I sent you something in PM.
Some ways to attempt to find the function...
- Search for the file paths (in hex converted from ASCII) on the RAM Viewer. set up read BPs when Wii is booting, or when viewing the Wii ID.
- You could run a search for any compiled instructions that use a 16 bit signed VALUE of 03FC. So a branch link occurs to the checksum function, the checksum subroutine is done. At the end r3 holds the checksum word) and then returns back (branch link register). The next instruction would be a stw r3, 0x03FC(rX). This is the instruction that stores the checksum to the file. So once you find that, just look at the branch link above, and the address value that is listed for the branch is the address I need.
Visual example (random addresses used)
80456000 bl - > 0x80563488 (this would point to the start of the checksum function)
80456004 stw r3, 0x03FC (rX) (this instruction takes the r3 return value from the function and stores to the file)
There may be a possibility that there is an extra instruction (before the stw, after the bl) to setup a reference address for rX.
-
Also, you can try (backup your dolphin nand first) reformatting the nand. And set Read BPs on the file path (during beginning of factory setup), cuz the wii will need to create new cfg and cbk files then checksum them.
- Another way...
Copy paste part of the subroutine from MKWii's NETCalc (you will just have to wing it and guess a small portion to use). and see if you can find it in RAM when running the system menu. It could be the System Menu's CRC32 function is just slightly diff than MKWii;s.
- Yet another possible way.
Try to find the exe file for the old school Dolphin Unbanner. In the source code (if you can find that too) there will be something to define macros then do a CRC32 checksum. If you have Ghidra, open the exe file in Ghidra. Hopefully there is some sort of symbol mapping that Ghidra can fine/supply. It will not be in PowerPC ASM, but instructions are similar enough to try to convert a list of them and search for them in RAM when the system menu is running. Hell you could convert the whole subroutine from Arm ASM to Power PC ASM.
Some ways to attempt to find the function...
- Search for the file paths (in hex converted from ASCII) on the RAM Viewer. set up read BPs when Wii is booting, or when viewing the Wii ID.
- You could run a search for any compiled instructions that use a 16 bit signed VALUE of 03FC. So a branch link occurs to the checksum function, the checksum subroutine is done. At the end r3 holds the checksum word) and then returns back (branch link register). The next instruction would be a stw r3, 0x03FC(rX). This is the instruction that stores the checksum to the file. So once you find that, just look at the branch link above, and the address value that is listed for the branch is the address I need.
Visual example (random addresses used)
80456000 bl - > 0x80563488 (this would point to the start of the checksum function)
80456004 stw r3, 0x03FC (rX) (this instruction takes the r3 return value from the function and stores to the file)
There may be a possibility that there is an extra instruction (before the stw, after the bl) to setup a reference address for rX.
-
Also, you can try (backup your dolphin nand first) reformatting the nand. And set Read BPs on the file path (during beginning of factory setup), cuz the wii will need to create new cfg and cbk files then checksum them.
- Another way...
Copy paste part of the subroutine from MKWii's NETCalc (you will just have to wing it and guess a small portion to use). and see if you can find it in RAM when running the system menu. It could be the System Menu's CRC32 function is just slightly diff than MKWii;s.
- Yet another possible way.
Try to find the exe file for the old school Dolphin Unbanner. In the source code (if you can find that too) there will be something to define macros then do a CRC32 checksum. If you have Ghidra, open the exe file in Ghidra. Hopefully there is some sort of symbol mapping that Ghidra can fine/supply. It will not be in PowerPC ASM, but instructions are similar enough to try to convert a list of them and search for them in RAM when the system menu is running. Hell you could convert the whole subroutine from Arm ASM to Power PC ASM.