So let me do some explaining first. I did a Write breakpoint at 80E92F8C And got
Registers
[spoiler]CR:48000088 XER:20000000 CTR:8009ABC0 DSIS:02400000
DAR:80E92F8C SRR0:805AE5F4 SRR1:0000B032 LR:8057A720
r0:00000001 r1:80394A68 r2:8038AC20 r3:80E92F2C
r4:80890000 r5:00000000 r6:00000000 r7:00000000
r8:00000000 r9:00000000 r10:00000000 r11:80394A08
r12:8009ABC0 r13:80388880 r14:00000000 r15:80FE5484
r16:80E930A0 r17:00000000 r18:0000000E r19:00000000
r20:00000000 r21:80E92CF4 r22:0000000E r23:00000000
r24:00000000 r25:0000000C r26:00000000 r27:00000000
r28:00000000 r29:00000000 r30:80E92A20 r31:0000010E[/spoiler]
Disasmbly
[spoiler]805AE5F4: 90A30060 stw r5,96(r3)
805AE5F8: D023006C stfs f1,108(r3)
805AE5FC: D0230070 stfs f1,112(r3)
805AE600: D0230074 stfs f1,116(r3)
805AE604: D0030068 stfs f0,104(r3)
805AE608: 98030064 stb r0,100(r3)[/spoiler]
Disasembly tab
[spoiler]805AE5DC: 3CA08089 lis r5,-32631
805AE5E0: 3C808089 lis r4,-32631
805AE5E4: C025E0F0 lfs f1,-7952(r5)
805AE5E8: 38A00000 li r5,0
805AE5EC: C004E080 lfs f0,-8064(r4)
805AE5F0: 38000001 li r0,1
805AE5F4: 90A30060 stw r5,96(r3)
805AE5F8: D023006C stfs f1,108(r3)
805AE5FC: D0230070 stfs f1,112(r3)
805AE600: D0230074 stfs f1,116(r3)
805AE604: D0030068 stfs f0,104(r3)
805AE608: 98030064 stb r0,100(r3)
805AE60C: 4E800020 blr
[/spoiler]
So my question is what do I do with this.
When your code uses float registers, you should also copy and paste them with the integer registers.
At your breakpoint, what are the values in f1 and f0?
Why did you choose to break on 80E92F8C? Is there some significance to the value at that address?
Sorry about the delay went to chickfil-a. Anyway the value at f1 is 1 and at f0 0. I breaked on 80E92F8C because the value changed from 00000001 to 00000000 when I got hit. So what does stfs and stb mean?
I just tried to make a code out of this and it crashed the game. The code is
C25AE5E8 00000002
38A00001 38600001
60000000 00000000
Which is
li r5,1
li r3,1
nop
What's wrong with that?
Hey Toonlink444,
Check out my post. dcx2 explains it perfectly
[spoiler]http://wiird.l0nk.org/forum/index.php/topic,7791.0.html[/spoiler]
translation = you need your anti code which is your bp first address ( not the address you put in to bp)
so 805AE5F4 90A30060
which makes 045AE5F4 90A30060 in your gct section
then your asm and finish it with the bp's asm stw r5,96(r3)
but in your case, you have 2 bps... do it again and we'll work at it together. are you pal? cause I've got pal version...
It crashed because you replaced r3 with a 1.
1 is not a valid address. So when the game went to execute stfs f1,108(r3), it couldn't, because r3 was not a valid address.
What possessed you to change r3 to a 1?
Patedj is half right. You forgot to include the original instruction in your C2 code. You're supposed to do that.
However, you only need the anticode if you're trying to disable your C2 code. If you never plan on disabling your C2 code, you don't need an anticode.
I'm going snowboarding tomorrow so we can countinue this sunday afternoon when I get back. And I'm NTSC-US sorry i would like to work togather too.
Code would be:
Hook: 805AE5F8
lis r12, XXXX
ori r12, r12, YYYY
stw r12, 108 (r3)
stfs f1,108(r3)
XXXX = first 16 bit
YYYY = second 16 bit
If you want to write 000000001, it would look like this:
Hook: 805AE5F8
lis r12, 0x0000
ori r12, r12, 0x0001
stw r12, 108 (r3)
stfs f1,108(r3)
Always write "0x" infront.
But generally, I recommend using breakpoint read, which is mostly better, but seems harder to handle!
I thought asm instructions could only be an odd number? And I copyed all the registers to a notepad so I can work on it with out my wii (but that means no testing).
I want to know about the stfs instruction. And the floats.
Anyway the code didn't work.
break point again. send us the function and registers... but this time wait a bit and make sure that the bp is consistent. O0
Quote from: toonlink444 on January 28, 2011, 05:26:09 PM
Anyway the code didn't work.
that´s common.
If it didn´t work, set a new breakpoint and see if you get a different one.
Try again.
If you are good, you can "see" if it´s the right one or not... :p
Sorry I haven't posted in awhile. The snowboard trip took longer than I thought. Anyway I made a discovery.
Heres when I'm just flatened.
Address:80E92E8C
Breakpoint registers and floats
[spoiler]CR:48000088 XER:20000000 CTR:8009ABC0 DSIS:02400000
DAR:80E92E8C SRR0:805AE5F4 SRR1:0000B032 LR:8057A720
r0:00000001 r1:80394A68 r2:8038AC20 r3:80E92E2C
r4:80890000 r5:00000000 r6:00000000 r7:00000000
r8:00000000 r9:00000000 r10:00000000 r11:80394A08
r12:8009ABC0 r13:80388880 r14:00000000 r15:80FE5384
r16:80E92FA0 r17:00000000 r18:0000000E r19:00000000
r20:00000000 r21:80E92BF4 r22:0000000E r23:00000000
r24:00000000 r25:0000000C r26:00000000 r27:00000000
r28:00000000 r29:00000000 r30:80E92920 r31:0000010E
f0:00000000 f1:3F800000 f2:59800004 f3:348B0B8F
f4:00000000 f5:34F33486 f6:B2428EF0 f7:3BE07B10
f8:A1C23FF5 f9:3DA9827A f10:3DA9827A f11:AF7A10F6
f12:40400000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:BF34FDF4 f29:00000000 f30:3BA3D70A f31:00000000[/spoiler]
Disasembly
[spoiler]805AE5F4: 90A30060 stw r5,96(r3)
805AE5F8: D023006C stfs f1,108(r3)
805AE5FC: D0230070 stfs f1,112(r3)
805AE600: D0230074 stfs f1,116(r3)
805AE604: D0030068 stfs f0,104(r3)
805AE608: 98030064 stb r0,100(r3)[/spoiler]
Disasasembler tab
[spoiler]805AE5DC: 3CA08089 lis r5,-32631
805AE5E0: 3C808089 lis r4,-32631
805AE5E4: C025E0F0 lfs f1,-7952(r5)
805AE5E8: 38A00000 li r5,0
805AE5EC: C004E080 lfs f0,-8064(r4)
805AE5F0: 38000001 li r0,1
805AE5F4: 90A30060 stw r5,96(r3)
805AE5F8: D023006C stfs f1,108(r3)
805AE5FC: D0230070 stfs f1,112(r3)
805AE600: D0230074 stfs f1,116(r3)
805AE604: D0030068 stfs f0,104(r3)
805AE608: 98030064 stb r0,100(r3)
805AE60C: 4E800020 blr
[/spoiler]
When I pop up
registers and floats
[spoiler]CR:48000088 XER:20000000 CTR:8009ABC0 DSIS:02400000
DAR:80E92E8C SRR0:805AE614 SRR1:0000B032 LR:80573020
r0:00000001 r1:80394C98 r2:8038AC20 r3:80E92E2C
r4:00000003 r5:00009032 r6:801A9C68 r7:00000000
r8:00000000 r9:40000000 r10:00000000 r11:80394C38
r12:8009ABC0 r13:80388880 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:8029FD00 r22:00000000 r23:00000000
r24:00000001 r25:00000001 r26:00000000 r27:80E92B84
r28:80E92920 r29:00000000 r30:808B1030 r31:8088D4E8
f0:3F800000 f1:3F800000 f2:59800004 f3:35BDADFC
f4:00000000 f5:36C711D1 f6:B41F3FEF f7:3DB81FE5
f8:A3AE30B4 f9:BE9984C0 f10:BE9984C0 f11:306279C2
f12:40400000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:00000000 f31:00000000[/spoiler]
Disasembly
[spoiler]805AE614: 90030060 stw r0,96(r3)
805AE618: 3C80808B lis r4,-32629
805AE61C: 3CA08089 lis r5,-32631
805AE620: C04428BC lfs f2,10428(r4)
805AE624: 3C808089 lis r4,-32631
805AE628: C025E0F0 lfs f1,-7952(r5)[/spoiler]
Disasasembler tab
[spoiler]805AE610: 38000001 li r0,1
805AE614: 90030060 stw r0,96(r3)
805AE618: 3C80808B lis r4,-32629
805AE61C: 3CA08089 lis r5,-32631
805AE620: C04428BC lfs f2,10428(r4)
805AE624: 3C808089 lis r4,-32631
805AE628: C025E0F0 lfs f1,-7952(r5)
805AE62C: C004E080 lfs f0,-8064(r4)
805AE630: D023006C stfs f1,108(r3)
805AE634: D0430070 stfs f2,112(r3)
805AE638: D0230074 stfs f1,116(r3)
805AE63C: D0030068 stfs f0,104(r3)
805AE640: 98030064 stb r0,100(r3)
805AE644: 4E800020 blr
[/spoiler]
Their different. What do you make of this?
could you right click -copy function. ( Dissassembly ) for a complete view of what happens. This can sometimes help more.
I think r5 is the data that get's registered for the address. So I think if you set the r5 to 1 all the time then you'd never get flattened. or at least unattended instantaneously. Take a breakpoint ( read ) when driving at that address.
I did right click, copy function. To me it looks like r0 and r5 have some importance.
You don't need the "middle" spoiler that you labeled just "disassembly". All of that and more is in the dump from the Disassembler tab (the "third" spoiler).
Patedj, he did use Copy Function; those look simple because they're "leaf functions". They don't call any other functions, and they don't use any local variables, so they don't need to create a stack frame, hence the lack of stwu/mflr/.../mtlr/addi/blr.
It looks to me like there are "flags" at 96(r3) and 100(r3). The 96(r3) flag is set to 0 when you're flattened and 1 when you're unflattened. This might be a "am I flattened" flag, which keeps you from getting flattened when you're already flat. The 100(r3) flag is always set to 1...I dunno what that's for, maybe starts an animation or something?
The only float that's different between the two is the one stored at 112(r3). The other float locations are loaded with the same values for both flattening and unflattening.
One thing that you might find enlightening...when you're on either of the stw r5,96(r3) breakpoints, click the Show Mem button. It will switch to Memory Viewer. Hit run, then check auto-update. Then try to get flattened and look at what the values in memory are doing. It might help to change the Memory Viewer View Mode to auto dot.
What are "Flags"?
They're like sticky notes for the CPU.
If you get flattened, and you get hit again, you don't want to get "re-flattened". So the CPU sets a flag when you get flattened.
If you try to get flattened again while already flat, the CPU will see that the "flat flag" is already set, and it will know that it doesn't have to re-flatten you.
Ok, I changed mem viewer to Auto dot and when I got flatened I got, . . . . and when big 00000001. what do the . . . .s mean?
I got it to stay flat :D But it doesn't act flat. :-\ I got it to stay flat by making li r0,1 always be li r0,0. But in Moonview Highway(where I'm testing) You still get ran over not able to go under.
Auto Dot attempts to guess the data type for each cell in Memory Viewer. However, the value 00000000 is ambiguous; it can be a float, an integer, etc. So auto dot replaces 00000000 with . . . . which helps the data types stand out.
You should actually be looking at the floats just after the 1. They should change in some predictable pattern when you get flat. That's why I asked you to use auto dot. 1.0 probably means more to you than 3F800000.
Try changing address 805AE5E8 from li r5,0 to li r5,1 instead. See what that does. It might prevent you from ever going flat.
Changing the li r0,1 to li r0,0 might backfire, because both 805AE614 and 805AE640 write r0 somewhere, so you're actually changing more than one thing. If the li r5,1 thing works as I expect, we'll see about writing you a C2 that modifies only 96(r3) and leaves 100(r3) alone.
O0 Thanks dcx2, sorry toonlink444.
About? Anyway If it wasn't for school :mad: and homework >:( I would have this done. Thats way they're long breaks between posts. Get back in a minute.
your right dcx2. When you get hit you pop right back up when r5 is set to 0.
Discovery!!!!! Value 80E92EFC stores the float that raises and lowers your hight. When set to 0.3(3E99999A) You become flat. I'm building off of that. See you guys tomorrow.
I'm looking forward to it. O0
Ok I'm back. I got a base for the code. Tell me if you think it might work. I have to boot up gecko dotNet first though.
Ok it didn't work :'( I was wondering how can I put the value of address 80E92EFC into the code? 80E92EFC isn't called for(but it makes you flat) so how can I use it.
Here's a code I just made.
28341462 FFFB0004
04E92E9C 3E99999A
E0000000 80008000
28341462 FFF70008
04E92E9C 3F7FFF4A
E0000000 80008000
It makes you flat when you hit down on the d-pad, and normal when d-pad up.
But my goal is to make it in ASM so I can learn some.
send us the bp for the address.
Set a "read" breakpoint with the "exact match" button checked. After that, I can step you through my tutorial if you like. ;)
I tried read breakpoints but I'll try again.
It didn't break on a "read" breakpoint?
no
...
Are you sure that this is the only address that makes you flattened, then? You may have found the "Y" coordinate of your character, not the address that contains whether you are flattened or not.
If it's the Y-cordinate it would go up when I'm in the air. So yes it's the one.
No, like the character height. Like, the actual height of the car. not how high in the air it is.
If you poke it to be a big float, do you become really tall?
No. It's a float value you have to use, and the code I made freezes the game now. I figure that the address for being flat changes each time, yet the ASM stays the same :confused:
anyone :confused:
You're right Nutmeg. After looking closely at the break points it looks like it's loading a flat value, then the floats are counting when to pop back up. Not saying that it's flat.
Here's the new breakpoint on 80E7FF48
Disassembler
[spoiler]80708424: 9421FFE0 stwu r1,-32(r1)
80708428: 7C0802A6 mflr r0
8070842C: 90010024 stw r0,36(r1)
80708430: 93E1001C stw r31,28(r1)
80708434: 93C10018 stw r30,24(r1)
80708438: 93A10014 stw r29,20(r1)
8070843C: 7C7D1B78 mr r29,r3
80708440: 93810010 stw r28,16(r1)
80708444: 3F80809C lis r28,-32612
80708448: 807CDBB8 lwz r3,-9288(r28)
8070844C: 480018B1 bl 0x80709cfc
80708450: 7C7E1B78 mr r30,r3
80708454: 807CDBB8 lwz r3,-9288(r28)
80708458: 48001831 bl 0x80709c88
8070845C: 7C7F1B78 mr r31,r3
80708460: 807CDBB8 lwz r3,-9288(r28)
80708464: 48001761 bl 0x80709bc4
80708468: 801D0010 lwz r0,16(r29)
8070846C: 2C000000 cmpwi r0,0
80708470: 41820010 beq- 0x80708480
80708474: 2C000001 cmpwi r0,1
80708478: 4182007C beq- 0x807084f4
8070847C: 480000EC b 0x80708568
80708480: 2C1F0000 cmpwi r31,0
80708484: 4182003C beq- 0x807084c0
80708488: 2C1E0000 cmpwi r30,0
8070848C: 41820028 beq- 0x807084b4
80708490: 881D0015 lbz r0,21(r29)
80708494: 2C000000 cmpwi r0,0
80708498: 41820010 beq- 0x807084a8
8070849C: 38000000 li r0,0
807084A0: 901D0010 stw r0,16(r29)
807084A4: 48000108 b 0x807085ac
807084A8: 38000001 li r0,1
807084AC: 901D0010 stw r0,16(r29)
807084B0: 480000FC b 0x807085ac
807084B4: 38000001 li r0,1
807084B8: 901D0010 stw r0,16(r29)
807084BC: 480000F0 b 0x807085ac
807084C0: 2C1E0000 cmpwi r30,0
807084C4: 41820010 beq- 0x807084d4
807084C8: 38000000 li r0,0
807084CC: 901D0010 stw r0,16(r29)
807084D0: 480000DC b 0x807085ac
807084D4: 2C030000 cmpwi r3,0
807084D8: 41820010 beq- 0x807084e8
807084DC: 38000002 li r0,2
807084E0: 901D0010 stw r0,16(r29)
807084E4: 480000C8 b 0x807085ac
807084E8: 38000003 li r0,3
807084EC: 901D0010 stw r0,16(r29)
807084F0: 480000BC b 0x807085ac
807084F4: 2C1E0000 cmpwi r30,0
807084F8: 4182003C beq- 0x80708534
807084FC: 2C1F0000 cmpwi r31,0
80708500: 41820028 beq- 0x80708528
80708504: 881D0014 lbz r0,20(r29)
80708508: 2C000000 cmpwi r0,0
8070850C: 41820010 beq- 0x8070851c
80708510: 38000001 li r0,1
80708514: 901D0010 stw r0,16(r29)
80708518: 48000094 b 0x807085ac
8070851C: 38000000 li r0,0
80708520: 901D0010 stw r0,16(r29)
80708524: 48000088 b 0x807085ac
80708528: 38000001 li r0,1
8070852C: 901D0010 stw r0,16(r29)
80708530: 4800007C b 0x807085ac
80708534: 2C1F0000 cmpwi r31,0
80708538: 41820010 beq- 0x80708548
8070853C: 38000001 li r0,1
80708540: 901D0010 stw r0,16(r29)
80708544: 48000068 b 0x807085ac
80708548: 2C030000 cmpwi r3,0
8070854C: 41820010 beq- 0x8070855c
80708550: 38000002 li r0,2
80708554: 901D0010 stw r0,16(r29)
80708558: 48000054 b 0x807085ac
8070855C: 38000003 li r0,3
80708560: 901D0010 stw r0,16(r29)
80708564: 48000048 b 0x807085ac
80708568: 2C1E0000 cmpwi r30,0
8070856C: 41820010 beq- 0x8070857c
80708570: 38000000 li r0,0
80708574: 901D0010 stw r0,16(r29)
80708578: 48000034 b 0x807085ac
8070857C: 2C1F0000 cmpwi r31,0
80708580: 41820010 beq- 0x80708590
80708584: 38000001 li r0,1
80708588: 901D0010 stw r0,16(r29)
8070858C: 48000020 b 0x807085ac
80708590: 2C030000 cmpwi r3,0
80708594: 41820010 beq- 0x807085a4
80708598: 38000002 li r0,2
8070859C: 901D0010 stw r0,16(r29)
807085A0: 4800000C b 0x807085ac
807085A4: 38000003 li r0,3
807085A8: 901D0010 stw r0,16(r29)
807085AC: 9BDD0014 stb r30,20(r29)
807085B0: 9BFD0015 stb r31,21(r29)
807085B4: 987D0016 stb r3,22(r29)
807085B8: 83E1001C lwz r31,28(r1)
807085BC: 83C10018 lwz r30,24(r1)
807085C0: 83A10014 lwz r29,20(r1)
807085C4: 83810010 lwz r28,16(r1)
807085C8: 80010024 lwz r0,36(r1)
807085CC: 7C0803A6 mtlr r0
807085D0: 38210020 addi r1,r1,32
807085D4: 4E800020 blr [/spoiler]
And I did use copy function.
Registers
[spoiler]R:28000088 XER:20000000 CTR:00000000 DSIS:00400000
DAR:80E7FF48 SRR0:80708468 SRR1:0000B032 LR:80708468
r0:00000000 r1:80394CC8 r2:8038AC20 r3:00000000
r4:80EA9444 r5:80E7FDB8 r6:00000002 r7:80394744
r8:00000000 r9:00000000 r10:00000000 r11:80394CC8
r12:800A8CC0 r13:80388880 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:8029FD00 r22:00000000 r23:808C0000
r24:00000000 r25:808C0000 r26:808C0000 r27:808C0000
r28:809C0000 r29:80E7FF38 r30:00000000 r31:00000000
f0:00000000 f1:00000000 f2:3F800000 f3:00000000
f4:00000000 f5:3F800000 f6:00000000 f7:00000000
f8:A3F6A344 f9:BE911144 f10:BE911144 f11:3056021D
f12:40400000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:00000000 f31:00000000[/spoiler]
There is my new info. I need to know what some of it is. Or if it's useless.
Edit: I used a Read/Write Breakpoint
On which address did the breakpoint hit?
Look at the SRR0 register, it will tell you the current address. In this case SRR0 = 80708468, so the breakpoint was probably 80708468: 801D0010 lwz r0,16(r29)
EDIT: this is why it helps to make the line with the breakpoint bold when you paste a disassembly. It saves us time when we help you.
DAR tells you the address a read or write breakpoint was meant to break on. DAR = 80E7FF48. So r29 + 0x10 should = DAR. r29 = 80E7FF38, so that matches too.
You were working with floats before...but now you aren't. What, exactly, is supposed to live at 80E7FF48? How did you find it?
Well like i said a post before it looked like the floats were changing like a countdown then when it reached a certien point it will start to go big. This address is essintualy the same but after a while of searching it gave me: Greater than = 00000003, Less than = 00000002. It looked a bit like before and it acted the same so I did a breakpoint. And TaDa your results ;)
P.S Can you give me a link with all the wii ASM instructions and what they mean so I don't have to pester you guys?
Okay, the picture is a little more clear now. Look at all (r29)'s in the disassembly. Lots of load words, compares, branches, load immediates, writes. This means it's making a lot of decisions. In fact, you can see a couple li r0's that have 2 and 3. So I would bet you're on the right track.
When you look at this address in Memory Viewer with auto-update, what happens to it while you're doing all kinds of stuff not related to getting flat? If you poke this address from one value to the other, what happens in the game?
---
Here's the reference I usually use for ASM. The gold standard would be the PowerPC datasheet from IBM, but we're mostly interested in just one appendix of that datasheet and this link covers pretty much just the stuff we're really interested in.
http://pds.twi.tudelft.nl/vakken/in101/labcourse/instruction-set/
Sorry about the long break I was busy. I'll get right back to you.
I don't think this is it. When I poked it nothing happened. And the address changed but the values stayed the same. And look at the registers.
[spoiler] CR:28000088 XER:20000000 CTR:00000000 DSIS:00400000
DAR:80E7FF08 SRR0:80708468 SRR1:0000B032 LR:80708468
r0:00000000 r1:80394CC8 r2:8038AC20 r3:00000000
r4:80EA9404 r5:80E7FD78 r6:00000002 r7:80394744
r8:00000000 r9:00000000 r10:00000000 r11:80394CC8
r12:800A8CC0 r13:80388880 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:8029FD00 r22:00000000 r23:808C0000
r24:00000000 r25:808C0000 r26:808C0000 r27:808C0000
r28:809C0000 r29:80E7FEF8 r30:00000000 r31:00000000
f0:00000000 f1:00000000 f2:3F800000 f3:00000000
f4:00000000 f5:3F800000 f6:00000000 f7:00000000
f8:22A648A4 f9:BDE087EC f10:BDE087EC f11:2FA59E22
f12:40400000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:00000000 f31:00000000[/spoiler]
DAR and r29 changed. Maybe more
New find. Address: 80E92EB4 value when big 42240000 value when flat 00000000. The registers and floats and ASM are exactly the same as the first.
DAR = the address you're breaking at.
Srr0= the the op it's breaking at.
And r29 (for amateur eyes... Me... seems that it could be used to locate the DAR)
lol I tried it by myself and found the adress to make you flat.
As I wrote the assembly, it froze when sending an ASM code a second time, the adress moved, I forgot to remember how I got it... it was pretty random aswell and the assembly also didn´t work ::) Damn.
That's my problem. When ever I seam to have the address it changes. So I keep looking for a address that remains the same.
Edit: The ASM is also hard. But I have had some success.
Edit 2: Are you trying to make me feel bad Bully. Have you looked at the offtopic post I made.