Pointer in pointer in pointer in pointer...

Dude · November 09, 2011, 11:31:59 AM

I've got a bit of an odd problem that I've only ever encountered in PC games.

I've been following the ASM of a game and found that an address that gets read from is loaded from a pointer.
THAT address is also loaded from a pointer and the address for THAT is also loaded into a pointer, etc, etc, etc.

I've found an address that leads to the first address and it is loaded when the level is loaded up. It is always the same address and changes for each level with the same value being written each time the level is loaded. (the value changes per level)

--------------

Now that I've found the root address to start from...how would I write a pointer in pointer in pointer in pointer code that ends with a 32bit write?

It starts in an address in MEM2 and, after the pointers, ends up in MEM1.

Hope this is, in fact, possible. Thanks in advance.

Bully@Wiiplaza · November 09, 2011, 01:04:03 PM

why donÂ´t you just use the assembly to write your value then?

Dude · November 09, 2011, 01:08:05 PM

I've yet to attempt making any code using ASM.
And I'm a little sketchy about how to hook in, where to hook in, etc.

Is it not possible to create a multi-level pointer write code?

Also, would this be the correct time to attempt to create an ASM code?

Bully@Wiiplaza · November 09, 2011, 01:27:38 PM

Quote from: Dude on November 09, 2011, 01:08:05 PM
I've yet to attempt making any code using ASM.
And I'm a little sketchy about how to hook in, where to hook in, etc.

Is it not possible to create a multi-level pointer write code?

Also, would this be the correct time to attempt to create an ASM code?

I would suggest to follow the pointer series back to the beginning and when thereÂ´s the value of interest, set a read bp on it and once it breaks write some code like li rX, 0xYYYY stw rX, ZZ (rW) and thatÂ´s about it (probably).

dcx2 · November 09, 2011, 03:07:05 PM

You can use a 48 code to load the initial pointer, and then a bunch of 5801 codes to dereference each pointer in the cascade. If you have negative pointers, use a 5A01 code for the offset first, followed by a 5801 with an offset of 0.

Make sure to use a DE check after EVERY 48 and 5801 code to make sure that the loaded pointer is in the right memory region.

Dude · November 10, 2011, 12:03:11 AM

dcx2, again, you are a star.

I wasn't sure which codetypes would be correct for following a pointer in pointer in pointer, etc. It took a little playing around but 5 mins later I got it figured.

Thanks so much.

I'll have to give the method you suggested a try, Bully.
I keep meaning to break into ASM codes but could always find a method using simple codetypes.

Either way, I've figured out how to discover the pointers based on ASM breakpoints alone :D

Never seen a wii game using 5 pointers before.

WiiRd forum

News:

Pointer in pointer in pointer in pointer...

Dude

Bully@Wiiplaza

Dude

Bully@Wiiplaza

dcx2

Dude