Star Wars: The Force Unleashed 2 [SF2P64]

Started by Patedj, March 20, 2011, 03:47:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Patedj

March 20, 2011, 03:47:28 PM Last Edit: September 06, 2011, 01:51:59 AM by Arudo
Size up (Z+C+UP)
286821CA 9FF76008
C2220D10 00000004
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
E0000000 80008000

Size down (Z+C+Down)
286821CA 9FFB6004
C2220D10 00000004
2C1D0000 40820004
818300A8 398CFC18
918300A8 C02300A8
60000000 00000000
E0000000 80008000

Keeps growing
Registers[spoiler] CR:28200488  XER:00000000  CTR:800D19A0 DSIS:00000000
DAR:00000000 SRR0:80220D10 SRR1:0000A032   LR:800D3030
  r0:800D301C   r1:8071D068   r2:8070FAC0   r3:90C14E94
  r4:90C15B0C   r5:8070329C   r6:80545608   r7:4C6F7700
  r8:00000000   r9:48696768  r10:80709128  r11:8071D058
r12:800D19A0  r13:8070AEE0  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:80D01360
r20:805359B4  r21:80A68268  r22:00000001  r23:80A68268
r24:00000000  r25:000108AE  r26:00000000  r27:00000001
r28:80A68268  r29:00000000  r30:00000000  r31:90C14CC8

  f0:00000000   f1:00000000   f2:00000000   f3:00000000
  f4:42700000   f5:45992000   f6:471C4000   f7:3F000000
  f8:BEA6B090   f9:3E4E0AA8  f10:BD241145  f11:2D5DCF16
f12:3288D44A  f13:C61C3EE0  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:1FC00000  f30:428C0000  f31:3D072B02[/spoiler]
Function:[spoiler]
80220D0C:  4E800020   blr
80220D10:  C02300A8   lfs   f1,168(r3)
80220D14:  4E800020   blr   [/spoiler]

So I thought of this but it freezes
4E00000C 00000000
C2220D10 00000004
48000009 3E800000
7D8802A6 C00C0000
C02300A8 EC20082A(8) for subs
D02300A8 00000000
14000000 3F800000 ---> This is what makes it freeze I think, but without this, it keeps growing too
286821CA 9FF76008
14000000 3E800000
E0000000 80008000
You can pm me, I've got time for your troubles.

dcx2

#1
March 20, 2011, 08:33:38 PM Last Edit: March 20, 2011, 08:37:38 PM by dcx2
Oooh, I see why you froze.

Look at the function.  It's a leaf function; it is a function which does not contain any bl's, so it calls no other functions.  As a result, it doesn't back up the LR.

When you use the bl trick, it wipes out the current LR.  This is not normally a problem...unless your hook is in a leaf function.  In that case, the bl trick will cause a crash because you lose the original LR.

---


mflr r0          # store original LR
bl SKIP_DATA
.float 0
SKIP_DATA:
mflr r12
mtlr r0         # restore original LR
lfs f0,0(r12)
lfs f1,168(r3)
fadds f1,f0,f1
stfs f1,168(r3)

Note the added mflr r0 and the mtlr r0.  However, the mflr r0 changes the offset for the 4E code.

4E000010 00000000
C2220D10 00000005
7C0802A6 48000009
00000000 7D8802A6
7C0803A6 C00C0000
C02300A8 EC20082A
D02300A8 00000000
14000000 00000000
286821CA 9FF76008
14000000 3E800000
286821CB 9FFB6004
14000000 BE800000
E0000000 80008000

---

Your other problem - the reason they keep growing or shrinking - is because you're constantly adding the value to the size.  If you do this, you have to set it to 0 when there's no button activator.  You can also shrink your size by fadds'ing a negative number.  Also, note how the activator for the shrinking ends in B instead of A; adding 1 to an if code will make it an endif + if code.

EDIT: also, the original codes in the first post don't have an anti-code, which is why you keep growing when you let go of the button activator.

Patedj

#2
March 20, 2011, 11:03:50 PM Last Edit: March 20, 2011, 11:33:58 PM by Patedj
Size up (Z+C+UP) Working version
04220D10 C02300A8
286821CA 00006008
C2220D10 00000004
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
E0000000 80008000

But even though this is the same code it won't work! It doesn't even load! i think I have to create a stack for both.
Size down (Z+C+Down) working version
04220D10 C02300A8
286821CA 00006004
C2220D10 00000004
2C1D0000 40820004
818300A8 398CEC78
918300A8 C02300A8
60000000 00000000
E0000000 80008000

Something like this but this
Size up (Z+C+UP)
04220D10 C02300A8
286821CA 00006008
C2220D10 00000007
9421FFF0 91610008
3D608022 616B0D10
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
81610008 38210010
60000000 00000000
E0000000 80008000

Size down (Z+C+Down) AH! even though it's the same it doesn't work...

I guess I have to change the whole structure and include the button condition. I've done something wrong... it freezes the game
stwu r1,-16(r1)
stw r11,8(r1)
lis r11,0x8022
ori r11,r11,0x0D10 --->address
lis r12, 0x8068
ori r12,r12,0x21ca ---> remote
li r13,6008
li r14,6004
cmpwi r12,r13
beq- ADD
cmpwi r12,r14
beq- SUB

ADD:
cmpwi r29,0
bne- 0x04
lwz r15,168(r3)
addi r15,r15,5000
stw r15,168(r3)
lfs f1,168(r3)
b NO_DATA

NO_DATA:
SUB:
cmpwi r29,0
bne- 0x04
lwz r15,168(r3)
addi r15,r15,-5000
stw r15,168(r3)
lfs f1,168(r3)

lwz r11,8(r1)
addi r1,r1,16

You can pm me, I've got time for your troubles.

dcx2

#3
March 20, 2011, 11:37:08 PM
You can't use size up and size down at the same time.
Quote from: Patedj on March 20, 2011, 11:03:50 PM
Size up (Z+C+UP) Working version
04220D10 C02300A8
286821CA 00006008
C2220D10 00000004
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
E0000000 80008000

But even though this is the same code it won't work! It doesn't even load! i think I have to create a stack for both.
Size down (Z+C+Down) working version
04220D10 C02300A8
286821CA 00006004
C2220D10 00000004
2C1D0000 40820004
818300A8 398CEC78
918300A8 C02300A8
60000000 00000000
E0000000 80008000

They're hooking the same address, C2220D10.  When hooks collide, only one will win.  Think about it; you're replacing 80220D10 with a branch to your C2 code.  There can be only one branch.  It either goes to the first or second C2 code.

My code above already combined both adding and subing into one code.  Allow me to annotate it so it makes more sense

4E000010 00000000 # put pointer to float into po
C2220D10 00000005 # ASM hook which adds float to size
7C0802A6 48000009
00000000 7D8802A6
7C0803A6 C00C0000
C02300A8 EC20082A
D02300A8 00000000
14000000 00000000 # by default, make ASM float 0, so you don't constantly grow or shrink
286821CA 9FF76008 # if C+Z+up
14000000 3E800000 # over-write ASM float with 0.25
286821CB 9FFB6004 # end if; if C+Z+down
14000000 BE800000 # over-write ASM float with -0.25
E0000000 80008000 # end if; reset po


The right way to try what you're trying to do would be like this

04220D10 C02300A8 # anti-code
286821CA 00006008 # if C+Z+up
C2220D10 00000004 # hook with ASM that adds
2C1D0000 40820004
818300A8 398C1388
918300A8 C02300A8
60000000 00000000
286821CB 00006004 # end if; if C+Z+down
C2220D10 00000004 # hook with ASM that subs
2C1D0000 40820004
818300A8 398CEC78
918300A8 C02300A8
60000000 00000000
E0000000 80008000 # end if

Patedj

#4
March 20, 2011, 11:41:10 PM Last Edit: March 20, 2011, 11:44:27 PM by Patedj
Such nice structure! Thank you!
P.S. That's what I though with an older code, but was contradicted by a peer. I'm glad that's cleared in my head. It makes perfect sense to me.

Lol, this brings me back to the texas instruments I used to use in math class! (for the exams of course!)
You can pm me, I've got time for your troubles.

Patedj

#5
March 21, 2011, 03:05:19 AM Last Edit: March 27, 2011, 12:57:15 PM by Patedj
I've realised that the guys didn't do a inf dash code yet. I'm now attempting to do one.
I found the address for what triggers it.
Registers:[spoiler]  CR:42200428  XER:20000000  CTR:00000000 DSIS:02400000
DAR:80600318 SRR0:801E540C SRR1:0000A032   LR:80264BEC
 r0:00000000   r1:80719958   r2:8070FAC0   r3:806001B8
 r4:0000000B   r5:00000001   r6:806001E4   r7:0000018C
 r8:00000000   r9:00000007  r10:00000000  r11:00000000
r12:00000000  r13:8070AEE0  r14:43300000  r15:806001B8
r16:80682138  r17:806001B8  r18:00000006  r19:00000005
r20:00000001  r21:806821C8  r22:806825E8  r23:806821C8
r24:00000000  r25:806821C8  r26:FFFFFFFF  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:806821D4

 f0:3E007BEB   f1:3CFD5C5E   f2:BF733333   f3:BCF83E10
 f4:00000000   f5:3E0725AF   f6:BE59A96E   f7:3F68F2A8
 f8:00000000   f9:3F800000  f10:3D4CCCCD  f11:BF800000
f12:3ACCCCCD  f13:3F800000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:3D4CCCCD  f30:3E23D70A  f31:00000000[/spoiler]

Function:[spoiler]801E5408:  1CE40024   mulli   r7,r4,36
801E540C:  90A60134   stw  r5,308(r6) -->writes here. r5 comes from
                                                     where?
801E5410:  7CA33A14   add   r5,r3,r7
801E5414:  80850408   lwz   r4,1032(r5)
801E5418:  3404FFFF   subic.   r0,r4,1
801E541C:  90050408   stw   r0,1032(r5)
801E5420:  4080000C   bge-   0x801e542c
801E5424:  38000003   li   r0,3
801E5428:  90050408   stw   r0,1032(r5)
801E542C:  80850408   lwz   r4,1032(r5)
801E5430:  7C033A14   add   r0,r3,r7
801E5434:  C0029F20   lfs   f0,-24800(r2)
801E5438:  5483103A   rlwinm   r3,r4,2,0,29
801E543C:  7C601A14   add   r3,r0,r3
801E5440:  D00303F8   stfs   f0,1016(r3)
801E5444:  80060228   lwz   r0,552(r6)
801E5448:  900303E8   stw   r0,1000(r3)
801E544C:  4E800020   blr   
[/spoiler]

LR
Registers:[spoiler]  CR:22200448  XER:20000000  CTR:00000000 DSIS:02400000
DAR:80600318 SRR0:80264BEC SRR1:0000A032   LR:80264BEC
 r0:00000000   r1:80719958   r2:8070FAC0   r3:806001B8
 r4:0000000B   r5:00000000   r6:806001E4   r7:00000000
 r8:00000000   r9:00000007  r10:00000000  r11:00000000
r12:00000000  r13:8070AEE0  r14:43300000  r15:806001B8
r16:80682138  r17:806001B8  r18:00000006  r19:00000005
r20:00000001  r21:806821C8  r22:806825E8  r23:806821C8
r24:00000000  r25:806821C8  r26:FFFFFFFF  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:806821D4

 f0:3C257EB0   f1:BCFD5C5E   f2:BF7D70A3   f3:BD4EDE62
 f4:00000000   f5:BD64B5EE   f6:BE59A96E   f7:3F6DCD0C
 f8:00000000   f9:3F800000  f10:3D4CCCCD  f11:BF800000
f12:BC81BE0D  f13:3F7E5645  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:3D4CCCCD  f30:3E23D70A  f31:00000000
Remote control[/spoiler]
Function:[spoiler]...
80264B00:  5405FFFE   rlwinm   r5,r0,31,31,31
80264B04:  4BF808ED   bl   0x801e53f0
80264B08:  80190000   lwz   r0,0(r25)
80264B0C:  7DE37B78   mr   r3,r15
80264B10:  3880000A   li   r4,10
80264B14:  540507FE   rlwinm   r5,r0,0,31,31
80264B18:  4BF808D9   bl   0x801e53f0
80264B1C:  80190000   lwz   r0,0(r25)
80264B20:  7DE37B78   mr   r3,r15
80264B24:  3880000C   li   r4,12
80264B28:  5405F7FE   rlwinm   r5,r0,30,31,31
80264B2C:  4BF808C5   bl   0x801e53f0
80264B30:  80190000   lwz   r0,0(r25)
80264B34:  7DE37B78   mr   r3,r15
80264B38:  3880000B   li   r4,11
80264B3C:  5405EFFE   rlwinm   r5,r0,29,31,31
80264B40:  4BF808B1   bl   0x801e53f0
80264B44:  480000A8   b   0x80264bec
80264B48:  80190000   lwz   r0,0(r25)
80264B4C:  7DE37B78   mr   r3,r15
80264B50:  38800009   li   r4,9
80264B54:  5405F7FE   rlwinm   r5,r0,30,31,31
80264B58:  4BF80899   bl   0x801e53f0
80264B5C:  80190000   lwz   r0,0(r25)
80264B60:  7DE37B78   mr   r3,r15
80264B64:  3880000A   li   r4,10
80264B68:  5405EFFE   rlwinm   r5,r0,29,31,31
80264B6C:  4BF80885   bl   0x801e53f0
80264B70:  80190000   lwz   r0,0(r25)
80264B74:  7DE37B78   mr   r3,r15
80264B78:  3880000C   li   r4,12
80264B7C:  540507FE   rlwinm   r5,r0,0,31,31
80264B80:  4BF80871   bl   0x801e53f0
80264B84:  80190000   lwz   r0,0(r25)
80264B88:  7DE37B78   mr   r3,r15
80264B8C:  3880000B   li   r4,11
80264B90:  5405FFFE   rlwinm   r5,r0,31,31,31
80264B94:  4BF8085D   bl   0x801e53f0
80264B98:  48000054   b   0x80264bec
80264B9C:  80190000   lwz   r0,0(r25)
80264BA0:  7DE37B78   mr   r3,r15
80264BA4:  38800009   li   r4,9
80264BA8:  540507FE   rlwinm   r5,r0,0,31,31
80264BAC:  4BF80845   bl   0x801e53f0
80264BB0:  80190000   lwz   r0,0(r25)
80264BB4:  7DE37B78   mr   r3,r15
80264BB8:  3880000A   li   r4,10
80264BBC:  5405FFFE   rlwinm   r5,r0,31,31,31
80264BC0:  4BF80831   bl   0x801e53f0
80264BC4:  80190000   lwz   r0,0(r25)
80264BC8:  7DE37B78   mr   r3,r15
80264BCC:  3880000C   li   r4,12
80264BD0:  5405EFFE   rlwinm   r5,r0,29,31,31
80264BD4:  4BF8081D   bl   0x801e53f0
80264BD8:  80190000   lwz   r0,0(r25)
80264BDC:  7DE37B78   mr   r3,r15
80264BE0:  3880000B   li   r4,11
80264BE4:  5405F7FE   rlwinm   r5,r0,30,31,31
80264BE8:  4BF80809   bl   0x801e53f0
80264BEC:  7F35E214   add   r25,r21,r28 --->LR srr0
80264BF0:  C03F0000   lfs   f1,0(r31)
80264BF4:  C0190018   lfs   f0,24(r25)
80264BF8:  7DE37B78   mr   r3,r15
80264BFC:  3880000D   li   r4,13
80264C00:  EC010032   fmuls   f0,f1,f0
80264C04:  FC00E840   fcmpo   cr0,f0,f29
80264C08:  7CA00026   mfcr   r5
80264C0C:  54A517FE   rlwinm   r5,r5,2,31,31
80264C10:  4BF807E1   bl   0x801e53f0
80264C14:  C0370010   lfs   f1,16(r23)
80264C18:  7DE37B78   mr   r3,r15
80264C1C:  C0190018   lfs   f0,24(r25)
80264C20:  3880000E   li   r4,14
80264C24:  EC010032   fmuls   f0,f1,f0
80264C28:  FC00E840   fcmpo   cr0,f0,f29
80264C2C:  7CA00026   mfcr   r5
80264C30:  54A517FE   rlwinm   r5,r5,2,31,31
80264C34:  4BF807BD   bl   0x801e53f0
80264C38:  C0370014   lfs   f1,20(r23)
80264C3C:  7DE37B78   mr   r3,r15
80264C40:  C0190018   lfs   f0,24(r25)
80264C44:  3880000F   li   r4,15
80264C48:  EC010032   fmuls   f0,f1,f0
80264C4C:  FC00E840   fcmpo   cr0,f0,f29
80264C50:  7CA00026   mfcr   r5
80264C54:  54A517FE   rlwinm   r5,r5,2,31,31
80264C58:  4BF80799   bl   0x801e53f0
80264C5C:  800F024C   lwz   r0,588(r15)
80264C60:  2C000000   cmpwi   r0,0
80264C64:  4182000C   beq-   0x80264c70
80264C68:  934F0218   stw   r26,536(r15)
80264C6C:  4800001C   b   0x80264c88
80264C70:  800F0250   lwz   r0,592(r15)
80264C74:  2C000000   cmpwi   r0,0
80264C78:  4182000C   beq-   0x80264c84
80264C7C:  928F0218   stw   r20,536(r15)
80264C80:  48000008   b   0x80264c88
80264C84:  930F0218   stw   r24,536(r15)
80264C88:  800F0258   lwz   r0,600(r15)
80264C8C:  2C000000   cmpwi   r0,0
80264C90:  4182000C   beq-   0x80264c9c
80264C94:  934F0220   stw   r26,544(r15)
80264C98:  4800001C   b   0x80264cb4
80264C9C:  800F0254   lwz   r0,596(r15)
80264CA0:  2C000000   cmpwi   r0,0
80264CA4:  4182000C   beq-   0x80264cb0
80264CA8:  928F0220   stw   r20,544(r15)
80264CAC:  48000008   b   0x80264cb4
80264CB0:  930F0220   stw   r24,544(r15)
80264CB4:  806F0218   lwz   r3,536(r15)
80264CB8:  800F021C   lwz   r0,540(r15)
80264CBC:  7C030000   cmpw   r3,r0
80264CC0:  41820008   beq-   0x80264cc8
80264CC4:  906F012C   stw   r3,300(r15)
80264CC8:  806F0220   lwz   r3,544(r15)
80264CCC:  800F0224   lwz   r0,548(r15)
...
[/spoiler]

[spoiler]
801E53F0:  5480103A   rlwinm   r0,r4,2,0,29
801E53F4:  7CC30214   add   r6,r3,r0
801E53F8:  90A60228   stw   r5,552(r6)
801E53FC:  80060308   lwz   r0,776(r6)
801E5400:  7C050000   cmpw   r5,r0
801E5404:  4D820020   beqlr-   
[/spoiler]

Registers for rlwinm
[spoiler]CR:22200428  XER:20000000  CTR:00000000 DSIS:02400000
DAR:80600318 SRR0:80264BE4 SRR1:0000A032   LR:80264BD8
 r0:00000000   r1:80719958   r2:8070FAC0   r3:806001B8
 r4:0000000B   r5:00000000   r6:806001E8   r7:00000000
 r8:00000000   r9:00000007  r10:00000000  r11:00000000
r12:00000000  r13:8070AEE0  r14:43300000  r15:806001B8
r16:80682138  r17:806001B8  r18:00000006  r19:00000005
r20:00000001  r21:806821C8  r22:806825E8  r23:806821C8
r24:00000000  r25:806821C8  r26:FFFFFFFF  r27:00000000
r28:00000000  r29:00000000  r30:00000000  r31:806821D4

 f0:00000000   f1:BC9D89D9   f2:BD272F05   f3:BF7D6A05
 f4:00000000   f5:BC216B31   f6:BE726569   f7:3F7757CE
 f8:00000000   f9:3F800000  f10:3D4CCCCD  f11:BF800000
f12:3ACCCCCD  f13:3F800000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:3D4CCCCD  f30:3E23D70A  f31:00000000
r31 = velocity = f3
Log
[spoiler]
80264BE4:  5405F7FE   rlwinm   r5,r0,30,31,31   r5 = 00000000   r0 = 00000000

80264BE4:  5405F7FE   rlwinm   r5,r0,30,31,31   r5 = 00000000   r0 = 00000004
ro=remote control[/spoiler][/spoiler]
Alright that's what it loads it, the remote control.
Now what does it load?
You can pm me, I've got time for your troubles.

Patedj

#6
March 27, 2011, 01:51:42 PM
On my way to finding the dash timer, I found this.

Energy Residue stays On /Off
286821CA xxxxxxxxx
0419AF4C 60000000
CC000000 00000000
0419AF4C 4180FFD4
E0000000 80008000
Replace xxxx with button condition
You can pm me, I've got time for your troubles.

Patedj

#7
March 29, 2011, 11:59:34 AM Last Edit: March 29, 2011, 01:22:16 PM by Patedj
I was filling up my log, with step ins when I thought, " this is going to take a while..."

there wight be thousands of step ins... is there a way to do this automatically?

... have a look at this and see if you can help me find how to make the dash unlimited.
80264CEC:  80850228   lwz   r4,552(r5) = wii menu pause if r4=>0
[spoiler]
801E540C:  90A60134   stw   r5,308(r6)   r5 = 00000001   r6 = 806001E4   [80600318] = 00000000
this is the activator = 1
801E5410:  7CA33A14   add   r5,r3,r7   r5 = 00000001   r3 = 806001B8   r7 = 0000018C
801E5414:  80850408   lwz   r4,1032(r5)   r4 = 0000000B   r5 = 80600344   [8060074C] = 00000000
801E5418:  3404FFFF   subic.   r0,r4,1    r0 = 00000000   r4 = 00000000
801E541C:  90050408   stw   r0,1032(r5)   r0 = FFFFFFFF   r5 = 80600344   [8060074C] = 00000000
801E5420:  4080000C   bge-   0x801e542c
801E5424:  38000003   li   r0,3       r0 = FFFFFFFF
801E5428:  90050408   stw   r0,1032(r5)   r0 = 00000003   r5 = 80600344   [8060074C] = FFFFFFFF
801E542C:  80850408   lwz   r4,1032(r5)   r4 = 00000000   r5 = 80600344   [8060074C] = 00000003
801E5430:  7C033A14   add   r0,r3,r7   r0 = 00000003   r3 = 806001B8   r7 = 0000018C
801E5434:  C0029F20   lfs   f0,-24800(r2)   f0 = NaN   r2 = 8070FAC0   [807099E0] = 00000000
801E5438:  5483103A   rlwinm   r3,r4,2,0,29   r3 = 806001B8   r4 = 00000003
801E543C:  7C601A14   add   r3,r0,r3   r3 = 0000000C   r0 = 80600344   r3 = 0000000C
801E5440:  D00303F8   stfs   f0,1016(r3)   f0 = NaN   r3 = 80600350   [80600748] = 3E981061
801E5444:  80060228   lwz   r0,552(r6)   r0 = 80600344   r6 = 806001E4   [8060040C] = 00000001
801E5448:  900303E8   stw   r0,1000(r3)   r0 = 00000001   r3 = 80600350   [80600738] = 00000001
801E544C:  4E800020   blr              LR = 80264BEC
80264BEC:  7F35E214   add   r25,r21,r28   r25 = 806821C8   r21 = 806821C8   r28 = 00000000
80264BF0:  C03F0000   lfs   f1,0(r31)   f1 = 1   r31 = 806821D4   [806821D4] = BF60F83E
80264BF4:  C0190018   lfs   f0,24(r25)   f0 = 0   r25 = 806821C8   [806821E0] = 3F6E924B
80264BF8:  7DE37B78   mr   r3,r15     r3 = 80600350   r15 = 806001B8
80264BFC:  3880000D   li   r4,13      r4 = 00000003
80264C00:  EC010032   fmuls   f0,f1,f0   f0 = NaN   f1 = 1   f0 = NaN
80264C04:  FC00E840   fcmpo   cr0,f0,f29   f0 = -0.81896   f29 = 0.05   r0 = 00000001
80264C08:  7CA00026   mfcr   r5         r5 = 80600344
80264C0C:  54A517FE   rlwinm   r5,r5,2,31,31   r5 = 82200428   r5 = 82200428
80264C10:  4BF807E1   bl   0x801e53f0
|  801E53F0:  5480103A   rlwinm   r0,r4,2,0,29   r0 = 00000001   r4 = 0000000D
|  801E53F4:  7CC30214   add   r6,r3,r0   r6 = 806001E4   r3 = 806001B8   r0 = 00000034
|  801E53F8:  90A60228   stw   r5,552(r6)   r5 = 00000000   r6 = 806001EC   [80600414] = 00000000
|  801E53FC:  80060308   lwz   r0,776(r6)   r0 = 00000034   r6 = 806001EC   [806004F4] = 00000000
Defence on/off
|  801E5400:  7C050000   cmpw   r5,r0      r5 = 00000000   r0 = 00000000
|  801E5404:  4D820020   beqlr-              LR = 80264C14
80264C14:  C0370010   lfs   f1,16(r23)   f1 = 1   r23 = 806821C8   [806821D8] = BE9EB852
r23=remote contro conditionl
80264C18:  7DE37B78   mr   r3,r15     r3 = 806001B8   r15 = 806001B8
80264C1C:  C0190018   lfs   f0,24(r25)   f0 = NaN   r25 = 806821C8   [806821E0] = 3F6E924B
r25=remote control condition
80264C20:  3880000E   li   r4,14      r4 = 0000000D
80264C24:  EC010032   fmuls   f0,f1,f0   f0 = NaN   f1 = 1   f0 = NaN
80264C28:  FC00E840   fcmpo   cr0,f0,f29   f0 = -0.288895   f29 = 0.05   r0 = 00000000
80264C2C:  7CA00026   mfcr   r5         r5 = 00000000
80264C30:  54A517FE   rlwinm   r5,r5,2,31,31   r5 = 82200428   r5 = 82200428
80264C34:  4BF807BD   bl   0x801e53f0
|  801E53F0:  5480103A   rlwinm   r0,r4,2,0,29   r0 = 00000000   r4 = 0000000E
|  801E53F4:  7CC30214   add   r6,r3,r0   r6 = 806001EC   r3 = 806001B8   r0 = 00000038
|  801E53F8:  90A60228   stw   r5,552(r6)   r5 = 00000000   r6 = 806001F0   [80600418] = 00000000
|  801E53FC:  80060308   lwz   r0,776(r6)   r0 = 00000038   r6 = 806001F0   [806004F8] = 00000000
axis activator
|  801E5400:  7C050000   cmpw   r5,r0      r5 = 00000000   r0 = 00000000
|  801E5404:  4D820020   beqlr-              LR = 80264C38
80264C38:  C0370014   lfs   f1,20(r23)   f1 = 1   r23 = 806821C8   [806821DC] = BC28E83F
control condition
80264C3C:  7DE37B78   mr   r3,r15     r3 = 806001B8   r15 = 806001B8
80264C40:  C0190018   lfs   f0,24(r25)   f0 = NaN   r25 = 806821C8   [806821E0] = 3F6E924B
80264C44:  3880000F   li   r4,15      r4 = 0000000E
80264C48:  EC010032   fmuls   f0,f1,f0   f0 = NaN   f1 = 1   f0 = NaN
80264C4C:  FC00E840   fcmpo   cr0,f0,f29   f0 = -0.00960742   f29 = 0.05   r0 = 00000000
80264C50:  7CA00026   mfcr   r5         r5 = 00000000
80264C54:  54A517FE   rlwinm   r5,r5,2,31,31   r5 = 82200428   r5 = 82200428
80264C58:  4BF80799   bl   0x801e53f0
|  801E53F0:  5480103A   rlwinm   r0,r4,2,0,29   r0 = 00000000   r4 = 0000000F
|  801E53F4:  7CC30214   add   r6,r3,r0   r6 = 806001F0   r3 = 806001B8   r0 = 0000003C
|  801E53F8:  90A60228   stw   r5,552(r6)   r5 = 00000000   r6 = 806001F4   [8060041C] = 00000000
| 801E53FC:  80060308   lwz   r0,776(r6)   r0 = 0000003C   r6 = 806001F4   [806004FC] = 00000000
button condition axis down this time (up before)
|  801E5400:  7C050000   cmpw   r5,r0      r5 = 00000000   r0 = 00000000
|  801E5404:  4D820020   beqlr-              LR = 80264C5C
80264C5C:  800F024C   lwz   r0,588(r15)   r0 = 00000000   r15 = 806001B8   [80600404] = 00000000
left button activator
80264C60:  2C000000   cmpwi   r0,0       r0 = 00000000
80264C64:  4182000C   beq-   0x80264c70
   ...   ...   ...   ...
80264C70:  800F0250   lwz   r0,592(r15)   r0 = 00000000   r15 = 806001B8   [80600408] = 00000000
right button activator
80264C74:  2C000000   cmpwi   r0,0       r0 = 00000000
80264C78:  4182000C   beq-   0x80264c84
   ...   ...   ...   ...
80264C84:  930F0218   stw   r24,536(r15)   r24 = 00000000   r15 = 806001B8   [806003D0] = 00000000
80264C88:  800F0258   lwz   r0,600(r15)   r0 = 00000000   r15 = 806001B8   [80600410] = 00000000
up button activator
80264C8C:  2C000000   cmpwi   r0,0       r0 = 00000000
80264C90:  4182000C   beq-   0x80264c9c
   ...   ...   ...   ...
80264C9C:  800F0254   lwz   r0,596(r15)   r0 = 00000000   r15 = 806001B8   [8060040C] = 00000001
The button activator we want (down button activator)
80264CA0:  2C000000   cmpwi   r0,0       r0 = 00000001
80264CA4:  4182000C   beq-   0x80264cb0
80264CA8:  928F0220   stw   r20,544(r15)   r20 = 00000001   r15 = 806001B8   [806003D8] = 00000000
80264CAC:  48000008   b   0x80264cb4
   ...   ...   ...   ...
80264CB4:  806F0218   lwz   r3,536(r15)   r3 = 806001B8   r15 = 806001B8   [806003D0] = 00000000
left button activator
80264CB8:  800F021C   lwz   r0,540(r15)   r0 = 00000001   r15 = 806001B8   [806003D4] = 00000000
80264CBC:  7C030000   cmpw   r3,r0      r3 = 00000000   r0 = 00000000
80264CC0:  41820008   beq-   0x80264cc8
   ...   ...   ...   ...
80264CC8:  806F0220   lwz   r3,544(r15)   r3 = 00000000   r15 = 806001B8   [806003D8] = 00000001
other activator (=1 for ours and ffffffff for up button condition
80264CCC:  800F0224   lwz   r0,548(r15)   r0 = 00000000   r15 = 806001B8   [806003DC] = 00000000
same as above but after the first 2 frames or so
80264CD0:  7C030000   cmpw   r3,r0      r3 = 00000001   r0 = 00000000
80264CD4:  41820008   beq-   0x80264cdc
80264CD8:  906F0130   stw   r3,304(r15)   r3 = 00000001   r15 = 806001B8   [806002E8] = 00000000
as above (same r15)
80264CDC:  38000038   li   r0,56      r0 = 00000000
80264CE0:  38600000   li   r3,0       r3 = 00000001
80264CE4:  7C0903A6   mtctr   r0         r0 = 00000038
80264CE8:  7CAF1A14   add   r5,r15,r3   r5 = 00000000   r15 = 806001B8   r3 = 00000000
80264CEC:  80850228   lwz   r4,552(r5)   r4 = 0000000F   r5 = 806001B8   [806003E0] = 00000000
80264CF0:  80050308   lwz   r0,776(r5)   r0 = 00000038   r5 = 806001B8   [806004C0] = 00000000
a button activator
80264CF4:  7C040000   cmpw   r4,r0      r4 = 00000000   r0 = 00000000
80264CF8:  41820008   beq-   0x80264d00
   ...   ...   ...   ...
80264D00:  38630004   addi   r3,r3,4    r3 = 00000000   r3 = 00000000
80264D04:  4200FFE4   bdnz+   0x80264ce8
80264CE8:  7CAF1A14   add   r5,r15,r3   r5 = 806001B8   r15 = 806001B8   r3 = 00000004
80264CEC:  80850228   lwz   r4,552(r5)   r4 = 00000000   r5 = 806001BC   [806003E4] = 00000000
80264CF0:  80050308   lwz   r0,776(r5)   r0 = 00000000   r5 = 806001BC   [806004C4] = 00000000
80264CF4:  7C040000   cmpw   r4,r0      r4 = 00000000   r0 = 00000000
80264CF8:  41820008   beq-   0x80264d00
   ...   ...   ...   ...
80264D00:  38630004   addi   r3,r3,4    r3 = 00000004   r3 = 00000004
80264D04:  4200FFE4   bdnz+   0x80264ce8
80264CE8:  7CAF1A14   add   r5,r15,r3   r5 = 806001BC   r15 = 806001B8   r3 = 00000008
80264CEC:  80850228   lwz   r4,552(r5)   r4 = 00000000   r5 = 806001C0   [806003E8] = 00000000
80264CF0:  80050308   lwz   r0,776(r5)   r0 = 00000000   r5 = 806001C0   [806004C8] = 00000000
80264CF4:  7C040000   cmpw   r4,r0      r4 = 00000000   r0 = 00000000
80264CF8:  41820008   beq-   0x80264d00
   ...   ...   ...   ...
80264D00:  38630004   addi   r3,r3,4    r3 = 00000008   r3 = 00000008
80264D04:  4200FFE4   bdnz+   0x80264ce8
80264CE8:  7CAF1A14   add   r5,r15,r3   r5 = 806001C0   r15 = 806001B8   r3 = 0000000C
80264CEC:  80850228   lwz   r4,552(r5)   r4 = 00000000   r5 = 806001C4   [806003EC] = 00000000
80264CF0:  80050308   lwz   r0,776(r5)   r0 = 00000000   r5 = 806001C4   [806004CC] = 00000000
80264CF4:  7C040000   cmpw   r4,r0      r4 = 00000000   r0 = 00000000
80264CF8:  41820008   beq-   0x80264d00
   ...   ...   ...   ...
you get the gist of it.... I'll do this until I see a difference and come back and post the rest in the next reply.

[/spoiler]
You can pm me, I've got time for your troubles.

Patedj

#8
March 29, 2011, 02:14:59 PM
it leads to a lr

here's some of the lr's log
[spoiler]

80451060:  80ADC960   lwz   r5,-13984(r13)   r5 = 00001032   r13 = 8070AEE0   [80707840] = 00000000
80451064:  38000000   li   r0,0       r0 = 8026BE00
80451068:  808DC950   lwz   r4,-14000(r13)   r4 = 00003032   r13 = 8070AEE0   [80707830] = 00000000
8045106C:  7C7E1B78   mr   r30,r3     r30 = 806FB5E0   r3 = 00000000
80451070:  3B9F0078   addi   r28,r31,120   r28 = 806F27B0   r31 = 806FB5E0
80451074:  3BBF0000   addi   r29,r31,0   r29 = 00000018   r31 = 806FB5E0
80451078:  7CA32378   or   r3,r5,r4   r3 = 00000000   r5 = 00000000   r4 = 00000000
8045107C:  906DC960   stw   r3,-13984(r13)   r3 = 00000000   r13 = 8070AEE0   [80707840] = 00000000
80451080:  3B60FFFF   li   r27,-1     r27 = 00000000
80451084:  900DC950   stw   r0,-14000(r13)   r0 = 00000000   r13 = 8070AEE0   [80707830] = 00000000
80451088:  808DC968   lwz   r4,-13976(r13)   r4 = 00000000   r13 = 8070AEE0   [80707848] = 00000000
8045108C:  80ADC96C   lwz   r5,-13972(r13)   r5 = 00000000   r13 = 8070AEE0   [8070784C] = 00000000
80451090:  800DC958   lwz   r0,-13992(r13)   r0 = 00000000   r13 = 8070AEE0   [80707838] = 00033000
80451094:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451098:  7C800378   or   r0,r4,r0   r0 = 00033000   r4 = 00000000   r0 = 00033000
8045109C:  7CA31B78   or   r3,r5,r3   r3 = 00000000   r5 = 00000000   r3 = 00000000
804510A0:  906DC96C   stw   r3,-13972(r13)   r3 = 00000000   r13 = 8070AEE0   [8070784C] = 00000000
804510A4:  900DC968   stw   r0,-13976(r13)   r0 = 00033000   r13 = 8070AEE0   [80707848] = 00000000
804510A8:  48000064   b   0x8045110c
   ...   ...   ...   ...
8045110C:  800DC958   lwz   r0,-13992(r13)   r0 = 00033000   r13 = 8070AEE0   [80707838] = 00033000
80451110:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451114:  7C600379   or.   r0,r3,r0   r0 = 00033000   r3 = 00000000   r0 = 00033000
80451118:  4082FF94   bne+   0x804510ac
   ...   ...   ...   ...
804510AC:  800DC958   lwz   r0,-13992(r13)   r0 = 00033000   r13 = 8070AEE0   [80707838] = 00033000
804510B0:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
804510B4:  7C000034   cntlzw   r0,r0      r0 = 00033000   r0 = 00033000
804510B8:  2C000020   cmpwi   r0,32      r0 = 0000000E
804510BC:  7C63D838   and   r3,r3,r27   r3 = 00000000   r3 = 00000000   r27 = FFFFFFFF
804510C0:  40800008   bge-   0x804510c8
804510C4:  4800000C   b   0x804510d0
   ...   ...   ...   ...
804510D0:  5403083C   rlwinm   r3,r0,1,0,30   r3 = 00000000   r0 = 0000000E
804510D4:  20A0003F   subfic   r5,r0,63   r5 = 00000000   r0 = 0000000E
804510D8:  7C1C1A2E   lhzx   r0,r28,r3   r0 = 0000000E   r28 = 806FB658   r3 = 0000001C
804510DC:  38800001   li   r4,1       r4 = 00000000
804510E0:  7C1D1B2E   sthx   r0,r29,r3   r0 = 00001080   r29 = 806FB5E0   r3 = 0000001C
804510E4:  38600000   li   r3,0       r3 = 0000001C
804510E8:  4BF52801   bl   0x803a38e8
|  803A38E8:  21050020   subfic   r8,r5,32   r8 = 806FB658   r5 = 00000031
|  803A38EC:  3125FFE0   subic   r9,r5,32   r9 = 00000000   r5 = 00000031
|  803A38F0:  7C632830   slw   r3,r3,r5   r3 = 00000000   r3 = 00000000   r5 = 00000031
|  803A38F4:  7C8A4430   srw   r10,r4,r8   r10 = 00001080   r4 = 00000001   r8 = FFFFFFEF
|  803A38F8:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00000000
|  803A38FC:  7C8A4830   slw   r10,r4,r9   r10 = 00000000   r4 = 00000001   r9 = 00000011
|  803A3900:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00020000
|  803A3904:  7C842830   slw   r4,r4,r5   r4 = 00000001   r4 = 00000001   r5 = 00000031
|  803A3908:  4E800020   blr              LR = 804510EC
804510EC:  800DC958   lwz   r0,-13992(r13)   r0 = 00001080   r13 = 8070AEE0   [80707838] = 00033000
804510F0:  7C6518F8   not   r5,r3      r5 = 00000031   r3 = 00020000
804510F4:  806DC95C   lwz   r3,-13988(r13)   r3 = 00020000   r13 = 8070AEE0   [8070783C] = 00000000
804510F8:  7C8420F8   not   r4,r4      r4 = 00000000   r4 = 00000000
804510FC:  7C002838   and   r0,r0,r5   r0 = 00033000   r0 = 00033000   r5 = FFFDFFFF
80451100:  7C632038   and   r3,r3,r4   r3 = 00000000   r3 = 00000000   r4 = FFFFFFFF
80451104:  906DC95C   stw   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451108:  900DC958   stw   r0,-13992(r13)   r0 = 00013000   r13 = 8070AEE0   [80707838] = 00033000
8045110C:  800DC958   lwz   r0,-13992(r13)   r0 = 00013000   r13 = 8070AEE0   [80707838] = 00013000
80451110:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451114:  7C600379   or.   r0,r3,r0   r0 = 00013000   r3 = 00000000   r0 = 00013000
80451118:  4082FF94   bne+   0x804510ac
   ...   ...   ...   ...
804510AC:  800DC958   lwz   r0,-13992(r13)   r0 = 00013000   r13 = 8070AEE0   [80707838] = 00013000
804510B0:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
804510B4:  7C000034   cntlzw   r0,r0      r0 = 00013000   r0 = 00013000
804510B8:  2C000020   cmpwi   r0,32      r0 = 0000000F
804510BC:  7C63D838   and   r3,r3,r27   r3 = 00000000   r3 = 00000000   r27 = FFFFFFFF
804510C0:  40800008   bge-   0x804510c8
804510C4:  4800000C   b   0x804510d0
   ...   ...   ...   ...
804510D0:  5403083C   rlwinm   r3,r0,1,0,30   r3 = 00000000   r0 = 0000000F
804510D4:  20A0003F   subfic   r5,r0,63   r5 = FFFDFFFF   r0 = 0000000F
804510D8:  7C1C1A2E   lhzx   r0,r28,r3   r0 = 0000000F   r28 = 806FB658   r3 = 0000001E
804510DC:  38800001   li   r4,1       r4 = FFFFFFFF
804510E0:  7C1D1B2E   sthx   r0,r29,r3   r0 = 00000044   r29 = 806FB5E0   r3 = 0000001E
804510E4:  38600000   li   r3,0       r3 = 0000001E
804510E8:  4BF52801   bl   0x803a38e8
|  803A38E8:  21050020   subfic   r8,r5,32   r8 = FFFFFFEF   r5 = 00000030
|  803A38EC:  3125FFE0   subic   r9,r5,32   r9 = 00000011   r5 = 00000030
|  803A38F0:  7C632830   slw   r3,r3,r5   r3 = 00000000   r3 = 00000000   r5 = 00000030
|  803A38F4:  7C8A4430   srw   r10,r4,r8   r10 = 00020000   r4 = 00000001   r8 = FFFFFFF0
|  803A38F8:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00000000
|  803A38FC:  7C8A4830   slw   r10,r4,r9   r10 = 00000000   r4 = 00000001   r9 = 00000010
|  803A3900:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00010000
|  803A3904:  7C842830   slw   r4,r4,r5   r4 = 00000001   r4 = 00000001   r5 = 00000030
|  803A3908:  4E800020   blr              LR = 804510EC
804510EC:  800DC958   lwz   r0,-13992(r13)   r0 = 00000044   r13 = 8070AEE0   [80707838] = 00013000
804510F0:  7C6518F8   not   r5,r3      r5 = 00000030   r3 = 00010000
804510F4:  806DC95C   lwz   r3,-13988(r13)   r3 = 00010000   r13 = 8070AEE0   [8070783C] = 00000000
804510F8:  7C8420F8   not   r4,r4      r4 = 00000000   r4 = 00000000
804510FC:  7C002838   and   r0,r0,r5   r0 = 00013000   r0 = 00013000   r5 = FFFEFFFF
80451100:  7C632038   and   r3,r3,r4   r3 = 00000000   r3 = 00000000   r4 = FFFFFFFF
80451104:  906DC95C   stw   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451108:  900DC958   stw   r0,-13992(r13)   r0 = 00003000   r13 = 8070AEE0   [80707838] = 00013000
8045110C:  800DC958   lwz   r0,-13992(r13)   r0 = 00003000   r13 = 8070AEE0   [80707838] = 00003000
80451110:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451114:  7C600379   or.   r0,r3,r0   r0 = 00003000   r3 = 00000000   r0 = 00003000
80451118:  4082FF94   bne+   0x804510ac
   ...   ...   ...   ...
804510AC:  800DC958   lwz   r0,-13992(r13)   r0 = 00003000   r13 = 8070AEE0   [80707838] = 00003000
804510B0:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
804510B4:  7C000034   cntlzw   r0,r0      r0 = 00003000   r0 = 00003000
804510B8:  2C000020   cmpwi   r0,32      r0 = 00000012
804510BC:  7C63D838   and   r3,r3,r27   r3 = 00000000   r3 = 00000000   r27 = FFFFFFFF
804510C0:  40800008   bge-   0x804510c8
804510C4:  4800000C   b   0x804510d0
   ...   ...   ...   ...
804510D0:  5403083C   rlwinm   r3,r0,1,0,30   r3 = 00000000   r0 = 00000012
804510D4:  20A0003F   subfic   r5,r0,63   r5 = FFFEFFFF   r0 = 00000012
804510D8:  7C1C1A2E   lhzx   r0,r28,r3   r0 = 00000012   r28 = 806FB658   r3 = 00000024
804510DC:  38800001   li   r4,1       r4 = FFFFFFFF
804510E0:  7C1D1B2E   sthx   r0,r29,r3   r0 = 00000080   r29 = 806FB5E0   r3 = 00000024
804510E4:  38600000   li   r3,0       r3 = 00000024
804510E8:  4BF52801   bl   0x803a38e8
|  803A38E8:  21050020   subfic   r8,r5,32   r8 = FFFFFFF0   r5 = 0000002D
|  803A38EC:  3125FFE0   subic   r9,r5,32   r9 = 00000010   r5 = 0000002D
|  803A38F0:  7C632830   slw   r3,r3,r5   r3 = 00000000   r3 = 00000000   r5 = 0000002D
|  803A38F4:  7C8A4430   srw   r10,r4,r8   r10 = 00010000   r4 = 00000001   r8 = FFFFFFF3
|  803A38F8:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00000000
|  803A38FC:  7C8A4830   slw   r10,r4,r9   r10 = 00000000   r4 = 00000001   r9 = 0000000D
|  803A3900:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00002000
|  803A3904:  7C842830   slw   r4,r4,r5   r4 = 00000001   r4 = 00000001   r5 = 0000002D
|  803A3908:  4E800020   blr              LR = 804510EC
804510EC:  800DC958   lwz   r0,-13992(r13)   r0 = 00000080   r13 = 8070AEE0   [80707838] = 00003000
804510F0:  7C6518F8   not   r5,r3      r5 = 0000002D   r3 = 00002000
804510F4:  806DC95C   lwz   r3,-13988(r13)   r3 = 00002000   r13 = 8070AEE0   [8070783C] = 00000000
804510F8:  7C8420F8   not   r4,r4      r4 = 00000000   r4 = 00000000
804510FC:  7C002838   and   r0,r0,r5   r0 = 00003000   r0 = 00003000   r5 = FFFFDFFF
80451100:  7C632038   and   r3,r3,r4   r3 = 00000000   r3 = 00000000   r4 = FFFFFFFF
80451104:  906DC95C   stw   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451108:  900DC958   stw   r0,-13992(r13)   r0 = 00001000   r13 = 8070AEE0   [80707838] = 00003000
8045110C:  800DC958   lwz   r0,-13992(r13)   r0 = 00001000   r13 = 8070AEE0   [80707838] = 00001000
80451110:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451114:  7C600379   or.   r0,r3,r0   r0 = 00001000   r3 = 00000000   r0 = 00001000
80451118:  4082FF94   bne+   0x804510ac
   ...   ...   ...   ...
804510AC:  800DC958   lwz   r0,-13992(r13)   r0 = 00001000   r13 = 8070AEE0   [80707838] = 00001000
804510B0:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
804510B4:  7C000034   cntlzw   r0,r0      r0 = 00001000   r0 = 00001000
804510B8:  2C000020   cmpwi   r0,32      r0 = 00000013
804510BC:  7C63D838   and   r3,r3,r27   r3 = 00000000   r3 = 00000000   r27 = FFFFFFFF
804510C0:  40800008   bge-   0x804510c8
804510C4:  4800000C   b   0x804510d0
   ...   ...   ...   ...
804510D0:  5403083C   rlwinm   r3,r0,1,0,30   r3 = 00000000   r0 = 00000013
804510D4:  20A0003F   subfic   r5,r0,63   r5 = FFFFDFFF   r0 = 00000013
804510D8:  7C1C1A2E   lhzx   r0,r28,r3   r0 = 00000013   r28 = 806FB658   r3 = 00000026
804510DC:  38800001   li   r4,1       r4 = FFFFFFFF
804510E0:  7C1D1B2E   sthx   r0,r29,r3   r0 = 0000006C   r29 = 806FB5E0   r3 = 00000026
804510E4:  38600000   li   r3,0       r3 = 00000026
804510E8:  4BF52801   bl   0x803a38e8
|  803A38E8:  21050020   subfic   r8,r5,32   r8 = FFFFFFF3   r5 = 0000002C
|  803A38EC:  3125FFE0   subic   r9,r5,32   r9 = 0000000D   r5 = 0000002C
|  803A38F0:  7C632830   slw   r3,r3,r5   r3 = 00000000   r3 = 00000000   r5 = 0000002C
|  803A38F4:  7C8A4430   srw   r10,r4,r8   r10 = 00002000   r4 = 00000001   r8 = FFFFFFF4
|  803A38F8:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00000000
|  803A38FC:  7C8A4830   slw   r10,r4,r9   r10 = 00000000   r4 = 00000001   r9 = 0000000C
|  803A3900:  7C635378   or   r3,r3,r10   r3 = 00000000   r3 = 00000000   r10 = 00001000
|  803A3904:  7C842830   slw   r4,r4,r5   r4 = 00000001   r4 = 00000001   r5 = 0000002C
|  803A3908:  4E800020   blr              LR = 804510EC
804510EC:  800DC958   lwz   r0,-13992(r13)   r0 = 0000006C   r13 = 8070AEE0   [80707838] = 00001000
804510F0:  7C6518F8   not   r5,r3      r5 = 0000002C   r3 = 00001000
804510F4:  806DC95C   lwz   r3,-13988(r13)   r3 = 00001000   r13 = 8070AEE0   [8070783C] = 00000000
804510F8:  7C8420F8   not   r4,r4      r4 = 00000000   r4 = 00000000
804510FC:  7C002838   and   r0,r0,r5   r0 = 00001000   r0 = 00001000   r5 = FFFFEFFF
80451100:  7C632038   and   r3,r3,r4   r3 = 00000000   r3 = 00000000   r4 = FFFFFFFF
80451104:  906DC95C   stw   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451108:  900DC958   stw   r0,-13992(r13)   r0 = 00000000   r13 = 8070AEE0   [80707838] = 00001000
8045110C:  800DC958   lwz   r0,-13992(r13)   r0 = 00000000   r13 = 8070AEE0   [80707838] = 00000000
80451110:  806DC95C   lwz   r3,-13988(r13)   r3 = 00000000   r13 = 8070AEE0   [8070783C] = 00000000
80451114:  7C600379   or.   r0,r3,r0   r0 = 00000000   r3 = 00000000   r0 = 00000000
80451118:  4082FF94   bne+   0x804510ac
8045111C:  387F00F0   addi   r3,r31,240   r3 = 00000000   r31 = 806FB5E0
80451120:  38800001   li   r4,1       r4 = FFFFFFFF
80451124:  80030030   lwz   r0,48(r3)   r0 = 00000000   r3 = 806FB6D0   [806FB700] = 90000880
80451128:  7FC3F378   mr   r3,r30     r3 = 806FB6D0   r30 = 00000000
8045112C:  908DC9C8   stw   r4,-13880(r13)   r4 = 00000001   r13 = 8070AEE0   [807078A8] = 00000000
80451130:  908DC9C4   stw   r4,-13884(r13)   r4 = 00000001   r13 = 8070AEE0   [807078A4] = 00000000
80451134:  900DC98C   stw   r0,-13940(r13)   r0 = 90000880   r13 = 8070AEE0   [8070786C] = 900968C0
80451138:  4BFEFF19   bl   0x80441050
|  80441050:  2C030000   cmpwi   r3,0       r3 = 00000000
|  80441054:  7C8000A6   mfmsr   r4         r4 = 00000001
|  80441058:  4182000C   beq-   0x80441064
|     ...   ...   ...   ...
|  80441064:  5485045E   rlwinm   r5,r4,0,17,15   r5 = FFFFEFFF   r4 = 00003432
|  80441068:  7CA00124   mtmsr   r5         r5 = 00003432
|  8044106C:  54838FFE   rlwinm   r3,r4,17,31,31   r3 = 00000000   r4 = 00003432
|  80441070:  4E800020   blr              LR = 8045113C
8045113C:  39610020   addi   r11,r1,32   r11 = 8124F970   r1 = 8124F950
80451140:  4BF5237D   bl   0x803a34bc
|  803A34BC:  836BFFEC   lwz   r27,-20(r11)   r27 = FFFFFFFF   r11 = 8124F970   [8124F95C] = 00000000
|  803A34C0:  838BFFF0   lwz   r28,-16(r11)   r28 = 806FB658   r11 = 8124F970   [8124F960] = 806F27B0
|  803A34C4:  83ABFFF4   lwz   r29,-12(r11)   r29 = 806FB5E0   r11 = 8124F970   [8124F964] = 00000018
|  803A34C8:  83CBFFF8   lwz   r30,-8(r11)   r30 = 00000000   r11 = 8124F970   [8124F968] = 806FB5E0
|  803A34CC:  83EBFFFC   lwz   r31,-4(r11)   r31 = 806FB5E0   r11 = 8124F970   [8124F96C] = 8044EF60
|  803A34D0:  4E800020   blr              LR = 80451144
80451144:  80010024   lwz   r0,36(r1)   r0 = 90000880   r1 = 8124F950   [8124F974] = 8026BE00
80451148:  7C0803A6   mtlr   r0         LR = 80451144   r0 = 8026BE00
8045114C:  38210020   addi   r1,r1,32   r1 = 8124F950   r1 = 8124F950
80451150:  4E800020   blr              LR = 8026BE00
8026BE00:  38000000   li   r0,0       r0 = 8026BE00
8026BE04:  980DB794   stb   r0,-18540(r13)   r0 = 00000000   r13 = 8070AEE0   [80706674] = 01000000
8026BE08:  80010014   lwz   r0,20(r1)   r0 = 00000000   r1 = 8124F970   [8124F984] = 8044F0BC
8026BE0C:  7C0803A6   mtlr   r0         LR = 8026BE00   r0 = 8044F0BC
8026BE10:  38210010   addi   r1,r1,16   r1 = 8124F970   r1 = 8124F970
8026BE14:  4E800020   blr              LR = 8044F0BC
8044F0BC:  800DC928   lwz   r0,-14040(r13)   r0 = 8044F0BC   r13 = 8070AEE0   [80707808] = 00000000
8044F0C0:  2C000000   cmpwi   r0,0       r0 = 00000000
8044F0C4:  41820058   beq-   0x8044f11c
   ...   ...   ...   ...
8044F11C:  800DC9C8   lwz   r0,-13880(r13)   r0 = 00000000   r13 = 8070AEE0   [807078A8] = 00000001
8044F120:  2C000000   cmpwi   r0,0       r0 = 00000001
8044F124:  41820134   beq-   0x8044f258
8044F128:  800DC960   lwz   r0,-13984(r13)   r0 = 00000001   r13 = 8070AEE0   [80707840] = 00000000
8044F12C:  28000001   cmplwi   r0,1       r0 = 00000000
8044F130:  40820060   bne-   0x8044f190
   ...   ...   ...   ...
8044F190:  3B5E0000   addi   r26,r30,0   r26 = 00000000   r30 = 806FB5E0
8044F194:  3BE0FFFF   li   r31,-1     r31 = 8044EF60
8044F198:  3F60CC00   lis   r27,-13312   r27 = 00000000
8044F19C:  48000068   b   0x8044f204
   ...   ...   ...   ...
8044F204:  800DC968   lwz   r0,-13976(r13)   r0 = 00000000   r13 = 8070AEE0   [80707848] = 00033000
8044F208:  806DC96C   lwz   r3,-13972(r13)   r3 = 00000000   r13 = 8070AEE0   [8070784C] = 00000000
8044F20C:  7C600379   or.   r0,r3,r0   r0 = 00033000   r3 = 00000000   r0 = 00033000
8044F210:  4082FF90   bne+   0x8044f1a0
   ...   ...   ...   ...


[/spoiler]
You can pm me, I've got time for your troubles.

dcx2

#9
March 29, 2011, 05:06:50 PM
Quote from: Patedj on March 29, 2011, 11:59:34 AM
I was filling up my log, with step ins when I thought, " this is going to take a while..."

there wight be thousands of step ins... is there a way to do this automatically?

lol, yeah, it might take a while.  Yes, there is a way to do it automatically.  This sort of question should go somewhere in the USB Gecko Dev board, because I don't really watch the support boards as much.

Set a breakpoint.  Pick a destination.  Take that destination's address, and set a Breakpoint Condition, SRR0 == [destination address], make sure that the groupbox checkbox is enabled, and then press Step Until.  It will repeatedly Step Into until the Breakpoint Condition is met; when SRR0 equals the destination address, we will have executed all the instructions and logged them.

Patedj

#10
March 31, 2011, 11:28:50 AM Last Edit: March 31, 2011, 11:35:06 AM by Patedj
I made another attempt to search for the timer again instead of going through all the steps.

I found this address and the stack seems to be activated with the dash and when walking.
This seems like it's the volatility.

Registers at rest:[spoiler]  CR:28200888  XER:00000000  CTR:80086530 DSIS:02400000
DAR:90BCF614 SRR0:8008481C SRR1:0000A032   LR:800D0868
 r0:800D085C   r1:8071D0C8   r2:8070FAC0   r3:90BCF60C
 r4:8071D19C   r5:91E6E0A8   r6:80545608   r7:4C6F7700
 r8:00000000   r9:48696768  r10:00000018  r11:8071D058
r12:80086530  r13:8070AEE0  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:80D013D8
r20:805359B4  r21:80A68268  r22:00000001  r23:80A68268
r24:00000000  r25:0000C7C1  r26:00000000  r27:00000001
r28:80A68268  r29:00000000  r30:00000000  r31:90BCE7C8

 f0:00000000   f1:00000000   f2:00000000   f3:00000000
 f4:00000000   f5:45992000   f6:471C4000   f7:C0A00000
 f8:C0A00000   f9:00000000  f10:80000000  f11:3F800000
f12:00000000  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:43480000  f30:428C0000  f31:3DEF9DB2[/spoiler]

registers while dashing.[spoiler]CR:28200888  XER:00000000  CTR:80086530 DSIS:02400000
DAR:90BCF614 SRR0:8008481C SRR1:0000A032   LR:800D0868
 r0:800D085C   r1:8071D0C8   r2:8070FAC0   r3:90BCF60C
 r4:8071D19C   r5:91E6BA08   r6:80545608   r7:4C6F7700
 r8:00000000   r9:48696768  r10:00000018  r11:8071D058
r12:80086530  r13:8070AEE0  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:80D013D8
r20:805359B4  r21:80A68268  r22:00000001  r23:80A68268
r24:00000000  r25:0000C7C1  r26:00000000  r27:00000001
r28:80A68268  r29:00000000  r30:00000000  r31:90BCE7C8

 f0:412BCE3E   f1:00000000   f2:00000000   f3:00000000
 f4:00000000   f5:45992000   f6:471C4000   f7:C0A00000
 f8:C0A00000   f9:00000000  f10:80000000  f11:3F800000
f12:00000000  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:43480000  f30:428C0000  f31:3DC8B439[/spoiler]

registers while walking:
[spoiler] CR:28200888  XER:00000000  CTR:80086530 DSIS:02400000
DAR:90BCF614 SRR0:8008481C SRR1:0000A032   LR:800D0868
  r0:800D085C   r1:8071D0C8   r2:8070FAC0   r3:90BCF60C
  r4:8071D19C   r5:91E6E3A8   r6:80545608   r7:4C6F7700
  r8:00000000   r9:48696768  r10:00000018  r11:8071D058
r12:80086530  r13:8070AEE0  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:80D013D8
r20:805359B4  r21:80A68268  r22:00000001  r23:80A68268
r24:00000000  r25:0000C7C1  r26:00000000  r27:00000001
r28:80A68268  r29:00000000  r30:00000000  r31:90BCE7C8

  f0:401E3DF4   f1:00000000   f2:00000000   f3:00000000
  f4:00000000   f5:45992000   f6:471C4000   f7:C0A00000
  f8:C0A00000   f9:00000000  f10:80000000  f11:3F800000
f12:00000000  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:43480000  f30:428C0000  f31:3DD91687[/spoiler]

Function:[spoiler]800847F0:  C0230000   lfs   f1,0(r3)
800847F4:  C0040000   lfs   f0,0(r4)
800847F8:  C0630004   lfs   f3,4(r3)
800847FC:  EC81002A   fadds   f4,f1,f0
80084800:  C0440004   lfs   f2,4(r4)
80084804:  C0230008   lfs   f1,8(r3)
80084808:  C0040008   lfs   f0,8(r4)
8008480C:  EC43102A   fadds   f2,f3,f2
80084810:  D0830000   stfs   f4,0(r3)
80084814:  EC01002A   fadds   f0,f1,f0
80084818:  D0430004   stfs   f2,4(r3)
8008481C:  D0030008   stfs   f0,8(r3)writes
80084820:  4E800020   blr   
[/spoiler]

LR:too long a function. exceeds 20000 word limit.
I'll walk the stack without it then.

Log write while dashing
[spoiler]8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.15544   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.15544   r3 = 90BCF60C   [90BCF614] = 4009F2C0

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 4009F2C0

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 9.08153   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 9.08153   r3 = 90BCF60C   [90BCF614] = 41114DF7

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 41114DF7

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 10.8602   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 10.8602   r3 = 90BCF60C   [90BCF614] = 412DC32E

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 412DC32E

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 4.6153   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 4.6153   r3 = 90BCF60C   [90BCF614] = 4093B080

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 4093B080

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 00000000
[/spoiler]

log write while walking[spoiler]8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.4029   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.4029   r3 = 90BCF60C   [90BCF614] = 4019C914

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 4019C914

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.39859   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.39859   r3 = 90BCF60C   [90BCF614] = 4019827C

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 4019827C

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.39987   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.39987   r3 = 90BCF60C   [90BCF614] = 40199770

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 40199770

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.39497   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.39497   r3 = 90BCF60C   [90BCF614] = 4019473C

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 4019473C

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.27783   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.27783   r3 = 90BCF60C   [90BCF614] = 4011C7FC

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 4011C7FC

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.38211   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.38211   r3 = 90BCF60C   [90BCF614] = 4018747A

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 4018747A

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.39613   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.39613   r3 = 90BCF60C   [90BCF614] = 40195A1C

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 40195A1C

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.39896   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.39896   r3 = 90BCF60C   [90BCF614] = 401988A2

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 401988A2

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.39894   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.39894   r3 = 90BCF60C   [90BCF614] = 40198844

8009F804:  D0030008   stfs   f0,8(r3)   f0 = 0   r3 = 90BCF60C   [90BCF614] = 40198844

8008481C:  D0030008   stfs   f0,8(r3)   f0 = 2.40286   r3 = 90BCF60C   [90BCF614] = 00000000

800D0868:  D0030008   stfs   f0,8(r3)   f0 = 2.40286   r3 = 90BCF60C   [90BCF614] = 4019C87C
[/spoiler]
You can pm me, I've got time for your troubles.

Patedj

#11
March 31, 2011, 12:42:33 PM Last Edit: April 01, 2011, 11:52:07 AM by Patedj
Perhaps the volatile isn't the right path for this. I think that other addresses on the stack would relate to the acceleration. This will eventually lead to a timer if in luck.

Here's one of them that looks interesting.
[spoiler]CR:28200488  XER:20000000  CTR:8032FEB0 DSIS:02400000
DAR:90BCF5F0 SRR0:800DD758 SRR1:0000A032   LR:800DD754
 r0:00000030   r1:8071C8E8   r2:8070FAC0   r3:90BCF5DC
 r4:00000000   r5:00000050   r6:FFFFFFFF   r7:FFFFFFFF
 r8:00000016   r9:90BCE7C8  r10:00000006  r11:8071C908
r12:8032FEB0  r13:8070AEE0  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:80D013D8
r20:805359B4  r21:80A68268  r22:00000001  r23:80A68268
r24:00000000  r25:0000C7C1  r26:00000000  r27:90B15050
r28:90BCE7C8  r29:8071C910  r30:00000000  r31:00000000

 f0:BF800000   f1:00000000   f2:BF800000   f3:4313999A
 f4:59800004   f5:00000000   f6:3638B94F   f7:BDF13E3A
 f8:BC406B0B   f9:3E652584  f10:3F797DA4  f11:3F7FFB7B
f12:C3BF8CD0  f13:45A8114B  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:00000000  f31:BF800000[/spoiler]

Function:
[spoiler]800DD6D0:  9421FFE0   stwu   r1,-32(r1)
800DD6D4:  7C0802A6   mflr   r0
800DD6D8:  90010024   stw   r0,36(r1)
800DD6DC:  39610020   addi   r11,r1,32
800DD6E0:  482C5D95   bl   0x803a3474
800DD6E4:  80A30E28   lwz   r5,3624(r3)
800DD6E8:  7C7C1B78   mr   r28,r3
800DD6EC:  80040000   lwz   r0,0(r4)
800DD6F0:  7C9D2378   mr   r29,r4Here's r29. what's r4? let's call the stack. Look into the next function spoiler
800DD6F4:  7C050000   cmpw   r5,r0
800DD6F8:  41820064   beq-   0x800dd75c
800DD6FC:  3BC00000   li   r30,0
800DD700:  3BE00000   li   r31,0
800DD704:  4800003C   b   0x800dd740
800DD708:  801C0E24   lwz   r0,3620(r28)
800DD70C:  7C80FA14   add   r4,r0,r31
800DD710:  88040008   lbz   r0,8(r4)
800DD714:  2C000000   cmpwi   r0,0
800DD718:  41820014   beq-   0x800dd72c
800DD71C:  806DAF1C   lwz   r3,-20708(r13)
800DD720:  80840000   lwz   r4,0(r4)
800DD724:  480C816D   bl   0x801a5890
800DD728:  48000010   b   0x800dd738
800DD72C:  806DAF1C   lwz   r3,-20708(r13)
800DD730:  80840000   lwz   r4,0(r4)
800DD734:  480C81AD   bl   0x801a58e0
800DD738:  3BDE0001   addi   r30,r30,1
800DD73C:  3BFF000C   addi   r31,r31,12
800DD740:  801C0E20   lwz   r0,3616(r28)
800DD744:  7C1E0000   cmpw   r30,r0
800DD748:  4180FFC0   blt+   0x800dd708
800DD74C:  387C0E14   addi   r3,r28,3604
800DD750:  48003DC1   bl   0x800e1510
800DD754:  801D0000   lwz   r0,0(r29)reads here ( lets look up r29)
800DD758:  901C0E28   stw   r0,3624(r28)writes here.
800DD75C:  801D0000   lwz   r0,0(r29)
800DD760:  2C000000   cmpwi   r0,0
800DD764:  4080000C   bge-   0x800dd770
800DD768:  38000000   li   r0,0
800DD76C:  901D0000   stw   r0,0(r29)
800DD770:  C01D0008   lfs   f0,8(r29)
800DD774:  C0228890   lfs   f1,-30576(r2)
800DD778:  FC000840   fcmpo   cr0,f0,f1
800DD77C:  40800018   bge-   0x800dd794
800DD780:  C01C106C   lfs   f0,4204(r28)
800DD784:  FC000840   fcmpo   cr0,f0,f1
800DD788:  4C411382   cror   2,1,2
800DD78C:  40820008   bne-   0x800dd794
800DD790:  D01D0008   stfs   f0,8(r29)
800DD794:  7FA4EB78   mr   r4,r29
800DD798:  387C01CC   addi   r3,r28,460
800DD79C:  481450E5   bl   0x80222880
800DD7A0:  801C0E30   lwz   r0,3632(r28)
800DD7A4:  2C000000   cmpwi   r0,0
800DD7A8:  41820028   beq-   0x800dd7d0
800DD7AC:  38000002   li   r0,2
800DD7B0:  901D001C   stw   r0,28(r29)
800DD7B4:  807C0E30   lwz   r3,3632(r28)
800DD7B8:  81830000   lwz   r12,0(r3)
800DD7BC:  818C011C   lwz   r12,284(r12)
800DD7C0:  7D8903A6   mtctr   r12
800DD7C4:  4E800421   bctrl   
800DD7C8:  7FA4EB78   mr   r4,r29
800DD7CC:  481450B5   bl   0x80222880
800DD7D0:  39610020   addi   r11,r1,32
800DD7D4:  482C5CED   bl   0x803a34c0
800DD7D8:  80010024   lwz   r0,36(r1)
800DD7DC:  7C0803A6   mtlr   r0
800DD7E0:  38210020   addi   r1,r1,32
800DD7E4:  4E800020   blr   
[/spoiler]

Function for r4
[spoiler]8009AE70:  9421FFD0   stwu   r1,-48(r1)
8009AE74:  7C0802A6   mflr   r0
8009AE78:  90010034   stw   r0,52(r1)
8009AE7C:  BFC10028   stmw   r30,40(r1)
8009AE80:  7C7E1B78   mr   r30,r3
8009AE84:  7C9F2378   mr   r31,r4
8009AE88:  38610008   addi   r3,r1,8
8009AE8C:  481893D5   bl   0x80224260
8009AE90:  57E0083C   rlwinm   r0,r31,1,0,30
8009AE94:  7C7E0214   add   r3,r30,r0
8009AE98:  A8031380   lha   r0,4992(r3)
8009AE9C:  90010008   stw   r0,8(r1)
8009AEA0:  2C000000   cmpwi   r0,0
8009AEA4:  4080001C   bge-   0x8009aec0
8009AEA8:  A81E1380   lha   r0,4992(r30)
8009AEAC:  90010008   stw   r0,8(r1)
8009AEB0:  2C000000   cmpwi   r0,0
8009AEB4:  4080000C   bge-   0x8009aec0
8009AEB8:  38000000   li   r0,0
8009AEBC:  90010008   stw   r0,8(r1) here's r1+8. r0 =0 if r0 <0
8009AEC0:  7FC3F378   mr   r3,r30
8009AEC4:  38810008   addi   r4,r1,8here's r4 which is coming from r1+8
8009AEC8:  48042809   bl   0x800dd6d0
8009AECC:  BBC10028   lmw   r30,40(r1)
8009AED0:  80010034   lwz   r0,52(r1)
8009AED4:  7C0803A6   mtlr   r0
8009AED8:  38210030   addi   r1,r1,48
8009AEDC:  4E800020   blr   
[/spoiler]


You can pm me, I've got time for your troubles.

dcx2

#12
March 31, 2011, 01:33:30 PM Last Edit: March 31, 2011, 01:35:01 PM by dcx2
When looking for a timer, keep in mind that some timers are up-counting instead of down-counting.

Your previous post (with the log steps on the stfs f0) look like they're close.  f0 clearly changes whenever you're dashing, to be larger values.  But that's a leaf function (notice that there is no stwu/mflr/.../mtlr/blr; it's just blr), and those are generally not good for hooking.

If a function is too long to copy into the forum post, then you can trim some parts.  There are really only three places that are interesting: the first 50 or so instructions (to see parameters being passed in from the caller); about 50 instructions around the bl or breakpoint instruction; and about 50 instructions at the very end (to see any return values being passed back to the caller)

---

8009AEA8:  A81E1380   lha   r0,4992(r30)
8009AEAC:  90010008   stw   r0,8(r1)
8009AEB0:  2C000000   cmpwi   r0,0
8009AEB4:  4080000C   bge-   0x8009aec0
8009AEB8:  38000000   li   r0,0
8009AEBC:  90010008   stw   r0,8(r1)
8009AEC0:  7FC3F378   mr   r3,r30
8009AEC4:  38810008   addi   r4,r1,8

This is putting a pointer to some value on the stack into r4.  r4 will now point at 8(r1).  Conveniently, a few instructions previous is stw-ing r0 to that very address.  And just before that, it's lha-ing r0 from r30.  r30 came from from the previous caller (passed to this function via r3)

Try setting an execute BP on 8009AEB0 with the log on and see if there's any difference with r0 when you dash and when you don't.

Patedj

#13
March 31, 2011, 01:54:36 PM Last Edit: March 31, 2011, 02:48:43 PM by Patedj
Here's more functions relating to the dash. Getting closer!
[spoiler]80085B00:  A8C40000   lha   r6,0(r4)
80085B04:  2C06FFFF   cmpwi   r6,-1
80085B08:  4D820020   beqlr-   
80085B0C:  80A30010   lwz   r5,16(r3)
80085B10:  A8040002   lha   r0,2(r4)
80085B14:  B0C51380   sth   r6,4992(r5)
80085B18:  A9840004   lha   r12,4(r4)
80085B1C:  80A30010   lwz   r5,16(r3)
80085B20:  A9640006   lha   r11,6(r4)
80085B24:  B0051382   sth   r0,4994(r5)
80085B28:  A9440008   lha   r10,8(r4)
80085B2C:  80A30010   lwz   r5,16(r3)
80085B30:  A904000A   lha   r8,10(r4)
80085B34:  B1851384   sth   r12,4996(r5)
80085B38:  A8E4000C   lha   r7,12(r4)
80085B3C:  80A30010   lwz   r5,16(r3)
80085B40:  A8C4000E   lha   r6,14(r4)
80085B44:  B1651388   sth   r11,5000(r5)
80085B48:  A8A40010   lha   r5,16(r4)
80085B4C:  81230010   lwz   r9,16(r3)
80085B50:  A8040012   lha   r0,18(r4)
80085B54:  B1491386   sth   r10,4998(r9)
80085B58:  80830010   lwz   r4,16(r3)
80085B5C:  B104139E   sth   r8,5022(r4)
80085B60:  80830010   lwz   r4,16(r3)
80085B64:  B18413A0   sth   r12,5024(r4)
80085B68:  80830010   lwz   r4,16(r3)
80085B6C:  B16413A4   sth   r11,5028(r4)
80085B70:  80830010   lwz   r4,16(r3)
80085B74:  B14413A2   sth   r10,5026(r4)
80085B78:  80830010   lwz   r4,16(r3)
80085B7C:  B0E413BE   sth   r7,5054(r4)
80085B80:  80830010   lwz   r4,16(r3)
80085B84:  B0C413C2   sth   r6,5058(r4)
80085B88:  80830010   lwz   r4,16(r3)
80085B8C:  B0A413C0   sth   r5,5056(r4)
80085B90:  80830010   lwz   r4,16(r3)
80085B94:  B00413C4   sth   r0,5060(r4)
80085B98:  8063019C   lwz   r3,412(r3)
80085B9C:  800DAC9C   lwz   r0,-21348(r13)
80085BA0:  80830008   lwz   r4,8(r3)
80085BA4:  7C040000   cmpw   r4,r0
80085BA8:  4C820020   bnelr-   
80085BAC:  388DAC9C   subi   r4,r13,21348
80085BB0:  48000C50   b   0x80086800
...
[/spoiler]
You can pm me, I've got time for your troubles.

Patedj

#14
April 01, 2011, 02:24:03 PM Last Edit: April 01, 2011, 03:36:58 PM by Patedj
New address where it only appears when dashing
Registers
[spoiler]CR:28200488  XER:20000000  CTR:00000003 DSIS:02400000
DAR:90BCFD80 SRR0:800D825C SRR1:0000A032   LR:8007F63C
 r0:00000000   r1:8071C958   r2:8070FAC0   r3:90BCE7C8
 r4:8007F030   r5:90BCE7C8   r6:00000008   r7:90BCE7D0
 r8:80D01B20   r9:00000000  r10:8071C768  r11:8071CA58
r12:80080500  r13:8070AEE0  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:80D013D8
r20:805359B4  r21:80A68268  r22:00000001  r23:80A68268
r24:00000000  r25:0000BF77  r26:00000000  r27:90B15050
r28:91ED4338  r29:91EE0DF8  r30:91ED3C98  r31:90BCE7C8

 f0:00000000   f1:3F800000   f2:00000000   f3:44A20F54
 f4:00000000   f5:00000000   f6:3638B94F   f7:BDF13E3A
 f8:BC406B0B   f9:3E652584  f10:3F797DA4  f11:3F7FFB7B
f12:413577FD  f13:45A8114B  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:00000000  f30:59800004  f31:40800000[/spoiler]


Function
[spoiler]800D8240:  38000004   li   r0,4
800D8244:  38C00000   li   r6,0 r6 loads 0
800D8248:  7C0903A6   mtctr   r0
800D824C:  7CE33214   add   r7,r3,r6
800D8250:  800715B0   lwz   r0,5552(r7)
800D8254:  2C000000   cmpwi   r0,0
800D8258:  40820010   bne-   0x800d8268
800D825C:  908715B0   stw   r4,5552(r7) this is the address I broke on
800D8260:  90A715B4   stw   r5,5556(r7) this is the next address that it writes on
800D8264:  4E800020   blr   
800D8268:  38C60008   addi   r6,r6,8
800D826C:  4200FFE0   bdnz+   0x800d824c
800D8270:  4E800020   blr   

[/spoiler]
You can pm me, I've got time for your troubles.
Print
Go Up Pages1
User actions