Size up (Z+C+UP)
286821CA 9FF76008
C2220D10 00000004
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
E0000000 80008000
Size down (Z+C+Down)
286821CA 9FFB6004
C2220D10 00000004
2C1D0000 40820004
818300A8 398CFC18
918300A8 C02300A8
60000000 00000000
E0000000 80008000
Keeps growing
Registers[spoiler] CR:28200488 XER:00000000 CTR:800D19A0 DSIS:00000000
DAR:00000000 SRR0:80220D10 SRR1:0000A032 LR:800D3030
r0:800D301C r1:8071D068 r2:8070FAC0 r3:90C14E94
r4:90C15B0C r5:8070329C r6:80545608 r7:4C6F7700
r8:00000000 r9:48696768 r10:80709128 r11:8071D058
r12:800D19A0 r13:8070AEE0 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:80D01360
r20:805359B4 r21:80A68268 r22:00000001 r23:80A68268
r24:00000000 r25:000108AE r26:00000000 r27:00000001
r28:80A68268 r29:00000000 r30:00000000 r31:90C14CC8
f0:00000000 f1:00000000 f2:00000000 f3:00000000
f4:42700000 f5:45992000 f6:471C4000 f7:3F000000
f8:BEA6B090 f9:3E4E0AA8 f10:BD241145 f11:2D5DCF16
f12:3288D44A f13:C61C3EE0 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:1FC00000 f30:428C0000 f31:3D072B02[/spoiler]
Function:[spoiler]
80220D0C: 4E800020 blr
80220D10: C02300A8 lfs f1,168(r3)
80220D14: 4E800020 blr [/spoiler]
So I thought of this but it freezes
4E00000C 00000000
C2220D10 00000004
48000009 3E800000
7D8802A6 C00C0000
C02300A8 EC20082A(8) for subs
D02300A8 00000000
14000000 3F800000 ---> This is what makes it freeze I think, but without this, it keeps growing too
286821CA 9FF76008
14000000 3E800000
E0000000 80008000
Oooh, I see why you froze.
Look at the function. It's a leaf function; it is a function which does not contain any bl's, so it calls no other functions. As a result, it doesn't back up the LR.
When you use the bl trick, it wipes out the current LR. This is not normally a problem...unless your hook is in a leaf function. In that case, the bl trick will cause a crash because you lose the original LR.
---
mflr r0 # store original LR
bl SKIP_DATA
.float 0
SKIP_DATA:
mflr r12
mtlr r0 # restore original LR
lfs f0,0(r12)
lfs f1,168(r3)
fadds f1,f0,f1
stfs f1,168(r3)
Note the added mflr r0 and the mtlr r0. However, the mflr r0 changes the offset for the 4E code.
4E000010 00000000
C2220D10 00000005
7C0802A6 48000009
00000000 7D8802A6
7C0803A6 C00C0000
C02300A8 EC20082A
D02300A8 00000000
14000000 00000000
286821CA 9FF76008
14000000 3E800000
286821CB 9FFB6004
14000000 BE800000
E0000000 80008000
---
Your other problem - the reason they keep growing or shrinking - is because you're constantly adding the value to the size. If you do this, you have to set it to 0 when there's no button activator. You can also shrink your size by fadds'ing a negative number. Also, note how the activator for the shrinking ends in B instead of A; adding 1 to an if code will make it an endif + if code.
EDIT: also, the original codes in the first post don't have an anti-code, which is why you keep growing when you let go of the button activator.
Size up (Z+C+UP) Working version
04220D10 C02300A8
286821CA 00006008
C2220D10 00000004
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
E0000000 80008000
But even though this is the same code it won't work! It doesn't even load! i think I have to create a stack for both.
Size down (Z+C+Down) working version
04220D10 C02300A8
286821CA 00006004
C2220D10 00000004
2C1D0000 40820004
818300A8 398CEC78
918300A8 C02300A8
60000000 00000000
E0000000 80008000
Something like this but this
Size up (Z+C+UP)
04220D10 C02300A8
286821CA 00006008
C2220D10 00000007
9421FFF0 91610008
3D608022 616B0D10
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
81610008 38210010
60000000 00000000
E0000000 80008000
Size down (Z+C+Down) AH! even though it's the same it doesn't work...
I guess I have to change the whole structure and include the button condition. I've done something wrong... it freezes the game
stwu r1,-16(r1)
stw r11,8(r1)
lis r11,0x8022
ori r11,r11,0x0D10 --->address
lis r12, 0x8068
ori r12,r12,0x21ca ---> remote
li r13,6008
li r14,6004
cmpwi r12,r13
beq- ADD
cmpwi r12,r14
beq- SUB
ADD:
cmpwi r29,0
bne- 0x04
lwz r15,168(r3)
addi r15,r15,5000
stw r15,168(r3)
lfs f1,168(r3)
b NO_DATA
NO_DATA:
SUB:
cmpwi r29,0
bne- 0x04
lwz r15,168(r3)
addi r15,r15,-5000
stw r15,168(r3)
lfs f1,168(r3)
lwz r11,8(r1)
addi r1,r1,16
You can't use size up and size down at the same time.
Quote from: Patedj on March 20, 2011, 11:03:50 PM
Size up (Z+C+UP) Working version
04220D10 C02300A8
286821CA 00006008
C2220D10 00000004
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
E0000000 80008000
But even though this is the same code it won't work! It doesn't even load! i think I have to create a stack for both.
Size down (Z+C+Down) working version
04220D10 C02300A8
286821CA 00006004
C2220D10 00000004
2C1D0000 40820004
818300A8 398CEC78
918300A8 C02300A8
60000000 00000000
E0000000 80008000
They're hooking the same address,
C2220D10. When hooks collide, only one will win. Think about it; you're replacing
80220D10 with a branch to your C2 code. There can be only one branch. It either goes to the first or second C2 code.
My code above already combined both adding and subing into one code. Allow me to annotate it so it makes more sense
4E000010 00000000 # put pointer to float into po
C2220D10 00000005 # ASM hook which adds float to size
7C0802A6 48000009
00000000 7D8802A6
7C0803A6 C00C0000
C02300A8 EC20082A
D02300A8 00000000
14000000 00000000 # by default, make ASM float 0, so you don't constantly grow or shrink
286821CA 9FF76008 # if C+Z+up
14000000 3E800000 # over-write ASM float with 0.25
286821CB 9FFB6004 # end if; if C+Z+down
14000000 BE800000 # over-write ASM float with -0.25
E0000000 80008000 # end if; reset po
The right way to try what you're trying to do would be like this
04220D10 C02300A8 # anti-code
286821CA 00006008 # if C+Z+up
C2220D10 00000004 # hook with ASM that adds
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
286821CB 00006004 # end if; if C+Z+down
C2220D10 00000004 # hook with ASM that subs
2C1D0000 40820004
818300A8 398CEC78
918300A8 C02300A8
60000000 00000000
E0000000 80008000 # end if
Such nice structure! Thank you!
P.S. That's what I though with an older code, but was contradicted by a peer. I'm glad that's cleared in my head. It makes perfect sense to me.
Lol, this brings me back to the texas instruments I used to use in math class! (for the exams of course!)
I've realised that the guys didn't do a inf dash code yet. I'm now attempting to do one.
I found the address for what triggers it.
Registers:[spoiler] CR:42200428 XER:20000000 CTR:00000000 DSIS:02400000
DAR:80600318 SRR0:801E540C SRR1:0000A032 LR:80264BEC
r0:00000000 r1:80719958 r2:8070FAC0 r3:806001B8
r4:0000000B r5:00000001 r6:806001E4 r7:0000018C
r8:00000000 r9:00000007 r10:00000000 r11:00000000
r12:00000000 r13:8070AEE0 r14:43300000 r15:806001B8
r16:80682138 r17:806001B8 r18:00000006 r19:00000005
r20:00000001 r21:806821C8 r22:806825E8 r23:806821C8
r24:00000000 r25:806821C8 r26:FFFFFFFF r27:00000000
r28:00000000 r29:00000000 r30:00000000 r31:806821D4
f0:3E007BEB f1:3CFD5C5E f2:BF733333 f3:BCF83E10
f4:00000000 f5:3E0725AF f6:BE59A96E f7:3F68F2A8
f8:00000000 f9:3F800000 f10:3D4CCCCD f11:BF800000
f12:3ACCCCCD f13:3F800000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:3D4CCCCD f30:3E23D70A f31:00000000[/spoiler]
Function:[spoiler]801E5408: 1CE40024 mulli r7,r4,36
801E540C: 90A60134 stw r5,308(r6) -->writes here. r5 comes from
where?
801E5410: 7CA33A14 add r5,r3,r7
801E5414: 80850408 lwz r4,1032(r5)
801E5418: 3404FFFF subic. r0,r4,1
801E541C: 90050408 stw r0,1032(r5)
801E5420: 4080000C bge- 0x801e542c
801E5424: 38000003 li r0,3
801E5428: 90050408 stw r0,1032(r5)
801E542C: 80850408 lwz r4,1032(r5)
801E5430: 7C033A14 add r0,r3,r7
801E5434: C0029F20 lfs f0,-24800(r2)
801E5438: 5483103A rlwinm r3,r4,2,0,29
801E543C: 7C601A14 add r3,r0,r3
801E5440: D00303F8 stfs f0,1016(r3)
801E5444: 80060228 lwz r0,552(r6)
801E5448: 900303E8 stw r0,1000(r3)
801E544C: 4E800020 blr
[/spoiler]
LR
Registers:[spoiler] CR:22200448 XER:20000000 CTR:00000000 DSIS:02400000
DAR:80600318 SRR0:80264BEC SRR1:0000A032 LR:80264BEC
r0:00000000 r1:80719958 r2:8070FAC0 r3:806001B8
r4:0000000B r5:00000000 r6:806001E4 r7:00000000
r8:00000000 r9:00000007 r10:00000000 r11:00000000
r12:00000000 r13:8070AEE0 r14:43300000 r15:806001B8
r16:80682138 r17:806001B8 r18:00000006 r19:00000005
r20:00000001 r21:806821C8 r22:806825E8 r23:806821C8
r24:00000000 r25:806821C8 r26:FFFFFFFF r27:00000000
r28:00000000 r29:00000000 r30:00000000 r31:806821D4
f0:3C257EB0 f1:BCFD5C5E f2:BF7D70A3 f3:BD4EDE62
f4:00000000 f5:BD64B5EE f6:BE59A96E f7:3F6DCD0C
f8:00000000 f9:3F800000 f10:3D4CCCCD f11:BF800000
f12:BC81BE0D f13:3F7E5645 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:3D4CCCCD f30:3E23D70A f31:00000000
Remote control[/spoiler]
Function:[spoiler]...
80264B00: 5405FFFE rlwinm r5,r0,31,31,31
80264B04: 4BF808ED bl 0x801e53f0
80264B08: 80190000 lwz r0,0(r25)
80264B0C: 7DE37B78 mr r3,r15
80264B10: 3880000A li r4,10
80264B14: 540507FE rlwinm r5,r0,0,31,31
80264B18: 4BF808D9 bl 0x801e53f0
80264B1C: 80190000 lwz r0,0(r25)
80264B20: 7DE37B78 mr r3,r15
80264B24: 3880000C li r4,12
80264B28: 5405F7FE rlwinm r5,r0,30,31,31
80264B2C: 4BF808C5 bl 0x801e53f0
80264B30: 80190000 lwz r0,0(r25)
80264B34: 7DE37B78 mr r3,r15
80264B38: 3880000B li r4,11
80264B3C: 5405EFFE rlwinm r5,r0,29,31,31
80264B40: 4BF808B1 bl 0x801e53f0
80264B44: 480000A8 b 0x80264bec
80264B48: 80190000 lwz r0,0(r25)
80264B4C: 7DE37B78 mr r3,r15
80264B50: 38800009 li r4,9
80264B54: 5405F7FE rlwinm r5,r0,30,31,31
80264B58: 4BF80899 bl 0x801e53f0
80264B5C: 80190000 lwz r0,0(r25)
80264B60: 7DE37B78 mr r3,r15
80264B64: 3880000A li r4,10
80264B68: 5405EFFE rlwinm r5,r0,29,31,31
80264B6C: 4BF80885 bl 0x801e53f0
80264B70: 80190000 lwz r0,0(r25)
80264B74: 7DE37B78 mr r3,r15
80264B78: 3880000C li r4,12
80264B7C: 540507FE rlwinm r5,r0,0,31,31
80264B80: 4BF80871 bl 0x801e53f0
80264B84: 80190000 lwz r0,0(r25)
80264B88: 7DE37B78 mr r3,r15
80264B8C: 3880000B li r4,11
80264B90: 5405FFFE rlwinm r5,r0,31,31,31
80264B94: 4BF8085D bl 0x801e53f0
80264B98: 48000054 b 0x80264bec
80264B9C: 80190000 lwz r0,0(r25)
80264BA0: 7DE37B78 mr r3,r15
80264BA4: 38800009 li r4,9
80264BA8: 540507FE rlwinm r5,r0,0,31,31
80264BAC: 4BF80845 bl 0x801e53f0
80264BB0: 80190000 lwz r0,0(r25)
80264BB4: 7DE37B78 mr r3,r15
80264BB8: 3880000A li r4,10
80264BBC: 5405FFFE rlwinm r5,r0,31,31,31
80264BC0: 4BF80831 bl 0x801e53f0
80264BC4: 80190000 lwz r0,0(r25)
80264BC8: 7DE37B78 mr r3,r15
80264BCC: 3880000C li r4,12
80264BD0: 5405EFFE rlwinm r5,r0,29,31,31
80264BD4: 4BF8081D bl 0x801e53f0
80264BD8: 80190000 lwz r0,0(r25)
80264BDC: 7DE37B78 mr r3,r15
80264BE0: 3880000B li r4,11
80264BE4: 5405F7FE rlwinm r5,r0,30,31,31
80264BE8: 4BF80809 bl 0x801e53f0
80264BEC: 7F35E214 add r25,r21,r28 --->LR srr0
80264BF0: C03F0000 lfs f1,0(r31)
80264BF4: C0190018 lfs f0,24(r25)
80264BF8: 7DE37B78 mr r3,r15
80264BFC: 3880000D li r4,13
80264C00: EC010032 fmuls f0,f1,f0
80264C04: FC00E840 fcmpo cr0,f0,f29
80264C08: 7CA00026 mfcr r5
80264C0C: 54A517FE rlwinm r5,r5,2,31,31
80264C10: 4BF807E1 bl 0x801e53f0
80264C14: C0370010 lfs f1,16(r23)
80264C18: 7DE37B78 mr r3,r15
80264C1C: C0190018 lfs f0,24(r25)
80264C20: 3880000E li r4,14
80264C24: EC010032 fmuls f0,f1,f0
80264C28: FC00E840 fcmpo cr0,f0,f29
80264C2C: 7CA00026 mfcr r5
80264C30: 54A517FE rlwinm r5,r5,2,31,31
80264C34: 4BF807BD bl 0x801e53f0
80264C38: C0370014 lfs f1,20(r23)
80264C3C: 7DE37B78 mr r3,r15
80264C40: C0190018 lfs f0,24(r25)
80264C44: 3880000F li r4,15
80264C48: EC010032 fmuls f0,f1,f0
80264C4C: FC00E840 fcmpo cr0,f0,f29
80264C50: 7CA00026 mfcr r5
80264C54: 54A517FE rlwinm r5,r5,2,31,31
80264C58: 4BF80799 bl 0x801e53f0
80264C5C: 800F024C lwz r0,588(r15)
80264C60: 2C000000 cmpwi r0,0
80264C64: 4182000C beq- 0x80264c70
80264C68: 934F0218 stw r26,536(r15)
80264C6C: 4800001C b 0x80264c88
80264C70: 800F0250 lwz r0,592(r15)
80264C74: 2C000000 cmpwi r0,0
80264C78: 4182000C beq- 0x80264c84
80264C7C: 928F0218 stw r20,536(r15)
80264C80: 48000008 b 0x80264c88
80264C84: 930F0218 stw r24,536(r15)
80264C88: 800F0258 lwz r0,600(r15)
80264C8C: 2C000000 cmpwi r0,0
80264C90: 4182000C beq- 0x80264c9c
80264C94: 934F0220 stw r26,544(r15)
80264C98: 4800001C b 0x80264cb4
80264C9C: 800F0254 lwz r0,596(r15)
80264CA0: 2C000000 cmpwi r0,0
80264CA4: 4182000C beq- 0x80264cb0
80264CA8: 928F0220 stw r20,544(r15)
80264CAC: 48000008 b 0x80264cb4
80264CB0: 930F0220 stw r24,544(r15)
80264CB4: 806F0218 lwz r3,536(r15)
80264CB8: 800F021C lwz r0,540(r15)
80264CBC: 7C030000 cmpw r3,r0
80264CC0: 41820008 beq- 0x80264cc8
80264CC4: 906F012C stw r3,300(r15)
80264CC8: 806F0220 lwz r3,544(r15)
80264CCC: 800F0224 lwz r0,548(r15)
...
[/spoiler]
[spoiler]
801E53F0: 5480103A rlwinm r0,r4,2,0,29
801E53F4: 7CC30214 add r6,r3,r0
801E53F8: 90A60228 stw r5,552(r6)
801E53FC: 80060308 lwz r0,776(r6)
801E5400: 7C050000 cmpw r5,r0
801E5404: 4D820020 beqlr-
[/spoiler]
Registers for rlwinm
[spoiler]CR:22200428 XER:20000000 CTR:00000000 DSIS:02400000
DAR:80600318 SRR0:80264BE4 SRR1:0000A032 LR:80264BD8
r0:00000000 r1:80719958 r2:8070FAC0 r3:806001B8
r4:0000000B r5:00000000 r6:806001E8 r7:00000000
r8:00000000 r9:00000007 r10:00000000 r11:00000000
r12:00000000 r13:8070AEE0 r14:43300000 r15:806001B8
r16:80682138 r17:806001B8 r18:00000006 r19:00000005
r20:00000001 r21:806821C8 r22:806825E8 r23:806821C8
r24:00000000 r25:806821C8 r26:FFFFFFFF r27:00000000
r28:00000000 r29:00000000 r30:00000000 r31:806821D4
f0:00000000 f1:BC9D89D9 f2:BD272F05 f3:BF7D6A05
f4:00000000 f5:BC216B31 f6:BE726569 f7:3F7757CE
f8:00000000 f9:3F800000 f10:3D4CCCCD f11:BF800000
f12:3ACCCCCD f13:3F800000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:3D4CCCCD f30:3E23D70A f31:00000000
r31 = velocity = f3
Log
[spoiler]
80264BE4: 5405F7FE rlwinm r5,r0,30,31,31 r5 = 00000000 r0 = 00000000
80264BE4: 5405F7FE rlwinm r5,r0,30,31,31 r5 = 00000000 r0 = 00000004
ro=remote control[/spoiler][/spoiler]
Alright that's what it loads it, the remote control.
Now what does it load?
On my way to finding the dash timer, I found this.
Energy Residue stays On /Off
286821CA xxxxxxxxx
0419AF4C 60000000
CC000000 00000000
0419AF4C 4180FFD4
E0000000 80008000
Replace xxxx with button condition
I was filling up my log, with step ins when I thought, " this is going to take a while..."
there wight be thousands of step ins... is there a way to do this automatically?
... have a look at this and see if you can help me find how to make the dash unlimited.
80264CEC: 80850228 lwz r4,552(r5) = wii menu pause if r4=>0
[spoiler]
801E540C: 90A60134 stw r5,308(r6) r5 = 00000001 r6 = 806001E4 [80600318] = 00000000
this is the activator = 1
801E5410: 7CA33A14 add r5,r3,r7 r5 = 00000001 r3 = 806001B8 r7 = 0000018C
801E5414: 80850408 lwz r4,1032(r5) r4 = 0000000B r5 = 80600344 [8060074C] = 00000000
801E5418: 3404FFFF subic. r0,r4,1 r0 = 00000000 r4 = 00000000
801E541C: 90050408 stw r0,1032(r5) r0 = FFFFFFFF r5 = 80600344 [8060074C] = 00000000
801E5420: 4080000C bge- 0x801e542c
801E5424: 38000003 li r0,3 r0 = FFFFFFFF
801E5428: 90050408 stw r0,1032(r5) r0 = 00000003 r5 = 80600344 [8060074C] = FFFFFFFF
801E542C: 80850408 lwz r4,1032(r5) r4 = 00000000 r5 = 80600344 [8060074C] = 00000003
801E5430: 7C033A14 add r0,r3,r7 r0 = 00000003 r3 = 806001B8 r7 = 0000018C
801E5434: C0029F20 lfs f0,-24800(r2) f0 = NaN r2 = 8070FAC0 [807099E0] = 00000000
801E5438: 5483103A rlwinm r3,r4,2,0,29 r3 = 806001B8 r4 = 00000003
801E543C: 7C601A14 add r3,r0,r3 r3 = 0000000C r0 = 80600344 r3 = 0000000C
801E5440: D00303F8 stfs f0,1016(r3) f0 = NaN r3 = 80600350 [80600748] = 3E981061
801E5444: 80060228 lwz r0,552(r6) r0 = 80600344 r6 = 806001E4 [8060040C] = 00000001
801E5448: 900303E8 stw r0,1000(r3) r0 = 00000001 r3 = 80600350 [80600738] = 00000001
801E544C: 4E800020 blr LR = 80264BEC
80264BEC: 7F35E214 add r25,r21,r28 r25 = 806821C8 r21 = 806821C8 r28 = 00000000
80264BF0: C03F0000 lfs f1,0(r31) f1 = 1 r31 = 806821D4 [806821D4] = BF60F83E
80264BF4: C0190018 lfs f0,24(r25) f0 = 0 r25 = 806821C8 [806821E0] = 3F6E924B
80264BF8: 7DE37B78 mr r3,r15 r3 = 80600350 r15 = 806001B8
80264BFC: 3880000D li r4,13 r4 = 00000003
80264C00: EC010032 fmuls f0,f1,f0 f0 = NaN f1 = 1 f0 = NaN
80264C04: FC00E840 fcmpo cr0,f0,f29 f0 = -0.81896 f29 = 0.05 r0 = 00000001
80264C08: 7CA00026 mfcr r5 r5 = 80600344
80264C0C: 54A517FE rlwinm r5,r5,2,31,31 r5 = 82200428 r5 = 82200428
80264C10: 4BF807E1 bl 0x801e53f0
| 801E53F0: 5480103A rlwinm r0,r4,2,0,29 r0 = 00000001 r4 = 0000000D
| 801E53F4: 7CC30214 add r6,r3,r0 r6 = 806001E4 r3 = 806001B8 r0 = 00000034
| 801E53F8: 90A60228 stw r5,552(r6) r5 = 00000000 r6 = 806001EC [80600414] = 00000000
| 801E53FC: 80060308 lwz r0,776(r6) r0 = 00000034 r6 = 806001EC [806004F4] = 00000000
Defence on/off
| 801E5400: 7C050000 cmpw r5,r0 r5 = 00000000 r0 = 00000000
| 801E5404: 4D820020 beqlr- LR = 80264C14
80264C14: C0370010 lfs f1,16(r23) f1 = 1 r23 = 806821C8 [806821D8] = BE9EB852
r23=remote contro conditionl
80264C18: 7DE37B78 mr r3,r15 r3 = 806001B8 r15 = 806001B8
80264C1C: C0190018 lfs f0,24(r25) f0 = NaN r25 = 806821C8 [806821E0] = 3F6E924B
r25=remote control condition
80264C20: 3880000E li r4,14 r4 = 0000000D
80264C24: EC010032 fmuls f0,f1,f0 f0 = NaN f1 = 1 f0 = NaN
80264C28: FC00E840 fcmpo cr0,f0,f29 f0 = -0.288895 f29 = 0.05 r0 = 00000000
80264C2C: 7CA00026 mfcr r5 r5 = 00000000
80264C30: 54A517FE rlwinm r5,r5,2,31,31 r5 = 82200428 r5 = 82200428
80264C34: 4BF807BD bl 0x801e53f0
| 801E53F0: 5480103A rlwinm r0,r4,2,0,29 r0 = 00000000 r4 = 0000000E
| 801E53F4: 7CC30214 add r6,r3,r0 r6 = 806001EC r3 = 806001B8 r0 = 00000038
| 801E53F8: 90A60228 stw r5,552(r6) r5 = 00000000 r6 = 806001F0 [80600418] = 00000000
| 801E53FC: 80060308 lwz r0,776(r6) r0 = 00000038 r6 = 806001F0 [806004F8] = 00000000
axis activator
| 801E5400: 7C050000 cmpw r5,r0 r5 = 00000000 r0 = 00000000
| 801E5404: 4D820020 beqlr- LR = 80264C38
80264C38: C0370014 lfs f1,20(r23) f1 = 1 r23 = 806821C8 [806821DC] = BC28E83F
control condition
80264C3C: 7DE37B78 mr r3,r15 r3 = 806001B8 r15 = 806001B8
80264C40: C0190018 lfs f0,24(r25) f0 = NaN r25 = 806821C8 [806821E0] = 3F6E924B
80264C44: 3880000F li r4,15 r4 = 0000000E
80264C48: EC010032 fmuls f0,f1,f0 f0 = NaN f1 = 1 f0 = NaN
80264C4C: FC00E840 fcmpo cr0,f0,f29 f0 = -0.00960742 f29 = 0.05 r0 = 00000000
80264C50: 7CA00026 mfcr r5 r5 = 00000000
80264C54: 54A517FE rlwinm r5,r5,2,31,31 r5 = 82200428 r5 = 82200428
80264C58: 4BF80799 bl 0x801e53f0
| 801E53F0: 5480103A rlwinm r0,r4,2,0,29 r0 = 00000000 r4 = 0000000F
| 801E53F4: 7CC30214 add r6,r3,r0 r6 = 806001F0 r3 = 806001B8 r0 = 0000003C
| 801E53F8: 90A60228 stw r5,552(r6) r5 = 00000000 r6 = 806001F4 [8060041C] = 00000000
| 801E53FC: 80060308 lwz r0,776(r6) r0 = 0000003C r6 = 806001F4 [806004FC] = 00000000
button condition axis down this time (up before)
| 801E5400: 7C050000 cmpw r5,r0 r5 = 00000000 r0 = 00000000
| 801E5404: 4D820020 beqlr- LR = 80264C5C
80264C5C: 800F024C lwz r0,588(r15) r0 = 00000000 r15 = 806001B8 [80600404] = 00000000
left button activator
80264C60: 2C000000 cmpwi r0,0 r0 = 00000000
80264C64: 4182000C beq- 0x80264c70
... ... ... ...
80264C70: 800F0250 lwz r0,592(r15) r0 = 00000000 r15 = 806001B8 [80600408] = 00000000
right button activator
80264C74: 2C000000 cmpwi r0,0 r0 = 00000000
80264C78: 4182000C beq- 0x80264c84
... ... ... ...
80264C84: 930F0218 stw r24,536(r15) r24 = 00000000 r15 = 806001B8 [806003D0] = 00000000
80264C88: 800F0258 lwz r0,600(r15) r0 = 00000000 r15 = 806001B8 [80600410] = 00000000
up button activator
80264C8C: 2C000000 cmpwi r0,0 r0 = 00000000
80264C90: 4182000C beq- 0x80264c9c
... ... ... ...
80264C9C: 800F0254 lwz r0,596(r15) r0 = 00000000 r15 = 806001B8 [8060040C] = 00000001
The button activator we want (down button activator)
80264CA0: 2C000000 cmpwi r0,0 r0 = 00000001
80264CA4: 4182000C beq- 0x80264cb0
80264CA8: 928F0220 stw r20,544(r15) r20 = 00000001 r15 = 806001B8 [806003D8] = 00000000
80264CAC: 48000008 b 0x80264cb4
... ... ... ...
80264CB4: 806F0218 lwz r3,536(r15) r3 = 806001B8 r15 = 806001B8 [806003D0] = 00000000
left button activator
80264CB8: 800F021C lwz r0,540(r15) r0 = 00000001 r15 = 806001B8 [806003D4] = 00000000
80264CBC: 7C030000 cmpw r3,r0 r3 = 00000000 r0 = 00000000
80264CC0: 41820008 beq- 0x80264cc8
... ... ... ...
80264CC8: 806F0220 lwz r3,544(r15) r3 = 00000000 r15 = 806001B8 [806003D8] = 00000001
other activator (=1 for ours and ffffffff for up button condition
80264CCC: 800F0224 lwz r0,548(r15) r0 = 00000000 r15 = 806001B8 [806003DC] = 00000000
same as above but after the first 2 frames or so
80264CD0: 7C030000 cmpw r3,r0 r3 = 00000001 r0 = 00000000
80264CD4: 41820008 beq- 0x80264cdc
80264CD8: 906F0130 stw r3,304(r15) r3 = 00000001 r15 = 806001B8 [806002E8] = 00000000
as above (same r15)
80264CDC: 38000038 li r0,56 r0 = 00000000
80264CE0: 38600000 li r3,0 r3 = 00000001
80264CE4: 7C0903A6 mtctr r0 r0 = 00000038
80264CE8: 7CAF1A14 add r5,r15,r3 r5 = 00000000 r15 = 806001B8 r3 = 00000000
80264CEC: 80850228 lwz r4,552(r5) r4 = 0000000F r5 = 806001B8 [806003E0] = 00000000
80264CF0: 80050308 lwz r0,776(r5) r0 = 00000038 r5 = 806001B8 [806004C0] = 00000000
a button activator
80264CF4: 7C040000 cmpw r4,r0 r4 = 00000000 r0 = 00000000
80264CF8: 41820008 beq- 0x80264d00
... ... ... ...
80264D00: 38630004 addi r3,r3,4 r3 = 00000000 r3 = 00000000
80264D04: 4200FFE4 bdnz+ 0x80264ce8
80264CE8: 7CAF1A14 add r5,r15,r3 r5 = 806001B8 r15 = 806001B8 r3 = 00000004
80264CEC: 80850228 lwz r4,552(r5) r4 = 00000000 r5 = 806001BC [806003E4] = 00000000
80264CF0: 80050308 lwz r0,776(r5) r0 = 00000000 r5 = 806001BC [806004C4] = 00000000
80264CF4: 7C040000 cmpw r4,r0 r4 = 00000000 r0 = 00000000
80264CF8: 41820008 beq- 0x80264d00
... ... ... ...
80264D00: 38630004 addi r3,r3,4 r3 = 00000004 r3 = 00000004
80264D04: 4200FFE4 bdnz+ 0x80264ce8
80264CE8: 7CAF1A14 add r5,r15,r3 r5 = 806001BC r15 = 806001B8 r3 = 00000008
80264CEC: 80850228 lwz r4,552(r5) r4 = 00000000 r5 = 806001C0 [806003E8] = 00000000
80264CF0: 80050308 lwz r0,776(r5) r0 = 00000000 r5 = 806001C0 [806004C8] = 00000000
80264CF4: 7C040000 cmpw r4,r0 r4 = 00000000 r0 = 00000000
80264CF8: 41820008 beq- 0x80264d00
... ... ... ...
80264D00: 38630004 addi r3,r3,4 r3 = 00000008 r3 = 00000008
80264D04: 4200FFE4 bdnz+ 0x80264ce8
80264CE8: 7CAF1A14 add r5,r15,r3 r5 = 806001C0 r15 = 806001B8 r3 = 0000000C
80264CEC: 80850228 lwz r4,552(r5) r4 = 00000000 r5 = 806001C4 [806003EC] = 00000000
80264CF0: 80050308 lwz r0,776(r5) r0 = 00000000 r5 = 806001C4 [806004CC] = 00000000
80264CF4: 7C040000 cmpw r4,r0 r4 = 00000000 r0 = 00000000
80264CF8: 41820008 beq- 0x80264d00
... ... ... ...
you get the gist of it.... I'll do this until I see a difference and come back and post the rest in the next reply.
[/spoiler]
it leads to a lr
here's some of the lr's log
[spoiler]
80451060: 80ADC960 lwz r5,-13984(r13) r5 = 00001032 r13 = 8070AEE0 [80707840] = 00000000
80451064: 38000000 li r0,0 r0 = 8026BE00
80451068: 808DC950 lwz r4,-14000(r13) r4 = 00003032 r13 = 8070AEE0 [80707830] = 00000000
8045106C: 7C7E1B78 mr r30,r3 r30 = 806FB5E0 r3 = 00000000
80451070: 3B9F0078 addi r28,r31,120 r28 = 806F27B0 r31 = 806FB5E0
80451074: 3BBF0000 addi r29,r31,0 r29 = 00000018 r31 = 806FB5E0
80451078: 7CA32378 or r3,r5,r4 r3 = 00000000 r5 = 00000000 r4 = 00000000
8045107C: 906DC960 stw r3,-13984(r13) r3 = 00000000 r13 = 8070AEE0 [80707840] = 00000000
80451080: 3B60FFFF li r27,-1 r27 = 00000000
80451084: 900DC950 stw r0,-14000(r13) r0 = 00000000 r13 = 8070AEE0 [80707830] = 00000000
80451088: 808DC968 lwz r4,-13976(r13) r4 = 00000000 r13 = 8070AEE0 [80707848] = 00000000
8045108C: 80ADC96C lwz r5,-13972(r13) r5 = 00000000 r13 = 8070AEE0 [8070784C] = 00000000
80451090: 800DC958 lwz r0,-13992(r13) r0 = 00000000 r13 = 8070AEE0 [80707838] = 00033000
80451094: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451098: 7C800378 or r0,r4,r0 r0 = 00033000 r4 = 00000000 r0 = 00033000
8045109C: 7CA31B78 or r3,r5,r3 r3 = 00000000 r5 = 00000000 r3 = 00000000
804510A0: 906DC96C stw r3,-13972(r13) r3 = 00000000 r13 = 8070AEE0 [8070784C] = 00000000
804510A4: 900DC968 stw r0,-13976(r13) r0 = 00033000 r13 = 8070AEE0 [80707848] = 00000000
804510A8: 48000064 b 0x8045110c
... ... ... ...
8045110C: 800DC958 lwz r0,-13992(r13) r0 = 00033000 r13 = 8070AEE0 [80707838] = 00033000
80451110: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451114: 7C600379 or. r0,r3,r0 r0 = 00033000 r3 = 00000000 r0 = 00033000
80451118: 4082FF94 bne+ 0x804510ac
... ... ... ...
804510AC: 800DC958 lwz r0,-13992(r13) r0 = 00033000 r13 = 8070AEE0 [80707838] = 00033000
804510B0: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
804510B4: 7C000034 cntlzw r0,r0 r0 = 00033000 r0 = 00033000
804510B8: 2C000020 cmpwi r0,32 r0 = 0000000E
804510BC: 7C63D838 and r3,r3,r27 r3 = 00000000 r3 = 00000000 r27 = FFFFFFFF
804510C0: 40800008 bge- 0x804510c8
804510C4: 4800000C b 0x804510d0
... ... ... ...
804510D0: 5403083C rlwinm r3,r0,1,0,30 r3 = 00000000 r0 = 0000000E
804510D4: 20A0003F subfic r5,r0,63 r5 = 00000000 r0 = 0000000E
804510D8: 7C1C1A2E lhzx r0,r28,r3 r0 = 0000000E r28 = 806FB658 r3 = 0000001C
804510DC: 38800001 li r4,1 r4 = 00000000
804510E0: 7C1D1B2E sthx r0,r29,r3 r0 = 00001080 r29 = 806FB5E0 r3 = 0000001C
804510E4: 38600000 li r3,0 r3 = 0000001C
804510E8: 4BF52801 bl 0x803a38e8
| 803A38E8: 21050020 subfic r8,r5,32 r8 = 806FB658 r5 = 00000031
| 803A38EC: 3125FFE0 subic r9,r5,32 r9 = 00000000 r5 = 00000031
| 803A38F0: 7C632830 slw r3,r3,r5 r3 = 00000000 r3 = 00000000 r5 = 00000031
| 803A38F4: 7C8A4430 srw r10,r4,r8 r10 = 00001080 r4 = 00000001 r8 = FFFFFFEF
| 803A38F8: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00000000
| 803A38FC: 7C8A4830 slw r10,r4,r9 r10 = 00000000 r4 = 00000001 r9 = 00000011
| 803A3900: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00020000
| 803A3904: 7C842830 slw r4,r4,r5 r4 = 00000001 r4 = 00000001 r5 = 00000031
| 803A3908: 4E800020 blr LR = 804510EC
804510EC: 800DC958 lwz r0,-13992(r13) r0 = 00001080 r13 = 8070AEE0 [80707838] = 00033000
804510F0: 7C6518F8 not r5,r3 r5 = 00000031 r3 = 00020000
804510F4: 806DC95C lwz r3,-13988(r13) r3 = 00020000 r13 = 8070AEE0 [8070783C] = 00000000
804510F8: 7C8420F8 not r4,r4 r4 = 00000000 r4 = 00000000
804510FC: 7C002838 and r0,r0,r5 r0 = 00033000 r0 = 00033000 r5 = FFFDFFFF
80451100: 7C632038 and r3,r3,r4 r3 = 00000000 r3 = 00000000 r4 = FFFFFFFF
80451104: 906DC95C stw r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451108: 900DC958 stw r0,-13992(r13) r0 = 00013000 r13 = 8070AEE0 [80707838] = 00033000
8045110C: 800DC958 lwz r0,-13992(r13) r0 = 00013000 r13 = 8070AEE0 [80707838] = 00013000
80451110: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451114: 7C600379 or. r0,r3,r0 r0 = 00013000 r3 = 00000000 r0 = 00013000
80451118: 4082FF94 bne+ 0x804510ac
... ... ... ...
804510AC: 800DC958 lwz r0,-13992(r13) r0 = 00013000 r13 = 8070AEE0 [80707838] = 00013000
804510B0: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
804510B4: 7C000034 cntlzw r0,r0 r0 = 00013000 r0 = 00013000
804510B8: 2C000020 cmpwi r0,32 r0 = 0000000F
804510BC: 7C63D838 and r3,r3,r27 r3 = 00000000 r3 = 00000000 r27 = FFFFFFFF
804510C0: 40800008 bge- 0x804510c8
804510C4: 4800000C b 0x804510d0
... ... ... ...
804510D0: 5403083C rlwinm r3,r0,1,0,30 r3 = 00000000 r0 = 0000000F
804510D4: 20A0003F subfic r5,r0,63 r5 = FFFDFFFF r0 = 0000000F
804510D8: 7C1C1A2E lhzx r0,r28,r3 r0 = 0000000F r28 = 806FB658 r3 = 0000001E
804510DC: 38800001 li r4,1 r4 = FFFFFFFF
804510E0: 7C1D1B2E sthx r0,r29,r3 r0 = 00000044 r29 = 806FB5E0 r3 = 0000001E
804510E4: 38600000 li r3,0 r3 = 0000001E
804510E8: 4BF52801 bl 0x803a38e8
| 803A38E8: 21050020 subfic r8,r5,32 r8 = FFFFFFEF r5 = 00000030
| 803A38EC: 3125FFE0 subic r9,r5,32 r9 = 00000011 r5 = 00000030
| 803A38F0: 7C632830 slw r3,r3,r5 r3 = 00000000 r3 = 00000000 r5 = 00000030
| 803A38F4: 7C8A4430 srw r10,r4,r8 r10 = 00020000 r4 = 00000001 r8 = FFFFFFF0
| 803A38F8: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00000000
| 803A38FC: 7C8A4830 slw r10,r4,r9 r10 = 00000000 r4 = 00000001 r9 = 00000010
| 803A3900: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00010000
| 803A3904: 7C842830 slw r4,r4,r5 r4 = 00000001 r4 = 00000001 r5 = 00000030
| 803A3908: 4E800020 blr LR = 804510EC
804510EC: 800DC958 lwz r0,-13992(r13) r0 = 00000044 r13 = 8070AEE0 [80707838] = 00013000
804510F0: 7C6518F8 not r5,r3 r5 = 00000030 r3 = 00010000
804510F4: 806DC95C lwz r3,-13988(r13) r3 = 00010000 r13 = 8070AEE0 [8070783C] = 00000000
804510F8: 7C8420F8 not r4,r4 r4 = 00000000 r4 = 00000000
804510FC: 7C002838 and r0,r0,r5 r0 = 00013000 r0 = 00013000 r5 = FFFEFFFF
80451100: 7C632038 and r3,r3,r4 r3 = 00000000 r3 = 00000000 r4 = FFFFFFFF
80451104: 906DC95C stw r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451108: 900DC958 stw r0,-13992(r13) r0 = 00003000 r13 = 8070AEE0 [80707838] = 00013000
8045110C: 800DC958 lwz r0,-13992(r13) r0 = 00003000 r13 = 8070AEE0 [80707838] = 00003000
80451110: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451114: 7C600379 or. r0,r3,r0 r0 = 00003000 r3 = 00000000 r0 = 00003000
80451118: 4082FF94 bne+ 0x804510ac
... ... ... ...
804510AC: 800DC958 lwz r0,-13992(r13) r0 = 00003000 r13 = 8070AEE0 [80707838] = 00003000
804510B0: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
804510B4: 7C000034 cntlzw r0,r0 r0 = 00003000 r0 = 00003000
804510B8: 2C000020 cmpwi r0,32 r0 = 00000012
804510BC: 7C63D838 and r3,r3,r27 r3 = 00000000 r3 = 00000000 r27 = FFFFFFFF
804510C0: 40800008 bge- 0x804510c8
804510C4: 4800000C b 0x804510d0
... ... ... ...
804510D0: 5403083C rlwinm r3,r0,1,0,30 r3 = 00000000 r0 = 00000012
804510D4: 20A0003F subfic r5,r0,63 r5 = FFFEFFFF r0 = 00000012
804510D8: 7C1C1A2E lhzx r0,r28,r3 r0 = 00000012 r28 = 806FB658 r3 = 00000024
804510DC: 38800001 li r4,1 r4 = FFFFFFFF
804510E0: 7C1D1B2E sthx r0,r29,r3 r0 = 00000080 r29 = 806FB5E0 r3 = 00000024
804510E4: 38600000 li r3,0 r3 = 00000024
804510E8: 4BF52801 bl 0x803a38e8
| 803A38E8: 21050020 subfic r8,r5,32 r8 = FFFFFFF0 r5 = 0000002D
| 803A38EC: 3125FFE0 subic r9,r5,32 r9 = 00000010 r5 = 0000002D
| 803A38F0: 7C632830 slw r3,r3,r5 r3 = 00000000 r3 = 00000000 r5 = 0000002D
| 803A38F4: 7C8A4430 srw r10,r4,r8 r10 = 00010000 r4 = 00000001 r8 = FFFFFFF3
| 803A38F8: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00000000
| 803A38FC: 7C8A4830 slw r10,r4,r9 r10 = 00000000 r4 = 00000001 r9 = 0000000D
| 803A3900: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00002000
| 803A3904: 7C842830 slw r4,r4,r5 r4 = 00000001 r4 = 00000001 r5 = 0000002D
| 803A3908: 4E800020 blr LR = 804510EC
804510EC: 800DC958 lwz r0,-13992(r13) r0 = 00000080 r13 = 8070AEE0 [80707838] = 00003000
804510F0: 7C6518F8 not r5,r3 r5 = 0000002D r3 = 00002000
804510F4: 806DC95C lwz r3,-13988(r13) r3 = 00002000 r13 = 8070AEE0 [8070783C] = 00000000
804510F8: 7C8420F8 not r4,r4 r4 = 00000000 r4 = 00000000
804510FC: 7C002838 and r0,r0,r5 r0 = 00003000 r0 = 00003000 r5 = FFFFDFFF
80451100: 7C632038 and r3,r3,r4 r3 = 00000000 r3 = 00000000 r4 = FFFFFFFF
80451104: 906DC95C stw r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451108: 900DC958 stw r0,-13992(r13) r0 = 00001000 r13 = 8070AEE0 [80707838] = 00003000
8045110C: 800DC958 lwz r0,-13992(r13) r0 = 00001000 r13 = 8070AEE0 [80707838] = 00001000
80451110: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451114: 7C600379 or. r0,r3,r0 r0 = 00001000 r3 = 00000000 r0 = 00001000
80451118: 4082FF94 bne+ 0x804510ac
... ... ... ...
804510AC: 800DC958 lwz r0,-13992(r13) r0 = 00001000 r13 = 8070AEE0 [80707838] = 00001000
804510B0: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
804510B4: 7C000034 cntlzw r0,r0 r0 = 00001000 r0 = 00001000
804510B8: 2C000020 cmpwi r0,32 r0 = 00000013
804510BC: 7C63D838 and r3,r3,r27 r3 = 00000000 r3 = 00000000 r27 = FFFFFFFF
804510C0: 40800008 bge- 0x804510c8
804510C4: 4800000C b 0x804510d0
... ... ... ...
804510D0: 5403083C rlwinm r3,r0,1,0,30 r3 = 00000000 r0 = 00000013
804510D4: 20A0003F subfic r5,r0,63 r5 = FFFFDFFF r0 = 00000013
804510D8: 7C1C1A2E lhzx r0,r28,r3 r0 = 00000013 r28 = 806FB658 r3 = 00000026
804510DC: 38800001 li r4,1 r4 = FFFFFFFF
804510E0: 7C1D1B2E sthx r0,r29,r3 r0 = 0000006C r29 = 806FB5E0 r3 = 00000026
804510E4: 38600000 li r3,0 r3 = 00000026
804510E8: 4BF52801 bl 0x803a38e8
| 803A38E8: 21050020 subfic r8,r5,32 r8 = FFFFFFF3 r5 = 0000002C
| 803A38EC: 3125FFE0 subic r9,r5,32 r9 = 0000000D r5 = 0000002C
| 803A38F0: 7C632830 slw r3,r3,r5 r3 = 00000000 r3 = 00000000 r5 = 0000002C
| 803A38F4: 7C8A4430 srw r10,r4,r8 r10 = 00002000 r4 = 00000001 r8 = FFFFFFF4
| 803A38F8: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00000000
| 803A38FC: 7C8A4830 slw r10,r4,r9 r10 = 00000000 r4 = 00000001 r9 = 0000000C
| 803A3900: 7C635378 or r3,r3,r10 r3 = 00000000 r3 = 00000000 r10 = 00001000
| 803A3904: 7C842830 slw r4,r4,r5 r4 = 00000001 r4 = 00000001 r5 = 0000002C
| 803A3908: 4E800020 blr LR = 804510EC
804510EC: 800DC958 lwz r0,-13992(r13) r0 = 0000006C r13 = 8070AEE0 [80707838] = 00001000
804510F0: 7C6518F8 not r5,r3 r5 = 0000002C r3 = 00001000
804510F4: 806DC95C lwz r3,-13988(r13) r3 = 00001000 r13 = 8070AEE0 [8070783C] = 00000000
804510F8: 7C8420F8 not r4,r4 r4 = 00000000 r4 = 00000000
804510FC: 7C002838 and r0,r0,r5 r0 = 00001000 r0 = 00001000 r5 = FFFFEFFF
80451100: 7C632038 and r3,r3,r4 r3 = 00000000 r3 = 00000000 r4 = FFFFFFFF
80451104: 906DC95C stw r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451108: 900DC958 stw r0,-13992(r13) r0 = 00000000 r13 = 8070AEE0 [80707838] = 00001000
8045110C: 800DC958 lwz r0,-13992(r13) r0 = 00000000 r13 = 8070AEE0 [80707838] = 00000000
80451110: 806DC95C lwz r3,-13988(r13) r3 = 00000000 r13 = 8070AEE0 [8070783C] = 00000000
80451114: 7C600379 or. r0,r3,r0 r0 = 00000000 r3 = 00000000 r0 = 00000000
80451118: 4082FF94 bne+ 0x804510ac
8045111C: 387F00F0 addi r3,r31,240 r3 = 00000000 r31 = 806FB5E0
80451120: 38800001 li r4,1 r4 = FFFFFFFF
80451124: 80030030 lwz r0,48(r3) r0 = 00000000 r3 = 806FB6D0 [806FB700] = 90000880
80451128: 7FC3F378 mr r3,r30 r3 = 806FB6D0 r30 = 00000000
8045112C: 908DC9C8 stw r4,-13880(r13) r4 = 00000001 r13 = 8070AEE0 [807078A8] = 00000000
80451130: 908DC9C4 stw r4,-13884(r13) r4 = 00000001 r13 = 8070AEE0 [807078A4] = 00000000
80451134: 900DC98C stw r0,-13940(r13) r0 = 90000880 r13 = 8070AEE0 [8070786C] = 900968C0
80451138: 4BFEFF19 bl 0x80441050
| 80441050: 2C030000 cmpwi r3,0 r3 = 00000000
| 80441054: 7C8000A6 mfmsr r4 r4 = 00000001
| 80441058: 4182000C beq- 0x80441064
| ... ... ... ...
| 80441064: 5485045E rlwinm r5,r4,0,17,15 r5 = FFFFEFFF r4 = 00003432
| 80441068: 7CA00124 mtmsr r5 r5 = 00003432
| 8044106C: 54838FFE rlwinm r3,r4,17,31,31 r3 = 00000000 r4 = 00003432
| 80441070: 4E800020 blr LR = 8045113C
8045113C: 39610020 addi r11,r1,32 r11 = 8124F970 r1 = 8124F950
80451140: 4BF5237D bl 0x803a34bc
| 803A34BC: 836BFFEC lwz r27,-20(r11) r27 = FFFFFFFF r11 = 8124F970 [8124F95C] = 00000000
| 803A34C0: 838BFFF0 lwz r28,-16(r11) r28 = 806FB658 r11 = 8124F970 [8124F960] = 806F27B0
| 803A34C4: 83ABFFF4 lwz r29,-12(r11) r29 = 806FB5E0 r11 = 8124F970 [8124F964] = 00000018
| 803A34C8: 83CBFFF8 lwz r30,-8(r11) r30 = 00000000 r11 = 8124F970 [8124F968] = 806FB5E0
| 803A34CC: 83EBFFFC lwz r31,-4(r11) r31 = 806FB5E0 r11 = 8124F970 [8124F96C] = 8044EF60
| 803A34D0: 4E800020 blr LR = 80451144
80451144: 80010024 lwz r0,36(r1) r0 = 90000880 r1 = 8124F950 [8124F974] = 8026BE00
80451148: 7C0803A6 mtlr r0 LR = 80451144 r0 = 8026BE00
8045114C: 38210020 addi r1,r1,32 r1 = 8124F950 r1 = 8124F950
80451150: 4E800020 blr LR = 8026BE00
8026BE00: 38000000 li r0,0 r0 = 8026BE00
8026BE04: 980DB794 stb r0,-18540(r13) r0 = 00000000 r13 = 8070AEE0 [80706674] = 01000000
8026BE08: 80010014 lwz r0,20(r1) r0 = 00000000 r1 = 8124F970 [8124F984] = 8044F0BC
8026BE0C: 7C0803A6 mtlr r0 LR = 8026BE00 r0 = 8044F0BC
8026BE10: 38210010 addi r1,r1,16 r1 = 8124F970 r1 = 8124F970
8026BE14: 4E800020 blr LR = 8044F0BC
8044F0BC: 800DC928 lwz r0,-14040(r13) r0 = 8044F0BC r13 = 8070AEE0 [80707808] = 00000000
8044F0C0: 2C000000 cmpwi r0,0 r0 = 00000000
8044F0C4: 41820058 beq- 0x8044f11c
... ... ... ...
8044F11C: 800DC9C8 lwz r0,-13880(r13) r0 = 00000000 r13 = 8070AEE0 [807078A8] = 00000001
8044F120: 2C000000 cmpwi r0,0 r0 = 00000001
8044F124: 41820134 beq- 0x8044f258
8044F128: 800DC960 lwz r0,-13984(r13) r0 = 00000001 r13 = 8070AEE0 [80707840] = 00000000
8044F12C: 28000001 cmplwi r0,1 r0 = 00000000
8044F130: 40820060 bne- 0x8044f190
... ... ... ...
8044F190: 3B5E0000 addi r26,r30,0 r26 = 00000000 r30 = 806FB5E0
8044F194: 3BE0FFFF li r31,-1 r31 = 8044EF60
8044F198: 3F60CC00 lis r27,-13312 r27 = 00000000
8044F19C: 48000068 b 0x8044f204
... ... ... ...
8044F204: 800DC968 lwz r0,-13976(r13) r0 = 00000000 r13 = 8070AEE0 [80707848] = 00033000
8044F208: 806DC96C lwz r3,-13972(r13) r3 = 00000000 r13 = 8070AEE0 [8070784C] = 00000000
8044F20C: 7C600379 or. r0,r3,r0 r0 = 00033000 r3 = 00000000 r0 = 00033000
8044F210: 4082FF90 bne+ 0x8044f1a0
... ... ... ...
[/spoiler]
Quote from: Patedj on March 29, 2011, 11:59:34 AM
I was filling up my log, with step ins when I thought, " this is going to take a while..."
there wight be thousands of step ins... is there a way to do this automatically?
lol, yeah, it might take a while. Yes, there is a way to do it automatically. This sort of question should go somewhere in the USB Gecko Dev board, because I don't really watch the support boards as much.
Set a breakpoint. Pick a destination. Take that destination's address, and set a Breakpoint Condition, SRR0 == [destination address], make sure that the groupbox checkbox is enabled, and then press Step Until. It will repeatedly Step Into until the Breakpoint Condition is met; when SRR0 equals the destination address, we will have executed all the instructions and logged them.
I made another attempt to search for the timer again instead of going through all the steps.
I found this address and the stack seems to be activated with the dash and when walking.
This seems like it's the volatility.
Registers at rest:[spoiler] CR:28200888 XER:00000000 CTR:80086530 DSIS:02400000
DAR:90BCF614 SRR0:8008481C SRR1:0000A032 LR:800D0868
r0:800D085C r1:8071D0C8 r2:8070FAC0 r3:90BCF60C
r4:8071D19C r5:91E6E0A8 r6:80545608 r7:4C6F7700
r8:00000000 r9:48696768 r10:00000018 r11:8071D058
r12:80086530 r13:8070AEE0 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:80D013D8
r20:805359B4 r21:80A68268 r22:00000001 r23:80A68268
r24:00000000 r25:0000C7C1 r26:00000000 r27:00000001
r28:80A68268 r29:00000000 r30:00000000 r31:90BCE7C8
f0:00000000 f1:00000000 f2:00000000 f3:00000000
f4:00000000 f5:45992000 f6:471C4000 f7:C0A00000
f8:C0A00000 f9:00000000 f10:80000000 f11:3F800000
f12:00000000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:43480000 f30:428C0000 f31:3DEF9DB2[/spoiler]
registers while dashing.[spoiler]CR:28200888 XER:00000000 CTR:80086530 DSIS:02400000
DAR:90BCF614 SRR0:8008481C SRR1:0000A032 LR:800D0868
r0:800D085C r1:8071D0C8 r2:8070FAC0 r3:90BCF60C
r4:8071D19C r5:91E6BA08 r6:80545608 r7:4C6F7700
r8:00000000 r9:48696768 r10:00000018 r11:8071D058
r12:80086530 r13:8070AEE0 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:80D013D8
r20:805359B4 r21:80A68268 r22:00000001 r23:80A68268
r24:00000000 r25:0000C7C1 r26:00000000 r27:00000001
r28:80A68268 r29:00000000 r30:00000000 r31:90BCE7C8
f0:412BCE3E f1:00000000 f2:00000000 f3:00000000
f4:00000000 f5:45992000 f6:471C4000 f7:C0A00000
f8:C0A00000 f9:00000000 f10:80000000 f11:3F800000
f12:00000000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:43480000 f30:428C0000 f31:3DC8B439[/spoiler]
registers while walking:
[spoiler] CR:28200888 XER:00000000 CTR:80086530 DSIS:02400000
DAR:90BCF614 SRR0:8008481C SRR1:0000A032 LR:800D0868
r0:800D085C r1:8071D0C8 r2:8070FAC0 r3:90BCF60C
r4:8071D19C r5:91E6E3A8 r6:80545608 r7:4C6F7700
r8:00000000 r9:48696768 r10:00000018 r11:8071D058
r12:80086530 r13:8070AEE0 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:80D013D8
r20:805359B4 r21:80A68268 r22:00000001 r23:80A68268
r24:00000000 r25:0000C7C1 r26:00000000 r27:00000001
r28:80A68268 r29:00000000 r30:00000000 r31:90BCE7C8
f0:401E3DF4 f1:00000000 f2:00000000 f3:00000000
f4:00000000 f5:45992000 f6:471C4000 f7:C0A00000
f8:C0A00000 f9:00000000 f10:80000000 f11:3F800000
f12:00000000 f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:43480000 f30:428C0000 f31:3DD91687[/spoiler]
Function:[spoiler]800847F0: C0230000 lfs f1,0(r3)
800847F4: C0040000 lfs f0,0(r4)
800847F8: C0630004 lfs f3,4(r3)
800847FC: EC81002A fadds f4,f1,f0
80084800: C0440004 lfs f2,4(r4)
80084804: C0230008 lfs f1,8(r3)
80084808: C0040008 lfs f0,8(r4)
8008480C: EC43102A fadds f2,f3,f2
80084810: D0830000 stfs f4,0(r3)
80084814: EC01002A fadds f0,f1,f0
80084818: D0430004 stfs f2,4(r3)
8008481C: D0030008 stfs f0,8(r3)writes
80084820: 4E800020 blr
[/spoiler]
LR:too long a function. exceeds 20000 word limit.
I'll walk the stack without it then.
Log write while dashing
[spoiler]8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8008481C: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8008481C: D0030008 stfs f0,8(r3) f0 = 2.15544 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.15544 r3 = 90BCF60C [90BCF614] = 4009F2C0
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 4009F2C0
8008481C: D0030008 stfs f0,8(r3) f0 = 9.08153 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 9.08153 r3 = 90BCF60C [90BCF614] = 41114DF7
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 41114DF7
8008481C: D0030008 stfs f0,8(r3) f0 = 10.8602 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 10.8602 r3 = 90BCF60C [90BCF614] = 412DC32E
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 412DC32E
8008481C: D0030008 stfs f0,8(r3) f0 = 4.6153 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 4.6153 r3 = 90BCF60C [90BCF614] = 4093B080
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 4093B080
8008481C: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8008481C: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8008481C: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
8008481C: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 00000000
[/spoiler]
log write while walking[spoiler]8008481C: D0030008 stfs f0,8(r3) f0 = 2.4029 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.4029 r3 = 90BCF60C [90BCF614] = 4019C914
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 4019C914
8008481C: D0030008 stfs f0,8(r3) f0 = 2.39859 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.39859 r3 = 90BCF60C [90BCF614] = 4019827C
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 4019827C
8008481C: D0030008 stfs f0,8(r3) f0 = 2.39987 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.39987 r3 = 90BCF60C [90BCF614] = 40199770
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 40199770
8008481C: D0030008 stfs f0,8(r3) f0 = 2.39497 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.39497 r3 = 90BCF60C [90BCF614] = 4019473C
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 4019473C
8008481C: D0030008 stfs f0,8(r3) f0 = 2.27783 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.27783 r3 = 90BCF60C [90BCF614] = 4011C7FC
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 4011C7FC
8008481C: D0030008 stfs f0,8(r3) f0 = 2.38211 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.38211 r3 = 90BCF60C [90BCF614] = 4018747A
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 4018747A
8008481C: D0030008 stfs f0,8(r3) f0 = 2.39613 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.39613 r3 = 90BCF60C [90BCF614] = 40195A1C
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 40195A1C
8008481C: D0030008 stfs f0,8(r3) f0 = 2.39896 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.39896 r3 = 90BCF60C [90BCF614] = 401988A2
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 401988A2
8008481C: D0030008 stfs f0,8(r3) f0 = 2.39894 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.39894 r3 = 90BCF60C [90BCF614] = 40198844
8009F804: D0030008 stfs f0,8(r3) f0 = 0 r3 = 90BCF60C [90BCF614] = 40198844
8008481C: D0030008 stfs f0,8(r3) f0 = 2.40286 r3 = 90BCF60C [90BCF614] = 00000000
800D0868: D0030008 stfs f0,8(r3) f0 = 2.40286 r3 = 90BCF60C [90BCF614] = 4019C87C
[/spoiler]
Perhaps the volatile isn't the right path for this. I think that other addresses on the stack would relate to the acceleration. This will eventually lead to a timer if in luck.
Here's one of them that looks interesting.
[spoiler]CR:28200488 XER:20000000 CTR:8032FEB0 DSIS:02400000
DAR:90BCF5F0 SRR0:800DD758 SRR1:0000A032 LR:800DD754
r0:00000030 r1:8071C8E8 r2:8070FAC0 r3:90BCF5DC
r4:00000000 r5:00000050 r6:FFFFFFFF r7:FFFFFFFF
r8:00000016 r9:90BCE7C8 r10:00000006 r11:8071C908
r12:8032FEB0 r13:8070AEE0 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:80D013D8
r20:805359B4 r21:80A68268 r22:00000001 r23:80A68268
r24:00000000 r25:0000C7C1 r26:00000000 r27:90B15050
r28:90BCE7C8 r29:8071C910 r30:00000000 r31:00000000
f0:BF800000 f1:00000000 f2:BF800000 f3:4313999A
f4:59800004 f5:00000000 f6:3638B94F f7:BDF13E3A
f8:BC406B0B f9:3E652584 f10:3F797DA4 f11:3F7FFB7B
f12:C3BF8CD0 f13:45A8114B f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:00000000 f31:BF800000[/spoiler]
Function:
[spoiler]800DD6D0: 9421FFE0 stwu r1,-32(r1)
800DD6D4: 7C0802A6 mflr r0
800DD6D8: 90010024 stw r0,36(r1)
800DD6DC: 39610020 addi r11,r1,32
800DD6E0: 482C5D95 bl 0x803a3474
800DD6E4: 80A30E28 lwz r5,3624(r3)
800DD6E8: 7C7C1B78 mr r28,r3
800DD6EC: 80040000 lwz r0,0(r4)
800DD6F0: 7C9D2378 mr r29,r4Here's r29. what's r4? let's call the stack. Look into the next function spoiler
800DD6F4: 7C050000 cmpw r5,r0
800DD6F8: 41820064 beq- 0x800dd75c
800DD6FC: 3BC00000 li r30,0
800DD700: 3BE00000 li r31,0
800DD704: 4800003C b 0x800dd740
800DD708: 801C0E24 lwz r0,3620(r28)
800DD70C: 7C80FA14 add r4,r0,r31
800DD710: 88040008 lbz r0,8(r4)
800DD714: 2C000000 cmpwi r0,0
800DD718: 41820014 beq- 0x800dd72c
800DD71C: 806DAF1C lwz r3,-20708(r13)
800DD720: 80840000 lwz r4,0(r4)
800DD724: 480C816D bl 0x801a5890
800DD728: 48000010 b 0x800dd738
800DD72C: 806DAF1C lwz r3,-20708(r13)
800DD730: 80840000 lwz r4,0(r4)
800DD734: 480C81AD bl 0x801a58e0
800DD738: 3BDE0001 addi r30,r30,1
800DD73C: 3BFF000C addi r31,r31,12
800DD740: 801C0E20 lwz r0,3616(r28)
800DD744: 7C1E0000 cmpw r30,r0
800DD748: 4180FFC0 blt+ 0x800dd708
800DD74C: 387C0E14 addi r3,r28,3604
800DD750: 48003DC1 bl 0x800e1510
800DD754: 801D0000 lwz r0,0(r29)reads here ( lets look up r29)
800DD758: 901C0E28 stw r0,3624(r28)writes here.
800DD75C: 801D0000 lwz r0,0(r29)
800DD760: 2C000000 cmpwi r0,0
800DD764: 4080000C bge- 0x800dd770
800DD768: 38000000 li r0,0
800DD76C: 901D0000 stw r0,0(r29)
800DD770: C01D0008 lfs f0,8(r29)
800DD774: C0228890 lfs f1,-30576(r2)
800DD778: FC000840 fcmpo cr0,f0,f1
800DD77C: 40800018 bge- 0x800dd794
800DD780: C01C106C lfs f0,4204(r28)
800DD784: FC000840 fcmpo cr0,f0,f1
800DD788: 4C411382 cror 2,1,2
800DD78C: 40820008 bne- 0x800dd794
800DD790: D01D0008 stfs f0,8(r29)
800DD794: 7FA4EB78 mr r4,r29
800DD798: 387C01CC addi r3,r28,460
800DD79C: 481450E5 bl 0x80222880
800DD7A0: 801C0E30 lwz r0,3632(r28)
800DD7A4: 2C000000 cmpwi r0,0
800DD7A8: 41820028 beq- 0x800dd7d0
800DD7AC: 38000002 li r0,2
800DD7B0: 901D001C stw r0,28(r29)
800DD7B4: 807C0E30 lwz r3,3632(r28)
800DD7B8: 81830000 lwz r12,0(r3)
800DD7BC: 818C011C lwz r12,284(r12)
800DD7C0: 7D8903A6 mtctr r12
800DD7C4: 4E800421 bctrl
800DD7C8: 7FA4EB78 mr r4,r29
800DD7CC: 481450B5 bl 0x80222880
800DD7D0: 39610020 addi r11,r1,32
800DD7D4: 482C5CED bl 0x803a34c0
800DD7D8: 80010024 lwz r0,36(r1)
800DD7DC: 7C0803A6 mtlr r0
800DD7E0: 38210020 addi r1,r1,32
800DD7E4: 4E800020 blr
[/spoiler]
Function for r4
[spoiler]8009AE70: 9421FFD0 stwu r1,-48(r1)
8009AE74: 7C0802A6 mflr r0
8009AE78: 90010034 stw r0,52(r1)
8009AE7C: BFC10028 stmw r30,40(r1)
8009AE80: 7C7E1B78 mr r30,r3
8009AE84: 7C9F2378 mr r31,r4
8009AE88: 38610008 addi r3,r1,8
8009AE8C: 481893D5 bl 0x80224260
8009AE90: 57E0083C rlwinm r0,r31,1,0,30
8009AE94: 7C7E0214 add r3,r30,r0
8009AE98: A8031380 lha r0,4992(r3)
8009AE9C: 90010008 stw r0,8(r1)
8009AEA0: 2C000000 cmpwi r0,0
8009AEA4: 4080001C bge- 0x8009aec0
8009AEA8: A81E1380 lha r0,4992(r30)
8009AEAC: 90010008 stw r0,8(r1)
8009AEB0: 2C000000 cmpwi r0,0
8009AEB4: 4080000C bge- 0x8009aec0
8009AEB8: 38000000 li r0,0
8009AEBC: 90010008 stw r0,8(r1) here's r1+8. r0 =0 if r0 <0
8009AEC0: 7FC3F378 mr r3,r30
8009AEC4: 38810008 addi r4,r1,8here's r4 which is coming from r1+8
8009AEC8: 48042809 bl 0x800dd6d0
8009AECC: BBC10028 lmw r30,40(r1)
8009AED0: 80010034 lwz r0,52(r1)
8009AED4: 7C0803A6 mtlr r0
8009AED8: 38210030 addi r1,r1,48
8009AEDC: 4E800020 blr
[/spoiler]
When looking for a timer, keep in mind that some timers are up-counting instead of down-counting.
Your previous post (with the log steps on the stfs f0) look like they're close. f0 clearly changes whenever you're dashing, to be larger values. But that's a leaf function (notice that there is no stwu/mflr/.../mtlr/blr; it's just blr), and those are generally not good for hooking.
If a function is too long to copy into the forum post, then you can trim some parts. There are really only three places that are interesting: the first 50 or so instructions (to see parameters being passed in from the caller); about 50 instructions around the bl or breakpoint instruction; and about 50 instructions at the very end (to see any return values being passed back to the caller)
---
8009AEA8: A81E1380 lha r0,4992(r30)
8009AEAC: 90010008 stw r0,8(r1)
8009AEB0: 2C000000 cmpwi r0,0
8009AEB4: 4080000C bge- 0x8009aec0
8009AEB8: 38000000 li r0,0
8009AEBC: 90010008 stw r0,8(r1)
8009AEC0: 7FC3F378 mr r3,r30
8009AEC4: 38810008 addi r4,r1,8
This is putting a pointer to some value on the stack into r4. r4 will now point at 8(r1). Conveniently, a few instructions previous is stw-ing r0 to that very address. And just before that, it's lha-ing r0 from r30. r30 came from from the previous caller (passed to this function via r3)
Try setting an execute BP on 8009AEB0 with the log on and see if there's any difference with r0 when you dash and when you don't.
Here's more functions relating to the dash. Getting closer!
[spoiler]80085B00: A8C40000 lha r6,0(r4)
80085B04: 2C06FFFF cmpwi r6,-1
80085B08: 4D820020 beqlr-
80085B0C: 80A30010 lwz r5,16(r3)
80085B10: A8040002 lha r0,2(r4)
80085B14: B0C51380 sth r6,4992(r5)
80085B18: A9840004 lha r12,4(r4)
80085B1C: 80A30010 lwz r5,16(r3)
80085B20: A9640006 lha r11,6(r4)
80085B24: B0051382 sth r0,4994(r5)
80085B28: A9440008 lha r10,8(r4)
80085B2C: 80A30010 lwz r5,16(r3)
80085B30: A904000A lha r8,10(r4)
80085B34: B1851384 sth r12,4996(r5)
80085B38: A8E4000C lha r7,12(r4)
80085B3C: 80A30010 lwz r5,16(r3)
80085B40: A8C4000E lha r6,14(r4)
80085B44: B1651388 sth r11,5000(r5)
80085B48: A8A40010 lha r5,16(r4)
80085B4C: 81230010 lwz r9,16(r3)
80085B50: A8040012 lha r0,18(r4)
80085B54: B1491386 sth r10,4998(r9)
80085B58: 80830010 lwz r4,16(r3)
80085B5C: B104139E sth r8,5022(r4)
80085B60: 80830010 lwz r4,16(r3)
80085B64: B18413A0 sth r12,5024(r4)
80085B68: 80830010 lwz r4,16(r3)
80085B6C: B16413A4 sth r11,5028(r4)
80085B70: 80830010 lwz r4,16(r3)
80085B74: B14413A2 sth r10,5026(r4)
80085B78: 80830010 lwz r4,16(r3)
80085B7C: B0E413BE sth r7,5054(r4)
80085B80: 80830010 lwz r4,16(r3)
80085B84: B0C413C2 sth r6,5058(r4)
80085B88: 80830010 lwz r4,16(r3)
80085B8C: B0A413C0 sth r5,5056(r4)
80085B90: 80830010 lwz r4,16(r3)
80085B94: B00413C4 sth r0,5060(r4)
80085B98: 8063019C lwz r3,412(r3)
80085B9C: 800DAC9C lwz r0,-21348(r13)
80085BA0: 80830008 lwz r4,8(r3)
80085BA4: 7C040000 cmpw r4,r0
80085BA8: 4C820020 bnelr-
80085BAC: 388DAC9C subi r4,r13,21348
80085BB0: 48000C50 b 0x80086800
...
[/spoiler]
New address where it only appears when dashing
Registers
[spoiler]CR:28200488 XER:20000000 CTR:00000003 DSIS:02400000
DAR:90BCFD80 SRR0:800D825C SRR1:0000A032 LR:8007F63C
r0:00000000 r1:8071C958 r2:8070FAC0 r3:90BCE7C8
r4:8007F030 r5:90BCE7C8 r6:00000008 r7:90BCE7D0
r8:80D01B20 r9:00000000 r10:8071C768 r11:8071CA58
r12:80080500 r13:8070AEE0 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:80D013D8
r20:805359B4 r21:80A68268 r22:00000001 r23:80A68268
r24:00000000 r25:0000BF77 r26:00000000 r27:90B15050
r28:91ED4338 r29:91EE0DF8 r30:91ED3C98 r31:90BCE7C8
f0:00000000 f1:3F800000 f2:00000000 f3:44A20F54
f4:00000000 f5:00000000 f6:3638B94F f7:BDF13E3A
f8:BC406B0B f9:3E652584 f10:3F797DA4 f11:3F7FFB7B
f12:413577FD f13:45A8114B f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:59800004 f31:40800000[/spoiler]
Function
[spoiler]800D8240: 38000004 li r0,4
800D8244: 38C00000 li r6,0 r6 loads 0
800D8248: 7C0903A6 mtctr r0
800D824C: 7CE33214 add r7,r3,r6
800D8250: 800715B0 lwz r0,5552(r7)
800D8254: 2C000000 cmpwi r0,0
800D8258: 40820010 bne- 0x800d8268
800D825C: 908715B0 stw r4,5552(r7) this is the address I broke on
800D8260: 90A715B4 stw r5,5556(r7) this is the next address that it writes on
800D8264: 4E800020 blr
800D8268: 38C60008 addi r6,r6,8
800D826C: 4200FFE0 bdnz+ 0x800d824c
800D8270: 4E800020 blr
[/spoiler]