Coding Questions and other Quandaries
#36
This is why I ask:

I'm hacking a jump in mid-air code for the above mentioned game.

I found that while the game code is static, the memory address for the half-word being monitored
changes with each stage, 13 in all. So some simple ASM should do the trick... Maybe?

The half-word bobbles back and forth between 0xD0C & 0xD0E:

When sitting idle:
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E


When you jump, this value goes to 0xD0F, and you can't jump again until it goes back to 0xD0E:

1st part of jump (Change code here):
80179F90 lhz r4, 0x28 (r30) #ASM r4 = 0xD0E
80179FA0 ori, r4, r4, 0x1 #ASM r4 = 0xD0F. (for my code, changed to 0x0, r4 = 0xD0E)
80179FA8 sth r4, 0x28 (r30)

2nd part of jump (Doesn’t need code change):

80179FE4 lhz r0, 0x28 (r30) #ASM r4 = 0xD0F
80179FF4 rlwinm r0, r0, 0, 16, 30 (0000FFFE) #ASM r4 = 0xD0E
80179FFC sth r0, 0x28 (r30) #ASM r6 = 0xD0E

then it goes back to the:

When sitting idle routine:
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E

So changing the ASM to:

80179FA0 ori, r4, r4, 0x1 #ASM changed to ori r4, r4, 0

which successfully gave me JMA capabilities.

But..........................

That same half-word is being monitored for a second function, the attack.

When you use the attack, the half-word changes to 0xD08, then is changed to 0xD0C and back to the:

sitting idle routine:
8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E

Here is the sequence of stores during a normal attack routine (JMA code NOT activated):

1st part of attack:

80179A0C lhz r0, 0x28 (r6) #ASM r6 = 0xD0C
80179A10 andi. r0, r0, 0xFFFB#ASM r0 = 0xD08
80179A14 sth r0, 0x28 (r6) #ASM r6 = 0xD08

2nd part of attack:

80179B60 lhz r3, 0x28 (r31) #ASM r3 = 0xD08
80179B68 ori r3, r3, 0x4 #ASM r3 = 0xD0C
80179B6C sth r3, 0x28 (r31) #ASM r3 = 0xD0C

3rd part of attack:

80179B70 lhz r3, 0x28 (r31) #ASM r3 = 0xD0C
80179B74 rlwinm r3, r3, 0, 16, 30 (0000FFFE) #ASM r3 = 0xD0C
80179B78 sth r3, 0x28 (r31) #ASM r3 = 0xD0C

then goes back to:

sitting idle (bobbles back and forth):

8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD0C
80179F60 sth r0, 0x28 (r3) #ASM r0 = 0xD0E


However, with my JMA code activated, when I use the attack, the character throws the weapon, and freezes in place with 0xD08 in the memory address,
stuck on this line of code, which of course is boogering up the game:

sitting idle routine line

8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD08 (the program is expecting there to be 0xD0C)

This is the sequence of stores during the attack routine (with JMA code activated):

1st part of attack:

80179A0C lhz r0, 0x28 (r6) #ASM r6 = 0xD0C
80179A10 andi. r0, r0, 0xFFFB#ASM r0 = 0xD08
80179A14 sth r0, 0x28 (r6) #ASM r6 = 0xD08

immediately goes to:

8017951C sth r0, 0x28 (r3) #ASM r0 = 0xD08 (the program is expecting there to be 0xD0C)

So the reason I wanted to know if you can step backwards, is so I could trace back from the first line of the 2nd part of the attack sequence (without the code activated), and
see what values are wrong (with the code activated), and not allowing it to branch to that section.

There is a rather lengthy routine going on between the 1st and 2nd part of the attack routine 'sth'

Hope that was clear.

Thanks!!!!!!
Reply


Messages In This Thread
RE: Coding Questions and other Quandaries - by Hackwiz - 12-15-2021, 01:09 PM

Forum Jump:


Users browsing this thread: 4 Guest(s)