Trying to make this asm code G I JOE RIJP69

[BLU3Y]

Hi
Game gi joe RIJP69
I'm trying to make the score go to 50000 points but i'm stuck on witch lwz i should use.

This is what i have in breakpoint search
[spoiler]80022530:  480000B8   b   0x800225e8
80022534:  2C030000   cmpwi   r3,0
80022538:  40800010   bge-   0x80022548
8002253C:  38000000   li   r0,0
80022540:  901C0020   stw   r0,32(r28)
80022544:  480000A4   b   0x800225e8
80022548:  7C030040   cmplw   r3,r0
8002254C:  41810008   bgt-   0x80022554
80022550:  7C601B78   mr   r0,r3
80022554:  3C60804E   lis   r3,-32690
80022558:  901C0020   stw   r0,32(r28)
8002255C:  3863CD40   subi   r3,r3,12992
80022560:  80630078   lwz   r3,120(r3)
80022564:  2C030000   cmpwi   r3,0
80022568:  41820080   beq-   0x800225e8
8002256C:  80030008   lwz   r0,8(r3)
80022570:  2C000002   cmpwi   r0,2
80022574:  40820074   bne-   0x800225e8
80022578:  801F145C   lwz   r0,5212(r31)
8002257C:  1C000490   mulli   r0,r0,1168
80022580:  7C7F0214   add   r3,r31,r0
80022584:  8003002C   lwz   r0,44(r3)
80022588:  2C000000   cmpwi   r0,0
8002258C:  4082005C   bne-   0x800225e8
80022590:  2C040000   cmpwi   r4,0
80022594:  40810054   ble-   0x800225e8
80022598:  2C1E0000   cmpwi   r30,0
8002259C:  40820024   bne-   0x800225c0
800225A0:  6C808000   xoris   r0,r4,32768
800225A4:  9001000C   stw   r0,12(r1)
800225A8:  C8428170   lfd   f2,-32400(r2)
800225AC:  C8210008   lfd   f1,8(r1)
800225B0:  C01F1564   lfs   f0,5476(r31)
800225B4:  EC211028   fsubs   f1,f1,f2
800225B8:  EC00082A   fadds   f0,f0,f1
800225BC:  D01F1564   stfs   f0,5476(r31)
800225C0:  2C1E0001   cmpwi   r30,1
800225C4:  40820024   bne-   0x800225e8
800225C8:  6C808000   xoris   r0,r4,32768
800225CC:  90010014   stw   r0,20(r1)
800225D0:  C8428170   lfd   f2,-32400(r2)
800225D4:  C8210010   lfd   f1,16(r1)
800225D8:  C01F1568   lfs   f0,5480(r31)
800225DC:  EC211028   fsubs   f1,f1,f2
800225E0:  EC00082A   fadds   f0,f0,f1
800225E4:  D01F1568   stfs   f0,5480(r31)
800225E8:  2C040000   cmpwi   r4,0
800225EC:  40810014   ble-   0x80022600
800225F0:  801F145C   lwz   r0,5212(r31)
800225F4:  1C000490   mulli   r0,r0,1168
800225F8:  7C7F0214   add   r3,r31,r0
800225FC:  90830020   stw   r4,32(r3)
80022600:  38600000   li   r3,0
80022604:  48000008   b   0x8002260c
80022608:  38600001   li   r3,1
8002260C:  39610040   addi   r11,r1,64
80022610:  E3E10048   psq_l   f31,72(r1),0,0
80022614:  CBE10040   lfd   f31,64(r1)
80022618:  483F31F9   bl   0x80415810
8002261C:  80010054   lwz   r0,84(r1[/spoiler]

[Deathwolf]

and which one is your address of the breakpoint?

[BLU3Y]

i lost it all so i just done it again
this is the address 80E6A3E0

[spoiler]800043B8:  4182001C   beq-   0x800043d4
800043BC:  54E4402E   rlwinm   r4,r7,8,0,23
800043C0:  54E3C00E   rlwinm   r3,r7,24,0,7
800043C4:  54E0801E   rlwinm   r0,r7,16,0,15
800043C8:  7CE42378   or   r4,r7,r4
800043CC:  7C600378   or   r0,r3,r0
800043D0:  7C870378   or   r7,r4,r0
800043D4:  54A0D97F   rlwinm.   r0,r5,27,5,31
800043D8:  3866FFFD   subi   r3,r6,3
800043DC:  4182002C   beq-   0x80004408
800043E0:  90E30004   stw   r7,4(r3)
800043E4:  3400FFFF   subic.   r0,r0,1
800043E8:  90E30008   stw   r7,8(r3)
800043EC:  90E3000C   stw   r7,12(r3)
800043F0:  90E30010   stw   r7,16(r3)
800043F4:  90E30014   stw   r7,20(r3)
800043F8:  90E30018   stw   r7,24(r3)
800043FC:  90E3001C   stw   r7,28(r3)
80004400:  94E30020   stwu   r7,32(r3)
80004404:  4082FFDC   bne+   0x800043e0
80004408:  54A0F77F   rlwinm.   r0,r5,30,29,31
8000440C:  41820010   beq-   0x8000441c
80004410:  3400FFFF   subic.   r0,r0,1
80004414:  94E30004   stwu   r7,4(r3)
80004418:  4082FFF8   bne+   0x80004410
8000441C:  38C30003   addi   r6,r3,3
80004420:  54A507BE   rlwinm   r5,r5,0,30,31
80004424:  2C050000   cmpwi   r5,0
80004428:  4D820020   beqlr-   
8000442C:  34A5FFFF   subic.   r5,r5,1
80004430:  9CE60001   stbu   r7,1(r6)
80004434:  4082FFF8   bne+   0x8000442c
80004438:  4E800020   blr   
8000443C:  9421FFF0   stwu   r1,-16(r1)
80004440:  7C0802A6   mflr   r0
80004444:  90010014   stw   r0,20(r1)
80004448:  93E1000C   stw   r31,12(r1)
8000444C:  7C7F1B78   mr   r31,r3
80004450:  4BFFFF39   bl   0x80004388
80004454:  7FE3FB78   mr   r3,r31
80004458:  83E1000C   lwz   r31,12(r1)
8000445C:  80010014   lwz   r0,20(r1)
80004460:  7C0803A6   mtlr   r0
80004464:  38210010   addi   r1,r1,16
80004468:  4E800020   blr   
8000446C:  4D657472   .word   0x4d657472
80004470:  6F776572   xoris   r23,r27,25970
80004474:  6B732054   xori   r19,r27,8276
80004478:  61726765   ori   r18,r11,26469
8000447C:  74205265   andis.   r0,r1,21093
80004480:  73696465   andi.   r9,r27,25701
80004484:  6E74204B   xoris   r20,r19,8267
80004488:  65726E65   oris   r18,r11,28261
8000448C:  6C20666F   xoris   r0,r1,26223
80004490:  7220506F   andi.   r0,r17,20591
80004494:  77657250   andis.   r5,r27,29264
80004498:  43000000   bdnz-   0x80004498
8000449C:  00000000   .word   0x00000000
800044A0:  00000000   .word   0x00000000
800044A4:  00000000   .word   0x00000000[/spoiler]

[Deathwolf]

No I mean which ine of this addresses?

[spoiler]800043B8:  4182001C   beq-   0x800043d4
800043BC:  54E4402E   rlwinm   r4,r7,8,0,23
800043C0:  54E3C00E   rlwinm   r3,r7,24,0,7
800043C4:  54E0801E   rlwinm   r0,r7,16,0,15
800043C8:  7CE42378   or   r4,r7,r4
800043CC:  7C600378   or   r0,r3,r0
800043D0:  7C870378   or   r7,r4,r0
800043D4:  54A0D97F   rlwinm.   r0,r5,27,5,31
800043D8:  3866FFFD   subi   r3,r6,3
800043DC:  4182002C   beq-   0x80004408
800043E0:  90E30004   stw   r7,4(r3)
800043E4:  3400FFFF   subic.   r0,r0,1
800043E8:  90E30008   stw   r7,8(r3)
800043EC:  90E3000C   stw   r7,12(r3)
800043F0:  90E30010   stw   r7,16(r3)
800043F4:  90E30014   stw   r7,20(r3)
800043F8:  90E30018   stw   r7,24(r3)
800043FC:  90E3001C   stw   r7,28(r3)
80004400:  94E30020   stwu   r7,32(r3)
80004404:  4082FFDC   bne+   0x800043e0
80004408:  54A0F77F   rlwinm.   r0,r5,30,29,31
8000440C:  41820010   beq-   0x8000441c
80004410:  3400FFFF   subic.   r0,r0,1
80004414:  94E30004   stwu   r7,4(r3)
80004418:  4082FFF8   bne+   0x80004410
8000441C:  38C30003   addi   r6,r3,3
80004420:  54A507BE   rlwinm   r5,r5,0,30,31
80004424:  2C050000   cmpwi   r5,0
80004428:  4D820020   beqlr-   
8000442C:  34A5FFFF   subic.   r5,r5,1
80004430:  9CE60001   stbu   r7,1(r6)
80004434:  4082FFF8   bne+   0x8000442c
80004438:  4E800020   blr   
8000443C:  9421FFF0   stwu   r1,-16(r1)
80004440:  7C0802A6   mflr   r0
80004444:  90010014   stw   r0,20(r1)
80004448:  93E1000C   stw   r31,12(r1)
8000444C:  7C7F1B78   mr   r31,r3
80004450:  4BFFFF39   bl   0x80004388
80004454:  7FE3FB78   mr   r3,r31
80004458:  83E1000C   lwz   r31,12(r1)
8000445C:  80010014   lwz   r0,20(r1)
80004460:  7C0803A6   mtlr   r0
80004464:  38210010   addi   r1,r1,16
80004468:  4E800020   blr   
8000446C:  4D657472   .word   0x4d657472
80004470:  6F776572   xoris   r23,r27,25970
80004474:  6B732054   xori   r19,r27,8276
80004478:  61726765   ori   r18,r11,26469
8000447C:  74205265   andis.   r0,r1,21093
80004480:  73696465   andi.   r9,r27,25701
80004484:  6E74204B   xoris   r20,r19,8267
80004488:  65726E65   oris   r18,r11,28261
8000448C:  6C20666F   xoris   r0,r1,26223
80004490:  7220506F   andi.   r0,r17,20591
80004494:  77657250   andis.   r5,r27,29264
80004498:  43000000   bdnz-   0x80004498
8000449C:  00000000   .word   0x00000000
800044A0:  00000000   .word   0x00000000
800044A4:  00000000   .word   0x00000000[/spoiler]

[BLU3Y]

Sorry i don't understand what you mean.

[Deathwolf]

When you set a breakpoint on this address "80E6A3E0", which one is the first instruction you will see of them?

[spoiler]800043B8:  4182001C   beq-   0x800043d4
800043BC:  54E4402E   rlwinm   r4,r7,8,0,23
800043C0:  54E3C00E   rlwinm   r3,r7,24,0,7
800043C4:  54E0801E   rlwinm   r0,r7,16,0,15
800043C8:  7CE42378   or   r4,r7,r4
800043CC:  7C600378   or   r0,r3,r0
800043D0:  7C870378   or   r7,r4,r0
800043D4:  54A0D97F   rlwinm.   r0,r5,27,5,31
800043D8:  3866FFFD   subi   r3,r6,3
800043DC:  4182002C   beq-   0x80004408
800043E0:  90E30004   stw   r7,4(r3)
800043E4:  3400FFFF   subic.   r0,r0,1
800043E8:  90E30008   stw   r7,8(r3)
800043EC:  90E3000C   stw   r7,12(r3)
800043F0:  90E30010   stw   r7,16(r3)
800043F4:  90E30014   stw   r7,20(r3)
800043F8:  90E30018   stw   r7,24(r3)
800043FC:  90E3001C   stw   r7,28(r3)
80004400:  94E30020   stwu   r7,32(r3)
80004404:  4082FFDC   bne+   0x800043e0
80004408:  54A0F77F   rlwinm.   r0,r5,30,29,31
8000440C:  41820010   beq-   0x8000441c
80004410:  3400FFFF   subic.   r0,r0,1
80004414:  94E30004   stwu   r7,4(r3)
80004418:  4082FFF8   bne+   0x80004410
8000441C:  38C30003   addi   r6,r3,3
80004420:  54A507BE   rlwinm   r5,r5,0,30,31
80004424:  2C050000   cmpwi   r5,0
80004428:  4D820020   beqlr-   
8000442C:  34A5FFFF   subic.   r5,r5,1
80004430:  9CE60001   stbu   r7,1(r6)
80004434:  4082FFF8   bne+   0x8000442c
80004438:  4E800020   blr   
8000443C:  9421FFF0   stwu   r1,-16(r1)
80004440:  7C0802A6   mflr   r0
80004444:  90010014   stw   r0,20(r1)
80004448:  93E1000C   stw   r31,12(r1)
8000444C:  7C7F1B78   mr   r31,r3
80004450:  4BFFFF39   bl   0x80004388
80004454:  7FE3FB78   mr   r3,r31
80004458:  83E1000C   lwz   r31,12(r1)
8000445C:  80010014   lwz   r0,20(r1)
80004460:  7C0803A6   mtlr   r0
80004464:  38210010   addi   r1,r1,16
80004468:  4E800020   blr   
8000446C:  4D657472   .word   0x4d657472
80004470:  6F776572   xoris   r23,r27,25970
80004474:  6B732054   xori   r19,r27,8276
80004478:  61726765   ori   r18,r11,26469
8000447C:  74205265   andis.   r0,r1,21093
80004480:  73696465   andi.   r9,r27,25701
80004484:  6E74204B   xoris   r20,r19,8267
80004488:  65726E65   oris   r18,r11,28261
8000448C:  6C20666F   xoris   r0,r1,26223
80004490:  7220506F   andi.   r0,r17,20591
80004494:  77657250   andis.   r5,r27,29264
80004498:  43000000   bdnz-   0x80004498
8000449C:  00000000   .word   0x00000000
800044A0:  00000000   .word   0x00000000
800044A4:  00000000   .word   0x00000000[/spoiler]

[BLU3Y]

I just did a new one
http://prntscr.com/2jnx1

[Deathwolf]

Ok, your hook address is 80361104: 81290000 lwz r0,0 (r9)
If you want to write a new value you should use this:


stwu r1,-80(r1)          # This is a ASM insturction which makes all registers (r14-r31) free.
stmw r14,8(r1)           # makes all registers (r14-r31) free.
lis r14,0x0000            # write 16 bit value too r14 (0000)
ori r14,r14,0x0000      # write 16 bit value (0000, which is now 00000000, so a 32 bit value)
lwz r14,0 (r9)            # load 32 bit value (r14) into r9 which is the address 80E6A3E0
lmw r14,8(r1)            # makes all registers (r14-r31) free.
addi r1,r1,80             # makes all registers (r14-r31) free.


When you assembly the code, you will get this:

C2361104 00000004
9421FFB0 BDC10008
3DC0XXXX 61CEXXXX
81C90000 B9C10008
38210050 00000000

XXXX and XXXX is for your value.
It's like XXXXXXXX (32 bit). You can fill in what ever you want

[BLU3Y]

Now i'm total confused how did you come to work all that out.

[Deathwolf]

All what you need are free registers to write a new value. To do this, we need to find a free register. Sometimes a register which has the value 00000000 is free. For example r19 seems to be free on your picture.

Now we need the "Assembly instructions" to make a new "command".
To write a new value to r19 we should use the so called instruction "lis" and "ori"

What does lis do? Example:
lis r19,0x1000 # write 1000 to register 19

and now ori:
ori r19,r19,0x2222 # write 2222 to register 19

The new value on register 19 is now 10002222 (a 32 bit value)



So, now we just need to load the value from r19, into r9. To do this, we need a new instruction. It's called "lwz" (load word). The so called "word" means your 32 bit value (10002222).

lwz r19,0(r9) # load r19 (10002222) into r9 (80E6A3E0)

The full code would be:

lis r19,0x1000
ori r19,r19,0x2222
lwz r19,0(r9)

Now you just need to assembly it and you will get this:
C2361104 00000002
3E601000 62732222
82690000 00000000


3E601000 = lis r19,0x1000
62732222 = ori r19,r19,0x2222
82690000  = lwz r19,0(r9)

[BLU3Y]

Thanks
I need sleep now but i'm going to check this out again.

[dcx2]

Most of Deathwolf's last post is wrong.

00000000 does not mean free/safe.  You can't touch the registers above r13 without using a stack frame.

Please try to use hex notation 0x for values that aren't addresses.

lis r19,0x1000 # put 0x10000000 in r19

ori r19,r19,0x2222 # bitwise or 0x2222 into r19

# r19 is now 0x10002222

And you have a uber fail with lwz.  lwz will load a value from memory into a register.

lwz r19,0(r9)  # r19 = [r9 + 0]; get the value at the address given by 0(r9) and put that value into r19

If you wanted to write a value from a register into memory, you would use stw.

stw r19,0(r9)  # [r9 + 0] = r19

Finally, your most recent C2 code does not include the original instruction.

---

You can't specify 50000 in the assembler, it will complain because it expects signed decimal operands, so you have to or it in, which explains the oddly useless lis r12,0

lis r12,0
ori r12,r12,0xC350
stw r12,0(r9)
lwz r0,0(r9)

Using ASMWiiRD, the assembly will compile into this C2 code.

C2361104 00000003
3D800000 618CC350
91890000 80090000
60000000 00000000

---

EDIT: you can't always use r0, but in this case it will work.  Note that I don't include the original instruction because r0 already has the correct value and the lwz is therefore unnecessary.

lis r0,0
ori r0,r0,0xC350
stw r0,0(r9)

C2361104 00000002
3C000000 6000C350
90090000 00000000

[Bully@Wiiplaza]

The full code would be:

lis r19,0x1000
ori r19,r19,0x2222
lwz r19,0(r9)

So, now we just need to load the value from r19, into r9. To do this, we need a new instruction. It's called "lwz" (load word). The so called "word" means your 32 bit value (10002222).

All what you need are free registers to write a new value. To do this, we need to find a free register. Sometimes a register which has the value 00000000 is free. For example r19 seems to be free on your picture.

xDDDDDDDDDDDDDDDD

back to being serious.

If our original instruction is
lwz rX, Y (rX)

we want to use the following template:

lis r12, 0xTTTT
ori r12, r12, 0xWWWW
stw r12, Y (rZ)
lwz rX, Y (rX)

but in that case we have

lwz rX, Y (rZ)

therefore we use

lis rX, 0xTTTT
ori rX, rX, 0xWWWW
stw rX, Y (rZ)

it´s the best possible way, pretty much what dcx2 already said :p

[Deathwolf]

00000000 does not mean free/safe.  You can't touch the registers above r13 without using a stack frame.

Volderbeek,mdmwii used registers above r13 too without any stack frame. It works for me too when I use a register which is above r13 and has the value 00000000. It's not right that you HAVE to use everytime a stack frame if you want to use a register which is above r13.

Mario Bros. 99 lifes
C206066C 00000002
3DC00000 61CE0063
91C30000 00000000

lis r14,0x0000
ori r14,r14,0x0063
stw r14,0(r3)

r14 has the value 00000000




Mario Bros. 99 lifes
C206066C 00000002
3DC00000 61CE0063
91C30000 00000000

lis r15,0x0000
ori r15,r15,0x0063
stw r15,0(r3)

r15 has the value 00000000

Mario Bros. 99 lifes
C206066C 00000002
3E000000 62100063
92030000 00000000

lis r16,0x0000
ori r16,r16,0x0063
stw r16,0(r3)

r16 has the value 00000000



And ups, I'm using r19 which has the value 00000008

Mario Bros. 99 lifes
C206066C 00000002
3E600000 62730063
92630000 00000000

lis r19,0x0000
ori r19,r19,0x0063
stw r19,0(r3)


http://imageshack.us/photo/my-images/26/unbenanntsuvx.png/

[Bully@Wiiplaza]

00000000 does not mean free/safe.  You can't touch the registers above r13 without using a stack frame.

Volderbeek,mdmwii used registers above r13 too without any stack frame. It works for me too when I use a register which is above r13 and has the value 00000000. It's not right that you HAVE to use everytime a stack frame if you want to use a registers which is above r13.

the point is that it could crash when you use a register that has a value of 00000000 if it´s still used and just randomly zero.