De Blob 2 [SDBP78]

Started by Patedj, March 17, 2011, 12:57:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Patedj

March 17, 2011, 12:57:07 PM Last Edit: September 06, 2011, 01:39:43 AM by Arudo
I loved the first blob so I had to get the second!
unfortunately I can't figure out the clock
I tried nopping, adding subtracting... all with walking the stack...

There's only 1 address in both 80s and 90s
Code type:
[spoiler]2866589A 00001000 --->controller
042A3F2C 60000000 ---> asm nop
CC000000 00000000 ---> on off
042A3F2C 90A30138 ---> original
[/spoiler]
This doesn't stop the clock entirely, only masks it.

Registers
[spoiler]  CR:82200828  XER:00000000  CTR:800D5D60 DSIS:02400000
DAR:81043190 SRR0:802A3F30 SRR1:0000A032   LR:8014DB98
  r0:00000001   r1:8069DBD0   r2:80687000   r3:81043060
  r4:0000001A   r5:0000002D   r6:00000000   r7:00000000
  r8:900163D8   r9:00000002  r10:8069DBF0  r11:8069DBE0
r12:8069DBF0  r13:80680F00  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:00000000
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:00000000  r25:00000000  r26:00000000  r27:00000000
r28:00000000  r29:00000645  r30:00000645  r31:81043060

  f0:44C89FA6   f1:44C8A000   f2:59C00000   f3:00000000
  f4:C29AB482   f5:436520EE   f6:3D5CF381   f7:3A319AC2
  f8:3ADB1C97   f9:398FF24B  f10:383C078F  f11:3E088888
f12:3CB327A4  f13:3B6B6916  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:3C88AB17  f30:3C88AB17  f31:44C8A02F[/spoiler]

Function
[spoiler]802A3EF0:  9421FFE0   stwu   r1,-32(r1)
802A3EF4:  7C0802A6   mflr   r0
802A3EF8:  90010024   stw   r0,36(r1)
802A3EFC:  93E1001C   stw   r31,28(r1)
802A3F00:  7C7F1B78   mr   r31,r3
802A3F04:  80030134   lwz   r0,308(r3)
802A3F08:  7C040000   cmpw   r4,r0
802A3F0C:  41820010   beq-   0x802a3f1c
802A3F10:  38000001   li   r0,1
802A3F14:  90830134   stw   r4,308(r3)
802A3F18:  98030130   stb   r0,304(r3)
802A3F1C:  80030138   lwz   r0,312(r3)
802A3F20:  7C050000   cmpw   r5,r0
802A3F24:  41820010   beq-   0x802a3f34
802A3F28:  38000001   li   r0,1
802A3F2C:  90A30138   stw   r5,312(r3) ---> breaks here.
802A3F30:  98030130   stb   r0,304(r3)
802A3F34:  88030130   lbz   r0,304(r3)
802A3F38:  2C000000   cmpwi   r0,0
802A3F3C:  418200E4   beq-   0x802a4020
802A3F40:  8083017C   lwz   r4,380(r3)
802A3F44:  2C040000   cmpwi   r4,0
802A3F48:  41820050   beq-   0x802a3f98
802A3F4C:  6CA38000   xoris   r3,r5,32768
802A3F50:  3C004330   lis   r0,17200
802A3F54:  9061000C   stw   r3,12(r1)
802A3F58:  38640068   addi   r3,r4,104
802A3F5C:  C822B530   lfd   f1,-19152(r2)
802A3F60:  38800001   li   r4,1
802A3F64:  90010008   stw   r0,8(r1)
802A3F68:  C062B528   lfs   f3,-19160(r2)
802A3F6C:  C8010008   lfd   f0,8(r1)
802A3F70:  C042B524   lfs   f2,-19164(r2)
802A3F74:  EC800828   fsubs   f4,f0,f1
802A3F78:  C01F0190   lfs   f0,400(r31)
802A3F7C:  C03F018C   lfs   f1,396(r31)
802A3F80:  EC641824   fdivs   f3,f4,f3
802A3F84:  EC421828   fsubs   f2,f2,f3
802A3F88:  EC000828   fsubs   f0,f0,f1
802A3F8C:  EC020032   fmuls   f0,f2,f0
802A3F90:  EC21002A   fadds   f1,f1,f0
802A3F94:  48073F6D   bl   0x80317f00
802A3F98:  80DF0134   lwz   r6,308(r31)
802A3F9C:  80FF0138   lwz   r7,312(r31)
802A3FA0:  2C060000   cmpwi   r6,0
802A3FA4:  40820034   bne-   0x802a3fd8
802A3FA8:  3CC08059   lis   r6,-32679
802A3FAC:  2C07000A   cmpwi   r7,10
802A3FB0:  38C6CC20   subi   r6,r6,13280
802A3FB4:  387F013C   addi   r3,r31,316
802A3FB8:  38A60072   addi   r5,r6,114
802A3FBC:  38800010   li   r4,16
802A3FC0:  40800008   bge-   0x802a3fc8
802A3FC4:  38A60066   addi   r5,r6,102
802A3FC8:  7CE63B78   mr   r6,r7
802A3FCC:  4CC63182   crclr   6,6
802A3FD0:  4805B7B1   bl   0x802ff780
802A3FD4:  4800002C   b   0x802a4000
802A3FD8:  3D008059   lis   r8,-32679
802A3FDC:  2C07000A   cmpwi   r7,10
802A3FE0:  3908CC20   subi   r8,r8,13280
802A3FE4:  387F013C   addi   r3,r31,316
802A3FE8:  38A8008A   addi   r5,r8,138
802A3FEC:  38800010   li   r4,16
802A3FF0:  40800008   bge-   0x802a3ff8
802A3FF4:  38A8007C   addi   r5,r8,124
802A3FF8:  4CC63182   crclr   6,6
802A3FFC:  4805B785   bl   0x802ff780
802A4000:  819F0000   lwz   r12,0(r31)
802A4004:  7FE3FB78   mr   r3,r31
802A4008:  389F013C   addi   r4,r31,316
802A400C:  38A00000   li   r5,0
802A4010:  818C0094   lwz   r12,148(r12)
802A4014:  38C0FFFF   li   r6,-1
802A4018:  7D8903A6   mtctr   r12
802A401C:  4E800421   bctrl   
802A4020:  80010024   lwz   r0,36(r1)
802A4024:  83E1001C   lwz   r31,28(r1)
802A4028:  7C0803A6   mtlr   r0
802A402C:  38210020   addi   r1,r1,32
802A4030:  4E800020   blr   
[/spoiler]
Stacks
[spoiler]802A3F2C
8014DB94
8014DB94
8014EECC
801239E0
80129C40
800AD8BC
802FD514
800A8828
800041B0
[/spoiler]

LR function
[spoiler]8014D950:  9421FFA0   stwu   r1,-96(r1)
8014D954:  7C0802A6   mflr   r0
8014D958:  90010064   stw   r0,100(r1)
8014D95C:  DBE10050   stfd   f31,80(r1)
8014D960:  F3E10058   psq_st   f31,88(r1),0,0
8014D964:  DBC10040   stfd   f30,64(r1)
8014D968:  F3C10048   psq_st   f30,72(r1),0,0
8014D96C:  FFC00890   fmr   f30,f1
8014D970:  93E1003C   stw   r31,60(r1)
8014D974:  7C7F1B78   mr   r31,r3
8014D978:  93C10038   stw   r30,56(r1)
8014D97C:  3BC00000   li   r30,0
8014D980:  93A10034   stw   r29,52(r1)
8014D984:  3BA3021C   addi   r29,r3,540
8014D988:  93810030   stw   r28,48(r1)
8014D98C:  48000018   b   0x8014d9a4
8014D990:  FC20F090   fmr   f1,f30
8014D994:  7FA3EB78   mr   r3,r29
8014D998:  48003179   bl   0x80150b10
8014D99C:  3BBD0020   addi   r29,r29,32
8014D9A0:  3BDE0001   addi   r30,r30,1  -----> freezes the game if I change it to sub
8014D9A4:  806DC610   lwz   r3,-14832(r13)
8014D9A8:  88030064   lbz   r0,100(r3)
8014D9AC:  2C000000   cmpwi   r0,0
8014D9B0:  4182000C   beq-   0x8014d9bc
8014D9B4:  80030060   lwz   r0,96(r3)
8014D9B8:  48000008   b   0x8014d9c0
8014D9BC:  38000000   li   r0,0
8014D9C0:  7C1E0000   cmpw   r30,r0
8014D9C4:  4180FFCC   blt+   0x8014d990
8014D9C8:  807F02AC   lwz   r3,684(r31)
8014D9CC:  38800000   li   r4,0
8014D9D0:  C01F000C   lfs   f0,12(r31)
8014D9D4:  881F0000   lbz   r0,0(r31)
8014D9D8:  EC00F02A   fadds   f0,f0,f30
8014D9DC:  8B83001B   lbz   r28,27(r3)
8014D9E0:  2C000000   cmpwi   r0,0
8014D9E4:  D01F000C   stfs   f0,12(r31)
8014D9E8:  40820014   bne-   0x8014d9fc
8014D9EC:  806DD0E0   lwz   r3,-12064(r13)
8014D9F0:  88030333   lbz   r0,819(r3)
8014D9F4:  2C000000   cmpwi   r0,0
8014D9F8:  41820008   beq-   0x8014da00
8014D9FC:  38800001   li   r4,1
8014DA00:  2C040000   cmpwi   r4,0
8014DA04:  41820124   beq-   0x8014db28
8014DA08:  881F0010   lbz   r0,16(r31)
8014DA0C:  2C000000   cmpwi   r0,0
8014DA10:  40820118   bne-   0x8014db28
8014DA14:  C3FF0008   lfs   f31,8(r31)
8014DA18:  C84292E8   lfd   f2,-27928(r2)
8014DA1C:  EC1FF028   fsubs   f0,f31,f30
8014DA20:  FC3F102A   fadd   f1,f31,f2
8014DA24:  D01F0008   stfs   f0,8(r31)
8014DA28:  FC011028   fsub   f0,f1,f2
8014DA2C:  D8210018   stfd   f1,24(r1)
8014DA30:  FC00F840   fcmpo   cr0,f0,f31
8014DA34:  40810010   ble-   0x8014da44
8014DA38:  8061001C   lwz   r3,28(r1)
8014DA3C:  3BC3FFFF   subi   r30,r3,1
8014DA40:  48000008   b   0x8014da48
8014DA44:  83C1001C   lwz   r30,28(r1)
8014DA48:  C01F0008   lfs   f0,8(r31)
8014DA4C:  C84292E8   lfd   f2,-27928(r2)
8014DA50:  FC20102A   fadd   f1,f0,f2
8014DA54:  D8210010   stfd   f1,16(r1)
8014DA58:  FC211028   fsub   f1,f1,f2
8014DA5C:  FC010040   fcmpo   cr0,f1,f0
8014DA60:  40810010   ble-   0x8014da70
8014DA64:  80610014   lwz   r3,20(r1)
8014DA68:  3BA3FFFF   subi   r29,r3,1
8014DA6C:  48000008   b   0x8014da74
8014DA70:  83A10014   lwz   r29,20(r1)
8014DA74:  2C1E003C   cmpwi   r30,60
8014DA78:  40820020   bne-   0x8014da98
8014DA7C:  7C1EE800   cmpw   r30,r29
8014DA80:  41820018   beq-   0x8014da98
8014DA84:  3C608055   lis   r3,-32683
8014DA88:  38A00001   li   r5,1
8014DA8C:  3863BAF0   subi   r3,r3,17680
8014DA90:  3883000D   addi   r4,r3,13
8014DA94:  4BF82CED   bl   0x800d0780
8014DA98:  381EFFFF   subi   r0,r30,1
8014DA9C:  28000004   cmplwi   r0,4
8014DAA0:  41810020   bgt-   0x8014dac0
8014DAA4:  7C1EE800   cmpw   r30,r29
8014DAA8:  41820018   beq-   0x8014dac0
8014DAAC:  3C608055   lis   r3,-32683
8014DAB0:  38A00001   li   r5,1
8014DAB4:  3863BAF0   subi   r3,r3,17680
8014DAB8:  3883001B   addi   r4,r3,27
8014DABC:  4BF82CC5   bl   0x800d0780
8014DAC0:  881F0000   lbz   r0,0(r31)
8014DAC4:  2C000000   cmpwi   r0,0
8014DAC8:  4082004C   bne-   0x8014db14
8014DACC:  C02292F0   lfs   f1,-27920(r2)
8014DAD0:  FC1F0840   fcmpo   cr0,f31,f1
8014DAD4:  40810040   ble-   0x8014db14
8014DAD8:  C01F0008   lfs   f0,8(r31)
8014DADC:  FC000840   fcmpo   cr0,f0,f1
8014DAE0:  4C401382   cror   2,0,2
8014DAE4:  40820030   bne-   0x8014db14
8014DAE8:  2C1C0000   cmpwi   r28,0
8014DAEC:  40820028   bne-   0x8014db14
8014DAF0:  C022A510   lfs   f1,-23280(r2)
8014DAF4:  38600002   li   r3,2
8014DAF8:  388003FC   li   r4,1020
8014DAFC:  38A00005   li   r5,5
8014DB00:  38C00000   li   r6,0
8014DB04:  38E00001   li   r7,1
8014DB08:  39000000   li   r8,0
8014DB0C:  39200000   li   r9,0
8014DB10:  480BD241   bl   0x8020ad50
8014DB14:  C03F0008   lfs   f1,8(r31)
8014DB18:  C00292E4   lfs   f0,-27932(r2)
8014DB1C:  FC010040   fcmpo   cr0,f1,f0
8014DB20:  40800008   bge-   0x8014db28
8014DB24:  D01F0008   stfs   f0,8(r31)
8014DB28:  C01F0008   lfs   f0,8(r31)
8014DB2C:  C84292E8   lfd   f2,-27928(r2)
8014DB30:  FC20102A   fadd   f1,f0,f2
8014DB34:  D8210008   stfd   f1,8(r1)
8014DB38:  FC211028   fsub   f1,f1,f2
8014DB3C:  FC010040   fcmpo   cr0,f1,f0
8014DB40:  40800010   bge-   0x8014db50
8014DB44:  8061000C   lwz   r3,12(r1)
8014DB48:  3BA30001   addi   r29,r3,1
8014DB4C:  48000008   b   0x8014db54
8014DB50:  83A1000C   lwz   r29,12(r1)
8014DB54:  806DD0E0   lwz   r3,-12064(r13)
8014DB58:  2C030000   cmpwi   r3,0
8014DB5C:  4182003C   beq-   0x8014db98
8014DB60:  3C808889   lis   r4,-30583
8014DB64:  80630130   lwz   r3,304(r3)
8014DB68:  38048889   subi   r0,r4,30583
8014DB6C:  7C00E896   mulhw   r0,r0,r29
8014DB70:  7C00EA14   add   r0,r0,r29
8014DB74:  7C052E70   srawi   r5,r0,5
8014DB78:  7C002E70   srawi   r0,r0,5
8014DB7C:  54040FFE   rlwinm   r4,r0,1,31,31
8014DB80:  54A60FFE   rlwinm   r6,r5,1,31,31
8014DB84:  7C002214   add   r0,r0,r4
8014DB88:  1C00003C   mulli   r0,r0,60
8014DB8C:  7C853214   add   r4,r5,r6
8014DB90:  7CA0E850   sub   r5,r29,r0 ---> add = works but there's more then this making it go
                                                                                  up or down!! r30 and r3 also influence I think
8014DB94:  4815635D   bl   0x802a3ef0
8014DB98:  806DCAE0   lwz   r3,-13600(r13)
8014DB9C:  7FA4EB78   mr   r4,r29
8014DBA0:  480021D1   bl   0x8014fd70
8014DBA4:  C01F000C   lfs   f0,12(r31)
8014DBA8:  806DCAE0   lwz   r3,-13600(r13)
8014DBAC:  FC00001E   fctiwz   f0,f0
8014DBB0:  D8010020   stfd   f0,32(r1)
8014DBB4:  80810024   lwz   r4,36(r1)
8014DBB8:  48002299   bl   0x8014fe50
8014DBBC:  80010064   lwz   r0,100(r1)
8014DBC0:  E3E10058   psq_l   f31,88(r1),0,0
8014DBC4:  CBE10050   lfd   f31,80(r1)
8014DBC8:  E3C10048   psq_l   f30,72(r1),0,0
8014DBCC:  CBC10040   lfd   f30,64(r1)
8014DBD0:  83E1003C   lwz   r31,60(r1)
8014DBD4:  83C10038   lwz   r30,56(r1)
8014DBD8:  83A10034   lwz   r29,52(r1)
8014DBDC:  83810030   lwz   r28,48(r1)
8014DBE0:  7C0803A6   mtlr   r0
8014DBE4:  38210060   addi   r1,r1,96
8014DBE8:  4E800020   blr   
[/spoiler]
help
You can pm me, I've got time for your troubles.

dcx2

#1
March 17, 2011, 07:35:25 PM Last Edit: March 18, 2011, 02:39:02 PM by dcx2
8014DB8C:  7C853214   add   r4,r5,r6
8014DB90:  7CA0E850   sub   r5,r29,r0
8014DB94:  4815635D   bl   0x802a3ef0

From the rest of it, it kinda looks like r4 and r5 right here are doing some sort of minutes and seconds thing, or seconds/subseconds.

Sure enough, look at r30, r4, and r5.

60 * r4 + r5 = r30

0x3C * 0x1A = 0x618

0x618 + 0x2D = 0x645

Where does r30 come from?

8014DA44:  83C1001C   lwz   r30,28(r1)

Where does 28(r1) come from?  This part is tricky.  They're using double precision floating point, soo we must look for an 8-byte write to 24(r1).  Bingo!  stfd writes 8 bytes, not 4.

8014DA2C:  D8210018   stfd   f1,24(r1)

Were did f1 come from?

8014DA14:  C3FF0008   lfs   f31,8(r31)
8014DA18:  C84292E8   lfd   f2,-27928(r2)
...
8014DA20:  FC3F102A   fadd   f1,f31,f2

f2 is loaded from r2, which is a pointer to a bunch of constants, so that's not our guy.  However, f31 comes from 8(r31).  A similar train of thought explains the identical value in r29.

---

I recommend the following.

1) Set an execute breakpoint on 8014DA14: C3FF0008    lfs   f31,8(r31)
2) When it hits, press the Show Mem button.  You will be taken to Memory Viewer and you'll be looking at 8(r31).
3) Change the Memory Viewer View Mode to Single to make it easier to understand
4) Press "Run Game"
5) Check "auto-update"

You should see the timer now.

Patedj

#2
March 17, 2011, 11:57:03 PM Last Edit: March 18, 2011, 12:02:32 AM by Patedj
Perfect, I thought that there would be something pushing the timer like that. Excellent!
here's the code
Timer On/Off deciphered by dcx2 inspired by me
2866589A 00001000
0414DA24 60000000
CC000000 00000000
0414DA24 D01F0008
E0000000 80008000

push - to stop the timer.

looking a little higher shows me where it subs so
Time adds
0414DA1C EC1FF02A
You can pm me, I've got time for your troubles.

Patedj

#3
March 22, 2011, 02:34:01 AM Last Edit: March 23, 2011, 11:54:39 AM by Patedj
I'm having difficulty with the same type of timer, for the same game. This time it's activated when you hit a zoom button. ( it allows you to go fast). It gives us 30 seconds to act.

Registers:[spoiler]
CR:88200848  XER:20000000  CTR:800D5D60 DSIS:02400000
DAR:81043B0C SRR0:802A3038 SRR1:0000A032   LR:802A3000
 r0:0000001E   r1:8069D920   r2:80687000   r3:80A221F0
 r4:80590000   r5:0000001D   r6:00000012   r7:908ACC90
 r8:00000008   r9:900A3930  r10:8069D940  r11:8069D930
r12:800D5D60  r13:80680F00  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:00000000
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:90B5DE40  r25:00000000  r26:80C67AF0  r27:909A5500
r28:80C67AF0  r29:909A5518  r30:00000008  r31:81043970

 f0:41E80000   f1:59C00000   f2:41E8201B   f3:00000000
 f4:00000000   f5:3F800000   f6:00000000   f7:00000000
 f8:43D2E3E4   f9:00000000  f10:00000000  f11:3F800000
f12:C3D9B974  f13:3F800000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:3C88A9D9  f30:3C88A9D9  f31:41E7FDF1
[/spoiler]
Function:
[spoiler]802A2F60:  9421FFE0   stwu   r1,-32(r1)
802A2F64:  7C0802A6   mflr   r0
802A2F68:  90010024   stw   r0,36(r1)
802A2F6C:  DBE10018   stfd   f31,24(r1)
802A2F70:  FFE00890   fmr   f31,f1
802A2F74:  93E10014   stw   r31,20(r1)
802A2F78:  7C7F1B78   mr   r31,r3
802A2F7C:  93C10010   stw   r30,16(r1)
802A2F80:  7C9E2378   mr   r30,r4
802A2F84:  8003017C   lwz   r0,380(r3)
802A2F88:  2C000000   cmpwi   r0,0
802A2F8C:  41820138   beq-   0x802a30c4
802A2F90:  2C040000   cmpwi   r4,0
802A2F94:  418200CC   beq-   0x802a3060
802A2F98:  80630188   lwz   r3,392(r3)
802A2F9C:  38A00000   li   r5,0
802A2FA0:  8803000C   lbz   r0,12(r3)
802A2FA4:  540007FE   rlwinm   r0,r0,0,31,31
802A2FA8:  2C000001   cmpwi   r0,1
802A2FAC:  40820018   bne-   0x802a2fc4
802A2FB0:  8883000F   lbz   r4,15(r3)
802A2FB4:  880DA6F0   lbz   r0,-22800(r13)
802A2FB8:  7C800039   and.   r0,r4,r0
802A2FBC:  41820008   beq-   0x802a2fc4
802A2FC0:  38A00001   li   r5,1
802A2FC4:  2C050000   cmpwi   r5,0
802A2FC8:  40820018   bne-   0x802a2fe0
802A2FCC:  81830000   lwz   r12,0(r3)
802A2FD0:  38800001   li   r4,1
802A2FD4:  818C003C   lwz   r12,60(r12)
802A2FD8:  7D8903A6   mtctr   r12
802A2FDC:  4E800421   bctrl   
802A2FE0:  807F0184   lwz   r3,388(r31)
802A2FE4:  381EFFFF   subi   r0,r30,1
802A2FE8:  7C000034   cntlzw   r0,r0
802A2FEC:  81830000   lwz   r12,0(r3)
802A2FF0:  5404D97E   rlwinm   r4,r0,27,5,31
802A2FF4:  818C003C   lwz   r12,60(r12)
802A2FF8:  7D8903A6   mtctr   r12
802A2FFC:  4E800421   bctrl   
802A3000:  C822B508   lfd   f1,-19192(r2) LR for the write
802A3004:  FC1F082A   fadd   f0,f31,f1
802A3008:  D8010008   stfd   f0,8(r1)
802A300C:  FC000828   fsub   f0,f0,f1
802A3010:  FC00F840   fcmpo   cr0,f0,f31
802A3014:  40800010   bge-   0x802a3024
802A3018:  8061000C   lwz   r3,12(r1)
802A301C:  38A30001   addi   r5,r3,1
802A3020:  48000008   b   0x802a3028
802A3024:  80A1000C   lwz   r5,12(r1)
802A3028:  801F019C   lwz   r0,412(r31)
802A302C:  7C050000   cmpw   r5,r0
802A3030:  41820094   beq-   0x802a30c4
802A3034:  3C808059   lis   r4,-32679
802A3038:  90BF019C   stw   r5,412(r31) Write
802A303C:  3884C524   subi   r4,r4,15068
802A3040:  387F0140   addi   r3,r31,320
802A3044:  38840220   addi   r4,r4,544
802A3048:  4CC63182   crclr   6,6
802A304C:  4805C6A5   bl   0x802ff6f0
802A3050:  807F018C   lwz   r3,396(r31)
802A3054:  381F0140   addi   r0,r31,320
802A3058:  9003006C   stw   r0,108(r3)
802A305C:  48000068   b   0x802a30c4
802A3060:  80830188   lwz   r4,392(r3)
802A3064:  38A00000   li   r5,0
802A3068:  8804000C   lbz   r0,12(r4)
802A306C:  540007FE   rlwinm   r0,r0,0,31,31
802A3070:  2C000001   cmpwi   r0,1
802A3074:  40820018   bne-   0x802a308c
802A3078:  8884000F   lbz   r4,15(r4)
802A307C:  880DA6F0   lbz   r0,-22800(r13)
802A3080:  7C800039   and.   r0,r4,r0
802A3084:  41820008   beq-   0x802a308c
802A3088:  38A00001   li   r5,1
802A308C:  2C050000   cmpwi   r5,0
802A3090:  41820034   beq-   0x802a30c4
802A3094:  80630184   lwz   r3,388(r3)
802A3098:  38800000   li   r4,0
802A309C:  81830000   lwz   r12,0(r3)
802A30A0:  818C003C   lwz   r12,60(r12)
802A30A4:  7D8903A6   mtctr   r12
802A30A8:  4E800421   bctrl   
802A30AC:  807F0188   lwz   r3,392(r31)
802A30B0:  38800000   li   r4,0
802A30B4:  81830000   lwz   r12,0(r3)
802A30B8:  818C003C   lwz   r12,60(r12)
802A30BC:  7D8903A6   mtctr   r12
802A30C0:  4E800421   bctrl   
802A30C4:  80010024   lwz   r0,36(r1)
802A30C8:  CBE10018   lfd   f31,24(r1)
802A30CC:  83E10014   lwz   r31,20(r1)
802A30D0:  83C10010   lwz   r30,16(r1)
802A30D4:  7C0803A6   mtlr   r0
802A30D8:  38210020   addi   r1,r1,32
802A30DC:  4E800020   blr   [/spoiler]

This is where it writes
802A3038:  90BF019C   stw   r5,412(r31)
802A303C:  3884C524   subi   r4,r4,15068
802A3040:  387F0140   addi   r3,r31,320
802A3044:  38840220   addi   r4,r4,544

1.where does r5 come from?
 802A3024:  80A1000C   lwz   r5,12(r1) (from 12(r1)
2. where does 12(r1) come from??? Would it be from the LR? Let's check

LR=802A3000 = That's not it,
How about the stwu's LR
Function:[spoiler]8018CC40:  9421FFE0   stwu   r1,-32(r1)
8018CC44:  7C0802A6   mflr   r0
8018CC48:  90010024   stw   r0,36(r1)
8018CC4C:  DBE10010   stfd   f31,16(r1)
8018CC50:  F3E10018   psq_st   f31,24(r1),0,0
8018CC54:  FFE00890   fmr   f31,f1
8018CC58:  93E1000C   stw   r31,12(r1)
8018CC5C:  93C10008   stw   r30,8(r1)
8018CC60:  7C7E1B78   mr   r30,r3
8018CC64:  4BFFF7BD   bl   0x8018c420
8018CC68:  801E0930   lwz   r0,2352(r30)
8018CC6C:  2C000000   cmpwi   r0,0
8018CC70:  40810010   ble-   0x8018cc80
8018CC74:  FC20F890   fmr   f1,f31
8018CC78:  7FC3F378   mr   r3,r30
8018CC7C:  480010E5   bl   0x8018dd60
8018CC80:  FC20F890   fmr   f1,f31
8018CC84:  7FC3F378   mr   r3,r30
8018CC88:  48002119   bl   0x8018eda0
8018CC8C:  C05E0014   lfs   f2,20(r30)
8018CC90:  C0229924   lfs   f1,-26332(r2)
8018CC94:  FC020840   fcmpo   cr0,f2,f1
8018CC98:  4C401382   cror   2,0,2
8018CC9C:  41820274   beq-   0x8018cf10
8018CCA0:  C01E0018   lfs   f0,24(r30)
8018CCA4:  881E0034   lbz   r0,52(r30)
8018CCA8:  EC00F82A   fadds   f0,f0,f31
8018CCAC:  2C000000   cmpwi   r0,0
8018CCB0:  D01E0018   stfs   f0,24(r30)
8018CCB4:  40820038   bne-   0x8018ccec
8018CCB8:  806DCAD8   lwz   r3,-13608(r13)
8018CCBC:  88030014   lbz   r0,20(r3)
8018CCC0:  2C000000   cmpwi   r0,0
8018CCC4:  40820028   bne-   0x8018ccec
8018CCC8:  EC02F828   fsubs   f0,f2,f31
8018CCCC:  D01E0014   stfs   f0,20(r30)
8018CCD0:  FC000840   fcmpo   cr0,f0,f1
8018CCD4:  4C401382   cror   2,0,2
8018CCD8:  40820014   bne-   0x8018ccec
8018CCDC:  7FC3F378   mr   r3,r30
8018CCE0:  38800001   li   r4,1
8018CCE4:  4BFFF37D   bl   0x8018c060
8018CCE8:  48000228   b   0x8018cf10
8018CCEC:  C03E0014   lfs   f1,20(r30)
8018CCF0:  C0029954   lfs   f0,-26284(r2)
8018CCF4:  FC010040   fcmpo   cr0,f1,f0
8018CCF8:  4C401382   cror   2,0,2
8018CCFC:  4082006C   bne-   0x8018cd68
8018CD00:  C0029958   lfs   f0,-26280(r2)
8018CD04:  FC010040   fcmpo   cr0,f1,f0
8018CD08:  40800014   bge-   0x8018cd1c
8018CD0C:  C002995C   lfs   f0,-26276(r2)
8018CD10:  C0629940   lfs   f3,-26304(r2)
8018CD14:  EC810032   fmuls   f4,f1,f0
8018CD18:  4800000C   b   0x8018cd24
8018CD1C:  EC810032   fmuls   f4,f1,f0
8018CD20:  C0629960   lfs   f3,-26272(r2)
8018CD24:  C8429968   lfd   f2,-26264(r2)
8018CD28:  C8029970   lfd   f0,-26256(r2)
8018CD2C:  FC24102A   fadd   f1,f4,f2
8018CD30:  FC411028   fsub   f2,f1,f2
8018CD34:  FC241028   fsub   f1,f4,f2
8018CD38:  FC020028   fsub   f0,f2,f0
8018CD3C:  FC0100AE   fsel   f0,f1,f2,f0
8018CD40:  FC000018   frsp   f0,f0
8018CD44:  EC040028   fsubs   f0,f4,f0
8018CD48:  FC001840   fcmpo   cr0,f0,f3
8018CD4C:  40810010   ble-   0x8018cd5c
8018CD50:  38000002   li   r0,2
8018CD54:  901E0048   stw   r0,72(r30)
8018CD58:  48000018   b   0x8018cd70
8018CD5C:  38000001   li   r0,1
8018CD60:  901E0048   stw   r0,72(r30)
8018CD64:  4800000C   b   0x8018cd70
8018CD68:  38000000   li   r0,0
8018CD6C:  901E0048   stw   r0,72(r30)
8018CD70:  801E0020   lwz   r0,32(r30)
8018CD74:  541F06BE   rlwinm   r31,r0,0,26,31
8018CD78:  281F0001   cmplwi   r31,1
8018CD7C:  41820018   beq-   0x8018cd94
8018CD80:  281F0004   cmplwi   r31,4
8018CD84:  418200AC   beq-   0x8018ce30
8018CD88:  281F0020   cmplwi   r31,32
8018CD8C:  4182012C   beq-   0x8018ceb8
8018CD90:  48000160   b   0x8018cef0
8018CD94:  C03E0030   lfs   f1,48(r30)
8018CD98:  C0029924   lfs   f0,-26332(r2)
8018CD9C:  FC010040   fcmpo   cr0,f1,f0
8018CDA0:  4081000C   ble-   0x8018cdac
8018CDA4:  EC01F828   fsubs   f0,f1,f31
8018CDA8:  D01E0030   stfs   f0,48(r30)
8018CDAC:  C03E002C   lfs   f1,44(r30)
8018CDB0:  C0029924   lfs   f0,-26332(r2)
8018CDB4:  EC21F828   fsubs   f1,f1,f31
8018CDB8:  D03E002C   stfs   f1,44(r30)
8018CDBC:  FC010040   fcmpo   cr0,f1,f0
8018CDC0:  4C401382   cror   2,0,2
8018CDC4:  4082012C   bne-   0x8018cef0
8018CDC8:  C002992C   lfs   f0,-26324(r2)
8018CDCC:  807E0038   lwz   r3,56(r30)
8018CDD0:  EC01002A   fadds   f0,f1,f0
8018CDD4:  38030001   addi   r0,r3,1
8018CDD8:  901E0038   stw   r0,56(r30)
8018CDDC:  2C000007   cmpwi   r0,7
8018CDE0:  D01E002C   stfs   f0,44(r30)
8018CDE4:  41800008   blt-   0x8018cdec
8018CDE8:  38000000   li   r0,0
8018CDEC:  38800001   li   r4,1
8018CDF0:  3C608055   lis   r3,-32683
8018CDF4:  901E0038   stw   r0,56(r30)
8018CDF8:  5400103A   rlwinm   r0,r0,2,0,29
8018CDFC:  80DE000C   lwz   r6,12(r30)
8018CE00:  3863CC78   subi   r3,r3,13192
8018CE04:  989E003C   stb   r4,60(r30)
8018CE08:  38A00000   li   r5,0
8018CE0C:  7C83002E   lwzx   r4,r3,r0
8018CE10:  80660124   lwz   r3,292(r6)
8018CE14:  4BFF723D   bl   0x80184050
8018CE18:  38000000   li   r0,0
8018CE1C:  981E003C   stb   r0,60(r30)
8018CE20:  807E000C   lwz   r3,12(r30)
8018CE24:  80630130   lwz   r3,304(r3)
8018CE28:  4800CB99   bl   0x801999c0
8018CE2C:  480000C4   b   0x8018cef0
8018CE30:  801E0048   lwz   r0,72(r30)
8018CE34:  2C000000   cmpwi   r0,0
8018CE38:  41820024   beq-   0x8018ce5c
8018CE3C:  807E000C   lwz   r3,12(r30)
8018CE40:  38000001   li   r0,1
8018CE44:  C03E0014   lfs   f1,20(r30)
8018CE48:  C0029954   lfs   f0,-26284(r2)
8018CE4C:  80630138   lwz   r3,312(r3)
8018CE50:  EC000828   fsubs   f0,f0,f1
8018CE54:  D00300B4   stfs   f0,180(r3)
8018CE58:  901E0048   stw   r0,72(r30)
8018CE5C:  807E000C   lwz   r3,12(r30)
8018CE60:  80630150   lwz   r3,336(r3)
8018CE64:  4BFF629D   bl   0x80183100
8018CE68:  2C030000   cmpwi   r3,0
8018CE6C:  40820084   bne-   0x8018cef0
8018CE70:  C03E002C   lfs   f1,44(r30)
8018CE74:  C0029924   lfs   f0,-26332(r2)
8018CE78:  EC21F828   fsubs   f1,f1,f31
8018CE7C:  D03E002C   stfs   f1,44(r30)
8018CE80:  FC010040   fcmpo   cr0,f1,f0
8018CE84:  4C401382   cror   2,0,2
8018CE88:  40820068   bne-   0x8018cef0
8018CE8C:  808DCFA4   lwz   r4,-12380(r13)
8018CE90:  807E000C   lwz   r3,12(r30)
8018CE94:  C0040158   lfs   f0,344(r4)
8018CE98:  EC01002A   fadds   f0,f1,f0
8018CE9C:  D01E002C   stfs   f0,44(r30)
8018CEA0:  808DCFA4   lwz   r4,-12380(r13)
8018CEA4:  8003010C   lwz   r0,268(r3)
8018CEA8:  8084015C   lwz   r4,348(r4)
8018CEAC:  7C840214   add   r4,r4,r0
8018CEB0:  480A7F21   bl   0x80234dd0
8018CEB4:  4800003C   b   0x8018cef0
8018CEB8:  FC20F890   fmr   f1,f31
8018CEBC:  7FC3F378   mr   r3,r30
8018CEC0:  48000FA1   bl   0x8018de60
8018CEC4:  808DCFA4   lwz   r4,-12380(r13)
8018CEC8:  807E000C   lwz   r3,12(r30)
8018CECC:  C05E0014   lfs   f2,20(r30)
8018CED0:  C0240164   lfs   f1,356(r4)
8018CED4:  C0029928   lfs   f0,-26328(r2)
8018CED8:  EC220824   fdivs   f1,f2,f1
8018CEDC:  80630130   lwz   r3,304(r3)
8018CEE0:  EC200828   fsubs   f1,f0,f1
8018CEE4:  4800E11D   bl   0x8019b000
8018CEE8:  38000000   li   r0,0
8018CEEC:  901E0048   stw   r0,72(r30)
8018CEF0:  281F0020   cmplwi   r31,32
8018CEF4:  4182001C   beq-   0x8018cf10
8018CEF8:  807E000C   lwz   r3,12(r30)
8018CEFC:  801E0020   lwz   r0,32(r30)
8018CF00:  80630494   lwz   r3,1172(r3)
8018CF04:  C03E0014   lfs   f1,20(r30)
8018CF08:  540406BE   rlwinm   r4,r0,0,26,31
8018CF0C:  48116055   bl   0x802a2f60
8018CF10:  80010024   lwz   r0,36(r1)
8018CF14:  E3E10018   psq_l   f31,24(r1),0,0
8018CF18:  CBE10010   lfd   f31,16(r1)
8018CF1C:  83E1000C   lwz   r31,12(r1)
8018CF20:  83C10008   lwz   r30,8(r1)
8018CF24:  7C0803A6   mtlr   r0
8018CF28:  38210020   addi   r1,r1,32
8018CF2C:  4E800020   blr   
[/spoiler]

AHA! 8018CC58:  93E1000C   stw   r31,12(r1)
Now where does r31 come from? Let's check it's LR
It's 8018C3F0 = mr r3,r31
Now where does r3 come from?
from:8018C3C0: mr r31,r3
and right above this adddress we have stw r31,12(r1)
now where does r31 come from again?
yeah I'm lost

Function:
[spoiler]8018C3A0:  9421FFE0   stwu   r1,-32(r1)
8018C3A4:  7C0802A6   mflr   r0
8018C3A8:  C0029924   lfs   f0,-26332(r2)
8018C3AC:  90010024   stw   r0,36(r1)
8018C3B0:  DBE10010   stfd   f31,16(r1)
8018C3B4:  F3E10018   psq_st   f31,24(r1),0,0
8018C3B8:  FFE00890   fmr   f31,f1
8018C3BC:  93E1000C   stw   r31,12(r1)
8018C3C0:  7C7F1B78   mr   r31,r3
8018C3C4:  C0430044   lfs   f2,68(r3)
8018C3C8:  FC020040   fcmpo   cr0,f2,f0
8018C3CC:  40810020   ble-   0x8018c3ec
8018C3D0:  EC420828   fsubs   f2,f2,f1
8018C3D4:  D0430044   stfs   f2,68(r3)
8018C3D8:  C02D8D54   lfs   f1,-29356(r13)
8018C3DC:  EC020828   fsubs   f0,f2,f1
8018C3E0:  FC0008AE   fsel   f0,f0,f2,f1
8018C3E4:  FC000018   frsp   f0,f0
8018C3E8:  D0030044   stfs   f0,68(r3)
8018C3EC:  FC20F890   fmr   f1,f31
8018C3F0:  7FE3FB78   mr   r3,r31
8018C3F4:  4800084D   bl   0x8018cc40
8018C3F8:  FC20F890   fmr   f1,f31
8018C3FC:  7FE3FB78   mr   r3,r31
8018C400:  48000B31   bl   0x8018cf30
8018C404:  80010024   lwz   r0,36(r1)
8018C408:  E3E10018   psq_l   f31,24(r1),0,0
8018C40C:  CBE10010   lfd   f31,16(r1)
8018C410:  83E1000C   lwz   r31,12(r1)
8018C414:  7C0803A6   mtlr   r0
8018C418:  38210020   addi   r1,r1,32
8018C41C:  4E800020   blr   
[/spoiler]
 
You can pm me, I've got time for your troubles.

dcx2

#4
March 22, 2011, 03:24:50 AM
I admire your effort.  However, you were foiled by the double-precision floats again. =(

One thing first.  When you walked the stack looking for the source of 12(r1), you did not take into account the u in stwu r1, -32(r1).

Do you remember the . and what it means when it's at the end of an ASM instruction?  (free cmpwi rD, 0)

the u means "free subi rA, rA, d" (d = -32 in this case).  So when the stwu was executed, it changed the stack pointer, so 12(r1) isn't 12(r1) anymore, but 44(r1).  stwu has created a new stack frame, and 12(r1) in the old frame is not 12(r1) in the new frame

---

A second thing.  "802A3000:  C822B508   lfd   f1,-19192(r2) LR for the write"  You are not quite using LR correctly.  Do you see the bctrl just before it?  That bctrl put 802A3000 into the LR before branching to the counter (ctr).  The LR is the mechanism that allows this function to tell the next function how to get back here.  That is why you found 802A3000 in the LR - the function called with bctrl had just returned with blr.

---

Finally...remember: single precision is 32 bits = 4 bytes.  double precision is 64 bits = 8 bytes.

802A3008:  D8010008   stfd   f0,8(r1)
...
802A3024:  80A1000C   lwz   r5,12(r1)

Patedj

#5
March 22, 2011, 03:49:13 AM
I saved a log for this...
Here it is

[spoiler]

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 30   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.9   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.8   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.7   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.6   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.5   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.4   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.3   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.2   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29.1   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 29   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.9   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.8   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.7   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.6   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.5   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.4   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.3   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.2   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28.1   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 28   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 27.9   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 27.8   f1 = 6.7554E+15

802A3004:  FC1F082A   fadd   f0,f31,f1   f0 = 5   f31 = 27.7   f1 = 6.7554E+15
[/spoiler]
You can pm me, I've got time for your troubles.

Patedj

#6
March 22, 2011, 04:34:24 AM
Thank you dcx2!
Here is the code for zoom timer Add/Sub

Zoom Timer (B)+(-) to add or subtract
2866589A 00001400
0418CCC8 EC02F82A
CC000000 00000001
0418CCC8 EC02F828
E0000000 80008000
You can pm me, I've got time for your troubles.

Patedj

#7
March 22, 2011, 09:07:15 AM Last Edit: March 23, 2011, 01:16:49 PM by Patedj
 O0
There's no nicer reward than to see a student succeed

Rainbow Timer (B)+(-) To add or sub
2866589A 00001400
0418CCC8 EC02F82A
CC000000 00000001
0418CCC8 EC02F828
E0000000 80008000


Rainbow Color
0418CDD4 3800000x

0:Blue
1:Purple
2:Red
3:Orange
4:Yellow
5:Brown
6:Green

Button activated color when rainbow, not working (Can anybody fix this??)
[spoiler]I can't seem to get it right
0418CDD4 60000000 --> nop the original (add) address
2866589A 00007000 -> if c+z+(-) Then
C218CDD8 00000006
9421FFF0 91610008
819E0038 398C0001
91800000 2C000006
40810008 38000000
901E0038 81610008
38210010 00000000
2A66589A 00007000 --> end if
0418CDD8 901E0038 --> original stw r0,56(r30)
E0000000 80008000

ASM:
stwu r1,-16(r1)
stw r11,8(r1)
lwz r12,56(r30)
addi r12,r12,1
stw r12,0(r0)
cmpwi r0,6
ble- 0x08
li r0,0
stw r0,56(r30)
lwz r11,8(r1)
addi r1,r1,16

But doesn't work??
it's supposed to add 1 to r0 each time I press the button activator.

[/spoiler]


Next step is activating the rainbow Timer without hitting the Rainbow hologram.
If I poke the timer with a number, it doesn't activate it...
What next? Have to find what calls  it.


Found it. It breaks when it loads the rainbow and loads when It stops the rainbow.
+ Poking it makes de Blob Rainbow  O0
But how do I do this as an ASM code? Maybe I don't have to I'd have to use a pointer address... I'd rather ASM.
Registers when Rainbow
[spoiler]CR:24200888  XER:00000000  CTR:80369D40 DSIS:02400000
DAR:909A2620 SRR0:8018BF3C SRR1:0000A032   LR:8018BF24
 r0:03000001   r1:8069D9F0   r2:80687000   r3:00000003
 r4:90811560   r5:90B55640   r6:805C6000   r7:00000000
 r8:92EBA100   r9:FFFFFFC3  r10:00000000  r11:8069D9E0
r12:80369D40  r13:80680F00  r14:00000000  r15:00000000
r16:00000000  r17:00000000  r18:00000000  r19:00000000
r20:00000000  r21:00000000  r22:00000000  r23:00000000
r24:90B5DF00  r25:00000000  r26:8102F1B0  r27:90990E80
r28:8102F1B0  r29:00000000  r30:909A2600  r31:00000001

 f0:3F800000   f1:00800000   f2:3F800000   f3:3F800000
 f4:3F800000   f5:3F800000   f6:3F800000   f7:00000000
 f8:00000000   f9:3F800000  f10:3D0DF4DC  f11:325C2BC7
f12:40400000  f13:00000000  f14:00000000  f15:00000000
f16:00000000  f17:00000000  f18:00000000  f19:00000000
f20:00000000  f21:00000000  f22:00000000  f23:00000000
f24:00000000  f25:00000000  f26:00000000  f27:00000000
f28:00000000  f29:3C88AC8A  f30:3C88AC8A  f31:41F00000
[/spoiler]

Function:
[spoiler]8018BDC0:  9421FFD0   stwu   r1,-48(r1)
8018BDC4:  7C0802A6   mflr   r0
8018BDC8:  90010034   stw   r0,52(r1)
8018BDCC:  DBE10020   stfd   f31,32(r1)
8018BDD0:  F3E10028   psq_st   f31,40(r1),0,0
8018BDD4:  FFE00890   fmr   f31,f1
8018BDD8:  93E1001C   stw   r31,28(r1)
8018BDDC:  7C9F2378   mr   r31,r4
8018BDE0:  38800003   li   r4,3
8018BDE4:  93C10018   stw   r30,24(r1)
8018BDE8:  7C7E1B78   mr   r30,r3
8018BDEC:  93A10014   stw   r29,20(r1)
8018BDF0:  7CBD2B78   mr   r29,r5
8018BDF4:  4800026D   bl   0x8018c060
8018BDF8:  2C1D0000   cmpwi   r29,0
8018BDFC:  40820018   bne-   0x8018be14
8018BE00:  281F0020   cmplwi   r31,32
8018BE04:  40820010   bne-   0x8018be14
8018BE08:  7FC3F378   mr   r3,r30
8018BE0C:  48000C65   bl   0x8018ca70
8018BE10:  48000220   b   0x8018c030
8018BE14:  807E000C   lwz   r3,12(r30)
8018BE18:  38800000   li   r4,0
8018BE1C:  480AB4A5   bl   0x802372c0
8018BE20:  807E000C   lwz   r3,12(r30)
8018BE24:  80830124   lwz   r4,292(r3)
8018BE28:  80040008   lwz   r0,8(r4)
8018BE2C:  540006F7   rlwinm.   r0,r0,0,27,27
8018BE30:  41820008   beq-   0x8018be38
8018BE34:  480A8EDD   bl   0x80234d10
8018BE38:  807E000C   lwz   r3,12(r30)
8018BE3C:  281F0002   cmplwi   r31,2
8018BE40:  C022992C   lfs   f1,-26324(r2)
8018BE44:  38000000   li   r0,0
8018BE48:  80830124   lwz   r4,292(r3)
8018BE4C:  C0029924   lfs   f0,-26332(r2)
8018BE50:  80840008   lwz   r4,8(r4)
8018BE54:  909E0024   stw   r4,36(r30)
8018BE58:  D03E0028   stfs   f1,40(r30)
8018BE5C:  D01E002C   stfs   f0,44(r30)
8018BE60:  D01E0030   stfs   f0,48(r30)
8018BE64:  901E0038   stw   r0,56(r30)
8018BE68:  D01E0018   stfs   f0,24(r30)
8018BE6C:  D3FE0014   stfs   f31,20(r30)
8018BE70:  D3FE001C   stfs   f31,28(r30)
8018BE74:  901E09C0   stw   r0,2496(r30)
8018BE78:  901E0048   stw   r0,72(r30)
8018BE7C:  41820030   beq-   0x8018beac
8018BE80:  281F0001   cmplwi   r31,1
8018BE84:  41820068   beq-   0x8018beec
8018BE88:  281F0004   cmplwi   r31,4
8018BE8C:  418200B8   beq-   0x8018bf44
8018BE90:  281F0008   cmplwi   r31,8
8018BE94:  418200D4   beq-   0x8018bf68
8018BE98:  281F0010   cmplwi   r31,16
8018BE9C:  418200E4   beq-   0x8018bf80
8018BEA0:  281F0020   cmplwi   r31,32
8018BEA4:  418200F8   beq-   0x8018bf9c
8018BEA8:  4800014C   b   0x8018bff4
8018BEAC:  480A8E65   bl   0x80234d10
8018BEB0:  807E000C   lwz   r3,12(r30)
8018BEB4:  80830080   lwz   r4,128(r3)
8018BEB8:  80040008   lwz   r0,8(r4)
8018BEBC:  2C000011   cmpwi   r0,17
8018BEC0:  40820014   bne-   0x8018bed4
8018BEC4:  806300C8   lwz   r3,200(r3)
8018BEC8:  3800001C   li   r0,28
8018BECC:  90030058   stw   r0,88(r3)
8018BED0:  4800000C   b   0x8018bedc
8018BED4:  3880001C   li   r4,28
8018BED8:  480A14F9   bl   0x8022d3d0
8018BEDC:  3C60ED80   lis   r3,-4736
8018BEE0:  38030002   addi   r0,r3,2
8018BEE4:  901E0020   stw   r0,32(r30)
8018BEE8:  4800010C   b   0x8018bff4
8018BEEC:  D03E002C   stfs   f1,44(r30)
8018BEF0:  38800002   li   r4,2
8018BEF4:  38A00000   li   r5,0
8018BEF8:  80630124   lwz   r3,292(r3)
8018BEFC:  4BFF8155   bl   0x80184050
8018BF00:  807E000C   lwz   r3,12(r30)
8018BF04:  8003010C   lwz   r0,268(r3)
8018BF08:  28000032   cmplwi   r0,50
8018BF0C:  4080000C   bge-   0x8018bf18
8018BF10:  38800032   li   r4,50
8018BF14:  480A8EBD   bl   0x80234dd0
8018BF18:  807E000C   lwz   r3,12(r30)
8018BF1C:  80630130   lwz   r3,304(r3)
8018BF20:  48008D11   bl   0x80194c30
8018BF24:  808DC900   lwz   r4,-14080(r13)
8018BF28:  3C600300   lis   r3,768 --->r3
[spoiler]Log
8018BF28:  3C600300   lis   r3,768     r3 = 00000001
[/spoiler]
8018BF2C:  38030001   addi   r0,r3,1 --->r0
[spoiler]Log
8018BF2C:  38030001   addi   r0,r3,1    r0 = 8018BF24   r3 = 03000000
[/spoiler]
8018BF30:  88640BEC   lbz   r3,3052(r4)
8018BF34:  60630002   ori   r3,r3,2
8018BF38:  98640BEC   stb   r3,3052(r4)
8018BF3C:  901E0020   stw   r0,32(r30) --->writes here
[spoiler]Log
8018BF3C:  901E0020   stw   r0,32(r30)   r0 = 03000001   r30 = 909A2600   [909A2620] = 00000000[/spoiler]
8018BF40:  480000B4   b   0x8018bff4
8018BF44:  D01E002C   stfs   f0,44(r30)
8018BF48:  80830110   lwz   r4,272(r3)
8018BF4C:  480A8E85   bl   0x80234dd0
8018BF50:  807E000C   lwz   r3,12(r30)
8018BF54:  80630130   lwz   r3,304(r3)
8018BF58:  4800C729   bl   0x80198680
8018BF5C:  38000004   li   r0,4
8018BF60:  901E0020   stw   r0,32(r30)
8018BF64:  48000090   b   0x8018bff4
8018BF68:  38000008   li   r0,8
8018BF6C:  D01E002C   stfs   f0,44(r30)
8018BF70:  901E0020   stw   r0,32(r30)
8018BF74:  80630130   lwz   r3,304(r3)
8018BF78:  4800DFC9   bl   0x80199f40
8018BF7C:  48000078   b   0x8018bff4
8018BF80:  38000010   li   r0,16
8018BF84:  D01E002C   stfs   f0,44(r30)
8018BF88:  38800001   li   r4,1
8018BF8C:  901E0020   stw   r0,32(r30)
8018BF90:  80630130   lwz   r3,304(r3)
8018BF94:  4800B9AD   bl   0x80197940
8018BF98:  4800005C   b   0x8018bff4
8018BF9C:  3C802E00   lis   r4,11776
8018BFA0:  D01E002C   stfs   f0,44(r30)
8018BFA4:  38040020   addi   r0,r4,32
8018BFA8:  901E0020   stw   r0,32(r30)
8018BFAC:  80630160   lwz   r3,352(r3)
8018BFB0:  4BF54421   bl   0x800e03d0
8018BFB4:  807E000C   lwz   r3,12(r30)
8018BFB8:  38800003   li   r4,3
8018BFBC:  480A1415   bl   0x8022d3d0
8018BFC0:  807E000C   lwz   r3,12(r30)
8018BFC4:  80630130   lwz   r3,304(r3)
8018BFC8:  4800F0C9   bl   0x8019b090
8018BFCC:  807E000C   lwz   r3,12(r30)
8018BFD0:  3CA08019   lis   r5,-32743
8018BFD4:  3CC08019   lis   r6,-32743
8018BFD8:  C03E096C   lfs   f1,2412(r30)
8018BFDC:  7FC4F378   mr   r4,r30
8018BFE0:  38630330   addi   r3,r3,816
8018BFE4:  38A5F250   subi   r5,r5,3504
8018BFE8:  38C6F1B0   subi   r6,r6,3664
8018BFEC:  38E00000   li   r7,0
8018BFF0:  4BF26571   bl   0x800b2560
8018BFF4:  281F0020   cmplwi   r31,32
8018BFF8:  41820038   beq-   0x8018c030
8018BFFC:  281F0002   cmplwi   r31,2
8018C000:  41820030   beq-   0x8018c030
8018C004:  809E000C   lwz   r4,12(r30)
8018C008:  80640080   lwz   r3,128(r4)
8018C00C:  80030008   lwz   r0,8(r3)
8018C010:  2C000011   cmpwi   r0,17
8018C014:  4182001C   beq-   0x8018c030
8018C018:  806400C8   lwz   r3,200(r4)
8018C01C:  38800001   li   r4,1
8018C020:  480B6831   bl   0x80242850
8018C024:  807E000C   lwz   r3,12(r30)
8018C028:  38800011   li   r4,17
8018C02C:  480A13A5   bl   0x8022d3d0
8018C030:  80010034   lwz   r0,52(r1)
8018C034:  E3E10028   psq_l   f31,40(r1),0,0
8018C038:  CBE10020   lfd   f31,32(r1)
8018C03C:  83E1001C   lwz   r31,28(r1)
8018C040:  83C10018   lwz   r30,24(r1)
8018C044:  83A10014   lwz   r29,20(r1)
8018C048:  7C0803A6   mtlr   r0
8018C04C:  38210030   addi   r1,r1,48
8018C050:  4E800020   blr   
[/spoiler]
Log Address
[spoiler]In
8018BF3C:  901E0020   stw   r0,32(r30)   r0 = 03000001   r30 = 909A2600   [909A2620] = 00000000
Out
8018C158:  901F0020   stw   r0,32(r31)   r0 = 00000000   r31 = 909A2600   [909A2620] = 03000001
[/spoiler]
perhaps if I stw out as if it was in.
[spoiler]
lis r0,0x0300
ori r0,r0,0x0001
stw   r0,32(r30)[/spoiler]
No. That'll keep it rainbow after being rainbow.
Perhaps if I force stw in. Neither
[spoiler]C218BF3C 00000002
3C000300 60000001
901E0020 00000000
[/spoiler]
Neither... time to look deeper I guess. It's too late for me though, I'll edit tomorrow if no one has had a look.
You can pm me, I've got time for your troubles.

Patedj

#8
March 25, 2011, 04:21:20 PM
Well, I figured that a pointer would be easier... One day I'll come back to it.


So success!!
Rainbow Activator b to activate/deactivate
2866589A 00000400
48000000 80C5AFD8
DE000000 90009340
14001060 03000001
CC000000 00000000
14001060 00000000
E0000000 80008000
invincible to water.

I'll see if it works with rainbow color code tomorrow
You can pm me, I've got time for your troubles.
Print
Go Up Pages1
User actions