Gecko OS mod

[goemon_guy]

Yeah, but unfortunately, the game has some kind of protection or something that causes the game to crash if any hook is patched.

The game passes the Nintendo screen and does nothing more.

[dcx2]

Well, it's doing one of a few things.

1) Erasing the code handler.  Set RWBPs on e.g. 800018A8.  If you get a hit, they're trying to erase the code handler.

2) Running a checksum on addresses that are usually hooked.  If you knew what address was hooked by the loader, you could set a RWBP on the hook.  Any hits are probably running checksums.

The game can do a variety of things to shut itself down, but those are the two key methods of attacking the code handler.

EDIT:

Oh, I should mention that setting BPs at the start of a game is...difficult.  When you pause start, and then hit run, the game installs its own interrupt handlers.  They will interfere with breakpoints.  So you have to make a "paused hook", which is run after the game's interrupt handlers are installed, but before any protections are enabled.  It has to set the code handler to the paused state because you can't use breakpoints yet.  Once you hit the pause hook, reconnect Gecko.NET and all the appropriate interrupt handlers will be installed.  You can then set BPs normally.

Also...I prefer to keep protection discussion out of the public eye in case they troll our forums for ideas to attack the code handler.  Mind if I split the topic?  Then I can go into more detail.

[WiiPower]

Even if you block the memset for 0x80001800-0x80001fff in Pokemon Box, it still does something with that memory area.

[goemon_guy]

Also...I prefer to keep protection discussion out of the public eye in case they troll our forums for ideas to attack the code handler.  Mind if I split the topic?  Then I can go into more detail.

Assuming you were asking me, sure, split the topic, if you want!

EDIT

I tried setting a breakpoint on the code handler. (800018A8.) There was something that happened, and it made the Breakpoint tab go CRAZY.

Not sure if there's a more efficient way to copy the breakpoint tab, so...
[spoiler]
 CR:0A0A426F  XER:6F744D69  CTR:69207631 DSIS:2E330A43
DAR:6F707972 SRR0:69676874 SRR1:20284329   LR:30303030
 r0:20323030   r1:382D3230   r2:31302054   r3:65616D20
 r4:54776969   r5:7A657273   r6:2E0A416C   r7:6C207269
 r8:67687473   r9:20726573  r10:65727665  r11:642E2020
r12:52656469  r13:73747269  r14:62757469  r15:6F6E206F
r16:72207361  r17:6C652069  r18:73207072  r19:6F686962
r20:69746564  r21:2E0A4152  r22:4D424F4F  r23:54206865
r24:61646572  r25:20284030  r26:78323837  r27:3030293A
r28:0A204865  r29:61646572  r30:2073697A  r31:653A2030

 f0:3031300A   f1:204C6F61   f2:64657220   f3:73697A65
 f4:3A203030   f5:30303363   f6:64300A20   f7:454C4620
 f8:73697A65   f9:3A203030  f10:30323736  f11:37340A20
f12:41726775  f13:6D656E74  f14:3A203030  f15:30303030
f16:30310A20  f17:454C4620  f18:61742030  f19:78326333
f20:65300A54  f21:7279696E  f22:6720746F  f23:206D6F75
f24:6E742053  f25:442E2E2E  f26:0A736468  f27:635F6275
f28:735F706F  f29:77657228  f30:31290A73  f31:6468635F[/spoiler]
There were also no instructions in the bottom box.

[goemon_guy]

Hmm, it seems as though hacking Sonic Adventure DX is impossible ATM, as when I connect the debugger, the game freezes whenever it tries to load anything. :/

I tried the two "known-to-work" hooks, VI and Unknown 1, OSSleepThread, gxdrawdone, Unknown 0, and all both reproduce the same problem.

On top of that, when you load the game with hooks, any memory card inserted is treated as "Damaged."

[Cheesewig]

When I load Super Mario Sunshine PAL, The game crashes when I enter a save...  :'(

Do I need the (M) code?

[goemon_guy]

I think it could be the codes you have activated.

Please post whatever codes you are using. One (or more) may be conflicting with others, or other things.

[Cheesewig]

I used:

99 Lives
Infinite Health
Infinite Water
Infinite Hover
8 Red Coins (L+B)
Open Levells/Nozzles
Low Gravity
Low Spin Gravity
Super Spin
Breath Underwater
Have Sunshine Shirt
Any Fruit Opens Yoshi Eggs
Yoshi Loves Water
Teleport (D-Pad Left:Save/D-Pad Right: Load)

Thanks! ;D

[goemon_guy]

I want to say that the problem is "Super Spin" and "Low Spin Gravity" conflicting with each other.

If possible, could you also post the codes to go with them? We'll be able to diagnose your problem more thoroughly.

[Cheesewig]

Here are the codes I use: (Forgot Low Gravity...)

99 Lives
00570967 00000063

Infinite Health
48000000 804057F4
DE000000 80008180
12000008 00000009
E2000001 80008000

Infinite water
04263F58 38002710
042635B0 60000000

Infinite hover time
042640BC 60000000

8 Red coins (Press L+B)
283FBBF4 00000240
025709DE 00000008
E2000001 80008000

Open Levels/Nozzles
04570958 FFFFFFFF
0457095C FFFFFFFF

Low Gravity
48000000 804057F4
DE000000 80008180
12000A00 00003E00
E2000001 80008000

Low Spin Gravity
48000000 804057F4
DE000000 80008180
12000A14 00003200
E2000001 80008000

Super Spin
48000000 804057F4
DE000000 80008180
12001284 00003200
E2000001 80008000

Breath Underwater
48000000 804057F4
DE000000 80008180
1200112C 00007FFF
E2000001 80008000

Have Sunshine Shirt
48000000 804057F4
DE000000 80008180
12000000 00000010
E2000001 80008000

Any Fruit Opens Yoshi Eggs
041B47B8 60000000

Yoshi Loves Water
0426837C 4E800020

Teleport (D-Pad Left: Save/D-Pad Right: Load)
0424F224 D01E0010
0424F22C D01E0014
0424F234 D01E0018
283FB800 FF7E0081
C224F224 00000002
3E008000 D0101600
D01E0010 00000000
C224F22C 00000002
3E008000 D0101604
D01E0014 00000000
C224F234 00000002
3E008000 D0101608
D01E0018 00000000
E0000000 00000000
283FB800 FF7D0082
C224F224 00000002
3E008000 C0101600
D01E0010 00000000
C224F22C 00000002
3E008000 C0101604
D01E0014 00000000
C224F234 00000002
3E008000 C0101608
D01E0018 00000000
E0000000 00000000

Thanks! ;D

[goemon_guy]

Teleport (D-Pad Left: Save/D-Pad Right: Load)
0424F224 D01E0010
0424F22C D01E0014
0424F234 D01E0018
283FB800 FF7E0081
C224F224 00000002
3E008000 D0101600
D01E0010 00000000
C224F22C 00000002
3E008000 D0101604
D01E0014 00000000
C224F234 00000002
3E008000 D0101608
D01E0018 00000000
E0000000 00000000
283FB800 FF7D0082
C224F224 00000002
3E008000 C0101600
D01E0010 00000000
C224F22C 00000002
3E008000 C0101604
D01E0014 00000000
C224F234 00000002
3E008000 C0101608
D01E0018 00000000
E0000000 80008000

The problem might have been with this, try replacing the cheat with this one.

[Cheesewig]

It Still Doesn't work... :(

[goemon_guy]

Teleport (D-Pad Left: Save/D-Pad Right: Load)
0424F224 D01E0010
0424F22C D01E0014
0424F234 D01E0018
283FB800 FF7E0081
C224F224 00000002
3E008000 D0101600
D01E0010 00000000
C224F22C 00000002
3E008000 D0101604
D01E0014 00000000
C224F234 00000002
3E008000 D0101608
D01E0018 00000000
E0000000 80008000
283FB800 FF7D0082
C224F224 00000002
3E008000 C0101600
D01E0010 00000000
C224F22C 00000002
3E008000 C0101604
D01E0014 00000000
C224F234 00000002
3E008000 C0101608
D01E0018 00000000
E0000000 80008000

Try this?

[goemon_guy]

I'm going to move this to a PM, OK? We're just going to clutter the topic here.

[goemon_guy]

Found an (M) code that worked fine for Pokemon Box USA.

In the gct you make for the game, this should be active.

(Must be On)
C613A48C 800018A8
04000030 8023F3E0
04005B54 3C608024
04005B58 3863D3E0
04005B70 3C608024
04005B74 3863DDE0
04003194 48000028

Thanks to Ralf of GSCentral.

EDIT:
Here's one for Pokemon Colosseum that works fine

(Must be On) [Codejunkies]
C60B9FE0 800018A8
042663A0 000034E0
042663A4 000034E4
04005614 60000000
04005C24 60000000
04005D50 60000000
04036598 60000000
04036740 60000000
04005C24 60000000
04036688 60000000
04003194 4800002C