Kirby's Epic Yarn [RK5P01]

Started by panmusic, February 25, 2011, 09:45:20 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

Patedj

#15
March 19, 2011, 03:17:11 AM Last Edit: March 19, 2011, 07:01:15 AM by Patedj
great I'll look into it ( yes it is dcx2 )

Registers
[spoiler]CR:44200488  XER:20000000  CTR:806272C0 DSIS:00400000
DAR:80F63C30 SRR0:800892AC SRR1:0000A032   LR:8009D45C
 r0:00000095   r1:809E7B70   r2:808F2300   r3:80F633FC
 r4:00000096   r5:80F633FC   r6:00000000   r7:81349C20
 r8:00000006   r9:00000000  r10:80000000  r11:809E7AD0
r12:804BDAFC  r13:808EADA0  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:00000000
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:00000000  r25:00000000  r26:00000000  r27:80B27CB8
r28:00000000  r29:80F638DC  r30:80F633FC  r31:80C65028

 f0:00000000   f1:4233045B   f2:432E7EDA   f3:423A108A
 f4:434C2CAC   f5:427E6666   f6:42220000   f7:42546666
 f8:41955555   f9:431070F0  f10:00000000  f11:80000000
f12:BF800000  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:00000000[/spoiler]

Function
[spoiler]80089278:  9421FFF0   stwu   r1,-16(r1)
8008927C:  7C0802A6   mflr   r0
80089280:  90010014   stw   r0,20(r1)
80089284:  93E1000C   stw   r31,12(r1)
80089288:  93C10008   stw   r30,8(r1)
8008928C:  7C7E1B78   mr   r30,r3
80089290:  83E307E8   lwz   r31,2024(r3)
80089294:  2C1F0000   cmpwi   r31,0
80089298:  418200D0   beq-   0x80089368
8008929C:  80830834   lwz   r4,2100(r3) ----> reads here. This is the counter. li >1 sets kirby invincible
800892A0:  2C040000   cmpwi   r4,0
800892A4:  408100C4   ble-   0x80089368
800892A8:  3404FFFF   subic.   r0,r4,1 ----> if nop this then invincible when hit
800892AC:  90030834   stw   r0,2100(r3) ----> writes here
800892B0:  418100B8   bgt-   0x80089368
800892B4:  38000000   li   r0,0
800892B8:  90030834   stw   r0,2100(r3)
800892BC:  38000001   li   r0,1
800892C0:  981F0000   stb   r0,0(r31)
800892C4:  809F0030   lwz   r4,48(r31)
800892C8:  2C040000   cmpwi   r4,0
800892CC:  41820068   beq-   0x80089334
800892D0:  80040004   lwz   r0,4(r4)
800892D4:  80640000   lwz   r3,0(r4)
800892D8:  907F0058   stw   r3,88(r31)
800892DC:  901F005C   stw   r0,92(r31)
800892E0:  8004000C   lwz   r0,12(r4)
800892E4:  80640008   lwz   r3,8(r4)
800892E8:  907F0060   stw   r3,96(r31)
800892EC:  901F0064   stw   r0,100(r31)
800892F0:  80040014   lwz   r0,20(r4)
800892F4:  80640010   lwz   r3,16(r4)
800892F8:  907F0068   stw   r3,104(r31)
800892FC:  901F006C   stw   r0,108(r31)
80089300:  8004001C   lwz   r0,28(r4)
80089304:  80640018   lwz   r3,24(r4)
80089308:  907F0070   stw   r3,112(r31)
8008930C:  901F0074   stw   r0,116(r31)
80089310:  80040024   lwz   r0,36(r4)
80089314:  80640020   lwz   r3,32(r4)
80089318:  907F0078   stw   r3,120(r31)
8008931C:  901F007C   stw   r0,124(r31)
80089320:  8004002C   lwz   r0,44(r4)
80089324:  80640028   lwz   r3,40(r4)
80089328:  907F0080   stw   r3,128(r31)
8008932C:  901F0084   stw   r0,132(r31)
80089330:  4800000C   b   0x8008933c
80089334:  387F0058   addi   r3,r31,88
80089338:  485E5DC9   bl   0x8066f100
8008933C:  38000000   li   r0,0
80089340:  981F0003   stb   r0,3(r31)
80089344:  7FC3F378   mr   r3,r30
80089348:  38800000   li   r4,0
8008934C:  80BE0830   lwz   r5,2096(r30)
80089350:  801E05A0   lwz   r0,1440(r30)
80089354:  64A50200   oris   r5,r5,512
80089358:  90BE0830   stw   r5,2096(r30)
8008935C:  54000146   rlwinm   r0,r0,0,5,3
80089360:  901E05A0   stw   r0,1440(r30)
80089364:  48000C8D   bl   0x80089ff0
80089368:  83FE07EC   lwz   r31,2028(r30)
8008936C:  2C1F0000   cmpwi   r31,0
80089370:  418200B8   beq-   0x80089428
80089374:  807E0838   lwz   r3,2104(r30)
80089378:  2C030000   cmpwi   r3,0
8008937C:  408100AC   ble-   0x80089428
80089380:  3403FFFF   subic.   r0,r3,1
80089384:  901E0838   stw   r0,2104(r30)
80089388:  418100A0   bgt-   0x80089428
8008938C:  38000000   li   r0,0
80089390:  901E0838   stw   r0,2104(r30)
80089394:  38000001   li   r0,1
80089398:  981F0000   stb   r0,0(r31)
8008939C:  809F0030   lwz   r4,48(r31)
800893A0:  2C040000   cmpwi   r4,0
800893A4:  41820068   beq-   0x8008940c
800893A8:  80040004   lwz   r0,4(r4)
800893AC:  80640000   lwz   r3,0(r4)
800893B0:  907F0058   stw   r3,88(r31)
800893B4:  901F005C   stw   r0,92(r31)
800893B8:  8004000C   lwz   r0,12(r4)
800893BC:  80640008   lwz   r3,8(r4)
800893C0:  907F0060   stw   r3,96(r31)
800893C4:  901F0064   stw   r0,100(r31)
800893C8:  80040014   lwz   r0,20(r4)
800893CC:  80640010   lwz   r3,16(r4)
800893D0:  907F0068   stw   r3,104(r31)
800893D4:  901F006C   stw   r0,108(r31)
800893D8:  8004001C   lwz   r0,28(r4)
800893DC:  80640018   lwz   r3,24(r4)
800893E0:  907F0070   stw   r3,112(r31)
800893E4:  901F0074   stw   r0,116(r31)
800893E8:  80040024   lwz   r0,36(r4)
800893EC:  80640020   lwz   r3,32(r4)
800893F0:  907F0078   stw   r3,120(r31)
800893F4:  901F007C   stw   r0,124(r31)
800893F8:  8004002C   lwz   r0,44(r4)
800893FC:  80640028   lwz   r3,40(r4)
80089400:  907F0080   stw   r3,128(r31)
80089404:  901F0084   stw   r0,132(r31)
80089408:  4800000C   b   0x80089414
8008940C:  387F0058   addi   r3,r31,88
80089410:  485E5CF1   bl   0x8066f100
80089414:  38000000   li   r0,0
80089418:  981F0003   stb   r0,3(r31)
8008941C:  801E0830   lwz   r0,2096(r30)
80089420:  64000040   oris   r0,r0,64
80089424:  901E0830   stw   r0,2096(r30)
80089428:  80010014   lwz   r0,20(r1)
8008942C:  83E1000C   lwz   r31,12(r1)
80089430:  83C10008   lwz   r30,8(r1)
80089434:  7C0803A6   mtlr   r0
80089438:  38210010   addi   r1,r1,16
8008943C:  4E800020   blr   
[/spoiler]
You can pm me, I've got time for your troubles.

dcx2

#16
March 19, 2011, 03:24:21 AM Last Edit: March 19, 2011, 03:08:58 PM by dcx2
Look for an lwz before the timer sub.  There will probably also be a cmpwi (EDIT: or any instruction that ends with a . like rlwinm.) and some conditional branch (blt, beq, bne, ble, bgt, something like that).  Change the lwz into an li instead, so it's always loading some large value.  It will give infinite timer, *and* activate the timer without getting hit.

BTW, the best part about invincibility timers vs. infinite health?  No stun or stumble.

Patedj

#17
March 19, 2011, 06:39:25 AM Last Edit: March 19, 2011, 06:59:52 AM by Patedj
I can set up the counter with 8008929C
And if you load the map then you are invincible. Initially I was trying it already in the map then I though... hmm that's not how people will be playing the game so

Invincibility Code
0408929C 3880270F
Kirby and the Prince are invincible
You can pm me, I've got time for your troubles.

dcx2

#18
March 19, 2011, 05:37:29 PM
I looked over the function now, and you should be careful of a few things.


80089290:  83E307E8   lwz   r31,2024(r3)
80089294:  2C1F0000   cmpwi   r31,0
80089298:  418200D0   beq-   0x80089368
8008929C:  80830834   lwz   r4,2100(r3) ----> reads here. This is the counter. li >1 sets kirby invincible
800892A0:  2C040000   cmpwi   r4,0
800892A4:  408100C4   ble-   0x80089368
800892A8:  3404FFFF   subic.   r0,r4,1 ----> if nop this then invincible when hit
800892AC:  90030834   stw   r0,2100(r3) ----> writes here
800892B0:  418100B8   bgt-   0x80089368

Note the cmpwi r31,0/beq-.  This skips over the timer, which is probably why the code wouldn't automatically activate.

Note the subic. r0,r4,1.  When you nop this, the value in r0 will be whatever set it last (that was the mflr at the beginning).  This means r0 will hold a pointer.  If this timer is signed, this could cause problems, because pointers will look like negative numbers.  mr r0,r4 would have been better than a nop (though not as good as replacing lwz with li).

Finally, note the . at the end of subic.  This means that it gives you a free cmpwi rD, 0.  It is the result of this . which is evaluated by the bgt-.  So replacing it with nop will mean that the bgt- is using the cmpwi r4,0 instead of the subic. to determine whether to branch, which is bad.

mr wouldn't set the condition register either, so it'd be best to replace the subic. 1 with 0 instead.  Replacing lwz with li is still the best.

Patedj

#19
March 19, 2011, 10:22:46 PM
Quote from: dcx2 on March 19, 2011, 05:37:29 PM

mr wouldn't set the condition register either, so it'd be best to replace the subic. 1 with 0 instead.  Replacing lwz with li is still the best.
So from what I understand you saying is replacing subic. 1 with 0 instead than nop is better although what's even nicer is replacing lwz with li. Correct?? if that's the case then use this code

Invincibility Code
0408929C 3880270F
Kirby and the Prince are invincible
You can pm me, I've got time for your troubles.
Print
Go Up Pages 1 2
User actions