Mario Kart Wii Gecko Codes, Cheats, & Hacks
RAM Dump [Vega] - Printable Version

+- Mario Kart Wii Gecko Codes, Cheats, & Hacks (https://mariokartwii.com)
+-- Forum: Cheat Codes (https://mariokartwii.com/forumdisplay.php?fid=51)
+--- Forum: Misc/Other (https://mariokartwii.com/forumdisplay.php?fid=55)
+--- Thread: RAM Dump [Vega] (/showthread.php?tid=1279)

RAM Dump [Vega] - Vega - 09-17-2019

RAM Dump [Vega]

This code will make a RAM Dump for you (Mem80 - 81 only) and dump the contents to your Wii's NAND.

This code is only useful if you don't have Dolphin to do a RAM Dump.

How to Use the Code:
Whenever you want to initiate the RAM Dump, just press your activator. The game will freeze/stall for around 25-30 full seconds (be patient). Afterwards, you will be returned to the Wii Main Menu.

Launch HBC, use an app such as WiiXplorer. There will be a new directory created at the root of NAND, and it will be named after your game's Game ID. There should be a total of 128 files in the directory (000 - 127). The files will have no specific file extension. Copy paste the directory to your SD/USB, and back them up on your computer. Once you have them backed up on your computer, delete the directory off of your NAND.

Use a Hex Editor (such as HxD) to append all the files in order. Once completed, you will have an entire Mem80-81 RAM Dump. Congratz!

It's recommended to only run this code a few times for whatever Wii you are using this on (do whatever Dumps you need and be done with it). Using this code numerous times can cause premature wear to the Wii's NAND.

NTSC-U
2834XXXX YYYYZZZZ
C20095F4 00000030
3EC08000 3F96FFFD
3B600080 3EA00003
80960000 4800000D
2F585858 58000000
7C6802A6 90830001
BBC30000 BFC10008
3F408016 38800000
38A00003 38C00003
38E00003 63599DD4
7F2803A6 4E800021
2C03FF97 4182000C
2C030000 41800110
3BA0FFFF 4800000D
2F253033 64000000
7C8802A6 7C972378
3BBD0001 7FA5EB78
7EE4BB78 3861000D
3D808001 618C0ECC
7D8803A6 4E800021
2C030000 418000C8
38610008 38800000
38A00003 38C00003
38E00003 6359ABD4
7F2803A6 4E800021
2C030000 418000A0
38610008 38800002
6359ADBC 7F2803A6
4E800021 2C030000
41800084 7C781B78
3F9C0003 7F84E378
2C1D0000 40A20048
38800020 80ADA358
80A50024 3D808022
618C9490 7D8803A6
4E800021 38E3FFFC
3896FFFC 3CA0C000
54A5843E 84C40004
94C70004 34A5FFFF
4082FFF4 7C641B78
7F03C378 7EA5AB78
6359B220 7F2803A6
4E800021 7C03A800
40820014 7F03C378
6359B2E4 7F2803A6
4E800021 377BFFFF
4082FF10 3D80801A
618C87B8 7D8803A6
4E800020 00000000
E0000000 80008000

PAL
2834XXXX YYYYZZZZ
C2009634 00000030
3EC08000 3F96FFFD
3B600080 3EA00003
80960000 4800000D
2F585858 58000000
7C6802A6 90830001
BBC30000 BFC10008
3F408016 38800000
38A00003 38C00003
38E00003 63599E74
7F2803A6 4E800021
2C03FF97 4182000C
2C030000 41800110
3BA0FFFF 4800000D
2F253033 64000000
7C8802A6 7C972378
3BBD0001 7FA5EB78
7EE4BB78 3861000D
3D808001 618C1A2C
7D8803A6 4E800021
2C030000 418000C8
38610008 38800000
38A00003 38C00003
38E00003 6359AC74
7F2803A6 4E800021
2C030000 418000A0
38610008 38800002
6359AE5C 7F2803A6
4E800021 2C030000
41800084 7C781B78
3F9C0003 7F84E378
2C1D0000 40A20048
38800020 80ADA360
80A50024 3D808022
618C9814 7D8803A6
4E800021 38E3FFFC
3896FFFC 3CA0C000
54A5843E 84C40004
94C70004 34A5FFFF
4082FFF4 7C641B78
7F03C378 7EA5AB78
6359B2C0 7F2803A6
4E800021 7C03A800
40820014 7F03C378
6359B384 7F2803A6
4E800021 377BFFFF
4082FF10 3D80801A
618C8858 7D8803A6
4E800020 00000000
E0000000 80008000

NTSC-J
2834XXXX YYYYZZZZ
C2009590 00000030
3EC08000 3F96FFFD
3B600080 3EA00003
80960000 4800000D
2F585858 58000000
7C6802A6 90830001
BBC30000 BFC10008
3F408016 38800000
38A00003 38C00003
38E00003 63599D94
7F2803A6 4E800021
2C03FF97 4182000C
2C030000 41800110
3BA0FFFF 4800000D
2F253033 64000000
7C8802A6 7C972378
3BBD0001 7FA5EB78
7EE4BB78 3861000D
3D808001 618C1950
7D8803A6 4E800021
2C030000 418000C8
38610008 38800000
38A00003 38C00003
38E00003 6359AB94
7F2803A6 4E800021
2C030000 418000A0
38610008 38800002
6359AD7C 7F2803A6
4E800021 2C030000
41800084 7C781B78
3F9C0003 7F84E378
2C1D0000 40A20048
38800020 80ADA360
80A50024 3D808022
618C9734 7D8803A6
4E800021 38E3FFFC
3896FFFC 3CA0C000
54A5843E 84C40004
94C70004 34A5FFFF
4082FFF4 7C641B78
7F03C378 7EA5AB78
6359B1E0 7F2803A6
4E800021 7C03A800
40820014 7F03C378
6359B2A4 7F2803A6
4E800021 377BFFFF
4082FF10 3D80801A
618C8778 7D8803A6
4E800020 00000000
E0000000 80008000

NTSC-K
2833XXXX YYYYZZZZ
C200973C 00000030
3EC08000 3F96FFFD
3B600080 3EA00003
80960000 4800000D
2F585858 58000000
7C6802A6 90830001
BBC30000 BFC10008
3F408016 38800000
38A00003 38C00003
38E00003 63599F10
7F2803A6 4E800021
2C03FF97 4182000C
2C030000 41800110
3BA0FFFF 4800000D
2F253033 64000000
7C8802A6 7C972378
3BBD0001 7FA5EB78
7EE4BB78 3861000D
3D808001 618C1A94
7D8803A6 4E800021
2C030000 418000C8
38610008 38800000
38A00003 38C00003
38E00003 6359AD10
7F2803A6 4E800021
2C030000 418000A0
38610008 38800002
6359AEF8 7F2803A6
4E800021 2C030000
41800084 7C781B78
3F9C0003 7F84E378
2C1D0000 40A20048
38800020 80ADA380
80A50024 3D808022
618C9B88 7D8803A6
4E800021 38E3FFFC
3896FFFC 3CA0C000
54A5843E 84C40004
94C70004 34A5FFFF
4082FFF4 7C641B78
7F03C378 7EA5AB78
6359B35C 7F2803A6
4E800021 7C03A800
40820014 7F03C378
6359B420 7F2803A6
4E800021 377BFFFF
4082FF10 3D80801A
618C8BB4 7D8803A6
4E800020 00000000
E0000000 80008000


Code creator: Vega
Code credits: Megazig (ISFS Functions, Return to Menu function), RiiDefi (Egg Alloc function)


Source:

#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#

#

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Compilation Region Setting #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

.set region, '' #Fill in E, P, J, or K within the quotes for your region when Compiling! Lowercase letters can also be used.

#~~~~~~~~~~~~~~~~~~~~#
# Macros & Variables #
#~~~~~~~~~~~~~~~~~~~~#

.macro call_link address
    lis r12, \address@h
    ori r12, r12, \address@l
    mtlr r12
    blrl
.endm

.macro call_isfs address
    ori r25, r26, \address@l
    mtlr r25
    blrl
.endm

.macro call_nolink address
    lis r12, \address@h
    ori r12, r12, \address@l
    mtlr r12
    blr
.endm

.if    (region == 'E' || region == 'e') # RMCE
    .set sprintf, 0x80010ECC
    .set ISFS_CreateDir, 0x9DD4
    .set ISFS_CreateFile, 0xABD4
    .set ISFS_Open, 0xADBC
    .set ISFS_Write, 0xB220
    .set ISFS_Close, 0xB2E4
    .set Egg_Alloc, 0x80229490
    .set Wii_Menu, 0x801A87B8
.elseif (region == 'P' || region == 'p') # RMCP
    .set sprintf, 0x80011A2C
    .set ISFS_CreateDir, 0x9E74
    .set ISFS_CreateFile, 0xAC74
    .set ISFS_Open, 0xAE5C
    .set ISFS_Write, 0xB2C0
    .set ISFS_Close, 0xB384
    .set Egg_Alloc, 0x80229814
    .set Wii_Menu, 0x801A8858
.elseif (region == 'J' || region == 'j') # RMCJ
    .set sprintf, 0x80011950
    .set ISFS_CreateDir, 0x9D94
    .set ISFS_CreateFile, 0xAB94
    .set ISFS_Open, 0xAD7C
    .set ISFS_Write, 0xB1E0
    .set ISFS_Close, 0xB2A4
    .set Egg_Alloc, 0x80229734
    .set Wii_Menu, 0x801A8778
.elseif (region == 'K' || region == 'k') # RMCK
    .set sprintf, 0x80011A94
    .set ISFS_CreateDir, 0x9F10
    .set ISFS_CreateFile, 0xAD10
    .set ISFS_Open, 0xAEF8
    .set ISFS_Write, 0xB35C
    .set ISFS_Close, 0xB420
    .set Egg_Alloc, 0x80229B88
    .set Wii_Menu, 0x801A8BB4
.else # Invalid Region
    .err
.endif

#~~~~~~~~~~~~~~~~#
# Register Notes #
#~~~~~~~~~~~~~~~~#

#Code ends in blr, no need to save anything

# r31 = file name within directory-file name string (for sprintf formatting)
# r30 = used in the lmw & stmw instructions
# r29 = file name incrementer
# r28 = Write address (r4 arg) for ISFS_Write
# r27 = Mega Loop Counter
# r26 = 0x8016 for ISFS calls
# r25 = For ISFS Macros
# r24 = fd for ISFS_Close
# r23 - Backup r4 sprintf arg
# r22 - 0x80000000
# r21 - 0x30000
# r1 + 8 = Start of file pathway string
# r1 + 0xD = File Name within file pathway string

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Load Game ID, Setup ISFS_Write r4's arg for later, Set Mega Loop Counter #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

lis r22, 0x8000
addis r28, r22, -3 #Sets r28 as 0x7FFD0000
li r27, 0x80 #128 total files

#0x817FFFFF - 0x80000000 (then plus 1) = 0x1800000. 0x1800000 / 0x80 = 0x30000
#0x80 is the mega loop counter
#0x30000 is ISFS_Write Amount

lis r21, 3 #This amount will be used multiple times later

lwz r4, 0x0 (r22)

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Make incomplete file path, Store to Stack #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

bl make_dir

.string "/XXXX\0\0"

make_dir:
mflr r3

stw r4, 0x1 (r3) #Fill in Game ID Ascii for String

#~~~~~~~~~~~~~~~~~~~~~~~~#
# Store Pathway to Stack #
#~~~~~~~~~~~~~~~~~~~~~~~~#

lmw r30, 0x0 (r3)
stmw r30, 0x8 (r1)

#~~~~~~~~~~~~~~~~~~~~~~~#
# Set ISFS Macro Prefix #
#~~~~~~~~~~~~~~~~~~~~~~~#

lis r26, 0x8016

#~~~~~~~~~~~~~~~~~~~~~~#
# Create the Directory #
#~~~~~~~~~~~~~~~~~~~~~~#

li r4, 0
li r5, 3
li r6, 3
li r7, 3

call_isfs ISFS_CreateDir

cmpwi r3, -105
beq- dir_already_exists

cmpwi r3, 0
blt- big_error

dir_already_exists:
li r29, -1

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Create File Name, Append it to File Pathway String #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

bl the_integer

.string "/%03d\0\0"

the_integer:
mflr r4
mr r23, r4

#~~~~~~~~~~~#
# Mega Loop #
#~~~~~~~~~~~#

#~~~~~~~~~~~~~~~~~~~~~~~~~#
# SprintF Setup Then Call #
#~~~~~~~~~~~~~~~~~~~~~~~~~#

mega_loop:
addi r29, r29, 1 #Increment File Name
mr r5, r29 #Move updated file name to r5's sprintf arg
mr r4, r23 #Place in Sprintf r4 arg
addi r3, r1, 0xD #This will point right after '/RMCX'

call_link sprintf
cmpwi r3, 0
blt- __error

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Create New File Based off new Name #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

addi r3, r1, 8
li r4, 0
li r5, 3
li r6, 3
li r7, 3

call_isfs ISFS_CreateFile
cmpwi r3, 0
blt- __error

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Open the newly created File with Write Permissions #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

addi r3, r1, 8
li r4, 2

call_isfs ISFS_Open
cmpwi r3, 0
blt- __error

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Write the File (Dump current 0x30000 bytes of Mem80) #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

#r3 already set from fd return
mr r24, r3 #Backup fd for ISFS_Close

addis r28, r28, 3 #ISFS_Write mem location r4 arg incrementer
mr r4, r28

#~~~~~~~~~~~~~#
# File Checks #
#~~~~~~~~~~~~~#

#For some reason the Wii Console (Dolphin not an issue) doesn't like to use ISFS_Write r4 Arg of 0x80000000

#Subroutine will have customized r3, r4 return values suited for ISFS_Write

cmpwi r29, 0
bne+ start_isfs_write

#~~~~~~~~~~~~~#
# Fix for 000 #
#~~~~~~~~~~~~~#

li r4, 0x20

.if (region == 'E' || region == 'e')
lwz r5, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p')
lwz r5, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j')
lwz r5, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k')
lwz r5, -0x5C80(r13)
.endif

lwz r5, 0x0024 (r5)

call_link Egg_Alloc

addi r7, r3, -4 #Set Storing Address
addi r4, r22, -4 #Set Loading Address, r22 is 0x80000000 for note

lis r5, 0xC000
srwi r5, r5, 16 #0xC000 words which is 0x30000 bytes

silly_loop:
lwzu r6, 0x4 (r4)
stwu r6, 0x4 (r7)
subic. r5, r5, 1
bne+ silly_loop

mr r4, r3 #Put Heap pointer in r4 for ISFS_Write arg
mr r3, r24 #Put fd back into r3 due to it being lost when Egg_Alloc was called

start_isfs_write:
mr r5, r21 #Set r5 arg for ISFS_Write

call_isfs ISFS_Write

cmpw r3, r21
bne- __error

#~~~~~~~~~~~~#
# Close File #
#~~~~~~~~~~~~#

mr r3, r24
call_isfs ISFS_Close

#~~~~~~~~~~~~~~~~~~~~~#
# Decrement Mega Loop #
#~~~~~~~~~~~~~~~~~~~~~#

__error:
subic. r27, r27, 1
bne+ mega_loop

#~~~~~~~~~~~~~~~~~~~~#
# Return to Wii Menu #
#~~~~~~~~~~~~~~~~~~~~#

big_error:
call_nolink Wii_Menu

#

#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#

RE: RAM Dump [Vega] - Vega - 09-17-2019

I'm out of town atm, so I can't test this on a real Wii. It works on Dolphin. If somebody can test this, that would be great. Be sure to read all the instructions before running the code.

This could be useful for those who don't have Dolphin and need RAM Dumps.

RE: RAM Dump [Vega] - JoshuaMK - 09-17-2019

This is cool

RE: RAM Dump [Vega] - Vega - 09-17-2019

I had somebody test the code for me and it's not working on the Wii console. It creates the file '000' (out of 128 total) and has no data. I think I already know what the problem is. The Wii doesn't like it when you use the very beginning of virtual memory (0x80000000) for an ISFS_Write function.

Will probably have to do something 'hacky' to get around this.

RE: RAM Dump [Vega] - Vega - 09-20-2019

Bump. Added some source to bypass the ISFS_Write issue. Code now works on the Wii Console.

RE: RAM Dump [Vega] - Ro_ - 05-23-2020

Console create files, however, all of them are empty

RE: RAM Dump [Vega] - Vega - 05-23-2020

It works fine for me. How are you loading/applying your codes? Are you running any other codes with this?

Fyi I'm using standard gct file on SD card and running MKW on USB Loader GX r1272 w/ VBI Hook

Another FYI: If you are trying to do this on Wiimmfi online, it won't work. Wiimmfi blocks the use of ios_open which is used by ISFS_Open.

RE: RAM Dump [Vega] - JoshuaMK - 05-23-2020

Thats kinda scary ngl, wiimmfi be vibin

RE: RAM Dump [Vega] - Vega - 05-23-2020

(05-23-2020, 02:14 AM)JoshuaMK Wrote: Thats kinda scary ngl, wiimmfi be vibin

There's no functions in the game during online that ever use ios_open so I'm guessing they blocked it just because.

Obviously, you can work around it, but that would make the code much longer (plus 'hacky') and I don't like having two separate 'versions' of the same code.

Would just be easier to dump the Wiimmfi-Online RAM on Dolphin.