11 hours ago
(Yesterday, 08:01 PM)Vega Wrote: So it appears there are two responsible instructions (funcs) that writes the character slot during character selection. Which is not too big of an issue. More code testing would need to be done to know which hook is best.
Do you mean "li r3, 0" and "blr"?
(Yesterday, 08:01 PM)Vega Wrote: You cannot hook my code's source using the address you've found for numerous reasons:
Reason 1: I used a slightly diff hook than what the game actually "broke" on when I've made the code (memory breakpoint to get hook address). I explained this back in post #52 https://mariokartwii.com/showthread.php?...6#pid10656
Code:The current hook address I didn't like because registers such as r11 weren't safe for use (which is very rare). So I needed to find a better hook address nearby.
The current hook address is within what is known as a Function.
When you get more advanced, you will learn about Function Calls -> https://mariokartwii.com/showthread.php?tid=1052
In a nutshell, my hook address was in a small small function, one without a prologue or epilogue. So its easy to know mostly what is going on in this function (form a higher level programming standpoint).
Anyway, if you scroll down a bit, the final instructions of the function are....
Address | Instruction
815b5268 | li r3, 0
815b526C | blr
Basically the function places a zero in r3 and uses the blr to return to its Parent function. It's telling the Parent function, "hey everything is good to go, keep doing what we need to do"
So anyway, this is a good hook address. At the end of functions (epilogues), registers r4 thru r12 are safe.
Same exact issue with your hook address, it's not ideal because scratch registers that are usually safe are not safe (i.e. r11)
Reason 2: Because of reason 1, r11 isn't safe (along with r10) so the code is gonna botch anyway even if its "coded right" because the source uses r11 and r10
Reason 3: You're using my default instruction for your address which won't work since the two default instructions are completely different. This also leads to you *not* including YOUR default instruction (stb r5, 0x498 (r3))
---
r27 at your hook address does appear to be the same type of constant pointer that we can use to reference the slot 0's packet (and the other slot packets)
r27 + 0x496 = slot 0's character "packet"
r27 + 0x498 = slot 0's character byte within packet
Each packet in memory separated by 0x28 bytes
r27 + 0x496 + 0x28 = slot 1's packet
r27 + 0x496 + 0x28 + 0x28 = slot 2's packet
etc etc...
Whatever game function you are currently hooked to (default instruction) appears to be a similar function to my default instruction. I can see that at 0x815B59e8 on you screenshot is li r3,0 then the instruction afterwards is blr (even though I can't see it).
Most of what I've explained won't make sense to you. It will once you become more advanced in PPC, and learn about Functions. Plus with just general experience, you will learn/know certain "tricks" and what not.
My question was more about why we have the exact same instructions but our addresses are completely different even though we are using the same region of the game.
(Yesterday, 08:01 PM)Vega Wrote: With all that being said, we simply change the Hook address to 0x815B59e8, and it should work as long as those character values you filled in are valid.
C35B59E8 00000008
7D8802A6 4800000D
030E0F03 0E0F0000
7D6802A6 396BFFFF
38600006 395B0470
7C6903A6 8C0B0001
9C0A0028 4200FFF8
7D8803A6 38600000
60000000 00000000
What I wanted to know was why that code only works for me in Dolp
hin but not on the Wii (it freezes when I select any character).