Help using mfsrr0 for asm

Started by Chaosdragon13, April 22, 2011, 12:53:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Chaosdragon13

April 22, 2011, 12:53:47 AM
I wanted to use mfsrr0 in an asm code so that I could leave blank addresses in the code to which I could read and write to or for making it easier to load a user defined floating point value. However whenever I have tried to use it seems to only work when setting a breakpoint and stepping through the code line by line and even then it will randomly crash the game. I am not sure if there is something else I need to add when using mfsrr0, if I am using it in a way the wii doesnt like, or something else.

Here are two examples of the same code. The first directly writes to one of the gecko register addresses and works just fine. While the other tries to use mfsrr0 and always ends up crashing the game after it runs a few times.

[spoiler="Gecko register example"]
C206E540 00000003
3C808000 68841804
93A40000 907D09AC
60000000 00000000

lis r4,0x8000
xori r4,r4,0x1804
stw r29,0(r4)
stw r3,2476(r29)[/spoiler]

[spoiler="mfsrr0 example"]
C206E540 00000003
48000008 00000000
7C9A02A6 93A4FFFC
907D09AC 00000000

b 0x08
(empty for writing to)
mfsrr0 r4
stw r29,-4(r4)
stw r3,2476(r29)[/spoiler]

dcx2

#1
April 22, 2011, 02:52:34 AM
Clever, and a good try, but that's not how SRR0 works.

SRR0 = Save and Restore Register 0.  This register is loaded when the the CPU hits an interrupt (i.e. breakpoint, illegal instruction, some kind of exception, etc).  It stores the address of the instruction that the CPU was executed before it was trapped.  If there is no interrupt, then SRR0 won't be useful.

You're really close, though.  You're practically using the bl trick.

You can look at this thread to see how the bl trick works.  http://wiird.l0nk.org/forum/index.php/topic,8129.msg68245.html#msg68245

The example you would want would look like this (assuming 8006E540 is not a leaf function, like the example in the thread above)

bl _SKIP_DATA
.int 0
_SKIP_DATA:
mflr r12
stw r29,0(r12)
stw r3,2476(r29)

You can use the 4E code type to read and write to the blank spot with non-ASM code types.

Chaosdragon13

#2
April 22, 2011, 03:04:15 AM
Thanks for the help.

That makes a lot more sense now as to why everything would work as long as I set the break point.

dcx2

#3
April 22, 2011, 03:09:45 AM
BTW, fun trick...if you modify the SRR0 register on the BP tab during a breakpoint, you can move the flow of execution around.

Gecko.NET even has built in support for this trick...right-click an address in the Disasm tab during breakpoint and it can automatically set SRR0 to that address.  This is useful if you're stepping through your C2 and you want to rewind a few steps.  You can also use this to help recover some crashes.
Print
Go Up Pages1
User actions