Help with an ASM Teleport Code!

[Bully@Wiiplaza]

Hi,
I am trying to do an ASM teleport code for CoD Black Ops´s Zombie mode offline, because direct RAM writes always get patched or move around <.<

-> When I press button XXXX, it should save/restore my saved coordinates. I think that I can store them into a register.

Attempts with commands:
stwu r1, -80(r1) # make r14 free
stmw r14, 8(r1) # make r14 free
lis r14,0x8020 # load into button activator
ori r14,r14,0x0F40 # second part
lhz r14,0(r14) # make r14 ready
andi. r14,r14, 0x6004 # masked button activator (C+Z+Down)
beq- _END# if not pressed, branch to the position after the save/restore part
lwz r18, 0 (r31) # load coordinate value from r31 into r18
_END:
lfs   f0,0(r31) # original instruction
lis r14,0x8020 # load into button activator
ori r14,r14,0x0F40 # second part
lhz r14,0(r14) # make r14 ready
andi. r14,r14, 0x6008 # masked button activator (C+Z+Up)
beq- _end # if not pressed, branch to the position after the save/restore part
stw r18, 0 (r31) # store coordinate value from r18 into r31
_end:
lfs   f0,0(r31) # original instruction

first code:
[spoiler]
C2391998 00000009
9421FFB0 BDC10008
3DC08020 61CE0F40
A1CE0000 71CE6004
41820008 825F0000
C01F0000 3DC08020
61CE0F40 A1CE0000
71CE6008 41820008
925F0000 C01F0000
60000000 00000000[/spoiler]

Instant freeze :-\

Direct RAM write would be:

lfs fD,d(rA):

Code Select Expand


stwu r1,-16(r1)
stw r11,8(r1)
lis r11,0xHHHH
ori r11,r11,0xLLLL
stw r11,d(rA)
lwz r11,8(r1)
addi r1,r1,16
lfs fD,d(rA)

Please try to help me :confused:

function:
[spoiler]803918B4:  7C601B78   mr   r0,r3
803918B8:  2C040000   cmpwi   r4,0
803918BC:  41820018   beq-   0x803918d4
803918C0:  3C608099   lis   r3,-32615
803918C4:  386380C8   subi   r3,r3,32568
803918C8:  7C040378   mr   r4,r0
803918CC:  38A00001   li   r5,1
803918D0:  4BFFFE60   b   0x80391730
803918D4:  3C608099   lis   r3,-32615
803918D8:  386380B8   subi   r3,r3,32584
803918DC:  7C040378   mr   r4,r0
803918E0:  38A00000   li   r5,0
803918E4:  4BFFFE4C   b   0x80391730
803918E8:  7C601B78   mr   r0,r3
803918EC:  3C608099   lis   r3,-32615
803918F0:  386380B8   subi   r3,r3,32584
803918F4:  1C0008B0   mulli   r0,r0,2224
803918F8:  3C8080B6   lis   r4,-32586
803918FC:  38841AC0   addi   r4,r4,6848
80391900:  7C840214   add   r4,r4,r0
80391904:  38A00000   li   r5,0
80391908:  4BFFFEA8   b   0x803917b0
8039190C:  3C608099   lis   r3,-32615
80391910:  386380C8   subi   r3,r3,32568
80391914:  38800001   li   r4,1
80391918:  4BFFFF20   b   0x80391838
8039191C:  9421FFE0   stwu   r1,-32(r1)
80391920:  7C0802A6   mflr   r0
80391924:  90010024   stw   r0,36(r1)
80391928:  93E1001C   stw   r31,28(r1)
8039192C:  93C10018   stw   r30,24(r1)
80391930:  7C7E1B78   mr   r30,r3
80391934:  7C9F2378   mr   r31,r4
80391938:  88030004   lbz   r0,4(r3)
8039193C:  2C800000   cmpwi   cr1,r0,0
80391940:  41860020   beq-   cr1,0x80391960
80391944:  3C608099   lis   r3,-32615
80391948:  386380C8   subi   r3,r3,32568
8039194C:  809E0000   lwz   r4,0(r30)
80391950:  38A00001   li   r5,1
80391954:  7FE6FB78   mr   r6,r31
80391958:  4BFFFCF9   bl   0x80391650
8039195C:  4800001C   b   0x80391978
80391960:  3C608099   lis   r3,-32615
80391964:  386380B8   subi   r3,r3,32584
80391968:  809E0000   lwz   r4,0(r30)
8039196C:  38A00000   li   r5,0
80391970:  7FE6FB78   mr   r6,r31
80391974:  4BFFFCDD   bl   0x80391650
80391978:  38A00000   li   r5,0
8039197C:  38800001   li   r4,1
80391980:  380301A8   addi   r0,r3,424
80391984:  7CC00028   lwarx   r6,r0,r0
80391988:  7C862840   cmplw   cr1,r6,r5
8039198C:  4086000C   bne-   cr1,0x80391998
80391990:  7C80012D   stwcx.   r4,r0,r0
80391994:  40A2FFF0   bne-   0x80391984
80391998:  C01F0000   lfs   f0,0(r31) <-- X Coordinate
8039199C:  D0010008   stfs   f0,8(r1)
803919A0:  C01F0004   lfs   f0,4(r31) <-- Y Coordinate
803919A4:  D001000C   stfs   f0,12(r1)
803919A8:  C01F0008   lfs   f0,8(r31) <-- Z Coordinate
803919AC:  D0010010   stfs   f0,16(r1)
803919B0:  38E10008   addi   r7,r1,8
803919B4:  38630088   addi   r3,r3,136
803919B8:  889E0004   lbz   r4,4(r30)
803919BC:  80BE0008   lwz   r5,8(r30)
803919C0:  80DE000C   lwz   r6,12(r30)
803919C4:  481E244D   bl   0x80573e10
803919C8:  83E1001C   lwz   r31,28(r1)
803919CC:  83C10018   lwz   r30,24(r1)
803919D0:  80010024   lwz   r0,36(r1)
803919D4:  7C0803A6   mtlr   r0
803919D8:  38210020   addi   r1,r1,32
803919DC:  4E800020   blr   

 CR:22000488  XER:20000000  CTR:00000003 DSIS:00400000
DAR:80A1530C SRR0:803919A0 SRR1:0000B032   LR:8039195C
 r0:92F8C898   r1:900E9988   r2:802459C0   r3:92F8C6F0
 r4:00000001   r5:00000000   r6:00000000   r7:00000001
 r8:00000000   r9:00000000  r10:8134D090  r11:900E9A38
r12:804F8650  r13:80244680  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:00000000
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:00000000  r25:80A152E8  r26:81600A40  r27:80A16C98
r28:80A0B568  r29:80A152E8  r30:900E99B0  r31:80A15308[/spoiler]

[Deathwolf]

bully your code is totally wrong.
where is your branch to THE END?

lis r14,0x8020
ori r14,r14,0x0F40
lhz r14,0(r14)
andi. r14,r14, 0x6004
beq- TEST_SECOND_ACTIVATOR
b THE_END

TEST_SECOND_ACTIVATOR:
andi. r14,r14, 0x6008
beq- THE END
stw r18, 0 (r31)
THE_END:

lfs   f0,0(r31)

[Bully@Wiiplaza]

read again, I edited the post.

[Deathwolf]

read again, I edited the post.

lis r14,0x8020 # load into button activator
ori r14,r14,0x0F40 # second part
lhz r14,0(r14) # make r14 ready
andi. r14,r14, 0x6004 # masked button activator (C+Z+Down)
beq- THE END# if not pressed, branch to the position after the save/restore part
stw r18, 0 (r31)  # store coordinate value from r31 into r18
lwz r18, 0 (r31) # load coordinate value from r31 into r18

THE END:

lfs   f0,0(r31) # original instruction

[Bully@Wiiplaza]

read again, I edited the post.

lis r14,0x8020 # load into button activator
ori r14,r14,0x0F40 # second part
lhz r14,0(r14) # make r14 ready
andi. r14,r14, 0x6004 # masked button activator (C+Z+Down)
beq- THE END# if not pressed, branch to the position after the save/restore part
stw r18, 0 (r31)  # store coordinate value from r31 into r18
lwz r18, 0 (r31) # load coordinate value from r31 into r18

THE END:

lfs   f0,0(r31) # original instruction

lol?
But I want to save/store with different buttons and no at once  :rolleyes:

[Deathwolf]

read again, I edited the post.

lis r14,0x8020 # load into button activator
ori r14,r14,0x0F40 # second part
lhz r14,0(r14) # make r14 ready
andi. r14,r14, 0x6004 # masked button activator (C+Z+Down)
beq- THE END# if not pressed, branch to the position after the save/restore part
stw r18, 0 (r31)  # store coordinate value from r31 into r18
lwz r18, 0 (r31) # load coordinate value from r31 into r18

THE END:

lfs   f0,0(r31) # original instruction

lol?
But I want to save/store with different buttons and no at once  :rolleyes:

then use this!

lis r14,0x8020
ori r14,r14,0x0F40
lhz r14,0(r14)
andi. r14,r14, 0x6004
beq- TEST_SECOND_ACTIVATOR
b THE_END

TEST_SECOND_ACTIVATOR:
andi. r14,r14, 0x6008
beq- THE END
stw r18, 0 (r31)
lwz r18, 0 (r31) # load coordinate value from r31 into r18
THE_END:

lfs   f0,0(r31)

[Bully@Wiiplaza]

nothing happened...

[Deathwolf]

28200F40 00006004
04391998 93F20000 <-- store r31 into r18
E0000000 80008000
28200F40 00006008
04391998 925F0000 <-- store 18 into r31
E2100000 00000000
04391998 C01F0000 <-- if not pressed, activate original instruction
E0000000 80008000

[Bully@Wiiplaza]

28200F40 00006004
C2391998 00000002 -> load 3 coordinates in r18, r19, r13 + offset
825F0000 827F0004
81BF0008 00000000
E2100000 00000000 -> if not pressed...
04391998 C01F0000 -> original instruction
E0000000 80008000
28200F40 00006008
C2391998 00000002 -> store 3 coordinates in r31 + offset
93F20000 93F30004
93ED0008 00000000
E2100000 00000000 -> if not pressed...
04391998 C01F0000 -> original instruction
E0000000 80008000

freeze...

[Deathwolf]

28200F40 00006004
04391998 83F20000 <-- load x into r18
043919A0 83F30004 <-- load y into r19
043919A8 83F40008 <-- load z into r20
E0000000 80008000
28200F40 00006008
04391998 925F0000 <-- store x into r18
043919A0 927F0004 <-- store y into r19
043919A8 929F0008 <-- store z into r20
28200F40 00000400
04391998 C01F0000 <-- original instruction x
043919A0 C01F0004 <-- original instruction y
043919A8 C01F0008 <-- original instruction z
E0000000 80008000

[Bully@Wiiplaza]

28200F40 00006004
04391998 83F20000
043919A0 83F30004
043919A8 83F40008
E2100000 00000000
04391998 C01F0000
043919A0 C01F0004
043919A8 C01F0008
E0000000 80008000
28200F40 00006008
04391998 925F0000
043919A0 927F0004
043919A8 929F0008
E2100000 00000000
04391998 C01F0000
043919A0 C01F0004
043919A8 C01F0008
E0000000 80008000

this code teleports you, when you press C+Z+Up,
but when you want to store your position with C+Z+ Down, it doesn´t store it (-> it always teleports you to the same position)
I´m out of luck now

[Deathwolf]

28200F40 00006004
04391998 83F20000
043919A0 83F30004
043919A8 83F40008
E2100000 00000000
04391998 925F0000
043919A0 927F0004
043919A8 929F0008
E0000000 80008000
28200F40 00000400
04391998 C01F0000
043919A0 C01F0004
043919A8 C01F0008
E0000000 80008000

[hetoan2]

your code will never work because it will overwrite the stored addresses before the next time they are executed.

your best bet is rewriting them to free memory so that way they don't move, that way you can move data all around, AND be able to store old spots in ram.

also you're using a stack frame completely wrong.

stwu r1, -80(r1) # make r14 free
stmw r14, 8(r1) # make r14 free

that doesn't just make r14 free, it loads r14-r31 onto the stack (r1)

then you're supposed to pop the stack back into the registers using:

lmw r14,8(r1)         #read registers r14 to r31 from stack
addi r1,r1,80         #free stackframe

that's what a function is. it starts by freeing room on the stack, and ends by popping it back into when it's done executing.

best way is to store the values into the ram and load them at the begining.

Code Select Expand


stackframe:

//add button activator
//store location on blahblahblah
//if button not pressed skip to next line for possible writing to addresses

lis r31,0x816F
lwz r30,0(r31) #X coord load
lwz r29,4(r31) #Y coord load
lwz r28,8(r31) #Z coord load

cmpwi r30,0
beq end
cmpwi r29,0 #checks to see if you wrote addresses or not yet
beq end
cmpwi r28,0
beq end

//add button activator
//restore location

end:
//blank code/same as popstackframe
popstackframe:



[Bully@Wiiplaza]

ok thanks, it is already solved, I haven´t posted yet... :P
I noticed that you often post something, if it´s Black Ops related :D