Posts: 99
Threads: 2
Joined: Dec 2021
Reputation:
2
I have come across this command a few times and it plays a part in a code for a GCN game I'm revisiting.
Perhaps you can shed some light on parts of it I don't understand.
Would be nice if they actually put an example in the programming guide.
rlwinm
rlwinm.
Rotate Left Word
Immediate then
AND with Mask
rA,rS,SH,MB,ME
The contents of register rS are rotated left by the number of bits specified
by operand SH (this much I understand).
A mask is generated having 1 bits from the bit specified
by operand MB + 32 through the bit specified by operand ME + 32 and 0
bits elsewhere. The rotated data is ANDed with the generated mask and
the result is placed into register rA.
rlwinm Rotate Left Word Immediate then AND with Mask
rlwinm. Rotate Left Word Immediate then AND with Mask with CR
Update. The dot suffix enables the update of the CR.
Here's actual code from the game I'm working on with value specified in pertinent register:
lhz r3, 0x28 (r31) #ASM Loads 0xD08 into r3
li r0, 1
ori r3,r3, 0x4 #ASM r3= 0xD0C
sth r3, 0x28 (r31)
lhz r3, 0x28 (r31) #ASM Not sure why they did this. Seems like unneeded code.
rlwinm r3, r3, 0, 16, 30 (0000FFFE) #ASM r3 = 0xD0C. What was the point? How is (0000FFFE) generated with 16, 30? That's where the lose me.
sth r3, 0x28 (r31)
Thanks for your help!!!!
Posts: 138
Threads: 26
Joined: Jan 2020
Reputation:
14
There is a Thread that deals with this kind of instructions:
https://mariokartwii.com/showthread.php?tid=1262
I think most of your questions to the rlwinm instruction can be answered with this Thread.
Posts: 99
Threads: 2
Joined: Dec 2021
Reputation:
2
Thanks!!
Makes sense now.
Posts: 204
Threads: 12
Joined: Dec 2019
Reputation:
16
The version with the . automatically compares the result to 0 (rlwinm. rD, rA, shift, start, end is equivalent to rlwinm rD, rA, shift, start, end followed by cmpwi rD, 0)
Posts: 99
Threads: 2
Joined: Dec 2021
Reputation:
2
12-15-2021, 11:50 AM
(This post was last modified: 12-15-2021, 11:51 AM by Hackwiz.)
I'm revisiting a game that has proven troublesome.
Spirits & Spells (USA) GCN
The $100,000 question I have is, is it possible to step "backwards" through the code while performing instruction/memory BP's?
I read through the guide on using BP's but saw no mention of it.
Posts: 99
Threads: 2
Joined: Dec 2021
Reputation:
2
12-15-2021, 01:09 PM
(This post was last modified: 12-15-2021, 01:34 PM by Hackwiz.)
This is why I ask:
I'm hacking a jump in mid-air code for the above mentioned game.
I found that while the game code is static, the memory address for the half-word being monitored
changes with each stage, 13 in all. So some simple ASM should do the trick... Maybe?
The half-word bobbles back and forth between 0xD0C & 0xD0E:
When sitting idle:
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E
When you jump, this value goes to 0xD0F, and you can't jump again until it goes back to 0xD0E:
1st part of jump (Change code here):
80179F90 lhz r4, 0x28 (r30) #ASM r4 = 0xD0E
80179FA0 ori, r4, r4, 0x1 #ASM r4 = 0xD0F. (for my code, changed to 0x0, r4 = 0xD0E)
80179FA8 sth r4, 0x28 (r30)
2nd part of jump (Doesn’t need code change):
80179FE4 lhz r0, 0x28 (r30) #ASM r4 = 0xD0F
80179FF4 rlwinm r0, r0, 0, 16, 30 (0000FFFE) #ASM r4 = 0xD0E
80179FFC sth r0, 0x28 (r30) #ASM r6 = 0xD0E
then it goes back to the:
When sitting idle routine:
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E
So changing the ASM to:
80179FA0 ori, r4, r4, 0x1 #ASM changed to ori r4, r4, 0
which successfully gave me JMA capabilities.
But..........................
That same half-word is being monitored for a second function, the attack.
When you use the attack, the half-word changes to 0xD08, then is changed to 0xD0C and back to the:
sitting idle routine:
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E
Here is the sequence of stores during a normal attack routine (JMA code NOT activated):
1st part of attack:
80179A0C lhz r0, 0x28 (r6) #ASM r6 = 0xD0C
80179A10 andi. r0, r0, 0xFFFB#ASM r0 = 0xD08
80179A14 sth r0, 0x28 (r6) #ASM r6 = 0xD08
2nd part of attack:
80179B60 lhz r3, 0x28 (r31) #ASM r3 = 0xD08
80179B68 ori r3, r3, 0x4 #ASM r3 = 0xD0C
80179B6C sth r3, 0x28 (r31) #ASM r3 = 0xD0C
3rd part of attack:
80179B70 lhz r3, 0x28 (r31) #ASM r3 = 0xD0C
80179B74 rlwinm r3, r3, 0, 16, 30 (0000FFFE) #ASM r3 = 0xD0C
80179B78 sth r3, 0x28 (r31) #ASM r3 = 0xD0C
then goes back to:
sitting idle (bobbles back and forth):
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E
However, with my JMA code activated, when I use the attack, the character throws the weapon, and freezes in place with 0xD08 in the memory address,
stuck on this line of code, which of course is boogering up the game:
sitting idle routine line
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD08 (the program is expecting there to be 0xD0C)
This is the sequence of stores during the attack routine (with JMA code activated):
1st part of attack:
80179A0C lhz r0, 0x28 (r6) #ASM r6 = 0xD0C
80179A10 andi. r0, r0, 0xFFFB#ASM r0 = 0xD08
80179A14 sth r0, 0x28 (r6) #ASM r6 = 0xD08
immediately goes to:
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD08 (the program is expecting there to be 0xD0C)
So the reason I wanted to know if you can step backwards, is so I could trace back from the first line of the 2nd part of the attack sequence (without the code activated), and
see what values are wrong (with the code activated), and not allowing it to branch to that section.
There is a rather lengthy routine going on between the 1st and 2nd part of the attack routine 'sth'
Hope that was clear.
Thanks!!!!!!
Posts: 3,913
Threads: 864
Joined: Feb 2018
Reputation:
89
Step-In = Step one instruction executing it normally
Skip = Nop
Step-Over = Skip any function calls (bl's, bctrl's, etc)
Step-Out = Appears to jump back in a way to some previous function calls but not exactly??, can't really tell tbh.
Afaik there's no literal step back function. There is an option for "Set PC" and you can set the next address that will execute, that could help for some things.
There's also the call stack (top left of code view), that can help. It shows the recent addresses that are responsible for calling the previous 'parent' functions. The most recent functions are listed from top to bottom. Thread on function calls - https://mariokartwii.com/showthread.php?tid=1052
Current Bit map from what I gathered from reading your post:
- Bits 0 thru 15 = Unused
- Bits 16 thru 28 = ??
- Bit 29 = Flips low then gets flipped high for Attack
- Bit 30 = Finished Jump or Finished Attack. Flips off and on while idle
- Bit 31 = Flips high then gets flipped low when a Jump is preformed
Dumb question, apologies if you have already tried this, but have you simply tried adding a second code (C2 ASM) at " 8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD08 (the program is expecting there to be 0xD0C)" Like this..
Code: li r0, 0xD0C #Force Bit 29 high
sth r0, 0x28 (r3) #Default Instruction
If that doesn't work, nopping the " andi." at " 80179A10 andi. r0, r0, 0xFFFB#ASM r0 = 0xD08" might.
Posts: 99
Threads: 2
Joined: Dec 2021
Reputation:
2
12-15-2021, 04:12 PM
(This post was last modified: 12-15-2021, 04:39 PM by Vega.
Edit Reason: Fixed quotation structure
)
(12-15-2021, 02:56 PM)Vega Wrote: Step-In = Step one instruction executing it normally
Skip = Nop
Step-Over = Skip any function calls (bl's, bctrl's, etc)
Step-Out = Appears to jump back in a way to some previous function calls but not exactly??, can't really tell tbh.
Afaik there's no literal step back function. There is an option for "Set PC" and you can set the next address that will execute, that could help for some things.
There's also the call stack (top left of code view), that can help. It shows the recent addresses that are responsible for calling the previous 'parent' functions. The most recent functions are listed from top to bottom. Thread on function calls - https://mariokartwii.com/showthread.php?tid=1052
Current Bit map from what I gathered from reading your post:
- Bits 0 thru 15 = Unused
- Bits 16 thru 28 = ??
- Bit 29 = Flips low then gets flipped high for Attack
- Bit 30 = Finished Jump or Finished Attack. Flips off and on while idle
- Bit 31 = Flips high then gets flipped low when a Jump is preformed
Dumb question, apologies if you have already tried this, but have you simply tried adding a second code (C2 ASM) at "8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD08 (the program is expecting there to be 0xD0C)" Like this..
Code: li r0, 0xD0C #Force Bit 29 high
sth r0, 0x28 (r3) #Default Instruction
Yes, I tried this and it didn't work.
(12-15-2021, 02:56 PM)Vega Wrote: If that doesn't work, nopping the "andi." at "80179A10 andi. r0, r0, 0xFFFB#ASM r0 = 0xD08" might.
I'll try this tonight.
Posts: 3,913
Threads: 864
Joined: Feb 2018
Reputation:
89
Is the character alone freezing or is the game as a whole freezing (crashing)?
Posts: 99
Threads: 2
Joined: Dec 2021
Reputation:
2
Just the character.
I was thinking of it at lunch. Maybe I'm making it harder than it should be.
I have all the addresses for all the levels in the Japanese version. The addresses are static, so no playing the try to find the moving address game 
I'm going to port them to the US version and try simple Gecko
compare/write to all the addresses in one code.
|
