820040 bne- 0x8047c40c
8047C3D0: 4BFFFEB9 bl 0x8047c288
8047C3D4: 7C771B78 mr r23,r3
8047C3D8: 480FD17D bl 0x80579554
8047C3DC: 809F0118 lwz r4,280(r31)
8047C3E0: 80040018 lwz r0,24(r4)
8047C3E4: 7F030050 sub r24,r0,r3
8047C3E8: 480FD16D bl 0x80579554
8047C3EC: 7C661B78 mr r6,r3
8047C3F0: 7F63DB78 mr r3,r27
8047C3F4: 7F84E378 mr r4,r28
8047C3F8: 7EE5BB78 mr r5,r23
8047C3FC: 7F07C378 mr r7,r24
8047C400: 4800CFA1 bl 0x804893a0
8047C404: 38600000 li r3,0
8047C408: 48000308 b 0x8047c710
8047C40C: 800337A4 lwz r0,14244(r3)
8047C410: 2C000000 cmpwi r0,0
8047C414: 4182000C beq- 0x8047c420
8047C418: 38600000 li r3,0
8047C41C: 480002F4 b 0x8047c710
8047C420: 3861001C addi r3,r1,28
8047C424: 38800000 li r4,0
8047C428: 38A00014 li r5,20
8047C42C: 4BB87F25 bl 0x80004350
8047C430: 7F63DB78 mr r3,r27
8047C434: 4BFFFD51 bl 0x8047c184
8047C438: 7C7E1B78 mr r30,r3
8047C43C: 3BA00000 li r29,0
8047C440: 3F2080C5 lis r25,-32571
8047C444: 3F4080C7 lis r26,-32569
8047C448: 48000164 b 0x8047c5ac
8047C44C: 1EFE0050 mulli r23,r30,80
8047C450: 7C7BBA14 add r3,r27,r23
8047C454: 3BA30164 addi r29,r3,356
8047C458: 7F63DB78 mr r3,r27
8047C45C: 7F84E378 mr r4,r28
8047C460: 4BFFFE29 bl 0x8047c288
8047C464: 7C781B78 mr r24,r3
8047C468: 387944E8 addi r3,r25,17640
8047C46C: 4828AEB9 bl 0x80707324
8047C470: 807B3808 lwz r3,14344(r27)
8047C474: 2C030000 cmpwi r3,0
8047C478: 4182002C beq- 0x8047c4a4
8047C47C: 48003141 bl 0x8047f5bc
8047C480: 2C030000 cmpwi r3,0
8047C484: 41820020 beq- 0x8047c4a4
8047C488: 807B3808 lwz r3,14344(r27)
8047C48C: 48003185 bl 0x8047f610
8047C490: 2C030000 cmpwi r3,0
8047C494: 41820010 beq- 0x8047c4a4
8047C498: 807B3808 lwz r3,14344(r27)
8047C49C: 7F84E378 mr r4,r28
8047C4A0: 48006559 bl 0x804829f8
8047C4A4: 807B0000 lwz r3,0(r27)
8047C4A8: 7F84E378 mr r4,r28
8047C4AC: 5705003C rlwinm r5,r24,0,0,30
8047C4B0: 38DD0001 addi r6,r29,1
8047C4B4: 39000000 li r8,0
8047C4B8: 38E00000 li r7,0
8047C4BC: 813D003C lwz r9,60(r29)
8047C4C0: 815D0040 lwz r10,64(r29)
8047C4C4: 4828BAF1 bl 0x80707fb4
8047C4C8: 2C030000 cmpwi r3,0
8047C4CC: 4082002C bne- 0x8047c4f8
8047C4D0: 7F63DB78 mr r3,r27
8047C4D4: 7C9BBA14 add r4,r27,r23
8047C4D8: 3884016D addi r4,r4,365
8047C4DC: 4BFFE2E1 bl 0x8047a7bc
8047C4E0: 807B0000 lwz r3,0(r27)
8047C4E4: 4828AE41 bl 0x80707324
8047C4E8: 7F63DB78 mr r3,r27
8047C4EC: 4BFFFC99 bl 0x8047c184
8047C4F0: 7C7E1B78 mr r30,r3
8047C4F4: 480000B8 b 0x8047c5ac
8047C4F8: 387D0001 addi r3,r29,1
8047C4FC: 3881001C addi r4,r1,28
8047C500: 48233D19 bl 0x806b0218
8047C504: 2C030000 cmpwi r3,0
8047C508: 4082002C bne- 0x8047c534
8047C50C: 7F63DB78 mr r3,r27
8047C510: 7C9BBA14 add r4,r27,r23
8047C514: 3884016D addi r4,r4,365
8047C518: 4BFFE2A5 bl 0x8047a7bc
8047C51C: 807B0000 lwz r3,0(r27)
8047C520: 4828AE05 bl 0x80707324
8047C524: 7F63DB78 mr r3,r27
8047C528: 4BFFFC5D bl 0x8047c184
8047C52C: 7C7E1B78 mr r30,r3
8047C530: 4800007C b 0x8047c5ac
8047C534: 3B000000 li r24,0
8047C538: 881A4334 lbz r0,17204(r26)
8047C53C: 2C000000 cmpwi r0,0
8047C540: 40820040 bne- 0x8047c580
8047C544: 8061001C lwz r3,28(r1)
8047C548: 80010020 lwz r0,32(r1)
8047C54C: 90610008 stw r3,8(r1)
8047C550: 9001000C stw r0,12(r1)
8047C554: 80610024 lwz r3,36(r1)
8047C558: 80010028 lwz r0,40(r1)
8047C55C: 90610010 stw r3,16(r1)
8047C560: 90010014 stw r0,20(r1)
8047C564: 8001002C lwz r0,44(r1)
8047C568: 90010018 stw r0,24(r1)
8047C56C: 38610008 addi r3,r1,8
8047C570: 48105875 bl 0x80581de4
8047C574: 2C030000 cmpwi r3,0
8047C578: 41820008 beq- 0x8047c580
8047C57C: 3B000001 li r24,1
8047C580: 2C180000 cmpwi r24,0
8047C584: 41820030 beq- 0x8047c5b4
8047C588: 7F63DB78 mr r3,r27
8047C58C: 7C9BBA14 add r4,r27,r23
8047C590: 3884016D addi r4,r4,365
8047C594: 4BFFE229 bl 0x8047a7bc
8047C598: 807B0000 lwz r3,0(r27)
8047C59C: 4828AD89 bl 0x80707324
8047C5A0: 7F63DB78 mr r3,r27
8047C5A4: 4BFFFBE1 bl 0x8047c184
8047C5A8: 7C7E1B78 mr r30,r3
8047C5AC: 2C1E0000 cmpwi r30,0
8047C5B0: 4080FE9C bge+ 0x8047c44c
8047C5B4: 2C1E0000 cmpwi r30,0
8047C5B8: 408000E8 bge- 0x8047c6a0
8047C5BC: 3C6080C7 lis r3,-32569
8047C5C0: 88034334 lbz r0,17204(r3)
8047C5C4: 2C000000 cmpwi r0,0
8047C5C8: 4182002C beq- 0x8047c5f4
8047C5CC: 38000003 li r0,3
8047C5D0: 3C6080C7 lis r3,-32569
8047C5D4: 90034338 stw r0,17208(r3)
8047C5D8: 7F63DB78 mr r3,r27
8047C5DC: 7F84E378 mr r4,r28
8047C5E0: 3CA0808F lis r5,-32625
8047C5E4: 38A52440 addi r5,r5,9280
8047C5E8: 4BFFF5B5 bl 0x8047bb9c
8047C5EC: 38600000 li r3,0
8047C5F0: 48000120 b 0x8047c710
8047C5F4: 7F83E378 mr r3,r28
8047C5F8: 4828C3C1 bl 0x807089b8
8047C5FC: 2C030000 cmpwi r3,0
8047C600: 40820098 bne- 0x8047c698
8047C604: 7F63DB78 mr r3,r27
8047C608: 7F84E378 mr r4,r28
8047C60C: 4BFFFCF9 bl 0x8047c304
8047C610: 2C030000 cmpwi r3,0
8047C614: 41820050 beq- 0x8047c664
8047C618: 3C6080C5 lis r3,-32571
8047C61C: 386344E8 addi r3,r3,17640
8047C620: 4828AD05 bl 0x80707324
8047C624: 807F0040 lwz r3,64(r31)
8047C628: 7F84E378 mr r4,r28
8047C62C: 4BFFFC5D bl 0x8047c288
8047C630: 7C771B78 mr r23,r3
8047C634: 480FCF21 bl 0x80579554
8047C638: 809F0118 lwz r4,280(r31)
8047C63C: 80040018 lwz r0,24(r4)
8047C640: 7F630050 sub r27,r0,r3
8047C644: 480FCF11 bl 0x80579554
8047C648: 7C661B78 mr r6,r3
8047C64C: 807F0040 lwz r3,64(r31)
8047C650: 7F84E378 mr r4,r28
8047C654: 7EE5BB78 mr r5,r23
8047C658: 7F67DB78 mr r7,r27
8047C65C: 4800CD45 bl 0x804893a0
8047C660: 48000030 b 0x8047c690
8047C664: 807B3808 lwz r3,14344(r27)
8047C668: 2C030000 cmpwi r3,0
8047C66C: 4182001C beq- 0x8047c688
8047C670: 800337A4 lwz r0,14244(r3)
8047C674: 2C000000 cmpwi r0,0
8047C678: 41820010 beq- 0x8047c688
8047C67C: 8003379C lwz r0,14236(r3)
8047C680: 2C000000 cmpwi r0,0
8047C684: 4182000C beq- 0x8047c690
8047C688: 7F83E378 mr r3,r28
8047C68C: 4828C409 bl 0x80708a94
8047C690: 38600000 li r3,0
8047C694: 4800007C b 0x8047c710
8047C698: 38600000 li r3,0
8047C69C: 48000074 b 0x8047c710
8047C6A0: 7F63DB78 mr r3,r27
8047C6A4: 48007B95 bl 0x80484238
8047C6A8: 38600004 li r3,4
8047C6AC: 9061001C stw r3,28(r1)
8047C6B0: 380003E9 li r0,1001
8047C6B4: B0010024 sth r0,36(r1)
8047C6B8: 907B3724 stw r3,14116(r27)
8047C6BC: 80010020 lwz r0,32(r1)
8047C6C0: 901B3728 stw r0,14120(r27)
8047C6C4: A0010024 lhz r0,36(r1)
8047C6C8: B01B372C sth r0,14124(r27)
8047C6CC: 80010028 lwz r0,40(r1)
8047C6D0: 901B3730 stw r0,14128(r27)
8047C6D4: 8001002C lwz r0,44(r1)
8047C6D8: 901B3734 stw r0,14132(r27)
8047C6DC: 93DB3720 stw r30,14112(r27)
8047C6E0: 387B3738 addi r3,r27,14136
8047C6E4: 389D0001 addi r4,r29,1
8047C6E8: 38A00031 li r5,49
8047C6EC: 4BB87915 bl 0x80004000
8047C6F0: 801D0040 lwz r0,64(r29)
8047C6F4: 901B3774 stw r0,14196(r27)
8047C6F8: 801D003C lwz r0,60(r29)
8047C6FC: 901B3778 stw r0,14200(r27)
8047C700: 38000000 li r0,0
8047C704: 901B376C stw r0,14188(r27)
8047C708: 901B3770 stw r0,14192(r27)
8047C70C: 38600001 li r3,1
8047C710: 39610060 addi r11,r1,96
8047C714: 4BBE17AD bl 0x8005dec0
8047C718: 80010064 lwz r0,100(r1)
8047C71C: 7C0803A6 mtlr r0
8047C720: 38210060 addi r1,r1,96
8047C724: 4E800020 blr
[/spoiler]
registers:
[spoiler] CR:44004848 XER:20000000 CTR:00000003 DSIS:00400000
DAR:814B5C78 SRR0:8047C3C4 SRR1:0000B032 LR:8047C39C
r0:00000001 r1:80249748 r2:802459C0 r3:817E8980
r4:00000000 r5:814B5C60 r6:817E95F5 r7:817EC0D8
r8:00010101 r9:0000000A r10:00000000 r11:802497A8
r12:80066664 r13:80244680 r14:00010005 r15:8017D510
r16:806AE6A8 r17:00000000 r18:00000000 r19:00000004
r20:00000000 r21:8036F000 r22:73433750 r23:00010005
r24:73433750 r25:80889378 r26:817E8980 r27:817E8980
r28:00000000 r29:00000000 r30:808F2AE8 r31:80A27750
f0:FFC00000 f1:A37D5C37 f2:C2C65662 f3:B1CD3018
f4:0087F807 f5:00000000 f6:00000000 f7:00000000
f8:00000000 f9:00000000 f10:00000000 f11:00000000
f12:39443479 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:BF800000 f30:00000000 f31:3F800000[/spoiler]
code template:
[spoiler]
lis r12,0
ori r12,r12,0
stb r0,24(r5)
lbz r0,24(r5)
C247C3C4 00000003
3D800000 618C0000
98050018 88050018
60000000 00000000
[/spoiler]
You need to find the pointer, then make a D2 code
You don't need ASM.
8047C3A4: 3FE080A2 lis r31,-32606
8047C3A8: 3BFF7750 addi r31,r31,30544
...
8047C3C0: 80BF0160 lwz r5,352(r31)
8047C3C4: 88050018 lbz r0,24(r5) -> hit adress
You should be able to put this information together to make a classic pointer code that you can use with the 10 code type.
Quote from: dcx2 on December 04, 2010, 06:59:11 PM
You don't need ASM.
8047C3A4: 3FE080A2 lis r31,-32606
8047C3A8: 3BFF7750 addi r31,r31,30544
...
8047C3C0: 80BF0160 lwz r5,352(r31)
8047C3C4: 88050018 lbz r0,24(r5) -> hit adress
You should be able to put this information together to make a classic pointer code that you can use with the 10 code type.
hey cool this worked :D
Thought it was not possible :p
That is a great example of how to create a pointer code from ASM, without a pointer app.
The reason is because the "anchor" pointer, 80A27750, is in the same function as the pointer of interest. This is even pointer-in-pointer.
Typically, the "anchor" will be a few steps up the call stack, which is why it's usually harder.