Text only | Text with Images

WiiRd forum

Wii & Gamecube Hacking => Wii Game hacking help => Topic started by: Patedj on April 18, 2011, 04:18:16 AM

Title: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 04:18:16 AM
What is wrong with this?

This is for Health
My function
[spoiler]
800141E8 --> writes

bl 0x08
bc 22,8,0x80003104
mflr r12
lfs f0,0(r12)
lfs f1,0(r4)
fadds f1,f0,f1
stfs f0,0(r3)[/spoiler]

Code
[spoiler]
4E00000C 00000000
C20141E8 00000004
48000009 42C80000
7D8802A6 C00C0000
C0240000 EC20082A
D0030000 00000000
14000000 00000000
28234F18 00000C00
14000000 42C80000
E0000000 80008000[/spoiler]

Functions attached
Title: Re: Sea Monsters [RC7P7J]
Post by: dcx2 on April 18, 2011, 05:34:28 AM
Quote from: Patedj on April 18, 2011, 04:18:16 AM
What is wrong with this?

It's crashing, huh?

Open up the All Frames dump.  Scroll to the middle, where the indentation is deepest, and you'll see the registers and such.  That's the "current instruction".

Look at the current function.  There is no stwu/mflr/.../mtlr/blr.  There is only blr.  This function is a leaf function; it creates no stack frame and therefore it does not preserve the LR.  When you do the bl trick, you wipe out the old LR, causing the game to crash.  Do this instead for leaf functions.

mflr r0    # preserve LR so bl trick doesn't crash the game
bl _SKIP_DATA
.float 100.0
_SKIP_DATA:
mflr r12
mtlr r0   # restore LR
lfs f0,0(r12)
lfs f1,0(r4)
fadds f1,f0,f1
stfs f0,0(r3)

EDIT:

By the way, since I'm pedantic about language...

It's not "called stacks log".  It feels like you're using stack as a verb again...remember, stack is a noun.  Also, there is only one stack, and it is pointed to by r1, the stack pointer.  There is a "call stack listbox" on the disassembly tab, but the "call stack" is just a list of functions in the order they were called, and it is derived by parsing the stack for the LR Save Word, which points to the caller.  And it's not really a "log", because a log implies that a series of instructions were recorded as they were executed.  This is more like a dump, because not all of those instructions have been executed.
Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 05:59:00 AM
4E00000C 00000000 --> is this my problem I think C should be 10
C20141E8 00000005
7C0802A6 48000009
42C80000 7D8802A6 ----> this is where I want to inject so,
7C0803A6 C00C0000
C0240000 EC20082A
D0030000 00000000
14000000 00000000
28234F18 00000C00
14000000 42C80000
E0000000 80008000

still crashing
Alright, so 00000000 kills everything!
I replaced this with 42c8 = 100

This 42C8 can be more or 0000 if I can branch or create a anti death for the hero. Let's do it!
Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 09:55:24 AM
Temporary fix (I'd like to find what takes away and stop HP() from calling DAMAGE()
replaced the load f1 to f0 and it works.

This is for the AIs too
HP at 100
040141E8 D0030000

Stamina at 100
04014148 D0030008

Oxygen at 200
04014198 D0030010
Title: Re: Sea Monsters [RC7P7J]
Post by: Deathwolf on April 18, 2011, 10:13:44 AM
What the hell does the bl trick do?  :confused:

Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 10:21:28 AM
You use a remote button activator to replace a float value.
Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 10:41:00 AM
Hp re-generator (Press Buttons AB)
4E000010 00000000
C20141E8 00000005
7C0802A6 48000009
42C80000 7D8802A6
7C0803A6 C00C0000
C0240000 EC20082A
D0030000 00000000
14000000 42C80000
28234F1A 00000C00
14000000 00000000
E0000000 80008000
*Effects AI too*
Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 11:03:27 AM
So there's two LRs Reading.
1.80046E14
2.8001D590

And 1 writing: 2.8001D590

Hypothesis: 1 is the AI and the 2 is the Hero.
Function AI:
[spoiler]80046D90:  9421FFF0   stwu   r1,-16(r1)
80046D94:  7C0802A6   mflr   r0
80046D98:  90010014   stw   r0,20(r1)
80046D9C:  93E1000C   stw   r31,12(r1)
80046DA0:  7C7F1B78   mr   r31,r3
80046DA4:  8003004C   lwz   r0,76(r3)
80046DA8:  2C000003   cmpwi   r0,3
80046DAC:  418200A0   beq-   0x80046e4c
80046DB0:  2C000004   cmpwi   r0,4
80046DB4:  41820098   beq-   0x80046e4c
80046DB8:  2C000002   cmpwi   r0,2
80046DBC:  40820034   bne-   0x80046df0
80046DC0:  80830068   lwz   r4,104(r3)
80046DC4:  C043001C   lfs   f2,28(r3)
80046DC8:  C0240060   lfs   f1,96(r4)
80046DCC:  C0028A7C   lfs   f0,-30084(r2)
80046DD0:  EC220828   fsubs   f1,f2,f1
80046DD4:  FC200A10   fabs   f1,f1
80046DD8:  FC200818   frsp   f1,f1
80046DDC:  FC010040   fcmpo   cr0,f1,f0
80046DE0:  4080006C   bge-   0x80046e4c
80046DE4:  38000000   li   r0,0
80046DE8:  9003004C   stw   r0,76(r3)
80046DEC:  48000060   b   0x80046e4c AI
80046DF0:  80630068   lwz   r3,104(r3)
80046DF4:  C00289FC   lfs   f0,-30212(r2)
80046DF8:  806300F0   lwz   r3,240(r3)
80046DFC:  C0230014   lfs   f1,20(r3)
80046E00:  FC010040   fcmpo   cr0,f1,f0
80046E04:  7C000026   mfcr   r0
80046E08:  54000FFF   rlwinm.   r0,r0,1,31,31
80046E0C:  40820040   bne-   0x80046e4c
80046E10:  4BFCD3B9   bl   0x800141c8
80046E14:  C0028A54   lfs   f0,-30124(r2)
80046E18:  FC010040   fcmpo   cr0,f1,f0
80046E1C:  40800010   bge-   0x80046e2c
80046E20:  38000001   li   r0,1
80046E24:  901F004C   stw   r0,76(r31)
80046E28:  48000024   b   0x80046e4c
80046E2C:  C0028ACC   lfs   f0,-30004(r2)
80046E30:  FC010040   fcmpo   cr0,f1,f0
80046E34:  40810018   ble-   0x80046e4c
80046E38:  801F004C   lwz   r0,76(r31)
80046E3C:  2C000001   cmpwi   r0,1
80046E40:  4082000C   bne-   0x80046e4c
80046E44:  38000002   li   r0,2
80046E48:  901F004C   stw   r0,76(r31)
80046E4C:  80010014   lwz   r0,20(r1)
80046E50:  83E1000C   lwz   r31,12(r1)
80046E54:  7C0803A6   mtlr   r0
80046E58:  38210010   addi   r1,r1,16
80046E5C:  4E800020   blr   
[/spoiler]
Function Hero:
[spoiler]8001D410:  9421FFA0   stwu   r1,-96(r1)
8001D414:  7C0802A6   mflr   r0
8001D418:  90010064   stw   r0,100(r1)
8001D41C:  DBE10050   stfd   f31,80(r1)
8001D420:  F3E10058   psq_st   f31,88(r1),0,0
8001D424:  DBC10040   stfd   f30,64(r1)
8001D428:  F3C10048   psq_st   f30,72(r1),0,0
8001D42C:  DBA10030   stfd   f29,48(r1)
8001D430:  F3A10038   psq_st   f29,56(r1),0,0
8001D434:  39610030   addi   r11,r1,48
8001D438:  480754C5   bl   0x800928fc
8001D43C:  88030004   lbz   r0,4(r3)
8001D440:  7C7C1B78   mr   r28,r3
8001D444:  7C9D2378   mr   r29,r4
8001D448:  7CBE2B78   mr   r30,r5
8001D44C:  28000001   cmplwi   r0,1
8001D450:  408202F0   bne-   0x8001d740
8001D454:  549F103A   rlwinm   r31,r4,2,0,29
8001D458:  2C850000   cmpwi   cr1,r5,0
8001D45C:  7C83FA14   add   r4,r3,r31
8001D460:  90A401BC   stw   r5,444(r4)
8001D464:  41860254   beq-   cr1,0x8001d6b8
8001D468:  88030029   lbz   r0,41(r3)
8001D46C:  2C000000   cmpwi   r0,0
8001D470:  41820248   beq-   0x8001d6b8
8001D474:  3B400000   li   r26,0
8001D478:  41860018   beq-   cr1,0x8001d490
8001D47C:  80650090   lwz   r3,144(r5)
8001D480:  480198D9   bl   0x80036d58
8001D484:  2C030000   cmpwi   r3,0
8001D488:  40820008   bne-   0x8001d490
8001D48C:  3B400001   li   r26,1
8001D490:  2C1A0000   cmpwi   r26,0
8001D494:  41820224   beq-   0x8001d6b8
8001D498:  801C0054   lwz   r0,84(r28)
8001D49C:  2C000000   cmpwi   r0,0
8001D4A0:  41820024   beq-   0x8001d4c4
8001D4A4:  3C60801B   lis   r3,-32741
8001D4A8:  38800007   li   r4,7
8001D4AC:  38637AA0   addi   r3,r3,31392
8001D4B0:  80630010   lwz   r3,16(r3)
8001D4B4:  4803C7E5   bl   0x80059c98
8001D4B8:  38000001   li   r0,1
8001D4BC:  980D8D28   stb   r0,-29400(r13)
8001D4C0:  48000024   b   0x8001d4e4
8001D4C4:  880D8D28   lbz   r0,-29400(r13)
8001D4C8:  2C000000   cmpwi   r0,0
8001D4CC:  41820018   beq-   0x8001d4e4
8001D4D0:  3C80801B   lis   r4,-32741
8001D4D4:  38847AA0   addi   r4,r4,31392
8001D4D8:  80640010   lwz   r3,16(r4)
8001D4DC:  8084010C   lwz   r4,268(r4)
8001D4E0:  4803C7B9   bl   0x80059c98
8001D4E4:  1F3D002C   mulli   r25,r29,44
8001D4E8:  3B000000   li   r24,0
8001D4EC:  7F5CCA14   add   r26,r28,r25
8001D4F0:  807A007C   lwz   r3,124(r26)
8001D4F4:  C0228304   lfs   f1,-31996(r2)
8001D4F8:  4BFF8865   bl   0x80015d5c
8001D4FC:  3B180001   addi   r24,r24,1
8001D500:  3B5A0004   addi   r26,r26,4
8001D504:  2C18000B   cmpwi   r24,11
8001D508:  4180FFE8   blt+   0x8001d4f0
8001D50C:  809E0090   lwz   r4,144(r30)
8001D510:  7F83E378   mr   r3,r28
8001D514:  48001AE1   bl   0x8001eff4
8001D518:  7C9CFA14   add   r4,r28,r31
8001D51C:  7C781B78   mr   r24,r3
8001D520:  80640070   lwz   r3,112(r4)
8001D524:  C0228360   lfs   f1,-31904(r2)
8001D528:  4BFF8835   bl   0x80015d5c
8001D52C:  7F5CFA14   add   r26,r28,r31
8001D530:  C0228310   lfs   f1,-31984(r2)
8001D534:  807A0100   lwz   r3,256(r26)
8001D538:  4BFF8825   bl   0x80015d5c
8001D53C:  C0228310   lfs   f1,-31984(r2)
8001D540:  7F5BD378   mr   r27,r26
8001D544:  807A010C   lwz   r3,268(r26)
8001D548:  4BFF8815   bl   0x80015d5c
8001D54C:  7FFCFA14   add   r31,r28,r31
8001D550:  C0228310   lfs   f1,-31984(r2)
8001D554:  807F0118   lwz   r3,280(r31)
8001D558:  4BFF8805   bl   0x80015d5c
8001D55C:  7C7CCA14   add   r3,r28,r25
8001D560:  5700103A   rlwinm   r0,r24,2,0,29
8001D564:  7C630214   add   r3,r3,r0
8001D568:  C0228360   lfs   f1,-31904(r2)
8001D56C:  8063007C   lwz   r3,124(r3)
8001D570:  4BFF87ED   bl   0x80015d5c
8001D574:  7F83E378   mr   r3,r28
8001D578:  7FA4EB78   mr   r4,r29
8001D57C:  7FC5F378   mr   r5,r30
8001D580:  7F06C378   mr   r6,r24
8001D584:  48001AF1   bl   0x8001f074
8001D588:  807E00F0   lwz   r3,240(r30)
8001D58C:  4BFF6C3D   bl   0x800141c8 NOP = no depletion of hp graphically!! but still dies
8001D590:  FFE00890   fmr   f31,f1 ---> Hero (Maybe changing f1 will stop the process)
8001D594:  807E00F0   lwz   r3,240(r30)
8001D598:  4BFF6B91   bl   0x80014128branches to the ADD() leaf function. Stamina
8001D59C:  FFC00890   fmr   f30,f1 BLR from ADD() leaf function
8001D5A0:  807E00F0   lwz   r3,240(r30)
8001D5A4:  4BFF6BD5   bl   0x80014178 allows for oxygen regen.
8001D5A8:  FFA00890   fmr   f29,f1
8001D5AC:  7F83E378   mr   r3,r28
8001D5B0:  FC20F890   fmr   f1,f31
8001D5B4:  7FC4F378   mr   r4,r30
8001D5B8:  FC40F090   fmr   f2,f30
8001D5BC:  FC60E890   fmr   f3,f29
8001D5C0:  48001C3D   bl   0x8001f1fc
8001D5C4:  C02283C4   lfs   f1,-31804(r2)
8001D5C8:  38800001   li   r4,1
8001D5CC:  C0028380   lfs   f0,-31872(r2)
8001D5D0:  807A0100   lwz   r3,256(r26)
8001D5D4:  EC2107FA   fmadds   f1,f1,f31,f0
8001D5D8:  4BFFB03D   bl   0x80018614
8001D5DC:  C02283C4   lfs   f1,-31804(r2)
8001D5E0:  38800003   li   r4,3
8001D5E4:  C0028380   lfs   f0,-31872(r2)
8001D5E8:  807A0100   lwz   r3,256(r26)
8001D5EC:  EC2107FA   fmadds   f1,f1,f31,f0
8001D5F0:  4BFFB025   bl   0x80018614
8001D5F4:  FC20F890   fmr   f1,f31
8001D5F8:  807A0100   lwz   r3,256(r26)
8001D5FC:  38800001   li   r4,1
8001D600:  4BFFAFF5   bl   0x800185f4
8001D604:  FC20F890   fmr   f1,f31
8001D608:  807A0100   lwz   r3,256(r26)
8001D60C:  38800003   li   r4,3
8001D610:  4BFFAFE5   bl   0x800185f4
8001D614:  C02283C8   lfs   f1,-31800(r2)
8001D618:  38800001   li   r4,1
8001D61C:  C0028370   lfs   f0,-31888(r2)
8001D620:  807B010C   lwz   r3,268(r27)
8001D624:  EC2107BA   fmadds   f1,f1,f30,f0
8001D628:  4BFFAFED   bl   0x80018614
8001D62C:  C02283C8   lfs   f1,-31800(r2)
8001D630:  38800003   li   r4,3
8001D634:  C0028370   lfs   f0,-31888(r2)
8001D638:  807B010C   lwz   r3,268(r27)
8001D63C:  EC2107BA   fmadds   f1,f1,f30,f0
8001D640:  4BFFAFD5   bl   0x80018614
8001D644:  FC20F090   fmr   f1,f30
8001D648:  807B010C   lwz   r3,268(r27)
8001D64C:  38800001   li   r4,1
8001D650:  4BFFAFA5   bl   0x800185f4
8001D654:  FC20F090   fmr   f1,f30
8001D658:  807B010C   lwz   r3,268(r27)
8001D65C:  38800003   li   r4,3
8001D660:  4BFFAF95   bl   0x800185f4
8001D664:  C02283CC   lfs   f1,-31796(r2)
8001D668:  38800001   li   r4,1
8001D66C:  C002839C   lfs   f0,-31844(r2)
8001D670:  807F0118   lwz   r3,280(r31)
8001D674:  EC21077A   fmadds   f1,f1,f29,f0
8001D678:  4BFFAF9D   bl   0x80018614
8001D67C:  C02283CC   lfs   f1,-31796(r2)
8001D680:  38800003   li   r4,3
8001D684:  C002839C   lfs   f0,-31844(r2)
8001D688:  807F0118   lwz   r3,280(r31)
8001D68C:  EC21077A   fmadds   f1,f1,f29,f0
8001D690:  4BFFAF85   bl   0x80018614
8001D694:  FC20E890   fmr   f1,f29
8001D698:  807F0118   lwz   r3,280(r31)
8001D69C:  38800001   li   r4,1
8001D6A0:  4BFFAF55   bl   0x800185f4
8001D6A4:  FC20E890   fmr   f1,f29
8001D6A8:  807F0118   lwz   r3,280(r31)
8001D6AC:  38800003   li   r4,3
8001D6B0:  4BFFAF45   bl   0x800185f4
8001D6B4:  4800008C   b   0x8001d740
8001D6B8:  2C1E0000   cmpwi   r30,0
8001D6BC:  4182001C   beq-   0x8001d6d8
8001D6C0:  C022830C   lfs   f1,-31988(r2)
8001D6C4:  7F83E378   mr   r3,r28
8001D6C8:  7FC4F378   mr   r4,r30
8001D6CC:  FC400890   fmr   f2,f1
8001D6D0:  FC600890   fmr   f3,f1
8001D6D4:  48001B29   bl   0x8001f1fc
8001D6D8:  7C7CFA14   add   r3,r28,r31
8001D6DC:  C0228304   lfs   f1,-31996(r2)
8001D6E0:  80630070   lwz   r3,112(r3)
8001D6E4:  4BFF8679   bl   0x80015d5c
8001D6E8:  1C1D002C   mulli   r0,r29,44
8001D6EC:  3B000000   li   r24,0
8001D6F0:  7F5C0214   add   r26,r28,r0
8001D6F4:  807A007C   lwz   r3,124(r26)
8001D6F8:  C0228304   lfs   f1,-31996(r2)
8001D6FC:  4BFF8661   bl   0x80015d5c
8001D700:  3B180001   addi   r24,r24,1
8001D704:  3B5A0004   addi   r26,r26,4
8001D708:  2C18000B   cmpwi   r24,11
8001D70C:  4180FFE8   blt+   0x8001d6f4
8001D710:  7C7CFA14   add   r3,r28,r31
8001D714:  C0228304   lfs   f1,-31996(r2)
8001D718:  80630100   lwz   r3,256(r3)
8001D71C:  4BFF8641   bl   0x80015d5c
8001D720:  7C7CFA14   add   r3,r28,r31
8001D724:  C0228304   lfs   f1,-31996(r2)
8001D728:  8063010C   lwz   r3,268(r3)
8001D72C:  4BFF8631   bl   0x80015d5c
8001D730:  7C7CFA14   add   r3,r28,r31
8001D734:  C0228304   lfs   f1,-31996(r2)
8001D738:  80630118   lwz   r3,280(r3)
8001D73C:  4BFF8621   bl   0x80015d5c
8001D740:  E3E10058   psq_l   f31,88(r1),0,0
8001D744:  CBE10050   lfd   f31,80(r1)
8001D748:  E3C10048   psq_l   f30,72(r1),0,0
8001D74C:  CBC10040   lfd   f30,64(r1)
8001D750:  E3A10038   psq_l   f29,56(r1),0,0
8001D754:  39610030   addi   r11,r1,48
8001D758:  CBA10030   lfd   f29,48(r1)
8001D75C:  480751ED   bl   0x80092948
8001D760:  80010064   lwz   r0,100(r1)
8001D764:  7C0803A6   mtlr   r0
8001D768:  38210060   addi   r1,r1,96
8001D76C:  4E800020   blr   
[/spoiler]
Let's see what happens if I nop the branch. Nothing... let's change the r3.
Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 01:29:06 PM
There seems to be a different branch for subtracting. Let's call it SUB()
Registers:
[spoiler] CR:88200088  XER:00000000  CTR:8001F014 DSIS:02400000
DAR:807FA780 SRR0:8001420C SRR1:0000B032   LR:8001D590
  r0:8001D588   r1:80319858   r2:8030EEC0   r3:807FA780
  r4:807FA780   r5:80305E90   r6:00000000   r7:80016320
  r8:000002C0   r9:0000000F  r10:807E8C5C  r11:80319888
r12:80114324  r13:8030CF80  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:00000000
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:00000000  r25:00000000  r26:8084DA5C  r27:8084DA5C
r28:8084DA5C  r29:00000000  r30:80C3447C  r31:8084DA5C

  f0:42C80000   f1:423C3419   f2:3F000008   f3:3F000008
  f4:3F800000   f5:3F800000   f6:00000000   f7:3F14B7D0
  f8:3ED6905F   f9:3F14B7D0  f10:80000000  f11:BF686FA9
f12:80000000  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:00000000[/spoiler]
Function:
[spoiler]800141C8:  C0230000   lfs   f1,0(r3)
800141CC:  C0030004   lfs   f0,4(r3)
800141D0:  FC010040   fcmpo   cr0,f1,f0
800141D4:  4080000C   bge-   0x800141e0
800141D8:  7C641B78   mr   r4,r3
800141DC:  48000008   b   0x800141e4
800141E0:  38830004   addi   r4,r3,4
800141E4:  C0240000   lfs   f1,0(r4)
800141E8:  D0230000   stfs   f1,0(r3)
800141EC:  C00D8070   lfs   f0,-32656(r13)
800141F0:  FC000840   fcmpo   cr0,f0,f1
800141F4:  4080000C   bge-   0x80014200
800141F8:  7C641B78   mr   r4,r3
800141FC:  48000008   b   0x80014204
80014200:  388D8070   subi   r4,r13,32656subs the HP
80014204:  C0240000   lfs   f1,0(r4)
80014208:  C0030004   lfs   f0,4(r3)
8001420C:  D0230000   stfs   f1,0(r3) write second time on same address.
80014210:  EC210024   fdivs   f1,f1,f0
80014214:  4E800020   blr   
[/spoiler]

Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 01:48:10 PM
The last one didn't satisfy me so I chose another write on the address and found this LR which stops the HP to subtract
Function
[spoiler]80014508:  9421FFE0   stwu   r1,-32(r1)
8001450C:  7C0802A6   mflr   r0
80014510:  2C040000   cmpwi   r4,0
80014514:  90010024   stw   r0,36(r1)
80014518:  93E1001C   stw   r31,28(r1)
8001451C:  93C10018   stw   r30,24(r1)
80014520:  7C9E2378   mr   r30,r4
80014524:  93A10014   stw   r29,20(r1)
80014528:  7C7D1B78   mr   r29,r3
8001452C:  41820080   beq-   0x800145ac
80014530:  80030000   lwz   r0,0(r3)
80014534:  2C000000   cmpwi   r0,0
80014538:  4082002C   bne-   0x80014564
8001453C:  38600078   li   r3,120
80014540:  38800004   li   r4,4
80014544:  38A00001   li   r5,1
80014548:  48100009   bl   0x80114550
8001454C:  2C030000   cmpwi   r3,0
80014550:  7C7F1B78   mr   r31,r3
80014554:  4182000C   beq-   0x80014560
80014558:  7FC4F378   mr   r4,r30
8001455C:  4BFFD911   bl   0x80011e6c
80014560:  93FD0000   stw   r31,0(r29)
80014564:  3FE0801B   lis   r31,-32741
80014568:  3BFF7AA0   addi   r31,r31,31392
8001456C:  881F01B8   lbz   r0,440(r31)
80014570:  2C000000   cmpwi   r0,0
80014574:  40820040   bne-   0x800145b4
80014578:  881E0132   lbz   r0,306(r30)
8001457C:  2C000000   cmpwi   r0,0
80014580:  41820034   beq-   0x800145b4
80014584:  881F0184   lbz   r0,388(r31)
80014588:  2C000000   cmpwi   r0,0
8001458C:  41820028   beq-   0x800145b4
80014590:  807D0000   lwz   r3,0(r29)
80014594:  7FC4F378   mr   r4,r30
80014598:  38BE005C   addi   r5,r30,92
8001459C:  4BFFDEE9   bl   0x80012484
800145A0:  38000000   li   r0,0
800145A4:  981F0184   stb   r0,388(r31)
800145A8:  4800000C   b   0x800145b4
800145AC:  38000000   li   r0,0
800145B0:  90030000   stw   r0,0(r3)
800145B4:  807E00A4   lwz   r3,164(r30)
800145B8:  2C030000   cmpwi   r3,0
800145BC:  4182002C   beq-   0x800145e8
800145C0:  881E0132   lbz   r0,306(r30)
800145C4:  2C000000   cmpwi   r0,0
800145C8:  41820018   beq-   0x800145e0
800145CC:  80BE00A8   lwz   r5,168(r30)
800145D0:  7FC4F378   mr   r4,r30
800145D4:  7FA6EB78   mr   r6,r29
800145D8:  4BFFC389   bl   0x80010960
800145DC:  4800000C   b   0x800145e8
800145E0:  7FC4F378   mr   r4,r30
800145E4:  4BFFA929   bl   0x8000ef0c
800145E8:  801E0090   lwz   r0,144(r30)
800145EC:  2C000001   cmpwi   r0,1
800145F0:  418200AC   beq-   0x8001469c
800145F4:  807E0074   lwz   r3,116(r30)
800145F8:  2C030000   cmpwi   r3,0
800145FC:  41820084   beq-   0x80014680
80014600:  800300CC   lwz   r0,204(r3)
80014604:  2C000000   cmpwi   r0,0
80014608:  41820078   beq-   0x80014680
8001460C:  809E00CC   lwz   r4,204(r30)
80014610:  48120C81   bl   0x80135290
80014614:  7C641B78   mr   r4,r3
80014618:  807E0074   lwz   r3,116(r30)
8001461C:  38A00000   li   r5,0
80014620:  48120D51   bl   0x80135370
80014624:  2C030000   cmpwi   r3,0
80014628:  41820058   beq-   0x80014680
8001462C:  801E0090   lwz   r0,144(r30)
80014630:  2C000003   cmpwi   r0,3
80014634:  4082002C   bne-   0x80014660
80014638:  388D8F10   subi   r4,r13,28912
8001463C:  C0028154   lfs   f0,-32428(r2)
80014640:  C0240004   lfs   f1,4(r4)
80014644:  C0430034   lfs   f2,52(r3)
80014648:  EC010028   fsubs   f0,f1,f0
8001464C:  FC020040   fcmpo   cr0,f2,f0
80014650:  4C411382   cror   2,1,2
80014654:  4082002C   bne-   0x80014680
80014658:  38800001   li   r4,1
8001465C:  48000028   b   0x80014684
80014660:  388D8F10   subi   r4,r13,28912
80014664:  C0230034   lfs   f1,52(r3)
80014668:  C0040004   lfs   f0,4(r4)
8001466C:  FC010040   fcmpo   cr0,f1,f0
80014670:  4C411382   cror   2,1,2
80014674:  4082000C   bne-   0x80014680
80014678:  38800001   li   r4,1
8001467C:  48000008   b   0x80014684
80014680:  38800000   li   r4,0
80014684:  807E00F0   lwz   r3,240(r30)
80014688:  7FC5F378   mr   r5,r30
8001468C:  4BFFF021   bl   0x800136ac
80014690:  807E00F0   lwz   r3,240(r30)
80014694:  389E005C   addi   r4,r30,92
80014698:  4BFFF78D   bl   0x80013e24 Branches to a float subtracting leaf. (NOP!) Let's see.
8001469C:  80010024   lwz   r0,36(r1)
800146A0:  83E1001C   lwz   r31,28(r1)
800146A4:  83C10018   lwz   r30,24(r1)
800146A8:  83A10014   lwz   r29,20(r1)
800146AC:  7C0803A6   mtlr   r0
800146B0:  38210020   addi   r1,r1,32
800146B4:  4E800020   blr   
[/spoiler]
Title: Re: Sea Monsters [RC7P7J]
Post by: Patedj on April 18, 2011, 01:58:55 PM
Success!!
The combination of
Hero Sub Branch Nop + HP rejuvenator = The Death Wish

Swap the HP Rejuvanator for a zero sum button activator and voila!
Edited with dcx2 suggestion
Zero Sum
0401D58C 60000000 ---> HP hero HP(ADD) \ ___ Nopped
04014698 60000000 ---> HP Hero HP(SUB) /
4E000010 00000000
C20141E8 00000004
7C0802A6 48000009
40000050 7D8802A6
7C0803A6 C00C0000
D0030000 00000000
14000000 40000050
28234F1A 00000C00
14000000 00000000
E0000000 80008000
*All die except the Hero*
Re Edit:
The Blue part you can replace the AI's HP (40000050 makes them weak)

The Red part you can trigger your death wish.
Title: Re: Sea Monsters [RC7P7J]
Post by: dcx2 on April 18, 2011, 02:31:33 PM
Quote from: Patedj on April 18, 2011, 05:59:00 AM
4E00000C 00000000 --> is this my problem I think C should be 10
C20141E8 00000005
7C0802A6 48000009
42C80000 7D8802A6 ----> this is where I want to inject so,
7C0803A6 C00C0000
C0240000 EC20082A
D0030000 00000000
14000000 00000000
28234F18 00000C00
14000000 42C80000
E0000000 80008000

still crashing
Alright, so 00000000 kills everything!
I replaced this with 42c8 = 100

Ahh, I totally forgot to remind you about that.  Yes, the 4E code has changed from C to 10, because the mflr has pushed the data back by one word.

Also, look at the end of this code.  Did you intend to add to the character's health, or outright replace it?

mflr r0    # preserve LR so bl trick doesn't crash the game
bl _SKIP_DATA
.float 100.0
_SKIP_DATA:
mflr r12
mtlr r0   # restore LR
lfs f0,0(r12)
lfs f1,0(r4)
fadds f1,f0,f1
stfs f0,0(r3)
Text only | Text with Images