Codes
WiiRd forum
March 29, 2024, 04:37:43 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Welcome on the new server

Update 4.3 - do NOT update!
Gecko 1.9.3.1
Should I get a USB Gecko, I wanna hack?
How do I use my USB Gecko
Where can I get WiiRd?
 
   Home   CODE DATABASE GAMEHACKING Help Search Login Register  
Pages: 1 ... 37 38 [39] 40 41 ... 52
  Print  
Author Topic: Gecko dotNET Bugs and Requests  (Read 120219 times)
Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #570 on: August 08, 2011, 09:13:15 PM »

Yeah, there's some kinda cmp or . instruction before the bge-.  You could change it so it always evaluates to greater-or-equal.

Try this C2 code.  It might work, although I'd need a Copy Function on the hook address to know for sure.

lis r12,0x801E
ori r12,r12,0x8B48
mtctr r12
bctr

If that C2 code works, and the 04 code does not, then I would blame the cache.

The C2 code crashes aswell.
Code:
C21E8B28 00000003
3D80801E 618C8B48
7D8903A6 4E800420
60000000 00000000

Spoiler for Hiden:
801E8AEC:  9421FFF0   stwu   r1,-16(r1)
801E8AF0:  7C0802A6   mflr   r0
801E8AF4:  90010014   stw   r0,20(r1)
801E8AF8:  93E1000C   stw   r31,12(r1)
801E8AFC:  3FE08066   lis   r31,-32666
801E8B00:  3BFF2688   addi   r31,r31,9864
801E8B04:  801F3164   lwz   r0,12644(r31)
801E8B08:  2C000000   cmpwi   r0,0
801E8B0C:  41820010   beq-   0x801e8b1c
801E8B10:  28000001   cmplwi   r0,1
801E8B14:  41820054   beq-   0x801e8b68
801E8B18:  480000AC   b   0x801e8bc4
801E8B1C:  807F30BC   lwz   r3,12476(r31)
801E8B20:  38030001   addi   r0,r3,1
801E8B24:  28000005   cmplwi   r0,5
801E8B28:  40800020   bge-   0x801e8b48
801E8B2C:  807F3168   lwz   r3,12648(r31)
801E8B30:  38800052   li   r4,82
801E8B34:  4BFFAFC5   bl   0x801e3af8
801E8B38:  38000000   li   r0,0
801E8B3C:  901F3150   stw   r0,12624(r31)
801E8B40:  901F314C   stw   r0,12620(r31)
801E8B44:  48000080   b   0x801e8bc4
801E8B48:  807F3168   lwz   r3,12648(r31)
801E8B4C:  38800000   li   r4,0
801E8B50:  38A00006   li   r5,6
801E8B54:  4BFFB369   bl   0x801e3ebc
801E8B58:  807F3164   lwz   r3,12644(r31)
801E8B5C:  38030001   addi   r0,r3,1
801E8B60:  901F3164   stw   r0,12644(r31)
801E8B64:  48000060   b   0x801e8bc4
801E8B68:  801F3128   lwz   r0,12584(r31)
801E8B6C:  2C000000   cmpwi   r0,0
801E8B70:  41820038   beq-   0x801e8ba8
801E8B74:  80DF316C   lwz   r6,12652(r31)
801E8B78:  3C600001   lis   r3,1
801E8B7C:  38038000   subi   r0,r3,32768
801E8B80:  3880000C   li   r4,12
801E8B84:  7C6600D0   neg   r3,r6
801E8B88:  38A00000   li   r5,0
801E8B8C:  7C633378   or   r3,r3,r6
801E8B90:  38C00000   li   r6,0
801E8B94:  7C63FE70   srawi   r3,r3,31
801E8B98:  7C001838   and   r0,r0,r3
801E8B9C:  60000022   ori   r0,r0,34
801E8BA0:  5403043E   rlwinm   r3,r0,0,16,31
801E8BA4:  4BFDE4A1   bl   0x801c7044
801E8BA8:  3C808066   lis   r4,-32666
801E8BAC:  38000000   li   r0,0
801E8BB0:  38842688   addi   r4,r4,9864
801E8BB4:  38600001   li   r3,1
801E8BB8:  90043150   stw   r0,12624(r4)
801E8BBC:  9004314C   stw   r0,12620(r4)
801E8BC0:  48000008   b   0x801e8bc8
801E8BC4:  38600000   li   r3,0
801E8BC8:  80010014   lwz   r0,20(r1)
801E8BCC:  83E1000C   lwz   r31,12(r1)
801E8BD0:  7C0803A6   mtlr   r0
801E8BD4:  38210010   addi   r1,r1,16
801E8BD8:  4E800020   blr   
Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #571 on: August 08, 2011, 09:20:28 PM »

Okay, there's no way the C2 code had a cache problem.

Try doing this.

801E8B24:  28000005   cmplwi   r0,5  ->  cmpw r3,r3  # this will always be equal, should effectively make bge- into b

or

801E8B20:  38030001   addi   r0,r3,1  ->  li r0,6  # will make the cmpwi always greater than

Also...if you poke the branch when it's already executing, does it still work?
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #572 on: August 08, 2011, 09:26:44 PM »

801E8B24:  28000005   cmplwi   r0,5  ->  cmpw r3,r3  # this will always be equal, should effectively make bge- into b

Also...if you poke the branch when it's already executing, does it still work?
Poking did never crash.

---

gct code 041E8B24 7C031800 ("cmpw r3, r3") crashed the game.
gct code 041E8B20 38000006 ("li r0, 6") crashed the game.

Gecko.NET always says stuff about error extentions...

Spoiler for Hiden:
FTDIUSBGecko.EUSBGeckoException: Eine Ausnahme vom Typ "FTDIUSBGecko.EUSBGeckoException" wurde ausgelöst.
   bei FTDIUSBGecko.USBGecko.Dump(UInt32 startdump, UInt32 enddump, Stream[] saveStream, Dump memdump)
   bei FTDIUSBGecko.USBGecko.GetExiSendAddress()
   bei GeckoApp.CodeController.UpdateActiveCodeCount()
   bei GeckoApp.CodeController.UpdateCode(Int32 index, String codeInput)
   bei GeckoApp.CodeController.codeOutput_SelectedIndexChanged(Object sender, EventArgs e)
   bei System.Windows.Forms.ListView.OnSelectedIndexChanged(EventArgs e)
   bei System.Windows.Forms.ListView.WmReflectNotify(Message& m)
   bei System.Windows.Forms.ListView.WndProc(Message& m)
   bei System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

---

bei = at
wurde ausgelöst = was triggered

« Last Edit: August 08, 2011, 09:37:07 PM by Bully@Wiiplaza » Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #573 on: August 08, 2011, 09:42:52 PM »

Are you sure you poked the address while that part of the game was executing?  Because it sounds like this isn't a problem with the code or the code handler, because otherwise other ASM hacks would fail too.

Did you try pausing before you send cheats?  It shouldn't make a difference but maybe it will.
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #574 on: August 08, 2011, 09:50:46 PM »

Are you sure you poked the address while that part of the game was executing?  Because it sounds like this isn't a problem with the code or the code handler, because otherwise other ASM hacks would fail too.

Did you try pausing before you send cheats?  It shouldn't make a difference but maybe it will.
1.) I´m 100% sure that it worked by poke.
I tried it again and switched from default to modded value and nothing crashed.
The code took effect, how it was intended.

But if I send the same 04 code operation, it crashes.
Pausing the game before sending crashed aswell.

I´m really clueless now.
Using the code as GCT works shocked
Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #575 on: August 08, 2011, 09:53:58 PM »

Pausing the game before sending crashed aswell.

Did it crash before or after you unpaused?  The game should not be running while it's paused, and therefore it shouldn't crash until the game is run.  So...

1) Pause Game
2) Send Cheats
3) Switch to memview tab and see if you can read memory.

If you can, then the game didn't crash yet.

Quote
Using the code as GCT works shocked
You mean via SD cheats?

EDIT:

Other things to try.

1) Set a breakpoint on the instruction just before the 04 code's target.  i.e. 801E8B24
2) While at the breakpoint, send cheats.
3) While still at the breakpoint go to disasm tab and see if the target was changed

You can also try the same thing, but instead set the breakpoint on the blr (801E8BD8) instead of the instruction before the target address.
« Last Edit: August 08, 2011, 09:56:46 PM by dcx2 » Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #576 on: August 08, 2011, 09:55:25 PM »

Pausing the game before sending crashed aswell.

Did it crash before or after you unpaused?  The game should not be running while it's paused, and therefore it shouldn't crash until the game is run.  So...

1) Pause Game
2) Send Cheats
3) Switch to memview tab and see if you can read memory.

If you can, then the game didn't crash yet.

Quote
Using the code as GCT works shocked
You mean via SD cheats?
yes, sd cheats.

I paused the game.
Sent the code. (I can now still view memory)
Unpaused, game was crashed. (gecko.net froze up)
« Last Edit: August 08, 2011, 09:57:32 PM by Bully@Wiiplaza » Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #577 on: August 08, 2011, 09:57:27 PM »

Did you switch to memview after sending the code and before unpausing?  Did memview work while paused after sending codes?
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #578 on: August 08, 2011, 09:58:15 PM »

Did you switch to memview after sending the code and before unpausing?  Did memview work while paused after sending codes?
yes, I could still view memory before unpausing.
Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #579 on: August 08, 2011, 10:00:39 PM »

Try this, too.

1) pause game
2) send cheats
3) go to disasm tab @ 801E8B28
4) is it 40800020 or 48000020?
5) Poke it while paused
6) unpause
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #580 on: August 08, 2011, 10:02:30 PM »

Try this, too.

1) pause game
2) send cheats
3) go to disasm tab @ 801E8B28
4) is it 40800020 or 48000020?
5) Poke it while paused
6) unpause

4) it´s the new value (the value that got written)
5) which value? Wouldn´t it be overwritten by the 04 code?
Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #581 on: August 08, 2011, 10:05:18 PM »

5) I would use the hack value (48000020).  If you're on disasm tab, just press "assemble" and it will poke it with the current instruction.

Yes, it will be over-written by the 04 code... *at the next frame*.  After you send cheats, the codes are executed.  If you then poke the address, it won't be over-written until the code handler runs at the next frame.  So, for the current frame of the game, it will be the poked value.
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #582 on: August 08, 2011, 10:08:29 PM »

5) I would use the hack value (48000020).  If you're on disasm tab, just press "assemble" and it will poke it with the current instruction.

Yes, it will be over-written by the 04 code... *at the next frame*.  After you send cheats, the codes are executed.  If you then poke the address, it won't be over-written until the code handler runs at the next frame.  So, for the current frame of the game, it will be the poked value.
yep, still crashes after pressing "run"
Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
dcx2
Computer Engineer
Moderator
Legendary Member
*****

Karma: 165
Posts: 3468


WWW
« Reply #583 on: August 08, 2011, 10:10:42 PM »

This makes me doubt your claim that you're 100% sure poking works.  Because you poked the address with the hacked branch and it still crashed.
Logged

Bully@Wiiplaza
Hacker
Legendary Member
*****

Karma: 93
Posts: 1853


WWW
« Reply #584 on: August 08, 2011, 10:14:28 PM »

This makes me doubt your claim that you're 100% sure poking works.  Because you poked the address with the hacked branch and it still crashed.
why did the "poked" hack then work for me?
It´s not a joke!
it must be something with gecko.net because it spits error exceptions after it crashed...
as you may noticed, NONE of my tries to send this 04 (and once the C2) code did not freeze the game.
« Last Edit: August 08, 2011, 10:17:50 PM by Bully@Wiiplaza » Logged

My Wii hacking site...
http://bullywiihacks.com/

My youtube account with a lot of hacking videos...
http://www.youtube.com/user/BullyWiiPlaza

~Bully
Pages: 1 ... 37 38 [39] 40 41 ... 52
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!