I loved the first blob so I had to get the second!
unfortunately I can't figure out the clock
I tried nopping, adding subtracting... all with walking the stack...
There's only 1 address in both 80s and 90s
Code type:
[spoiler]2866589A 00001000 --->controller
042A3F2C 60000000 ---> asm nop
CC000000 00000000 ---> on off
042A3F2C 90A30138 ---> original
[/spoiler]
This doesn't stop the clock entirely, only masks it.
Registers
[spoiler] CR:82200828 XER:00000000 CTR:800D5D60 DSIS:02400000
DAR:81043190 SRR0:802A3F30 SRR1:0000A032 LR:8014DB98
r0:00000001 r1:8069DBD0 r2:80687000 r3:81043060
r4:0000001A r5:0000002D r6:00000000 r7:00000000
r8:900163D8 r9:00000002 r10:8069DBF0 r11:8069DBE0
r12:8069DBF0 r13:80680F00 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:00000000 r22:00000000 r23:00000000
r24:00000000 r25:00000000 r26:00000000 r27:00000000
r28:00000000 r29:00000645 r30:00000645 r31:81043060
f0:44C89FA6 f1:44C8A000 f2:59C00000 f3:00000000
f4:C29AB482 f5:436520EE f6:3D5CF381 f7:3A319AC2
f8:3ADB1C97 f9:398FF24B f10:383C078F f11:3E088888
f12:3CB327A4 f13:3B6B6916 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:3C88AB17 f30:3C88AB17 f31:44C8A02F[/spoiler]
Function
[spoiler]802A3EF0: 9421FFE0 stwu r1,-32(r1)
802A3EF4: 7C0802A6 mflr r0
802A3EF8: 90010024 stw r0,36(r1)
802A3EFC: 93E1001C stw r31,28(r1)
802A3F00: 7C7F1B78 mr r31,r3
802A3F04: 80030134 lwz r0,308(r3)
802A3F08: 7C040000 cmpw r4,r0
802A3F0C: 41820010 beq- 0x802a3f1c
802A3F10: 38000001 li r0,1
802A3F14: 90830134 stw r4,308(r3)
802A3F18: 98030130 stb r0,304(r3)
802A3F1C: 80030138 lwz r0,312(r3)
802A3F20: 7C050000 cmpw r5,r0
802A3F24: 41820010 beq- 0x802a3f34
802A3F28: 38000001 li r0,1
802A3F2C: 90A30138 stw r5,312(r3) ---> breaks here.
802A3F30: 98030130 stb r0,304(r3)
802A3F34: 88030130 lbz r0,304(r3)
802A3F38: 2C000000 cmpwi r0,0
802A3F3C: 418200E4 beq- 0x802a4020
802A3F40: 8083017C lwz r4,380(r3)
802A3F44: 2C040000 cmpwi r4,0
802A3F48: 41820050 beq- 0x802a3f98
802A3F4C: 6CA38000 xoris r3,r5,32768
802A3F50: 3C004330 lis r0,17200
802A3F54: 9061000C stw r3,12(r1)
802A3F58: 38640068 addi r3,r4,104
802A3F5C: C822B530 lfd f1,-19152(r2)
802A3F60: 38800001 li r4,1
802A3F64: 90010008 stw r0,8(r1)
802A3F68: C062B528 lfs f3,-19160(r2)
802A3F6C: C8010008 lfd f0,8(r1)
802A3F70: C042B524 lfs f2,-19164(r2)
802A3F74: EC800828 fsubs f4,f0,f1
802A3F78: C01F0190 lfs f0,400(r31)
802A3F7C: C03F018C lfs f1,396(r31)
802A3F80: EC641824 fdivs f3,f4,f3
802A3F84: EC421828 fsubs f2,f2,f3
802A3F88: EC000828 fsubs f0,f0,f1
802A3F8C: EC020032 fmuls f0,f2,f0
802A3F90: EC21002A fadds f1,f1,f0
802A3F94: 48073F6D bl 0x80317f00
802A3F98: 80DF0134 lwz r6,308(r31)
802A3F9C: 80FF0138 lwz r7,312(r31)
802A3FA0: 2C060000 cmpwi r6,0
802A3FA4: 40820034 bne- 0x802a3fd8
802A3FA8: 3CC08059 lis r6,-32679
802A3FAC: 2C07000A cmpwi r7,10
802A3FB0: 38C6CC20 subi r6,r6,13280
802A3FB4: 387F013C addi r3,r31,316
802A3FB8: 38A60072 addi r5,r6,114
802A3FBC: 38800010 li r4,16
802A3FC0: 40800008 bge- 0x802a3fc8
802A3FC4: 38A60066 addi r5,r6,102
802A3FC8: 7CE63B78 mr r6,r7
802A3FCC: 4CC63182 crclr 6,6
802A3FD0: 4805B7B1 bl 0x802ff780
802A3FD4: 4800002C b 0x802a4000
802A3FD8: 3D008059 lis r8,-32679
802A3FDC: 2C07000A cmpwi r7,10
802A3FE0: 3908CC20 subi r8,r8,13280
802A3FE4: 387F013C addi r3,r31,316
802A3FE8: 38A8008A addi r5,r8,138
802A3FEC: 38800010 li r4,16
802A3FF0: 40800008 bge- 0x802a3ff8
802A3FF4: 38A8007C addi r5,r8,124
802A3FF8: 4CC63182 crclr 6,6
802A3FFC: 4805B785 bl 0x802ff780
802A4000: 819F0000 lwz r12,0(r31)
802A4004: 7FE3FB78 mr r3,r31
802A4008: 389F013C addi r4,r31,316
802A400C: 38A00000 li r5,0
802A4010: 818C0094 lwz r12,148(r12)
802A4014: 38C0FFFF li r6,-1
802A4018: 7D8903A6 mtctr r12
802A401C: 4E800421 bctrl
802A4020: 80010024 lwz r0,36(r1)
802A4024: 83E1001C lwz r31,28(r1)
802A4028: 7C0803A6 mtlr r0
802A402C: 38210020 addi r1,r1,32
802A4030: 4E800020 blr
[/spoiler]
Stacks
[spoiler]802A3F2C
8014DB94
8014DB94
8014EECC
801239E0
80129C40
800AD8BC
802FD514
800A8828
800041B0
[/spoiler]
LR function
[spoiler]8014D950: 9421FFA0 stwu r1,-96(r1)
8014D954: 7C0802A6 mflr r0
8014D958: 90010064 stw r0,100(r1)
8014D95C: DBE10050 stfd f31,80(r1)
8014D960: F3E10058 psq_st f31,88(r1),0,0
8014D964: DBC10040 stfd f30,64(r1)
8014D968: F3C10048 psq_st f30,72(r1),0,0
8014D96C: FFC00890 fmr f30,f1
8014D970: 93E1003C stw r31,60(r1)
8014D974: 7C7F1B78 mr r31,r3
8014D978: 93C10038 stw r30,56(r1)
8014D97C: 3BC00000 li r30,0
8014D980: 93A10034 stw r29,52(r1)
8014D984: 3BA3021C addi r29,r3,540
8014D988: 93810030 stw r28,48(r1)
8014D98C: 48000018 b 0x8014d9a4
8014D990: FC20F090 fmr f1,f30
8014D994: 7FA3EB78 mr r3,r29
8014D998: 48003179 bl 0x80150b10
8014D99C: 3BBD0020 addi r29,r29,32
8014D9A0: 3BDE0001 addi r30,r30,1 -----> freezes the game if I change it to sub
8014D9A4: 806DC610 lwz r3,-14832(r13)
8014D9A8: 88030064 lbz r0,100(r3)
8014D9AC: 2C000000 cmpwi r0,0
8014D9B0: 4182000C beq- 0x8014d9bc
8014D9B4: 80030060 lwz r0,96(r3)
8014D9B8: 48000008 b 0x8014d9c0
8014D9BC: 38000000 li r0,0
8014D9C0: 7C1E0000 cmpw r30,r0
8014D9C4: 4180FFCC blt+ 0x8014d990
8014D9C8: 807F02AC lwz r3,684(r31)
8014D9CC: 38800000 li r4,0
8014D9D0: C01F000C lfs f0,12(r31)
8014D9D4: 881F0000 lbz r0,0(r31)
8014D9D8: EC00F02A fadds f0,f0,f30
8014D9DC: 8B83001B lbz r28,27(r3)
8014D9E0: 2C000000 cmpwi r0,0
8014D9E4: D01F000C stfs f0,12(r31)
8014D9E8: 40820014 bne- 0x8014d9fc
8014D9EC: 806DD0E0 lwz r3,-12064(r13)
8014D9F0: 88030333 lbz r0,819(r3)
8014D9F4: 2C000000 cmpwi r0,0
8014D9F8: 41820008 beq- 0x8014da00
8014D9FC: 38800001 li r4,1
8014DA00: 2C040000 cmpwi r4,0
8014DA04: 41820124 beq- 0x8014db28
8014DA08: 881F0010 lbz r0,16(r31)
8014DA0C: 2C000000 cmpwi r0,0
8014DA10: 40820118 bne- 0x8014db28
8014DA14: C3FF0008 lfs f31,8(r31)
8014DA18: C84292E8 lfd f2,-27928(r2)
8014DA1C: EC1FF028 fsubs f0,f31,f30
8014DA20: FC3F102A fadd f1,f31,f2
8014DA24: D01F0008 stfs f0,8(r31)
8014DA28: FC011028 fsub f0,f1,f2
8014DA2C: D8210018 stfd f1,24(r1)
8014DA30: FC00F840 fcmpo cr0,f0,f31
8014DA34: 40810010 ble- 0x8014da44
8014DA38: 8061001C lwz r3,28(r1)
8014DA3C: 3BC3FFFF subi r30,r3,1
8014DA40: 48000008 b 0x8014da48
8014DA44: 83C1001C lwz r30,28(r1)
8014DA48: C01F0008 lfs f0,8(r31)
8014DA4C: C84292E8 lfd f2,-27928(r2)
8014DA50: FC20102A fadd f1,f0,f2
8014DA54: D8210010 stfd f1,16(r1)
8014DA58: FC211028 fsub f1,f1,f2
8014DA5C: FC010040 fcmpo cr0,f1,f0
8014DA60: 40810010 ble- 0x8014da70
8014DA64: 80610014 lwz r3,20(r1)
8014DA68: 3BA3FFFF subi r29,r3,1
8014DA6C: 48000008 b 0x8014da74
8014DA70: 83A10014 lwz r29,20(r1)
8014DA74: 2C1E003C cmpwi r30,60
8014DA78: 40820020 bne- 0x8014da98
8014DA7C: 7C1EE800 cmpw r30,r29
8014DA80: 41820018 beq- 0x8014da98
8014DA84: 3C608055 lis r3,-32683
8014DA88: 38A00001 li r5,1
8014DA8C: 3863BAF0 subi r3,r3,17680
8014DA90: 3883000D addi r4,r3,13
8014DA94: 4BF82CED bl 0x800d0780
8014DA98: 381EFFFF subi r0,r30,1
8014DA9C: 28000004 cmplwi r0,4
8014DAA0: 41810020 bgt- 0x8014dac0
8014DAA4: 7C1EE800 cmpw r30,r29
8014DAA8: 41820018 beq- 0x8014dac0
8014DAAC: 3C608055 lis r3,-32683
8014DAB0: 38A00001 li r5,1
8014DAB4: 3863BAF0 subi r3,r3,17680
8014DAB8: 3883001B addi r4,r3,27
8014DABC: 4BF82CC5 bl 0x800d0780
8014DAC0: 881F0000 lbz r0,0(r31)
8014DAC4: 2C000000 cmpwi r0,0
8014DAC8: 4082004C bne- 0x8014db14
8014DACC: C02292F0 lfs f1,-27920(r2)
8014DAD0: FC1F0840 fcmpo cr0,f31,f1
8014DAD4: 40810040 ble- 0x8014db14
8014DAD8: C01F0008 lfs f0,8(r31)
8014DADC: FC000840 fcmpo cr0,f0,f1
8014DAE0: 4C401382 cror 2,0,2
8014DAE4: 40820030 bne- 0x8014db14
8014DAE8: 2C1C0000 cmpwi r28,0
8014DAEC: 40820028 bne- 0x8014db14
8014DAF0: C022A510 lfs f1,-23280(r2)
8014DAF4: 38600002 li r3,2
8014DAF8: 388003FC li r4,1020
8014DAFC: 38A00005 li r5,5
8014DB00: 38C00000 li r6,0
8014DB04: 38E00001 li r7,1
8014DB08: 39000000 li r8,0
8014DB0C: 39200000 li r9,0
8014DB10: 480BD241 bl 0x8020ad50
8014DB14: C03F0008 lfs f1,8(r31)
8014DB18: C00292E4 lfs f0,-27932(r2)
8014DB1C: FC010040 fcmpo cr0,f1,f0
8014DB20: 40800008 bge- 0x8014db28
8014DB24: D01F0008 stfs f0,8(r31)
8014DB28: C01F0008 lfs f0,8(r31)
8014DB2C: C84292E8 lfd f2,-27928(r2)
8014DB30: FC20102A fadd f1,f0,f2
8014DB34: D8210008 stfd f1,8(r1)
8014DB38: FC211028 fsub f1,f1,f2
8014DB3C: FC010040 fcmpo cr0,f1,f0
8014DB40: 40800010 bge- 0x8014db50
8014DB44: 8061000C lwz r3,12(r1)
8014DB48: 3BA30001 addi r29,r3,1
8014DB4C: 48000008 b 0x8014db54
8014DB50: 83A1000C lwz r29,12(r1)
8014DB54: 806DD0E0 lwz r3,-12064(r13)
8014DB58: 2C030000 cmpwi r3,0
8014DB5C: 4182003C beq- 0x8014db98
8014DB60: 3C808889 lis r4,-30583
8014DB64: 80630130 lwz r3,304(r3)
8014DB68: 38048889 subi r0,r4,30583
8014DB6C: 7C00E896 mulhw r0,r0,r29
8014DB70: 7C00EA14 add r0,r0,r29
8014DB74: 7C052E70 srawi r5,r0,5
8014DB78: 7C002E70 srawi r0,r0,5
8014DB7C: 54040FFE rlwinm r4,r0,1,31,31
8014DB80: 54A60FFE rlwinm r6,r5,1,31,31
8014DB84: 7C002214 add r0,r0,r4
8014DB88: 1C00003C mulli r0,r0,60
8014DB8C: 7C853214 add r4,r5,r6
8014DB90: 7CA0E850 sub r5,r29,r0 ---> add = works but there's more then this making it go
up or down!! r30 and r3 also influence I think
8014DB94: 4815635D bl 0x802a3ef0
8014DB98: 806DCAE0 lwz r3,-13600(r13)
8014DB9C: 7FA4EB78 mr r4,r29
8014DBA0: 480021D1 bl 0x8014fd70
8014DBA4: C01F000C lfs f0,12(r31)
8014DBA8: 806DCAE0 lwz r3,-13600(r13)
8014DBAC: FC00001E fctiwz f0,f0
8014DBB0: D8010020 stfd f0,32(r1)
8014DBB4: 80810024 lwz r4,36(r1)
8014DBB8: 48002299 bl 0x8014fe50
8014DBBC: 80010064 lwz r0,100(r1)
8014DBC0: E3E10058 psq_l f31,88(r1),0,0
8014DBC4: CBE10050 lfd f31,80(r1)
8014DBC8: E3C10048 psq_l f30,72(r1),0,0
8014DBCC: CBC10040 lfd f30,64(r1)
8014DBD0: 83E1003C lwz r31,60(r1)
8014DBD4: 83C10038 lwz r30,56(r1)
8014DBD8: 83A10034 lwz r29,52(r1)
8014DBDC: 83810030 lwz r28,48(r1)
8014DBE0: 7C0803A6 mtlr r0
8014DBE4: 38210060 addi r1,r1,96
8014DBE8: 4E800020 blr
[/spoiler]
help
8014DB8C: 7C853214 add r4,r5,r6
8014DB90: 7CA0E850 sub r5,r29,r0
8014DB94: 4815635D bl 0x802a3ef0
From the rest of it, it kinda looks like r4 and r5 right here are doing some sort of minutes and seconds thing, or seconds/subseconds.
Sure enough, look at r30, r4, and r5.
60 * r4 + r5 = r30
0x3C * 0x1A = 0x618
0x618 + 0x2D = 0x645
Where does r30 come from?
8014DA44: 83C1001C lwz r30,28(r1)
Where does 28(r1) come from? This part is tricky. They're using double precision floating point, soo we must look for an 8-byte write to 24(r1). Bingo! stfd writes 8 bytes, not 4.
8014DA2C: D8210018 stfd f1,24(r1)
Were did f1 come from?
8014DA14: C3FF0008 lfs f31,8(r31)
8014DA18: C84292E8 lfd f2,-27928(r2)
...
8014DA20: FC3F102A fadd f1,f31,f2
f2 is loaded from r2, which is a pointer to a bunch of constants, so that's not our guy. However, f31 comes from 8(r31). A similar train of thought explains the identical value in r29.
---
I recommend the following.
1) Set an execute breakpoint on 8014DA14: C3FF0008 lfs f31,8(r31)
2) When it hits, press the Show Mem button. You will be taken to Memory Viewer and you'll be looking at 8(r31).
3) Change the Memory Viewer View Mode to Single to make it easier to understand
4) Press "Run Game"
5) Check "auto-update"
You should see the timer now.
Perfect, I thought that there would be something pushing the timer like that. Excellent!
here's the code
Timer On/Off deciphered by dcx2 inspired by me
2866589A 00001000
0414DA24 60000000
CC000000 00000000
0414DA24 D01F0008
E0000000 80008000
push - to stop the timer.
looking a little higher shows me where it subs so
Time adds
0414DA1C EC1FF02A
I'm having difficulty with the same type of timer, for the same game. This time it's activated when you hit a zoom button. ( it allows you to go fast). It gives us 30 seconds to act.
Registers:[spoiler]
CR:88200848 XER:20000000 CTR:800D5D60 DSIS:02400000
DAR:81043B0C SRR0:802A3038 SRR1:0000A032 LR:802A3000
r0:0000001E r1:8069D920 r2:80687000 r3:80A221F0
r4:80590000 r5:0000001D r6:00000012 r7:908ACC90
r8:00000008 r9:900A3930 r10:8069D940 r11:8069D930
r12:800D5D60 r13:80680F00 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:00000000 r22:00000000 r23:00000000
r24:90B5DE40 r25:00000000 r26:80C67AF0 r27:909A5500
r28:80C67AF0 r29:909A5518 r30:00000008 r31:81043970
f0:41E80000 f1:59C00000 f2:41E8201B f3:00000000
f4:00000000 f5:3F800000 f6:00000000 f7:00000000
f8:43D2E3E4 f9:00000000 f10:00000000 f11:3F800000
f12:C3D9B974 f13:3F800000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:3C88A9D9 f30:3C88A9D9 f31:41E7FDF1
[/spoiler]
Function:
[spoiler]802A2F60: 9421FFE0 stwu r1,-32(r1)
802A2F64: 7C0802A6 mflr r0
802A2F68: 90010024 stw r0,36(r1)
802A2F6C: DBE10018 stfd f31,24(r1)
802A2F70: FFE00890 fmr f31,f1
802A2F74: 93E10014 stw r31,20(r1)
802A2F78: 7C7F1B78 mr r31,r3
802A2F7C: 93C10010 stw r30,16(r1)
802A2F80: 7C9E2378 mr r30,r4
802A2F84: 8003017C lwz r0,380(r3)
802A2F88: 2C000000 cmpwi r0,0
802A2F8C: 41820138 beq- 0x802a30c4
802A2F90: 2C040000 cmpwi r4,0
802A2F94: 418200CC beq- 0x802a3060
802A2F98: 80630188 lwz r3,392(r3)
802A2F9C: 38A00000 li r5,0
802A2FA0: 8803000C lbz r0,12(r3)
802A2FA4: 540007FE rlwinm r0,r0,0,31,31
802A2FA8: 2C000001 cmpwi r0,1
802A2FAC: 40820018 bne- 0x802a2fc4
802A2FB0: 8883000F lbz r4,15(r3)
802A2FB4: 880DA6F0 lbz r0,-22800(r13)
802A2FB8: 7C800039 and. r0,r4,r0
802A2FBC: 41820008 beq- 0x802a2fc4
802A2FC0: 38A00001 li r5,1
802A2FC4: 2C050000 cmpwi r5,0
802A2FC8: 40820018 bne- 0x802a2fe0
802A2FCC: 81830000 lwz r12,0(r3)
802A2FD0: 38800001 li r4,1
802A2FD4: 818C003C lwz r12,60(r12)
802A2FD8: 7D8903A6 mtctr r12
802A2FDC: 4E800421 bctrl
802A2FE0: 807F0184 lwz r3,388(r31)
802A2FE4: 381EFFFF subi r0,r30,1
802A2FE8: 7C000034 cntlzw r0,r0
802A2FEC: 81830000 lwz r12,0(r3)
802A2FF0: 5404D97E rlwinm r4,r0,27,5,31
802A2FF4: 818C003C lwz r12,60(r12)
802A2FF8: 7D8903A6 mtctr r12
802A2FFC: 4E800421 bctrl
802A3000: C822B508 lfd f1,-19192(r2) LR for the write
802A3004: FC1F082A fadd f0,f31,f1
802A3008: D8010008 stfd f0,8(r1)
802A300C: FC000828 fsub f0,f0,f1
802A3010: FC00F840 fcmpo cr0,f0,f31
802A3014: 40800010 bge- 0x802a3024
802A3018: 8061000C lwz r3,12(r1)
802A301C: 38A30001 addi r5,r3,1
802A3020: 48000008 b 0x802a3028
802A3024: 80A1000C lwz r5,12(r1)
802A3028: 801F019C lwz r0,412(r31)
802A302C: 7C050000 cmpw r5,r0
802A3030: 41820094 beq- 0x802a30c4
802A3034: 3C808059 lis r4,-32679
802A3038: 90BF019C stw r5,412(r31) Write
802A303C: 3884C524 subi r4,r4,15068
802A3040: 387F0140 addi r3,r31,320
802A3044: 38840220 addi r4,r4,544
802A3048: 4CC63182 crclr 6,6
802A304C: 4805C6A5 bl 0x802ff6f0
802A3050: 807F018C lwz r3,396(r31)
802A3054: 381F0140 addi r0,r31,320
802A3058: 9003006C stw r0,108(r3)
802A305C: 48000068 b 0x802a30c4
802A3060: 80830188 lwz r4,392(r3)
802A3064: 38A00000 li r5,0
802A3068: 8804000C lbz r0,12(r4)
802A306C: 540007FE rlwinm r0,r0,0,31,31
802A3070: 2C000001 cmpwi r0,1
802A3074: 40820018 bne- 0x802a308c
802A3078: 8884000F lbz r4,15(r4)
802A307C: 880DA6F0 lbz r0,-22800(r13)
802A3080: 7C800039 and. r0,r4,r0
802A3084: 41820008 beq- 0x802a308c
802A3088: 38A00001 li r5,1
802A308C: 2C050000 cmpwi r5,0
802A3090: 41820034 beq- 0x802a30c4
802A3094: 80630184 lwz r3,388(r3)
802A3098: 38800000 li r4,0
802A309C: 81830000 lwz r12,0(r3)
802A30A0: 818C003C lwz r12,60(r12)
802A30A4: 7D8903A6 mtctr r12
802A30A8: 4E800421 bctrl
802A30AC: 807F0188 lwz r3,392(r31)
802A30B0: 38800000 li r4,0
802A30B4: 81830000 lwz r12,0(r3)
802A30B8: 818C003C lwz r12,60(r12)
802A30BC: 7D8903A6 mtctr r12
802A30C0: 4E800421 bctrl
802A30C4: 80010024 lwz r0,36(r1)
802A30C8: CBE10018 lfd f31,24(r1)
802A30CC: 83E10014 lwz r31,20(r1)
802A30D0: 83C10010 lwz r30,16(r1)
802A30D4: 7C0803A6 mtlr r0
802A30D8: 38210020 addi r1,r1,32
802A30DC: 4E800020 blr [/spoiler]
This is where it writes
802A3038: 90BF019C stw r5,412(r31)
802A303C: 3884C524 subi r4,r4,15068
802A3040: 387F0140 addi r3,r31,320
802A3044: 38840220 addi r4,r4,544
1.where does r5 come from?
802A3024: 80A1000C lwz r5,12(r1) (from 12(r1)
2. where does 12(r1) come from??? Would it be from the LR? Let's check
LR=802A3000 = That's not it,
How about the stwu's LR
Function:[spoiler]8018CC40: 9421FFE0 stwu r1,-32(r1)
8018CC44: 7C0802A6 mflr r0
8018CC48: 90010024 stw r0,36(r1)
8018CC4C: DBE10010 stfd f31,16(r1)
8018CC50: F3E10018 psq_st f31,24(r1),0,0
8018CC54: FFE00890 fmr f31,f1
8018CC58: 93E1000C stw r31,12(r1)
8018CC5C: 93C10008 stw r30,8(r1)
8018CC60: 7C7E1B78 mr r30,r3
8018CC64: 4BFFF7BD bl 0x8018c420
8018CC68: 801E0930 lwz r0,2352(r30)
8018CC6C: 2C000000 cmpwi r0,0
8018CC70: 40810010 ble- 0x8018cc80
8018CC74: FC20F890 fmr f1,f31
8018CC78: 7FC3F378 mr r3,r30
8018CC7C: 480010E5 bl 0x8018dd60
8018CC80: FC20F890 fmr f1,f31
8018CC84: 7FC3F378 mr r3,r30
8018CC88: 48002119 bl 0x8018eda0
8018CC8C: C05E0014 lfs f2,20(r30)
8018CC90: C0229924 lfs f1,-26332(r2)
8018CC94: FC020840 fcmpo cr0,f2,f1
8018CC98: 4C401382 cror 2,0,2
8018CC9C: 41820274 beq- 0x8018cf10
8018CCA0: C01E0018 lfs f0,24(r30)
8018CCA4: 881E0034 lbz r0,52(r30)
8018CCA8: EC00F82A fadds f0,f0,f31
8018CCAC: 2C000000 cmpwi r0,0
8018CCB0: D01E0018 stfs f0,24(r30)
8018CCB4: 40820038 bne- 0x8018ccec
8018CCB8: 806DCAD8 lwz r3,-13608(r13)
8018CCBC: 88030014 lbz r0,20(r3)
8018CCC0: 2C000000 cmpwi r0,0
8018CCC4: 40820028 bne- 0x8018ccec
8018CCC8: EC02F828 fsubs f0,f2,f31
8018CCCC: D01E0014 stfs f0,20(r30)
8018CCD0: FC000840 fcmpo cr0,f0,f1
8018CCD4: 4C401382 cror 2,0,2
8018CCD8: 40820014 bne- 0x8018ccec
8018CCDC: 7FC3F378 mr r3,r30
8018CCE0: 38800001 li r4,1
8018CCE4: 4BFFF37D bl 0x8018c060
8018CCE8: 48000228 b 0x8018cf10
8018CCEC: C03E0014 lfs f1,20(r30)
8018CCF0: C0029954 lfs f0,-26284(r2)
8018CCF4: FC010040 fcmpo cr0,f1,f0
8018CCF8: 4C401382 cror 2,0,2
8018CCFC: 4082006C bne- 0x8018cd68
8018CD00: C0029958 lfs f0,-26280(r2)
8018CD04: FC010040 fcmpo cr0,f1,f0
8018CD08: 40800014 bge- 0x8018cd1c
8018CD0C: C002995C lfs f0,-26276(r2)
8018CD10: C0629940 lfs f3,-26304(r2)
8018CD14: EC810032 fmuls f4,f1,f0
8018CD18: 4800000C b 0x8018cd24
8018CD1C: EC810032 fmuls f4,f1,f0
8018CD20: C0629960 lfs f3,-26272(r2)
8018CD24: C8429968 lfd f2,-26264(r2)
8018CD28: C8029970 lfd f0,-26256(r2)
8018CD2C: FC24102A fadd f1,f4,f2
8018CD30: FC411028 fsub f2,f1,f2
8018CD34: FC241028 fsub f1,f4,f2
8018CD38: FC020028 fsub f0,f2,f0
8018CD3C: FC0100AE fsel f0,f1,f2,f0
8018CD40: FC000018 frsp f0,f0
8018CD44: EC040028 fsubs f0,f4,f0
8018CD48: FC001840 fcmpo cr0,f0,f3
8018CD4C: 40810010 ble- 0x8018cd5c
8018CD50: 38000002 li r0,2
8018CD54: 901E0048 stw r0,72(r30)
8018CD58: 48000018 b 0x8018cd70
8018CD5C: 38000001 li r0,1
8018CD60: 901E0048 stw r0,72(r30)
8018CD64: 4800000C b 0x8018cd70
8018CD68: 38000000 li r0,0
8018CD6C: 901E0048 stw r0,72(r30)
8018CD70: 801E0020 lwz r0,32(r30)
8018CD74: 541F06BE rlwinm r31,r0,0,26,31
8018CD78: 281F0001 cmplwi r31,1
8018CD7C: 41820018 beq- 0x8018cd94
8018CD80: 281F0004 cmplwi r31,4
8018CD84: 418200AC beq- 0x8018ce30
8018CD88: 281F0020 cmplwi r31,32
8018CD8C: 4182012C beq- 0x8018ceb8
8018CD90: 48000160 b 0x8018cef0
8018CD94: C03E0030 lfs f1,48(r30)
8018CD98: C0029924 lfs f0,-26332(r2)
8018CD9C: FC010040 fcmpo cr0,f1,f0
8018CDA0: 4081000C ble- 0x8018cdac
8018CDA4: EC01F828 fsubs f0,f1,f31
8018CDA8: D01E0030 stfs f0,48(r30)
8018CDAC: C03E002C lfs f1,44(r30)
8018CDB0: C0029924 lfs f0,-26332(r2)
8018CDB4: EC21F828 fsubs f1,f1,f31
8018CDB8: D03E002C stfs f1,44(r30)
8018CDBC: FC010040 fcmpo cr0,f1,f0
8018CDC0: 4C401382 cror 2,0,2
8018CDC4: 4082012C bne- 0x8018cef0
8018CDC8: C002992C lfs f0,-26324(r2)
8018CDCC: 807E0038 lwz r3,56(r30)
8018CDD0: EC01002A fadds f0,f1,f0
8018CDD4: 38030001 addi r0,r3,1
8018CDD8: 901E0038 stw r0,56(r30)
8018CDDC: 2C000007 cmpwi r0,7
8018CDE0: D01E002C stfs f0,44(r30)
8018CDE4: 41800008 blt- 0x8018cdec
8018CDE8: 38000000 li r0,0
8018CDEC: 38800001 li r4,1
8018CDF0: 3C608055 lis r3,-32683
8018CDF4: 901E0038 stw r0,56(r30)
8018CDF8: 5400103A rlwinm r0,r0,2,0,29
8018CDFC: 80DE000C lwz r6,12(r30)
8018CE00: 3863CC78 subi r3,r3,13192
8018CE04: 989E003C stb r4,60(r30)
8018CE08: 38A00000 li r5,0
8018CE0C: 7C83002E lwzx r4,r3,r0
8018CE10: 80660124 lwz r3,292(r6)
8018CE14: 4BFF723D bl 0x80184050
8018CE18: 38000000 li r0,0
8018CE1C: 981E003C stb r0,60(r30)
8018CE20: 807E000C lwz r3,12(r30)
8018CE24: 80630130 lwz r3,304(r3)
8018CE28: 4800CB99 bl 0x801999c0
8018CE2C: 480000C4 b 0x8018cef0
8018CE30: 801E0048 lwz r0,72(r30)
8018CE34: 2C000000 cmpwi r0,0
8018CE38: 41820024 beq- 0x8018ce5c
8018CE3C: 807E000C lwz r3,12(r30)
8018CE40: 38000001 li r0,1
8018CE44: C03E0014 lfs f1,20(r30)
8018CE48: C0029954 lfs f0,-26284(r2)
8018CE4C: 80630138 lwz r3,312(r3)
8018CE50: EC000828 fsubs f0,f0,f1
8018CE54: D00300B4 stfs f0,180(r3)
8018CE58: 901E0048 stw r0,72(r30)
8018CE5C: 807E000C lwz r3,12(r30)
8018CE60: 80630150 lwz r3,336(r3)
8018CE64: 4BFF629D bl 0x80183100
8018CE68: 2C030000 cmpwi r3,0
8018CE6C: 40820084 bne- 0x8018cef0
8018CE70: C03E002C lfs f1,44(r30)
8018CE74: C0029924 lfs f0,-26332(r2)
8018CE78: EC21F828 fsubs f1,f1,f31
8018CE7C: D03E002C stfs f1,44(r30)
8018CE80: FC010040 fcmpo cr0,f1,f0
8018CE84: 4C401382 cror 2,0,2
8018CE88: 40820068 bne- 0x8018cef0
8018CE8C: 808DCFA4 lwz r4,-12380(r13)
8018CE90: 807E000C lwz r3,12(r30)
8018CE94: C0040158 lfs f0,344(r4)
8018CE98: EC01002A fadds f0,f1,f0
8018CE9C: D01E002C stfs f0,44(r30)
8018CEA0: 808DCFA4 lwz r4,-12380(r13)
8018CEA4: 8003010C lwz r0,268(r3)
8018CEA8: 8084015C lwz r4,348(r4)
8018CEAC: 7C840214 add r4,r4,r0
8018CEB0: 480A7F21 bl 0x80234dd0
8018CEB4: 4800003C b 0x8018cef0
8018CEB8: FC20F890 fmr f1,f31
8018CEBC: 7FC3F378 mr r3,r30
8018CEC0: 48000FA1 bl 0x8018de60
8018CEC4: 808DCFA4 lwz r4,-12380(r13)
8018CEC8: 807E000C lwz r3,12(r30)
8018CECC: C05E0014 lfs f2,20(r30)
8018CED0: C0240164 lfs f1,356(r4)
8018CED4: C0029928 lfs f0,-26328(r2)
8018CED8: EC220824 fdivs f1,f2,f1
8018CEDC: 80630130 lwz r3,304(r3)
8018CEE0: EC200828 fsubs f1,f0,f1
8018CEE4: 4800E11D bl 0x8019b000
8018CEE8: 38000000 li r0,0
8018CEEC: 901E0048 stw r0,72(r30)
8018CEF0: 281F0020 cmplwi r31,32
8018CEF4: 4182001C beq- 0x8018cf10
8018CEF8: 807E000C lwz r3,12(r30)
8018CEFC: 801E0020 lwz r0,32(r30)
8018CF00: 80630494 lwz r3,1172(r3)
8018CF04: C03E0014 lfs f1,20(r30)
8018CF08: 540406BE rlwinm r4,r0,0,26,31
8018CF0C: 48116055 bl 0x802a2f60
8018CF10: 80010024 lwz r0,36(r1)
8018CF14: E3E10018 psq_l f31,24(r1),0,0
8018CF18: CBE10010 lfd f31,16(r1)
8018CF1C: 83E1000C lwz r31,12(r1)
8018CF20: 83C10008 lwz r30,8(r1)
8018CF24: 7C0803A6 mtlr r0
8018CF28: 38210020 addi r1,r1,32
8018CF2C: 4E800020 blr
[/spoiler]
AHA! 8018CC58: 93E1000C stw r31,12(r1)
Now where does r31 come from? Let's check it's LR
It's 8018C3F0 = mr r3,r31
Now where does r3 come from?
from:8018C3C0: mr r31,r3
and right above this adddress we have stw r31,12(r1)
now where does r31 come from again?
yeah I'm lost
Function:
[spoiler]8018C3A0: 9421FFE0 stwu r1,-32(r1)
8018C3A4: 7C0802A6 mflr r0
8018C3A8: C0029924 lfs f0,-26332(r2)
8018C3AC: 90010024 stw r0,36(r1)
8018C3B0: DBE10010 stfd f31,16(r1)
8018C3B4: F3E10018 psq_st f31,24(r1),0,0
8018C3B8: FFE00890 fmr f31,f1
8018C3BC: 93E1000C stw r31,12(r1)
8018C3C0: 7C7F1B78 mr r31,r3
8018C3C4: C0430044 lfs f2,68(r3)
8018C3C8: FC020040 fcmpo cr0,f2,f0
8018C3CC: 40810020 ble- 0x8018c3ec
8018C3D0: EC420828 fsubs f2,f2,f1
8018C3D4: D0430044 stfs f2,68(r3)
8018C3D8: C02D8D54 lfs f1,-29356(r13)
8018C3DC: EC020828 fsubs f0,f2,f1
8018C3E0: FC0008AE fsel f0,f0,f2,f1
8018C3E4: FC000018 frsp f0,f0
8018C3E8: D0030044 stfs f0,68(r3)
8018C3EC: FC20F890 fmr f1,f31
8018C3F0: 7FE3FB78 mr r3,r31
8018C3F4: 4800084D bl 0x8018cc40
8018C3F8: FC20F890 fmr f1,f31
8018C3FC: 7FE3FB78 mr r3,r31
8018C400: 48000B31 bl 0x8018cf30
8018C404: 80010024 lwz r0,36(r1)
8018C408: E3E10018 psq_l f31,24(r1),0,0
8018C40C: CBE10010 lfd f31,16(r1)
8018C410: 83E1000C lwz r31,12(r1)
8018C414: 7C0803A6 mtlr r0
8018C418: 38210020 addi r1,r1,32
8018C41C: 4E800020 blr
[/spoiler]
I admire your effort. However, you were foiled by the double-precision floats again. =(
One thing first. When you walked the stack looking for the source of 12(r1), you did not take into account the u in stwu r1, -32(r1).
Do you remember the . and what it means when it's at the end of an ASM instruction? (free cmpwi rD, 0)
the u means "free subi rA, rA, d" (d = -32 in this case). So when the stwu was executed, it changed the stack pointer, so 12(r1) isn't 12(r1) anymore, but 44(r1). stwu has created a new stack frame, and 12(r1) in the old frame is not 12(r1) in the new frame
---
A second thing. "802A3000: C822B508 lfd f1,-19192(r2) LR for the write" You are not quite using LR correctly. Do you see the bctrl just before it? That bctrl put 802A3000 into the LR before branching to the counter (ctr). The LR is the mechanism that allows this function to tell the next function how to get back here. That is why you found 802A3000 in the LR - the function called with bctrl had just returned with blr.
---
Finally...remember: single precision is 32 bits = 4 bytes. double precision is 64 bits = 8 bytes.
802A3008: D8010008 stfd f0,8(r1)
...
802A3024: 80A1000C lwz r5,12(r1)
I saved a log for this...
Here it is
[spoiler]
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 30 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.9 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.8 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.7 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.6 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.5 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.4 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.3 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.2 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29.1 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 29 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.9 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.8 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.7 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.6 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.5 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.4 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.3 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.2 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28.1 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 28 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 27.9 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 27.8 f1 = 6.7554E+15
802A3004: FC1F082A fadd f0,f31,f1 f0 = 5 f31 = 27.7 f1 = 6.7554E+15
[/spoiler]
Thank you dcx2!
Here is the code for zoom timer Add/Sub
Zoom Timer (B)+(-) to add or subtract
2866589A 00001400
0418CCC8 EC02F82A
CC000000 00000001
0418CCC8 EC02F828
E0000000 80008000
O0
There's no nicer reward than to see a student succeed
Rainbow Timer (B)+(-) To add or sub
2866589A 00001400
0418CCC8 EC02F82A
CC000000 00000001
0418CCC8 EC02F828
E0000000 80008000
Rainbow Color
0418CDD4 3800000x
0:Blue
1:Purple
2:Red
3:Orange
4:Yellow
5:Brown
6:Green
Button activated color when rainbow, not working (Can anybody fix this??)
[spoiler]I can't seem to get it right
0418CDD4 60000000 --> nop the original (add) address
2866589A 00007000 -> if c+z+(-) Then
C218CDD8 00000006
9421FFF0 91610008
819E0038 398C0001
91800000 2C000006
40810008 38000000
901E0038 81610008
38210010 00000000
2A66589A 00007000 --> end if
0418CDD8 901E0038 --> original stw r0,56(r30)
E0000000 80008000
ASM:
stwu r1,-16(r1)
stw r11,8(r1)
lwz r12,56(r30)
addi r12,r12,1
stw r12,0(r0)
cmpwi r0,6
ble- 0x08
li r0,0
stw r0,56(r30)
lwz r11,8(r1)
addi r1,r1,16
But doesn't work??
it's supposed to add 1 to r0 each time I press the button activator.
[/spoiler]
Next step is activating the rainbow Timer without hitting the Rainbow hologram.
If I poke the timer with a number, it doesn't activate it...
What next? Have to find what calls it.
Found it. It breaks when it loads the rainbow and loads when It stops the rainbow.
+ Poking it makes de Blob Rainbow O0
But how do I do this as an ASM code? Maybe I don't have to I'd have to use a pointer address... I'd rather ASM.
Registers when Rainbow
[spoiler]CR:24200888 XER:00000000 CTR:80369D40 DSIS:02400000
DAR:909A2620 SRR0:8018BF3C SRR1:0000A032 LR:8018BF24
r0:03000001 r1:8069D9F0 r2:80687000 r3:00000003
r4:90811560 r5:90B55640 r6:805C6000 r7:00000000
r8:92EBA100 r9:FFFFFFC3 r10:00000000 r11:8069D9E0
r12:80369D40 r13:80680F00 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:00000000 r22:00000000 r23:00000000
r24:90B5DF00 r25:00000000 r26:8102F1B0 r27:90990E80
r28:8102F1B0 r29:00000000 r30:909A2600 r31:00000001
f0:3F800000 f1:00800000 f2:3F800000 f3:3F800000
f4:3F800000 f5:3F800000 f6:3F800000 f7:00000000
f8:00000000 f9:3F800000 f10:3D0DF4DC f11:325C2BC7
f12:40400000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:3C88AC8A f30:3C88AC8A f31:41F00000
[/spoiler]
Function:
[spoiler]8018BDC0: 9421FFD0 stwu r1,-48(r1)
8018BDC4: 7C0802A6 mflr r0
8018BDC8: 90010034 stw r0,52(r1)
8018BDCC: DBE10020 stfd f31,32(r1)
8018BDD0: F3E10028 psq_st f31,40(r1),0,0
8018BDD4: FFE00890 fmr f31,f1
8018BDD8: 93E1001C stw r31,28(r1)
8018BDDC: 7C9F2378 mr r31,r4
8018BDE0: 38800003 li r4,3
8018BDE4: 93C10018 stw r30,24(r1)
8018BDE8: 7C7E1B78 mr r30,r3
8018BDEC: 93A10014 stw r29,20(r1)
8018BDF0: 7CBD2B78 mr r29,r5
8018BDF4: 4800026D bl 0x8018c060
8018BDF8: 2C1D0000 cmpwi r29,0
8018BDFC: 40820018 bne- 0x8018be14
8018BE00: 281F0020 cmplwi r31,32
8018BE04: 40820010 bne- 0x8018be14
8018BE08: 7FC3F378 mr r3,r30
8018BE0C: 48000C65 bl 0x8018ca70
8018BE10: 48000220 b 0x8018c030
8018BE14: 807E000C lwz r3,12(r30)
8018BE18: 38800000 li r4,0
8018BE1C: 480AB4A5 bl 0x802372c0
8018BE20: 807E000C lwz r3,12(r30)
8018BE24: 80830124 lwz r4,292(r3)
8018BE28: 80040008 lwz r0,8(r4)
8018BE2C: 540006F7 rlwinm. r0,r0,0,27,27
8018BE30: 41820008 beq- 0x8018be38
8018BE34: 480A8EDD bl 0x80234d10
8018BE38: 807E000C lwz r3,12(r30)
8018BE3C: 281F0002 cmplwi r31,2
8018BE40: C022992C lfs f1,-26324(r2)
8018BE44: 38000000 li r0,0
8018BE48: 80830124 lwz r4,292(r3)
8018BE4C: C0029924 lfs f0,-26332(r2)
8018BE50: 80840008 lwz r4,8(r4)
8018BE54: 909E0024 stw r4,36(r30)
8018BE58: D03E0028 stfs f1,40(r30)
8018BE5C: D01E002C stfs f0,44(r30)
8018BE60: D01E0030 stfs f0,48(r30)
8018BE64: 901E0038 stw r0,56(r30)
8018BE68: D01E0018 stfs f0,24(r30)
8018BE6C: D3FE0014 stfs f31,20(r30)
8018BE70: D3FE001C stfs f31,28(r30)
8018BE74: 901E09C0 stw r0,2496(r30)
8018BE78: 901E0048 stw r0,72(r30)
8018BE7C: 41820030 beq- 0x8018beac
8018BE80: 281F0001 cmplwi r31,1
8018BE84: 41820068 beq- 0x8018beec
8018BE88: 281F0004 cmplwi r31,4
8018BE8C: 418200B8 beq- 0x8018bf44
8018BE90: 281F0008 cmplwi r31,8
8018BE94: 418200D4 beq- 0x8018bf68
8018BE98: 281F0010 cmplwi r31,16
8018BE9C: 418200E4 beq- 0x8018bf80
8018BEA0: 281F0020 cmplwi r31,32
8018BEA4: 418200F8 beq- 0x8018bf9c
8018BEA8: 4800014C b 0x8018bff4
8018BEAC: 480A8E65 bl 0x80234d10
8018BEB0: 807E000C lwz r3,12(r30)
8018BEB4: 80830080 lwz r4,128(r3)
8018BEB8: 80040008 lwz r0,8(r4)
8018BEBC: 2C000011 cmpwi r0,17
8018BEC0: 40820014 bne- 0x8018bed4
8018BEC4: 806300C8 lwz r3,200(r3)
8018BEC8: 3800001C li r0,28
8018BECC: 90030058 stw r0,88(r3)
8018BED0: 4800000C b 0x8018bedc
8018BED4: 3880001C li r4,28
8018BED8: 480A14F9 bl 0x8022d3d0
8018BEDC: 3C60ED80 lis r3,-4736
8018BEE0: 38030002 addi r0,r3,2
8018BEE4: 901E0020 stw r0,32(r30)
8018BEE8: 4800010C b 0x8018bff4
8018BEEC: D03E002C stfs f1,44(r30)
8018BEF0: 38800002 li r4,2
8018BEF4: 38A00000 li r5,0
8018BEF8: 80630124 lwz r3,292(r3)
8018BEFC: 4BFF8155 bl 0x80184050
8018BF00: 807E000C lwz r3,12(r30)
8018BF04: 8003010C lwz r0,268(r3)
8018BF08: 28000032 cmplwi r0,50
8018BF0C: 4080000C bge- 0x8018bf18
8018BF10: 38800032 li r4,50
8018BF14: 480A8EBD bl 0x80234dd0
8018BF18: 807E000C lwz r3,12(r30)
8018BF1C: 80630130 lwz r3,304(r3)
8018BF20: 48008D11 bl 0x80194c30
8018BF24: 808DC900 lwz r4,-14080(r13)
8018BF28: 3C600300 lis r3,768 --->r3
[spoiler]
Log8018BF28: 3C600300 lis r3,768 r3 = 00000001
[/spoiler]
8018BF2C: 38030001 addi r0,r3,1 --->r0
[spoiler]
Log8018BF2C: 38030001 addi r0,r3,1 r0 = 8018BF24 r3 = 03000000
[/spoiler]
8018BF30: 88640BEC lbz r3,3052(r4)
8018BF34: 60630002 ori r3,r3,2
8018BF38: 98640BEC stb r3,3052(r4)
8018BF3C: 901E0020 stw r0,32(r30) --->writes here
[spoiler]Log
8018BF3C: 901E0020 stw r0,32(r30) r0 = 03000001 r30 = 909A2600 [909A2620] = 00000000[/spoiler]
8018BF40: 480000B4 b 0x8018bff4
8018BF44: D01E002C stfs f0,44(r30)
8018BF48: 80830110 lwz r4,272(r3)
8018BF4C: 480A8E85 bl 0x80234dd0
8018BF50: 807E000C lwz r3,12(r30)
8018BF54: 80630130 lwz r3,304(r3)
8018BF58: 4800C729 bl 0x80198680
8018BF5C: 38000004 li r0,4
8018BF60: 901E0020 stw r0,32(r30)
8018BF64: 48000090 b 0x8018bff4
8018BF68: 38000008 li r0,8
8018BF6C: D01E002C stfs f0,44(r30)
8018BF70: 901E0020 stw r0,32(r30)
8018BF74: 80630130 lwz r3,304(r3)
8018BF78: 4800DFC9 bl 0x80199f40
8018BF7C: 48000078 b 0x8018bff4
8018BF80: 38000010 li r0,16
8018BF84: D01E002C stfs f0,44(r30)
8018BF88: 38800001 li r4,1
8018BF8C: 901E0020 stw r0,32(r30)
8018BF90: 80630130 lwz r3,304(r3)
8018BF94: 4800B9AD bl 0x80197940
8018BF98: 4800005C b 0x8018bff4
8018BF9C: 3C802E00 lis r4,11776
8018BFA0: D01E002C stfs f0,44(r30)
8018BFA4: 38040020 addi r0,r4,32
8018BFA8: 901E0020 stw r0,32(r30)
8018BFAC: 80630160 lwz r3,352(r3)
8018BFB0: 4BF54421 bl 0x800e03d0
8018BFB4: 807E000C lwz r3,12(r30)
8018BFB8: 38800003 li r4,3
8018BFBC: 480A1415 bl 0x8022d3d0
8018BFC0: 807E000C lwz r3,12(r30)
8018BFC4: 80630130 lwz r3,304(r3)
8018BFC8: 4800F0C9 bl 0x8019b090
8018BFCC: 807E000C lwz r3,12(r30)
8018BFD0: 3CA08019 lis r5,-32743
8018BFD4: 3CC08019 lis r6,-32743
8018BFD8: C03E096C lfs f1,2412(r30)
8018BFDC: 7FC4F378 mr r4,r30
8018BFE0: 38630330 addi r3,r3,816
8018BFE4: 38A5F250 subi r5,r5,3504
8018BFE8: 38C6F1B0 subi r6,r6,3664
8018BFEC: 38E00000 li r7,0
8018BFF0: 4BF26571 bl 0x800b2560
8018BFF4: 281F0020 cmplwi r31,32
8018BFF8: 41820038 beq- 0x8018c030
8018BFFC: 281F0002 cmplwi r31,2
8018C000: 41820030 beq- 0x8018c030
8018C004: 809E000C lwz r4,12(r30)
8018C008: 80640080 lwz r3,128(r4)
8018C00C: 80030008 lwz r0,8(r3)
8018C010: 2C000011 cmpwi r0,17
8018C014: 4182001C beq- 0x8018c030
8018C018: 806400C8 lwz r3,200(r4)
8018C01C: 38800001 li r4,1
8018C020: 480B6831 bl 0x80242850
8018C024: 807E000C lwz r3,12(r30)
8018C028: 38800011 li r4,17
8018C02C: 480A13A5 bl 0x8022d3d0
8018C030: 80010034 lwz r0,52(r1)
8018C034: E3E10028 psq_l f31,40(r1),0,0
8018C038: CBE10020 lfd f31,32(r1)
8018C03C: 83E1001C lwz r31,28(r1)
8018C040: 83C10018 lwz r30,24(r1)
8018C044: 83A10014 lwz r29,20(r1)
8018C048: 7C0803A6 mtlr r0
8018C04C: 38210030 addi r1,r1,48
8018C050: 4E800020 blr
[/spoiler]
Log Address
[spoiler]
In 8018BF3C: 901E0020 stw r0,32(r30) r0 = 03000001 r30 = 909A2600 [909A2620] = 00000000
Out8018C158: 901F0020 stw r0,32(r31) r0 = 00000000 r31 = 909A2600 [909A2620] = 03000001
[/spoiler]
perhaps if I stw out as if it was in.
[spoiler]
lis r0,0x0300
ori r0,r0,0x0001
stw r0,32(r30)[/spoiler]
No. That'll keep it rainbow after being rainbow.
Perhaps if I force stw in. Neither
[spoiler]C218BF3C 00000002
3C000300 60000001
901E0020 00000000
[/spoiler]
Neither... time to look deeper I guess. It's too late for me though, I'll edit tomorrow if no one has had a look.
Well, I figured that a pointer would be easier... One day I'll come back to it.
So success!!
Rainbow Activator b to activate/deactivate
2866589A 00000400
48000000 80C5AFD8
DE000000 90009340
14001060 03000001
CC000000 00000000
14001060 00000000
E0000000 80008000
invincible to water.
I'll see if it works with rainbow color code tomorrow