Hi
Game gi joe RIJP69
I'm trying to make the score go to 50000 points but i'm stuck on witch lwz i should use.
This is what i have in breakpoint search
[spoiler]80022530: 480000B8 b 0x800225e8
80022534: 2C030000 cmpwi r3,0
80022538: 40800010 bge- 0x80022548
8002253C: 38000000 li r0,0
80022540: 901C0020 stw r0,32(r28)
80022544: 480000A4 b 0x800225e8
80022548: 7C030040 cmplw r3,r0
8002254C: 41810008 bgt- 0x80022554
80022550: 7C601B78 mr r0,r3
80022554: 3C60804E lis r3,-32690
80022558: 901C0020 stw r0,32(r28)
8002255C: 3863CD40 subi r3,r3,12992
80022560: 80630078 lwz r3,120(r3)
80022564: 2C030000 cmpwi r3,0
80022568: 41820080 beq- 0x800225e8
8002256C: 80030008 lwz r0,8(r3)
80022570: 2C000002 cmpwi r0,2
80022574: 40820074 bne- 0x800225e8
80022578: 801F145C lwz r0,5212(r31)
8002257C: 1C000490 mulli r0,r0,1168
80022580: 7C7F0214 add r3,r31,r0
80022584: 8003002C lwz r0,44(r3)
80022588: 2C000000 cmpwi r0,0
8002258C: 4082005C bne- 0x800225e8
80022590: 2C040000 cmpwi r4,0
80022594: 40810054 ble- 0x800225e8
80022598: 2C1E0000 cmpwi r30,0
8002259C: 40820024 bne- 0x800225c0
800225A0: 6C808000 xoris r0,r4,32768
800225A4: 9001000C stw r0,12(r1)
800225A8: C8428170 lfd f2,-32400(r2)
800225AC: C8210008 lfd f1,8(r1)
800225B0: C01F1564 lfs f0,5476(r31)
800225B4: EC211028 fsubs f1,f1,f2
800225B8: EC00082A fadds f0,f0,f1
800225BC: D01F1564 stfs f0,5476(r31)
800225C0: 2C1E0001 cmpwi r30,1
800225C4: 40820024 bne- 0x800225e8
800225C8: 6C808000 xoris r0,r4,32768
800225CC: 90010014 stw r0,20(r1)
800225D0: C8428170 lfd f2,-32400(r2)
800225D4: C8210010 lfd f1,16(r1)
800225D8: C01F1568 lfs f0,5480(r31)
800225DC: EC211028 fsubs f1,f1,f2
800225E0: EC00082A fadds f0,f0,f1
800225E4: D01F1568 stfs f0,5480(r31)
800225E8: 2C040000 cmpwi r4,0
800225EC: 40810014 ble- 0x80022600
800225F0: 801F145C lwz r0,5212(r31)
800225F4: 1C000490 mulli r0,r0,1168
800225F8: 7C7F0214 add r3,r31,r0
800225FC: 90830020 stw r4,32(r3)
80022600: 38600000 li r3,0
80022604: 48000008 b 0x8002260c
80022608: 38600001 li r3,1
8002260C: 39610040 addi r11,r1,64
80022610: E3E10048 psq_l f31,72(r1),0,0
80022614: CBE10040 lfd f31,64(r1)
80022618: 483F31F9 bl 0x80415810
8002261C: 80010054 lwz r0,84(r1[/spoiler]
and which one is your address of the breakpoint?
i lost it all so i just done it again
this is the address 80E6A3E0
[spoiler]800043B8: 4182001C beq- 0x800043d4
800043BC: 54E4402E rlwinm r4,r7,8,0,23
800043C0: 54E3C00E rlwinm r3,r7,24,0,7
800043C4: 54E0801E rlwinm r0,r7,16,0,15
800043C8: 7CE42378 or r4,r7,r4
800043CC: 7C600378 or r0,r3,r0
800043D0: 7C870378 or r7,r4,r0
800043D4: 54A0D97F rlwinm. r0,r5,27,5,31
800043D8: 3866FFFD subi r3,r6,3
800043DC: 4182002C beq- 0x80004408
800043E0: 90E30004 stw r7,4(r3)
800043E4: 3400FFFF subic. r0,r0,1
800043E8: 90E30008 stw r7,8(r3)
800043EC: 90E3000C stw r7,12(r3)
800043F0: 90E30010 stw r7,16(r3)
800043F4: 90E30014 stw r7,20(r3)
800043F8: 90E30018 stw r7,24(r3)
800043FC: 90E3001C stw r7,28(r3)
80004400: 94E30020 stwu r7,32(r3)
80004404: 4082FFDC bne+ 0x800043e0
80004408: 54A0F77F rlwinm. r0,r5,30,29,31
8000440C: 41820010 beq- 0x8000441c
80004410: 3400FFFF subic. r0,r0,1
80004414: 94E30004 stwu r7,4(r3)
80004418: 4082FFF8 bne+ 0x80004410
8000441C: 38C30003 addi r6,r3,3
80004420: 54A507BE rlwinm r5,r5,0,30,31
80004424: 2C050000 cmpwi r5,0
80004428: 4D820020 beqlr-
8000442C: 34A5FFFF subic. r5,r5,1
80004430: 9CE60001 stbu r7,1(r6)
80004434: 4082FFF8 bne+ 0x8000442c
80004438: 4E800020 blr
8000443C: 9421FFF0 stwu r1,-16(r1)
80004440: 7C0802A6 mflr r0
80004444: 90010014 stw r0,20(r1)
80004448: 93E1000C stw r31,12(r1)
8000444C: 7C7F1B78 mr r31,r3
80004450: 4BFFFF39 bl 0x80004388
80004454: 7FE3FB78 mr r3,r31
80004458: 83E1000C lwz r31,12(r1)
8000445C: 80010014 lwz r0,20(r1)
80004460: 7C0803A6 mtlr r0
80004464: 38210010 addi r1,r1,16
80004468: 4E800020 blr
8000446C: 4D657472 .word 0x4d657472
80004470: 6F776572 xoris r23,r27,25970
80004474: 6B732054 xori r19,r27,8276
80004478: 61726765 ori r18,r11,26469
8000447C: 74205265 andis. r0,r1,21093
80004480: 73696465 andi. r9,r27,25701
80004484: 6E74204B xoris r20,r19,8267
80004488: 65726E65 oris r18,r11,28261
8000448C: 6C20666F xoris r0,r1,26223
80004490: 7220506F andi. r0,r17,20591
80004494: 77657250 andis. r5,r27,29264
80004498: 43000000 bdnz- 0x80004498
8000449C: 00000000 .word 0x00000000
800044A0: 00000000 .word 0x00000000
800044A4: 00000000 .word 0x00000000[/spoiler]
No I mean which ine of this addresses?
[spoiler]800043B8: 4182001C beq- 0x800043d4
800043BC: 54E4402E rlwinm r4,r7,8,0,23
800043C0: 54E3C00E rlwinm r3,r7,24,0,7
800043C4: 54E0801E rlwinm r0,r7,16,0,15
800043C8: 7CE42378 or r4,r7,r4
800043CC: 7C600378 or r0,r3,r0
800043D0: 7C870378 or r7,r4,r0
800043D4: 54A0D97F rlwinm. r0,r5,27,5,31
800043D8: 3866FFFD subi r3,r6,3
800043DC: 4182002C beq- 0x80004408
800043E0: 90E30004 stw r7,4(r3)
800043E4: 3400FFFF subic. r0,r0,1
800043E8: 90E30008 stw r7,8(r3)
800043EC: 90E3000C stw r7,12(r3)
800043F0: 90E30010 stw r7,16(r3)
800043F4: 90E30014 stw r7,20(r3)
800043F8: 90E30018 stw r7,24(r3)
800043FC: 90E3001C stw r7,28(r3)
80004400: 94E30020 stwu r7,32(r3)
80004404: 4082FFDC bne+ 0x800043e0
80004408: 54A0F77F rlwinm. r0,r5,30,29,31
8000440C: 41820010 beq- 0x8000441c
80004410: 3400FFFF subic. r0,r0,1
80004414: 94E30004 stwu r7,4(r3)
80004418: 4082FFF8 bne+ 0x80004410
8000441C: 38C30003 addi r6,r3,3
80004420: 54A507BE rlwinm r5,r5,0,30,31
80004424: 2C050000 cmpwi r5,0
80004428: 4D820020 beqlr-
8000442C: 34A5FFFF subic. r5,r5,1
80004430: 9CE60001 stbu r7,1(r6)
80004434: 4082FFF8 bne+ 0x8000442c
80004438: 4E800020 blr
8000443C: 9421FFF0 stwu r1,-16(r1)
80004440: 7C0802A6 mflr r0
80004444: 90010014 stw r0,20(r1)
80004448: 93E1000C stw r31,12(r1)
8000444C: 7C7F1B78 mr r31,r3
80004450: 4BFFFF39 bl 0x80004388
80004454: 7FE3FB78 mr r3,r31
80004458: 83E1000C lwz r31,12(r1)
8000445C: 80010014 lwz r0,20(r1)
80004460: 7C0803A6 mtlr r0
80004464: 38210010 addi r1,r1,16
80004468: 4E800020 blr
8000446C: 4D657472 .word 0x4d657472
80004470: 6F776572 xoris r23,r27,25970
80004474: 6B732054 xori r19,r27,8276
80004478: 61726765 ori r18,r11,26469
8000447C: 74205265 andis. r0,r1,21093
80004480: 73696465 andi. r9,r27,25701
80004484: 6E74204B xoris r20,r19,8267
80004488: 65726E65 oris r18,r11,28261
8000448C: 6C20666F xoris r0,r1,26223
80004490: 7220506F andi. r0,r17,20591
80004494: 77657250 andis. r5,r27,29264
80004498: 43000000 bdnz- 0x80004498
8000449C: 00000000 .word 0x00000000
800044A0: 00000000 .word 0x00000000
800044A4: 00000000 .word 0x00000000[/spoiler]
Sorry i don't understand what you mean.
When you set a breakpoint on this address "80E6A3E0", which one is the first instruction you will see of them?
[spoiler]800043B8: 4182001C beq- 0x800043d4
800043BC: 54E4402E rlwinm r4,r7,8,0,23
800043C0: 54E3C00E rlwinm r3,r7,24,0,7
800043C4: 54E0801E rlwinm r0,r7,16,0,15
800043C8: 7CE42378 or r4,r7,r4
800043CC: 7C600378 or r0,r3,r0
800043D0: 7C870378 or r7,r4,r0
800043D4: 54A0D97F rlwinm. r0,r5,27,5,31
800043D8: 3866FFFD subi r3,r6,3
800043DC: 4182002C beq- 0x80004408
800043E0: 90E30004 stw r7,4(r3)
800043E4: 3400FFFF subic. r0,r0,1
800043E8: 90E30008 stw r7,8(r3)
800043EC: 90E3000C stw r7,12(r3)
800043F0: 90E30010 stw r7,16(r3)
800043F4: 90E30014 stw r7,20(r3)
800043F8: 90E30018 stw r7,24(r3)
800043FC: 90E3001C stw r7,28(r3)
80004400: 94E30020 stwu r7,32(r3)
80004404: 4082FFDC bne+ 0x800043e0
80004408: 54A0F77F rlwinm. r0,r5,30,29,31
8000440C: 41820010 beq- 0x8000441c
80004410: 3400FFFF subic. r0,r0,1
80004414: 94E30004 stwu r7,4(r3)
80004418: 4082FFF8 bne+ 0x80004410
8000441C: 38C30003 addi r6,r3,3
80004420: 54A507BE rlwinm r5,r5,0,30,31
80004424: 2C050000 cmpwi r5,0
80004428: 4D820020 beqlr-
8000442C: 34A5FFFF subic. r5,r5,1
80004430: 9CE60001 stbu r7,1(r6)
80004434: 4082FFF8 bne+ 0x8000442c
80004438: 4E800020 blr
8000443C: 9421FFF0 stwu r1,-16(r1)
80004440: 7C0802A6 mflr r0
80004444: 90010014 stw r0,20(r1)
80004448: 93E1000C stw r31,12(r1)
8000444C: 7C7F1B78 mr r31,r3
80004450: 4BFFFF39 bl 0x80004388
80004454: 7FE3FB78 mr r3,r31
80004458: 83E1000C lwz r31,12(r1)
8000445C: 80010014 lwz r0,20(r1)
80004460: 7C0803A6 mtlr r0
80004464: 38210010 addi r1,r1,16
80004468: 4E800020 blr
8000446C: 4D657472 .word 0x4d657472
80004470: 6F776572 xoris r23,r27,25970
80004474: 6B732054 xori r19,r27,8276
80004478: 61726765 ori r18,r11,26469
8000447C: 74205265 andis. r0,r1,21093
80004480: 73696465 andi. r9,r27,25701
80004484: 6E74204B xoris r20,r19,8267
80004488: 65726E65 oris r18,r11,28261
8000448C: 6C20666F xoris r0,r1,26223
80004490: 7220506F andi. r0,r17,20591
80004494: 77657250 andis. r5,r27,29264
80004498: 43000000 bdnz- 0x80004498
8000449C: 00000000 .word 0x00000000
800044A0: 00000000 .word 0x00000000
800044A4: 00000000 .word 0x00000000[/spoiler]
I just did a new one
http://prntscr.com/2jnx1
Ok, your hook address is 80361104: 81290000 lwz r0,0 (r9)
If you want to write a new value you should use this:
stwu r1,-80(r1) # This is a ASM insturction which makes all registers (r14-r31) free.
stmw r14,8(r1) # makes all registers (r14-r31) free.
lis r14,0x0000 # write 16 bit value too r14 (0000)
ori r14,r14,0x0000 # write 16 bit value (0000, which is now 00000000, so a 32 bit value)
lwz r14,0 (r9) # load 32 bit value (r14) into r9 which is the address 80E6A3E0
lmw r14,8(r1) # makes all registers (r14-r31) free.
addi r1,r1,80 # makes all registers (r14-r31) free.
When you assembly the code, you will get this:
C2361104 00000004
9421FFB0 BDC10008
3DC0XXXX 61CEXXXX
81C90000 B9C10008
38210050 00000000
XXXX and XXXX is for your value.
It's like XXXXXXXX (32 bit). You can fill in what ever you want
Now i'm total confused how did you come to work all that out.
All what you need are free registers to write a new value. To do this, we need to find a free register. Sometimes a register which has the value 00000000 is free. For example r19 seems to be free on your picture.
Now we need the "Assembly instructions" to make a new "command".
To write a new value to r19 we should use the so called instruction "lis" and "ori"
What does lis do? Example:
lis r19,0x1000 # write 1000 to register 19
and now ori:
ori r19,r19,0x2222 # write 2222 to register 19
The new value on register 19 is now 10002222 (a 32 bit value)
So, now we just need to load the value from r19, into r9. To do this, we need a new instruction. It's called "lwz" (load word). The so called "word" means your 32 bit value (10002222).
lwz r19,0(r9) # load r19 (10002222) into r9 (80E6A3E0)
The full code would be:
lis r19,0x1000
ori r19,r19,0x2222
lwz r19,0(r9)
Now you just need to assembly it and you will get this:
C2361104 00000002
3E601000 62732222
82690000 00000000
3E601000 = lis r19,0x1000
62732222 = ori r19,r19,0x2222
82690000 = lwz r19,0(r9)
Thanks
I need sleep now but i'm going to check this out again.
Most of Deathwolf's last post is wrong.
00000000 does not mean free/safe. You can't touch the registers above r13 without using a stack frame.
Please try to use hex notation 0x for values that aren't addresses.
lis r19,0x1000 # put 0x10000000 in r19
ori r19,r19,0x2222 # bitwise or 0x2222 into r19
# r19 is now 0x10002222
And you have a uber fail with lwz. lwz will load a value from memory into a register.
lwz r19,0(r9) # r19 = [r9 + 0]; get the value at the address given by 0(r9) and put that value into r19
If you wanted to write a value from a register into memory, you would use stw.
stw r19,0(r9) # [r9 + 0] = r19
Finally, your most recent C2 code does not include the original instruction.
---
You can't specify 50000 in the assembler, it will complain because it expects signed decimal operands, so you have to or it in, which explains the oddly useless lis r12,0
lis r12,0
ori r12,r12,0xC350
stw r12,0(r9)
lwz r0,0(r9)
Using ASMWiiRD, the assembly will compile into this C2 code.
C2361104 00000003
3D800000 618CC350
91890000 80090000
60000000 00000000
---
EDIT: you can't always use r0, but in this case it will work. Note that I don't include the original instruction because r0 already has the correct value and the lwz is therefore unnecessary.
lis r0,0
ori r0,r0,0xC350
stw r0,0(r9)
C2361104 00000002
3C000000 6000C350
90090000 00000000
Quote from: Deathwolf on August 06, 2011, 02:23:35 PM
The full code would be:
lis r19,0x1000
ori r19,r19,0x2222
lwz r19,0(r9)
Quote from: Deathwolf on August 06, 2011, 02:23:35 PM
So, now we just need to load the value from r19, into r9. To do this, we need a new instruction. It's called "lwz" (load word). The so called "word" means your 32 bit value (10002222).
Quote from: Deathwolf on August 06, 2011, 02:23:35 PM
All what you need are free registers to write a new value. To do this, we need to find a free register. Sometimes a register which has the value 00000000 is free. For example r19 seems to be free on your picture.
xDDDDDDDDDDDDDDDD
back to being serious.
If our original instruction is
lwz r
X, Y (r
X)
we want to use the following template:
lis r12, 0xTTTT
ori r12, r12, 0xWWWW
stw r12, Y (rZ)
lwz rX, Y (rX)
but in that case we have
lwz r
X, Y (r
Z)
therefore we use
lis rX, 0xTTTT
ori rX, rX, 0xWWWW
stw rX, Y (rZ)
it´s the best possible way, pretty much what dcx2 already said :p
Quote00000000 does not mean free/safe. You can't touch the registers above r13 without using a stack frame.
Volderbeek,mdmwii used registers above r13 too without any stack frame. It works for me too when I use a register which is above r13 and has the value 00000000. It's not right that you HAVE to use everytime a stack frame if you want to use a register which is above r13.
Mario Bros. 99 lifes
C206066C 00000002
3DC00000 61CE0063
91C30000 00000000
lis r14,0x0000
ori r14,r14,0x0063
stw r14,0(r3)
r14 has the value 00000000
Mario Bros. 99 lifes
C206066C 00000002
3DC00000 61CE0063
91C30000 00000000
lis r15,0x0000
ori r15,r15,0x0063
stw r15,0(r3)
r15 has the value 00000000
Mario Bros. 99 lifes
C206066C 00000002
3E000000 62100063
92030000 00000000
lis r16,0x0000
ori r16,r16,0x0063
stw r16,0(r3)
r16 has the value 00000000
And ups, I'm using r19 which has the value 00000008
Mario Bros. 99 lifes
C206066C 00000002
3E600000 62730063
92630000 00000000
lis r19,0x0000
ori r19,r19,0x0063
stw r19,0(r3)
http://imageshack.us/photo/my-images/26/unbenanntsuvx.png/
Quote from: Deathwolf on August 06, 2011, 08:01:08 PM
Quote00000000 does not mean free/safe. You can't touch the registers above r13 without using a stack frame.
Volderbeek,mdmwii used registers above r13 too without any stack frame. It works for me too when I use a register which is above r13 and has the value 00000000. It's not right that you HAVE to use everytime a stack frame if you want to use a registers which is above r13.
the point is that it could crash when you use a register that has a value of 00000000 if it´s still used and just randomly zero.
Quote from: Bully@Wiiplaza on August 06, 2011, 08:12:52 PM
Quote from: Deathwolf on August 06, 2011, 08:01:08 PM
Quote00000000 does not mean free/safe. You can't touch the registers above r13 without using a stack frame.
Volderbeek,mdmwii used registers above r13 too without any stack frame. It works for me too when I use a register which is above r13 and has the value 00000000. It's not right that you HAVE to use everytime a stack frame if you want to use a registers which is above r13.
the point is that it could crash when you use a register that has a value of 00000000 if it´s still used and just randomly zero.
However, I mean, writting an wrong ASM code and using the stack frame could crash the game too :rolleyes:
Just try some registers out.
r14-31 are free, when using the stack frame :p
Yup, of course it's better to use a stack frame ^^
Quote from: Deathwolf on August 06, 2011, 08:01:08 PM
Quote00000000 does not mean free/safe. You can't touch the registers above r13 without using a stack frame.
Volderbeek,mdmwii used registers above r13 too without any stack frame. It works for me too when I use a register which is above r13 and has the value 00000000. It's not right that you HAVE to use everytime a stack frame if you want to use a registers which is above r13.
I suppose can't may be strong language. Shouldn't would be better.
It is true that
sometimes you can use non-volatile registers (r14-r31) without a stack frame. However, unless you know what you're doing, it might still fail. It might work, most of the time or even all of the time, but sooner or later such a strategy of using those registers without a stack frame will probably cause one of your codes to crash the game. Then you don't know if the problem is your code or an unsafe register.
0 does not mean free/safe. A register's safety in ASM is determined by the ASM instructions around it, not by its value. Sometimes registers with 0 will be safe, sometimes not. Sometimes registers with values in them will be safe, like r12 which almost always has a pointer in it, and yet 99.99% of the time it's safe to use without any consideration of the surrounding ASM.
See this post on the safety of registers. http://wiird.l0nk.org/forum/index.php/topic,6555.0.html