-HACKING GUIDE- ASM example, making moon jump codes

[lindtec]

Thanks for the code, but unfortunatly that didn't work.

I've tried to leave out the button-activator, to rule out this as cause.

lis r0, 0x8049
ori r0,r0,0x80F6
lwz r1, 0x0(r0)
li r2, 0x00000100
add r3, r1, r2
stw r3, 0(r0)

But that didn't work either.

I can't use this execute option for breakpoints, because as soon, as I activate the code in WiiRD,
it writes this high number. It doesn't wait for any buttons. So I have no time, to switch to the
breakpoint-tab and search for executions.

Edit: By using a button-activator before the asm-code itself, I managed to do the breakpoint thing.
For some reason, this 4BB6A72C (which is allways the same) is written to r5 and then to my address.
I've tried to nop this, but now, the asm-code does nothing...

[Dr.Pepper]

Maybe you have injected the code more than once without rebooting, or removing(NOP)ing the injection point away, before applying changes again. ie you have the old r5 addition code running already.

Have you rebooted/resetted the game before applying changes? As clearly that code that does not touch r5. Or you are giving examples that are not real / too much stuff edited away.

If you breakpoint and go through the code line by line, does it jump to your injection space and back to injection point + 4 after the injection? As if you are giving too little information there is no way to tell whats wrong. (you didnt tell what line of your code example the value R5 changes while stepping the breakpoint).

[lindtec]

Sorry, that it seems, as if I hold back useful information, but I'm a bloody noob to asm and breakpoints.

I've rebooted my Wii several times between testing. The code itself is as you see
(I haven't left out anything and I'm not touching r5). The only bit of information,
I could add is, that I'm injecting the code at 804980F6 (the same address, that is loaded
into register 0), but I tried other addresses with the same result.

Thanks for the advice with "stepping the breakpoint". I don't know, why I didn't try that allready to see,
what happens. But I'll test it, as soon as I get back to my Wii. I hope, I can provide more information then.

[Dr.Pepper]

That sounds like trouble, if you are injecting code to 804980F6, then the value of that address is replaced with "b 0x800xxxx" (branch jump to injection place), so if you injection code loads into that address, then it will not load the earlier value of 804980F6, as that value does not exist anymore its replaced with the branch jump. So you cannot inject code to the same memory address that you read the value from, so you need to inject code to some other position. As now if you are adding 0x100 value to the branch code (b 0x800x[x+1]xx), it just branches to +100 position of your injected asm code on next time it loops to that address -> undefined location -> crashes the game.

Ie if the 804980F6 address value is the value that you want to modify, you need to put write breakpoint there and see where it breaks, and then do the asm injection to the asm code memory location (which is on different memory location) that does the actual writing to 804980F6. Usually its the memory location of line like "stw r30,0(r1)" or similar that you need to inject your code to (and not the location of the value that you want to modify).

[Jassim]

i really cant udnerstand the 2nd method can someone please help

[Panda On Smack]

i really cant udnerstand the 2nd method can someone please help

Do you understand Assembly code?

[ssbbdude]

sorry about the bump but where can you download the program?

[Romaap]

http://usbgecko.com/manual.htm
3rd party applications -> WiiRD ASM Helper Tool By Link

[ssbbdude]

thank you :D

[_Vuze_]

Nice guide, but what do I have to set in the "adress" line in WiiRD <-> ASM?
I left 80000000 in, but if I go on quest in the game (Monster Hunter 3), it will give me a black screen.

[Romaap]

Nice guide, but what do I have to set in the "adress" line in WiiRD <-> ASM?
I left 80000000 in, but if I go on quest in the game (Monster Hunter 3), it will give me a black screen.

Here's your answer

- We are injecting our routine at the address 0x804568C8

[[wt]Will.S]

Niiicce with all those videos, i am learning really fast mehehe!!

[_Vuze_]

@Romaap: Yeah, thank you, got it while reading through the guide once again offline  ::)
It is not working for me though, even though the adresses should be correct... well, I gotta try some more.

Oh, and am I not allowed to use a register over r30 (or r31)? The converter always gives me an error. If not, what is the easiest way to find unused registers yet?
Sorry, I am really, really new to ASM, never dealt with it before...

[mdmwii]

Thanks, now its a lot clearer.

Unfortunatly, I still get 2 errors:

My Code:
Address for Button-Check: 805D4FDA
Address to add a value: 804980F6

lis r0, 0x805D
lwz r1, 0x4FDA(r0)
li r2, 0x00001000
lis r3, 0x8049
lwz r4, 0x80F6(r3)
li r5, 0x00001000
cmpw r1, r2
bne +0x12
add r6, r4, r5
stw r6, 0x80F6(r3)

The errors:
\asmhelp-tmpout.txt:5: Error: operand out of range (0x000080f6 is not between 0xffff8000 and 0x00007fff)
\asmhelp-tmpout.txt:10: Error: operand out of range (0x000080f6 is not between 0xffff8000 and 0x00007fff)

Hope, you know a solution for this problem too, Black_Wolf.

lis r0,-32675
lwz r1,20442(r0)
li r2,4096
lis r3,-32688
lwz r4,11(r3)
li r5,4096
cmpw r1,r2
bne- 0x10
add r6,r4,r5
stw r6,-32522(r3)

I just fixed your error but I don't know if it will work because you're using many registers. I would do it like this:

lis r15,0x805d
lwz r15,0x4fda(r15)
cmpwi r15,0x1000
bne- 0x14
lis r15,0x8050
lwz r16,-32522(r15)
addi r16,r16,0x1000
stw r16,-32522(r15)
nop <-- put here instruction replaced by hook (C2/D2)


Check if r15 and r16 are free and be sure that 0x805d4fda is a word.

[superomar13]

Since your all hacking geniuses  :) , can ya'll make a code for disabling the one hit ko code? Its saved on my file, and now its really annoying me. lol