It's safe at this point, but for some reason, I can't lwz into r0. It seems like any other safe register is fine. I can just let it go and use the original code which uses r12 and r11, but iowanna. >.> There's no reason to use any other register. The original instruction was lha r0,880(r3), so you know it's safe.
[spoiler=Suicide (Bully@Wiiplaza)]CR:84200488 XER:00000000 CTR:00000000 DSIS:04000000
DAR:FFFF93DC SRR0:800028CC SRR1:0000B032 LR:80260E04
r0:80660000 r1:807AD670 r2:8079DAA0 r3:901B1F80
r4:00000000 r5:00000007 r6:901B20BB r7:00000000
r8:00000100 r9:8058B1A8 r10:00000002 r11:807AD6E0
r12:00000000 r13:80798E20 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:00000000 r22:00000000 r23:00000000
r24:00000000 r25:00000000 r26:00000000 r27:900E0670
r28:00000018 r29:901B2258 r30:901B1F80 r31:901B1F80
f0:FFC00000 f1:00000000 f2:00000000 f3:00000000
f4:00000000 f5:3F800000 f6:3B4CCCCD f7:3F800000
f8:00000000 f9:40000000 f10:3F800000 f11:BB088889
f12:3ACCCCCD f13:00000000 f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:00000000 f31:00000000
800028C0: C2331144 lfs f17,4420(r19)
800028C4: 00000005 .word 0x00000005
800028C8: 3C008066 lis r0,-32666
800028CC: A80093DC lha r0,-27684(r0) ##break
800028D0: 28003684 cmplwi r0,13956
800028D4: 40820010 bne- 0x800028e4
800028D8: 38000001 li r0,1
800028DC: B0030372 sth r0,882(r3)
800028E0: B0030404 sth r0,1028(r3)
800028E4: A8030370 lha r0,880(r3)
800028E8: 60000000 nop [/spoiler]
http://pds.twi.tudelft.nl/vakken/in101/labcourse/instruction-set/lwz.html
"EA is the sum (rA|0) + d". (EDIT: EA stands for Effective Address) The "rA|0" means "for r1-r31, use the contents of the register. For r0, use the value 0 instead of the contents of r0"
In light of this information, can you tell me why lha r0,-27684(r0) fails?
[spoiler=hint]Look at the DAR register in your dump[/spoiler]
:/ I should pay attention to that. I should go review to make sure I didn't miss anything... After that explanation, I could've told you without that hint. FFFF93DC isn't a valid address. But what is DAR? Wild guess says destination address register. I never look at those. I know what some of them are, but not all of them.
I worked around that with a different hook and was ready to ask why the new hook worked. But I don't have a lwa r0 in there anymore.
There is no lwa, because there's no need to sign extend a word on the Wii's PowerPC processor.
When a data breakpoint occurs, DAR will contain the effective address for the data breakpoint. For a "good" data breakpoint, you will see the address you broke on. This was also useful for spotting false positives, but now Gecko.NET will skip unaligned data breakpoints. For a "bad" data breakpoint (i.e. illegal address), you will see the illegal address which caused the crash.
Interesting. So I could replace it with a good address at this point? And fix the code before it gets ready to crash again.
I meant lha XD. My work around does lha r0, d(r28) instead. It had a nice number that was near the controllers.
Well, if it wasn't r0, you could change r0 so that the EA would be legal. As it stands, though, you can't change r0 to make the address legal.
However, if say r28 had 00000000 in it and caused a crash, then you could modify r28 to have a legit pointer and hit run to recover from the crash.
By the way, the whole r0 illegal address thing isn't 100% true. When running in Supervisor mode (i.e. you are inside an interrupt), addresses 00000000 - 01800000 are legal and match with 80000000 - 81800000. You can actually see this is the case in the debugger's breakpoint handler. It's also what makes relocating the code handler difficult.
hmm. Well I'm not ready for all that. I'll try to debug my next exception, but if it's too difficult, I'll just reset like always. >.<