-HACKING GUIDE- ASM example, making moon jump codes

[Black_Wolf]

I actually posted this in another thread somewhere, but it was actually a decent little guide when I was done, so i figured I should post here lol.

first off you wanted the button right, well its pretty easy really, you can usually find the hex for button presses somewhere (ex on psp LTrigger = 0x0100) so if you DO know that, just hold that button and search the value, hold a different button and search its value.

If you CAN"T however, you can do an unknown value search, hold nothing, hold a button seach increase. Hold that button THEN another button, search increase, let go of the first button, search decrease etc. Remember generally the buttons ADD together when a combo is held.

Now there are 2 popular methods for a moon jump code, one is generally easier than the other, but the address is hard to find.

The first method is a simple button activated gravity mod. You hold a button, gravity is lessened. Now finding gravity can be a chore, generally it can be found as a float 1 value (0x3f800000) HOWEVER try finding co-ordinates and experimenting with the area around it.

Now the SECOND method is to use the Z co-ordinates (height) to make a custom "jump" routine in asm. I generally use this is I can't find the gravity modifier, but it nevertheless works in a similar manner.

Basically, you're going to need to inject a subroutine that does the following

Loads controller address's value
Loads the value of the BUTTON you want
Branches to the end if these are different
Loads the Z Co-ordinates
Loads what you want to ADD to them (try experimenting with pokes first, remember if you HOLD the button, it will continually increase, so a small value is usually good)
Add them together
Store the modded co-ords back at their address. In modern powerpc asm it would look like this. For this example the

-co-ordinates are at 0x80CC4584
-controller address is at 0x80496AC0
-The button we want to activate has a value of 0x00000200
-We want to add 0x004C to the Z Co-ords
- We are injecting our routine at the address 0x804568C8
lis r0, 0x8049                //Loads first 2 bytes of Control address
lwz r1, 0x6AC0(r0)         //Loads the full value of the control address into r1
li r2, 0x00000200           //Loads the value for the button we want to be the activator into r2
lis r3, 0x80CC               //Loads first 2 bytes of co-ords
lwz r4, 0x4584(r3)         //Loads the full value of the z-co-ords into r4
li r5, 0x0000004C          //Loads the value we want to add to co-ords (jump speed) into r5
cmpw r1, r2               //Compares the BUTTON value and the CONTROLLER address (check if we are holding our activator or not)
bne +0x12                 //If we are NOT holding the button activator, jump to the end i.e cancel
add r6, r4, r5             // If we ARE, add 0x004C to our z-co-ord value (increase our height)
stw r6, 0x4584(r3)       //Store the modified co-ords back to their address!

And thats pretty much it lol. In theory this should increase our height if holding a button, therefore "jumping" into the air. Now there might be some mistakes in the above routine, I'm very new to this type of asm, I'm good at mips but some of the syntaxes are very confusing, so bear with me if there some errors. This should however, give you a fair idea of how its done.

This is exactly how my ASM program looked:

[lindtec]

Thanks for this nice Tutorial Black_Wolf.

Just a question, how do you come up with the address, where the sub-routine ends?

Other than that, I can pretty much follow your steps.

[Black_Wolf]

oh lol that was just an example, basically if you're using the asm code type, you just jump to the END of your code, so like skip 10 lines or whatever.

Sorry should have explained that better, I was using oldskool method lol. But yeah the C2 code type, just jump over everthying so in this case it would be bne -0x12, would jump over the stw!

[lindtec]

Thanks for explaining...

Can you use this "bne"-command to skip just a certain amount of lines (for example, just skip the next line)?

[Black_Wolf]

oh yeah definitely. That would just be bne -0x08. Simple as that lol. Following that template, button activation is just simply loading the button you want, and the button address and comparing them, if they are not the same, just exit, if they are, just write you're code in there!

[Igglyboo]

What would happen if you did NOT add a button activator in there?
Would you have constant low grav?

[Black_Wolf]

with this asm example, seeing as it is the actual co-ordinates being increased, rather than gravity (more of a manual method, meaning you can make jump codes for games without a jump function!), without a button activation you would just fly straight up continuosly till the game froze or you died if they game has a boundary check lol.

[Lunar]

Could you please explain how to find the Z-Co-ordinates  :D?

[Romaap]

first use the unkown value search, the jump, while jumping search for the greater tha previous search, then search for lower than previous when you landed, use some equal than previous, repeat those steps and then you will end up with a few addressses

[Lunar]

ive tried that but it doesnt seem to work, when i poke it does nothing

[Black_Wolf]

hmm, sometimes the jump is actually handled seperately.
Try finding a hill in the game and walk up and down in searching greater and less
OR if its still not working, find x/y co-ords, so just move around searching unequal, stand still, equal etc.
Co-ords are very likely to be dynamically allocated so you will probably need a pointer too!

[Romaap]

I want to make a moon jump for Bully, but what data size do I have to use and in what memory range? does anybody have an idea?

[Black_Wolf]

try you're standard ranges I guess. There's a fair chance it could be in the 90 area as its accessed very frequently, but I'm not sure, probably varies game to game.

[lindtec]

I'm trying to adapt the asm-code of Black_Wolf.

I've come up with the following:

lis r0, $805D
lwz r1, $4FDA(r0)
li r2, $00001000
lis r3, $8049
lwz r4, $80F6(r3)
li r5, $00002000
cmpw r1, r2
bne -0x12
add r6, r4, r5
stw r6, $80F6(r3)

But for some reason, when I try to convert it with the ASM-to-WiiRD-Converter,
it just gives me the following errors:

\asmhelp-tmpout.txt:1: Error: unsupported relocation against $805D
\asmhelp-tmpout.txt:3: Error: unsupported relocation against $00001000
\asmhelp-tmpout.txt:4: Error: unsupported relocation against $8049
\asmhelp-tmpout.txt:6: Error: unsupported relocation against $00002000

Can someone, who knows ASM tell me, what that means and how to solve these
problems?

[Romaap]

I tried it too, but I don't understand the subroutine part?

this is what i've got:


0x92A8F314  coordinate
0x806BA780  controller
0x00000100   value of the button
0x01000000   value I want to add to the coordinate

lis r0, 0x806B
lwz r1, 0xA780(r0)
li r2, 0x00000100
lis r3, 92A8
lwz r4, F28C(r3)
li r5, 0x01000000
cmpw r1, r2
bne 0x80FF50C8   //???
add r6, r4, r5
stw r6, 0xF28C(r3)

anyways, when I try to make it a code, it gives me this error:

Code Select Expand

C:\DOCUME~1\ADMINI~1\Desktop\WIIRD0~1.1\asmhelp-tmpout.txt: Assembler messages:
C:\DOCUME~1\ADMINI~1\Desktop\WIIRD0~1.1\asmhelp-tmpout.txt:2: Error: operand out of range (0x0000a780 is not between 0xffff8000 and 0x00007fff)
C:\DOCUME~1\ADMINI~1\Desktop\WIIRD0~1.1\asmhelp-tmpout.txt:4: Error: syntax error; found `A' but expected `,'
C:\DOCUME~1\ADMINI~1\Desktop\WIIRD0~1.1\asmhelp-tmpout.txt:4: Error: junk at end of line: `A8'
C:\DOCUME~1\ADMINI~1\Desktop\WIIRD0~1.1\asmhelp-tmpout.txt:6: Error: operand out of range (0x01000000 is not between 0xffff8000 and 0x00007fff)
C:\DOCUME~1\ADMINI~1\Desktop\WIIRD0~1.1\asmhelp-tmpout.txt:8: Error: operand out of range (0x80ff50c8 is not between 0xffff8000 and 0x00007fff)
C:\DOCUME~1\ADMINI~1\Desktop\WIIRD0~1.1\asmhelp-tmpout.txt:10: Error: operand out of range (0x0000f28c is not between 0xffff8000 and 0x00007fff)