Coding Questions and other Quandaries
Btw Hackwiz, for making a C2 code on a address where its instruction value can change (due to module loading), you can throw a simple conditional on top of the C2 code like this..

#Example, you want to hook a C2 code @ 0x8045678C whenever its instruction is 0x901E0000.
2045678C 901E0000
C245678C 000000xx
...
...
...
E0000000 80008000

This should work even if a new module load rewrites in a new different instruction at your Hook. Because once the Code Handler gets executed again after that, it will *not* apply the C2 code because the instruction no longer equals 0x901E0000
Reply
That's what I was working on last night. It works... to an extent.
There are two addresses involved in modding characters. One in MEM1 and the other in MEM2.
The character values aren't a straight up simple 0x0 -> 0x11 for both of these addresses:

MEM1/MEM2

Mario 0x0/0x0
Luigi 0x1/0x1
Peach 0x2/0x2
Daisy 0x3/0x3
Wario 0x5/0x4
Waluigi 0x6/0x5
Yoshi 0x4/0x6
Koopa Troopa 0xB/0x7
Donkey Kong 0x7/0x8
Diddy Kong 0x9/0x9
Boo 0xC/0xA
Shy Guy 0xA/0xB
Bowzer 0x8/0xC
Bowzer Jr. 0xD/0xD
Fly Guy 0xE/0XE
Paratroopa 0xF/0xF
Wiggler 0x10/0x10
Petey Piranha 0x11/0x11

I used the character value rotator (minus the Mii value) used in Mario Sports Mix. (See Above)
Added another C0 code to pick up on the value from that address which is constantly cycling 0x0 -> 0x11
and correct as necessary to store in the MEM1 address:

loc_0x0:
lis r11, 0x8000
lhz r12, 976(r11) #ASM This is loading the 0x0 -> 0x11 character value rotator from EVA; this value to be stored in MEM2
cmpwi r12, 0x4 #ASM Comparing that value with ones that have different values in MEM1
addi r5, r12, 0x1 #ASM Make the proper adjustment needed and hold in r5
beq- change_it #ASM If it is one of the odd ball values, branch to change_it
cmpwi r12, 0x5
addi r5, r12, 0x1
beq- change_it
cmpwi r12, 0x6
subi r5, r12, 0x2
beq- change_it
cmpwi r12, 0x7
addi r5, r12, 0x4
beq- change_it
cmpwi r12, 0x8
subi r5, r12, 0x1
beq- change_it
cmpwi r12, 0xA
addi r5, r12, 0x2
beq- change_it
cmpwi r12, 0xB
subi r5, r12, 0x1
beq- change_it
cmpwi r12, 0xC
subi r5, r12, 0x4
bne- store_it

change_it:
mr r12, r5

store_it:
stw r12, 980(r11)
blr

This works fine as it is, although I want to add it to the first C0 code and hopefully lessen the length.

Made a simple button activator. Press C + Z after selecting a player. The character name changes as the character values change (no transformation though).
Release the buttons when the one you want is displayed then move on tho the next Player/Com.

Works great until you decide to quit a match and return to the main screen. The next time you enter the character selection screen, the pointer for the MEM2 address
does not update, (MEM1 is correct). Could be the module moved (?????)

Neat challenge.
Reply
I'm not sure what exactly you are doing with your code, but anyway....

Because the lefthand (MEM1) byte values that you've listed don't increase in perfect order, you can place those in a lookup table and use the righthand (MEM2) byte values as a loading offset in reference to the able

Adjust source so you can add the other things your code is suppose to do ofc

Code:
#Set EVA Upper
lis r11, 0x8000

#EVA Notes
#800003D0 = Byte for MEM1
#800003D1 = Byte for MEM2

#Load MEM2 char integer byte value
#Increment, check if its beyond max (0x11)
lbz r12, 0x3D1 (r11)
addi r12, r12, 1
cmplwi r12, 0x11
ble+ create_table

#Reset MEM1 and MEM2 bytes to Mario, then Store and end C0
li r10, 0
li r12, 0
b store_bytes

#Create the Table, but first backup C0 LR
create_table:
mflr r5

bl table
.byte 0x00 #Mario #Still needed in table for spacing so all other offset values will work in the lbzx instruction
.byte 0x01 #Luigi
.byte 0x02 #Peach
.byte 0x03 #Daisy
.byte 0x05 #Wario
.byte 0x06 #Waluigi
.byte 0x04 #Yoshi
.byte 0x0B #Koopa
.byte 0x07 #Donkey kong
.byte 0x09 #Diddy
.byte 0x0C #Boo
.byte 0x0A #Shy Guy
.byte 0x08 #Bowser
.byte 0x0D #BowserJr
.byte 0x0E #Fly Guy
.byte 0x0F #Para
.byte 0x10 #Wiggler
.byte 0x11 #Piranha
.align 2
table:
mflr r9

#Now based on newly incremented MEM2 value, load up byte value for MEM1
lbzx r10, r9, r12

#Restore LR
mtlr r5

#Store MEM1 and MEM2 bytes to EVA
store_bytes:
stb r10, 0x3D0 (r11)
stb r12, 0x3D1 (r11)

#End C0
blr

For compiled length comparisons here is my vs your source
C0000000 0000000B
3D608000 898B03D1
398C0001 280C0011
40A10010 39400000
39800000 4800002C
7CA802A6 48000019
00010203 0506040B
07090C0A 080D0E0F
10110000 7D2802A6
7D4960AE 7CA803A6
994B03D0 998B03D1
4E800020 00000000

C0000000 0000000F
3D608000 A18B03D0
2C0C0004 38AC0001
41820058 2C0C0005
38AC0001 4182004C
2C0C0006 38ACFFFE
41820040 2C0C0007
38AC0004 41820034
2C0C0008 38ACFFFF
41820028 2C0C000A
38AC0002 4182001C
2C0C000B 38ACFFFF
41820010 2C0C000C
38ACFFFC 40820008
7CAC2B78 918B03D4
4E800020 00000000
Reply
So how would I implement a CC000000 00000000 in my code below.

WWII Aces - Wii (USA) Stop & Start In Midair

28163880 00000300 #ASM Button Activator; Press 1 + 2 to restore normal flight (with some tweaks)
041E5988 40166666 #ASM 32 bit write; Max speed [floating point value]
041E598C 3FF33333 #ASM 32 bit write; Min speed [floating point value]
041E5998 3DCCCCCD #ASM 32 bit write; Acceleration [floating point value]
041E5990 3FD9999A #ASM 32 bit write; Plane Mass [floating point value]
E0000000 00000000 #ASM Half way terminator
28163880 00000402 #ASM Button Activator; Press B + D-pad Up to stop plane
041E5988 00000000 #ASM 32 bit write; Max speed [floating point value]
041E598C 00000000 #ASM 32 bit write; Min speed [floating point value]
041E5990 00000000 #ASM 32 bit write; Plane Mass [floating point value]
E0000000 80008000 #ASM Full terminator

Thanks!!!
Reply
Even though I've replied to you on Discord, I might as well post the reply here so future visitors will know

To change the code to use an On/Off switch, remove the halfway terminator and 2nd controller line

28163880 00000300 #ASM Button Activator; Press 1 + 2 to restore normal flight (with some tweaks)
041E5988 40166666 #ASM 32 bit write; Max speed [floating point value]
041E598C 3FF33333 #ASM 32 bit write; Min speed [floating point value]
041E5998 3DCCCCCD #ASM 32 bit write; Acceleration [floating point value]
041E5990 3FD9999A #ASM 32 bit write; Plane Mass [floating point value]
CC000000 00000000 #On/off switch
041E5988 00000000 #ASM 32 bit write; Max speed [floating point value]
041E598C 00000000 #ASM 32 bit write; Min speed [floating point value]
041E5990 00000000 #ASM 32 bit write; Plane Mass [floating point value]
E0000000 80008000 #ASM Full terminator
Reply
SpongeBob's Truth or Square - Wii (USA) "Moon Jump"

Press A & B to activate. Press A to release.

I was searching for "jump" in the symbol code map and found this:

ApexCheck__16zPlayerJumpBoardFP15xAnimTransitionP11xAnimSingle:
8005ef20 ApexCheck__16zPlayerJumpBoardF lfs f1, 0x0010 (r3)
8005ef24 ApexCheck__16zPlayerJumpBoardF lfs f0, 0x0020 (r3)
8005ef28 ApexCheck__16zPlayerJumpBoardF fcmpo cr0,f1,f0
8005ef2c ApexCheck__16zPlayerJumpBoardF cror 2, 1, 2
8005ef30 ApexCheck__16zPlayerJumpBoardF mfcr r3
8005ef34 ApexCheck__16zPlayerJumpBoardF rlwinm r3, r3, 3, 31, 31 (20000000)
8005ef38 ApexCheck__16zPlayerJumpBoardF blr

Gee, I wonder what their doing here???

The address held in r3 = 0x92919420

f1 is being loaded with the value at 0x92919430; this is the actual height your character is at during a jump in floating point; 0.4 on the ground, 0.0 at jump apex

f0 is being loaded with the value at 0x92919440; This constant floating point value sets the apex maximum f1 will be compared to. This value could be changed to increase jump height also. this value is 0x3ECCCCCD -> 0.4

But I'm fond of Moon Jump codes....

[Code/Source]
287E22C2 00000C00 #ASM button activator; if A & B pressed then next line
42000000 92000000 #ASM sets base address to 0x92000000
04919430 3DCCCCCD #ASM 32 bit write to 0x92919430; floating point value -> 0.1
E0000000 80008000 #ASM full terminator
Reply
(11-06-2023, 12:36 PM)Hackwiz Wrote: SpongeBob's Truth or Square - Wii (USA) "Moon Jump"

Press A & B to activate. Press A to release.

I was searching for "jump" in the symbol code map and found this:

ApexCheck__16zPlayerJumpBoardFP15xAnimTransitionP11xAnimSingle:
8005ef20 ApexCheck__16zPlayerJumpBoardF lfs f1, 0x0010 (r3)
8005ef24 ApexCheck__16zPlayerJumpBoardF lfs f0, 0x0020 (r3)
8005ef28 ApexCheck__16zPlayerJumpBoardF fcmpo cr0,f1,f0
8005ef2c ApexCheck__16zPlayerJumpBoardF cror 2, 1, 2
8005ef30 ApexCheck__16zPlayerJumpBoardF mfcr r3
8005ef34 ApexCheck__16zPlayerJumpBoardF rlwinm r3, r3, 3, 31, 31 (20000000)
8005ef38 ApexCheck__16zPlayerJumpBoardF blr

Gee, I wonder what their doing here???

This function is returning a bool. True (1) is returned if f1 is greater than or equal to f0. Otherwise False (0) is returned. Check the Parent function (what this function returns to) and you should see a check/comparison of r3 against 0 or 1. Try tinkering with that check and see what you find.

fcmpo cr0, f1, f0 #This does the comparison of f1 vs f0. the result of this comparison is placed into cr0.
cror 2,1,2 #This does a logical OR of the cr0 gt flag with cr0 eq flag. The result of the logical OR is placed back into the cr0 eq bit slot.
mfcr r3 #This simply copies over the entire CR to r3
rlwinm r3, r3, 3, 31, 31 #This is an extract instruction. It extracts only the eq bit of cr0 (result of the cror instruction) and right justifies it to the far right in the r3 register. That way r3 and only equal 0 or 1.

Btw nice code!
Reply
Yogi Bear - Wii (US) "Jump In Midair"


The magic happens in the first few lines of the function "IsOnGround."

8018fe60 IsOnGround__25eSimulatedBipedC lhz r0, 0x01A0 (r3) [0x87 on the ground; 0x80 not on the ground]
8018fe64 IsOnGround__25eSimulatedBipedC li r4, 0
8018fe68 IsOnGround__25eSimulatedBipedC rlwinm. r0, r0, 0, 31, 31 (00000001) [0x1 on the ground; 0x0 not on the ground]
8018fe6c IsOnGround__25eSimulatedBipedC beq- ->0x8018FEBC

** r3 changes to a different address about every three to five seconds. Originally I tried storing r3 to EVA, and doing a 32 bit write (0x87) to the address of the moment, but that didn't work.

So I went brute force and just replaced the [lhz r0, 0x01A0 (r3)] with [li r0, 0x87].

Worked fine in dolphin, but cause the Wii to crash a little ways into the first stage.

Fixed using constant write of the default instruction if the jump button (2) and/or the D-pad buttons are NOT being pressed.

Played through a few levels on the Wii, and the code worked like a champ.

0418FE60 A00301A0 #ASM 32 bit write of the default instruction at 0x8018FE60 [lha r0, 0x1A0 (r3)]
28675572 00000100 #ASM Button conditional; if 2 is pressed next line
0418FE60 38000087 #ASM 32 bit write of the modified instruction at 0x8018FE60 [li r0, 0x87]
E0000000 00000000 #ASM Half way terminator
28675572 00000102 #ASM Button conditional; if 2 and D-pad Up is pressed next line
0418FE60 38000087 #ASM 32 bit write of the modified instruction at 0x8018FE60 [li r0, 0x87]
E0000000 00000000 #ASM Half way terminator
28675572 00000104 #ASM Button conditional; if 2 and D-pad Right is pressed next line
0418FE60 38000087 #ASM 32 bit write of the modified instruction at 0x8018FE60 [li r0, 0x87]
E0000000 00000000 #ASM Half way terminator
28675572 00000108 #ASM Button conditional; if 2 and D-pad Left is pressed next line
0418FE60 38000087 #ASM 32 bit write of the modified instruction at 0x8018FE60 [li r0, 0x87]
E0000000 80008000 #ASM Full terminator

(Note) The controller is held sideways
Reply
8018fe68 IsOnGround__25eSimulatedBipedC rlwinm. r0, r0, 0, 31, 31 (00000001) [0x1 on the ground; 0x0 not on the ground]

Ye bit 31 is the IsGround bit.
  • High = Yes
  • Low = No

You should try fiddling with the other bits and see what they do. Be sure to restore back to 0x1A0 (r3) if so.

I would try messing with bits 28 thru 30. They appear to go high when you're on the ground.

Could try something like....

Code:
#Address = 8018fe68
#Set bits 28 thru 30 low and store updated value back to memory, let's see what happens
rlwinm r12, r0, 0, 31, 27
sth r12, 0x1A0 (r3)

#Orignal Instruction (extract IsGround bit and set CR)
rlwinm. r0, r0, 0, 31, 31 #clrlwi. r0, r0, 31

And have it button activated
0418fe68 540007FF
28675572 00000100
C218FE68 00000002
540C07F6 B18301A0
540007FF 00000000
E0000000 80008000
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)