Universal button activator/mapper/spoofer (now with shaking!)

[Stuff]

whoa. This is a lot to take in. If I made home be 0000, would this make home do nothing? I always wanted to take the home function off the wiimote or classic controller. I could use one of the homes for something else.

[dcx2]

Er...I don't think that the forum supports attachments anymore.

Cannot access attachments upload path!

Let's see if it can be a spoiler in this post!

[spoiler]804506D8:  9421FF40   stwu   r1,-192(r1)
804506DC:  7C0802A6   mflr   r0
804506E0:  900100C4   stw   r0,196(r1)
804506E4:  396100C0   addi   r11,r1,192
804506E8:  480C6E15   bl   0x805174fc
804506EC:  1C031BF8   mulli   r0,r3,7160
804506F0:  3CE04330   lis   r7,17200
804506F4:  3CC08062   lis   r6,-32670
804506F8:  90E10050   stw   r7,80(r1)
804506FC:  7C7B1B78   mr   r27,r3
80450700:  38C6D340   subi   r6,r6,11456
80450704:  90E10058   stw   r7,88(r1)
80450708:  7C9C2378   mr   r28,r4
8045070C:  7CAE2B78   mr   r14,r5
80450710:  7FE60214   add   r31,r6,r0
80450714:  3BC00000   li   r30,0
80450718:  48087109   bl   0x804d7820
8045071C:  2C030003   cmpwi   r3,3
80450720:  4182000C   beq-   0x8045072c
80450724:  38600000   li   r3,0
80450728:  480006C4   b   0x80450dec
8045072C:  480579BD   bl   0x804a80e8
80450730:  881F1BDC   lbz   r0,7132(r31)
80450734:  7C711B78   mr   r17,r3
80450738:  2C000000   cmpwi   r0,0
8045073C:  41820010   beq-   0x8045074c
80450740:  480579D1   bl   0x804a8110
80450744:  38600000   li   r3,0
80450748:  480006A4   b   0x80450dec
8045074C:  3A000001   li   r16,1
80450750:  7F63DB78   mr   r3,r27
80450754:  9A1F1BDC   stb   r16,7132(r31)
80450758:  38800000   li   r4,0
8045075C:  48088371   bl   0x804d8acc
80450760:  2C03FFFF   cmpwi   r3,-1
80450764:  7C6F1B78   mr   r15,r3
80450768:  40820058   bne-   0x804507c0
8045076C:  801F1B98   lwz   r0,7064(r31)
80450770:  2C800000   cmpwi   cr1,r0,0
80450774:  4186004C   beq-   cr1,0x804507c0
80450778:  881F1BE2   lbz   r0,7138(r31)
8045077C:  2C000000   cmpwi   r0,0
80450780:  41820040   beq-   0x804507c0
80450784:  881F1BE3   lbz   r0,7139(r31)
80450788:  2C000000   cmpwi   r0,0
8045078C:  40820034   bne-   0x804507c0
80450790:  41860028   beq-   cr1,0x804507b8
80450794:  40820024   bne-   0x804507b8
80450798:  9A1F1BE3   stb   r16,7139(r31)
8045079C:  7F63DB78   mr   r3,r27
804507A0:  38800001   li   r4,1
804507A4:  819F1B98   lwz   r12,7064(r31)
804507A8:  7D8903A6   mtctr   r12
804507AC:  4E800421   bctrl   
804507B0:  38000000   li   r0,0
804507B4:  981F1BE2   stb   r0,7138(r31)
804507B8:  38000000   li   r0,0
804507BC:  981F1BDF   stb   r0,7135(r31)
804507C0:  7E238B78   mr   r3,r17
804507C4:  4805794D   bl   0x804a8110
804507C8:  881F1BDD   lbz   r0,7133(r31)
804507CC:  2C000000   cmpwi   r0,0
804507D0:  41820010   beq-   0x804507e0
804507D4:  99FF005D   stb   r15,93(r31)
804507D8:  7FE3FB78   mr   r3,r31
804507DC:  4BFFDBD1   bl   0x8044e3ac
804507E0:  3C808045   lis   r4,-32699
804507E4:  7F63DB78   mr   r3,r27
804507E8:  38841198   addi   r4,r4,4504
804507EC:  4808836D   bl   0x804d8b58
804507F0:  881F010F   lbz   r0,271(r31)
804507F4:  2C000000   cmpwi   r0,0
804507F8:  418205E8   beq-   0x80450de0
804507FC:  2C1C0000   cmpwi   r28,0
80450800:  418205E0   beq-   0x80450de0
80450804:  2C0E0000   cmpwi   r14,0
80450808:  418205D8   beq-   0x80450de0
8045080C:  480578DD   bl   0x804a80e8
80450810:  8BBF010F   lbz   r29,271(r31)
80450814:  7C1D7040   cmplw   r29,r14
80450818:  7FBEEB78   mr   r30,r29
8045081C:  40810008   ble-   0x80450824
80450820:  7DDE7378   mr   r30,r14
80450824:  38800000   li   r4,0
80450828:  7FC0F378   mr   r0,r30
8045082C:  989F010F   stb   r4,271(r31)
80450830:  1CBE0084   mulli   r5,r30,132
80450834:  889F010E   lbz   r4,270(r31)
80450838:  7CBC2A14   add   r5,r28,r5
8045083C:  7CDE2051   sub.   r6,r4,r30
80450840:  40800008   bge-   0x80450848
80450844:  38C60078   addi   r6,r6,120
80450848:  38A5FF7C   subi   r5,r5,132
8045084C:  48000100   b   0x8045094c
80450850:  1C860038   mulli   r4,r6,56
80450854:  38C60001   addi   r6,r6,1
80450858:  2C060078   cmpwi   r6,120
8045085C:  7C9F2214   add   r4,r31,r4
80450860:  A1040110   lhz   r8,272(r4)
80450864:  A0E40112   lhz   r7,274(r4)
80450868:  B105FF7C   sth   r8,-132(r5)
8045086C:  B0E5FF7E   sth   r7,-130(r5)
80450870:  A1040114   lhz   r8,276(r4)
80450874:  A0E40116   lhz   r7,278(r4)
80450878:  B105FF80   sth   r8,-128(r5)
8045087C:  B0E5FF82   sth   r7,-126(r5)
80450880:  A1040118   lhz   r8,280(r4)
80450884:  A0E4011A   lhz   r7,282(r4)
80450888:  B105FF84   sth   r8,-124(r5)
8045088C:  B0E5FF86   sth   r7,-122(r5)
80450890:  A104011C   lhz   r8,284(r4)
80450894:  A0E4011E   lhz   r7,286(r4)
80450898:  B105FF88   sth   r8,-120(r5)
8045089C:  B0E5FF8A   sth   r7,-118(r5)
804508A0:  A1040120   lhz   r8,288(r4)
804508A4:  A0E40122   lhz   r7,290(r4)
804508A8:  B105FF8C   sth   r8,-116(r5)
804508AC:  B0E5FF8E   sth   r7,-114(r5)
804508B0:  A1040124   lhz   r8,292(r4)
804508B4:  A0E40126   lhz   r7,294(r4)
804508B8:  B105FF90   sth   r8,-112(r5)
804508BC:  B0E5FF92   sth   r7,-110(r5)
804508C0:  A1040128   lhz   r8,296(r4)
804508C4:  A0E4012A   lhz   r7,298(r4)
804508C8:  B105FF94   sth   r8,-108(r5)
804508CC:  B0E5FF96   sth   r7,-106(r5)
804508D0:  A104012C   lhz   r8,300(r4)
804508D4:  A0E4012E   lhz   r7,302(r4)
804508D8:  B105FF98   sth   r8,-104(r5)
804508DC:  B0E5FF9A   sth   r7,-102(r5)
804508E0:  A1040130   lhz   r8,304(r4)
804508E4:  A0E40132   lhz   r7,306(r4)
804508E8:  B105FF9C   sth   r8,-100(r5)
804508EC:  B0E5FF9E   sth   r7,-98(r5)
804508F0:  A1040134   lhz   r8,308(r4)
804508F4:  A0E40136   lhz   r7,310(r4)
804508F8:  B105FFA0   sth   r8,-96(r5)
804508FC:  B0E5FFA2   sth   r7,-94(r5)
80450900:  A1040138   lhz   r8,312(r4)
80450904:  A0E4013A   lhz   r7,314(r4)
80450908:  B105FFA4   sth   r8,-92(r5)
8045090C:  B0E5FFA6   sth   r7,-90(r5)
80450910:  A104013C   lhz   r8,316(r4)
80450914:  A0E4013E   lhz   r7,318(r4)
80450918:  B105FFA8   sth   r8,-88(r5)
8045091C:  B0E5FFAA   sth   r7,-86(r5)
80450920:  A1040140   lhz   r8,320(r4)
80450924:  A0E40142   lhz   r7,322(r4)
80450928:  B105FFAC   sth   r8,-84(r5)
8045092C:  B0E5FFAE   sth   r7,-82(r5)
80450930:  A0E40144   lhz   r7,324(r4)
80450934:  A0840146   lhz   r4,326(r4)
80450938:  B0E5FFB0   sth   r7,-80(r5)
8045093C:  B085FFB2   sth   r4,-78(r5)
80450940:  38A5FF7C   subi   r5,r5,132
80450944:  41800008   blt-   0x8045094c
80450948:  38C00000   li   r6,0
8045094C:  3400FFFF   subic.   r0,r0,1
80450950:  4082FF00   bne+   0x80450850
80450954:  1C060038   mulli   r0,r6,56
80450958:  7E1F0214   add   r16,r31,r0
8045095C:  A1F0013A   lhz   r15,314(r16)
80450960:  A0100136   lhz   r0,310(r16)
80450964:  91E10074   stw   r15,116(r1)
80450968:  A1F0013C   lhz   r15,316(r16)
8045096C:  B001003E   sth   r0,62(r1)
80450970:  80010074   lwz   r0,116(r1)
80450974:  91E10060   stw   r15,96(r1)
80450978:  A1F0013E   lhz   r15,318(r16)
8045097C:  B0010042   sth   r0,66(r1)
80450980:  80010060   lwz   r0,96(r1)
80450984:  91E10064   stw   r15,100(r1)
80450988:  A1F00140   lhz   r15,320(r16)
8045098C:  B0010044   sth   r0,68(r1)
80450990:  80010064   lwz   r0,100(r1)
80450994:  91E10068   stw   r15,104(r1)
80450998:  A1F00142   lhz   r15,322(r16)
8045099C:  B0010046   sth   r0,70(r1)
804509A0:  80010068   lwz   r0,104(r1)
804509A4:  91E1006C   stw   r15,108(r1)
804509A8:  A1F00144   lhz   r15,324(r16)
804509AC:  B0010048   sth   r0,72(r1)
804509B0:  8001006C   lwz   r0,108(r1)
804509B4:  91E10070   stw   r15,112(r1)
804509B8:  A2300110   lhz   r17,272(r16)
804509BC:  A2500112   lhz   r18,274(r16)
804509C0:  A2700114   lhz   r19,276(r16)
804509C4:  A2900116   lhz   r20,278(r16)
804509C8:  A2B00118   lhz   r21,280(r16)
804509CC:  A2D0011A   lhz   r22,282(r16)
804509D0:  A2F0011C   lhz   r23,284(r16)
804509D4:  A310011E   lhz   r24,286(r16)
804509D8:  A3300120   lhz   r25,288(r16)
804509DC:  A3500122   lhz   r26,290(r16)
804509E0:  A1900124   lhz   r12,292(r16)
804509E4:  A1700126   lhz   r11,294(r16)
804509E8:  A1500128   lhz   r10,296(r16)
804509EC:  A130012A   lhz   r9,298(r16)
804509F0:  A110012C   lhz   r8,300(r16)
804509F4:  A0F0012E   lhz   r7,302(r16)
804509F8:  A0D00130   lhz   r6,304(r16)
804509FC:  A0B00132   lhz   r5,306(r16)
80450A00:  A0900134   lhz   r4,308(r16)
80450A04:  A1D00138   lhz   r14,312(r16)
80450A08:  A1F00146   lhz   r15,326(r16)
80450A0C:  B001004A   sth   r0,74(r1)
80450A10:  80010070   lwz   r0,112(r1)
80450A14:  B2210018   sth   r17,24(r1)
80450A18:  B241001A   sth   r18,26(r1)
80450A1C:  B261001C   sth   r19,28(r1)
80450A20:  B281001E   sth   r20,30(r1)
80450A24:  B2A10020   sth   r21,32(r1)
80450A28:  B2C10022   sth   r22,34(r1)
80450A2C:  B2E10024   sth   r23,36(r1)
80450A30:  B3010026   sth   r24,38(r1)
80450A34:  B3210028   sth   r25,40(r1)
80450A38:  B341002A   sth   r26,42(r1)
80450A3C:  B181002C   sth   r12,44(r1)
80450A40:  B161002E   sth   r11,46(r1)
80450A44:  B1410030   sth   r10,48(r1)
80450A48:  B1210032   sth   r9,50(r1)
80450A4C:  B1010034   sth   r8,52(r1)
80450A50:  B0E10036   sth   r7,54(r1)
80450A54:  B0C10038   sth   r6,56(r1)
80450A58:  B0A1003A   sth   r5,58(r1)
80450A5C:  B081003C   sth   r4,60(r1)
80450A60:  B1C10040   sth   r14,64(r1)
80450A64:  B001004C   sth   r0,76(r1)
80450A68:  B1E1004E   sth   r15,78(r1)
80450A6C:  480576A5   bl   0x804a8110
80450A70:  A14220A4   lhz   r10,8356(r2)
80450A74:  7F63DB78   mr   r3,r27
80450A78:  A12220A6   lhz   r9,8358(r2)
80450A7C:  38A10010   addi   r5,r1,16
80450A80:  A10220A8   lhz   r8,8360(r2)
80450A84:  38800000   li   r4,0
80450A88:  A0E220AC   lhz   r7,8364(r2)
80450A8C:  A0C220AE   lhz   r6,8366(r2)
80450A90:  A00220B0   lhz   r0,8368(r2)
80450A94:  B1410010   sth   r10,16(r1)
80450A98:  B1210012   sth   r9,18(r1)
80450A9C:  B1010014   sth   r8,20(r1)
80450AA0:  B0E10008   sth   r7,8(r1)
80450AA4:  B0C1000A   sth   r6,10(r1)
80450AA8:  B001000C   sth   r0,12(r1)
80450AAC:  48087E2D   bl   0x804d88d8
80450AB0:  A8A10010   lha   r5,16(r1)
80450AB4:  A8810014   lha   r4,20(r1)
80450AB8:  A8610012   lha   r3,18(r1)
80450ABC:  7C0429D6   mullw   r0,r4,r5
80450AC0:  7C0019D7   mullw.   r0,r0,r3
80450AC4:  41820058   beq-   0x80450b1c
80450AC8:  6CA08000   xoris   r0,r5,32768
80450ACC:  6C638000   xoris   r3,r3,32768
80450AD0:  90010054   stw   r0,84(r1)
80450AD4:  6C808000   xoris   r0,r4,32768
80450AD8:  C8822090   lfd   f4,8336(r2)
80450ADC:  C8010050   lfd   f0,80(r1)
80450AE0:  9061005C   stw   r3,92(r1)
80450AE4:  EC402028   fsubs   f2,f0,f4
80450AE8:  C062207C   lfs   f3,8316(r2)
80450AEC:  90010054   stw   r0,84(r1)
80450AF0:  C8210058   lfd   f1,88(r1)
80450AF4:  C8010050   lfd   f0,80(r1)
80450AF8:  EC431024   fdivs   f2,f3,f2
80450AFC:  EC212028   fsubs   f1,f1,f4
80450B00:  D05F1B9C   stfs   f2,7068(r31)
80450B04:  EC002028   fsubs   f0,f0,f4
80450B08:  EC230824   fdivs   f1,f3,f1
80450B0C:  EC030024   fdivs   f0,f3,f0
80450B10:  D03F1BA0   stfs   f1,7072(r31)
80450B14:  D01F1BA4   stfs   f0,7076(r31)
80450B18:  48000014   b   0x80450b2c
80450B1C:  C00220B4   lfs   f0,8372(r2)
80450B20:  D01F1B9C   stfs   f0,7068(r31)
80450B24:  D01F1BA0   stfs   f0,7072(r31)
80450B28:  D01F1BA4   stfs   f0,7076(r31)
80450B2C:  7F63DB78   mr   r3,r27
80450B30:  38A10008   addi   r5,r1,8
80450B34:  38800001   li   r4,1
80450B38:  48087DA1   bl   0x804d88d8
80450B3C:  A8A10008   lha   r5,8(r1)
80450B40:  A881000C   lha   r4,12(r1)
80450B44:  A861000A   lha   r3,10(r1)
80450B48:  7C0429D6   mullw   r0,r4,r5
80450B4C:  7C0019D7   mullw.   r0,r0,r3
80450B50:  41820058   beq-   0x80450ba8
80450B54:  6CA08000   xoris   r0,r5,32768
80450B58:  6C638000   xoris   r3,r3,32768
80450B5C:  9001005C   stw   r0,92(r1)
80450B60:  6C808000   xoris   r0,r4,32768
80450B64:  C8822090   lfd   f4,8336(r2)
80450B68:  C8010058   lfd   f0,88(r1)
80450B6C:  90610054   stw   r3,84(r1)
80450B70:  EC402028   fsubs   f2,f0,f4
80450B74:  C062207C   lfs   f3,8316(r2)
80450B78:  9001005C   stw   r0,92(r1)
80450B7C:  C8210050   lfd   f1,80(r1)
80450B80:  C8010058   lfd   f0,88(r1)
80450B84:  EC431024   fdivs   f2,f3,f2
80450B88:  EC212028   fsubs   f1,f1,f4
80450B8C:  D05F1BA8   stfs   f2,7080(r31)
80450B90:  EC002028   fsubs   f0,f0,f4
80450B94:  EC230824   fdivs   f1,f3,f1
80450B98:  EC030024   fdivs   f0,f3,f0
80450B9C:  D03F1BAC   stfs   f1,7084(r31)
80450BA0:  D01F1BB0   stfs   f0,7088(r31)
80450BA4:  48000014   b   0x80450bb8
80450BA8:  C00220B8   lfs   f0,8376(r2)
80450BAC:  D01F1BA8   stfs   f0,7080(r31)
80450BB0:  D01F1BAC   stfs   f0,7084(r31)
80450BB4:  D01F1BB0   stfs   f0,7088(r31)
80450BB8:  1C1E0084   mulli   r0,r30,132
80450BBC:  3C600001   lis   r3,1
80450BC0:  7FC6F378   mr   r6,r30
80450BC4:  3923FFFF   subi   r9,r3,1
80450BC8:  7DDC0214   add   r14,r28,r0
80450BCC:  388000FD   li   r4,253
80450BD0:  7D284B78   mr   r8,r9
80450BD4:  7D274B78   mr   r7,r9
80450BD8:  38AEFF7C   subi   r5,r14,132
80450BDC:  28060001   cmplwi   r6,1
80450BE0:  38A5FF7C   subi   r5,r5,132
80450BE4:  4081000C   ble-   0x80450bf0
80450BE8:  7CA32B78   mr   r3,r5
80450BEC:  48000008   b   0x80450bf4
80450BF0:  38610018   addi   r3,r1,24
80450BF4:  88030029   lbz   r0,41(r3)
80450BF8:  7C000774   extsb   r0,r0
80450BFC:  2C00FFFE   cmpwi   r0,-2
80450C00:  41820054   beq-   0x80450c54
80450C04:  40800010   bge-   0x80450c14
80450C08:  2C00FFF9   cmpwi   r0,-7
80450C0C:  41820048   beq-   0x80450c54
80450C10:  48000048   b   0x80450c58
80450C14:  2C000000   cmpwi   r0,0
80450C18:  41820008   beq-   0x80450c20
80450C1C:  4800003C   b   0x80450c58
80450C20:  88830028   lbz   r4,40(r3)
80450C24:  28040001   cmplwi   r4,1
80450C28:  40820010   bne-   0x80450c38
80450C2C:  A1030000   lhz   r8,0(r3)
80450C30:  39200000   li   r9,0
80450C34:  48000020   b   0x80450c54
80450C38:  28040002   cmplwi   r4,2
80450C3C:  40820010   bne-   0x80450c4c
80450C40:  A123002A   lhz   r9,42(r3)
80450C44:  39000000   li   r8,0
80450C48:  4800000C   b   0x80450c54
80450C4C:  39200000   li   r9,0
80450C50:  39000000   li   r8,0
80450C54:  A0E30000   lhz   r7,0(r3)
80450C58:  34C6FFFF   subic.   r6,r6,1
80450C5C:  4082FF80   bne+   0x80450bdc
80450C60:  2807FFFF   cmplwi   r7,65535
80450C64:  40820024   bne-   0x80450c88
80450C68:  7F83E378   mr   r3,r28
80450C6C:  7FE4FB78   mr   r4,r31
80450C70:  38A00084   li   r5,132
80450C74:  4BBB36C5   bl   0x80004338
80450C78:  37DEFFFF   subic.   r30,r30,1
80450C7C:  3B9C0084   addi   r28,r28,132
80450C80:  4082FFE8   bne+   0x80450c68
80450C84:  4800015C   b   0x80450de0
80450C88:  2808FFFF   cmplwi   r8,65535
80450C8C:  40820008   bne-   0x80450c94
80450C90:  811F0000   lwz   r8,0(r31)
80450C94:  2809FFFF   cmplwi   r9,65535
80450C98:  40820008   bne-   0x80450ca0
80450C9C:  813F0060   lwz   r9,96(r31)
80450CA0:  70E09FFF   andi.   r0,r7,40959
80450CA4:  807F0000   lwz   r3,0(r31)
80450CA8:  51000464   rlwimi   r0,r8,0,17,18
80450CAC:  28040002   cmplwi   r4,2
80450CB0:  5465043E   rlwinm   r5,r3,0,16,31
80450CB4:  7C032A78   xor   r3,r0,r5
80450CB8:  901F0000   stw   r0,0(r31)
80450CBC:  7C600038   and   r0,r3,r0
80450CC0:  901F0004   stw   r0,4(r31)
80450CC4:  7C602838   and   r0,r3,r5
80450CC8:  901F0008   stw   r0,8(r31)
80450CCC:  40820028   bne-   0x80450cf4
80450CD0:  807F0060   lwz   r3,96(r31)
80450CD4:  5520043E   rlwinm   r0,r9,0,16,31
80450CD8:  5465043E   rlwinm   r5,r3,0,16,31
80450CDC:  901F0060   stw   r0,96(r31)
80450CE0:  7C032A78   xor   r3,r0,r5
80450CE4:  7C600038   and   r0,r3,r0
80450CE8:  901F0064   stw   r0,100(r31)
80450CEC:  7C602838   and   r0,r3,r5
80450CF0:  901F0068   stw   r0,104(r31)
80450CF4:  7FE3FB78   mr   r3,r31
80450CF8:  7FA5EB78   mr   r5,r29
80450CFC:  4BFFD955   bl   0x8044e650
80450D00:  7FCFF378   mr   r15,r30
80450D04:  39CEFF7C   subi   r14,r14,132
80450D08:  3A400001   li   r18,1
80450D0C:  3A200000   li   r17,0
80450D10:  3A000010   li   r16,16
80450D14:  280F0001   cmplwi   r15,1
80450D18:  39CEFF7C   subi   r14,r14,132
80450D1C:  4081000C   ble-   0x80450d28
80450D20:  7DD37378   mr   r19,r14
80450D24:  48000008   b   0x80450d2c
80450D28:  3A610018   addi   r19,r1,24
80450D2C:  88130029   lbz   r0,41(r19)
80450D30:  981F005D   stb   r0,93(r31)
80450D34:  88930028   lbz   r4,40(r19)
80450D38:  881F005C   lbz   r0,92(r31)
80450D3C:  7C002040   cmplw   r0,r4
80450D40:  41820020   beq-   0x80450d60
80450D44:  88730029   lbz   r3,41(r19)
80450D48:  38030002   addi   r0,r3,2
80450D4C:  5400063E   rlwinm   r0,r0,0,24,31
80450D50:  28000002   cmplwi   r0,2
80450D54:  4181000C   bgt-   0x80450d60
80450D58:  989F005C   stb   r4,92(r31)
80450D5C:  9A5F1BDE   stb   r18,7134(r31)
80450D60:  88130036   lbz   r0,54(r19)
80450D64:  981F005F   stb   r0,95(r31)
80450D68:  88130029   lbz   r0,41(r19)
80450D6C:  7C000775   extsb.   r0,r0
80450D70:  41820014   beq-   0x80450d84
80450D74:  40800038   bge-   0x80450dac
80450D78:  2C00FFF9   cmpwi   r0,-7
80450D7C:  41820014   beq-   0x80450d90
80450D80:  4800002C   b   0x80450dac
80450D84:  7FE3FB78   mr   r3,r31
80450D88:  7E649B78   mr   r4,r19
80450D8C:  4BFFF6D5   bl   0x80450460
80450D90:  7FE3FB78   mr   r3,r31
80450D94:  7E649B78   mr   r4,r19
80450D98:  4BFFDDB9   bl   0x8044eb50
80450D9C:  7FE3FB78   mr   r3,r31
80450DA0:  7E649B78   mr   r4,r19
80450DA4:  4BFFEF19   bl   0x8044fcbc
80450DA8:  48000008   b   0x80450db0
80450DAC:  9A3F005E   stb   r17,94(r31)
80450DB0:  38AE0080   addi   r5,r14,128
80450DB4:  389FFFFC   subi   r4,r31,4
80450DB8:  7E0903A6   mtctr   r16
80450DBC:  80640004   lwz   r3,4(r4)
80450DC0:  84040008   lwzu   r0,8(r4)
80450DC4:  90650004   stw   r3,4(r5)
80450DC8:  94050008   stwu   r0,8(r5)
80450DCC:  4200FFF0   bdnz+   0x80450dbc
80450DD0:  80040004   lwz   r0,4(r4)
80450DD4:  35EFFFFF   subic.   r15,r15,1
80450DD8:  90050004   stw   r0,4(r5)
80450DDC:  4082FF38   bne+   0x80450d14
80450DE0:  38000000   li   r0,0
80450DE4:  7FC3F378   mr   r3,r30
80450DE8:  981F1BDC   stb   r0,7132(r31)
80450DEC:  396100C0   addi   r11,r1,192
80450DF0:  480C6759   bl   0x80517548
80450DF4:  800100C4   lwz   r0,196(r1)
80450DF8:  7C0803A6   mtlr   r0
80450DFC:  382100C0   addi   r1,r1,192
80450E00:  4E800020   blr   
[/spoiler]

---

First, you should use MemView Hex Search to make sure you have 2809FFFF 40820008.  If you don't, then you have a different version of the padread function that will require a different hook.  I bolded the region that the hook looks for, with the hook itself in red.

This only works for Wiimote + Nunchuck, but Y.S. did a version with 4 players.  If you want the CC you'll need to use another hook.

[daijoda]

I tried to find the button activators in Wii Play, and then set a breakpoint at the first address from the results, and from that breakpoint, if I scrolled up one step, it's the address with instruction "andi. r0,r7,40959", which is the hook for Wii Play.

So I just randomly came across that address without at all understanding why/how I got there, but I assume the hook must be connected to the button activators in some way. If I didn't know that line was supposed to be the hook for a game, how should I go about finding it in a way that actually makes sense? I'm curious about this because I'd like to try finding the padread function in other games that don't have the value "2809FFFF 40820008".

Thanks very much.

[dcx2]

Write breakpoint on the button activator is pretty much what I did.  I believe your BP hit in this section

80450CB4:  7C032A78   xor   r3,r0,r5    # what buttons changed?
80450CB8:  901F0000   stw   r0,0(r31) # store current button values
80450CBC:  7C600038   and   r0,r3,r0   # set delta activator bits for buttons that were pressed
80450CC0:  901F0004   stw   r0,4(r31) # store those values just after the buttons
80450CC4:  7C602838   and   r0,r3,r5   # set delta activator bits for buttons that were released
80450CC8:  901F0008   stw   r0,8(r31) # store those values just after the just-pressed values

It was important to make sure that any mapped or spoofed values are placed into r0 before this.  I imagine other versions have a similar process of writing to three consecutive bytes using xor and and operations.

I tried looking for PadRead in other games by using breakpoints but I wasn't able to make it work before I wandered off to do something else.

[daijoda]

Oh... that's not very encouraging, if someone with your experience couldn't do it then I'm not sure if I'll be able to, lol. Could you explain why "andi. r0,r7,40959" was chosen to be the hook in this case, instead of the line immediately before the sequence (80450CB0:  5465043E   rlwinm   r5,r3,0,16,31)?

[dcx2]

Well, I only tried one other game that it didn't work for.  I'm sure there are several versions of the PadRead function and some may be easier to find.

Why andi.?  It had to come at least on or after 80450CA0 because of 80450C98:  40820008   bne-   0x80450ca0.

However, the . in andi. is performing a comparison.  If I chose my hook after the andi., I would have to push/pop the CR to preserve the result of that comparison.  Or I would have to re-perform the comparison to make sure the CR was set correctly.  By choosing the andi. as my hook and performing the andi. at the end, the CR will hold the correct value, and that instruction is guaranteed to run no matter what the result of the various bne's above it, and that instruction is before the delta activators are calculated.

[daijoda]

Hmm, so this line "80450CA8: 51000464  rlwimi r0,r8,0,17,18" from your example doesn't change the value in r0?

I copied some instructions around a few breakpoints I got from the button activators. I think the sequence surrounding the first breakpoint looks similar to the sequence in your example, can "mtctr r9" be the hook for this game?

800040F0:  89240000   lbz   r9,0(r4)
800040F4:  38840001   addi   r4,r4,1
800040F8:  99280000   stb   r9,0(r8)
800040FC:  39080001   addi   r8,r8,1
80004100:  4200FFF0   bdnz+   0x800040f0

[spoiler]80004038:  714A0007   andi.   r10,r10,7
8000403C:  41A2002C   beq+   0x80004068
80004040:  38C00008   li   r6,8
80004044:  7D293050   sub   r9,r6,r9
80004048:  39030000   addi   r8,r3,0
8000404C:  7D2903A6   mtctr   r9
80004050:  7CA92850   sub   r5,r5,r9
80004054:  89240000   lbz   r9,0(r4)
80004058:  38840001   addi   r4,r4,1
8000405C:  99280000   stb   r9,0(r8)
80004060:  39080001   addi   r8,r8,1
80004064:  4200FFF0   bdnz+   0x80004054
80004068:  54A6D97E   rlwinm   r6,r5,27,5,31
8000406C:  7CC903A6   mtctr   r6
80004070:  C8240000   lfd   f1,0(r4)
80004074:  C8440008   lfd   f2,8(r4)
80004078:  C8640010   lfd   f3,16(r4)
8000407C:  C8840018   lfd   f4,24(r4)
80004080:  38840020   addi   r4,r4,32
80004084:  D8280000   stfd   f1,0(r8)
80004088:  D8480008   stfd   f2,8(r8)
8000408C:  D8680010   stfd   f3,16(r8)
80004090:  D8880018   stfd   f4,24(r8)
80004094:  39080020   addi   r8,r8,32
80004098:  4200FFD8   bdnz+   0x80004070
8000409C:  70A6001F   andi.   r6,r5,31
800040A0:  4D820020   beqlr-   
800040A4:  3884FFFF   subi   r4,r4,1
800040A8:  7CC903A6   mtctr   r6
800040AC:  3908FFFF   subi   r8,r8,1
800040B0:  8D240001   lbzu   r9,1(r4)
800040B4:  9D280001   stbu   r9,1(r8)
800040B8:  4200FFF8   bdnz+   0x800040b0
800040BC:  4E800020   blr   
800040C0:  38C00014   li   r6,20
800040C4:  7E853040   cmplw   cr5,r5,r6
800040C8:  40950094   ble-   cr5,0x8000415c
800040CC:  548907BE   rlwinm   r9,r4,0,30,31
800040D0:  546A07BE   rlwinm   r10,r3,0,30,31
800040D4:  7D4B4A79   xor.   r11,r10,r9
800040D8:  40820084   bne-   0x8000415c
800040DC:  38C00004   li   r6,4
800040E0:  7D293050   sub   r9,r6,r9
800040E4:  39030000   addi   r8,r3,0
800040E8:  7CA92850   sub   r5,r5,r9
800040EC:  7D2903A6   mtctr   r9        <<<------- hook?
800040F0:  89240000   lbz   r9,0(r4)
800040F4:  38840001   addi   r4,r4,1
800040F8:  99280000   stb   r9,0(r8)  ------BP
800040FC:  39080001   addi   r8,r8,1
80004100:  4200FFF0   bdnz+   0x800040f0
80004104:  54A6E13E   rlwinm   r6,r5,28,4,31
80004108:  7CC903A6   mtctr   r6
8000410C:  81240000   lwz   r9,0(r4)
80004110:  81440004   lwz   r10,4(r4)
80004114:  81640008   lwz   r11,8(r4)
80004118:  8184000C   lwz   r12,12(r4)
8000411C:  38840010   addi   r4,r4,16
80004120:  91280000   stw   r9,0(r8)
80004124:  91480004   stw   r10,4(r8)
80004128:  91680008   stw   r11,8(r8)
8000412C:  9188000C   stw   r12,12(r8)
80004130:  39080010   addi   r8,r8,16
80004134:  4200FFD8   bdnz+   0x8000410c
80004138:  70A6000F   andi.   r6,r5,15
8000413C:  4D820020   beqlr-   
80004140:  3884FFFF   subi   r4,r4,1
80004144:  7CC903A6   mtctr   r6
80004148:  3908FFFF   subi   r8,r8,1
8000414C:  8D240001   lbzu   r9,1(r4)
80004150:  9D280001   stbu   r9,1(r8)  ------BP
80004154:  4200FFF8   bdnz+   0x8000414c
80004158:  4E800020   blr   
8000415C:  38E4FFFF   subi   r7,r4,1
80004160:  3903FFFF   subi   r8,r3,1
80004164:  7CA903A6   mtctr   r5
80004168:  8D270001   lbzu   r9,1(r7)
8000416C:  9D280001   stbu   r9,1(r8)   -------BP
80004170:  4200FFF8   bdnz+   0x80004168
80004174:  4E800020   blr   
80004178:  7C842A14   add   r4,r4,r5
8000417C:  7D832A14   add   r12,r3,r5
80004180:  38C00080   li   r6,128
80004184:  7E853040   cmplw   cr5,r5,r6
80004188:  4194007C   blt-   cr5,0x80004204
8000418C:  5489077E   rlwinm   r9,r4,0,29,31
80004190:  558A077E   rlwinm   r10,r12,0,29,31
80004194:  7D4B4A79   xor.   r11,r10,r9
80004198:  408200F0   bne-   0x80004288
8000419C:  714A0007   andi.   r10,r10,7
800041A0:  41A20014   beq+   0x800041b4[/spoiler]

[dcx2]

I don't think that looks right.

8000XXXX range is VERY low in memory, I highly doubt PadRead would be there.

[daijoda]

Thanks for the feedback! I looked for other breakpoints that are not in the 8000XXXX range, and this seemed like a probable candidate:

804F6CF0:  B0050000   sth   r0,0(r5)

where r0 holds the value of the buttons I press, and r5 holds the address of a button activator. I scrolled down a bit, and found this sequence:

804F7054:  A93D0006   lha   r9,6(r29)
804F7058:  7D080734   extsh   r8,r8
804F705C:  54000E32   rlwinm   r0,r0,1,24,25
804F7060:  5508002E   rlwinm   r8,r8,0,0,23
804F7064:  7D080734   extsh   r8,r8
804F7068:  7D000378   or   r0,r8,r0
804F706C:  7C000734   extsh   r0,r0
804F7070:  7D200378   or   r0,r9,r0
804F7074:  B01D0006   sth   r0,6(r29)

Does this look a little more interesting to you?

[dcx2]

No, that doesn't look quite right either.  Are you sure you chose a good button activator?  You have to use breakpoints on the right one.  There are many other addresses with duplicate values of the button activators, but they all come from one "source".  Modifying the wrong write breakpoint will not create the result you want.

One way to test it would be to do this.  For your breakpoint, it was a sth r0.  So click r0 in the BP tab, and modify it so that one of the buttons is being pressed.  Something like a jump button.  If you "fake" a button press by modifying r0 so that the jump button is pressed, then you press run game and the character jumps, you found the right breakpoint.

[Bully@Wiiplaza]

I thought the "right" button activator is the one that has the one shot button activator 4 bytes after it.
Does it always give the right breakpoint or could it be a different destination address on some games?
Would make things easier.

[daijoda]

Hm, I noticed two of the button activators seemed special in that if I wrote a button value to their addresses, that button was actually pressed once in a while at some random intervals; as oppose to the other 102 button activators acting as per usual.

I've only tested about 1/4 of all the button activators, so far, all the breakpoints are either within the 8000xxxx range, or nothing seems to happen when the register's edited. And these breakpoints are shared by the activators. I'm not sure if I can find additional breakpoints for the rest of the activators. Is it possible that even if a BP doesn't show the characteristics you've described, that it can still be a valid BP?

The BP I mentioned the last time really seems to be the most promising of the lot, and this time I scrolled up:

804F6CDC:  881C0015   lbz   r0,21(r28)  ---"nop", results in random nunchuck button presses
804F6CE0:  A0850000   lhz   r4,0(r5)    ---"nop", game cycles through wiimote buttons
804F6CE4:  7C0000F8   not   r0,r0       ---"nop", nunchuck buttons held down by default
804F6CE8:  54006C64   rlwinm   r0,r0,13,17,18  ---"nop", game presses/holds multiple random buttons
804F6CEC:  7C800378   or   r0,r4,r0    ---"nop", no buttons will be registered
804F6CF0:  B0050000   sth   r0,0(r5)    -----------BP

Btw, what does one shot mean?

[hetoan2]

This doesn't seem to work on Call of Duty, nor does it work on Classic Controller. I'll look into it when I get the time. Probably a different Pad read function for classic stuff.

[biolizard89]

Hm, I noticed two of the button activators seemed special in that if I wrote a button value to their addresses, that button was actually pressed once in a while at some random intervals; as oppose to the other 102 button activators acting as per usual.

I've only tested about 1/4 of all the button activators, so far, all the breakpoints are either within the 8000xxxx range, or nothing seems to happen when the register's edited. And these breakpoints are shared by the activators. I'm not sure if I can find additional breakpoints for the rest of the activators. Is it possible that even if a BP doesn't show the characteristics you've described, that it can still be a valid BP?

The BP I mentioned the last time really seems to be the most promising of the lot, and this time I scrolled up:

804F6CDC:  881C0015   lbz   r0,21(r28)  ---"nop", results in random nunchuck button presses
804F6CE0:  A0850000   lhz   r4,0(r5)    ---"nop", game cycles through wiimote buttons
804F6CE4:  7C0000F8   not   r0,r0       ---"nop", nunchuck buttons held down by default
804F6CE8:  54006C64   rlwinm   r0,r0,13,17,18  ---"nop", game presses/holds multiple random buttons
804F6CEC:  7C800378   or   r0,r4,r0    ---"nop", no buttons will be registered
804F6CF0:  B0050000   sth   r0,0(r5)    -----------BP

Btw, what does one shot mean?

When I was tinkering with button activators in Super Smash Bros Melee, I found it helpful to set a write BP on the pad data, and backtrace a bit to find an address that was the "source" of the address I had found.  If you do that repeatedly, you're likely to find the "master" pad data address.  Also, the behavior resulting from poking the pad data depends on your hook type.  If the code handler executes after the pad data has been processed, poking it won't have any effect.  If the code handler instead executes between the PadRead routine and the first time the pad data is read from the master pad data address, then poking will work.  (As you might be able to guess, the PadRead hooktype is optimal, if it hooks.  But since you're trying to find the PadRead function, I'm guessing that the PadRead hooktype didn't hook, otherwise you'd be using that result.)

[dcx2]

Also, the behavior resulting from poking the pad data depends on your hook type.  If the code handler executes after the pad data has been processed, poking it won't have any effect.  If the code handler instead executes between the PadRead routine and the first time the pad data is read from the master pad data address, then poking will work.  (As you might be able to guess, the PadRead hooktype is optimal, if it hooks.  But since you're trying to find the PadRead function, I'm guessing that the PadRead hooktype didn't hook, otherwise you'd be using that result.)

This is not entirely true.  During a breakpoint, the code handler is running non-stop.  So if you poke during a breakpoint, the poke happens immediately.  You can also change the registers during a breakpoint, which is kinda like poking.

Also, what signature does the PadRead hook look for?