ASM fail

[Deathwolf]

hi...

I've tried around to make a infinty ammo code for resident evil 4 with more intructions.
so my idea:
first load into address and then change value with branch...
but yep here are my original instructions:

bp write:

80035F88 subi r0,r3,1
80035F94 sth r4,8(r31)

bp read:

80036430 lhz r0,8(r31)

so my idea:

80035F88 38030001 <--addi r0,r3,1
80035F94 60000000 <-- nop

80036430 A25F0002 <-- lhz r18,8(r31)

code:

lis r12,0x8003 <-- load into address 80035F88
ori r12,12,0x5F88
lwz   r12,0(r12)
lis r12,0x3803 <--- write value 38030001 (addi r0,r3,1)
ori r12,r12,0x0001
stw r12,0(r12)
addi r0,r3,1
beq- THE_END <--- branch
lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz   r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop)
ori r12,r12,0x0000
stw r12,0(r12)
beq- THE_END <--- branch
lis r12,0x8003 <--- load into address 80036430
ori r12,12,0x6430
lwz   r12,0(r12)
lis r12,0xA25F <-- write value  lhz r18,2(r31) (A25F0002)
ori r12,r12,0x0002
stw r12,0(r12)

THE_END:

lhz r18,8(r31)

assembly:

C2035F88 0000000C
3D808003 618C5F88
818C0000 3D803803
618C0001 918C0000
38030001 41820038
3D808003 618C5F94
818C0000 3D806000
618C0000 918C0000
4182001C 3D808003
618C643C 818C0000
3D80A25F 618C0002
918C0000 A25F0002
60000000 00000000

the game doesn't freez by apply but by shoting.
dcx2 I hope now you can see, how I suck.

thanks for any help


btw I think it's by THE END branch.
I should write a step by step branch but I've no idea how to do.

[dcx2]

I think I see what you want to do, but I'm still confused.  Your hook is at address 80035F88, and yet your code is over-writing that same address.  That's going to be a problem.

It also looks like you don't understand how branching works.  Branches skip over instructions.

beq- is a conditional branch.  Sometimes it takes the branch, sometimes it doesn't.  Whether or not the branch is taken depends on whether the equals bit of the CR is set - hence beq is Branch EQuals.

What is the condition for branching that you wanted?  Was it your intent to skip those instructions?  Because it seems like you want all of your instructions to execute every time.

---

That said, there are several other issues.

lis r12,0x8003 <-- load into address 80035F88
ori r12,12,0x5F88
lwz   r12,0(r12)

At this point, r12 has the value it read from 80035F88.  But, in the very next instruction, you over-write r12, so the value you just read is lost.

lis r12,0x3803 <--- write value 38030001 (addi r0,r3,1)

---

I don't know why you have an addi r0,r3,1 before the beq-

---

lis r12,0x6000 <-- write value 60000000 (nop)
ori r12,r12,0x0000
stw r12,0(r12)

This will write 0x60000000 to address 60000000.  Does that seem wrong to you?  (hint: there is no address 60000000).

[Deathwolf]

ok sry I think, I didn't explained it right.

80035F94 sth r4,8(r31) <--- to nop (doesn't loose ammo)
80035F88 subi r0,r3,1 <--- to addi (add ammo) -- i know that make no sense, just a example code.


80036430 lhz r0,8(r31) <--- to lhz r18,8(r31) (load new ammo value) [148]

so you mean if I write every time r12, it will be overwritten?
and my branches are not the right branches?
a step by step branch.


lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz   r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)

[dcx2]

so you mean if I write every time r12, it will be overwritten?

Correct.  r12 can only have one value at a time in it.  If you put something else in r12, you lose what was there already.

This fact forms the essence of "safe registers".  Registers can only have one value.  If you over-write an important value, you lose that value and the game will freeze.

If you need more registers, you can try r10.  It is mostly safe, but not always.

and my branches are not the right branches?
a step by step branch.


lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz   r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)

I don't think you understand how branches work.

Do you ever use the Step button in wiird?  Computers execute programs in order, one instruction after the other.

Instead of going to the _next_ instruction, a branch causes the computer to go to a totally different instruction.  It is used to skip instructions.

Like a button activator.  If the button is not pressed, we branch over the instructions that we don't want to execute.

[Deathwolf]

yep I'll try these safe registers.

r0 safe
r1 Stack pointer
r2 Table of Contents (TOC) pointer
r3 safe
r4 not safe
r5 safe
r6 ba
r7 gr addresses
r8 code execution status
r9 safe
r10 safe
r11 safe
r12 safe
r13 not safe (reserved)
r14 safe
r15 code line address
r16 not used
r17 safe
r18 safe
r19 safe
r20 po
r21-r31 unknown


yes you are right.I've never use branchs and this is the first time I'll do this.
if you do something,activate code without a new C2 code via loading into address. (like button activator)

will this work the first time?


lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz   r12,0(r12)
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)

I want to execute all the same time!but

[dcx2]

NO!  DO NOT USE THOSE REGISTERS!

That is for the C0 code only!  The author of the original post with those registers was looking through the code handler to see what is safe and what isn't.

[dcx2]

No, that won't work.

lis r12,0x8003 <--- load into address 80035F94
ori r12,r12,0x5F94
lwz   r12,0(r12) <--- over-writes the pointer in r12
lis r12,0x6000 <-- write value 60000000 (nop) to address 80035F94
ori r12,r12,0x0000
stw r12,0(r12)

Try this instead.

lis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94

[Deathwolf]

NO!  DO NOT USE THOSE REGISTERS!

That is for the C0 code only!  The author of the original post with those registers was looking through the code handler to see what is safe and what isn't.

ohhh now it see O_O

is there another list for free registers?


lis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94

yes I understand now what you mean.
load address into r12.
write 60000000 into 10.
store nop into r10 and load into r12. ;D

[dcx2]

is there another list for free registers?

There is no such thing as a list of safe registers for C2 codes.  There never will be.  The safety of a register for a C2 code depends ENTIRELY on the instructions around the C2 code.

You will need to read and understand "On the Safety of Registers" to find safe registers for C2.  The best I can do is suggest r12, then r10, then r9.  r12 is the safest, and will always work.  r10 is the second safest...it will usually work, but not always.  r9 is even less safe than r10, etc.

lis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94

yes I understand now what you mean.
load address into r12.
write 60000000 into 10.
store nop into r10 and load into r12. ;D

load address into r12
load nop into r10
write r10 to the address in r12

[Deathwolf]

is there another list for free registers?

There is no such thing as a list of safe registers for C2 codes.  There never will be.  The safety of a register for a C2 code depends ENTIRELY on the instructions around the C2 code.

You will need to read and understand "On the Safety of Registers" to find safe registers for C2.  The best I can do is suggest r12, then r10, then r9.  r12 is the safest, and will always work.  r10 is the second safest...it will usually work, but not always.  r9 is even less safe than r10, etc.

lis r12,0x8003 <--- load address 80035F94 into r12
ori r12,r12,0x5F94
lis r10,0x6000 <--- load 60000000 = nop into r10
stw r10,0(r12) <--- write r10=60000000 to address r12=80035F94

yes I understand now what you mean.
load address into r12.
write 60000000 into 10.
store nop into r10 and load into r12. ;D

load address into r12
load nop into r10
write r10 to the address in r12

oh yes you are right...write r10 to the address in r12.
I'll try these registers.

thanks.

[dcx2]

Remember.  Prefer r12 first.  Then prefer r10.  Then r9.  The registers get less safe as you go down.

[Deathwolf]

just a example:

lis r12,0x8003
ori r12,r12,0x5F94
lis r10,0x6000
stw r10,0(r12)
lis r9,0x8003
ori r9,9,0x6430
lis r8,0xA25F
ori r8,r8,0x0002
stw r8,0(r9)
lis r7,0x8003
ori r7,7,0x5F88
lis r6,0x3803
ori r6,r6,0x0001
stw r6,0(r7)

code:

C2035F88 00000008
3D808003 618C5F94
3D406000 914C0000
3D208003 61296430
3D00A25F 61080002
91090000 3CE08003
60E75F88 3CC03803
60C60001 90C70000
60000000 00000000

[dcx2]

Too many registers.  Each register is less safe than the next.  Only use r10 when you can't use r12.  Only use r12 r9 when you can't use r12 or r10.

Remember, only r12 is always safe.  Every other register might not be safe; you need to look at the instructions around the hook to determine safety.  My suggestion for r10 is based on the fact that it's the least dangerous.  But that does not mean it is safe.

You can re-use a register once you don't need the value anymore.

lis r12,0x8003
ori r12,r12,0x5F94
lis r10,0x6000
stw r10,0(r12)
lis r12,0x8003
ori r12,9,0x6430
lis r10,0xA25F
ori r10,r10,0x0002
stw r10,0(r12)
lis r12,0x8003
ori r12,7,0x5F88
lis r10,0x3803
ori r10,r10,0x0001
stw r10,0(r12)

[Deathwolf]

at the first time, I was a little confussed lol but now I understand what you mean.
that's a nice way to do this!

thanks alot.

and for this I don't need any branches right?

[dcx2]

Branches skip over instructions.  Do you ever want to skip any of those instructions?