I found an assembly instruction which executes when I get points (it is also the only one which is doing this for points)
But it also executes all the time when using excecute breakpoint.
So I would need a compare with a 8 digit value to write my value and don´t do anything if the instruction is not writing the points
(otherwise I crash instantly)
[spoiler]8068AD44: 80040000 lwz r0,0(r4)
8068AD48: 90030000 stw r0,0(r3)
8068AD4C: 4E800020 blr [/spoiler]
If r3 is not greater than 93000000
branch _END
lis r0, HHHH
ori r0, r0, TTTT
_END:
stw r0,0(r3)
is this template right, though?
Well, I don't know what registers are safe, but here is what I would try. Use cmpw instead of cmpwi:
Hook: 8068AD44
lis r1, 0x9300
ori r1, r1, 0x0000
cmpw r3, r1
ble- END
execute your ASM here
END
stw r0,0(r3)
Quote from: Nutmeg on January 02, 2011, 04:56:41 AM
Well, I don't know what registers are safe, but here is what I would try. Use cmpw instead of cmpwi:
Hook: 8068AD44
lis r1, 0x9300
ori r1, r1, 0x0000
cmpw r3, r1
ble- END
execute your ASM here
END
stw r0,0(r3)
:eek: forgot to post the registers, but I take the right one(s) tomorrow then.
Could work like this, but I am not totally sure.
wel it froze, but I noticed that my idea was wrong anyway.
This sucks!
- Adress is moving every time
- Pointer doesn´t find anything
- ASM freezes (and right instructions are executed more times for other things, when altered: crash)
...
you should try something like this:
lis r12,0xXXXX <--- load into address
ori r12,r12,0xXXXX
lhz r12,0(r12) <--- reading out 16bit values (like codetype 28)
cmpwi r12,0xXXXX <--- if greather than XXXX
ble- THE_END <-- branch
execute your ASM here <--- your ASM instruction
THE_END:
stw r0,0(r3)
Post the DASM and the breakpoint registers and I'll try to find the pointer.
Quote from: Nutmeg on January 02, 2011, 06:07:16 PM
Post the DASM and the breakpoint registers and I'll try to find the pointer.
[spoiler] CR:42000888 XER:00000000 CTR:806876DC DSIS:02400000
DAR:930B5554 SRR0:8068AD48 SRR1:00009032 LR:80687768
r0:000FF2EE r1:900D9D28 r2:802459C0 r3:930B5554
r4:80BC98F0 r5:900D9DA0 r6:00000000 r7:9303E880
r8:930B5550 r9:00004294 r10:930AA090 r11:900D9D28
r12:00000000 r13:80244680 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:80BC98F0 r21:930B5550 r22:8089FA70 r23:8092DE38
r24:80BBEA58 r25:80BCEA58 r26:00000000 r27:00006455
r28:00001964 r29:00000632 r30:000076CD r31:00004294
f0:00000000 f1:47768559 f2:FFC00000 f3:4F800000
f4:4F000000 f5:00000000 f6:00000000 f7:00000000
f8:41800000 f9:00000000 f10:00000000 f11:00000000
f12:C4181292 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:BF800000 f30:59800004 f31:3A83126F[/spoiler]
The Function is only 3 instructions long :s
[spoiler]8068AD44: 80040000 lwz r0,0(r4)
8068AD48: 90030000 stw r0,0(r3)
8068AD4C: 4E800020 blr [/spoiler]
Hmm... okay then... You need to find the instruction that loads the address into r4. I have no clue how to do that....
if dcx2 posts some help... that would be awesome... ::)
bully.... go memory viewer, pause the game and search for the r3 value!
example the address of this value is 80356980.
lis r12,0x8035 <--- load into address
ori r12,r12,0x682
lhz r12,0(r12) <--- reading out 16bit values (93000000)
cmpwi r12,0x0000 <--- if greather than 9300[[0000]]
ble- THE_END <-- branch
execute your ASM here <--- your ASM instruction
THE_END:
stw r0,0(r3)
r3 is different every match and there are also sometimes values bigger than 93000000, which aren´t related to the score.
Quote from: Bully@Wiiplaza on January 02, 2011, 08:58:38 PM
r3 is different every match and there are also sometimes values bigger than 93000000, which aren´t related to the score.
pause the game
Is the instruction before the hook different everytime?
Quote from: Nutmeg on January 03, 2011, 12:19:11 AM
Is the instruction before the hook different everytime?
no, the disassembler is always like this.