Teleporting code

[Bully@Wiiplaza]

Sorry for the long break between posts my grandad died so I was at his funeral. So I think I found the address and there was a few instances of lwz and stw. How would I  test to see if this is the right address with out making a code that might crash the game?

you do some execute breakpoints on it.
IF your destination register does never change it´s value, it won´t crash...
Just keep collecting breaks until you found a reasonable one. ;D

Here´s another example on doing an assembly teleporter (link teleporter for skyward sword -PAL- [bully@wiiplaza])
[spoiler]Hook: 80244A9C

stwu r1,-80(r1)
stmw r14,8(r1)

lis r14, 0x805F
ori r14, r14, 0xDE0A
lhz r14, 0 (r14)

lis r15, 0x8000

cmpwi r14, 0x1
bne- _END

lwz r16, 192 (r31)
lwz r17, 196 (r31)
lwz r18, 200 (r31)
stw r16, 0x1500 (r15)
stw r17, 0x1504 (r15)
stw r18, 0x1508 (r15)

_END:

cmpwi r14, 0x2
bne- _END2

lwz r19, 0x1500 (r15)
lwz r20, 0x1504 (r15)
lwz r21, 0x1508 (r15)
stw r19, 192 (r31)
stw r20, 196 (r31)
stw r21, 200 (r31)

_END2:

lwz r14,8(r1)
addi r1,r1,80

lfs f2,192(r31)[/spoiler]
I kept the coding/source so that I can make easy changes to it.
I made spaces so that it´s easier to understand. ASMWiiRd has no problems with converting such a code using branch labels and spaces, though.
If I just got such useful examples as I didn´t understand all that...

[toonlink444]

I assume this is a button activator
[spoiler]lis r14, 0x805F
ori r14, r14, 0xDE0A
lhz r14, 0 (r14)
[/spoiler]

and these store the addresses value
[spoiler]lwz r16, 192 (r31)
lwz r17, 196 (r31)
lwz r18, 200 (r31)
stw r16, 0x1500 (r15)
stw r17, 0x1504 (r15)
stw r18, 0x1508 (r15)
[/spoiler]

and these load
[spoiler]lwz r19, 0x1500 (r15)
lwz r20, 0x1504 (r15)
lwz r21, 0x1508 (r15)
stw r19, 192 (r31)
stw r20, 196 (r31)
stw r21, 200 (r31)
[/spoiler]
so whats the rest of the code for?

[Bully@Wiiplaza]

stack frame ("make room for more registers"), compares ("if pressed") and original instruction ("lfs"). :p

[toonlink444]

is the orginal instruction needed?

[Anarion]

yes. bully's teleporting assembly is a good template for asm teleporters. all you have to replace are the Y and Z placeholders which should be the same as what is shown on your original instruction.

stwu r1,-80(r1)
stmw r14,8(r1)
lis r14,-32768
lis r15,0xWWWW -------1st half of button activator address
ori r15,r15,0xWWWW --/2nd half of button activator address
lhz r15,0(r15)
cmpwi r15,0xTTTT -----button value to save coordinates
bne- 0x1C
lwz r16,YYY(rZ)
lwz r17,YYY(rZ) --------the original 'offset' plus 4 goes in place of Y here
lwz r18,YYY(rZ) --------the original 'offset' plus 8 goes in place of Y here
stw r16,5632(r14)
stw r17,5636(r14)
stw r18,5640(r14)
cmpwi r15,0xTTTT -----button value to restore saved coordinates
bne- 0x1C
lwz r19,5632(r14)
lwz r20,5636(r14)
lwz r21,5640(r14)
stw r19,YYY(rZ)
stw r20,YYY(rZ) ------the original 'offset' plus 4 goes in place of Y here
stw r21,YYY(rZ) ------the original 'offset' plus 8 goes in place of Y here
lmw r14,8(r1)
addi r1,r1,80
[original instruction]

[Bully@Wiiplaza]

the original instruction is pretty much always needed.
Give me a try on an universal template. Sry Jay, but yours is a bit confusing. ;D
[spoiler]
Hook: 8SSSSSSS

stwu r1,-80(r1)
stmw r14,8(r1)

lis r14, 0x80XX
ori r14, r14, 0xXXXX
lhz r14, 0 (r14)

lis r15, 0x8000

cmpwi r14, 0xzzzz
bne- _COORDSNOTSAVED

lwz r16, TTT (rWW)
lwz r17, TTT + 4 (rWW)
lwz r18, TTT + 8 (rWW)
stw r16, 0x1500 (r15)
stw r17, 0x1504 (r15)
stw r18, 0x1508 (r15)

_COORDSNOTSAVED:

cmpwi r14, 0xZZZZ
bne- _COORDSNOTRESTORED

lwz r19, 0x1500 (r15)
lwz r20, 0x1504 (r15)
lwz r21, 0x1508 (r15)
stw r19, TTT (rWW)
stw r20, TTT + 4 (rWW)
stw r21, TTT + 8 (rWW)

_COORDSNOTRESTORED:

lwz r14,8(r1)
addi r1,r1,80

IIII qPP, TTT (rWW)

SSSSSSS = BP Read Address on X Coordinate (may only execute for one same address)
XXXXXX = Button Activator Address
IIII = Default Instruction Name (lfs, lwz, etc.)
q = Register Type (Float "f" or Normal "r")
PP = Register Number (1-31)
TTT = Default Instruction Offset
WW = Default Instruction Source/Destination Register Number (1-31)
zzzz = Button Value for "Store Coordinates"
ZZZZ = Button Value for "Load Coordinates"[/spoiler]

[Anarion]

the original instruction is pretty much always needed.
Give me a try on an universal template. Sry Jay, but yours is a bit confusing. ;D
[spoiler]
Hook: 8SSSSSSS

stwu r1,-80(r1)
stmw r14,8(r1)

lis r14, 0x80XX
ori r14, r14, 0xXXXX
lhz r14, 0 (r14)

lis r15, 0x8000

cmpwi r14, 0xzzzz
bne- _COORDSNOTSAVED

lwz r16, TTT (rWW)
lwz r17, TTT + 4 (rWW)
lwz r18, TTT + 8 (rWW)
stw r16, 0x1500 (r15)
stw r17, 0x1504 (r15)
stw r18, 0x1508 (r15)

_COORDSNOTSAVED:

cmpwi r14, 0xZZZZ
bne- _COORDSNOTRESTORED

lwz r19, 0x1500 (r15)
lwz r20, 0x1504 (r15)
lwz r21, 0x1508 (r15)
stw r19, TTT (rWW)
stw r20, TTT + 4 (rWW)
stw r21, TTT + 8 (rWW)

_COORDSNOTRESTORED:

lwz r14,8(r1)
addi r1,r1,80

IIII qPP, TTT (rWW)

SSSSSSS = BP Read Address on X Coordinate (may only execute for one same address)
XXXXXX = Button Activator Address
IIII = Default Instruction Name (lfs, lwz, etc.)
q = Register Type (Float "f" or Normal "r")
PP = Register Number (1-31)
TTT = Default Instruction Offset
WW = Default Instruction Source/Destination Register Number (1-31)
zzzz = Button Value for "Store Coordinates"
ZZZZ = Button Value for "Load Coordinates"[/spoiler]

but its your template. i just did not include detailed explanations. the assembly it is shown exactly as it is when the code is disassembled. :D


edit: ahh yes. i see a mistake

[dcx2]

To make sure you found the right address, set the Write BP on your coordinates, then when it hits, press Step so that the stw is executed, then go back to memview and poke the coordinate to something else.  If it takes, then you will teleport once.  If it doesn't take, then you didn't find the right coordinate address, or you need a different hook.

Also, one thing to keep in mind is that you don't need to use a hook that is reading/writing to coordinates for a teleporter.  Since some games use the same functions for reading/writing everyone's coordinates, it might cause problems to use that hook.

Instead, once you know the offset to the coordinates (which you can get from the BP), you can go find any other ASM hook that runs every frame and has a pointer to the character you want to teleport.  For instance, you could possibly set a RBP on Mario's hit points to get a hook which uses Mario's pointer, and then use that pointer with the coordinate offsets to handle the teleportation.  Since other characters in the game won't have their HP displayed on the screen, you don't have to worry about the hook executing with other characters.

[toonlink444]

Quick noobish question in the bne instruction how do I know what to put in it (bne-0x??)

To make sure you found the right address, set the Write BP on your coordinates, then when it hits, press Step so that the stw is executed, then go back to memview and poke the coordinate to something else.  If it takes, then you will teleport once.  If it doesn't take, then you didn't find the right coordinate address, or you need a different hook.

You said step over before

[dcx2]

In the simple case, you'd just count how many instructions you want to skip, add 1 to it, then multiply by 4.  So to skip two instructions, you would do bne 0xC.

In the WiiRD or Gecko.NET assembler, you can patch a branch by giving its absolute address, and the app will convert the absolute address to a relative offset for you.  This is a special feature of WiiRD/Gecko.NET in particular.  This only works because the address of the branch and its destination are known it is assembled.

If you're writing your own ASM routine for ASMWiiRD or PyiiASMH, then you can just use branch labels.  In Bully's example, the branch labels are _COORDSNOTSAVED and _COORDSNOTRESTORED.  This is easier than counting instructions.

By convention, I typically prefix branch labels with an underscore, and I make them all caps.  You can use the branch label to avoid calculating the branch distance by hand.  The "destination" of the label will be the label suffixed with a :

---

Step Into and Step Over behave the same, except when the current instruction is a bl.  Step Over will step "over" the bl so that you are not taken into its execution.  Step Into will step "into" the bl so you can keep following it along.  Step Out is different, it will always take you "out" of the current function to the caller.

[toonlink444]

Gotcha. Alrighty back to work havent sat down and really worked hard on the assembling.

[toonlink444]

Well none of my addresses took so I'm left to searching again. Is there a possiblity that the addresses are stored differently?

[dcx2]

Did you make sure to step, so that the stw had already executed?  If you poke before stepping, the stw will over-write your poke.

It's also possible there's more than one copy of the coordinates.

[Bully@Wiiplaza]

Also, one thing to keep in mind is that you don't need to use a hook that is reading/writing to coordinates for a teleporter.  Since some games use the same functions for reading/writing everyone's coordinates, it might cause problems to use that hook.

Instead, once you know the offset to the coordinates (which you can get from the BP), you can go find any other ASM hook that runs every frame and has a pointer to the character you want to teleport.  For instance, you could possibly set a RBP on Mario's hit points to get a hook which uses Mario's pointer, and then use that pointer with the coordinate offsets to handle the teleportation.  Since other characters in the game won't have their HP displayed on the screen, you don't have to worry about the hook executing with other characters.

good point, but e.g. Mario is the only "object" that is affected by the coordinates assembly.
Same for Link on Skyward Sword, James Bond on GE (Story Mode).

My template will probably fail, when it does use multiple people´s coordinates (had that on Water Warfare).
Then, an additional branch probably does the job ("are we affecting P1 or not?")
Alternatively, one can use Pointer + Gecko Register, if it should not affect anything else. :P

[toonlink444]

yep I hit step over every time it broke on a stw then poked. Should I poke even if it isn't stw?