Text only | Text with Images

WiiRd forum

Wii & Gamecube Hacking => Wii Game hacking help => Topic started by: Crapulecorp on December 09, 2011, 02:30:00 PM

Title: I Need Help On ASM
Post by: Crapulecorp on December 09, 2011, 02:30:00 PM
Hi everyone i try to make a unlimited Health Code for The Lord of the Rings: Aragorn's Quest [R8JPWR].

But when i Nop or copy the Instruction of the Ntsc version (Anarion), it affects the enemy too.

- The health adress :

800F46B8 D01F0008 stfs f0,8(r31)

- The Ntsc Usa Instructions [Anarion] :

[spoiler]lis r0,17744
nop
stfs f0,8(r31)
lfs f0,8(r31)
nop[/spoiler]


- My Pal breakpoint tab :

[spoiler]  CR:24202488  XER:00000000  CTR:800671BC DSIS:02400000
DAR:81559DD0 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000000   r1:8069EDB0   r2:80662DC0   r3:00000BB8
  r4:80A09DB0   r5:0000001F   r6:00000003   r7:00000001
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE00
r12:800671BC  r13:80659220  r14:8069F1C8  r15:81530E18
r16:81559D40  r17:815307E0  r18:00000001  r19:8069EE18
r20:8069F190  r21:8069F180  r22:815307E0  r23:00000000
r24:00000001  r25:8069F190  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:81559DC8

  f0:44B71800   f1:00000000   f2:44B71800   f3:00000000
  f4:3E4CCCCD   f5:3E4CCCCD   f6:3D638E39   f7:BFD80DEC
  f8:C35F4E3C   f9:42541E45  f10:C466B5E8  f11:3FD0591E
f12:C2E3BCFD  f13:80000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BF060A96  f27:3F060A96
f28:43160000  f29:3F800000  f30:44B71800  f31:44CE1000

800F4690:  9061000C   stw   r3,12(r1)
800F4694:  881F000D   lbz   r0,13(r31)
800F4698:  C8010008   lfd   f0,8(r1)
800F469C:  C0229690   lfs   f1,-26992(r2)
800F46A0:  2C000000   cmpwi   r0,0
800F46A4:  EC001028   fsubs   f0,f0,f2
800F46A8:  EC40F028   fsubs   f2,f0,f30
800F46AC:  FC0207AE   fsel   f0,f2,f30,f0
800F46B0:  EC400828   fsubs   f2,f0,f1
800F46B4:  FC02082E   fsel   f0,f2,f0,f1
800F46B8:  D01F0008   stfs   f0,8(r31) the adress of the Heatlh
800F46BC:  41820024   beq-   0x800f46e0
800F46C0:  FC000018   frsp   f0,f0
800F46C4:  FC000840   fcmpo   cr0,f0,f1
800F46C8:  4C401382   cror   2,0,2
800F46CC:  40820014   bne-   0x800f46e0
800F46D0:  C002968C   lfs   f0,-26996(r2)
800F46D4:  FC20F850   fneg   f1,f31
800F46D8:  D01F0008   stfs   f0,8(r31)
800F46DC:  4800000C   b   0x800f46e8
800F46E0:  C01F0008   lfs   f0,8(r31)
800F46E4:  EC20F828   fsubs   f1,f0,f31
800F46E8:  80010044   lwz   r0,68(r1)
800F46EC:  E3E10038   psq_l   f31,56(r1),0,0
800F46F0:  CBE10030   lfd   f31,48(r1)
800F46F4:  E3C10028   psq_l   f30,40(r1),0,0
800F46F8:  CBC10020   lfd   f30,32(r1)
800F46FC:  83E1001C   lwz   r31,28(r1)
800F4700:  7C0803A6   mtlr   r0
800F4704:  38210040   addi   r1,r1,64
800F4708:  4E800020   blr   
800F470C:  2C040000   cmpwi   r4,0
800F4710:  41820010   beq-   0x800f4720
800F4714:  38000001   li   r0,1
800F4718:  9803000D   stb   r0,13(r3)
800F471C:  4E800020   blr   
800F4720:  C022968C   lfs   f1,-26996(r2)
800F4724:  38000000   li   r0,0
800F4728:  C0030008   lfs   f0,8(r3)
800F472C:  9803000D   stb   r0,13(r3)
800F4730:  FC010000   fcmpu   cr0,f1,f0
800F4734:  4C820020   bnelr-   
800F4738:  81830000   lwz   r12,0(r3)
800F473C:  818C0088   lwz   r12,136(r12)
800F4740:  7D8903A6   mtctr   r12
800F4744:  4E800420   bctr   
800F4748:  4E800020   blr   
800F474C:  38630018   addi   r3,r3,24
800F4750:  4BF63904   b   0x80058054
800F4754:  9421FFF0   stwu   r1,-16(r1)
800F4758:  7C0802A6   mflr   r0
800F475C:  2C050000   cmpwi   r5,0
800F4760:  90010014   stw   r0,20(r1)
800F4764:  93E1000C   stw   r31,12(r1)
800F4768:  7C9F2378   mr   r31,r4
800F476C:  41820038   beq-   0x800f47a4
800F4770:  2C040000   cmpwi   r4,0
800F4774:  41820030   beq-   0x800f47a4
800F4778:  2C060000   cmpwi   r6,0
800F477C:  40820008   bne-   0x800f4784[/spoiler]

So if anyone can help me it would be nice. :) :) :)
Thanks in advance.
Title: Re: I Need Help On ASM
Post by: matt123337 on December 09, 2011, 03:03:22 PM
try getting the breakpoint to go off when the enemy hp changes, and post the BP data, and do the same for player HP
Title: Re: I Need Help On ASM
Post by: Bully@Wiiplaza on December 09, 2011, 06:50:52 PM
keep executing breakpoints and stare at your source/destination register...
when does it change? Which other registers change with it?
Is there another register that tells if the instruction is executing for a player controlled person or not?
Spot it and use a cmpwi compare to prevent "false" nop´s.

The following hack simply executes nop instead of your stfs, if rX has value 0xY.

Hook: 800F46B8

cmpwi rX, 0xY
beq- _END
stfs f0,8(r31)
_END:
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 09, 2011, 07:42:40 PM
Thanks both of you matt123337 and Bully@Wiiplaza for helping me.

ASM is really hard for me to understand . And the language barrier don't help me too.

I really don't understand what you told me to do. Don't take it personaly it's me the dummy.

dcx2 helped me in the past for Virtua Tennis 4 [SV4P8P], i had the same problem.

So I did what he told me to do last time :

On the Disassembler tab i did for 800F46B8 D01F0008 stfs f0,8(r31) a copy fonction.

[spoiler]800F462C:  9421FFC0   stwu   r1,-64(r1)
800F462C:  9421FFC0   stwu   r1,-64(r1)
800F4630:  7C0802A6   mflr   r0
800F4634:  FC400A10   fabs   f2,f1
800F4638:  C00296A8   lfs   f0,-26968(r2)
800F463C:  90010044   stw   r0,68(r1)
800F4640:  DBE10030   stfd   f31,48(r1)
800F4644:  FC020040   fcmpo   cr0,f2,f0
800F4648:  F3E10038   psq_st   f31,56(r1),0,0
800F464C:  DBC10020   stfd   f30,32(r1)
800F4650:  F3C10028   psq_st   f30,40(r1),0,0
800F4654:  93E1001C   stw   r31,28(r1)
800F4658:  7C7F1B78   mr   r31,r3
800F465C:  4080000C   bge-   0x800f4668
800F4660:  C0229690   lfs   f1,-26992(r2)
800F4664:  48000084   b   0x800f46e8
800F4668:  81830000   lwz   r12,0(r3)
800F466C:  C3E30008   lfs   f31,8(r3)
800F4670:  818C0014   lwz   r12,20(r12)
800F4674:  EFDF082A   fadds   f30,f31,f1
800F4678:  7D8903A6   mtctr   r12
800F467C:  4E800421   bctrl   
800F4680:  5463043E   rlwinm   r3,r3,0,16,31
800F4684:  3C004330   lis   r0,17200
800F4688:  90010008   stw   r0,8(r1)
800F468C:  C84296A0   lfd   f2,-26976(r2)
800F4690:  9061000C   stw   r3,12(r1)
800F4694:  881F000D   lbz   r0,13(r31)
800F4698:  C8010008   lfd   f0,8(r1)
800F469C:  C0229690   lfs   f1,-26992(r2)
800F46A0:  2C000000   cmpwi   r0,0
800F46A4:  EC001028   fsubs   f0,f0,f2
800F46A8:  EC40F028   fsubs   f2,f0,f30
800F46AC:  FC0207AE   fsel   f0,f2,f30,f0
800F46B0:  EC400828   fsubs   f2,f0,f1
800F46B4:  FC02082E   fsel   f0,f2,f0,f1
800F46B8:  D01F0008   stfs   f0,8(r31)
800F46BC:  41820024   beq-   0x800f46e0
800F46C0:  FC000018   frsp   f0,f0
800F46C4:  FC000840   fcmpo   cr0,f0,f1
800F46C8:  4C401382   cror   2,0,2
800F46CC:  40820014   bne-   0x800f46e0
800F46D0:  C002968C   lfs   f0,-26996(r2)
800F46D4:  FC20F850   fneg   f1,f31
800F46D8:  D01F0008   stfs   f0,8(r31)
800F46DC:  4800000C   b   0x800f46e8
800F46E0:  C01F0008   lfs   f0,8(r31)
800F46E4:  EC20F828   fsubs   f1,f0,f31
800F46E8:  80010044   lwz   r0,68(r1)
800F46EC:  E3E10038   psq_l   f31,56(r1),0,0
800F46F0:  CBE10030   lfd   f31,48(r1)
800F46F4:  E3C10028   psq_l   f30,40(r1),0,0
800F46F8:  CBC10020   lfd   f30,32(r1)
800F46FC:  83E1001C   lwz   r31,28(r1)
800F4700:  7C0803A6   mtlr   r0
800F4704:  38210040   addi   r1,r1,64
800F4708:  4E800020   blr[/spoiler]

Next in the breakpoint tab (Steps logs on) execute breakpoint for 800F46B8 and a lot of set.

[spoiler]800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2777   r31 = 814E88C4   [814E88CC] = 450E5000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2777   r31 = 814E88C4   [814E88CC] = 44B8A000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2777   r31 = 814E88C4   [814E88CC] = 429A0000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2777   r31 = 814E88C4   [814E88CC] = 3F800000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2777   r31 = 814E88C4   [814E88CC] = 453B8000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2850   r31 = 814E88C4   [814E88CC] = 453B8000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2550   r31 = 814E88C4   [814E88CC] = 4528C000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1150   r31 = 814B63C8   [814B63D0] = 44BB8000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1149   r31 = 814B63C8   [814B63D0] = 448FC000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1148   r31 = 814B63C8   [814B63D0] = 448FA000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2050   r31 = 814E88C4   [814E88CC] = 45098000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1700   r31 = 814E88C4   [814E88CC] = 44ED8000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 147   r31 = 814B63C8   [814B63D0] = 448F6000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1450   r31 = 814E88C4   [814E88CC] = 44D48000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 398   r31 = 814B0A68   [814B0A70] = 43C78000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 48   r31 = 814B0A68   [814B0A70] = 43C70000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1200   r31 = 814E88C4   [814E88CC] = 44B54000[/spoiler]

r31 = 814E88C4   [814E88CC] it's when i'm hit.

After that i don't know what to do.
Title: Re: I Need Help On ASM
Post by: dcx2 on December 09, 2011, 10:26:38 PM
Hi Crapulecorp.  You are not dummy.  Most people do not know hex.  You are smarter than most people!   ;D

---

Execute BP on 800F46B8.  When player is hit, these are the registers.

[spoiler=registers for player]  CR:24202488  XER:00000000  CTR:800671BC DSIS:02400000
DAR:81559DD0 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000000   r1:8069EDB0   r2:80662DC0   r3:00000BB8
  r4:80A09DB0   r5:0000001F   r6:00000003   r7:00000001
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE00
r12:800671BC  r13:80659220  r14:8069F1C8  r15:81530E18
r16:81559D40  r17:815307E0  r18:00000001  r19:8069EE18
r20:8069F190  r21:8069F180  r22:815307E0  r23:00000000
r24:00000001  r25:8069F190  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:81559DC8

  f0:44B71800   f1:00000000   f2:44B71800   f3:00000000
  f4:3E4CCCCD   f5:3E4CCCCD   f6:3D638E39   f7:BFD80DEC
  f8:C35F4E3C   f9:42541E45  f10:C466B5E8  f11:3FD0591E
f12:C2E3BCFD  f13:80000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BF060A96  f27:3F060A96
f28:43160000  f29:3F800000  f30:44B71800  f31:44CE1000[/spoiler]

Execute BP Log on 800F46B8 (removing duplicates)

[spoiler]
800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 147   r31 = 814B63C8   [814B63D0] = 448F6000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1450   r31 = 814E88C4   [814E88CC] = 44D48000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 398   r31 = 814B0A68   [814B0A70] = 43C78000
[/spoiler]

This ASM affects at least three characters.  r31 register contains the pointer to the character.

8(r31) is like [r31 + 8] like the code-type doc.  But we need some other way to know which character is the player.  The other registers (r0, r1, r2, r3, ... r30) may contain other clues.

TODO: Execute BP on 800F463C:  90010044   stw   r0,68(r1) (this address is different!; trust me it might have an extra clue).  Then hit an enemy once (if they hit you first, set another BP).  Then post those registers.  Just like my first spoiler; you do not need to post disassembly.

TODO: Execute BP 800F463C, Hit a different enemy.  Post those registers too. (Bully made a good point about this)

TODO: Execute BP 800F463C, let enemy hit player.

We will look at the difference between player registers and enemy registers.

---

There are more tricks.  But we should do one step at a time.
Title: Re: I Need Help On ASM
Post by: Bully@Wiiplaza on December 09, 2011, 10:30:40 PM
Quote from: dcx2 on December 09, 2011, 10:26:38 PM
Now, Execute BP on 800F46B8 again.  Then hit an enemy.  Then post those registers.

Then, we will look at the difference between player registers and enemy registers.
would be helpful to post multiple player + enemy register dumps to be sure that the suspected register really is a reliable one.
That´s probably the only thing you need to do. It´s not always easy to spot, though...
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 10, 2011, 01:02:36 PM
Hi dcx2 thanks a lot for helping me again. :) :) :)

So here are the registers :

- For 800F46B8 Player is hit :

[spoiler]CR:44202488  XER:00000000  CTR:800671BC DSIS:00000000
DAR:00000000 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000001   r1:8069EDB0   r2:80662DC0   r3:00000BB8
  r4:809EADB0   r5:00000040   r6:00000003   r7:00000001
  r8:00000006   r9:9054EF84  r10:805A6B7C  r11:8069EE00
r12:800671BC  r13:80659220  r14:8069F1C8  r15:814B5798
r16:814E883C  r17:814B5160  r18:00000001  r19:8069EE18
r20:8069F190  r21:8069F180  r22:814B5160  r23:00000006
r24:00000001  r25:8069F190  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:814E88C4

  f0:451F6000   f1:00000000   f2:451F6000   f3:00000000
  f4:3E4CCCCD   f5:3E4CCCCD   f6:3CB60B61   f7:3F93C906
  f8:C379D67C   f9:424AF13B  f10:C322C4B0  f11:3FB41121
f12:431CCD1D  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BF490FD8  f27:3F490FD8
f28:42F00000  f29:3F800000  f30:451F6000  f31:4528C000[/spoiler]

- For 800F46B8 Enemy is hit

[spoiler]CR:24202488  XER:00000000  CTR:800671BC DSIS:00000000
DAR:00000000 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000000   r1:8069EDC0   r2:80662DC0   r3:000000C8
  r4:00000000   r5:00000040   r6:00000003   r7:00000001
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE10
r12:800671BC  r13:80659220  r14:8069F1D8  r15:814E8E74
r16:814C1600  r17:814E883C  r18:0000000D  r19:8069EE28
r20:8069F1A0  r21:8069F190  r22:814E883C  r23:00000000
r24:0000000D  r25:8069F1A0  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:814C1688

  f0:00000000   f1:00000000   f2:C3160000   f3:00000000
  f4:3FB3CC00   f5:3F000000   f6:BFBBD962   f7:C2D8D25B
  f8:BF3BFAB4   f9:C31ED5AD  f10:C382E167  f11:00000000
f12:42EA8967  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BDB2B884  f27:3DB2B884
f28:43AF0000  f29:3F800000  f30:C3160000  f31:43480000[/spoiler]

- For 800F46B8 A Different Enemy is hit :

[spoiler]CR:24202488  XER:00000000  CTR:800671BC DSIS:00000000
DAR:00000000 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000000   r1:8069EDC0   r2:80662DC0   r3:000005DC
  r4:00000000   r5:00000040   r6:00000003   r7:00000001
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE10
r12:800671BC  r13:80659220  r14:8069F1D8  r15:814E8E74
r16:814B5160  r17:814E883C  r18:0000000D  r19:8069EE28
r20:8069F1A0  r21:8069F190  r22:814E883C  r23:00000000
r24:0000000D  r25:8069F1A0  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:814B51E8

  f0:43C80000   f1:00000000   f2:43C80000   f3:00000000
  f4:3F000000   f5:3F7FFFFF   f6:BD684EAE   f7:BFF5689B
  f8:C3858DF2   f9:C385A68D  f10:C3886C20  f11:408F931F
f12:C2F81F3D  f13:80000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BDB2B884  f27:3DB2B884
f28:43AF0000  f29:3F800000  f30:43C80000  f31:443B8000[/spoiler]

- For 800F46B8 Step logs :

[spoiler]800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2550   r31 = 814E88C4   [814E88CC] = 4528C000 Player is hit

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 2150   r31 = 814E88C4   [814E88CC] = 45160000

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 0   r31 = 814C1688   [814C1690] = 43480000 Enemy is hit

800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 1250   r31 = 814B51E8   [814B51F0] = 44BB8000 A Different enemy is hit[/spoiler]

                                        --------------------------------------------------------------------------------------------------------------------------------------

- For 800F463C Big Spider is hit :

[spoiler] CR:24202488  XER:00000000  CTR:802B8E8C DSIS:00000000
DAR:00000000 SRR0:800F463C SRR1:0000B032   LR:802B7800
  r0:802B7800   r1:8069EDC0   r2:80662DC0   r3:814B2E28
  r4:00000000   r5:00000040   r6:00000003   r7:00000001
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE10
r12:802B8E8C  r13:80659220  r14:00000000  r15:814E8E74
r16:814B2DA0  r17:814E883C  r18:0000000D  r19:8069EE28
r20:8069F1A0  r21:8069F190  r22:814E883C  r23:00000000
r24:0000000D  r25:8069F1A0  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:814B2DA0

  f0:38D1B717   f1:C3AF0000   f2:43AF0000   f3:00000000
  f4:3F000000   f5:3F7FFFFF   f6:3DC0C034   f7:3E0D6027
  f8:C2EE5E04   f9:C2EDDE37  f10:C2ED8A7A  f11:408F931F
f12:431FCF3D  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BDB2B884  f27:3DB2B884
f28:43AF0000  f29:3F800000  f30:43AF0000  f31:43AF0000
[/spoiler]


- For 800F463C Big Spider hits player :

[spoiler]CR:24202488  XER:00000000  CTR:802B8E8C DSIS:00000000
DAR:00000000 SRR0:800F463C SRR1:0000B032   LR:802B7800
  r0:802B7800   r1:8069EDB0   r2:80662DC0   r3:814E88C4
  r4:809EADB0   r5:00000040   r6:00000003   r7:00000001
  r8:00000006   r9:9054EF84  r10:805A6B7C  r11:8069EE00
r12:802B8E8C  r13:80659220  r14:8069F1C8  r15:814B33D8
r16:814E883C  r17:814B2DA0  r18:00000001  r19:8069EE18
r20:8069F190  r21:8069F180  r22:814B2DA0  r23:00000006
r24:00000001  r25:8069F190  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:814E883C

  f0:38D1B717   f1:C3160000   f2:43160000   f3:00000000
  f4:3E4CCCCD   f5:3E4CCCCD   f6:3CB60B61   f7:3FCD022C
  f8:C2F4256E   f9:424815D6  f10:C31DCB4E  f11:3FB41121
f12:4210B5DA  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BF490FD8  f27:3F490FD8
f28:42F00000  f29:3F800000  f30:43160000  f31:42F00000[/spoiler]

- For 800F463C a Ghost Warrior is hit :

[spoiler]CR:24202488  XER:00000000  CTR:802B8E8C DSIS:00000000
DAR:00000000 SRR0:800F463C SRR1:0000B032   LR:802B7800
  r0:802B7800   r1:8069EDC0   r2:80662DC0   r3:814AF888
  r4:00000000   r5:00000040   r6:00000003   r7:00000001
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE10
r12:802B8E8C  r13:80659220  r14:8069F1D8  r15:814E8E74
r16:814AF800  r17:814E883C  r18:0000000D  r19:8069EE28
r20:8069F1A0  r21:8069F190  r22:814E883C  r23:00000000
r24:0000000D  r25:8069F1A0  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:814AF800

  f0:38D1B717   f1:C37A0000   f2:437A0000   f3:00000000
  f4:3F000000   f5:3F7FFFFF   f6:3E0BD804   f7:40128E03
  f8:C2E0900A   f9:424A9B44  f10:C3216663  f11:3FF83761
f12:C2D030A9  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BE860A85  f27:3E860A85
f28:437A0000  f29:3F800000  f30:437A0000  f31:437A0000[/spoiler]

- For 800F463C a Ghost Warrior hits player :

[spoiler] CR:24202488  XER:00000000  CTR:802B8E8C DSIS:00000000
DAR:00000000 SRR0:800F463C SRR1:0000B032   LR:802B7800
  r0:802B7800   r1:8069EDB0   r2:80662DC0   r3:814E88C4
  r4:809EADB0   r5:00000040   r6:00000003   r7:00000001
  r8:00000001   r9:9054EF84  r10:805A6B7C  r11:8069EE00
r12:802B8E8C  r13:80659220  r14:8069F1C8  r15:814AFE38
r16:814E883C  r17:814AF800  r18:00000001  r19:8069EE18
r20:8069F190  r21:8069F180  r22:814AF800  r23:00000001
r24:00000001  r25:8069F190  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:814E883C

  f0:38D1B717   f1:C3160000   f2:43160000   f3:00000000
  f4:3E4CCCCD   f5:3E4CCCCD   f6:3CB60B61   f7:C02A308A
  f8:C2DF2FC3   f9:424B0000  f10:C31D1213  f11:3FB41121
f12:C2EC3502  f13:80000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BF060A96  f27:3F060A96[/spoiler]


- For 800F463C Step logs :

[spoiler]800F463C:  90010044   stw   r0,68(r1)   r0 = 802B7800   r1 = 8069EDB0   [8069EDF4] = 814EABFC  Player is hit
800F463C:  90010044   stw   r0,68(r1)   r0 = 802B7800   r1 = 8069EDC0   [8069EE04] = 00000000  Enemy is hit

800F463C:  90010044   stw   r0,68(r1)   r0 = 802B7800   r1 = 8069EDC0   [8069EE04] = 00000000

800F463C:  90010044   stw   r0,68(r1)   r0 = 802B7800   r1 = 8069EDB0   [8069EDF4] = 00000000

800F463C:  90010044   stw   r0,68(r1)   r0 = 802B7800   r1 = 8069EDC0   [8069EE04] = 00000000

800F463C:  90010044   stw   r0,68(r1)   r0 = 802B7800   r1 = 8069EDB0   [8069EDF4] = 00000000[/spoiler]
Title: Re: I Need Help On ASM
Post by: Bully@Wiiplaza on December 10, 2011, 01:49:15 PM
There we go.
Notice how r24 is 00000001 if the player is hit, but 0000000D if an enemy is hit.

Player is Invincible
C20F46B8 00000002
2C180001 41820008
D01F0008 00000000
[spoiler]cmpwi r24, 0x1
beq- _END
stfs f0,8(r31)
_END:[/spoiler]
Enemies are Invincible
C20F46B8 00000002
2C18000D 41820008
D01F0008 00000000
[spoiler]cmpwi r24, 0xD
beq- _END
stfs f0,8(r31)
_END:[/spoiler]
Everyone is Invincible
040F46B8 60000000

It´s as easy as it looks like.
Spot a reliable register for the compare to ensure that only specific people are affected.
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 14, 2011, 02:28:36 PM
Thanks a lot Bully@Wiiplaza for your help. :) :)

The code is working like a charm (I have the unlimited health for the hobbit and aragorn form) but the enemy too.
:'( :'( :'(
Title: Re: I Need Help On ASM
Post by: dcx2 on December 14, 2011, 05:42:19 PM
If other enemies are invincible, you should set another breakpoint on 800F46B8.  Then, copy the registers for when invincible enemy is hit.

---

It looks like r8 == 0 when enemy is hit, and r8 != 0 when player is hit.  You could try this ASM to make player invincible.

cmpwi r8, 0x0
bne- _END
stfs f0,8(r31)
_END:

---

Some games also use the "damage" ASM as "healing" ASM.  So the code might make it impossible to heal.  We may want to rewrite this so it writes max health for player, instead of branching over stfs for player.  Then, you could also write 0 health for enemy, and you will have one-hit kills!
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 14, 2011, 09:05:42 PM
Hi dcx2.

So i execute breakpoint on 800F46B8 when invincible enemy is hit :

[spoiler] So when
C20F46B8 00000002
2C180001 41820008
D01F0008 00000000 is on.[/spoiler]

[spoiler]  CR:24202488  XER:00000000  CTR:800671BC DSIS:00000000
DAR:00000000 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000000   r1:8069EDC0   r2:80662DC0   r3:00000320
  r4:00000000   r5:00000000   r6:00000001   r7:0000000E
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE10
r12:800671BC  r13:80659220  r14:8069F1D8  r15:8155A378
r16:81557980  r17:81559D40  r18:0000000D  r19:8069EE28
r20:8069F1A0  r21:8069F190  r22:81559D40  r23:00000000
r24:0000000D  r25:8069F1A0  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:81557A08

  f0:42C60000   f1:00000000   f2:42C60000   f3:00000000
  f4:3F000000   f5:3F7FFFFF   f6:3E4F4F8A   f7:C00EF4EC
  f8:4393D993   f9:43940415  f10:4391BC25  f11:40356146
f12:444573C6  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BDB2B884  f27:3DB2B884
f28:43AF0000  f29:3F800000  f30:42C60000  f31:43E08000[/spoiler]


I tested the instructions you gave to me :

[spoiler]cmpwi r8, 0x0
bne- _END
stfs f0,8(r31)
_END:[/spoiler]

But Unlimited Health is not working for the hero or the enemy.
Title: Re: I Need Help On ASM
Post by: Anarion on December 14, 2011, 11:10:58 PM
dcx2's instructions should have worked.

you can try

cmpwi r0,0
bne- _END
stfs f0,8(r31)
_END:
Title: Re: I Need Help On ASM
Post by: dcx2 on December 14, 2011, 11:28:49 PM
Interesting, Jay brings up an excellent point, and I actually prefer his approach.  Look at this piece from Copy Function

800F4694:  881F000D   lbz   r0,13(r31)
800F4698:  C8010008   lfd   f0,8(r1)
800F469C:  C0229690   lfs   f1,-26992(r2)
800F46A0:  2C000000   cmpwi   r0,0
800F46A4:  EC001028   fsubs   f0,f0,f2
800F46A8:  EC40F028   fsubs   f2,f0,f30
800F46AC:  FC0207AE   fsel   f0,f2,f30,f0
800F46B0:  EC400828   fsubs   f2,f0,f1
800F46B4:  FC02082E   fsel   f0,f2,f0,f1
800F46B8:  D01F0008   stfs   f0,8(r31) # hook
800F46BC:  41820024   beq-   0x800f46e0

It does something different depending on whether 13(r31) is 0 or not 0.  r31 happens to be a pointer to the character in question.

This is better than using r8, because this function doesn't use r8 so what you're actually relying on is a stale value in the register from a previous caller.  Whereas 13(r31) is actually read in this function and so it is likely to be stable.
Title: Re: I Need Help On ASM
Post by: Bully@Wiiplaza on December 16, 2011, 07:12:05 AM
cmpwi r0,0 # are we affecting P1?
bne- _PLAYER # if not...
li r12, 0 # load 00000000
stw r12, 8 (r31) # One Hit Kill Enemies
b _KILLED # if enemy got killed, end code
_PLAYER: # if we deal with player...
lis r12, 0x4550 # load max health
stw r12, 8 (r31) # store it...
_KILLED: # end

So this hopefully gives Inf. Health + One Hit Kill.
Not sure about the hook though...
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 17, 2011, 05:22:10 PM
Quote from: Jay on December 14, 2011, 11:10:58 PM
dcx2's instructions should have worked.

you can try

cmpwi r0,0
bne- _END
stfs f0,8(r31)
_END:

Thx Jay, dcx2 Bully@Wiiplaza for helping me, but cmpwi r0,0 is not affecting Player 1 or Enemy.
Title: Re: I Need Help On ASM
Post by: dcx2 on December 17, 2011, 05:24:50 PM
Go to BP tab.  Enable Step Log.  Execute BP 800F46B4.  Get hit by an enemy.  Then press Step Into 10 times.  Post the log.
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 17, 2011, 05:57:06 PM
Quote from: dcx2 on December 17, 2011, 05:24:50 PM
Go to BP tab.  Enable Step Log.  Execute BP 800F46B4.  Get hit by an enemy.  Then press Step Into 10 times.  Post the log.

Here is the log :

[spoiler]800F46B4:  FC02082E   fsel   f0,f2,f0,f1   f0 = 307   f2 = 307   f0 = 307   f1 = 0
800F46B8:  D01F0008   stfs   f0,8(r31)   f0 = 307   r31 = 8156A9E8   [8156A9F0] = 43AA0000
800F46BC:  41820024   beq-   0x800f46e0
   ...   ...   ...   ...
800F46E0:  C01F0008   lfs   f0,8(r31)   f0 = 307   r31 = 8156A9E8   [8156A9F0] = 43998000
800F46E4:  EC20F828   fsubs   f1,f0,f31   f1 = 0   f0 = 307   f31 = 340
800F46E8:  80010044   lwz   r0,68(r1)   r0 = 00000000   r1 = 8069F1A0   [8069F1E4] = 802B7800
800F46EC:  E3E10038   psq_l   f31,56(r1),0,0   f31 = 340   r1 = 8069F1A0   [8069F1D8] = 426C0000
800F46F0:  CBE10030   lfd   f31,48(r1)   f31 = 59   r1 = 8069F1A0   [8069F1D0] = 404D800000000000
800F46F4:  E3C10028   psq_l   f30,40(r1),0,0   f30 = 307   r1 = 8069F1A0   [8069F1C8] = 42040000
800F46F8:  CBC10020   lfd   f30,32(r1)   f30 = 33   r1 = 8069F1A0   [8069F1C0] = 4040800000000000
800F46FC:  83E1001C   lwz   r31,28(r1)   r31 = 8156A9E8   r1 = 8069F1A0   [8069F1BC] = 8156A960[/spoiler]
Title: Re: I Need Help On ASM
Post by: dcx2 on December 17, 2011, 06:49:20 PM
Your code did not take.  Did you forget to apply the cheat?

800F46B8:  D01F0008   stfs   f0,8(r31)

If you applied a C2 code, this would be a branch.

This is Bully's code as a C2

Inf health, one hit kills [Bully@Wiiplaza]
C20F46B8 00000004
2C000000 40820010
39800000 919F0008
4800000C 3D804550
919F0008 00000000
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 18, 2011, 02:47:42 PM
Quote from: dcx2 on December 17, 2011, 06:49:20 PM
Your code did not take.  Did you forget to apply the cheat?

800F46B8:  D01F0008   stfs   f0,8(r31)

If you applied a C2 code, this would be a branch.

This is Bully's code as a C2

Inf health, one hit kills [Bully@Wiiplaza]
C20F46B8 00000004
2C000000 40820010
39800000 919F0008
4800000C 3D804550
919F0008 00000000


Hi dcx2.

Sorry my bad i forget to apply the code. LOL  :) :) :)


- I applied the code from Bully@Wiiplaza (last time a made a typo) so it's a one hit kill for the player and the enemy.


- "Go to BP tab.  Enable Step Log.  Execute BP 800F46B4.  Get hit by an enemy.  Then press Step Into 10 times.  Post the log."

[spoiler]800F46B4:  FC02082E   fsel   f0,f2,f0,f1   f0 = 2843,75   f2 = 2843,75   f0 = 2843,75   f1 = 0
800F46B8:  4BF0E210   b   0x800028c8
   ...   ...   ...   ...
800028C8:  2C000000   cmpwi   r0,0       r0 = 00000000
800028CC:  40820010   bne-   0x800028dc
800028D0:  39800000   li   r12,0      r12 = 800671BC
800028D4:  919F0008   stw   r12,8(r31)   r12 = 00000000   r31 = 81559DC8   [81559DD0] = 453B8000
800028D8:  4800000C   b   0x800028e4
   ...   ...   ...   ...
800028E4:  480F1DD8   b   0x800f46bc
   ...   ...   ...   ...
800F46BC:  41820024   beq-   0x800f46e0
   ...   ...   ...   ...
800F46E0:  C01F0008   lfs   f0,8(r31)   f0 = Non Numérique   r31 = 81559DC8   [81559DD0] = 00000000
800F46E4:  EC20F828   fsubs   f1,f0,f31   f1 = 0   f0 = 0   f31 = 3000[/spoiler]

- I made too when the enemy is hit :

[spoiler]800F46B4:  FC02082E   fsel   f0,f2,f0,f1   f0 = 967   f2 = 967   f0 = 967   f1 = 0

800F46B4:  FC02082E   fsel   f0,f2,f0,f1   f0 = 967   f2 = 967   f0 = 967   f1 = 0

800F46B4:  FC02082E   fsel   f0,f2,f0,f1   f0 = 775   f2 = 775   f0 = 775   f1 = 0
800F46B8:  4BF0E210   b   0x800028c8
   ...   ...   ...   ...
800028C8:  2C000000   cmpwi   r0,0       r0 = 00000000
800028CC:  40820010   bne-   0x800028dc
800028D0:  39800000   li   r12,0      r12 = 800671BC
800028D4:  919F0008   stw   r12,8(r31)   r12 = 00000000   r31 = 81558BE8   [81558BF0] = 44480000
800028D8:  4800000C   b   0x800028e4
   ...   ...   ...   ...
800028E4:  480F1DD8   b   0x800f46bc
   ...   ...   ...   ...
800F46BC:  41820024   beq-   0x800f46e0
   ...   ...   ...   ...
800F46E0:  C01F0008   lfs   f0,8(r31)   f0 = Non Numérique   r31 = 81558BE8   [81558BF0] = 00000000
800F46E4:  EC20F828   fsubs   f1,f0,f31   f1 = 0   f0 = 0   f31 = 800[/spoiler]

Sorry again. :) :) :)
Title: Re: I Need Help On ASM
Post by: dcx2 on December 18, 2011, 04:40:31 PM
hi Carpulecorp

Did the code work as intended?

The log appears to show two enemies being hit.  It has this line both times


800028C8:  2C000000   cmpwi   r0,0       r0 = 00000000


However, the breakpoints you posted here (http://wiird.l0nk.org/forum/index.php/topic,9098.msg77244.html#msg77244) all show r0 = 00000001 when the player is hit.
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 18, 2011, 07:49:09 PM
The code from Bully@Wiiplaza is not good because its a 1 hit kill for everyone ( Player and enemy).

The 1 hit kill is good just exclude the player and it would be awesome. :) :) :)
Title: Re: I Need Help On ASM
Post by: dcx2 on December 18, 2011, 08:45:38 PM
Very strange.

Set Bully's code again.  Have player get 1-hit killed.  Post registers.
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 18, 2011, 11:36:14 PM
I Set Bully's code. Set BP 800F46B8, and here are the registers :

- Player get 1-hit killed

[spoiler]  CR:24202488  XER:00000000  CTR:800671BC DSIS:02400000
DAR:800F46B8 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000000   r1:8069EDB0   r2:80662DC0   r3:00000BB8
  r4:80A09DB0   r5:0000001F   r6:00000003   r7:00000001
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE00
r12:800671BC  r13:80659220  r14:8069F1C8  r15:81557FB8
r16:81559D40  r17:81557980  r18:00000001  r19:8069EE18
r20:8069F190  r21:8069F180  r22:81557980  r23:00000000
r24:00000001  r25:8069F190  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:81559DC8

  f0:452FC800   f1:00000000   f2:452FC800   f3:00000000
  f4:3E4CCCCD   f5:3E4CCCCD   f6:3D638E39   f7:C03AA9A8
  f8:43950898   f9:428B8658  f10:C48EB8E2  f11:3FD0591E
f12:4381BD4F  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BF060A96  f27:3F060A96
f28:43160000  f29:3F800000  f30:452FC800  f31:453B8000[/spoiler]

- Enemy get 1-hit killed

[spoiler]  CR:24202488  XER:00000000  CTR:800671BC DSIS:02400000
DAR:800F46B8 SRR0:800F46B8 SRR1:0000B032   LR:800F4680
  r0:00000000   r1:8069EDC0   r2:80662DC0   r3:00000320
  r4:00000000   r5:00000000   r6:00000001   r7:0000000E
  r8:00000000   r9:9054EF84  r10:805A6B7C  r11:8069EE10
r12:800671BC  r13:80659220  r14:8069F1D8  r15:8155A378
r16:81557980  r17:81559D40  r18:0000000D  r19:8069EE28
r20:8069F1A0  r21:8069F190  r22:81559D40  r23:00000000
r24:0000000D  r25:8069F1A0  r26:00000002  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:81557A08

  f0:44098000   f1:00000000   f2:44098000   f3:00000000
  f4:3F000000   f5:3F7FFFFF   f6:BE3F4AD2   f7:4034E929
  f8:4394313D   f9:4393E9A1  f10:4396DE2F  f11:40356146
f12:C3BDF0CE  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:0229C4AB
f24:358637BD  f25:3F800000  f26:BFC90FD8  f27:401C61AA
f28:437A0000  f29:3F800000  f30:44098000  f31:44480000[/spoiler]
Title: Re: I Need Help On ASM
Post by: dcx2 on December 19, 2011, 01:03:21 AM
It looks like r0 is a bad test.  Use r24 = 0x1 when hitting player.  I have a funny feeling there will be more than just 0xD types of enemies or something like that.

Try this obviously modified version of Bully's code

C20F46B8 00000004
2C180001 41820010
39800000 919F0008
4800000C 3D804550
919F0008 00000000

cmpwi r24,0x1 # are we affecting Player?
beq- _PLAYER # if not...
li r12, 0 # load 00000000
stw r12, 8 (r31) # One Hit Kill Enemies
b _KILLED # if enemy got killed, end code
_PLAYER: # if we deal with player...
lis r12, 0x4550 # load max health
stw r12, 8 (r31) # store it...
_KILLED: # end

EDIT:

This was initially posted with bne, but it's supposed to be beq
Title: Re: I Need Help On ASM
Post by: Crapulecorp on December 20, 2011, 05:15:55 PM
Very nice thanks a lot for your help dcx2.

The code is working but you were right "I have a funny feeling there will be more than just 0xD types of enemies or something like that"

Some enemies are invincible like the player. And the player can sometimes be one hit killed.

And the worst thing the code make a lot of glitch in the game like i can't examine something or breaking items.

So i can't get to the next level.

I tried to BP 800F46B4 when a invicible enemy is hit but geckdotnet BP instatanetly so i can't BP when someone is hit.

So for me the best thing to do is to stop trying to hack this game.

Tanks everyone (matt123337, Bully@Wiiplaza, dcx2 and Jay) for the help i appreciate a lot. :) :) :) :)
Title: Re: I Need Help On ASM
Post by: Anarion on December 20, 2011, 05:43:14 PM
giving up on making further hacks, eh? Well that's too bad. I stopped because it switches from using mem80 one moment to mem90 the next which makes for a terrible time searching for addresses.
at least you tried. the game is not even all that interesting to hack anyways. =P
Title: Re: I Need Help On ASM
Post by: dcx2 on December 20, 2011, 11:33:01 PM
There is one last trick, although it is not as elegant.  It requires two C2 codes.

Find a good hook address which gives you access to only the player pointer.  This can be *anything*, it doesn't have to be related to health, it can literally be anything which provides the player pointer and no other pointers.  Make a first C2 which stores the player pointer in a gecko register, or some other unused memory.

Then, in your second C2 (the one we have been trying to make), instead of checking r24 or r0 or etc, you will load the pointer from the first C2 and compare it with the current pointer.  If they match, give full health to player.  If they differ, remove all health from enemy.
Text only | Text with Images