Hey,
I nop´ed one instruction and this turned out to make your damage to others 0.
But they can still damage you.
Would it be possible to change this to: Make a hell lot damage to enemys?
Disassembly:
[spoiler]806988D4: 9421FF10 stwu r1,-240(r1)
806988D8: 7C0802A6 mflr r0
806988DC: 900100F4 stw r0,244(r1)
806988E0: DBE100E0 stfd f31,224(r1)
806988E4: F3E100E8 psq_st f31,232(r1),0,0
806988E8: DBC100D0 stfd f30,208(r1)
806988EC: F3C100D8 psq_st f30,216(r1),0,0
806988F0: 396100D0 addi r11,r1,208
806988F4: 4B9C5591 bl 0x8005de84
806988F8: 7C7B1B78 mr r27,r3
806988FC: FFC00890 fmr f30,f1
80698900: FFE01090 fmr f31,f2
80698904: 7C9C2378 mr r28,r4
80698908: 7CBD2B78 mr r29,r5
8069890C: 7CDE3378 mr r30,r6
80698910: 3FE0808A lis r31,-32630
80698914: 3BFF2CA0 addi r31,r31,11424
80698918: 3C830004 addis r4,r3,4
8069891C: C044E488 lfs f2,-7032(r4)
80698920: C01F0364 lfs f0,868(r31)
80698924: FC020040 fcmpo cr0,f2,f0
80698928: 4081000C ble- 0x80698934
8069892C: C01F038C lfs f0,908(r31)
80698930: EFC10032 fmuls f30,f1,f0
80698934: 80630004 lwz r3,4(r3)
80698938: 4BDB1139 bl 0x80449a70
8069893C: 2C030000 cmpwi r3,0
80698940: 41820018 beq- 0x80698958
80698944: C01F0364 lfs f0,868(r31)
80698948: D0010068 stfs f0,104(r1)
8069894C: D001006C stfs f0,108(r1)
80698950: D0010070 stfs f0,112(r1)
80698954: 48000014 b 0x80698968
80698958: D3C10068 stfs f30,104(r1)
8069895C: D3E1006C stfs f31,108(r1)
80698960: C01F0364 lfs f0,868(r31)
80698964: D0010070 stfs f0,112(r1)
80698968: 3C7B0004 addis r3,r27,4
8069896C: 38630DCC addi r3,r3,3532
80698970: 38810078 addi r4,r1,120
80698974: 4BF65771 bl 0x805fe0e4
80698978: 38610068 addi r3,r1,104
8069897C: 38810058 addi r4,r1,88
80698980: 4BF6637D bl 0x805fecfc
80698984: C0010084 lfs f0,132(r1)
80698988: EC600032 fmuls f3,f0,f0
8069898C: C0010080 lfs f0,128(r1)
80698990: EC400032 fmuls f2,f0,f0
80698994: C0010078 lfs f0,120(r1)
80698998: EC200032 fmuls f1,f0,f0
8069899C: C001007C lfs f0,124(r1)
806989A0: EC000032 fmuls f0,f0,f0
806989A4: EC01002A fadds f0,f1,f0
806989A8: EC02002A fadds f0,f2,f0
806989AC: EC03002A fadds f0,f3,f0
806989B0: C03F0364 lfs f1,868(r31)
806989B4: FC010000 fcmpu cr0,f1,f0
806989B8: 41820024 beq- 0x806989dc
806989BC: C09F035C lfs f4,860(r31)
806989C0: C07F03B8 lfs f3,952(r31)
806989C4: FC200034 fsqrte f1,f0
806989C8: EC410072 fmuls f2,f1,f1
806989CC: EC210132 fmuls f1,f1,f4
806989D0: EC42183C fnmsubs f2,f2,f0,f3
806989D4: EC220072 fmuls f1,f2,f1
806989D8: EC200072 fmuls f1,f0,f1
806989DC: C01F0364 lfs f0,868(r31)
806989E0: FC010000 fcmpu cr0,f1,f0
806989E4: 4182003C beq- 0x80698a20
806989E8: C01F0370 lfs f0,880(r31)
806989EC: EC200824 fdivs f1,f0,f1
806989F0: C0010078 lfs f0,120(r1)
806989F4: EC000072 fmuls f0,f0,f1
806989F8: D0010078 stfs f0,120(r1)
806989FC: C001007C lfs f0,124(r1)
80698A00: EC000072 fmuls f0,f0,f1
80698A04: D001007C stfs f0,124(r1)
80698A08: C0010080 lfs f0,128(r1)
80698A0C: EC000072 fmuls f0,f0,f1
80698A10: D0010080 stfs f0,128(r1)
80698A14: C0010084 lfs f0,132(r1)
80698A18: EC000072 fmuls f0,f0,f1
80698A1C: D0010084 stfs f0,132(r1)
80698A20: C0010064 lfs f0,100(r1)
80698A24: EC600032 fmuls f3,f0,f0
80698A28: C0010060 lfs f0,96(r1)
80698A2C: EC400032 fmuls f2,f0,f0
80698A30: C0010058 lfs f0,88(r1)
80698A34: EC200032 fmuls f1,f0,f0
80698A38: C001005C lfs f0,92(r1)
80698A3C: EC000032 fmuls f0,f0,f0
80698A40: EC01002A fadds f0,f1,f0
80698A44: EC02002A fadds f0,f2,f0
80698A48: EC03002A fadds f0,f3,f0
80698A4C: C03F0364 lfs f1,868(r31)
80698A50: FC010000 fcmpu cr0,f1,f0
80698A54: 41820024 beq- 0x80698a78
80698A58: C09F035C lfs f4,860(r31)
80698A5C: C07F03B8 lfs f3,952(r31)
80698A60: FC200034 fsqrte f1,f0
80698A64: EC410072 fmuls f2,f1,f1
80698A68: EC210132 fmuls f1,f1,f4
80698A6C: EC42183C fnmsubs f2,f2,f0,f3
80698A70: EC220072 fmuls f1,f2,f1
80698A74: EC200072 fmuls f1,f0,f1
80698A78: C01F0364 lfs f0,868(r31)
80698A7C: FC010000 fcmpu cr0,f1,f0
80698A80: 4182003C beq- 0x80698abc
80698A84: C01F0370 lfs f0,880(r31)
80698A88: EC200824 fdivs f1,f0,f1
80698A8C: C0010058 lfs f0,88(r1)
80698A90: EC000072 fmuls f0,f0,f1
80698A94: D0010058 stfs f0,88(r1)
80698A98: C001005C lfs f0,92(r1)
80698A9C: EC000072 fmuls f0,f0,f1
80698AA0: D001005C stfs f0,92(r1)
80698AA4: C0010060 lfs f0,96(r1)
80698AA8: EC000072 fmuls f0,f0,f1
80698AAC: D0010060 stfs f0,96(r1)
80698AB0: C0010064 lfs f0,100(r1)
80698AB4: EC000072 fmuls f0,f0,f1
80698AB8: D0010064 stfs f0,100(r1)
80698ABC: C0010078 lfs f0,120(r1)
80698AC0: D0010034 stfs f0,52(r1)
80698AC4: 80010034 lwz r0,52(r1)
80698AC8: 54030050 rlwinm r3,r0,0,1,8
80698ACC: 3C038080 subis r0,r3,32640
80698AD0: 28000000 cmplwi r0,0
80698AD4: 418202A8 beq- 0x80698d7c
80698AD8: C001007C lfs f0,124(r1)
80698ADC: D0010030 stfs f0,48(r1)
80698AE0: 80010030 lwz r0,48(r1)
80698AE4: 54030050 rlwinm r3,r0,0,1,8
80698AE8: 3C038080 subis r0,r3,32640
80698AEC: 28000000 cmplwi r0,0
80698AF0: 4182028C beq- 0x80698d7c
80698AF4: C0010080 lfs f0,128(r1)
80698AF8: D001002C stfs f0,44(r1)
80698AFC: 8001002C lwz r0,44(r1)
80698B00: 54030050 rlwinm r3,r0,0,1,8
80698B04: 3C038080 subis r0,r3,32640
80698B08: 28000000 cmplwi r0,0
80698B0C: 41820270 beq- 0x80698d7c
80698B10: C0010084 lfs f0,132(r1)
80698B14: D0010028 stfs f0,40(r1)
80698B18: 80010028 lwz r0,40(r1)
80698B1C: 54030050 rlwinm r3,r0,0,1,8
80698B20: 3C038080 subis r0,r3,32640
80698B24: 28000000 cmplwi r0,0
80698B28: 41820254 beq- 0x80698d7c
80698B2C: C0010058 lfs f0,88(r1)
80698B30: D0010024 stfs f0,36(r1)
80698B34: 80010024 lwz r0,36(r1)
80698B38: 54030050 rlwinm r3,r0,0,1,8
80698B3C: 3C038080 subis r0,r3,32640
80698B40: 28000000 cmplwi r0,0
80698B44: 41820238 beq- 0x80698d7c
80698B48: C001005C lfs f0,92(r1)
80698B4C: D0010020 stfs f0,32(r1)
80698B50: 80010020 lwz r0,32(r1)
80698B54: 54030050 rlwinm r3,r0,0,1,8
80698B58: 3C038080 subis r0,r3,32640
80698B5C: 28000000 cmplwi r0,0
80698B60: 4182021C beq- 0x80698d7c
80698B64: C0010060 lfs f0,96(r1)
80698B68: D001001C stfs f0,28(r1)
80698B6C: 8001001C lwz r0,28(r1)
80698B70: 54030050 rlwinm r3,r0,0,1,8
80698B74: 3C038080 subis r0,r3,32640
80698B78: 28000000 cmplwi r0,0
80698B7C: 41820200 beq- 0x80698d7c
80698B80: C0010064 lfs f0,100(r1)
80698B84: D0010018 stfs f0,24(r1)
80698B88: 80010018 lwz r0,24(r1)
80698B8C: 54030050 rlwinm r3,r0,0,1,8
80698B90: 3C038080 subis r0,r3,32640
80698B94: 28000000 cmplwi r0,0
80698B98: 40820008 bne- 0x80698ba0
80698B9C: 480001E0 b 0x80698d7c
80698BA0: C0010060 lfs f0,96(r1)
80698BA4: C1A1007C lfs f13,124(r1)
80698BA8: EC600372 fmuls f3,f0,f13
80698BAC: C1810058 lfs f12,88(r1)
80698BB0: C1610084 lfs f11,132(r1)
80698BB4: EC4C02F2 fmuls f2,f12,f11
80698BB8: C1410064 lfs f10,100(r1)
80698BBC: C1210078 lfs f9,120(r1)
80698BC0: EC2A0272 fmuls f1,f10,f9
80698BC4: EC22082A fadds f1,f2,f1
80698BC8: EC43082A fadds f2,f3,f1
80698BCC: C101005C lfs f8,92(r1)
80698BD0: C0E10080 lfs f7,128(r1)
80698BD4: EC2801F2 fmuls f1,f8,f7
80698BD8: ECC20828 fsubs f6,f2,f1
80698BDC: D0C10038 stfs f6,56(r1)
80698BE0: EC8C01F2 fmuls f4,f12,f7
80698BE4: EC6A0372 fmuls f3,f10,f13
80698BE8: EC4802F2 fmuls f2,f8,f11
80698BEC: EC200272 fmuls f1,f0,f9
80698BF0: EC220828 fsubs f1,f2,f1
80698BF4: EC23082A fadds f1,f3,f1
80698BF8: ECA4082A fadds f5,f4,f1
80698BFC: D0A1003C stfs f5,60(r1)
80698C00: EC6A01F2 fmuls f3,f10,f7
80698C04: EC4002F2 fmuls f2,f0,f11
80698C08: EC280272 fmuls f1,f8,f9
80698C0C: EC42082A fadds f2,f2,f1
80698C10: EC2C0372 fmuls f1,f12,f13
80698C14: EC220828 fsubs f1,f2,f1
80698C18: EC83082A fadds f4,f3,f1
80698C1C: D0810040 stfs f4,64(r1)
80698C20: EC4A02F2 fmuls f2,f10,f11
80698C24: EC2C0272 fmuls f1,f12,f9
80698C28: EC420828 fsubs f2,f2,f1
80698C2C: EC280372 fmuls f1,f8,f13
80698C30: EC220828 fsubs f1,f2,f1
80698C34: EC0001F2 fmuls f0,f0,f7
80698C38: EC010028 fsubs f0,f1,f0
80698C3C: D0010044 stfs f0,68(r1)
80698C40: EC600032 fmuls f3,f0,f0
80698C44: EC440132 fmuls f2,f4,f4
80698C48: EC2601B2 fmuls f1,f6,f6
80698C4C: EC050172 fmuls f0,f5,f5
80698C50: EC01002A fadds f0,f1,f0
80698C54: EC02002A fadds f0,f2,f0
80698C58: EC03002A fadds f0,f3,f0
80698C5C: C03F0364 lfs f1,868(r31)
80698C60: FC010000 fcmpu cr0,f1,f0
80698C64: 41820024 beq- 0x80698c88
80698C68: C09F035C lfs f4,860(r31)
80698C6C: C07F03B8 lfs f3,952(r31)
80698C70: FC200034 fsqrte f1,f0
80698C74: EC410072 fmuls f2,f1,f1
80698C78: EC210132 fmuls f1,f1,f4
80698C7C: EC42183C fnmsubs f2,f2,f0,f3
80698C80: EC220072 fmuls f1,f2,f1
80698C84: EC200072 fmuls f1,f0,f1
80698C88: C01F0364 lfs f0,868(r31)
80698C8C: FC010000 fcmpu cr0,f1,f0
80698C90: 4182003C beq- 0x80698ccc
80698C94: C01F0370 lfs f0,880(r31)
80698C98: EC200824 fdivs f1,f0,f1
80698C9C: C0010038 lfs f0,56(r1)
80698CA0: EC000072 fmuls f0,f0,f1
80698CA4: D0010038 stfs f0,56(r1)
80698CA8: C001003C lfs f0,60(r1)
80698CAC: EC000072 fmuls f0,f0,f1
80698CB0: D001003C stfs f0,60(r1)
80698CB4: C0010040 lfs f0,64(r1)
80698CB8: EC000072 fmuls f0,f0,f1
80698CBC: D0010040 stfs f0,64(r1)
80698CC0: C0010044 lfs f0,68(r1)
80698CC4: EC000072 fmuls f0,f0,f1
80698CC8: D0010044 stfs f0,68(r1)
80698CCC: C0010038 lfs f0,56(r1)
80698CD0: D0010014 stfs f0,20(r1)
80698CD4: 80010014 lwz r0,20(r1)
80698CD8: 54030050 rlwinm r3,r0,0,1,8
80698CDC: 3C038080 subis r0,r3,32640
80698CE0: 28000000 cmplwi r0,0
80698CE4: 41820098 beq- 0x80698d7c
80698CE8: C001003C lfs f0,60(r1)
80698CEC: D0010010 stfs f0,16(r1)
80698CF0: 80010010 lwz r0,16(r1)
80698CF4: 54030050 rlwinm r3,r0,0,1,8
80698CF8: 3C038080 subis r0,r3,32640
80698CFC: 28000000 cmplwi r0,0
80698D00: 4182007C beq- 0x80698d7c
80698D04: C0010040 lfs f0,64(r1)
80698D08: D001000C stfs f0,12(r1)
80698D0C: 8001000C lwz r0,12(r1)
80698D10: 54030050 rlwinm r3,r0,0,1,8
80698D14: 3C038080 subis r0,r3,32640
80698D18: 28000000 cmplwi r0,0
80698D1C: 41820060 beq- 0x80698d7c
80698D20: C0010044 lfs f0,68(r1)
80698D24: D0010008 stfs f0,8(r1)
80698D28: 80010008 lwz r0,8(r1)
80698D2C: 54030050 rlwinm r3,r0,0,1,8
80698D30: 3C038080 subis r0,r3,32640
80698D34: 28000000 cmplwi r0,0
80698D38: 40820008 bne- 0x80698d40
80698D3C: 48000040 b 0x80698d7c
80698D40: 38610038 addi r3,r1,56
80698D44: 38810088 addi r4,r1,136
80698D48: 4BF6367D bl 0x805fc3c4
80698D4C: 38610088 addi r3,r1,136
80698D50: 38810048 addi r4,r1,72
80698D54: 4BF64679 bl 0x805fd3cc
80698D58: C0210048 lfs f1,72(r1)
80698D5C: 4BF63FC5 bl 0x805fcd20
80698D60: D03C0000 stfs f1,0(r28)
80698D64: C021004C lfs f1,76(r1)
80698D68: 4BF63FB9 bl 0x805fcd20
80698D6C: D03D0000 stfs f1,0(r29) This one
80698D70: C0210050 lfs f1,80(r1)
80698D74: 4BF63FAD bl 0x805fcd20
80698D78: D03E0000 stfs f1,0(r30)
80698D7C: E3E100E8 psq_l f31,232(r1),0,0
80698D80: CBE100E0 lfd f31,224(r1)
80698D84: E3C100D8 psq_l f30,216(r1),0,0
80698D88: CBC100D0 lfd f30,208(r1)
80698D8C: 396100D0 addi r11,r1,208
80698D90: 4B9C5141 bl 0x8005ded0
80698D94: 800100F4 lwz r0,244(r1)
80698D98: 7C0803A6 mtlr r0
80698D9C: 382100F0 addi r1,r1,240
80698DA0: 4E800020 blr
[/spoiler]
Breakpoint (Write):[spoiler]
CR:48202288 XER:00000000 CTR:0000000E DSIS:00000000
DAR:00000000 SRR0:80698D6C SRR1:0000B032 LR:80698D6C
r0:80698D6C r1:8024D4A8 r2:802459C0 r3:808A0000
r4:3FF00000 r5:00000000 r6:00000000 r7:FFFFFFFE
r8:40000000 r9:00000000 r10:0011C26C r11:8024D578
r12:0025F12A r13:80244680 r14:00010005 r15:8017D510
r16:806ADDB4 r17:00000000 r18:00000000 r19:00000004
r20:00000000 r21:8036F000 r22:00000000 r23:815E2E40
r24:00000000 r25:00000000 r26:00000000 r27:80E4F140
r28:80EA73C4 r29:80EA73C8 r30:8024D5A0 r31:808A2CA0
f0:C386FFFF f1:42B40003 f2:71BF21E4 f3:40400000
f4:3F000000 f5:C2255DE0 f6:40C90FDA f7:00000000
f8:3290FDF0 f9:00000000 f10:00000000 f11:00000000
f12:00000000 f13:BF400000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:BF800000 f30:80000000 f31:80000000
[/spoiler]
I already tried to load a new Float, but it happened to don´t change anything for your attacks.
(It gave normal damage I guess, but when it is nop´ed, enemys can´t even notice your "attacks")
lis r12, XXXX
ori r12, r12, XXXX
stw r12, 0 (r29)
stfs f1,0(r29)
[spoiler]
C2698D6C 00000003
3D80XXXX 618CXXXX
919D0000 D03D0000
60000000 00000000[/spoiler]
Why does this happen? :confused:
have you tried to set bp read on it and overwrite the subi/addi with andc?
and why do use that instruction?
stfs f1,0(r29)
load value(42B40003) from f1 into r29
btw r12 doesn't seems to be free...
this makes no sense for me.
lis r12, XXXX <--- u want to write a value
ori r12, r12, XXXX
stw r12, 0 (r29) <--- save it to r29
stfs f1,0(r29) <-- store value from f1 into 29?
you would overwrite it again...
I think a C2 code should work here... Here's what I would do:
04001500 43870000 //approximately tripple damage
Hook: 80698D6C
lis r9, 0x8000
lfs f1, 0x1500(r9)
stfs f1,0(r29)
Quote from: Nutmeg on December 30, 2010, 12:28:55 AM
I think a C2 code should work here... Here's what I would do:
04001500 43870000 //approximately tripple damage
Hook: 80698D6C
lis r9, 0x8000
lfs f1, 0x1500(r9)
stfs f1,0(r29)
lis r9, 0x8000
lfs f1, 0x1500(r9)
stw r9,0(r29)
you want to write the value from f1 into the address 80001500 (r9).
then you want to grab the value from it and want to write it into r29.
so you should use a stw.
lis r9, 0x8000 <-- load into address 80000000
lfs f1, 0x1500(r9) <-- go 1500 forward and load the value from f1 into the address 80001500
stw r9,0(r29) store value from (80001500) into r29
Are you sure? I thought 'lfs' was 'load float single.' Wouldn't that load the float from 80001500 into f1?
Quote from: Nutmeg on December 30, 2010, 12:47:37 AM
Are you sure? I thought 'lfs' was 'load float single.' Wouldn't that load the float from 80001500 into f1?
yea that's right. lfs = load float single.
lis r9, 0x8000
r9 is totally free. you can do everything with it. like your example, write and load into 80000000
lfs f1, 0x1500(r9)
so, add 1500 bytes to 80000000 = 80001500 and load the value from f1 into r9.
80001500 42B40003
stw r9,0(r29)
now we want to store that value into r29.
r9 have the value 42B40003 now so we can store it easily into r29 by this instruction.
I don't see any changes. stfs f1,0(r29) is totally the same xD
Maybe I'm misunderstanding something.
Is this true?
lfs f1, 0x1500(r9) will load the value from 0x80001500 into f1.
lfs is the equivalent of lwz except with floating points, right?
nono ( ) <-- is into.
lfs f1, 0x1500(r9) will load the value from f1 into r9
Then what does 'stfs' do?
ex. stfs f1, 0x1500(r9)
store floating into r9
Quote from: Deathwolf on December 30, 2010, 01:29:33 AM
lfs f1, 0x1500(r9) will load the value from f1 into r9
------------------------------------------------
store floating into r9
Isn't that the same thing?
yea but I said that it doesn't make much sense...
So then... how do you modify a float register?
I didn't think that's possible...
use lis and ori to write a new floating value and use a lfs or stfs to store it into the address.
Okay, I got it now. ;)
-Thanks
loool thanks for this discussion great ;D
I saw my mistake I guess.
Wait, last second idea.
Use Gecko.NET to modify the float register. If you right click and view memory it should show you where the call is coming from, and this should alow you to change a float register.
^Another reason why Gecko.NET is superior. Also, I remember doing this in another code I did.
but I just want to write a new value and not see where it is coming from.
To which solution did you two unite now?
[spoiler]lis r9, 0x8000
lfs f1, 0x1500(r9)
stw r9,0(r29) #but this is storing r29 in r9 and not the other way round, where is the value to write??[/spoiler]
That is storing r9 in r29...
Quote from: Bully@Wiiplaza on December 30, 2010, 03:53:21 AM
but I just want to write a new value and not see where it is coming from.
To which solution did you two unite now?
[spoiler]lis r9, 0x8000
lfs f1, 0x1500(r9)
stw r9,0(r29) #but this is storing r29 in r9 and not the other way round, where is the value to write??[/spoiler]
lfs f1, 0x1500(r9)
f1 is the value to write!
if you want to write a new value so use this:
lis r9, 0x8000 <--- load into address 80001500
ori r9,r9,0x1500
lis r5,0x XXXX <--- write 32bit value
ori r5,r5,0x XXXX
stw r5,0(r9) <--- store value into address 80001500
nutmeg used 2 things in 1 instruction.
lfs can do:
lfs f1, 0x1500(r9) = f1 is the value, 0x1500 (r9) loading into register (address)
so you can load into address AND write a value from fX.
lwz will do the same.
example:
CR:48202288 XER:00000000 CTR:0000000E DSIS:00000000
DAR:00000000 SRR0:80698D6C SRR1:0000B032 LR:80698D6C
r0:80698D6C r1:8024D4A8 r2:802459C0 r3:808A0000
r4:3FF00000 r5:00000000 r6:00000000 r7:FFFFFFFE
r8:40000000 r9:00000000 r10:0011C26C r11:8024D578
r12:0025F12A r13:80244680 r14:00010005 r15:8017D510
r16:806ADDB4 r17:00000000 r18:00000000 r19:00000004
r20:00000000 r21:8036F000 r22:00000000 r23:815E2E40
r24:00000000 r25:00000000 r26:00000000 r27:80E4F140
r28:80EA73C4 r29:80EA73C8 r30:8024D5A0 r31:808A2CA0
you also can use lwz and not ori.
code would be:
lis r9, 0x8000 <--- load into address 80001500
lwz r5,0x1500 (r9) <--- u can see, r5 is nothing (no value)
lis r6,0x XXXX <--- write 32bit value
ori r6,r6,0x XXXX
stw r6,0(r9) <--- store value into address 80001500
I stopped helping Deathwolf and Bully some time ago as a means of protest against their online hacking. However, I feel terrible for poor Nutmeg who is being given confusing information...so I will step in to clear things up some.
Nutmeg, your original solution in reply #2 would work; load a value somewhere in memory, and then lfs the value into the float register of interest. However, I caution against using random areas of memory like that. You should only write to memory that you can prove will not be used for anything else. i.e. in a stack frame you created, or in a small data area inside a C2 code which exists where the code handler stores codes.
---
In reply #3, deathwolf said
lis r9, 0x8000 <-- load into address 80000000 load 0x8000 into the upper 16 bits of r9 and clear the lower 16 bits
lfs f1, 0x1500(r9) <-- go 1500 forward and load the value from f1 into the address 80001500 address 80001500 into float register f1
stw r9,0(r29) store value from (80001500) into r29 0x80000000 to the address in register r29
I have my corrections in red. Note that this sequence of assembly is basically nonsense, and it could very well crash the game because 0x80000000 as a single-precision float will be interpreted as a negative zero.
---
In reply #5, deathwolf alleges that r9 is free/safe. This is likely because he sees the value 0 in the register listing that Bully posted. He makes a similar error in reply #19 regarding r5 and r6. The safety of a register for using in an ASM code NEVER EVER EVER depends on the VALUE in that register, PERIOD! You cannot say "oh, this register is 0, so it's safe to use". That is not how it works. If you hit the breakpoint again, some of those values might not be zero.
The safety of a register can be determined ONLY from the disassembly. The reason r9, r6, and r5 are safe is because they are volatile registers and the hook address is right after a bl, so all the volatile registers are safe.
---
In reply #7, deathwolf says
nono ( ) <-- is into.
lfs f1, 0x1500(r9) will load the value from f1 into r9
That is entirely, 100% false. Nutmeg's reply #6 was 100% true.
---
Reply #9, deathwolf says that stfs f1, 0x1500(r9) will "store floating into r9". Wrong again. stfs will store the value in f1 to the address given by the pointer in r9 and an additional offset of 0x1500. i.e. it will write f1 to address 80001500.
---
At least he's right in #13. To write a new value into a float register, you will need lis/ori/lfs. Or as Nutmeg pointed out, in Gecko.NET, on the BP tab, if you are at a breakpoint which uses a memory access instruction and you right-click the Set Breakpoint, Step buttons, or Show Mem button, you will get a peek at the current value that will be accessed. You can also poke a new value by typing it into the data field and pressing enter. Then, when you Step, the game will load your poked value into the float register.
---
Finally, deathwolf said in #19
lfs f1, 0x1500(r9) = f1 is the value, 0x1500 (r9) loading into register (address)
so you can load into address AND write a value from fX.
lwz will do the same.
That is wrong. lfs does not load anything into an an address. It does not write any value from a float register. lfs fD, d(rA) will take the value at the address that is given by the sum of d and the value in rA, and then it loads that value into the float register fD. lwz is the same way.
.... sounds everything is wrong :(
I don't see any problems with online codes for private match.
and I don't see any supports by online hacking but if you think so... okay.
stfs f1,0(r29)
replace with:
stwu r1,-80(r1)
stmw r14,8(r1)
lis r14,0x XXXX
ori r14,r14,0x XXXX
stw r14,0(r29)
lmw r14,8(r1)
addi r1,r1,80
sry :(
Quote from: Deathwolf on December 30, 2010, 05:31:46 PM
I don't see any problems with online codes for private match.
This is off-topic for this thread, but...does this look like a private match?
[spoiler](http://img.photobucket.com/albums/v239/COMel/SJBE52-001.jpg)[/spoiler]
I won't help online hackers. Even if your code is offline.
Quote from: dcx2 on December 30, 2010, 05:37:04 PM
Quote from: Deathwolf on December 30, 2010, 05:31:46 PM
I don't see any problems with online codes for private match.
This is off-topic for this thread, but...does this look like a private match?
[spoiler](http://img.photobucket.com/albums/v239/COMel/SJBE52-001.jpg)[/spoiler]
no... not really but I stopped using hacks like this.
but I don't see any support by help with ASM.
hmm... I think it's unfair. superman made alot online hacks for cod bo and he got much help :/
btw I see you helping bully sometimes and he still make some online codes...
If superman needs help, I certainly won't be giving it.
Regarding Bully, the last time I helped him I was actually addressing Nutmeg. The mechanics of the hack that Bully wanted to make were interesting enough for me to give some help for anyone who stumbled on the thread later. However, I did not give him the answer he was looking for, I only described one problem he would encounter.
I'm done hijacking this thread. I only wanted to correct the misinformation you were spreading.
hmm ok in fact, you never help me again... very pity
Quote from: dcx2 on December 30, 2010, 05:52:49 PM
However, I did not give him the answer he was looking for, I only described one problem he would encounter.
Yes, I was thinking: "what the hell is he talking about, this doesn´t help!"
Btw. if you think that you don´t help anymore, I never forced you to do so. It´s just that I love to hack some games, not regarding to ruin it, only to have fun.
This is the new leaderboard (we are sorry for our mistakes)
[spoiler](http://img441.imageshack.us/img441/8913/sjbe52013.png)[/spoiler]
Every noob can hack his score and we are the bad people?? Look at the list.
I myself didn´t make that hack... I used it because a few others already hacked the list, so it didn´t actually matter.
If there are 4 or 5, nobody cares, but the first one must be prevented.
And Nutmeg also doesn´t back off from Online codes, why is he the poor?
Want some proof anyway?
In my defense, I now use the leaderboard hack on msc because people have been putting up offensive names flaming legit msc players.
Proof:
http://www.youtube.com/watch?v=3QQq1-tfvNo
As for mkw, I haven't played in ages, so don't try to hold that against me, please.
@dcx2- so lfs is the equivalent of lwz except with floats? And stfs is the same as stw except with floats?
-And the are between 80001500 and 80001600 are almost never used, which is why I picked that address.
Quote from: Nutmeg on December 30, 2010, 06:32:07 PM
In my defense, I now use the leaderboard hack on msc because people have been putting up offensive names flaming legit msc players.
Proof:
http://www.youtube.com/watch?v=3QQq1-tfvNo
As for mkw, I haven't played in ages, so don't try to hold that against me, please.
lol funny video xDDD
Btw. you can´t say that you aren´t ever hack online anyway.
It doesn´t matter what others are doing with the leaderboards.
You even posted a video where you hacked two different leaderboards...
Quote from: Nutmeg on December 30, 2010, 06:37:37 PM
@dcx2- so lfs is the equivalent of lwz except with floats? And stfs is the same as stw except with floats?
-And the are between 80001500 and 80001600 are almost never used, which is why I picked that address.
just use this and finish...
stwu r1,-80(r1)
stmw r14,8(r1)
lis r14,0x XXXX
ori r14,r14,0x XXXX
stw r14,0(r29)
lmw r14,8(r1)
addi r1,r1,80
Quote from: Bully@Wiiplaza on December 30, 2010, 06:43:12 PM
Quote from: Nutmeg on December 30, 2010, 06:32:07 PM
In my defense, I now use the leaderboard hack on msc because people have been putting up offensive names flaming legit msc players.
Proof:
http://www.youtube.com/watch?v=3QQq1-tfvNo
As for mkw, I haven't played in ages, so don't try to hold that against me, please.
You even posted a video where you hacked two different leaderboards...
No I didn't... I did not make this video, but I am in the video. I am covering up the offensive names, like I said earlier.
I myself don't have a problem with online codes, but I'm sure dcx2 knows better than myself. I would assume companies have to hire employees for online security. exhibit a: Black Ops and all the patches...
Quote from: Deathwolf on December 30, 2010, 06:47:53 PM
Quote from: Nutmeg on December 30, 2010, 06:37:37 PM
@dcx2- so lfs is the equivalent of lwz except with floats? And stfs is the same as stw except with floats?
-And the are between 80001500 and 80001600 are almost never used, which is why I picked that address.
just use this and finish...
stwu r1,-80(r1)
stmw r14,8(r1)
lis r14,0x XXXX
ori r14,r14,0x XXXX
stw r14,0(r29)
lmw r14,8(r1)
addi r1,r1,80
yes this is the working template thx