ASM with 9999 9999 9999

[Crapulecorp]

Hi everyone i'm trying to hack: WR5P [WiiWare] Retro City Rampage.

My problem is for the Max Score code. The Score has 12 numbers, so the Max Value is 9184E729FFF (9999 9999 9999).
When i BP the 2 Adresses from the score:

8038C4AA 00000918
8038C4AC 4E729FFF

i 'm getting the same result in the breakpoint tab:

800725C4 9008014C stw r0,332(r8)

So i don't Know how can i make a ASM code with the 9184E729FFF value.

If someone can help me thanks in advance.  :) :) :)

[Deathwolf]

A little bit more ASM collection and information of registers would be useful to know since you posted only one stw which we don't know where or to which address it points.

Besides, since it's greather than 32 bit (32 bit + 16 bit) we have to use one more instruction than only one stw.

Here would be your ASM disassembled code:
The blue part makes all registers from 14-31 free and useable.
Purple part is asm for your code.

stwu r1,-80(r1)         # make space for 18 registers
stmw r14,8(r1)         # push r14-r31 onto the stack
ori r14,r14,0x0918   # write first 16 bit value to r14 (0x0918)
lis r15,0x4E72           # write last 32 bit value to r15 (0x4E729FFF)
ori r15,r15,0x9FFF
stw r14, 332(r8)        # store value of r14 (00000918) into r8 +14C bytes (332) =  8038C4A8
stw r15, 336(r8)        # store value of r15 (4E729FFF) into r8 +150 bytes (336)  = 8038C4AC
lmw r14,8(r1)         # pop r14-r31 off the stack
addi r1,r1,80         # release the space

I assume that stw r0,332(r8) points to address 8038C4A8 but I'm not sure at all. Please give more information about that.

[Bully@Wiiplaza]

The maximum value is E8D4A50FFF.

You need an instruction that points to the upper or lower part only.
Otherwise you may need to find a register that tells you if it's the upper or lower address and execute this code:

Code Select Expand

li r0, 0x00E8
sth r0, 334(r8) # upper 16 bit#
lis r0, 0xD4A5
ori r0, r0, 0x0FFF
stw r0, 336(r8) # lower 32 bit#
Does it even move in memory? I think not.
Did you try a pointer search then and do a regular ram write?

[dcx2]

EDIT: took me a minute, realized Bully already figured this out.  But when you set the WBP, was it on the 00000918 value or the 4E729FFF?

Although I might add that 9,999,999,999,999 = 0918 4E72 9FFF, I'll trust the hex value he gave over the decimal value.

[Crapulecorp]

Thanks all of you Deathwolf, Bully@Wiiplaza and dcx2.


- Deathwolf i hope all informations you need are here :



8038C4AA 00000918

[spoiler]CR  : 42000488  XER : 00000000  CTR : 00000000  DSIS: 02400000
DAR : 8038C4AC  SRR0: 800725C4  SRR1: 0000A032  LR  : 80072404
r0  : 00031639  r1  : 8049FC40  r2  : 80281600  r3  : 00000918
r4  : 4E729FFF  r5  : 00031637  r6  : 00000000  r7  : 00000000
r8  : 8038C360  r9  : 80390000  r10 : 0011C26C  r11 : 8049FC70
r12 : 002EB0C2  r13 : 80280440  r14 : 0000000F  r15 : 803AC810
r16 : 00000014  r17 : 00000000  r18 : 00000000  r19 : 00000000
r20 : 00000000  r21 : 8038C360  r22 : 00000020  r23 : 803AC810
r24 : 803AAA28  r25 : 00000002  r26 : 803AAA28  r27 : 803AC810
r28 : 00000000  r29 : 00000000  r30 : 00000001  r31 : 00000000

f0  : FFC00000  f1  : 3D800000  f2  : 3F800000  f3  : 59800000
f4  : 59800004  f5  : 3EC911E8  f6  : BF17ADD3  f7  : 3F4E3A0E
f8  : 3D4BEFF7  f9  : 3F1CE9D0  f10 : BF4A45CA  f11 : 3B088888
f12 : 3AA7E07E  f13 : 00000000  f14 : 00000000  f15 : 00000000
f16 : 00000000  f17 : 00000000  f18 : 00000000  f19 : 00000000
f20 : 00000000  f21 : 00000000  f22 : 00000000  f23 : 00000000
f24 : 00000000  f25 : 00000000  f26 : 00000000  f27 : 00000000
f28 : 00000000  f29 : 00000000  f30 : 00000000  f31 : 00000000


800725C4:  9008014C   stw   r0,332(r8)
800725C8:  7CC73114   adde   r6,r7,r6
800725CC:  7C002010   subc   r0,r4,r0
800725D0:  90C80148   stw   r6,328(r8)
800725D4:  7C061910   subfe   r0,r6,r3
800725D8:  7C042110   subfe   r0,r4,r4
800725DC:  7C0000D1   neg.   r0,r0
800725E0:  4182000C   beq-   0x800725ec
800725E4:  9088014C   stw   r4,332(r8)
800725E8:  90680148   stw   r3,328(r8)
800725EC:  2C1F0000   cmpwi   r31,0
800725F0:  4182001C   beq-   0x8007260c
800725F4:  3C808039   lis   r4,-32711
800725F8:  3C608039   lis   r3,-32711
800725FC:  3884C360   subi   r4,r4,15520
80072600:  8084014C   lwz   r4,332(r4)[/spoiler]


8038C4AC 4E729FFF



[spoiler]CR  : 42000488  XER : 00000000  CTR : 00000000  DSIS: 02400000
DAR : 8038C4AC  SRR0: 800725C4  SRR1: 0000A032  LR  : 80072404
r0  : 0003163B  r1  : 8049FC40  r2  : 80281600  r3  : 00000918
r4  : 4E729FFF  r5  : 00031639  r6  : 00000000  r7  : 00000000
r8  : 8038C360  r9  : 80390000  r10 : 0011C26C  r11 : 8049FC70
r12 : 003625DF  r13 : 80280440  r14 : 0000000F  r15 : 803AC810
r16 : 00000012  r17 : 00000000  r18 : 00000000  r19 : 00000000
r20 : 00000000  r21 : 8038C360  r22 : 00000020  r23 : 803AC810
r24 : 803AAA28  r25 : 00000002  r26 : 803AAA28  r27 : 803AC810
r28 : 00000000  r29 : 00000000  r30 : 00000001  r31 : 00000000

f0  : FFC00000  f1  : 3E000000  f2  : 3F800000  f3  : 59800000
f4  : 59800004  f5  : B5F80000  f6  : 3D886B43  f7  : 3EAAAAAA
f8  : 3E124924  f9  : 3DBA2E6E  f10 : 3D886B35  f11 : 3D4BDA62
f12 : 331910A7  f13 : 3612DAAE  f14 : 00000000  f15 : 00000000
f16 : 00000000  f17 : 00000000  f18 : 00000000  f19 : 00000000
f20 : 00000000  f21 : 00000000  f22 : 00000000  f23 : 00000000
f24 : 00000000  f25 : 00000000  f26 : 00000000  f27 : 00000000
f28 : 00000000  f29 : 00000000  f30 : 00000000  f31 : 00000000


800725C4:  9008014C   stw   r0,332(r8)
800725C8:  7CC73114   adde   r6,r7,r6
800725CC:  7C002010   subc   r0,r4,r0
800725D0:  90C80148   stw   r6,328(r8)
800725D4:  7C061910   subfe   r0,r6,r3
800725D8:  7C042110   subfe   r0,r4,r4
800725DC:  7C0000D1   neg.   r0,r0
800725E0:  4182000C   beq-   0x800725ec
800725E4:  9088014C   stw   r4,332(r8)
800725E8:  90680148   stw   r3,328(r8)
800725EC:  2C1F0000   cmpwi   r31,0
800725F0:  4182001C   beq-   0x8007260c
800725F4:  3C808039   lis   r4,-32711
800725F8:  3C608039   lis   r3,-32711
800725FC:  3884C360   subi   r4,r4,15520
80072600:  8084014C   lwz   r4,332(r4)[/spoiler]


-------------------------

Bully@Wiiplaza you were right i did a regular Ram Write.

dcx2 yes i Breakpoint the two adresses, for the 00000918 value and 4E729FFF.

[Deathwolf]

Your modified value is at r3 and r4. It shows that it stores the value from r0 (which seems to be wrong) to address 8038C4AC. Maybe got a wrong breakpoint?

[dcx2]

Wait, why do you need ASM?  Can't you just do and 02 and 04 code to write to these addresses, if they don't move?  You shouldn't need ASM then.

If you did need ASM, Bully's version should work, based on what you've shown here.