Guitar Hero: Metallica [SXBP52]

Started by Patedj, February 26, 2011, 08:55:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Patedj

February 26, 2011, 08:55:05 AM Last Edit: September 06, 2011, 01:42:45 AM by Arudo
This is driving me crazy. I can't hook anything! + the addresses change at each song...
There's 1 good thing though;there's only one address at a time. So this is always the function.
Registers
[spoiler] CR:42200088  XER:00000000  CTR:801D5D40 DSIS:00400000
DAR:900421C8 SRR0:801D586C SRR1:0000A032   LR:801D5D48
  r0:00000001   r1:806471C8   r2:8062B380   r3:90107468
  r4:900421BC   r5:801E1808   r6:00000000   r7:00000000
  r8:0000001A   r9:806470C8  r10:00000000  r11:80647178
r12:800B1E00  r13:80626840  r14:804256D0  r15:900D1DF8
r16:80425608  r17:80425778  r18:8042576C  r19:80425760
r20:80425754  r21:80425748  r22:8042573C  r23:80425730
r24:80425724  r25:909337AC  r26:00000000  r27:8096C8A0
r28:8096C7A0  r29:8043BD40  r30:80440000  r31:90107468

  f0:3F800000   f1:3EE2E2E5   f2:3B166D00   f3:BE8C48C7
  f4:3C901440   f5:3F762B04   f6:3F7FF5B0   f7:BC856A00
  f8:BED7548F   f9:BF914308  f10:BF5CE9C5  f11:3EB9D14D
f12:3EFAB481  f13:38C40972  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:59800004  f30:3FC90FDB  f31:43E00000[/spoiler]
Function
[spoiler]801D57D8:  9421FFE0   stwu   r1,-32(r1) ----> r1= 806471E8. -32r1=806471C8
801D57DC:  7C0802A6   mflr   r0 ----> r0=801D5D48
801D57E0:  90010024   stw   r0,36(r1) ----->4BFFFEE4 to 806471E8
801D57E4:  BFC10018   stmw   r30,24(r1) ----> [(80440000 address)(80185308 value)] to 80647204
801D57E8:  7C7F1B78   mr   r31,r3 ---->90106868 (this changes when the address changes)
801D57EC:  80830020   lwz   r4,32(r3) ---->90040F78
801D57F0:  88040009   lbz   r0,9(r4) ---->9(r4) value=808A6954
801D57F4:  2C000000   cmpwi   r0,0
801D57F8:  41820058   beq-   0x801d5850 ----> branch where it loads r0
801D57FC:  80830010   lwz   r4,16(r3) ----> 16(r3) address is 90109178 value is 808A6A44
801D5800:  38C00000   li   r6,0
801D5804:  80BF001C   lwz   r5,28(r31) ----> 28(r31)= address 90106B84 and 900D4630 as the value
801D5808:  38840001   addi   r4,r4,1 ---->=80895897
801D580C:  90830010   stw   r4,16(r3)
801D5810:  80630014   lwz   r3,20(r3)  r3=900D87A8
801D5814:  4BFFDB01   bl   0x801d3314 ----> branch link back to previous function which sends me
                                                        into a loop this could be the pause option which I'm on now.
801D5818:  80BF0020   lwz   r5,32(r31)
801D581C:  3BC00000   li   r30,0
801D5820:  38810008   addi   r4,r1,8
801D5824:  38C00000   li   r6,0
801D5828:  90650004   stw   r3,4(r5)
801D582C:  93C10008   stw   r30,8(r1)
801D5830:  80BF0020   lwz   r5,32(r31)
801D5834:  807F0014   lwz   r3,20(r31)
801D5838:  38A5000C   addi   r5,r5,12
801D583C:  48006555   bl   0x801dbd90 ---->branch link other function
801D5840:  809F0020   lwz   r4,32(r31)
801D5844:  98640008   stb   r3,8(r4)
801D5848:  807F0020   lwz   r3,32(r31)
801D584C:  9BC30009   stb   r30,9(r3)
801D5850:  809F0020   lwz   r4,32(r31) ----> =90040F78
801D5854:  88040008   lbz   r0,8(r4) ----> =808A6954
801D5858:  2C000000   cmpwi   r0,0
801D585C:  40820010   bne-   0x801d586c ----> branches to where it subs the r0 if it's not 0
801D5860:  80040000   lwz   r0,0(r4)
801D5864:  901F0010   stw   r0,16(r31)
801D5868:  48000054   b   0x801d58bc
801D586C:  8064000C   lwz   r3,12(r4) ----> loads DAR into r3 (*bp read)
801D5870:  3803FFFF   subi   r0,r3,1
801D5874:  9004000C   stw   r0,12(r4) ---> stores to DAR (*bp write)
801D5878:  809F0020   lwz   r4,32(r31)
801D587C:  8004000C   lwz   r0,12(r4)
801D5880:  2C000000   cmpwi   r0,0
801D5884:  41820010   beq-   0x801d5894 ---> branches to stop the game??
801D5888:  80040000   lwz   r0,0(r4)
801D588C:  901F0010   stw   r0,16(r31)
801D5890:  4800002C   b   0x801d58bc
801D5894:  801F0034   lwz   r0,52(r31)  ----> load stop the game
801D5898:  80640004   lwz   r3,4(r4)
801D589C:  7C040040   cmplw   r4,r0
801D58A0:  907F0010   stw   r3,16(r31)
801D58A4:  40820010   bne-   0x801d58b4 ---> branch to end
801D58A8:  38000000   li   r0,0
801D58AC:  901F0020   stw   r0,32(r31)
801D58B0:  4800000C   b   0x801d58bc ---> branch to end
801D58B4:  3804FFF0   subi   r0,r4,16
801D58B8:  901F0020   stw   r0,32(r31)
801D58BC:  BBC10018   lmw   r30,24(r1)
801D58C0:  80010024   lwz   r0,36(r1)
801D58C4:  7C0803A6   mtlr   r0
801D58C8:  38210020   addi   r1,r1,32
801D58CC:  4E800020   blr   [/spoiler]
Because I can't hook it properly, I can't see the registers right!
This is for the Rock Meter.
So I'm thinking that where it branches to the sub, to replace it with a bne- to the end but it freezes.
What WOULD be the nicest thing to do here?
You can pm me, I've got time for your troubles.

Patedj

#1
February 27, 2011, 12:39:24 AM
I decided to go on my own tangent here and found out that Guitar Hero Metallica doesn't use the same location and figuration to calculate the Guitar Rock Meter. So here is the working Rock Meter Address
903F0B80 which works when poked!
Let's see if I can figure out what is subtracting and adding to the address.
You can pm me, I've got time for your troubles.

Patedj

#2
February 27, 2011, 01:04:08 AM
Easy code for Guitar Rock Meter
42000000 90000000
04084920 40000000
E0000000 80008000
You can pm me, I've got time for your troubles.

Deathwolf

#3
February 27, 2011, 01:05:23 AM
it's really called Guitar Hero "Metallica"?
lolz

Patedj

#4
February 27, 2011, 03:31:36 AM
Quote from: Deathwolf on February 27, 2011, 01:05:23 AM
it's really called Guitar Hero "Metallica"?

I did a quick search and yes. Unless you know different. I'm happy to be stood corrected.
You can pm me, I've got time for your troubles.

Deathwolf

#5
February 27, 2011, 12:38:25 PM
Sure I know this Metal band but I didn't know this game which is called Metallica.
lolz
Print
Go Up Pages1
User actions