Strange Float Instruction?

[Bully@Wiiplaza]

loool thanks for this discussion great ;D
I saw my mistake I guess.

[Nutmeg]

Wait, last second idea.

Use Gecko.NET to modify the float register.  If you right click and view memory it should show you where the call is coming from, and this should alow you to change a float register.

^Another reason why Gecko.NET is superior.  Also, I remember doing this in another code I did.

[Bully@Wiiplaza]

but I just want to write a new value and not see where it is coming from.
To which solution did you two unite now?

[spoiler]lis r9, 0x8000
lfs f1, 0x1500(r9)
stw r9,0(r29) #but this is storing r29 in r9 and not the other way round, where is the value to write??[/spoiler]

[Nutmeg]

That is storing r9 in r29...

[Deathwolf]

but I just want to write a new value and not see where it is coming from.
To which solution did you two unite now?

[spoiler]lis r9, 0x8000
lfs f1, 0x1500(r9)
stw r9,0(r29) #but this is storing r29 in r9 and not the other way round, where is the value to write??[/spoiler]

lfs f1, 0x1500(r9)
f1 is the value to write!

if you want to write a new value so use this:

lis r9, 0x8000 <--- load into address 80001500
ori r9,r9,0x1500
lis r5,0x XXXX <--- write 32bit value
ori r5,r5,0x XXXX
stw r5,0(r9) <--- store value into address 80001500


nutmeg used 2 things in 1 instruction.
lfs can do:

lfs f1, 0x1500(r9) = f1 is the value, 0x1500 (r9) loading into register (address)
so you can load into address AND write a value from fX.
lwz will do the same.

example:

  CR:48202288  XER:00000000  CTR:0000000E DSIS:00000000
DAR:00000000 SRR0:80698D6C SRR1:0000B032   LR:80698D6C
  r0:80698D6C   r1:8024D4A8   r2:802459C0   r3:808A0000
  r4:3FF00000   r5:00000000   r6:00000000   r7:FFFFFFFE
  r8:40000000   r9:00000000  r10:0011C26C  r11:8024D578
r12:0025F12A  r13:80244680  r14:00010005  r15:8017D510
r16:806ADDB4  r17:00000000  r18:00000000  r19:00000004
r20:00000000  r21:8036F000  r22:00000000  r23:815E2E40
r24:00000000  r25:00000000  r26:00000000  r27:80E4F140
r28:80EA73C4  r29:80EA73C8  r30:8024D5A0  r31:808A2CA0

you also can use lwz and not ori.
code would be:

lis r9, 0x8000 <--- load into address 80001500
lwz r5,0x1500 (r9) <--- u can see, r5 is nothing (no value)
lis r6,0x XXXX <--- write 32bit value
ori r6,r6,0x XXXX
stw r6,0(r9) <--- store value into address 80001500

[dcx2]

I stopped helping Deathwolf and Bully some time ago as a means of protest against their online hacking.  However, I feel terrible for poor Nutmeg who is being given confusing information...so I will step in to clear things up some.

Nutmeg, your original solution in reply #2 would work; load a value somewhere in memory, and then lfs the value into the float register of interest.  However, I caution against using random areas of memory like that.  You should only write to memory that you can prove will not be used for anything else.  i.e. in a stack frame you created, or in a small data area inside a C2 code which exists where the code handler stores codes.

---

In reply #3, deathwolf said

lis r9, 0x8000 <-- load into address 80000000 load 0x8000 into the upper 16 bits of r9 and clear the lower 16 bits
lfs f1, 0x1500(r9) <-- go 1500 forward and load the value from f1 into the address 80001500 address 80001500 into float register f1
stw r9,0(r29) store value from (80001500) into r29 0x80000000 to the address in register r29

I have my corrections in red.  Note that this sequence of assembly is basically nonsense, and it could very well crash the game because 0x80000000 as a single-precision float will be interpreted as a negative zero.

---

In reply #5, deathwolf alleges that r9 is free/safe.  This is likely because he sees the value 0 in the register listing that Bully posted.  He makes a similar error in reply #19 regarding r5 and r6.  The safety of a register for using in an ASM code NEVER EVER EVER depends on the VALUE in that register, PERIOD!  You cannot say "oh, this register is 0, so it's safe to use".  That is not how it works.  If you hit the breakpoint again, some of those values might not be zero.

The safety of a register can be determined ONLY from the disassembly.  The reason r9, r6, and r5 are safe is because they are volatile registers and the hook address is right after a bl, so all the volatile registers are safe.

---

In reply #7, deathwolf says

nono ( ) <-- is into.

lfs f1, 0x1500(r9)  will load the value from f1 into r9

That is entirely, 100% false.  Nutmeg's reply #6 was 100% true.

---

Reply #9, deathwolf says that stfs f1, 0x1500(r9) will "store floating into r9".  Wrong again.  stfs will store the value in f1 to the address given by the pointer in r9 and an additional offset of 0x1500.  i.e. it will write f1 to address 80001500.

---

At least he's right in #13.  To write a new value into a float register, you will need lis/ori/lfs.  Or as Nutmeg pointed out, in Gecko.NET, on the BP tab, if you are at a breakpoint which uses a memory access instruction and you right-click the Set Breakpoint, Step buttons, or Show Mem button, you will get a peek at the current value that will be accessed.  You can also poke a new value by typing it into the data field and pressing enter.  Then, when you Step, the game will load your poked value into the float register.

---

Finally, deathwolf said in #19

lfs f1, 0x1500(r9) = f1 is the value, 0x1500 (r9) loading into register (address)
so you can load into address AND write a value from fX.
lwz will do the same.

That is wrong.  lfs does not load anything into an an address.  It does not write any value from a float register.  lfs fD, d(rA) will take the value at the address that is given by the sum of d and the value in rA, and then it loads that value into the float register fD.  lwz is the same way.

[Deathwolf]

.... sounds everything is wrong  :(
I don't see any problems with online codes for private match.
and I don't see any supports by online hacking but if you think so... okay.

stfs   f1,0(r29)

replace with:

stwu r1,-80(r1)
stmw r14,8(r1)
lis r14,0x XXXX
ori r14,r14,0x XXXX
stw r14,0(r29)
lmw r14,8(r1)
addi r1,r1,80

sry  :(

[dcx2]

I don't see any problems with online codes for private match.

This is off-topic for this thread, but...does this look like a private match?

[spoiler][/spoiler]

I won't help online hackers.  Even if your code is offline.

[Deathwolf]

I don't see any problems with online codes for private match.

This is off-topic for this thread, but...does this look like a private match?

[spoiler][/spoiler]

no... not really but I stopped using hacks like this.
but I don't see any support by help with ASM.


hmm... I think it's unfair. superman made alot online hacks for cod bo and he got much help :/
btw I see you helping bully sometimes and he still make some online codes...

[dcx2]

If superman needs help, I certainly won't be giving it.

Regarding Bully, the last time I helped him I was actually addressing Nutmeg.  The mechanics of the hack that Bully wanted to make were interesting enough for me to give some help for anyone who stumbled on the thread later.  However, I did not give him the answer he was looking for, I only described one problem he would encounter.

I'm done hijacking this thread.  I only wanted to correct the misinformation you were spreading.

[Deathwolf]

hmm ok in fact, you never help me again... very pity

[Bully@Wiiplaza]

However, I did not give him the answer he was looking for, I only described one problem he would encounter.

Yes, I was thinking: "what the hell is he talking about, this doesn´t help!"
Btw. if you think that you don´t help anymore, I never forced you to do so. It´s just that I love to hack some games, not regarding to ruin it, only to have fun.

This is the new leaderboard (we are sorry for our mistakes)
[spoiler][/spoiler]

Every noob can hack his score and we are the bad people?? Look at the list.
I myself didn´t make that hack... I used it because a few others already hacked the list, so it didn´t actually matter.
If there are 4 or 5, nobody cares, but the first one must be prevented.

And Nutmeg also doesn´t back off from Online codes, why is he the poor?
Want some proof anyway?

[Nutmeg]

In my defense, I now use the leaderboard hack on msc because people have been putting up offensive names flaming legit msc players.
Proof:
http://www.youtube.com/watch?v=3QQq1-tfvNo

As for mkw, I haven't played in ages, so don't try to hold that against me, please.

[Nutmeg]

@dcx2- so lfs is the equivalent of lwz except with floats?  And stfs is the same as stw except with floats?

-And the are between 80001500 and 80001600 are almost never used, which is why I picked that address.

[Bully@Wiiplaza]

In my defense, I now use the leaderboard hack on msc because people have been putting up offensive names flaming legit msc players.
Proof:
http://www.youtube.com/watch?v=3QQq1-tfvNo

As for mkw, I haven't played in ages, so don't try to hold that against me, please.

lol funny video xDDD
Btw. you can´t say that you aren´t ever hack online anyway.
It doesn´t matter what others are doing with the leaderboards.
You even posted a video where you hacked two different leaderboards...