Breaking on the health address gives me the following:
[spoiler]
80104720: FC400818 frsp f2,f1
80104724: C00303AC lfs f0,940(r3)
80104728: C06303A8 lfs f3,936(r3)
8010472C: FC020040 fcmpo cr0,f2,f0
80104730: D02303A8 stfs f1,936(r3)
80104734: 40810008 ble- 0x8010473c
80104738: D00303A8 stfs f0,936(r3)
8010473C: 7C800775 extsb. r0,r4
80104740: 4D820020 beqlr- [/spoiler]
This is the same function for...
- getting hit
- regaining health
- not affecting health
If I check the LR, it is the same for...
- regaining health
- not affecting health
[spoiler]
CR:882228A8 XER:00000000 CTR:80104720 DSIS:02400000
DAR:808D4458 SRR0:80104730 SRR1:0000B032 LR:801354E8
r0:00000001 r1:80703200 r2:806F5120 r3:808D40B0
r4:00000001 r5:8070320C r6:BFED31BD r7:BFFD31BD
r8:40019999 r9:00000000 r10:00000000 r11:FFFFFFFD
r12:80104720 r13:806F1000 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:00000000 r22:00000000 r23:00000000
r24:00000000 r25:80F83760 r26:805D0000 r27:808D40B0
r28:8084B720 r29:808D6E40 r30:808D40B0 r31:808D40B0
f0:42C80000 f1:3FCCCCCD f2:3FCCCCCD f3:3F800000
f4:00000000 f5:00000000 f6:00000000 f7:00000000
f8:A117EBA0 f9:3D78EDED f10:3D78EDEA f11:3240A92C
f12:40400000 f13:30C4F3CB f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:00000000 f31:00000000
80135350: 9421FFE0 stwu r1,-32(r1)
80135354: 7C0802A6 mflr r0
80135358: 3C80805E lis r4,-32674
8013535C: 90010024 stw r0,36(r1)
80135360: 3884E720 subi r4,r4,6368
80135364: 93E1001C stw r31,28(r1)
80135368: 7C7F1B78 mr r31,r3
8013536C: A004002C lhz r0,44(r4)
80135370: 28000003 cmplwi r0,3
80135374: 40820018 bne- 0x8013538c
80135378: 3C60805D lis r3,-32675
8013537C: 38631884 addi r3,r3,6276
80135380: 4BF8B811 bl 0x800c0b90
80135384: 7C600775 extsb. r0,r3
80135388: 41820174 beq- 0x801354fc
8013538C: 881F05EE lbz r0,1518(r31)
80135390: C0429DC8 lfs f2,-25144(r2)
80135394: 7C000775 extsb. r0,r0
80135398: FC601090 fmr f3,f2
8013539C: 41820074 beq- 0x80135410
801353A0: 881F0994 lbz r0,2452(r31)
801353A4: C0029E38 lfs f0,-25032(r2)
801353A8: 7C000775 extsb. r0,r0
801353AC: EC620032 fmuls f3,f2,f0
801353B0: 4082000C bne- 0x801353bc
801353B4: 38000000 li r0,0
801353B8: 48000044 b 0x801353fc
801353BC: 3C60805F lis r3,-32673
801353C0: 38800000 li r4,0
801353C4: 38638D40 subi r3,r3,29376
801353C8: 3C630001 addis r3,r3,1
801353CC: 34039030 subic. r0,r3,28624
801353D0: 41820008 beq- 0x801353d8
801353D4: 80839FAC lwz r4,-24660(r3)
801353D8: 28040001 cmplwi r4,1
801353DC: 41820014 beq- 0x801353f0
801353E0: 28040002 cmplwi r4,2
801353E4: 41820014 beq- 0x801353f8
801353E8: 38000002 li r0,2
801353EC: 48000010 b 0x801353fc
801353F0: 38000003 li r0,3
801353F4: 48000008 b 0x801353fc
801353F8: 38000001 li r0,1
801353FC: 28000002 cmplwi r0,2
80135400: 40820024 bne- 0x80135424
80135404: C0029E18 lfs f0,-25064(r2)
80135408: EC420032 fmuls f2,f2,f0
8013540C: 48000018 b 0x80135424
80135410: 881F095C lbz r0,2396(r31)
80135414: 7C000775 extsb. r0,r0
80135418: 4182000C beq- 0x80135424
8013541C: C0029E3C lfs f0,-25028(r2)
80135420: EC620032 fmuls f3,f2,f0
80135424: 880DAAF5 lbz r0,-21771(r13)
80135428: 7C000775 extsb. r0,r0
8013542C: 40820050 bne- 0x8013547c
80135430: 807F0704 lwz r3,1796(r31)
80135434: 3803FFFE subi r0,r3,2
80135438: 28000001 cmplwi r0,1
8013543C: 41810040 bgt- 0x8013547c
80135440: 881F0E59 lbz r0,3673(r31)
80135444: 7C000775 extsb. r0,r0
80135448: 41820010 beq- 0x80135458
8013544C: C00DAB64 lfs f0,-21660(r13)
80135450: EC630032 fmuls f3,f3,f0
80135454: 48000028 b 0x8013547c
80135458: C03F0C74 lfs f1,3188(r31)
8013545C: C0029E40 lfs f0,-25024(r2)
80135460: FC010040 fcmpo cr0,f1,f0
80135464: 40810010 ble- 0x80135474
80135468: C00D8500 lfs f0,-31488(r13)
8013546C: EC630032 fmuls f3,f3,f0
80135470: 4800000C b 0x8013547c
80135474: C00D84FC lfs f0,-31492(r13)
80135478: EC630032 fmuls f3,f3,f0
8013547C: C03F0EA0 lfs f1,3744(r31)
80135480: C0029DD4 lfs f0,-25132(r2)
80135484: FC010040 fcmpo cr0,f1,f0
80135488: 4C401382 cror 2,0,2
8013548C: 40820060 bne- 0x801354ec
80135490: C05F03AC lfs f2,940(r31)
80135494: 7FE3FB78 mr r3,r31
80135498: C02D84F8 lfs f1,-31496(r13)
8013549C: D0410008 stfs f2,8(r1)
801354A0: EC230072 fmuls f1,f3,f1
801354A4: C01F0578 lfs f0,1400(r31)
801354A8: C07F03A8 lfs f3,936(r31)
801354AC: EC000072 fmuls f0,f0,f1
801354B0: EC00182A fadds f0,f0,f3
801354B4: D001000C stfs f0,12(r1)
801354B8: FC001040 fcmpo cr0,f0,f2
801354BC: 4C401382 cror 2,0,2
801354C0: 4082000C bne- 0x801354cc
801354C4: 38A1000C addi r5,r1,12
801354C8: 48000008 b 0x801354d0
801354CC: 38A10008 addi r5,r1,8
801354D0: 81830000 lwz r12,0(r3)
801354D4: 38800001 li r4,1
801354D8: C0250000 lfs f1,0(r5)
801354DC: 818C0124 lwz r12,292(r12)
801354E0: 7D8903A6 mtctr r12
801354E4: 4E800421 bctrl
801354E8: 48000014 b 0x801354fc
801354EC: C01F0578 lfs f0,1400(r31)
801354F0: EC020032 fmuls f0,f2,f0
801354F4: EC010028 fsubs f0,f1,f0
801354F8: D01F0EA0 stfs f0,3744(r31)
801354FC: 80010024 lwz r0,36(r1)
80135500: 83E1001C lwz r31,28(r1)
80135504: 7C0803A6 mtlr r0
80135508: 38210020 addi r1,r1,32
8013550C: 4E800020 blr [/spoiler]
the 801354D8: C0250000 lfs f1,0(r5) loads the "updated" health value from memory, so that the 80104730: D02303A8 stfs f1,936(r3) can store it back. Problem is that r5 contains more data than only health (changes continuously, basically each frame). I can´t get the write breakpoint off to find something that does the health regain thingy. Finding an fadds or fsubs was the plan. Any suggestions?
This is where 801354D8: C0250000 lfs f1,0(r5) leads me to...
[spoiler]
CR:482228A8 XER:00000000 CTR:80326C20 DSIS:02400000
DAR:808D4458 SRR0:801354D8 SRR1:0000B032 LR:80135384
r0:00000001 r1:80703200 r2:806F5120 r3:8086D5B0
r4:00000001 r5:80703208 r6:BFED31BD r7:BFFD31BD
r8:40019999 r9:00000000 r10:00000000 r11:FFFFFFFD
r12:80574784 r13:806F1000 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:00000000 r22:00000000 r23:00000000
r24:00000000 r25:80F83760 r26:805D0000 r27:8086D5B0
r28:80FFAD60 r29:8087F580 r30:8086D5B0 r31:8086D5B0
f0:42C93333 f1:41900000 f2:42C80000 f3:42C80000
f4:00000000 f5:00000000 f6:00000000 f7:00000000
f8:A117EBA0 f9:3D78EDED f10:3D78EDEA f11:3240A92C
f12:40400000 f13:30C4F3CB f14:00000000 f15:00000000
f16:00000000 f17:00000000 f18:00000000 f19:00000000
f20:00000000 f21:00000000 f22:00000000 f23:00000000
f24:00000000 f25:00000000 f26:00000000 f27:00000000
f28:00000000 f29:00000000 f30:00000000 f31:00000000
80703190 FFFFFFFD 80574784 806F1000 00000000
807031A0 00000000 04700000 00000000 00000000
807031B0 00000001 00000000 00000000 00000019
807031C0 000000D0 CD000000 80F83760 805D0000
807031D0 8086D5B0 80FFAD60 8087F580 80001C38
807031E0 80000000 80842340 8086D5B0 8086D5B0
807031F0 40590000 00000000 40590000 00000000
80703200 80703220 80001C3C *42C80000* 42C93333
80703210 00000000 00000000 00000000 805745C8
80703220 80703260 80131D54 3EEF277A 3F43255B
80703230 80FFAD60 00000001 805D54E0 8086D5B0
80703240 00000000 00000000 00000000 00000000
80703250 00000000 00000000 00000000 00000000
80703260 80703270 80108A48 00000000 807032A0
80703270 807032A0 80129E80 808834A0 808834A0
80703280 807032A0 8041C470 805D0000 80846F40
[/spoiler]
You may be able to test r12 at this instruction
801354E0: 7D8903A6 mtctr r12
This is loading a pointer for a function to call into CTR so you can bctrl to it. Chances are this runs for all kinds of stuff not related to health. If you're lucky, r12 will be a specific value only for health effects.
---
You should also look at the full call stack and not just the LR, when your breakpoint hits for getting hit and regaining health etc. There may be something further up the stack than the most recent function call.
Quote from: dcx2 on August 15, 2012, 02:44:48 PM
You may be able to test r12 at this instruction
801354E0: 7D8903A6 mtctr r12
This is loading a pointer for a function to call into CTR so you can bctrl to it. Chances are this runs for all kinds of stuff not related to health. If you're lucky, r12 will be a specific value only for health effects.
r12 doesn´t ever change and it´s doing only health effects, such as healing, getting damaged and idling. r3 plus offset points to the health address. It´s pointing to 80104720: FC400818 frsp f2,f1[spoiler]
CR:482228A8 XER:00000000
CTR:80326C20 DSIS:02400000
DAR:808640F8 SRR0:801354E0 SRR1:0000B032 LR:80135384
r0:00000001 r1:80703200 r2:806F5120 r3:80889E30
r4:00000001 r5:80703208 r6:BFED31BD r7:BFFD31BD
r8:40019999 r9:00000000 r10:00000000 r11:FFFFFFFD
r12:80104720 r13:806F1000 r14:00000000 r15:00000000
r16:00000000 r17:00000000 r18:00000000 r19:00000000
r20:00000000 r21:00000000 r22:00000000 r23:00000000
r24:00000000 r25:80869FA0 r26:805D0000 r27:80889E30
r28:8086D280 r29:8088CBC0 r30:80889E30 r31:80889E30[/spoiler]Since I should look at the call stack, I did. What´s important to figure here? It looks like that "Regaining Health" and "Idling" have the exact same Call Stack. I´m sure that it´s right, however.
[spoiler]Regaining Health
80104730
80131D50
80108A44
80129E7C
803E8994
803E3F3C
801D9B78
8040E9D8
8040296C
8044468C
801ADFD0
80008380
800076E0
802CACB8
80008A34
80292B58
80292EA0
80006470
Getting Hit
80104730
80103308
80282760
80177FAC
8031CDD4
8031BD98
8031C024
80302B40
802803CC
8027E2F8
800083A4
800076E0
802CACB8
80008A34
80292B58
80292EA0
80006470
Idling
80104730
80131D50
80108A44
80129E7C
803E8994
803E3F3C
801D9B78
8040E9D8
8040296C
8044468C
801ADFD0
80008380
800076E0
802CACB8
80008A34
80292B58
80292EA0
80006470[/spoiler]