This is driving me crazy. I can't hook anything! + the addresses change at each song...
There's 1 good thing though;there's only one address at a time. So this is always the function.
Registers
[spoiler] CR:42200088 XER:00000000 CTR:801D5D40 DSIS:00400000
DAR:900421C8 SRR0:801D586C SRR1:0000A032 LR:801D5D48
r0:00000001 r1:806471C8 r2:8062B380 r3:90107468
r4:900421BC r5:801E1808 r6:00000000 r7:00000000
r8:0000001A r9:806470C8 r10:00000000 r11:80647178
r12:800B1E00 r13:80626840 r14:804256D0 r15:900D1DF8
r16:80425608 r17:80425778 r18:8042576C r19:80425760
r20:80425754 r21:80425748 r22:8042573C r23:80425730
r24:80425724 r25:909337AC r26:00000000 r27:8096C8A0
r28:8096C7A0 r29:8043BD40 r30:80440000 r31:90107468
f0:3F800000 f1:3EE2E2E5 f2:3B166D00 f3:BE8C48C7
f4:3C901440 f5:3F762B04 f6:3F7FF5B0 f7:BC856A00
f8:BED7548F f9:BF914308 f10:BF5CE9C5 f11:3EB9D14D
f12:3EFAB481 f13:38C40972 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:59800004 f30:3FC90FDB f31:43E00000[/spoiler]
Function
[spoiler]801D57D8: 9421FFE0 stwu r1,-32(r1) ----> r1= 806471E8. -32r1=806471C8
801D57DC: 7C0802A6 mflr r0 ----> r0=801D5D48
801D57E0: 90010024 stw r0,36(r1) ----->4BFFFEE4 to 806471E8
801D57E4: BFC10018 stmw r30,24(r1) ----> [(80440000 address)(80185308 value)] to 80647204
801D57E8: 7C7F1B78 mr r31,r3 ---->90106868 (this changes when the address changes)
801D57EC: 80830020 lwz r4,32(r3) ---->90040F78
801D57F0: 88040009 lbz r0,9(r4) ---->9(r4) value=808A6954
801D57F4: 2C000000 cmpwi r0,0
801D57F8: 41820058 beq- 0x801d5850 ----> branch where it loads r0
801D57FC: 80830010 lwz r4,16(r3) ----> 16(r3) address is 90109178 value is 808A6A44
801D5800: 38C00000 li r6,0
801D5804: 80BF001C lwz r5,28(r31) ----> 28(r31)= address 90106B84 and 900D4630 as the value
801D5808: 38840001 addi r4,r4,1 ---->=80895897
801D580C: 90830010 stw r4,16(r3)
801D5810: 80630014 lwz r3,20(r3) r3=900D87A8
801D5814: 4BFFDB01 bl 0x801d3314 ----> branch link back to previous function which sends me
into a loop this could be the pause option which I'm on now.
801D5818: 80BF0020 lwz r5,32(r31)
801D581C: 3BC00000 li r30,0
801D5820: 38810008 addi r4,r1,8
801D5824: 38C00000 li r6,0
801D5828: 90650004 stw r3,4(r5)
801D582C: 93C10008 stw r30,8(r1)
801D5830: 80BF0020 lwz r5,32(r31)
801D5834: 807F0014 lwz r3,20(r31)
801D5838: 38A5000C addi r5,r5,12
801D583C: 48006555 bl 0x801dbd90 ---->branch link other function
801D5840: 809F0020 lwz r4,32(r31)
801D5844: 98640008 stb r3,8(r4)
801D5848: 807F0020 lwz r3,32(r31)
801D584C: 9BC30009 stb r30,9(r3)
801D5850: 809F0020 lwz r4,32(r31) ----> =90040F78
801D5854: 88040008 lbz r0,8(r4) ----> =808A6954
801D5858: 2C000000 cmpwi r0,0
801D585C: 40820010 bne- 0x801d586c ----> branches to where it subs the r0 if it's not 0
801D5860: 80040000 lwz r0,0(r4)
801D5864: 901F0010 stw r0,16(r31)
801D5868: 48000054 b 0x801d58bc
801D586C: 8064000C lwz r3,12(r4) ----> loads DAR into r3 (*bp read)
801D5870: 3803FFFF subi r0,r3,1
801D5874: 9004000C stw r0,12(r4) ---> stores to DAR (*bp write)
801D5878: 809F0020 lwz r4,32(r31)
801D587C: 8004000C lwz r0,12(r4)
801D5880: 2C000000 cmpwi r0,0
801D5884: 41820010 beq- 0x801d5894 ---> branches to stop the game??
801D5888: 80040000 lwz r0,0(r4)
801D588C: 901F0010 stw r0,16(r31)
801D5890: 4800002C b 0x801d58bc
801D5894: 801F0034 lwz r0,52(r31) ----> load stop the game
801D5898: 80640004 lwz r3,4(r4)
801D589C: 7C040040 cmplw r4,r0
801D58A0: 907F0010 stw r3,16(r31)
801D58A4: 40820010 bne- 0x801d58b4 ---> branch to end
801D58A8: 38000000 li r0,0
801D58AC: 901F0020 stw r0,32(r31)
801D58B0: 4800000C b 0x801d58bc ---> branch to end
801D58B4: 3804FFF0 subi r0,r4,16
801D58B8: 901F0020 stw r0,32(r31)
801D58BC: BBC10018 lmw r30,24(r1)
801D58C0: 80010024 lwz r0,36(r1)
801D58C4: 7C0803A6 mtlr r0
801D58C8: 38210020 addi r1,r1,32
801D58CC: 4E800020 blr [/spoiler]
Because I can't hook it properly, I can't see the registers right!
This is for the Rock Meter.
So I'm thinking that where it branches to the sub, to replace it with a bne- to the end but it freezes.
What WOULD be the nicest thing to do here?
I decided to go on my own tangent here and found out that Guitar Hero Metallica doesn't use the same location and figuration to calculate the Guitar Rock Meter. So here is the working Rock Meter Address
903F0B80 which works when poked!
Let's see if I can figure out what is subtracting and adding to the address.
Easy code for Guitar Rock Meter
42000000 90000000
04084920 40000000
E0000000 80008000
it's really called Guitar Hero "Metallica"?
Quote from: Deathwolf on February 27, 2011, 01:05:23 AM
it's really called Guitar Hero "Metallica"?
I did a quick search and yes. Unless you know different. I'm happy to be stood corrected.
Sure I know this Metal band but I didn't know this game which is called Metallica.