Bass Pro Shops ( RY8EFS )

Started by Patedj, January 21, 2011, 08:54:56 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

Patedj

#15
January 22, 2011, 11:00:10 AM
I have a question for my button activator,
I'm interested into converting it into an activator for the button C (4000) but I also would like, anything besides that pressed with the C allows the code to be written anyways.

The reason for this is that, the icon allows you to know if there are fish around, and thus my code and this one would satisfy the need to know if there are any fish around.

You know what? I guess an on off button should do the trick even nicer.

[Fish Mag V.2]
20616218 00004000
04C95D18 3F599999
0404C95D1C 01599999
CC000000 00000000
04C95D18 DEFAULT ----> what's the series of HEX to enable default?
0404C95D1C DEFAULT
E0000000 80008000

Without the default, It'll just bring it back to 00000000 and that's bad. The magnet is actually a fish radar, and so it's sort of a counter. Keeping it at 00000000 will simply make my fish go away!

ASM would be something like this right

lis r0, 0x8061 ----> controller
ori r0,r0, 0x6218
lwz r1, 0x0(r0)
li r2, 0x00004000 ----> C button
cmpw r1, r2
bne +20
lis r3, 0x80C9
ori r3,r3, 0x5D18
li r4, 0x3f599999 ----> can't convert properly help please
stw r4, 0(r0)
lis r5, 0x80C9
ori r5, r5, 0x5D1C
li r6, 0x01599999 ----> can't convert properly help please
stw r7, 0(r5)
You can pm me, I've got time for your troubles.

James0x57

#16
January 22, 2011, 03:17:50 PM
"li r4, 0x3f599999 ----> can't convert properly help please"

lis r4,0x3f59
ori r4,r4,0x9999



"button C (4000) but I also would like, anything besides that pressed with the C allows the code to be written anyways."
http://geckocodes.org/index.php?arsenal=2
Tick "C" in the top-left "Wii Remote + Nunchuck" box.
Check "Inclusive (use mask)" on top-right area.
"Result (wii)" shows the value: BFFF4000

Normally the first 2bytes of a button activator are 0's. This tells the code that when you press the button (C in this case), you cannot be pressing other ones. The bit mask makes it so you can ignore any set of other buttons. (in this case, all but the one you're checking for)

dcx2

#17
January 22, 2011, 03:57:49 PM Last Edit: January 22, 2011, 04:00:20 PM by dcx2
Quote from: Patedj on January 22, 2011, 11:00:10 AM
ASM would be something like this right

lis r0, 0x8061 ----> controller
ori r0,r0, 0x6218
lwz r1, 0x0(r0)
li r2, 0x00004000 ----> C button
cmpw r1, r2
bne +20
lis r3, 0x80C9
ori r3,r3, 0x5D18
li r4, 0x3f599999 ----> can't convert properly help please
stw r4, 0(r0)
lis r5, 0x80C9
ori r5, r5, 0x5D1C
li r6, 0x01599999 ----> can't convert properly help please
stw r7, 0(r5)

YIKES!  Don't do this for so many reasons.

1) Never write to r1.  It's the stack pointer.  It must be handled a certain way, with stwu and addi.

2) Never write to r2 (or r13).  Period.

3) I doubt the rest of the registers are safe.  You have to be very careful about when you use registers like that.  It might be best if you just create a stack frame instead of trying to use safe registers.  Just use the stuff above the first --- from here.  http://wiird.l0nk.org/forum/index.php/topic,6555.0.html

4) When using r0, it's helpful to double check the instruction's data sheet.  http://pds.twi.tudelft.nl/vakken/in101/labcourse/instruction-set/  Go click on stw.  The datasheet says "EA is the sum of (rA|0) + d".  EA means Effective Address.  rA|0 means that it will NOT look at the contents of r0 if you specify it for the rA operand of the instruction (making it rB or rD etc is okay).  Essentially, for the purpose of this instruction, r0 always holds 0, even though it might hold something else.  There are some other common instructions that have this restriction with r0, like addi.  Many instructions don't.

5) ASM instructions are only 32-bits.  So we can't make an instruction that writes a 32-bit immediate, because there would be no bits left to specify the instruction!  Thus, most immediates are only 16-bits.  That's why we need lis (to load the upper 16 bits) and ori (to merge the lower 16 bits in)

6) Use branch labels.  Instead of bne+ 20, use bne+ BRANCH_DESTINATION.  Then add a BRANCH_DESTINATION: (<--- see the colon?)  before the place you want the branch to land.  No more counting instructions!

7) + and - after branches don't mean what you think they mean.  They are branch hints; + means the branch will be taken most of the time and - means it won't be taken most of the time.  This helps the CPU run faster sometimes.  Usually, branch hints with + go backward, while - goes forward.

James0x57

#18
January 22, 2011, 05:41:11 PM
That was just pseudo code, dcx2. lol (he just used the registers in order for simplicity's sake) =P

@7: ....Really?? I had no idea that was the case... From observation, I just assumed + meant backwards and - meant forward. (so they seemed pointless since you could see that anyway)
And given that (new-to-me) info, it makes perfect sense that + more likely to go backwards because of the nature of looping.

Patedj

#19
January 23, 2011, 12:42:02 AM
Ahahaha, This is great! Thanks, dcx2, and James0x57. That explains a lot. So Let me get this straight.

Button Activator, inclusive mask does the trick.

I can ori anything to add the extra 16 byte info :) 

and only inject to non-volatile registers thanks dcx2. ( He was right to correct me James0x57. I didn't know any better and now I'm stronger than ever)  O0

So, in this case...
[spoiler]CR:28200888  XER:00000000  CTR:801CAA4C DSIS:00400000
DAR:80CB2DD8 SRR0:801CAAE0 SRR1:0000B032   LR:801CAA70
  r0:00000007   r1:80630578   r2:80624240   r3:8055491C
  r4:00000000   r5:80CABA00   r6:00000000   r7:CC010000
  r8:00000000   r9:0011C264  r10:0011C26C  r11:806305B8
r12:801CAA4C  r13:806208E0  r14:00000000  r15:FFFFFF00
r16:80325C98  r17:FF5C5CFC  r18:FFAAA0AC  r19:FF0A0000
r20:FFBEAAC8  r21:FF640000  r22:00000001  r23:80325C98
r24:80575F64  r25:80595F64  r26:805AE8F8  r27:00000001
r28:00000000  r29:805A99A8  r30:0000000E  r31:805AC66C

  f0:00000000   f1:00000000   f2:3EF80000   f3:3F8CCCCD
  f4:80000000   f5:3F800000   f6:40000000   f7:4131B91B
  f8:42F33333   f9:41800000  f10:3F1E2CCE  f11:3EDDB7F9
f12:3F49499A  f13:3F0E931C  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:59800004  f31:3F000000[/spoiler]

stwu starts at 801CAA4C and finishes at 801CAE10
unfortunately I can't select copy/paste so I have 5 jpg filled with assembly.
You can pm me, I've got time for your troubles.

Patedj

#20
January 23, 2011, 01:10:19 AM Last Edit: January 23, 2011, 05:31:08 AM by Patedj
[Fish Magnet for the maps except last map V.2] (Thanks to James0x57)
2861621B BFFFF4000
04CB2DDC 01599999
04CB2DD8 3F599999
E0000000 80008000

[Fish Magnet for the Last map V.2]
2861621B BFFF4000
04C5BA78 3F599999
04C5BA7C 01599999
E0000000 80008000


[Maps unlocked V.2] (Thanks to Jackal)
005750F4 00130001

I'm still working on the assembly
You can pm me, I've got time for your troubles.

dcx2

#21
January 23, 2011, 01:24:02 AM
You can copy and paste.  Right click in the disassembly and hit "Copy Function".  Sometimes these can be long, so I usually spoiler functions.

BTW, you can only use non-volatiles after you make a stack frame.  Volatiles are usually a lot safer, but you need to be careful to avoid using one before it's going to be used as a source operand.

Patedj

#22
January 23, 2011, 01:31:05 AM Last Edit: January 23, 2011, 01:35:52 AM by Patedj
Thanks dcx2. Yay!!
I was sure you guys had thought of that!

Here's the disassembler for the fish magnet code

[spoiler]801CA978:  9421FFE0   stwu   r1,-32(r1)
801CA97C:  7C0802A6   mflr   r0
801CA980:  90010024   stw   r0,36(r1)
801CA984:  DBE10010   stfd   f31,16(r1)
801CA988:  F3E10018   psq_st   f31,24(r1),0,0
801CA98C:  93E1000C   stw   r31,12(r1)
801CA990:  7C7F1B78   mr   r31,r3
801CA994:  808DAEEC   lwz   r4,-20756(r13)
801CA998:  2C040000   cmpwi   r4,0
801CA99C:  41820094   beq-   0x801caa30
801CA9A0:  800473A8   lwz   r0,29608(r4)
801CA9A4:  2C000007   cmpwi   r0,7
801CA9A8:  41820008   beq-   0x801ca9b0
801CA9AC:  48000084   b   0x801caa30
801CA9B0:  880473DC   lbz   r0,29660(r4)
801CA9B4:  C08473D8   lfs   f4,29656(r4) ----> it *reads* here
801CA9B8:  2C000000   cmpwi   r0,0
801CA9BC:  C0A2AAEC   lfs   f5,-21780(r2)
801CA9C0:  C0C2A864   lfs   f6,-22428(r2)
801CA9C4:  4182000C   beq-   0x801ca9d0
801CA9C8:  C0A2A970   lfs   f5,-22160(r2)
801CA9CC:  C0C2AA38   lfs   f6,-21960(r2)
801CA9D0:  C042A858   lfs   f2,-22440(r2)
801CA9D4:  C00300AC   lfs   f0,172(r3)
801CA9D8:  EC622028   fsubs   f3,f2,f4
801CA9DC:  C842AAF0   lfd   f2,-21776(r2)
801CA9E0:  EC210032   fmuls   f1,f1,f0
801CA9E4:  C00300A8   lfs   f0,168(r3)
801CA9E8:  FC6320AE   fsel   f3,f3,f2,f4
801CA9EC:  EC240072   fmuls   f1,f4,f1
801CA9F0:  FC601818   frsp   f3,f3
801CA9F4:  EC46007A   fmadds   f2,f6,f1,f0
801CA9F8:  EFE500F2   fmuls   f31,f5,f3
801CA9FC:  FC60F890   fmr   f3,f31
801CAA00:  FC20F850   fneg   f1,f31
801CAA04:  4BE873FD   bl   0x80051e00
801CAA08:  FC000818   frsp   f0,f1
801CAA0C:  D03F00A8   stfs   f1,168(r31)
801CAA10:  FC000210   fabs   f0,f0
801CAA14:  FC000018   frsp   f0,f0
801CAA18:  FC1F0000   fcmpu   cr0,f31,f0
801CAA1C:  40820014   bne-   0x801caa30
801CAA20:  C03F00AC   lfs   f1,172(r31)
801CAA24:  C002AAF8   lfs   f0,-21768(r2)
801CAA28:  EC010032   fmuls   f0,f1,f0
801CAA2C:  D01F00AC   stfs   f0,172(r31)
801CAA30:  80010024   lwz   r0,36(r1)
801CAA34:  E3E10018   psq_l   f31,24(r1),0,0
801CAA38:  CBE10010   lfd   f31,16(r1)
801CAA3C:  83E1000C   lwz   r31,12(r1)
801CAA40:  7C0803A6   mtlr   r0
801CAA44:  38210020   addi   r1,r1,32
801CAA48:  4E800020   blr   
801CAA4C:  9421FFA0   stwu   r1,-96(r1)
801CAA50:  7C0802A6   mflr   r0
801CAA54:  90010064   stw   r0,100(r1)
801CAA58:  39610040   addi   r11,r1,64
801CAA5C:  DBE10050   stfd   f31,80(r1)
801CAA60:  F3E10058   psq_st   f31,88(r1),0,0
801CAA64:  DBC10040   stfd   f30,64(r1)
801CAA68:  F3C10048   psq_st   f30,72(r1),0,0
801CAA6C:  480B1155   bl   0x8027bbc0
801CAA70:  80ADAEEC   lwz   r5,-20756(r13)
801CAA74:  3C004330   lis   r0,17200
801CAA78:  90010018   stw   r0,24(r1)
801CAA7C:  7C7F1B78   mr   r31,r3
801CAA80:  2C050000   cmpwi   r5,0
801CAA84:  90010020   stw   r0,32(r1)
801CAA88:  41820364   beq-   0x801cadec
801CAA8C:  8062A1A0   lwz   r3,-24160(r2)
801CAA90:  38800000   li   r4,0
801CAA94:  88030008   lbz   r0,8(r3)
801CAA98:  2C000000   cmpwi   r0,0
801CAA9C:  40820014   bne-   0x801caab0
801CAAA0:  8062A1A4   lwz   r3,-24156(r2)
801CAAA4:  88030000   lbz   r0,0(r3)
801CAAA8:  2C000000   cmpwi   r0,0
801CAAAC:  41820008   beq-   0x801caab4
801CAAB0:  38800001   li   r4,1
801CAAB4:  2C040000   cmpwi   r4,0
801CAAB8:  41820008   beq-   0x801caac0
801CAABC:  48000330   b   0x801cadec
801CAAC0:  800573A8   lwz   r0,29608(r5)
801CAAC4:  2C000007   cmpwi   r0,7
801CAAC8:  40820324   bne-   0x801cadec
801CAACC:  8B8573DC   lbz   r28,29660(r5)
801CAAD0:  2C1C0000   cmpwi   r28,0
801CAAD4:  4182000C   beq-   0x801caae0
801CAAD8:  C802AB00   lfd   f0,-21760(r2)
801CAADC:  48000008   b   0x801caae4
801CAAE0:  C00573D8   lfs   f0,29656(r5)
801CAAE4:  FFE00018   frsp   f31,f0
801CAAE8:  38610014   addi   r3,r1,20
801CAAEC:  3881000C   addi   r4,r1,12
801CAAF0:  38A10010   addi   r5,r1,16
801CAAF4:  38C10008   addi   r6,r1,8
801CAAF8:  4BF300ED   bl   0x800fabe4
801CAAFC:  806D91D0   lwz   r3,-28208(r13)
801CAB00:  4BEF8775   bl   0x800c3274
801CAB04:  6C608000   xoris   r0,r3,32768
801CAB08:  9001001C   stw   r0,28(r1)
801CAB0C:  C842A8C8   lfd   f2,-22328(r2)
801CAB10:  C8210018   lfd   f1,24(r1)
801CAB14:  C0010014   lfs   f0,20(r1)
801CAB18:  EC211028   fsubs   f1,f1,f2
801CAB1C:  806D91D0   lwz   r3,-28208(r13)
801CAB20:  EC00082A   fadds   f0,f0,f1
801CAB24:  D0010014   stfs   f0,20(r1)
801CAB28:  4BEF874D   bl   0x800c3274
801CAB2C:  6C608000   xoris   r0,r3,32768
801CAB30:  90010024   stw   r0,36(r1)
801CAB34:  C842A8C8   lfd   f2,-22328(r2)
801CAB38:  C8210020   lfd   f1,32(r1)
801CAB3C:  C0010010   lfs   f0,16(r1)
801CAB40:  EC211028   fsubs   f1,f1,f2
801CAB44:  806D91D0   lwz   r3,-28208(r13)
801CAB48:  EC000828   fsubs   f0,f0,f1
801CAB4C:  D0010010   stfs   f0,16(r1)
801CAB50:  4BEF8769   bl   0x800c32b8
801CAB54:  6C608000   xoris   r0,r3,32768
801CAB58:  9001001C   stw   r0,28(r1)
801CAB5C:  C842A8C8   lfd   f2,-22328(r2)
801CAB60:  C8210018   lfd   f1,24(r1)
801CAB64:  C001000C   lfs   f0,12(r1)
801CAB68:  EC211028   fsubs   f1,f1,f2
801CAB6C:  806D91D0   lwz   r3,-28208(r13)
801CAB70:  EC00082A   fadds   f0,f0,f1
801CAB74:  D001000C   stfs   f0,12(r1)
801CAB78:  4BEF8741   bl   0x800c32b8
801CAB7C:  C0210010   lfs   f1,16(r1)
801CAB80:  6C608000   xoris   r0,r3,32768
801CAB84:  C0010014   lfs   f0,20(r1)
801CAB88:  387F00B0   addi   r3,r31,176
801CAB8C:  90010024   stw   r0,36(r1)
801CAB90:  EC210028   fsubs   f1,f1,f0
801CAB94:  C002AB08   lfs   f0,-21752(r2)
801CAB98:  C862A8C8   lfd   f3,-22328(r2)
801CAB9C:  C8410020   lfd   f2,32(r1)
801CABA0:  EFC10024   fdivs   f30,f1,f0
801CABA4:  C0010008   lfs   f0,8(r1)
801CABA8:  EC221828   fsubs   f1,f2,f3
801CABAC:  EC000828   fsubs   f0,f0,f1
801CABB0:  D0010008   stfs   f0,8(r1)
801CABB4:  4BE78FC1   bl   0x80043b74
801CABB8:  C002AB0C   lfs   f0,-21748(r2)
801CABBC:  38DF012C   addi   r6,r31,300
801CABC0:  C0C2A870   lfs   f6,-22416(r2)
801CABC4:  3BA00001   li   r29,1
801CABC8:  ED2007B2   fmuls   f9,f0,f30
801CABCC:  C882AB10   lfd   f4,-21744(r2)
801CABD0:  C0A2A8D4   lfs   f5,-22316(r2)
801CABD4:  3BC00000   li   r30,0
801CABD8:  D13F00BC   stfs   f9,188(r31)
801CABDC:  3800FFFF   li   r0,-1
801CABE0:  D13F00C0   stfs   f9,192(r31)
801CABE4:  387F00B0   addi   r3,r31,176
801CABE8:  C062AA90   lfs   f3,-21872(r2)
801CABEC:  38800001   li   r4,1
801CABF0:  C0010010   lfs   f0,16(r1)
801CABF4:  38A00000   li   r5,0
801CABF8:  C1010014   lfs   f8,20(r1)
801CABFC:  C042AB18   lfs   f2,-21736(r2)
801CAC00:  ECE04028   fsubs   f7,f0,f8
801CAC04:  C022AB1C   lfs   f1,-21732(r2)
801CAC08:  C002AB20   lfs   f0,-21728(r2)
801CAC0C:  ECC73024   fdivs   f6,f7,f6
801CAC10:  FC8441BA   fmadd   f4,f4,f6,f8
801CAC14:  FC802018   frsp   f4,f4
801CAC18:  D09F00B4   stfs   f4,180(r31)
801CAC1C:  C0810008   lfs   f4,8(r1)
801CAC20:  EC85227C   fnmsubs   f4,f5,f9,f4
801CAC24:  93BF0108   stw   r29,264(r31)
801CAC28:  D09F00B8   stfs   f4,184(r31)
801CAC2C:  93BF010C   stw   r29,268(r31)
801CAC30:  9BDF00F4   stb   r30,244(r31)
801CAC34:  90DF0110   stw   r6,272(r31)
801CAC38:  D07F00D8   stfs   f3,216(r31)
801CAC3C:  D05F00DC   stfs   f2,220(r31)
801CAC40:  D03F00E0   stfs   f1,224(r31)
801CAC44:  D01F00E4   stfs   f0,228(r31)
801CAC48:  901F00F0   stw   r0,240(r31)
801CAC4C:  4BE78FB5   bl   0x80043c00
801CAC50:  387F00B0   addi   r3,r31,176
801CAC54:  4BE78F21   bl   0x80043b74
801CAC58:  C002AB0C   lfs   f0,-21748(r2)
801CAC5C:  2C1C0000   cmpwi   r28,0
801CAC60:  C042A870   lfs   f2,-22416(r2)
801CAC64:  381F012C   addi   r0,r31,300
801CAC68:  ECA007B2   fmuls   f5,f0,f30
801CAC6C:  C802AB10   lfd   f0,-21744(r2)
801CAC70:  C022A8D4   lfs   f1,-22316(r2)
801CAC74:  D0BF00BC   stfs   f5,188(r31)
801CAC78:  D0BF00C0   stfs   f5,192(r31)
801CAC7C:  C0610010   lfs   f3,16(r1)
801CAC80:  C0810014   lfs   f4,20(r1)
801CAC84:  EC632028   fsubs   f3,f3,f4
801CAC88:  EC431024   fdivs   f2,f3,f2
801CAC8C:  FC0020BA   fmadd   f0,f0,f2,f4
801CAC90:  FC000018   frsp   f0,f0
801CAC94:  D01F00B4   stfs   f0,180(r31)
801CAC98:  C0010008   lfs   f0,8(r1)
801CAC9C:  EC01017C   fnmsubs   f0,f1,f5,f0
801CACA0:  93BF0108   stw   r29,264(r31)
801CACA4:  D01F00B8   stfs   f0,184(r31)
801CACA8:  93BF010C   stw   r29,268(r31)
801CACAC:  9BDF00F4   stb   r30,244(r31)
801CACB0:  901F0110   stw   r0,272(r31)
801CACB4:  41820018   beq-   0x801caccc
801CACB8:  C022AB24   lfs   f1,-21724(r2)
801CACBC:  C062AB28   lfs   f3,-21720(r2)
801CACC0:  C0C2AB2C   lfs   f6,-21716(r2)
801CACC4:  C0E2AB30   lfs   f7,-21712(r2)
801CACC8:  48000014   b   0x801cacdc
801CACCC:  C022AB34   lfs   f1,-21708(r2)
801CACD0:  C062AB28   lfs   f3,-21720(r2)
801CACD4:  C0C2AB38   lfs   f6,-21704(r2)
801CACD8:  C0E2AB30   lfs   f7,-21712(r2)
801CACDC:  C0A2AA8C   lfs   f5,-21876(r2)
801CACE0:  C042A8E8   lfs   f2,-22296(r2)
801CACE4:  EC810172   fmuls   f4,f1,f5
801CACE8:  C01F00A8   lfs   f0,168(r31)
801CACEC:  EC6300B2   fmuls   f3,f3,f2
801CACF0:  C022A85C   lfs   f1,-22436(r2)
801CACF4:  ECA60172   fmuls   f5,f6,f5
801CACF8:  D09F00D8   stfs   f4,216(r31)
801CACFC:  EC8700B2   fmuls   f4,f7,f2
801CAD00:  D07F00DC   stfs   f3,220(r31)
801CAD04:  EC5F002A   fadds   f2,f31,f0
801CAD08:  C062A864   lfs   f3,-22428(r2)
801CAD0C:  D0BF00E0   stfs   f5,224(r31)
801CAD10:  D09F00E4   stfs   f4,228(r31)
801CAD14:  4BE870ED   bl   0x80051e00
801CAD18:  C002A868   lfs   f0,-22424(r2)
801CAD1C:  EC200072   fmuls   f1,f0,f1
801CAD20:  480B0D75   bl   0x8027ba94
801CAD24:  5460C00E   rlwinm   r0,r3,24,0,7
801CAD28:  387F00B0   addi   r3,r31,176
801CAD2C:  640000FF   oris   r0,r0,255
801CAD30:  38800001   li   r4,1
801CAD34:  6000FFFF   ori   r0,r0,65535
801CAD38:  901F00F0   stw   r0,240(r31)
801CAD3C:  38A00000   li   r5,0
801CAD40:  4BE78EC1   bl   0x80043c00
801CAD44:  387F00B0   addi   r3,r31,176
801CAD48:  4BE78E2D   bl   0x80043b74
801CAD4C:  C002AB0C   lfs   f0,-21748(r2)
801CAD50:  38DF012C   addi   r6,r31,300
801CAD54:  C0C2A870   lfs   f6,-22416(r2)
801CAD58:  39000001   li   r8,1
801CAD5C:  ED2007B2   fmuls   f9,f0,f30
801CAD60:  C882AB10   lfd   f4,-21744(r2)
801CAD64:  C0A2A8D4   lfs   f5,-22316(r2)
801CAD68:  38E00000   li   r7,0
801CAD6C:  D13F00BC   stfs   f9,188(r31)
801CAD70:  3800FFFF   li   r0,-1
801CAD74:  D13F00C0   stfs   f9,192(r31)
801CAD78:  387F00B0   addi   r3,r31,176
801CAD7C:  C062AB3C   lfs   f3,-21700(r2)
801CAD80:  38800001   li   r4,1
801CAD84:  C0010010   lfs   f0,16(r1)
801CAD88:  38A00000   li   r5,0
801CAD8C:  C1010014   lfs   f8,20(r1)
801CAD90:  C042AB18   lfs   f2,-21736(r2)
801CAD94:  ECE04028   fsubs   f7,f0,f8
801CAD98:  C022AB40   lfs   f1,-21696(r2)
801CAD9C:  C002AB20   lfs   f0,-21728(r2)
801CADA0:  ECC73024   fdivs   f6,f7,f6
801CADA4:  FC8441BA   fmadd   f4,f4,f6,f8
801CADA8:  FC802018   frsp   f4,f4
801CADAC:  D09F00B4   stfs   f4,180(r31)
801CADB0:  C0810008   lfs   f4,8(r1)
801CADB4:  EC85227C   fnmsubs   f4,f5,f9,f4
801CADB8:  911F0108   stw   r8,264(r31)
801CADBC:  D09F00B8   stfs   f4,184(r31)
801CADC0:  911F010C   stw   r8,268(r31)
801CADC4:  98FF00F4   stb   r7,244(r31)
801CADC8:  90DF0110   stw   r6,272(r31)
801CADCC:  D07F00D8   stfs   f3,216(r31)
801CADD0:  D05F00DC   stfs   f2,220(r31)
801CADD4:  D03F00E0   stfs   f1,224(r31)
801CADD8:  D01F00E4   stfs   f0,228(r31)
801CADDC:  901F00F0   stw   r0,240(r31)
801CADE0:  4BE78E21   bl   0x80043c00
801CADE4:  7FE3FB78   mr   r3,r31
801CADE8:  480012E5   bl   0x801cc0cc
801CADEC:  39610040   addi   r11,r1,64
801CADF0:  E3E10058   psq_l   f31,88(r1),0,0
801CADF4:  CBE10050   lfd   f31,80(r1)
801CADF8:  E3C10048   psq_l   f30,72(r1),0,0
801CADFC:  CBC10040   lfd   f30,64(r1)
801CAE00:  480B0E0D   bl   0x8027bc0c
801CAE04:  80010064   lwz   r0,100(r1)
801CAE08:  7C0803A6   mtlr   r0
801CAE0C:  38210060   addi   r1,r1,96
801CAE10:  4E800020   blr   
[/spoiler]

Would you look at that!! HA! You guys seem to never stop impressing!
You can pm me, I've got time for your troubles.

Patedj

#23
January 23, 2011, 02:00:44 AM Last Edit: January 23, 2011, 06:18:55 AM by Patedj
[spoiler]CR:22200488  XER:00000000  CTR:801CA978 DSIS:00400000
DAR:80C5BA7C SRR0:801CA9B0 SRR1:0000B032   LR:801C5470
 r0:00000007   r1:80630608   r2:80624240   r3:805AC66C
 r4:80C546A0   r5:00000000   r6:00000000   r7:414B4500
 r8:414B4500   r9:00000000  r10:80630628  r11:80630618
r12:801CA978  r13:806208E0  r14:00000000  r15:FFFFFF00
r16:80325C98  r17:FF5C5CFC  r18:FFAAA0AC  r19:FF0A0000
r20:FFBEAAC8  r21:FF640000  r22:00000001  r23:80325C98
r24:80575F64  r25:80595F64  r26:00000000  r27:80595F64
r28:80575F64  r29:805A99A8  r30:0000000E  r31:805AC66C

 f0:00000000   f1:3D0A1000   f2:00000000   f3:BD0A1000
 f4:4F000000   f5:BD8F5C29   f6:3F6DB8FB   f7:3F7DBD7B
 f8:3D480EB9   f9:3E080C91  f10:BF7DBB02  f11:00000000
f12:00000000  f13:BF8FAE2A  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:3D0A1000[/spoiler]
[spoiler]801CA978:  9421FFE0   stwu   r1,-32(r1)
801CA97C:  7C0802A6   mflr   r0
801CA980:  90010024   stw   r0,36(r1)
801CA984:  DBE10010   stfd   f31,16(r1)
801CA988:  F3E10018   psq_st   f31,24(r1),0,0
801CA98C:  93E1000C   stw   r31,12(r1)
801CA990:  7C7F1B78   mr   r31,r3
801CA994:  808DAEEC   lwz   r4,-20756(r13)
801CA998:  2C040000   cmpwi   r4,0
801CA99C:  41820094   beq-   0x801caa30
801CA9A0:  800473A8   lwz   r0,29608(r4)
801CA9A4:  2C000007   cmpwi   r0,7
801CA9A8:  41820008   beq-   0x801ca9b0
801CA9AC:  48000084   b   0x801caa30
801CA9B0:  880473DC   lbz   r0,29660(r4)
801CA9B4:  C08473D8   lfs   f4,29656(r4)
801CA9B8:  2C000000   cmpwi   r0,0
801CA9BC:  C0A2AAEC   lfs   f5,-21780(r2)
801CA9C0:  C0C2A864   lfs   f6,-22428(r2)
801CA9C4:  4182000C   beq-   0x801ca9d0
801CA9C8:  C0A2A970   lfs   f5,-22160(r2)
801CA9CC:  C0C2AA38   lfs   f6,-21960(r2)
801CA9D0:  C042A858   lfs   f2,-22440(r2)
801CA9D4:  C00300AC   lfs   f0,172(r3)
801CA9D8:  EC622028   fsubs   f3,f2,f4
801CA9DC:  C842AAF0   lfd   f2,-21776(r2)
801CA9E0:  EC210032   fmuls   f1,f1,f0
801CA9E4:  C00300A8   lfs   f0,168(r3)
801CA9E8:  FC6320AE   fsel   f3,f3,f2,f4
801CA9EC:  EC240072   fmuls   f1,f4,f1
801CA9F0:  FC601818   frsp   f3,f3
801CA9F4:  EC46007A   fmadds   f2,f6,f1,f0
801CA9F8:  EFE500F2   fmuls   f31,f5,f3
801CA9FC:  FC60F890   fmr   f3,f31
801CAA00:  FC20F850   fneg   f1,f31
801CAA04:  4BE873FD   bl   0x80051e00
801CAA08:  FC000818   frsp   f0,f1
801CAA0C:  D03F00A8   stfs   f1,168(r31)
801CAA10:  FC000210   fabs   f0,f0
801CAA14:  FC000018   frsp   f0,f0
801CAA18:  FC1F0000   fcmpu   cr0,f31,f0
801CAA1C:  40820014   bne-   0x801caa30
801CAA20:  C03F00AC   lfs   f1,172(r31)
801CAA24:  C002AAF8   lfs   f0,-21768(r2)
801CAA28:  EC010032   fmuls   f0,f1,f0
801CAA2C:  D01F00AC   stfs   f0,172(r31)
801CAA30:  80010024   lwz   r0,36(r1)
801CAA34:  E3E10018   psq_l   f31,24(r1),0,0
801CAA38:  CBE10010   lfd   f31,16(r1)
801CAA3C:  83E1000C   lwz   r31,12(r1)
801CAA40:  7C0803A6   mtlr   r0
801CAA44:  38210020   addi   r1,r1,32
801CAA48:  4E800020   blr   
[/spoiler]
stwu r1,-80(r1)
stmw r14,8(r1)
lis r15, 0x8061 ----> controller
ori r15,r15, 0x621B
lwz r16, 0x0(r15)
li r17, 0x00004000 ----> C button
cmpw r16, r17
*bne-   0x801caab0    ---->?? I chose this cause the disassembler branches there if negative. Do I load it
                                    first? Something like lis r18, 0x801c
                                                                ori r18, r18, 0xaab0
                                                        Then bne- r18
if that's the case then ...
cmpw r16, r17
bne- r18
lis r19, 0x80C5
ori r19,r19, 0xBA78
li r20, 0x3f59
ori r20, r20, 0x9999
stw r20, 0(r19)
lmw r14,8(r1)
addi r1,r1,80

that's my code but I have no idea where to inject into. or to branch it to. I'm thinking of injecting it to r12 = 80048D3C
and branching it to the functions bne - address.

I really think I'm complicating my code though
maybe something like this should work
injecting at 80C5BA78 for the last map's hook magnet
stwu r1,-80(r1)
stmw r14,8(r1)
li r26, 0x3f59 ----> r26 it had 00000000. I know it's not a valid address for safety but it's between 14 and
                          31 and its not demonstrated on the function copied here
ori r26, r26, 0x9999
stw r26,0x73D8(r4)
lmw r14,8(r1)
addi r1,r1,80

unfortunately it does not work right, itll come up with 4b3a6e60 stuff but it doesn't freeze the game and it lights up the magnet... to 4b3a6e60 instead of 3f599999 :)

My code looks like this
[spoiler]2861621B BFFF4000
C2C5BA78 00000004
9421FFB0 BDC10008
3B403F59 635A9999
934473D8 B9C10008
38210050 00000000
E0000000 80008000
[/spoiler]
You can pm me, I've got time for your troubles.

dcx2

#24
January 23, 2011, 05:59:07 PM
Okay, there's a lot to address here.

1) ori r15,r15, 0x621B

This is the lower 16-bits of your button activator address.  The value is odd (ends with 0xB = 11).  This means the address is byte-aligned.  Alignment is a difficult concept to explain; basically, any variable's address must be divisible by that variable's size.  So a 4-byte variable should be divisible by 4 (ends in 0, 4, 8, or C).  A 2-byte variable should be divisible by 2 (0, 2, 4, 6, ..., C, E).  A 1-byte variable is divisible by anything.  I think you meant 0x621A here.

2) lwz r16, 0x0(r15)

Button activator addresses are 16-bit half-words.  So you should use lhz (maybe even lha), and the value in r15 should be divisible by 2.

3) li r17, 0x00004000

The vast majority of ASM instructions use 16-bit immediate values.  You specified a 32-bit value, but it worked because the upper 16-bits are 0.

4) cmpw r16, r17

Because you're only testing against a 16-bit value, you can use cmpwi instead of cmpw.  This allows you do to your cmp without loading r17 with the button mask you're activating on.

5) bne-   0x801caab0

You can't do this.  Remember, Wii ASM is 32-bits per instruction.  You gave a 32-bit absolute address.  That leaves no bits for assigning op codes and such.

In the Wii's ASM, all branches that you see will be relative branches.  That is, their destination is determined by adding the branch displacement to the address of the branch itself.  This is why we write "bne- 8" to skip one instruction; the CPU typically adds 4 to the Instruction Pointer after every instruction executes, so that we go to the next one.  However, a bne- 8 will add 8 to the IP, skipping the next instruction.  A bne- -4 would branch backwards to the previous instruction.  bne- 0 would be an infinite loop, constantly adding 0 to the IP.

When writing an ASM code, we often add or remove lines inbetween a branch and it's destination.  This requires the non-trivial act of counting instructions and turning it into a displacement, and making sure you remembered to check all your branches, etc.  That's why we prefer branch destination labels.  You can use a branch label as the operand for a branch and the assembler will automatically calculate the correct displacement for you.  Yay!

6) bne- r18

You can't do this.  Registers can't be arguments for branches.  You can, however, load the CTR register with a 32-bit address, and the CTR register can be an operand for a branch using bctr-type instructions.  You should make sure there's nothing important in CTR (usually there isn't, because it's volatile and the value becomes insignificant after any bl or blr, but sometimes it can be in use during your code's hook)

However, I definitely would NOT recommend using that kind of long-distance branch for this code.  You'll miss the ASM that pops your stack frame! (lmw/addi)  If your C2 is executed, it will probably cause a crash.  Instead, your bne- should land on the lmw.

7) li r20, 0x3f59

Should be lis, like 8 below

8 ) li r26, 0x3f59 ----> r26 it had 00000000. I know it's not a valid address for safety but it's between 14 and
                           31 and its not demonstrated on the function copied here

You made a stack frame, so all registers 14-31 are safe to use within the frame.  The value inside a register never determines whether it is safe to use.  The non-volatile registers (r14-r31, the ones we backed up at the beginning with stmw and restore at the end lmw) usually contain either local variables that this function may be using right now; or it contains local variables for one of the stack frames before this one that that might *also* be used right now, and the ASM for that frame may be very far away from this ASM so we wouldn't know if it was or wasn't being used.

---

...your hook address for the C2, which is 80C5BA78, is not a value that's listed in your disassembly.  C2 should hook ASM, not data.  That explains the strange value that you're seeing on your screen; the code handler is writing a hook to the ASM where the game wants data, and the value that you see is, 4b3a6e60, is machine code for b 0x6E60; the branch that the code handler wrote while attempting to hook the game.

dcx2

#25
January 23, 2011, 06:30:17 PM
I think you said your original ASM read breakpoint was 801CA9B4:  lfs   f4,29656(r4)

We only need one register.  In instances like this, r12 is safe to use 99.99% of the time, with no stack frame.  From the Copy Function you provided, it looks like pretty much everything from r5-r11 *should* be safe to use, assuming the game was compiled without any fancy tricks that might skirt the basic rules a bit.

lis r12, 0x3f59         # load r12 with our desired value
ori r12, r12, 0x9999
stw r12,29656(r4)   # store using game's pre-existing pointer
lfs f4,29656(r4)      # insert anti-code so we don't interfere with game execution
nop                      # probably unnecessary; the ASM-to-WiiRD converter will probably insert this if you don't

Note that you can still use a stack frame if you want.  The use of r12 here makes some assumptions about the compiler's settings that are almost always true.  In this case, given the values in the register listing, you'll see that r12 was probably used as part of loading up the CTR register for a bctrl at 801C546C (the function that called the one we're in).  The value in r12 lost significance back in the old stack frame.

You can probably use r10 to load the button activator address and cmpwi to check for the C button.  I shy away from r11; it's usually used for stack-like things and as a general rule I try to be extra super careful with things relating to the stack.  Especially since r11 looks like it was used in the previous stack frame.

Patedj

#26
January 24, 2011, 05:08:45 AM
Thank you.
For the button condition, I understand you completely, unfortunately for us the code addresses are 80616218-9-a-b when I put my mouse over the pairs of bites.

For the ASM, for some reason the game doesn't load the last map the same...
[spoiler]CR:44200488  XER:00000000  CTR:802021F4 DSIS:00400000
DAR:80CB2DD8 SRR0:801DB468 SRR1:0000B032   LR:801DB460
  r0:80000003   r1:80630488   r2:80624240   r3:43300000
  r4:8000000F   r5:805739B4   r6:00000000   r7:00000000
  r8:00000042   r9:FFFFFFFF  r10:80630488  r11:80630008
r12:802021F4  r13:806208E0  r14:00000000  r15:FFFFFF00
r16:80325C98  r17:FF5C5CFC  r18:FFAAA0AC  r19:FF0A0000
r20:FFBEAAC8  r21:00000003  r22:0000000F  r23:00000003
r24:00000000  r25:80F941A0  r26:00000003  r27:80630490
r28:805AD880  r29:815C2340  r30:0000000C  r31:80CABA00

  f0:BE924924   f1:3F36DB6E   f2:3F800000   f3:3F800000
  f4:3D0A1000   f5:59800004   f6:42339000   f7:4226D000
  f8:C08E0000   f9:BFB60000  f10:00000000  f11:C1C4BBC0
f12:C21C3820  f13:48B2F3FE  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:3D0A1000[/spoiler]
Function
[spoiler]801DB288:  9421FEE0   stwu   r1,-288(r1)
801DB28C:  7C0802A6   mflr   r0
801DB290:  90010124   stw   r0,292(r1)
801DB294:  39610110   addi   r11,r1,272
801DB298:  DBE10110   stfd   f31,272(r1)
801DB29C:  F3E10118   psq_st   f31,280(r1),0,0
801DB2A0:  480A0905   bl   0x8027bba4
801DB2A4:  800373A8   lwz   r0,29608(r3)
801DB2A8:  FFE00890   fmr   f31,f1
801DB2AC:  7C7F1B78   mr   r31,r3
801DB2B0:  2C000007   cmpwi   r0,7
801DB2B4:  41820010   beq-   0x801db2c4
801DB2B8:  C002ACD0   lfs   f0,-21296(r2)
801DB2BC:  D00373D8   stfs   f0,29656(r3)
801DB2C0:  480001B4   b   0x801db474
801DB2C4:  80637328   lwz   r3,29480(r3)
801DB2C8:  4801CFB5   bl   0x801f827c
801DB2CC:  C002AE7C   lfs   f0,-20868(r2)
801DB2D0:  FC000840   fcmpo   cr0,f0,f1
801DB2D4:  4080000C   bge-   0x801db2e0
801DB2D8:  3B000003   li   r24,3
801DB2DC:  48000030   b   0x801db30c
801DB2E0:  C002AEAC   lfs   f0,-20820(r2)
801DB2E4:  FC000840   fcmpo   cr0,f0,f1
801DB2E8:  4080000C   bge-   0x801db2f4
801DB2EC:  3B000002   li   r24,2
801DB2F0:  4800001C   b   0x801db30c
801DB2F4:  C002ACD0   lfs   f0,-21296(r2)
801DB2F8:  FC000840   fcmpo   cr0,f0,f1
801DB2FC:  4080000C   bge-   0x801db308
801DB300:  3B000001   li   r24,1
801DB304:  48000008   b   0x801db30c
801DB308:  3B000000   li   r24,0
801DB30C:  80BF7328   lwz   r5,29480(r31)
801DB310:  3C808033   lis   r4,-32717
801DB314:  3884A3B8   subi   r4,r4,23624
801DB318:  806D84C4   lwz   r3,-31548(r13)
801DB31C:  83251930   lwz   r25,6448(r5)
801DB320:  38E4079D   addi   r7,r4,1949
801DB324:  C022ADC4   lfs   f1,-21052(r2)
801DB328:  38A10008   addi   r5,r1,8
801DB32C:  38990050   addi   r4,r25,80
801DB330:  38C00032   li   r6,50
801DB334:  3900FFFF   li   r8,-1
801DB338:  4BF07545   bl   0x800e287c
801DB33C:  3AE00000   li   r23,0
801DB340:  3F80805B   lis   r28,-32677
801DB344:  9AFF73DC   stb   r23,29660(r31)
801DB348:  7C7A1B78   mr   r26,r3
801DB34C:  3B610008   addi   r27,r1,8
801DB350:  3B9CD880   subi   r28,r28,10112
801DB354:  3AC00000   li   r22,0
801DB358:  3AA00000   li   r21,0
801DB35C:  3BC00000   li   r30,0
801DB360:  48000094   b   0x801db3f4
801DB364:  7C7BF02E   lwzx   r3,r27,r30
801DB368:  809C0010   lwz   r4,16(r28)
801DB36C:  4BE7B68D   bl   0x800569f8
801DB370:  80034294   lwz   r0,17044(r3)
801DB374:  7C7D1B78   mr   r29,r3
801DB378:  2C000008   cmpwi   r0,8
801DB37C:  41820070   beq-   0x801db3ec
801DB380:  2C00000C   cmpwi   r0,12
801DB384:  41820068   beq-   0x801db3ec
801DB388:  80633BF0   lwz   r3,15344(r3)
801DB38C:  38800005   li   r4,5
801DB390:  4802D3A1   bl   0x80208730
801DB394:  2C030000   cmpwi   r3,0
801DB398:  41820010   beq-   0x801db3a8
801DB39C:  38000001   li   r0,1
801DB3A0:  981F73DC   stb   r0,29660(r31)
801DB3A4:  48000058   b   0x801db3fc
801DB3A8:  801D4330   lwz   r0,17200(r29)
801DB3AC:  2C000003   cmpwi   r0,3
801DB3B0:  41820010   beq-   0x801db3c0
801DB3B4:  2C000004   cmpwi   r0,4
801DB3B8:  41820010   beq-   0x801db3c8
801DB3BC:  48000014   b   0x801db3d0
801DB3C0:  38A00001   li   r5,1
801DB3C4:  48000010   b   0x801db3d4
801DB3C8:  38A00002   li   r5,2
801DB3CC:  48000008   b   0x801db3d4
801DB3D0:  38A00000   li   r5,0
801DB3D4:  80791AE0   lwz   r3,6880(r25)
801DB3D8:  7F06C378   mr   r6,r24
801DB3DC:  809D4294   lwz   r4,17044(r29)
801DB3E0:  4BFE7091   bl   0x801c2470
801DB3E4:  7ED61A14   add   r22,r22,r3
801DB3E8:  3AF70001   addi   r23,r23,1
801DB3EC:  3AB50001   addi   r21,r21,1
801DB3F0:  3BDE0004   addi   r30,r30,4
801DB3F4:  7C15D000   cmpw   r21,r26
801DB3F8:  4180FF6C   blt+   0x801db364
801DB3FC:  881F73DC   lbz   r0,29660(r31)
801DB400:  C022ACD0   lfs   f1,-21296(r2)
801DB404:  2C000000   cmpwi   r0,0
801DB408:  4182000C   beq-   0x801db414
801DB40C:  C022AEB0   lfs   f1,-20816(r2)
801DB410:  48000050   b   0x801db460
801DB414:  2C170000   cmpwi   r23,0
801DB418:  40810048   ble-   0x801db460
801DB41C:  3C604330   lis   r3,17200
801DB420:  6EC48000   xoris   r4,r22,32768
801DB424:  908100D4   stw   r4,212(r1)
801DB428:  6EE08000   xoris   r0,r23,32768
801DB42C:  C8A2AD28   lfd   f5,-21208(r2)
801DB430:  906100D0   stw   r3,208(r1)
801DB434:  C002AEB4   lfs   f0,-20812(r2)
801DB438:  C84100D0   lfd   f2,208(r1)
801DB43C:  900100DC   stw   r0,220(r1)
801DB440:  EC822828   fsubs   f4,f2,f5
801DB444:  C062ACD4   lfs   f3,-21292(r2)
801DB448:  906100D8   stw   r3,216(r1)
801DB44C:  C84100D8   lfd   f2,216(r1)
801DB450:  EC422828   fsubs   f2,f2,f5
801DB454:  EC441024   fdivs   f2,f4,f2
801DB458:  EC420024   fdivs   f2,f2,f0
801DB45C:  4BE769A5   bl   0x80051e00
801DB460:  FC80F890   fmr   f4,f31
801DB464:  C042ACD4   lfs   f2,-21292(r2)
801DB468:  C07F73D8   lfs   f3,29656(r31)  ----> breaks here
801DB46C:  4BE97AA1   bl   0x80072f0c
801DB470:  D03F73D8   stfs   f1,29656(r31)
801DB474:  39610110   addi   r11,r1,272
801DB478:  E3E10118   psq_l   f31,280(r1),0,0
801DB47C:  CBE10110   lfd   f31,272(r1)
801DB480:  480A0771   bl   0x8027bbf0
801DB484:  80010124   lwz   r0,292(r1)
801DB488:  7C0803A6   mtlr   r0
801DB48C:  38210120   addi   r1,r1,288
801DB490:  4E800020   blr   
[/spoiler]
ASM
[spoiler]
Address 801DB468
lis r12, 0x3f59
ori r12, r12, 0x9999
stw r12,29656(r31)
lfs f3,29656(r31)
[/spoiler]
Code
[spoiler]
2861621a BFFF4000
C21DB468 00000003
3D803F59 618C9999
918473D8 C08473D8
60000000 00000000
E0000000 80008000
[/spoiler]
Unfortunately, this crashes the game... I'm thinking it's because of the r31... not supposed to right to this right? so what now...
You can pm me, I've got time for your troubles.

Patedj

#27
January 26, 2011, 02:07:11 AM
Anyways, I'm done trying asm for this game (unless I get more help that is).
The button activator works nicely so, on to the next game. Any recommendations (PAL of course)?
You can pm me, I've got time for your troubles.

dcx2

#28
January 26, 2011, 04:50:10 AM
Button conditionals: when the mouse is over the A, you're probably on the first of the two button bytes.  To see what I mean, go to the button activator address in Memory Viewer, check auto-update, and then press some buttons.  You'll see the bytes changing.  A is the one divisible by 2.

When you say the game crashes...when does it crash?  Immediately upon applying the code?  When you press the button?  When the map changes?  When the game crashes, you can press Step Into and it should show you the instruction that caused the crash.

You're in luck, though, I figured out why you crashed anyway.  The problem is that your C2 code does not disassemble into the ASM you wanted.  You used the ASM from the first example, which was r4 and f4, when this is now r31 and f3.

[spoiler]C21DB468 00000003
3D803F59 618C9999
918473D8 C08473D8
60000000 00000000

lis r12,16217
ori r12,r12,39321
stw r12,29656(r4)
lfs f4,29656(r4)[/spoiler]

Also, your button activator on the C2 code won't work unless you write the anti-code first.  The anti-code is the original value that was at the hook address before it was changed to a branch.  In this case, it's C07F73D8.  This will "unhook" the C2 when you aren't pressing the button activator.

This is the code you want.  Notice how it's assembled with the ASM you intended in your previous post, using r31 as the pointer and loading f3 as the destination register.

041DB468 C07F73D8  # anti-code
2861621A BFFF4000  # button activator
C21DB468 00000003  # hook
3D803F59 618C9999
919F73D8 C07F73D8
60000000 00000000
E0000000 80008000

Patedj

#29
January 26, 2011, 07:47:51 AM Last Edit: January 26, 2011, 08:05:23 AM by Patedj
Aha!. You're an ASM GOD!!!
It works like a charm!!!
The anti-code really makes a lot of sense!
Thank you, you've helped me to really understand what was necessary for me to grow, oh Grand one!  O0
You can pm me, I've got time for your troubles.
Print
Go Up Pages 1 2
User actions