I was working on an anti gravity hack for goldeneye.
The idea is to nop the write instruction that induces gravity to the player (x coordinate).
But there had been major problems...
The right instruction that subtracts heigh is:
800EF0E4: F0B500F8 psq_st f5,248(r21),0,0
and it executes for many other addresses (r21 keeps changing on XBP´s).
Once it´s nop´ed, it works, but the character suicides a few seconds later due to unknown reasons.
Inf. Health can´t block that weird death inducing effect either.
So I´m wondering how I can find a good hook to do anti gravity.
I didn´t save the register dump.
If anyone cares, I´m trying to hack Goldeneye PAL (Offline).
The address can easily be ported to NTSC-U by subtracting 70 by using a calculator. ;D
Here´s the function:
[spoiler]
800EED50: 9421FEA0 stwu r1,-352(r1)
800EED54: 7C0802A6 mflr r0
800EED58: 90010164 stw r0,356(r1)
800EED5C: 39610160 addi r11,r1,352
800EED60: 483AC865 bl 0x8049b5c4
800EED64: E06300BC psq_l f3,188(r3),0,0
800EED68: 7C7F1B78 mr r31,r3
800EED6C: E02300DC psq_l f1,220(r3),0,0
800EED70: E04300C4 psq_l f2,196(r3),0,0
800EED74: E00300E4 psq_l f0,228(r3),0,0
800EED78: 1023082A ps_add f1,f3,f1
800EED7C: 80830004 lwz r4,4(r3)
800EED80: 1002002A ps_add f0,f2,f0
800EED84: F02300BC psq_st f1,188(r3),0,0
800EED88: A0A30008 lhz r5,8(r3)
800EED8C: F00300C4 psq_st f0,196(r3),0,0
800EED90: 54A007FF rlwinm. r0,r5,0,31,31
800EED94: E08300CC psq_l f4,204(r3),0,0
800EED98: E04400F8 psq_l f2,248(r4),0,0
800EED9C: E0640100 psq_l f3,256(r4),0,0
800EEDA0: F0630054 psq_st f3,84(r3),0,0
800EEDA4: E0A300D4 psq_l f5,212(r3),0,0
800EEDA8: F043004C psq_st f2,76(r3),0,0
800EEDAC: E04400D8 psq_l f2,216(r4),0,0
800EEDB0: E06400E0 psq_l f3,224(r4),0,0
800EEDB4: F0630064 psq_st f3,100(r3),0,0
800EEDB8: F043005C psq_st f2,92(r3),0,0
800EEDBC: F023006C psq_st f1,108(r3),0,0
800EEDC0: F0030074 psq_st f0,116(r3),0,0
800EEDC4: F083007C psq_st f4,124(r3),0,0
800EEDC8: F0A30084 psq_st f5,132(r3),0,0
800EEDCC: 4082007C bne- 0x800eee48
800EEDD0: 54A407BD rlwinm. r4,r5,0,30,30
800EEDD4: 4082002C bne- 0x800eee00
800EEDD8: A003000A lhz r0,10(r3)
800EEDDC: 540007FF rlwinm. r0,r0,0,31,31
800EEDE0: 41820020 beq- 0x800eee00
800EEDE4: C023015C lfs f1,348(r3)
800EEDE8: C00298A8 lfs f0,-26456(r2)
800EEDEC: FC010040 fcmpo cr0,f1,f0
800EEDF0: 40800058 bge- 0x800eee48
800EEDF4: C00298C4 lfs f0,-26428(r2)
800EEDF8: D003015C stfs f0,348(r3)
800EEDFC: 4800004C b 0x800eee48
800EEE00: 2C040000 cmpwi r4,0
800EEE04: 40820024 bne- 0x800eee28
800EEE08: A00301F8 lhz r0,504(r3)
800EEE0C: 540007FF rlwinm. r0,r0,0,31,31
800EEE10: 41820018 beq- 0x800eee28
800EEE14: C023015C lfs f1,348(r3)
800EEE18: C00298A8 lfs f0,-26456(r2)
800EEE1C: FC010040 fcmpo cr0,f1,f0
800EEE20: 40800008 bge- 0x800eee28
800EEE24: D003015C stfs f0,348(r3)
800EEE28: C00D8EEC lfs f0,-28948(r13)
800EEE2C: C04D8ED8 lfs f2,-28968(r13)
800EEE30: C0230160 lfs f1,352(r3)
800EEE34: EC420032 fmuls f2,f2,f0
800EEE38: C003015C lfs f0,348(r3)
800EEE3C: EC2100B2 fmuls f1,f1,f2
800EEE40: EC000828 fsubs f0,f0,f1
800EEE44: D003015C stfs f0,348(r3)
800EEE48: C00D8EEC lfs f0,-28948(r13)
800EEE4C: C02D8ED8 lfs f1,-28968(r13)
800EEE50: A0030008 lhz r0,8(r3)
800EEE54: EC410032 fmuls f2,f1,f0
800EEE58: C023015C lfs f1,348(r3)
800EEE5C: C00300C0 lfs f0,192(r3)
800EEE60: 54000463 rlwinm. r0,r0,0,17,17
800EEE64: EC2100B2 fmuls f1,f1,f2
800EEE68: EC00082A fadds f0,f0,f1
800EEE6C: D00300C0 stfs f0,192(r3)
800EEE70: 40820164 bne- 0x800eefd4
800EEE74: 3863018C addi r3,r3,396
800EEE78: 481DE7C9 bl 0x802cd640
800EEE7C: C00298A8 lfs f0,-26456(r2)
800EEE80: FC010000 fcmpu cr0,f1,f0
800EEE84: 41820150 beq- 0x800eefd4
800EEE88: 387F018C addi r3,r31,396
800EEE8C: 481DE7B5 bl 0x802cd640
800EEE90: C00298C8 lfs f0,-26424(r2)
800EEE94: C07F00C0 lfs f3,192(r31)
800EEE98: C04298A8 lfs f2,-26456(r2)
800EEE9C: EC000072 fmuls f0,f0,f1
800EEEA0: FC031040 fcmpo cr0,f3,f2
800EEEA4: 408100BC ble- 0x800eef60
800EEEA8: C05F00BC lfs f2,188(r31)
800EEEAC: C03F00C4 lfs f1,196(r31)
800EEEB0: EC4200B2 fmuls f2,f2,f2
800EEEB4: C08298BC lfs f4,-26436(r2)
800EEEB8: EC210072 fmuls f1,f1,f1
800EEEBC: C06298CC lfs f3,-26420(r2)
800EEEC0: ECA42028 fsubs f5,f4,f4
800EEEC4: EC22082A fadds f1,f2,f1
800EEEC8: FC811840 fcmpo cr1,f1,f3
800EEECC: 40850020 ble- cr1,0x800eeeec
800EEED0: FCC00834 fsqrte f6,f1
800EEED4: EC44202A fadds f2,f4,f4
800EEED8: ECA601B2 fmuls f5,f6,f6
800EEEDC: EC660132 fmuls f3,f6,f4
800EEEE0: ECA1117C fnmsubs f5,f1,f5,f2
800EEEE4: EC4530FA fmadds f2,f5,f3,f6
800EEEE8: ECA20072 fmuls f5,f2,f1
800EEEEC: FC050040 fcmpo cr0,f5,f0
800EEEF0: 4C411382 cror 2,1,2
800EEEF4: 408200E0 bne- 0x800eefd4
800EEEF8: C11F00C0 lfs f8,192(r31)
800EEEFC: C02298A8 lfs f1,-26456(r2)
800EEF00: D03F00C0 stfs f1,192(r31)
800EEF04: C0C298BC lfs f6,-26436(r2)
800EEF08: E03F00BC psq_l f1,188(r31),0,0
800EEF0C: E05F00C4 psq_l f2,196(r31),0,0
800EEF10: ECE6302A fadds f7,f6,f6
800EEF14: 10610072 ps_mul f3,f1,f1
800EEF18: C08298D0 lfs f4,-26416(r2)
800EEF1C: 106218BA ps_madd f3,f2,f2,f3
800EEF20: 106318D4 ps_sum0 f3,f3,f3,f3
800EEF24: FC832040 fcmpo cr1,f3,f4
800EEF28: 40850020 ble- cr1,0x800eef48
800EEF2C: FC801834 fsqrte f4,f3
800EEF30: ECA40132 fmuls f5,f4,f4
800EEF34: ECC401B2 fmuls f6,f4,f6
800EEF38: EC63397C fnmsubs f3,f3,f5,f7
800EEF3C: EC6321BA fmadds f3,f3,f6,f4
800EEF40: 102100D8 ps_muls0 f1,f1,f3
800EEF44: 104200D8 ps_muls0 f2,f2,f3
800EEF48: 10210018 ps_muls0 f1,f1,f0
800EEF4C: 10020018 ps_muls0 f0,f2,f0
800EEF50: F03F00BC psq_st f1,188(r31),0,0
800EEF54: F01F00C4 psq_st f0,196(r31),0,0
800EEF58: D11F00C0 stfs f8,192(r31)
800EEF5C: 48000078 b 0x800eefd4
800EEF60: E09F00BC psq_l f4,188(r31),0,0
800EEF64: EC200032 fmuls f1,f0,f0
800EEF68: E07F80C4 psq_l f3,196(r31),1,0
800EEF6C: 10440132 ps_mul f2,f4,f4
800EEF70: 10421094 ps_sum0 f2,f2,f2,f2
800EEF74: 104310FA ps_madd f2,f3,f3,f2
800EEF78: FC020840 fcmpo cr0,f2,f1
800EEF7C: 4C411382 cror 2,1,2
800EEF80: 40820054 bne- 0x800eefd4
800EEF84: 10440132 ps_mul f2,f4,f4
800EEF88: E03F00C4 psq_l f1,196(r31),0,0
800EEF8C: C0C298BC lfs f6,-26436(r2)
800EEF90: C06298D0 lfs f3,-26416(r2)
800EEF94: 1041107A ps_madd f2,f1,f1,f2
800EEF98: ECE6302A fadds f7,f6,f6
800EEF9C: 10421094 ps_sum0 f2,f2,f2,f2
800EEFA0: FC821840 fcmpo cr1,f2,f3
800EEFA4: 40850020 ble- cr1,0x800eefc4
800EEFA8: FC601034 fsqrte f3,f2
800EEFAC: ECA300F2 fmuls f5,f3,f3
800EEFB0: ECC301B2 fmuls f6,f3,f6
800EEFB4: EC42397C fnmsubs f2,f2,f5,f7
800EEFB8: EC4219BA fmadds f2,f2,f6,f3
800EEFBC: 10840098 ps_muls0 f4,f4,f2
800EEFC0: 10210098 ps_muls0 f1,f1,f2
800EEFC4: 10440018 ps_muls0 f2,f4,f0
800EEFC8: 10010018 ps_muls0 f0,f1,f0
800EEFCC: F05F00BC psq_st f2,188(r31),0,0
800EEFD0: F01F00C4 psq_st f0,196(r31),0,0
800EEFD4: E05F00C4 psq_l f2,196(r31),0,0
800EEFD8: 386100D8 addi r3,r1,216
800EEFDC: E01F0114 psq_l f0,276(r31),0,0
800EEFE0: 3B6100C8 addi r27,r1,200
800EEFE4: E09F00BC psq_l f4,188(r31),0,0
800EEFE8: 388100B8 addi r4,r1,184
800EEFEC: 1022002A ps_add f1,f2,f0
800EEFF0: E07F010C psq_l f3,268(r31),0,0
800EEFF4: 1042002A ps_add f2,f2,f0
800EEFF8: C00298A8 lfs f0,-26456(r2)
800EEFFC: F0230008 psq_st f1,8(r3),0,0
800EF000: 1024182A ps_add f1,f4,f3
800EF004: F0230000 psq_st f1,0(r3),0,0
800EF008: 1064182A ps_add f3,f4,f3
800EF00C: 80C100E0 lwz r6,224(r1)
800EF010: 3B2100A8 addi r25,r1,168
800EF014: F0640000 psq_st f3,0(r4),0,0
800EF018: 3AE10088 addi r23,r1,136
800EF01C: 818100E4 lwz r12,228(r1)
800EF020: F0440008 psq_st f2,8(r4),0,0
800EF024: 3B010098 addi r24,r1,152
800EF028: 83A100D8 lwz r29,216(r1)
800EF02C: 39600000 li r11,0
800EF030: 90C100D0 stw r6,208(r1)
800EF034: 3B810108 addi r28,r1,264
800EF038: 83C100DC lwz r30,220(r1)
800EF03C: 3AC10068 addi r22,r1,104
800EF040: 918100D4 stw r12,212(r1)
800EF044: 38A10058 addi r5,r1,88
800EF048: 814100B8 lwz r10,184(r1)
800EF04C: 3B4100F8 addi r26,r1,248
800EF050: E03B0008 psq_l f1,8(r27),0,0
800EF054: 38610078 addi r3,r1,120
800EF058: F03F00B4 psq_st f1,180(r31),0,0
800EF05C: 388100E8 addi r4,r1,232
800EF060: 812100BC lwz r9,188(r1)
800EF064: 38E10018 addi r7,r1,24
800EF068: 810100C0 lwz r8,192(r1)
800EF06C: 38C10038 addi r6,r1,56
800EF070: 800100C4 lwz r0,196(r1)
800EF074: 93A100C8 stw r29,200(r1)
800EF078: 82BF0004 lwz r21,4(r31)
800EF07C: 93C100CC stw r30,204(r1)
800EF080: E05B0000 psq_l f2,0(r27),0,0
800EF084: F05F00AC psq_st f2,172(r31),0,0
800EF088: D01F00B8 stfs f0,184(r31)
800EF08C: 914100A8 stw r10,168(r1)
800EF090: E07500F8 psq_l f3,248(r21),0,0
800EF094: 912100AC stw r9,172(r1)
800EF098: E0B50100 psq_l f5,256(r21),0,0
800EF09C: E0990000 psq_l f4,0(r25),0,0
800EF0A0: 910100B0 stw r8,176(r1)
800EF0A4: 10C3202A ps_add f6,f3,f4
800EF0A8: 900100B4 stw r0,180(r1)
800EF0AC: E0790008 psq_l f3,8(r25),0,0
800EF0B0: F0D70000 psq_st f6,0(r23),0,0
800EF0B4: 10A5182A ps_add f5,f5,f3
800EF0B8: 81410088 lwz r10,136(r1)
800EF0BC: F0B70008 psq_st f5,8(r23),0,0
800EF0C0: 8121008C lwz r9,140(r1)
800EF0C4: 81010090 lwz r8,144(r1)
800EF0C8: 80010094 lwz r0,148(r1)
800EF0CC: 91410098 stw r10,152(r1)
800EF0D0: 9121009C stw r9,156(r1)
800EF0D4: E0B80000 psq_l f5,0(r24),0,0
800EF0D8: 910100A0 stw r8,160(r1)
800EF0DC: 900100A4 stw r0,164(r1)
800EF0E0: E0D80008 psq_l f6,8(r24),0,0
800EF0E4: F0B500F8 psq_st f5,248(r21),0,0 # Break
800EF0E8: F0D50100 psq_st f6,256(r21),0,0
800EF0EC: 9975008E stb r11,142(r21)
800EF0F0: E15F00CC psq_l f10,204(r31),0,0
800EF0F4: E0FF011C psq_l f7,284(r31),0,0
800EF0F8: E13F00D4 psq_l f9,212(r31),0,0
800EF0FC: 10EA382A ps_add f7,f10,f7
800EF100: E11F0124 psq_l f8,292(r31),0,0
800EF104: F05C0000 psq_st f2,0(r28),0,0
800EF108: 1049402A ps_add f2,f9,f8
800EF10C: 819F0004 lwz r12,4(r31)
800EF110: F0F60000 psq_st f7,0(r22),0,0
800EF114: F0560008 psq_st f2,8(r22),0,0
800EF118: 81410068 lwz r10,104(r1)
800EF11C: 8121006C lwz r9,108(r1)
800EF120: 81010070 lwz r8,112(r1)
800EF124: 80010074 lwz r0,116(r1)
800EF128: 91410058 stw r10,88(r1)
800EF12C: 9121005C stw r9,92(r1)
800EF130: E0E50000 psq_l f7,0(r5),0,0
800EF134: 91010060 stw r8,96(r1)
800EF138: 90010064 stw r0,100(r1)
800EF13C: E0450008 psq_l f2,8(r5),0,0
800EF140: F03C0008 psq_st f1,8(r28),0,0
800EF144: F09A0000 psq_st f4,0(r26),0,0
800EF148: F07A0008 psq_st f3,8(r26),0,0
800EF14C: F0A30000 psq_st f5,0(r3),0,0
800EF150: F0C30008 psq_st f6,8(r3),0,0
800EF154: F0E40000 psq_st f7,0(r4),0,0
800EF158: F0440008 psq_st f2,8(r4),0,0
800EF15C: E02C00D8 psq_l f1,216(r12),0,0
800EF160: 38610028 addi r3,r1,40
800EF164: E06C00E0 psq_l f3,224(r12),0,0
800EF168: 10800420 ps_merge00 f4,f0,f0
800EF16C: 1021382A ps_add f1,f1,f7
800EF170: 39210008 addi r9,r1,8
800EF174: 1043102A ps_add f2,f3,f2
800EF178: 39010048 addi r8,r1,72
800EF17C: F0230000 psq_st f1,0(r3),0,0
800EF180: 10600420 ps_merge00 f3,f0,f0
800EF184: F0430008 psq_st f2,8(r3),0,0
800EF188: 10A00420 ps_merge00 f5,f0,f0
800EF18C: 80A10028 lwz r5,40(r1)
800EF190: 10C00420 ps_merge00 f6,f0,f0
800EF194: 8081002C lwz r4,44(r1)
800EF198: 80610030 lwz r3,48(r1)
800EF19C: 80010034 lwz r0,52(r1)
800EF1A0: 90A10038 stw r5,56(r1)
800EF1A4: 9081003C stw r4,60(r1)
800EF1A8: E0260000 psq_l f1,0(r6),0,0
800EF1AC: 90610040 stw r3,64(r1)
800EF1B0: 90010044 stw r0,68(r1)
800EF1B4: E0460008 psq_l f2,8(r6),0,0
800EF1B8: F02C00D8 psq_st f1,216(r12),0,0
800EF1BC: F04C00E0 psq_st f2,224(r12),0,0
800EF1C0: 996C008E stb r11,142(r12)
800EF1C4: F09F00BC psq_st f4,188(r31),0,0
800EF1C8: 807F0004 lwz r3,4(r31)
800EF1CC: F09F00C4 psq_st f4,196(r31),0,0
800EF1D0: F07F00CC psq_st f3,204(r31),0,0
800EF1D4: F07F00D4 psq_st f3,212(r31),0,0
800EF1D8: F0BF00DC psq_st f5,220(r31),0,0
800EF1DC: F0BF00E4 psq_st f5,228(r31),0,0
800EF1E0: F0DF00FC psq_st f6,252(r31),0,0
800EF1E4: F0DF0104 psq_st f6,260(r31),0,0
800EF1E8: A003000C lhz r0,12(r3)
800EF1EC: F0270000 psq_st f1,0(r7),0,0
800EF1F0: 540004E7 rlwinm. r0,r0,0,19,19
800EF1F4: F0470008 psq_st f2,8(r7),0,0
800EF1F8: F0290000 psq_st f1,0(r9),0,0
800EF1FC: F0490008 psq_st f2,8(r9),0,0
800EF200: F0280000 psq_st f1,0(r8),0,0
800EF204: F0480008 psq_st f2,8(r8),0,0
800EF208: 40820010 bne- 0x800ef218
800EF20C: 10000420 ps_merge00 f0,f0,f0
800EF210: F01F009C psq_st f0,156(r31),0,0
800EF214: F01F00A4 psq_st f0,164(r31),0,0
800EF218: C00298A8 lfs f0,-26456(r2)
800EF21C: E07F013C psq_l f3,316(r31),0,0
800EF220: 10200420 ps_merge00 f1,f0,f0
800EF224: E09F0144 psq_l f4,324(r31),0,0
800EF228: 10400420 ps_merge00 f2,f0,f0
800EF22C: A01F000A lhz r0,10(r31)
800EF230: 10A00420 ps_merge00 f5,f0,f0
800EF234: F03F010C psq_st f1,268(r31),0,0
800EF238: F03F0114 psq_st f1,276(r31),0,0
800EF23C: 807F0004 lwz r3,4(r31)
800EF240: F05F011C psq_st f2,284(r31),0,0
800EF244: C0DF004C lfs f6,76(r31)
800EF248: F05F0124 psq_st f2,292(r31),0,0
800EF24C: C00298D4 lfs f0,-26412(r2)
800EF250: F07F012C psq_st f3,300(r31),0,0
800EF254: F09F0134 psq_st f4,308(r31),0,0
800EF258: F0BF013C psq_st f5,316(r31),0,0
800EF25C: F0BF0144 psq_st f5,324(r31),0,0
800EF260: B01F01F8 sth r0,504(r31)
800EF264: C02300F8 lfs f1,248(r3)
800EF268: EC213028 fsubs f1,f1,f6
800EF26C: FC200A10 fabs f1,f1
800EF270: FC010040 fcmpo cr0,f1,f0
800EF274: 40800054 bge- 0x800ef2c8
800EF278: C02300FC lfs f1,252(r3)
800EF27C: C05F0050 lfs f2,80(r31)
800EF280: EC211028 fsubs f1,f1,f2
800EF284: FC200A10 fabs f1,f1
800EF288: FC010040 fcmpo cr0,f1,f0
800EF28C: 4080003C bge- 0x800ef2c8
800EF290: C0230100 lfs f1,256(r3)
800EF294: C05F0054 lfs f2,84(r31)
800EF298: EC211028 fsubs f1,f1,f2
800EF29C: FC200A10 fabs f1,f1
800EF2A0: FC010040 fcmpo cr0,f1,f0
800EF2A4: 40800024 bge- 0x800ef2c8
800EF2A8: C0230104 lfs f1,260(r3)
800EF2AC: C05F0058 lfs f2,88(r31)
800EF2B0: EC211028 fsubs f1,f1,f2
800EF2B4: FC200A10 fabs f1,f1
800EF2B8: FC010040 fcmpo cr0,f1,f0
800EF2BC: 4080000C bge- 0x800ef2c8
800EF2C0: 38000000 li r0,0
800EF2C4: 48000008 b 0x800ef2cc
800EF2C8: 38000001 li r0,1
800EF2CC: 2C000000 cmpwi r0,0
800EF2D0: 4082007C bne- 0x800ef34c
800EF2D4: C02300D8 lfs f1,216(r3)
800EF2D8: C05F005C lfs f2,92(r31)
800EF2DC: C00298D4 lfs f0,-26412(r2)
800EF2E0: EC211028 fsubs f1,f1,f2
800EF2E4: FC200A10 fabs f1,f1
800EF2E8: FC010040 fcmpo cr0,f1,f0
800EF2EC: 40800054 bge- 0x800ef340
800EF2F0: C02300DC lfs f1,220(r3)
800EF2F4: C05F0060 lfs f2,96(r31)
800EF2F8: EC211028 fsubs f1,f1,f2
800EF2FC: FC200A10 fabs f1,f1
800EF300: FC010040 fcmpo cr0,f1,f0
800EF304: 4080003C bge- 0x800ef340
800EF308: C02300E0 lfs f1,224(r3)
800EF30C: C05F0064 lfs f2,100(r31)
800EF310: EC211028 fsubs f1,f1,f2
800EF314: FC200A10 fabs f1,f1
800EF318: FC010040 fcmpo cr0,f1,f0
800EF31C: 40800024 bge- 0x800ef340
800EF320: C02300E4 lfs f1,228(r3)
800EF324: C05F0068 lfs f2,104(r31)
800EF328: EC211028 fsubs f1,f1,f2
800EF32C: FC200A10 fabs f1,f1
800EF330: FC010040 fcmpo cr0,f1,f0
800EF334: 4080000C bge- 0x800ef340
800EF338: 38000000 li r0,0
800EF33C: 48000008 b 0x800ef344
800EF340: 38000001 li r0,1
800EF344: 2C000000 cmpwi r0,0
800EF348: 41820010 beq- 0x800ef358
800EF34C: 38000001 li r0,1
800EF350: 981F01FA stb r0,506(r31)
800EF354: 4800000C b 0x800ef360
800EF358: 38000000 li r0,0
800EF35C: 981F01FA stb r0,506(r31)
800EF360: 807F0184 lwz r3,388(r31)
800EF364: 38000000 li r0,0
800EF368: 981F01FD stb r0,509(r31)
800EF36C: 2C030000 cmpwi r3,0
800EF370: 4081000C ble- 0x800ef37c
800EF374: 3803FFFF subi r0,r3,1
800EF378: 901F0184 stw r0,388(r31)
800EF37C: 80BF0004 lwz r5,4(r31)
800EF380: 3C60805F lis r3,-32673
800EF384: 38810118 addi r4,r1,280
800EF388: C02D8EEC lfs f1,-28948(r13)
800EF38C: E00500F8 psq_l f0,248(r5),0,0
800EF390: 38634D4C addi r3,r3,19788
800EF394: E0450100 psq_l f2,256(r5),0,0
800EF398: C06D8ED8 lfs f3,-28968(r13)
800EF39C: F0040000 psq_st f0,0(r4),0,0
800EF3A0: EC630072 fmuls f3,f3,f1
800EF3A4: C02298D8 lfs f1,-26408(r2)
800EF3A8: F0440008 psq_st f2,8(r4),0,0
800EF3AC: C001011C lfs f0,284(r1)
800EF3B0: C05F015C lfs f2,348(r31)
800EF3B4: EC4200F2 fmuls f2,f2,f3
800EF3B8: EC211028 fsubs f1,f1,f2
800EF3BC: EC00082A fadds f0,f0,f1
800EF3C0: D001011C stfs f0,284(r1)
800EF3C4: 4823B91D bl 0x8032ace0
800EF3C8: 809F0004 lwz r4,4(r31)
800EF3CC: 5460843E rlwinm r0,r3,16,16,31
800EF3D0: 39610160 addi r11,r1,352
800EF3D4: 38600001 li r3,1
800EF3D8: B0040164 sth r0,356(r4)
800EF3DC: 483AC235 bl 0x8049b610
800EF3E0: 80010164 lwz r0,356(r1)
800EF3E4: 7C0803A6 mtlr r0
800EF3E8: 38210160 addi r1,r1,352
800EF3EC: 4E800020 blr [/spoiler]
Note:
I don´t expect that anyone on here is capable of/up for solving this.
It requires some definite skills I suppose...
No, this can be done by Modifing a 3F800000 float. I did something like this on Super Mario Galaxy 2 and black ops. No ASM need.
smg2 Gravity Mod [Deathwolf]
48000000 80E00DB4
DE000000 80008180
4A100000 0042F900
14000030 XXXXXXXX
E0000000 80008000
3F800000 = Default
Quote from: Deathwolf on November 05, 2011, 06:56:45 PM
No, this can be done by Modifing a 3F800000 float. I did something like this on Super Mario Galaxy 2 and black ops. No ASM need.
smg2 Gravity Mod [Deathwolf]
48000000 80E00DB4
DE000000 80008180
4A100000 0042F900
14000030 XXXXXXXX
E0000000 80008000
3F800000 = Default
...but not always. What if there´s no working float? Anyways, it´s like digging for a nail in a hay bale. :rolleyes:
My ASM nop method works for any game that has coordinates.
Bully, couldn't you just do something like this:
lis r0, 0x8000 # set address to whatever the coord address is
ori r0,r0, 0x0000 # second half of the address
cmpw r21,r0
beq- 0x8 # skip the write if it's the coord address
psq_st f5,248(r21),0,0 # otherwise, write the value
Quote from: matt123337 on November 06, 2011, 02:34:28 PM
Bully, couldn't you just do something like this:
lis r0, 0x8000 # set address to whatever the coord address is
ori r0,r0, 0x0000 # second half of the address
cmpw r21,r0
beq- 0x8 # skip the write if it's the coord address
psq_st f5,248(r21),0,0 # otherwise, write the value
no because the address changes on each level.
Would be easy, then... thanks for trying to help, though... :)
the coords must be part of player data, so there may be a player data pointer somewhere... try to find that, and then calculate the offset to it,then do what I said above.
Quote from: matt123337 on November 06, 2011, 07:05:21 PM
the coords must be part of player data, so there may be a player data pointer somewhere... try to find that, and then calculate the offset to it,then do what I said above.
cool, sounds like we´re getting closer!
Here´s a (working) player pointer:
[(0x806fe9d8+64)]
[spoiler]
Address: 800EF0E4
lis r12, 0x806F # load pointer address into r12
ori r12, r12, 0xE9D8 # second part
lwz r12, 0 (r12) # load pointer value into r12
subi r12, r12, 0x94 # add pointer offset; substract instruction offset
cmpw r12, r21 # do they match?
beq- _END # if yes, do anti gravity
psq_st f5,248(r21),0,0 # default instruction
_END:[/spoiler]It doesn´t seem to work this way...
So you're 100% sure that 0x806fe9d8+64 always points to player data? if so, the ASM you posted should work...
Quote from: matt123337 on November 06, 2011, 09:24:28 PM
So you're 100% sure that 0x806fe9d8+64 always points to player data? if so, the ASM you posted should work...
EDIT:
It was a bad pointer.
[(0x806eb718+fc)] -> this one works
And luckily, I don´t need to add or sub anything since the offsets are the same.
lis r12,-32658
ori r12,r12,46872
lwz r12,0(r12)
cmpw r12,r21
beq- 0x08
psq_st f5,248(r21),0,0
nop
Anti Gravity -PAL-
C20EF0E4 00000004
3D80806E 618CB718
818C0000 7C0CA800
41820008 F0B500F8
60000000 00000000Thx Matt ;D
No problem :D
I think you already figured this out, but for future reference, I ran into the same problem developing my F-Zero GX Stereo 3D code: the correct hook affected lots of variables, and there wasn't a stable pointer. What I did was I found another R/W BP on the address that you're trying to modify, which only affected that single address. I then hooked it to write a pointer to a Gecko Register; then I made my desired hook compare the address it was operating on to that GR's value. So basically I used one hook to find a pointer, and another hook to intercept the write to the variable.
I noticed that you needed a player pointer above...is that the same as a player object location in mem? and if so how could I find the address using gecko.net?
Quote from: berserker on November 21, 2011, 10:27:36 PM
I noticed that you needed a player pointer above...is that the same as a player object location in mem? and if so how could I find the address using gecko.net?
The pointer actually points to the player object (I assume that the coords are first part of the objct, if not they it's likely that the pointer just points to the coords), and if you would like t find the player object, try to find some sorta data in it, like health or coords. THen just find a pointer with a low-ish number.
Thanks, ill give it a go..;)