Advertisement
Guest User

Untitled

a guest
Mar 13th, 2012
247
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.85 KB | None | 0 0
  1. I've tried to write this guide in such a way that you should be able to convert your codes from RAM write codes to ASM codes, then to F6 codes, even if you don't know any assembly. This is my first attempt at making a guide like this though, so I'm open to feedback.
  2.  
  3. Converting Codes To ASM
  4. 1. First you need to determine what address(es) you are using and go through this process for each of them. In the case of pointers, you will need to dereference them from within WiiRD before you can use them. For example, for this code:
  5. Infinite Health [dexter0]
  6. 48000000 806B7B40
  7. 14000380 00000003
  8. E0000000 80008000
  9.  
  10. Since 4800 loads from 806B7B40 into po, you need to first go into the memory viewer and lookup address 806B7B40. Take that value (let's assume it's 810C1298) and add the offset from the 14 code to get the address that is being written to (in this case the address is 810C1298+0x380=810C1618). After you have the address, be sure to do the next step before you leave the current area you are in on the game or the address will become invalid and you will have to start over.
  11.  
  12. 2. Take the address from step 1, go to the "Breakpoints" tab, and set a read breakpoint for it. You may need to do an action related to what the code is for to trigger the breakpoint (if you can't trigger the breakpoint because you are repeating this step after clicking the "Add to list" button, then this code may be impossible to convert without some knowledge of assembly). When the breakpoint has been triggered (the game will pause, just like if you had pressed the "Pause" button in WiiRD), look at the text box at the bottom of the window. For the above example the text box will contain something like this:
  13. Code:
  14. 802BCEA8: 809F0380 lwz r4,896(r31)
  15. 802BCEAC: 7C7E1B78 mr r30,r3
  16. 802BCEB0: 480A4635 bl 0x803614e4
  17. 802BCEB4: 807F0230 lwz r3,560(r31)
  18. 802BCEB8: 4802B9DD bl 0x802e8894
  19. Now note what is in the parentheses at the end of the first line (in this example it would be r31), it is the register that you need to check the value of. Look in the text box above it, there should be some information that looks something like this:
  20. Code:
  21. CR : 24004088 XER : 20000000 CTR : 802BB794 DSIS: 00400000
  22. DAR : 810C1618 SRR0: 802BCEA8 SRR1: 0000A032 LR : 802BCEA8
  23. r0 : 802BCEA8 r1 : 806BDC98 r2 : 806AB280 r3 : 810796B4
  24. r4 : 00000034 r5 : 806BDC30 r6 : 8110B2A4 r7 : 0000011B
  25. r8 : 00000002 r9 : 00000001 r10 : 00000000 r11 : 806BDC78
  26. r12 : 802B0754 r13 : 806A4CA0 r14 : 00000000 r15 : 00000000
  27. r16 : 00000000 r17 : 00000000 r18 : 00000000 r19 : 00000000
  28. r20 : 00000000 r21 : 00000000 r22 : 00000000 r23 : 00000000
  29. r24 : 00000000 r25 : 00000000 r26 : 00000000 r27 : 00000000
  30. r28 : 80900B0C r29 : 00000000 r30 : 810C1298 r31 : 810C1298
  31. This is a list of registers and their values. You need to copy down the value of the register you found in the parentheses (so for the example, r31 has a value of 810C1298). You need to then set an execute breakpoint at the first address in the lower text box you were looking at before (so in the example you use 802BCEA8). Now when the breakpoint is triggered, check the value of the register you had recorded down before, it should be the same. Set the breakpoint and check the register value several more times. If the register value is ever different from the original, click the "Add to List" button and start this process over again from the beginning of step 2. If the register value is always the same, go to a different area of the game where the code should still have an effect and set the same breakpoint again. If the breakpoint can still be triggered, proceed to step 3 (the register value will probably be different from before, but that's okay since you changed areas). If you can't trigger the breakpoint, click the "Add to list" button and start over from step 1.
  32.  
  33. 3. Now you need to write the ASM code, you will need Link's ASM helper tool for this. Now put the address you set the execution breakpoints for in the address text box and match the first assembly instruction from the bottom text box of the WiiRD window to one of the following templates:
  34.  
  35. (HHHHLLLL is the value that the original code you are converting uses, so for the example infinite health code for instance, the value is 00000003 so HHHH is 0000 and LLLL is 0003)
  36.  
  37. lwz rD,d(rA):
  38. Code:
  39. lis rD,0xHHHH
  40. ori rD,rD,0xLLLL
  41. stw rD,d(rA)
  42.  
  43. lwz rD,d(rD):
  44. Code:
  45. stwu r1,-16(r1)
  46. stw r11,8(r1)
  47. lis r11,0xHHHH
  48. ori r11,r11,0xLLLL
  49. stw r11,d(rD)
  50. lwz r11,8(r1)
  51. addi r1,r1,16
  52. lwz rD,d(rD)
  53.  
  54. lhz rD,d(rA):
  55. Code:
  56. lis rD,0xHHHH
  57. ori rD,rD,0xLLLL
  58. sth rD,d(rA)
  59.  
  60. lhz rD,d(rD):
  61. Code:
  62. stwu r1,-16(r1)
  63. stw r11,8(r1)
  64. lis r11,0xHHHH
  65. ori r11,r11,0xLLLL
  66. sth r11,d(rD)
  67. lwz r11,8(r1)
  68. addi r1,r1,16
  69. lhz rD,d(rD)
  70.  
  71. lha rD,d(rA):
  72. Code:
  73. lis rD,0xHHHH
  74. ori rD,rD,0xLLLL
  75. sth rD,d(rA)
  76. lha rD,d(rA)
  77.  
  78. lha rD,d(rD):
  79. Code:
  80. stwu r1,-16(r1)
  81. stw r11,8(r1)
  82. lis r11,0xHHHH
  83. ori r11,r11,0xLLLL
  84. sth r11,d(rD)
  85. lwz r11,8(r1)
  86. addi r1,r1,16
  87. lha rD,d(rD)
  88.  
  89. lbz rD,d(rA):
  90. Code:
  91. li rD,0xLLLL
  92. stw rD,d(rA)
  93.  
  94. lbz rD,d(rD):
  95. Code:
  96. stwu r1,-16(r1)
  97. stw r11,8(r1)
  98. li r11,0xLLLL
  99. stb r11,d(rD)
  100. lwz r11,8(r1)
  101. addi r1,r1,16
  102. lbz rD,d(rD)
  103.  
  104. lfs frD,d(rA):
  105. Code:
  106. stwu r1,-16(r1)
  107. stw r11,8(r1)
  108. lis r11,0xHHHH
  109. ori r11,r11,0xLLLL
  110. stw r11,d(rA)
  111. lwz r11,8(r1)
  112. addi r1,r1,16
  113. lfs frD,d(rA)
  114.  
  115. Assemble the code and repeat this process for each address of the code you are converting. Once you have all the addresses from the original code converted into ASM codes, put them into one code and test it.
  116.  
  117. For the infinite health example, the first instruction is "lwz r4,896(r31)" so the first template should be used:
  118.  
  119. lwz r4,896(r31):
  120. Code:
  121. lis r4,0x0000
  122. ori r4,r4,0x0003
  123. stw r4,896(r31)
  124.  
  125. When assembled you get:
  126. C22BCEA8 00000002
  127. 3C800000 60840003
  128. 909F0380 00000000
  129.  
  130.  
  131. To Create F6 Codes
  132. Find a sequence of two or more unique values of ASM code before your C2 code that is also in close proximity to it. Make sure you aren't including a bl instruction or any instructions involving big numbers (greater than 0x1000). Test the values by putting them into the memory viewer search and searching from 80000000, the values should only exist once in memory; at the location you got them from. For the infinite health example the values 93C10018 90010008, starting at 802BCE98, are unique. To create the F6 code you need to first write F60000XX, with XX being the number of code lines the unique values take up (so for the infinite health code example, F6000001), and then decide the range you want to scan; I would recommend you take the first four digits of the target address, substract 8, then take the four digits from the target address again and add 8, then put those two values together to get the second part of the F6 code (for the infinite health code example, 802B-8=8023 and 802B+8=8033 so the second part of the F6 code will be 80238033). After the F6 code lines you write code lines with the values for the F6 code, so for the infinite health code example:
  133. F6000001 80238033
  134. 93C10018 90010008
  135.  
  136. Now you need to determine the offset of the C2 code, so take the address for the C2 code and subtract the address the values for the F6 code start at (for infinite health code example, you will get 802BCEA8-802BCE98=0x10). Take the offset and rewrite the C2 code as a D2 code with that offset (for the infinite health code example, you will get D2000010 00000002). Now all you need to do is terminate the F6 code with a E0000000 80008000 line and then test it. The example infinite health code will look like this:
  137. F6000001 80238033
  138. 93C10018 90010008
  139. D2000010 00000002
  140. 3C800000 60840003
  141. 909F0380 00000000
  142. E0000000 80008000
  143.  
  144. Using The F4 Code Type In Place Of D2
  145. This isn't required, but it is recommended. Take a few 16-bit values before or after your D2 code address and XOR them together. As with finding values to use with the F6 code type, you need to avoid including ASM that involves large values or bl instructions. Then follow this structure for the F4 code:
  146. Quote from: brkirch
  147. ASM Insert With 16-bit XOR Checksum (po)
  148.  
  149. F4XXXXXX YYZZZZNN
  150. ZZZZZZZZ ZZZZZZZZ
  151. ZZZZZZZZ ZZZZZZZZ
  152. ZZZZZZZZ 00000000
  153.  
  154. YY (signed) 16-bit values after (if positive) or before (if negative) [po + XXXXXX] will be XOR'ed together and the result will be compared to ZZZZ. If equal, the code will be executed. The rest of the code functions the exact same way as the D2 code type, with NN as the number of lines.
  155.  
  156. The infinite health code example only has one instruction that can be included in the XOR checksum, "mr r30, r3" (the other instructions around it are bl instructions which aren't safe to include), which has a value of 7C7E1B78 and when the values 7C7E and 1B78 are XORed together, a XOR checksum of 6706. When the example infinite health code is put together with an F4 code, you get this:
  157. F6000001 80238033
  158. 93C10018 90010008
  159. F4000010 02670602
  160. 3C800000 60840003
  161. 909F0380 00000000
  162. E0000000 80008000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement