07 Code type help

[live2play]

I believe that my comments below are correct.  Does anyone know what the uncommented lines are doing?

42000000 80000000 -> Set base address to 80000000
077C3E00 00000010 -> Write 00000010 to 817C3E00
3D6046D0 917E009C
819E0010 4E800020
040085B0 497BB851 -> Write 497BB851 to 800085B0

After applying this code to the game, I noticed that the four consecutive words (32 bit each) starting at address 817C3E00 were the following:

3D6046D0 917E009C 819E0010 4E800020

These four words translate into the following assembly which, as you can see, was placed in an area of memory that seems to not be used by anything else.  Is this address range unused and available for writing assembly instructions into?  I noticed that the write 497BB851 to 800085B0 above is a bl 0x817c3e00 which calls the assembly listed below.

817C3DFC:  00000000   .word   0x00000000
817C3E00:  3D6046D0   lis   r11,18128
817C3E04:  917E009C   stw   r11,156(r30)
817C3E08:  819E0010   lwz   r12,16(r30)
817C3E0C:  4E800020   blr   
817C3E10:  00000000   .word   0x00000000
817C3E14:  00000000   .word   0x00000000
817C3E18:  00000000   .word   0x00000000

So, 077C3E00 00000010 must not just be writing 00000010 to 817C3E00 but, instead, setting up a write of the assembly contained in the four words that represent the assembly above.

Any explanation is greatly appreciated.

[Y.S.]

06/07 code is called "Patch code", which writes consecutive bytes to specified address.

Code Select Expand

06______ YYYYYYYY : Patch code (ba)
d1d2d3d4 d5d6d7d8...
writes d1d2d3d4 d5d6d7d8... at ba+address.
YYYYYYYY is the number of bytes to write

So the second line's comment would be like this:

077C3E00 00000010 -> write following 0x10 bytes to 817C3E00

[dcx2]

You're mostly right, but the 07 code never writes 00000010 to 807C3E00.  It just starts writing some number of bytes (0x10) at some address (0x817C3E00), and the bytes it starts writing come after the code.

The 4 patched instructions are probably going in unused memory.  The last 04 code type is hooking the 07-patched instructions by inserting a bl; the destination for the bl was probably chosen because it has access to an important pointer via r30.  The lwz r12,16(r30) is probably the instruction replaced by the bl.

This seems like a very complicated way to do a C2 code.  That, and the first line (42 code type) is unnecessary.

[live2play]

Thanks for the clarification.  In general, what are the unused areas in the Wii memory to which you could write assembly or store values for later use?

Also, how is the following only 10 bytes of data when every two HEX digits is one byte?  The following would be 16 bytes, right?

817C3E00:  3D6046D0   lis   r11,18128
817C3E04:  917E009C   stw   r11,156(r30)
817C3E08:  819E0010   lwz   r12,16(r30)
817C3E0C:  4E800020   blr

EDIT:  Never mind.  Doh!  16 Decimal is 10 HEX.

[wiiztec]

80001800 - 80003000 is normally never read from or written to on any Wii game, but it's where the code handler stores your codes so if someone using the code you make has too many code's on his/her GCT then the values you store there might be overwritten

[wiiztec]

You're mostly right, but the 07 code never writes 00000010 to 807C3E00.  It just starts writing some number of bytes (0x10) at some address (0x817C3E00), and the bytes it starts writing come after the code.

The 4 patched instructions are probably going in unused memory.  The last 04 code type is hooking the 07-patched instructions by inserting a bl; the destination for the bl was probably chosen because it has access to an important pointer via r30.  The lwz r12,16(r30) is probably the instruction replaced by the bl.

This seems like a very complicated way to do a C2 code.  That, and the first line (42 code type) is unnecessary.

I don't know what it may have been called before but now 06/07 is called the string code type
the values are written starting at the address specified in the 06/07 code