Hi everyone i'm trying to hack: WR5P [WiiWare] Retro City Rampage.
My problem is for the Max Score code. The Score has 12 numbers, so the Max Value is 9184E729FFF (9999 9999 9999).
When i BP the 2 Adresses from the score:
8038C4AA 00000918
8038C4AC 4E729FFF
i 'm getting the same result in the breakpoint tab:
800725C4 9008014C stw r0,332(r8)
So i don't Know how can i make a ASM code with the 9184E729FFF value.
If someone can help me thanks in advance. :) :) :)
A little bit more ASM collection and information of registers would be useful to know since you posted only one stw which we don't know where or to which address it points.
Besides, since it's greather than 32 bit (32 bit + 16 bit) we have to use one more instruction than only one stw.
Here would be your ASM disassembled code:
The blue part makes all registers from 14-31 free and useable.
Purple part is asm for your code.
stwu r1,-80(r1) # make space for 18 registers
stmw r14,8(r1) # push r14-r31 onto the stack
ori r14,r14,0x0918 # write first 16 bit value to r14 (0x0918)
lis r15,0x4E72 # write last 32 bit value to r15 (0x4E729FFF)
ori r15,r15,0x9FFF
stw r14, 332(r8) # store value of r14 (00000918) into r8 +14C bytes (332) = 8038C4A8
stw r15, 336(r8) # store value of r15 (4E729FFF) into r8 +150 bytes (336) = 8038C4AC
lmw r14,8(r1) # pop r14-r31 off the stack
addi r1,r1,80 # release the space
I assume that stw r0,332(r8) points to address 8038C4A8 but I'm not sure at all. Please give more information about that.
The maximum value is E8D4A50FFF.
You need an instruction that points to the upper or lower part only.
Otherwise you may need to find a register that tells you if it's the upper or lower address and execute this code:
li r0, 0x00E8
sth r0, 334(r8) # upper 16 bit#
lis r0, 0xD4A5
ori r0, r0, 0x0FFF
stw r0, 336(r8) # lower 32 bit#
Does it even move in memory? I think not.
Did you try a pointer search then and do a regular ram write?
EDIT: took me a minute, realized Bully already figured this out. But when you set the WBP, was it on the 00000918 value or the 4E729FFF?
Although I might add that 9,999,999,999,999 = 0918 4E72 9FFF, I'll trust the hex value he gave over the decimal value.
Thanks all of you Deathwolf, Bully@Wiiplaza and dcx2.
- Deathwolf i hope all informations you need are here :
(http://crapulecorp.site50.net/8038C4AA.WR5P.jpg)
8038C4AA 00000918
[spoiler]CR : 42000488 XER : 00000000 CTR : 00000000 DSIS: 02400000
DAR : 8038C4AC SRR0: 800725C4 SRR1: 0000A032 LR : 80072404
r0 : 00031639 r1 : 8049FC40 r2 : 80281600 r3 : 00000918
r4 : 4E729FFF r5 : 00031637 r6 : 00000000 r7 : 00000000
r8 : 8038C360 r9 : 80390000 r10 : 0011C26C r11 : 8049FC70
r12 : 002EB0C2 r13 : 80280440 r14 : 0000000F r15 : 803AC810
r16 : 00000014 r17 : 00000000 r18 : 00000000 r19 : 00000000
r20 : 00000000 r21 : 8038C360 r22 : 00000020 r23 : 803AC810
r24 : 803AAA28 r25 : 00000002 r26 : 803AAA28 r27 : 803AC810
r28 : 00000000 r29 : 00000000 r30 : 00000001 r31 : 00000000
f0 : FFC00000 f1 : 3D800000 f2 : 3F800000 f3 : 59800000
f4 : 59800004 f5 : 3EC911E8 f6 : BF17ADD3 f7 : 3F4E3A0E
f8 : 3D4BEFF7 f9 : 3F1CE9D0 f10 : BF4A45CA f11 : 3B088888
f12 : 3AA7E07E f13 : 00000000 f14 : 00000000 f15 : 00000000
f16 : 00000000 f17 : 00000000 f18 : 00000000 f19 : 00000000
f20 : 00000000 f21 : 00000000 f22 : 00000000 f23 : 00000000
f24 : 00000000 f25 : 00000000 f26 : 00000000 f27 : 00000000
f28 : 00000000 f29 : 00000000 f30 : 00000000 f31 : 00000000
800725C4: 9008014C stw r0,332(r8)
800725C8: 7CC73114 adde r6,r7,r6
800725CC: 7C002010 subc r0,r4,r0
800725D0: 90C80148 stw r6,328(r8)
800725D4: 7C061910 subfe r0,r6,r3
800725D8: 7C042110 subfe r0,r4,r4
800725DC: 7C0000D1 neg. r0,r0
800725E0: 4182000C beq- 0x800725ec
800725E4: 9088014C stw r4,332(r8)
800725E8: 90680148 stw r3,328(r8)
800725EC: 2C1F0000 cmpwi r31,0
800725F0: 4182001C beq- 0x8007260c
800725F4: 3C808039 lis r4,-32711
800725F8: 3C608039 lis r3,-32711
800725FC: 3884C360 subi r4,r4,15520
80072600: 8084014C lwz r4,332(r4)[/spoiler]
8038C4AC 4E729FFF
(http://crapulecorp.site50.net/8038C4AC.WR5P.jpg)
[spoiler]CR : 42000488 XER : 00000000 CTR : 00000000 DSIS: 02400000
DAR : 8038C4AC SRR0: 800725C4 SRR1: 0000A032 LR : 80072404
r0 : 0003163B r1 : 8049FC40 r2 : 80281600 r3 : 00000918
r4 : 4E729FFF r5 : 00031639 r6 : 00000000 r7 : 00000000
r8 : 8038C360 r9 : 80390000 r10 : 0011C26C r11 : 8049FC70
r12 : 003625DF r13 : 80280440 r14 : 0000000F r15 : 803AC810
r16 : 00000012 r17 : 00000000 r18 : 00000000 r19 : 00000000
r20 : 00000000 r21 : 8038C360 r22 : 00000020 r23 : 803AC810
r24 : 803AAA28 r25 : 00000002 r26 : 803AAA28 r27 : 803AC810
r28 : 00000000 r29 : 00000000 r30 : 00000001 r31 : 00000000
f0 : FFC00000 f1 : 3E000000 f2 : 3F800000 f3 : 59800000
f4 : 59800004 f5 : B5F80000 f6 : 3D886B43 f7 : 3EAAAAAA
f8 : 3E124924 f9 : 3DBA2E6E f10 : 3D886B35 f11 : 3D4BDA62
f12 : 331910A7 f13 : 3612DAAE f14 : 00000000 f15 : 00000000
f16 : 00000000 f17 : 00000000 f18 : 00000000 f19 : 00000000
f20 : 00000000 f21 : 00000000 f22 : 00000000 f23 : 00000000
f24 : 00000000 f25 : 00000000 f26 : 00000000 f27 : 00000000
f28 : 00000000 f29 : 00000000 f30 : 00000000 f31 : 00000000
800725C4: 9008014C stw r0,332(r8)
800725C8: 7CC73114 adde r6,r7,r6
800725CC: 7C002010 subc r0,r4,r0
800725D0: 90C80148 stw r6,328(r8)
800725D4: 7C061910 subfe r0,r6,r3
800725D8: 7C042110 subfe r0,r4,r4
800725DC: 7C0000D1 neg. r0,r0
800725E0: 4182000C beq- 0x800725ec
800725E4: 9088014C stw r4,332(r8)
800725E8: 90680148 stw r3,328(r8)
800725EC: 2C1F0000 cmpwi r31,0
800725F0: 4182001C beq- 0x8007260c
800725F4: 3C808039 lis r4,-32711
800725F8: 3C608039 lis r3,-32711
800725FC: 3884C360 subi r4,r4,15520
80072600: 8084014C lwz r4,332(r4)[/spoiler]
-------------------------
Bully@Wiiplaza you were right i did a regular Ram Write.
dcx2 yes i Breakpoint the two adresses, for the 00000918 value and 4E729FFF.
Your modified value is at r3 and r4. It shows that it stores the value from r0 (which seems to be wrong) to address 8038C4AC. Maybe got a wrong breakpoint?
Wait, why do you need ASM? Can't you just do and 02 and 04 code to write to these addresses, if they don't move? You shouldn't need ASM then.
If you did need ASM, Bully's version should work, based on what you've shown here.