Your are right about forgetting the 0x0014, I missed that too, lul. Considering enemy addresses can end in 0x0 (like Celia's), that will be an issue. You will need to find another way to determine a discrepancy between Celia vs Enemies. Whatever happen to that Link Register thing you mentioned about before?
--
Oh by the way, that IABR concept related source will work. I made a mockup of it for an MKWii code. I didn't include was the address save in the EVA of the C0 code and the address checks in the IABR routine (address in EVA vs IABR), since I didn't need those parts in the source as MKWii doesn't have the relocatable elf issues.
Anyway for those who stumble upon this thread, here's a region free Shared Item Code (Item: Star) using C0 codetype and the Instruction Address Breakpoint Register. I doubt this will work on Dolphin, runs perfect on real hardware.
C0000000 00000008
3C60807A 38007FFF
7C0903A6 3CA0D877
60A512ED 81630000
85830004 7D606278
7C050000 4182000C
4200FFEC 4E800020
60630003 7C72FBA6
4E800020 00000000
06001300 0000001C
38600009 56EC007E
906C0020 7D9A02A6
398C0004 7D9A03A6
4C000064 00000000
C0 Code source:
06 String Write Source (overwrite IABR exception call)
--
Oh by the way, that IABR concept related source will work. I made a mockup of it for an MKWii code. I didn't include was the address save in the EVA of the C0 code and the address checks in the IABR routine (address in EVA vs IABR), since I didn't need those parts in the source as MKWii doesn't have the relocatable elf issues.
Anyway for those who stumble upon this thread, here's a region free Shared Item Code (Item: Star) using C0 codetype and the Instruction Address Breakpoint Register. I doubt this will work on Dolphin, runs perfect on real hardware.
C0000000 00000008
3C60807A 38007FFF
7C0903A6 3CA0D877
60A512ED 81630000
85830004 7D606278
7C050000 4182000C
4200FFEC 4E800020
60630003 7C72FBA6
4E800020 00000000
06001300 0000001C
38600009 56EC007E
906C0020 7D9A02A6
398C0004 7D9A03A6
4C000064 00000000
C0 Code source:
Code:
#IABR compiler statement
.set IABR, 1010
#Set First Loop Load Address
lis r3, 0x807A
#Search will be from 0x807A0000 thru 0x807C0000
#Set amount of times to search (0x20000 bytes / 4 = 0x8000 words); so we'll set the amount to 0x7FFF to scrap the one search so we can save one insruction on the source, lul
li r0, 0x7FFF
mtctr r0
#Set the crude checksum
#480012CD (before default instruction) XOR'd with 90770020 (default insruction) = D87712ED
lis r5, 0xD877
ori r5, r5, 0x12ED
#Loop
loop:
#Load double word at r3, and then increment r3 by 4
lwz r11, 0 (r3)
lwzu r12, 0x4 (r3)
#Xor double word together; compare XOR checksums
xor r0, r11, r12
cmpw r5, r0
beq- found
#not yet found, keep trying
bdnz+ loop
blr #If no find, end C0. Do NOT update EVA nor IABR
#Found it!
found:
#Flip bits of 30 and 31 high, this is needed for IABR (BE and TE)
ori r3, r3, 0x0003
mtspr IABR, r3 #Broadway says we need a context-synchronizing instruction after this but considering there's a huge amount of time from when this instruction executes to when the IABR is taken, its not needed
#blr #End C0; uncomment if NOT using pyiiasmh and then adjust compiled code so it can be a proper C0
06 String Write Source (overwrite IABR exception call)
Code:
li r3, 9 #Set the shared item
clrlwi r12, r23, 1 #Change r23's address to physical
stw r3, 0x0020 (r12) #Update new item
mfsrr0 r12 #Grab address that IABR triggered on
addi r12, r12, 4 #We must increment to return back to shared item adress+4. Or else the IABR will be triggered again and we will be in a infinite loop
mtsrr0 r12 #Update new srr0 (address to go to when exception is over)
rfi #END EXCEPTION!