Tutorial on the Pointer Trick
NOTICE: For intermediate-level ASM Coders.
Explanation Of When To Use Pointer Trick
Let's say you are working on a code that consists of different ASM Codes. The 1st ASM Code needs to retrieve a value from dynamic memory, and then store it to an unused space in memory (examples provided will use the Exception Vector Area, read this HERE for details of that Area) that will later be loaded via into a register during a 2nd ASM Code. Unfortunately, when you set a breakpoint on this value in dynamic memory, it doesn't break at all.
What you can do is find a nearby unrelated value that is not too far away from the value you would normally set a BP on. It would be ideal to find another value that gets read or written to every frame. Meaning it will break any time that you need it to break.
This will take some trial and error obviously.
Methods of Use
For example, let's say we found where your IP Address is at in dynamic memory after a wifi login, this will be our value that we will want to store the Exception Vector Area on our 1st ASM Code to later use it in a 2nd ASM Code. After some searching around you are able to find the IP Address value in dynamic memory. You place a Read Breakpoint on it, then proceed to login to wifi. But the breakpoint doesn't work (never breaks), and a Write Breakpoint doesn't work either. However in dynamic memory we see that 0x4 after the IP Address is a halfword value. So instead, we set a Read Breakpoint on that halfword value, and try the wifi login again. Now the game breaks with this instruction...
Code:
lhz r5, 0x0108 (r27) #Default InstructionWith this instruction, we know that the value of r27 + 0x0108 points to the location in memory of the halfword value that we had the breakpoint on. Since our IP address is 0x4 before this halfword value, we can easily conclude that r27 + 0x0104 points to our IP Address.
---
Method #1 Store Pointer to Memory
In the instruction shown above, r27 is our 'pointer'. For your first ASM code, you can store the pointer to the Exception Vector Area (example location 0x80001600). Like this...
Code:
lis r5, 0x8000 #r5 is safe because contents will be replaced by default instruction anyway
stw r27, 0x1600 (r5) #Store Pointer
lhz r5, 0x0108 (r27) #Default InstructionThen on your 2nd ASM code, when you need to load the IP Address into a register, you do this...
Code:
lis r12, 0x8000 #Set 1st Half Address of Exception Vector Area; assume r12 is safe for use
lwz r12, 0x1600 #Load the Pointer into r12
lwz r12, 0x0104 (r12) #r12 now contains the IP Address ready for use in 2nd ASM Code---
Method #2
Instead of storing the pointer, you can load the IP Address via offset 0x0104 of r27 into a free register on the first ASM Code. Then store the IP Address to the Exception Vector Area like this....
Code:
lwz r5, 0x0104 (r27) #IP Address in r5
lis r12, 0x8000 #Assume r12 is safe for use
stw r5, 0x1600 (r12) #Store IP Address to Vector Area
lhz r5, 0x0108 (r27) #Default InstructionThat way, you normally load the value (IP Address) on your 2nd ASM like this...
Code:
lis r12, 0x8000 #Assume r12 is safe for use
lwz r12, 0x1600 (r12) #IP Address now in r12 ready for use in 2nd ASM CodeConclusion
Alright, so now you know not to give up hope entirely if your breakpoints are not working. Try the pointer trick, it may get your code to work. Thanks for reading.