Coding Questions and other Quandaries
#51
So the actual address in CTR when breaking on the ori command during the jump routine is 0x800499CC

Naturally, I found that one of the attack bp's had an address in CTR that ended with 0xC also, so I
adjusted the code accordingly:

ori r4, r4, 1
mfctr r0
andi. r0, r0, 0xff
cmpwi r0, 0xcc
bne- end_code
rlwinm r4, r4, 0, 0, 30
end_code:

However, this immediately locks the game up on bootup.
Activating after taking control of the player worked and the code seemed to be working fine until I reached a
cutscene. Screen went black and only had audio.

Cleaned up r0,

ori r4, r4, 1
mfctr r0
andi. r0, r0, 0xff
cmpwi r0, 0xcc
bne- end_code
rlwinm r4, r4, 0, 0, 30
end_code:
li r0, 0

and the code worked like a champ.
The code also worked when I entered the second stage. Yay!!!

Changed operations to r12:

ori r4, r4, 1
mfctr r12
andi. r12, r12, 0xff
cmpwi r12, 0xcc
bne- end_code
rlwinm r4, r4, 0, 0, 30
end_code:

And the code works great. Just played through the first four stages with no problems.
Much better than having to use a button activator.

Good job!!!! Thanks!!!!
Reply
#52
Nice work.
Reply
#53
First code making use of the LR. Infinite health.
Because of where I was at at the time, when I first started fudging around with this game, all I was able to do was give myself infinite health, along with the enemies SadSadSad

Had to use two different checks with LR so the game wouldn't freeze during cutscenes etc.

Has worked fine as far as I have gotten into the game

Let me know if you see any craziness in it.

Specifics:

LR = 0x80073798 During cutscenes/intros
LR = 0x800798E4 When taking damage


Army Men Sarge's War (GCN)

sub. r28, r28, r5 #ASM default code. Amount of damage taken
mflr r11 #ASM move address in LR to r11
andi. r11, r11, 0xfff #ASM drop bits 0 -> 20
cmpwi r11, 0x798 #ASM if in cutscene branch to the_end
beq- the_end
mflr r12 #ASM move address in LR to r12
andi. r12, r12, 0xfff #ASM drop bits 0 -> 20
cmpwi r12, 0x8e4 #ASM equal if taking damage; if not, branch to the_end
bne- the_end
li r28, 0x12C #ASM load r28 with full health value to be stored shortly.
the_end:
lis r12, 0x7F85 #ASM Loads r12 with upper half-word of default code 0x7F85E051
ori r12, r12, 0xE051 #ASM Loads r12 with lower half-word of default code 0x7F85E051
lis r11, 0x8007 #ASM Loads r11 with upper half-word of address default code to be stored at 0x8007673C
ori r11, r11, 0x673C #ASM Loads r11 with lower half-word of address default code to be stored at 0x8007673C
stw r12, 0x0 (r11) #ASM restores original code when not taking damage or during cutscenes/intros
Reply
#54
Been under the weather (still am), so apologies for the late reply and if my foggy brain misunderstood any part of your post.

Code:
sub. r28, r28, r5 #r28 minus r5. Place result in r28. Do cmpwi r28, 0.

To modify this instruction to not subtract anything else, you can could just use an 04 RAM Write to rewrite the default instruction... (obviously this won't work out the player vs enemy issue, just showing you some options for running into a sub instruction)

Code:
subi r28, r28, 0

In fact, you don't even need this (nor do you need something such as 'li r28, 0x12C'). Since r28 is part of the source and destination register, we just want r28 to keep its previous value. Therefore we don't need any default instruction, just 'nop' it. (04xxxxxx 60000000)

--

In regards to player vs enemy, try checking the GVR's in that index method I explained awhile ago if you haven't already.


Code:
lis r12, 0x7F85 #ASM Loads r12 with upper half-word of default code 0x7F85E051
ori r12, r12, 0xE051 #ASM Loads r12 with lower half-word of default code 0x7F85E051
lis r11, 0x8007 #ASM Loads r11 with upper half-word of address default code to be stored at 0x8007673C
ori r11, r11, 0x673C #ASM Loads r11 with lower half-word of address default code to be stored at 0x8007673C
stw r12, 0x0 (r11) #ASM restores original code when not taking damage or during cutscenes/intros

There's no need for this, because nowhere earlier in you source did you rewrite the default instruction itself. But let's say this was the case, this would still be incorrect. Broadway (like all other modern microprocessors) utilizes cache. To keep things really simple, what you see in Memory isn't exactly what is occurring on the 'physical level' of the CPU.

Either way it's pretty neat to see how you did come up with the idea of rewriting instructions on your own.

Before I became ill, I had a few tutorials (one being about cache and rewriting executable instructions) that I was wrapping up and planning on posting. Maybe it's time to get some motivation and finish those up.

--

Another issue I can see in your source is that the default instruction has a record feature which includes the modification of the Condition Register (cr0). This could cause a slew of problems because the game is obviously running some sort of branch route after the default instruction based on the result of the CR (cr0). When you execute a basic 'cmpwi' instruction, you are modifying cr0 based on the results from said cmpwi instruction. And any typical conditional branch instruction (i.e. beq) will check the bits of cr0 and execute accordingly.

I would find a slightly diff place to hook the C2 to instead at that default instruction. If not, you're gonna wanna run comparisons & conditional branches in your source using cr7. But even if you did, then cr0 still might not be in a proper state, because the default instruction always has it updated before the branch route. So this better concludes to hook the C2 somewhere else. More info on the CR -> https://mariokartwii.com/showthread.php?tid=1743
Reply
#55
My wife and I, to this day, still love playing Wii Sports Resort Bowling.
I, more than she, enjoyed the training modes in the original Wii sports.
But I thought one type of training mode is missing. Splits Practice.

So using my elementary knowledge of button activators, I came up with a code that through
the pressing of various button combinations and such, allowed you to practice the hardest split combinations
noted by USA Bowling.

You should have seen the look on my wife's face when she rolled her first ball and all of a sudden the
7 - 10 splits appeared. Priceless!!!! She knows I hack, so she immediately turned to me and said, "what did you do?"

The problem though, is that once you enter my splits mode, you can't go back to a standard game
unless you totally reboot the game, which with USBLoader can be a drag.

So I sat down for the last couple of mornings and came up with a good working code.
It definitely needs some tweaking though.

I tried doing this with strictly Gecko codes for the activation button press cycling part, but just ended up tying my brain in knots.
So I attacked it from the ASM angle.
Deactivation is simple enough with ASM/Gecko.

For reference, I found a nice piece of RAM not being used, (at least from boot up to the bowling games).
I used 0x80AF6000 for storing the (-) button presses, to step through the different splits configurations, via conditionals.

It's a bit "wordy" lol.

See you at the bottom Smile Smile Smile

C201D30C 00000005
A0050000 2C071000
40820018 3D6080AF
616B6000 818B0000
398C1000 918B0000
60000000 00000000
E0000000 80000000
28AF6000 00000001
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126ACA9 00000000
0126B225 00000000
0126B7A1 00000000
0126BD1D 00000001
0126C299 00000000
0126C815 00000000
0126CD91 00000001
E0000000 80000000
28AF6000 00000002
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126ACA9 00000001
0126B225 00000000
0126B7A1 00000001
0126BD1D 00000001
0126C299 00000000
0126C815 00000000
0126CD91 00000001
E0000000 80000000
28AF6000 00000003
01269C35 00000001
0126A1B1 00000001
0126A72D 00000001
0126ACA9 00000001
0126B225 00000001
0126B7A1 00000001
0126BD1D 00000001
0126C299 00000001
0126C815 00000001
0126CD91 00000001
E0000000 80000000
28AF6000 00000004
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126ACA9 00000001
0126B225 00000000
0126B7A1 00000001
0126BD1D 00000001
0126C299 00000001
0126C815 00000000
0126CD91 00000001
E0000000 80000000
28AF6000 00000005
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126ACA9 00000001
0126B225 00000000
0126B7A1 00000001
0126BD1D 00000000
0126C299 00000000
0126C815 00000000
0126CD91 00000001
E0000000 80000000
28AF6000 00000006
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126ACA9 00000001
0126B225 00000000
0126B7A1 00000001
0126BD1D 00000001
0126C299 00000000
0126C815 00000000
0126CD91 00000000
E0000000 80000000
28AF6000 00000007
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126ACA9 00000001
0126B225 00000000
0126B7A1 00000001
0126BD1D 00000000
0126C299 00000000
0126C815 00000000
0126CD91 00000000
E0000000 80000000
28AF6000 00000008
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126ACA9 00000000
0126B225 00000000
0126B7A1 00000000
0126BD1D 00000001
0126C299 00000000
0126C815 00000001
0126CD91 00000000
E0000000 80000000
28AF6000 00000009
01269C35 00000000
0126A1B1 00000000
0126A72D 00000001
0126ACA9 00000000
0126B225 00000000
0126B7A1 00000000
0126BD1D 00000001
0126C299 00000000
0126C815 00000001
0126CD91 00000000
E0000000 80000000
28AF6000 0000000A
01269C35 00000000
0126A1B1 00000001
0126A72D 00000000
0126ACA9 00000000
0126B225 00000000
0126B7A1 00000000
0126BD1D 00000000
0126C299 00000001
0126C815 00000000
0126CD91 00000001
E0000000 80000000
28AF6000 0000000B
01269C35 00000001
0126A1B1 00000001
0126A72D 00000001
0126ACA9 00000001
0126B225 00000001
0126B7A1 00000001
0126BD1D 00000001
0126C299 00000001
0126C815 00000001
0126CD91 00000001
E0000000 80000000
28AF6000 0000000C
02AF6000 00000001
E0000000 00000000
28708D40 00000100
0401D30C A0050000
02AF6000 00000000
E0000000 80008000

Are you still with me???

Here's the ASM. I hijacked the control line read cycle at 0x8001D30C:

lhz r0, 0(r5) #ASM r7 holds value of button being pressed
cmpwi r7, 0x1000 #ASM if (-) button not being held, the_end:
bne- the_end
lis r11, 0x80AF #ASM Loads upper half-word of address being monitored 0x80AF6000
ori r11, r11, 0x6000 #ASM Loads lower half-word of address being monitored 0x80AF6000
lwz r12, 0(r11) #ASM Loads word currently held in monitor address
addi r12, r12, 0x1000 #If (-) button pressed, adds 0x1000 to value currently held in monitor address
stw r12, 0(r11) #ASM Stores increase in (-) button strokes
the _end:

The deactivation part is pretty simple. Pressing 2 writes the original word at the insert, and sets
the monitor address back to 0x0.

28708D40 00000100 #If button 2 pressed
0401D30C A0050000 #Writes original code at insert
02AF6000 00000000 #Resets monitor address so no splits configuration conditionals met until next (-) press

The rest of the code is Gecko conditionals and writes for the different split configurations.
And a conditional to reset the monitor address back to the first splits configuration.
Unfortunately there is an offset between the different pin addresses or this would have been
easy to do with a lot less code.

So the obvious question is, how to achieve all the writes in a more condensed way.

At some point, I'd like to do the same thing to the 100 pin game, but doing it this way would
result in a 900+ line code.

And also, how to make a gecko code for the (-) button press so it only adds 0x1000 to the monitor
address each time it is pressed.

The way my code is now, because I'm using the control line read cycle, as you press (-) the value increments very quickly by 0x1000 obviously. However, the game can't update the pins as quickly as the conditionals are met this way so it makes trying to cycle through the configurations haphazard and unpredictable.

I adjusted the split configuration conditionals to monitor bits 12 - 15 of the monitor address instead to make it more user friendly.
Still could use a little more tweaking to sink up with the pin updates.

[Gone bowling]
Reply
#56
Code:
lis r11, 0x80AF #ASM Loads upper half-word of address being monitored 0x80AF6000
ori r11, r11, 0x6000 #ASM Loads lower half-word of address being monitored 0x80AF6000
lwz r12, 0(r11) #ASM Loads word currently held in monitor address
addi r12, r12, 0x1000 #If (-) button pressed, adds 0x1000 to value currently held in monitor address
stw r12, 0(r11) #ASM Stores increase in (-) button strokes
the_end:

You should never have to load and store with an offset of zero,

Get rid of the 'ori r11, r11, 0x6000'

Update the load and stores using a 0x6000 offset.

Code:
01269C35 00000001
0126A1B1 00000001
0126A72D 00000001
0126ACA9 00000001
0126B225 00000001
0126B7A1 00000001
0126BD1D 00000001
0126C299 00000001
0126C815 00000001
0126CD91 00000001

Since every byte here is the same written value and it appears the addresses are spaced out equally, you could use an '08' Gecko Codetype for a Serial Write. Will chop that down to just 2 lines of compiled code.

Code:
addi r12, r12, 0x1000 #If (-) button pressed, adds 0x1000 to value currently held in monitor address

Why are you adding 0x1000 to 0x80AF60000 when the 16-bit If Statements you have are checking for Hex digit values at 0x80AF6000 (0x1, 0x2, 0x3, 0x4 etc)?

I'm geniunely confused by your code, maybe because it's written in such a weird fashion.

For diff button combo for each pin configuration, you can do this (no C2 ASM required)...

Code:
28708D40 YYYY0100
01... ...
01... ...
... ...
01... ...
E0000000 00000000
28708D40 YYYY0200
01... ...
01... ...
... ...
01... ...
E0000000 00000000
28708D40 YYYY0400
01... ...
01... ...
... ...
01... ...
E0000000 00000000
28708D40 YYYY0800
01... ...
01... ...
... ...
01... ...
E0000000 00000000
28708D40 YYYY1000
01... ...
01... ...
... ...
01... ...
E0000000 80008000

I threw in random button values using only 5 total pin configurations, but it should give you an idea on how to expand it.

(12-21-2021, 11:59 PM)Hackwiz Wrote: The problem though, is that once you enter my splits mode, you can't go back to a standard game
unless you totally reboot the game, which with USBLoader can be a drag.

The template I provided above might solve that problem too (as long as you don't press any button activation combo sometime right before a whole new game is setup; the USA Bowling game has to null out or do something to those pin values by default I imagine...)
Reply
#57
BTW, I saw your post about Army Men code after I posted the Wii bowling thing.
I'll check it out since I'll have some down time for the weekend.

But as far as the bowling goes:

"You should never have to load and store with an offset of zero,
Get rid of the 'ori r11, r11, 0x6000'
Update the load and stores using a 0x6000 offset."

Ok. I didn't have to, I did it because it just seemed easy and the logical thing to do [noob].
But I get what you're saying.

Regarding the pin configuration with all of the pins present:

"Since every byte here is the same written value and it appears the addresses are spaced out equally, you could use an '08' Gecko Codetype for a Serial Write. Will chop that down to just 2 lines of compiled code."

Does that mean I'm SOL in shortening the amount of writes with pin configurations that do not have the same written value?

-----------------------------------------------------------------------------------------------------------

I'll try to explain this part better:


addi r12, r12, 0x1000 #If (-) button pressed, adds 0x1000 to value currently held in monitor address
stw r12, 0(r11) #ASM Stores increase in (-) button strokes

"Why are you adding 0x1000 to 0x80AF60000 when the 16-bit If Statements you have are checking for Hex digit values at 0x80AF6000 (0x1, 0x2, 0x3, 0x4 etc)?
I'm geniunely confused by your code, maybe because it's written in such a weird fashion.

As far as weird, I love Frank Zappa bwaahaahaahaahaa...
You ain't seen nothin' yet Smile

so the addi/store command is storing the WORD 0x00001000 (and its additions) at 0X80AF6000

00001000
00002000
00003000
etc.
My conditionals were originally set up to compare the half word at 80AF6000
And when reaching 0xC000 (end of splits configurations), writing 0x1000 at the monitor address to go back to the top of the configurations list.

this is how my conditionals were originally written:

28AF6002 00001000
...write split configuration #
28AF6002 00002000
...write split configuration #

But because of the fast cycle due to the hijacking of the control line read cycle (writing to the monitor address), pressing the (-) button causes the 0x1000 to add up very quickly.
Again, there is a lag between the conditional being met and the actual pin placement.

without the conditional "write 0x1000 at the monitor address when reaching 0xC000 (end of splits configurations),

80AF6000

will go 0x00001000 -> 0x0000F000

and then

0x00011000 -> 0x0001F000
0x00021000 -> 0x0002F000

and so on.

So to slow the cycling down and adjust for the conditional/pin placement lag, I changed the conditionals to monitor the upper half-word of 80AF6000, like so:

28AF6000 00000001
...write split configuration #
28AF6000 00000002
...write split configuration #

I just have to adjust the conditionals values a wee bit to get it perfect.

Hope that makes sense.


"For diff button combo for each pin configuration, you can do this (no C2 ASM required)..."

That was how I did it originally, but trying to remember the button combos was a pain.


Thanks for the input!!!!!!
Reply
#58
I drew up a matrix of the different pins standing between the different splits configurations, and the ones that aren't standing.
One of the configurations is all pins standing, which is great for practicing trying to throw strikes.
Using that as the first configuration, I can add to or take away pins starting there.
For instance, none of the splits has pin #1 standing, so I only need to zero out pin number one's address once in the configuration immediately following the
all pins standing configuration.
Lot's of unneeded writes. With a little planning I should be able to shorten the code considerably.
Reply
#59
(12-22-2021, 01:36 PM)Hackwiz Wrote: Does that mean I'm SOL in shortening the amount of writes with pin configurations that do not have the same written value?

Unfortunately, yes.

Also, you further explanation on adding 0x1000 makes perfect sense now.

Regarding the button-frame-too-quick issue. You can utilize ASM to incorporate 'button statuses'. You would need a spot to keep these statuses safe at.

So in your C2 ASM code, the source could be something like this...

Code:
#Get some registers, backup LR
mflr r12
stwu sp, -0x0050 (sp)
stmw r14, 0x8 (sp)

#Get button(s) pressed, check against desired activator
lhz r0, 0(r5) #Default Instruction
andi. r14, r0, 0xXXXX #Your desired button(s), need r0 intact so place result in r14
lis r14, 0x8000 #Before taking the branch, set r14 to its new value, upper 16 bits of EVA
bne- button_has_been_pressed

#Nothing Pressed, Reset Button Status
li r15, 0
stb r15, 0x3FF (r14)
b the_end

#Button Pressed, Adjust Button Status
#0 = Not Pressed
#1 = Pressed
button_has_been_pressed:
lbz r15, 0x3FF (r14)
cmpwi r15, 1
beq- the_end
li r15, 1
stb r15, 0x3FF (r14)

#Update Pin Config tracker
lbz r15, 0x03FE (r14)
addi r15, r15, 1

#Check if it exceeded max config allowed (only 3 configs allowed in this source currently - 0, 1, and 2)
cmplwi r15, 3 #Check if we went beyond 2
blt+ store_tracker
li r15, 0 #Reset tracker byte
store_tracker:
stb r15, 0x03FE (r14)

The source keeps track of a button status at EVA 0x3FF (unused byte spot in Memory called the EVA btw) and a Pin Config Tracker (which pin config to use?) as a byte at EVA 0x3FE. That way if you hold the button activator after pressing it, it will NOT auto increment the Pin Config Tracker byte number. You will notice there's no landing spot for "the_end", that's because we still have more source left. Here's the rest of the source (rough draft), btw this is ALL hooked in that address you found (0x8001D30C) as a C2.

Code:
bl pin_config_table
#Config 1
.byte 00
.byte 00
.byte 00
.byte 00
.byte 00
.byte 00
.byte 01
.byte 00
.byte 00
.byte 01
#Config 2
.byte 01
.byte 00
.byte 01
.byte 00
.byte 01
.byte 00
.byte 01
.byte 00
.byte 01
.byte 00
#Config 3
.byte 01
.byte 01
.byte 01
.byte 01
.byte 01
.byte 01
.byte 01
.byte 01
.byte 01
.byte 01
.align 2 #Align the block of data
pin_config_table:
mflr r16

#Load Pin Config Tracker byte
lbz r17, 0x3FE (r14)

#Multiple Pin config by 0xA (10)
#0 x A = 0
#1 x A = A (10) #First button press uses this button config because of earlier "addi r15, r15, 1"
#2 x A = 14 (20)
#etc etc
mulli r17, r17, 0xA

#Use it as a indexed offset to load correct pin config from pin config table
#But first set the initial loop store address (0x81269C35 minus 0x57C = 0x812696B9)
#Each pin config byte address is equally separated by 0x57C
lis r18, 0x8126
ori r18, r18, 0x96B9

#Set first load address
add r16, r16, r17 #Points to correct pin config based on the index number recently calculated
subi r16, r16, 1

#Set loop amount (10 for 10 pins); we do not know about CTR safety on this hook so don't risk it
li r20, 10

#Update the pin config!
pin_write_loop:
lbzu r19, 0x1 (r16)
stbu r19, 0x57C (r18)
subic. r20, r20, 1
bne+ pin_write_loop

#The End
the_end:

#Pop stack, Recover LR
lmw r14, 0x8 (sp)
addi sp, sp, 0x0050
mtlr r12

I'll try to explain the rest of the source. Basically we create a pin config lookup table. Atm, only 3 configs are setup (why the first source did a check against the value of 3 being reached on the pin config tracker byte).

The tracker byte is loaded and basically adjusted so it will point to the correct pin config on our lookup table. I noticed that each pin that you modify in mem81 has every addressed equally separated by 0x57C. That means we can easily make a loop for this.

A loop is made to transfer the pin config bytes from the lookup table to all the mem81 byte addresses. Finally I added the spot for the "the_end", the place for the CPU to go if the button activator was not 'just-pressed'. And had to add some instructions at the very end to pop the frame and recover the LR.

The way that source is setup atm, the first config that will be used will be config 2 in the lookup table.

I basically threw the kitchen sink at you on this one tbh  Exclamation. There are slightly better ways to improve this source. Such as...

- Not using a lookup table within the ASM code itself. Write it all out via 06 and 08 Gecko writes to yet another unused spot in the EVA
- Don't use any stack shit, look around the code instruction's address for more free registers instead

Here's the code compiled with some fill-in values
Code:
C201D30C 00000017
7D8802A6 9421FFB0
BDC10008 A0050000
700EXXXX 3DC08000 #XXXX = button acitvator, fyi it's left unfilled in the source I provided, fill it before compiling
40820010 39E00000
99EE03FF 48000084
89EE03FF 2C0F0001
41820078 39E00001
99EE03FF 89EE03FE
39EF0001 280F000Z #Z = pin configs; the source I provided would compile this as 3
41A00008 39E00000
99EE03FE 48000025
00000000 00000100 #All the pin stuff, to add more pin configs to the table, you must add them in the [u]source[/u], then recompile; keep the ".align 2" at the bottom
00010100 01000100
01000100 01010101
01010101 01010000
7E0802A6 8A2E03FE
1E31000A 3E408126
625296B9 7E108A14
3A10FFFF 3A80000A
8E700001 9E72057C
3694FFFF 4082FFF4
B9C10008 38210050
7D8803A6 00000000

No idea if this will even work, probably not lol. I would step by step this before even running with it in the emulation 'normally'. I'm sure I messed up somewhere.

Some links that will explain all the elements of the source:

EVA: https://mariokartwii.com/showthread.php?tid=1106
Push/Pop Stack Method: https://mariokartwii.com/showthread.php?tid=873
Loops: https://mariokartwii.com/showthread.php?tid=975
"BL Trick" & Pseudo-Ops: https://mariokartwii.com/showthread.php?tid=977
Reply
#60
I'm pretty sure this is whats being done in Super Mario Galaxy in the transformations code.
Press a button repeatedly to cycle through Mario's different iterations, and then another to make the transformation take place.
What I had in mind when making the splits code.

I'll check this out in the next couple of days while I have some time to digest.

In the meantime, I managed to to eliminate 50 writes in the pin configurations. Woohoo!!!
Got rid of the 0x0000 offsets in the ASM.
I also decided to change the conditionals values, so that instead of playing the "push the button just right to make the configurations change game," you can just hold down
(-) and when the splits configuration you want to practice appears (pins now have plenty of time to set), you just release the button.

Here's the much abbreviated code:

C201D30C 00000004
A0050000 2C071000
40820014 3D6080AF
818B6000 398C1000
918B6000 00000000
E0000000 80000000
28AF6000 00000020
01269C35 00000001
0126A1B1 00000001
0126A72D 00000001
0126ACA9 00000001
0126B225 00000001
0126B7A1 00000001
0126BD1D 00000001
0126C299 00000001
0126C815 00000001
0126CD91 00000001
E0000000 80000000
28AF6000 00000040
01269C35 00000000
0126A1B1 00000000
0126A72D 00000000
0126B225 00000000
0126C815 00000000
E0000000 80000000
28AF6000 00000060
0126C299 00000000
E0000000 80000000
28AF6000 00000080
0126BD1D 00000000
E0000000 80000000
28AF6000 000000A0
0126BD1D 00000001
0126CD91 00000000
E0000000 80000000
28AF6000 000000C0
0126A1B1 00000001
0126ACA9 00000000
0126B7A1 00000000
0126BD1D 00000000
0126C299 00000001
0126CD91 00000001
E0000000 80000000
28AF6000 000000E0
0126A1B1 00000000
0126A72D 00000001
0126BD1D 00000001
0126C299 00000000
0126C815 00000001
0126CD91 00000000
E0000000 80000000
28AF6000 00000100
0126A72D 00000000
0126ACA9 00000001
0126B7A1 00000001
0126BD1D 00000000
0126C815 00000000
E0000000 80000000
28AF6000 00000120
0126ACA9 00000000
0126B7A1 00000000
0126BD1D 00000001
0126C815 00000001
E0000000 80000000
28AF6000 00000140
02AF6000 00000020
E0000000 00000000
28708D40 00000100
0401D30C A0050000
02AF6000 00000000
E0000000 80008000

With corrected ASM:

lhz r0, 0(r5)
cmpwi r7, 0x1000
bne- the_end
lis r11, 0x80AF
lwz r12, 0x6000 (r11)
addi r12, r12, 0x1000
stw r12, 0x6000 (r11)
the_end:

Cheers!!!
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)