Pointers

Started by Panda On Smack, March 25, 2009, 12:45:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Panda On Smack

March 25, 2009, 12:45:51 PM
WiiRd refuses to find any pointers for me, I've yet to have any success with it

Can I find a pointer through a breakpoint?

I've found an address (9303F66C) for the game I'm in which is my current money. It moves around for each game you play but its always in this area. If I set a breakpoint on the address when its written to, can I use the info to work out the pointer?

output below:

CR  : 48004088  XER : 20000000  CTR : 80148570  DSIS: 02400000
DAR : 9303F66C  SRR0: 80148580  SRR1: 0000A032  LR  : 80148690
r0  : 80148690  r1  : 807FE910  r2  : 804CE280  r3  : 9303F564
r4  : 0000F6A4  r5  : 900299C8  r6  : 90012350  r7  : FFFFFFFC
r8  : 00000000  r9  : 9000F4E8  r10 : 00000007  r11 : 807FE920
r12 : 80148570  r13 : 804C8540  r14 : 00000000  r15 : 00000000
r16 : 00000000  r17 : 00000000  r18 : 00000000  r19 : 00000000
r20 : 00000000  r21 : 804E06D0  r22 : 804F35F0  r23 : 00000000
r24 : 804F38B0  r25 : 9303BF30  r26 : 804FE490  r27 : 9303F564
r28 : 00000096  r29 : 00000001  r30 : 3B9ACA64  r31 : 00000000


80148580:  90830108   stw   r4,264(r3)
80148584:  40820028   bne-   0x801485ac
80148588:  81830000   lwz   r12,0(r3)
8014858C:  818C000C   lwz   r12,12(r12)
80148590:  7D8903A6   mtctr   r12
80148594:  4E800421   bctrl   
80148598:  3CC0804D   lis   r6,-32691
8014859C:  7C641B78   mr   r4,r3
801485A0:  38A00024   li   r5,36
801485A4:  3866AAA8   subi   r3,r6,21848
801485A8:  4BEE4D99   bl   0x8002d340
801485AC:  80010014   lwz   r0,20(r1)
801485B0:  7C0803A6   mtlr   r0
801485B4:  38210010   addi   r1,r1,16
801485B8:  4E800020   blr   
801485BC:  00000000   .word   0x00000000


ta

Link

#1
March 25, 2009, 09:55:41 PM
Yes, you might be able to..

80148580:  90830108   stw   r4,264(r3)
"Store word in r4 to [r3+264]"
--> r3 is 9303F564

This is very high memory.. so in most cases a pointer chain would guide you there.. A better idea btw would be to create C2 (insert assembly) code at that position

Panda On Smack

#2
March 26, 2009, 10:48:06 AM
Thanks Link

Will have a look at a C2 code.

Do we have any better pointer solutions?

Link

#3
March 27, 2009, 08:31:02 AM
Probably not (unfortunately) especially in these high memory areas.. as mentioned.. a pointer chain (pointers leading to next pointer) which are supported will bring you there.. however a simple ASM code would most likely work better..

in your case:

you can use my ASM helper.. type in the address of the assembly: 80148580

and the assembly which might do the trick for you:

li r4,-1 #r4 = 0000FFFF
stw r4,264(r3) #copied from old code

You can also do if you intend to write FFFFFFFF for example:

lis r4,-1 #r4 = FFFF0000
ori r4,r4,-1 #r4 = r4 || FFFF = FFFF0000 || 0000FFFF = FFFFFFFF
stw r4,264(r3)

Panda On Smack

#4
March 27, 2009, 11:52:11 AM
Thanks mate
Print
Go Up Pages1
User actions