API tools faq
paste
Advertisement
Stryder7x

Explanation

Stryder7x
Apr 5th, 2016
253
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.12 KB | None | 0 0
raw download clone embed print report
  1. Super Block Storage:
  2. 01324F28: Cutscene Control Address
  3. *Retrieves information from the Active Cutscene Address to control Mario's movement*
  4. Normally: 0000[00]01 is [0] <- At this value, Mario can perform all standard actions.
  5. Riding Sushie: 5000[30]01 is [48] <- At this value, Mario cannot move, but can control his partner.
  6. In battle: 1004[20]01 is [32] <- At this value, Mario cannot move, which makes sense because we're in a battle.
  7. In a cutscene: 1000[20]01 <- At this value, Mario cannot move, which makes sense because we're in a cutscene.
  8. Hitting Super Block: 0000[20]01 is [32] <- Mario can't move due to the value of the Active Cutscene Address, which is FF (255)
  9. While Switching Partners: 0000[20]01 <- Nothing correctly updates since the Active Cutscene Address is incorrect.
  10. After Switching Partners: 0000[00]01 <- We can move even though we're still in the Super Block cutscene.
  11. Kooper Cutscene Starts: 0000[20]01 <- Set to 32 because it recognizes we're in a new cutscene.
  12. After Pressing "No": 0000[00]01 <- Set to 0 after manipulating the Active Cutscene Address
  13. *Now we can successfully move during this cutscene, but we need to get into 2 cutscenes and still be able to move*
  14. Open Partner Menu: 0220[20]21 <- Set to 32 to lock Mario's movement while the partner menu is up.
  15. Invisible with Bow: 12[20][A0]01 <- Set to 161, which is the value that tells the byte with a current value of [20] to change Mario's sprite to invisible.
  16. In Battle: 0220[A0]01 <- Set to 160, which is completely incorrect. Normally battles are at 32.
  17. After Battle With Bow: 0220[A0]01 <- Now 160 after the fight.
  18. Once Invisible: 0020[80]01 <- Set to 128, which functions the same as 0 but is used when Mario uses Bow's invisibility.
  19. Hitting Super Block While Invisible: 0020[A0]01 <- Still at 128, while it should be 32.
  20. (Stays the same while partner menu is open)
  21. During Partner Swap: 0020[00]01 <- Incorrectly set to 0.
  22. *Need to advance gamestate so we're holding Watt*
  23. 1st Partner Menu: 0020[20]21 <- 32 to lock movement.
  24. After 1st Partner Menu: 0020[00]01 <- Set to 0 since we closed the menu.
  25. 2nd Partner Menu: 0020[20]21 <- Same as 1st partner menu, but now we can enter battles.
  26. After 2nd Partner Menu: 0020[00]01 <- Can move and cancel Watt.
  27. In Battle: 0024[20]01 is 32 <- Cannot move during battle.
  28. After Battle: 0020[00]01: Set to 0 so we can move.
  29. Open Menu NOT During Thumbs Up Animation: 0020[20]21
  30. Open Menu During Thumbs Up Animation: 0020[00]21
  31. Animation Cancel by performing a spin while opening the Menu, then Spin Jumping to manipulate this address further.
  32. Must Combine Spin with Spin Jump
  33. Spin Jump must be executed frame-perfectly to manipulate the bytes on the correct frame.
  34. Pulling up menu must be done frame-perfectly to end the Spin-Jump on the first frame while opening the menu.
  35.  
  36. 01324F3C: Active Cutscene Address
  37. *First 2 bytes work together to update Cutscene Control Address. Need the byte 00[00]0140 to equal FF (255), so we're technically in "-1" cutscene.*
  38. Normally: [00][00]0140 <- No active cutscenes
  39. In a cutscene: [00][01]014E <- 1 Active Cutscene
  40. Sushie Glitch: [01][01]00B0 <- Mario's movement is considered locked so you can control Sushie, so the game considers Mario in a cutscene
  41. Sushie Glitch After 1 Battle: [00][00]FFBE <- Lowered value by 01 [0]
  42. Sushie Glitch After 2 Battles: [FF][FF]FF09 <- Underflowed value from 00 to FF [255], which functions as if we've corrupted the value.
  43. Hitting Super Block: FF[00]FCE5 <- This should be 01, but because it was FF and incremented by 1, it overflowed to 0. Since this is one of the two bytes that interact with the Cutscene Control Address, we can manipulate it by switching partners. Luckily for us, this cutscene prompts a partner swap following a few lines of dialogue.
  44. While Switching Partners: FF[01]FCE5 <- We increment the related value by 1 to manipulate a change in the Active Cutscene Address when it resets.
  45. After Switching Partners: FF[00]FCF7 <- This value is set to 00 even though we're currently in a cutscene, which incorrectly tells the Cutscene Control Address that we can move Mario.
  46. Kooper Cutscene Starts: FF[01]FC5C <- Increments by 1 because we're in 2 cutscenes now.
  47. After Pressing "No": FF[00]FC52 <- Lowers by 1 and is set to 0 because we canceled the previous cutscene.
  48. *Now we can successfully move during this cutscene, but we need to get into 2 cutscenes and still be able to move*
  49. Open Partner Menu: FF[01]FC1A <- Increases by 1 to tell the game to lock Mario's movement.
  50. Invisible with Bow: FF[01]FC1A <- Tells the game to lock Mario's movement while invisible.
  51. In Battle: FF[01]FC01 <- Set to 01, since Mario can't move during battle.
  52. After Battle with Bow: FF[01]FC01 <- No change, even though we just finished a battle.
  53. Once Invisible: FF[FF]FC01 <- Now 255, even though we're still in a cutscene. This is necessary for upcoming manipulation.
  54. Hitting Super Block While Invisible: FF[00]FCE9 <- Overflows to 0 so we can move.
  55. (Stays the same while partner menu is open)
  56. During Partner Swap: FF[00]FD09 <- Bow is canceled while the partner menu comes up, which sets it to 0.
  57. *Need to advance gamestate*
  58. 1st Partner Menu: FF[01]FD75 <- Increases by 1 to lock movement.
  59. After 1st Partner Menu: FF[00]FD75 <- Lowered by 1 after menu closes.
  60. 2nd Partner Menu: FF[01]FD75 <- Same as 1st partner menu, but now we can encounter enemies.
  61. After 2nd Partner Menu: FF[00]FD7E <- Can move.
  62. In Battle: FF[01]FE3C <- Can't move since we're in a battle.
  63. After Battle: FF[00]FE3C <- Can move now since battle is over.
  64. Open Menu NOT During Thumbs Up Animation: FF01FE40 <- In a cutscene, cannot move.
  65. Open Menu During Thumbs Up Animation: FF[00]FE45 <- Not in a cutscene, can move
  66.  
  67. Upgrade Menu Storage:
  68.  
  69. "When doing UMS (Upgrade Menu Storage) it seems as though we are writing "0" to random places. When I say random, I mean I don't know how to control it, but RNG has nothing to do with it, so it's really not random. In assembly (programming language, also noted as asm), there's this thing called a blr (branch link register). In asm, the game will say something like, if Mario is hit by a Goomba, take the current HP, minus 1, then put that over the old HP. When doing this, something needs to tell that function of subtracting to end, or it would go on forever. Well the blr (which essentially just means end this function) is crashing on us in some of the crash errors, meaning that we are either A, skipping this somehow with the glitch, or B, corrupting to some instruction that doens't exist. If you make it so a function can never end, it will automatically read the next function, as it hasn't been told to stop. This might end up being benefical, but I'm not sure. Anyway, we are writing the hex 00000000 to random places which can cause some very serious problems. I have made these giant functions that are 100s of lines long just 0, so you can imagine what that is doing to the game. If we could precisely pinpoint where the group address is (81289E28 is where it is) and write 00000000 into it, then we could theoretically warp to some rooms in group 0, and if the room we are going to is higher than what's allowed for group 0, we could potentially get into group 1 and reach the credits." - Rain
  70.  
  71. Blocks we can get UMS from:
  72. 1 in Dry Dry Desert
  73. 2 in Toad Town Tunnels
  74. 1 in Shiver Mountain
  75. 1 in Jade Jungle
  76. 1 in Mt. Rugged
  77. 1 in Dry Dry Ruins
  78. 1 in Shy Guy's Toy Box
  79. 1 in Flower Fields
  80.  
  81. Some Addresses UMS has Crashed:
  82. 800018a8: stwu sp, -0x00A8 (sp)
  83. 800018ac: stw r0, 0x0008 (sp)
  84. 800018b0: mflr r0
  85. 800018b4: stw r0, 0x00AC (sp)
  86. 800018b8: mfcr r0
  87. 800018bc: stw r0, 0x000C (sp)
  88. 800018c0: mfctr r0
  89. 800018c4: stw r0, 0x0010 (sp)
  90. 800018c8: mfxer r0
  91. 800018cc: stw r0, 0x0014 (sp)
  92. 800018d0: stmw r3, 0x0018 (sp)
  93. 800018d4: mfmsr r25
  94. 800018d8: ori r26, r25, 0x2000
  95. 800018dc: andi. r26, r26, 0xF9FF
  96. 800018e0: mtmsr r26
  97. 800018e4: stfd f2, 0x0098 (sp)
  98. 800018e8: stfd f3, 0x00A0 (sp)
  99. 800018ec: lis r31, 0x8000
  100. 800018f0: lis r20, 0xCC00
  101. 800018f4: lhz r28, 0x4010 (r20)
  102. 800018f8: ori r21, r28, 0x00FF
  103. 800018fc: sth r21, 0x4010 (r20)
  104. 80001900: bl ->0x80001F54
  105. 80001904: li r21, 0
  106. 80001908: li r22, 25
  107. 8000190c: li r23, 208
  108. 80001910: lis r24, 0xCD00
  109. 80001914: ori r18, r31, 0x2774
  110. 80001918: lwz r0, 0x00AC (sp)
  111. 8000191c: stw r0, 0x0004 (r18)
  112. 80001920: stw r21, 0x643C (r24)
  113. 80001924: bl ->0x80001D50
  114. 80001928: beq- ->0x80001ECC
  115. 8000192c: cmpwi r29, 4
  116. 80001930: bge- ->0x80001940
  117. 80001934: cmpwi r29, 1
  118. 80001938: blt- ->0x80001ECC
  119. 8000193c: b ->0x80001C88
  120. 80001940: beq- ->0x80001E30
  121. 80001944: cmpwi r29, 6
  122. 80001948: beq- ->0x800019D4
  123. 8000194c: cmpwi r29, 7
  124. 80001950: beq- ->0x80001C80
  125. 80001954: cmpwi r29, 8
  126. 80001958: beq- ->0x80001ED8
  127. 8000195c: cmpwi r29, 9
  128. 80001960: beq- ->0x80001A00
  129. 80001964: cmpwi r29, 16
  130. 80001968: beq- ->0x80001A00
  131. 8000196c: cmpwi r29, 47
  132. 80001970: beq- ->0x800019E0
  133. 80001974: cmpwi r29, 48
  134. 80001978: beq- ->0x800019F0
  135. 8000197c: cmpwi r29, 56
  136. 80001980: beq- ->0x80001EA8
  137. 80001984: cmpwi r29, 64
  138. 80001988: beq- ->0x80001CC8
  139. 8000198c: cmpwi r29, 65
  140. 80001990: beq- ->0x80001CE8
  141. 80001994: cmpwi r29, 68
  142. 80001998: beq- ->0x80001A00
  143. 8000199c: cmpwi r29, 80
  144. 800019a0: beq- ->0x800019C0
  145. 800019a4: cmpwi r29, 96
  146. 800019a8: beq- ->0x800019CC
  147. 800019ac: cmpwi r29, 137
  148. 800019b0: beq- ->0x80001A00
  149. 800019b4: cmpwi r29, 153
  150. 800019b8: beq- ->0x80001EC4
  151. 800019bc: b ->0x80001ECC
  152. 800019c0: lwz r3, 0 (r18)
  153. 800019c4: bl ->0x80001DEC
  154. 800019c8: b ->0x80001ECC
  155. 800019cc: bl ->0x80001F54
  156. 800019d0: b ->0x80001ECC
  157. 800019d4: li r4, 1
  158. 800019d8: stw r4, 0 (r18)
  159. 800019dc: b ->0x80001ECC
  160. 800019e0: bl ->0x80001DE8
  161. 800019e4: li r16, 160
  162. 800019e8: ori r12, r31, 0x2798
  163. 800019ec: b ->0x80001D00
  164. 800019f0: li r3, 288
  165. 800019f4: ori r12, r31, 0x2798
  166. 800019f8: bl ->0x80001DC0
  167. 800019fc: b ->0x80001ECC
  168. 80001a00: cmpwi cr6, r29, 16
  169. 80001a04: cmpwi cr5, r29, 68
  170. 80001a08: ori r4, r31, 0x1AB4
  171. 80001a0c: lis r3, 0x8000
  172. 80001a10: ori r3, r3, 0x0300
  173. 80001a14: bl ->0x80001F1C
  174. 80001a18: addi r3, r3, 2560
  175. 80001a1c: bl ->0x80001F1C
  176. 80001a20: addi r3, r3, 1536
  177. 80001a24: bl ->0x80001F1C
  178. 80001a28: ori r12, r31, 0x2788
  179. 80001a2c: stw r21, 0 (r12)
  180. 80001a30: stw r21, 0x0004 (r12)
  181. 80001a34: stw r21, 0x0008 (r12)
  182. 80001a38: ori r4, r31, 0x2798
  183. 80001a3c: lwz r9, 0x0018 (r4)
  184. 80001a40: lwz r3, 0 (r18)
  185. 80001a44: cmpwi r3, 2
  186. 80001a48: bne- ->0x80001A54
  187. 80001a4c: beq- cr5 ->0x80001A58
  188. 80001a50: b ->0x80001A70
  189. 80001a54: li r3, 0
  190. 80001a58: stw r3, 0x000C (r12)
  191. 80001a5c: bne- ->0x80001A70
  192. 80001a60: bne- cr5 ->0x80001A70
  193. 80001a64: ori r9, r9, 0x0400
  194. 80001a68: stw r9, 0x0018 (r4)
  195. 80001a6c: b ->0x80001C80
  196. 80001a70: rlwinm r9, r9, 0, 22, 20 (fffffbff)
  197. 80001a74: stw r9, 0x0018 (r4)
  198. 80001a78: beq- cr5 ->0x80001ECC
  199. 80001a7c: beq- cr6 ->0x80001A84
  200. 80001a80: addi r12, r12, 4
  201. 80001a84: li r3, 4
  202. 80001a88: bl ->0x80001D90
  203. 80001a8c: ble- cr6 ->0x80001A9C
  204. 80001a90: addi r12, r12, 4
  205. 80001a94: li r3, 4
  206. 80001a98: bl ->0x80001D90
  207. 80001a9c: ori r4, r31, 0x2788
  208. 80001aa0: lwz r3, 0 (r4)
  209. 80001aa4: lwz r4, 0x0004 (r4)
  210. 80001aa8: mtspr IABR, r3
  211. 80001aac: mtspr DABR, r4
  212. 80001ab0: b ->0x80001ECC
  213. 80001ab4: mtspr SPRG2, sp
  214. 80001ab8: mfspr sp, SRR0
  215. 80001abc: mtspr SPRG3, r3
  216. 80001ac0: mfspr r3, SRR1
  217. 80001ac4: rlwinm r3, r3, 0, 22, 20 (fffffbff)
  218. 80001ac8: stw r3, 0x27B0 (r0)
  219. 80001acc: rlwinm r3, r3, 0, 24, 15 (ffff00ff)
  220. 80001ad0: ori r3, r3, 0x2000
  221. 80001ad4: mtspr SRR1, r3
  222. 80001ad8: lis r3, 0x8000
  223. 80001adc: ori r3, r3, 0x1AE8
  224. 80001ae0: mtspr SRR0, r3
  225. 80001ae4: rfi
  226. 80001ae8: lis r3, 0x8000
  227. 80001aec: ori r3, r3, 0x2798
  228. 80001af0: stw sp, 0x0014 (r3)
  229. 80001af4: mr sp, r3
  230. 80001af8: mfspr r3, SPRG3
  231. 80001afc: stmw rtoc, 0x0024 (sp)
  232. 80001b00: mr r4, sp
  233. 80001b04: mfspr sp, SPRG2
  234. 80001b08: stw r0, 0x001C (r4)
  235. 80001b0c: stw sp, 0x0020 (r4)
  236. 80001b10: mflr r3
  237. 80001b14: stw r3, 0x009C (r4)
  238. 80001b18: mfcr r3
  239. 80001b1c: stw r3, 0 (r4)
  240. 80001b20: mfxer r3
  241. 80001b24: stw r3, 0x0004 (r4)
  242. 80001b28: mfctr r3
  243. 80001b2c: stw r3, 0x0008 (r4)
  244. 80001b30: mfspr r3, DSIR
  245. 80001b34: stw r3, 0x000C (r4)
  246. 80001b38: mfspr r3, DAR
  247. 80001b3c: stw r3, 0x0010 (r4)
  248. 80001b40: li r9, 0
  249. 80001b44: mtspr IABR, r9
  250. 80001b48: mtspr DABR, r9
  251. 80001b4c: lis r5, 0x8000
  252. 80001b50: ori r5, r5, 0x1B70
  253. 80001b54: lis r31, 0xD004
  254. 80001b58: ori r31, r31, 0x00A0
  255. 80001b5c: stw r31, 0 (r5)
  256. 80001b60: dcbst r0, r5
  257. 80001b64: sync
  258. 80001b68: icbi r0, r5
  259. 80001b6c: isync
  260. 80001b70: stfs f0, 0x00A0 (r4)
  261. 80001b74: addi r31, r31, 4
  262. 80001b78: addis r31, r31, 32
  263. 80001b7c: rlwinm. r16, r31, 0, 5, 5 (04000000)
  264. 80001b80: beq+ ->0x80001B5C
  265. 80001b84: lis r31, 0x8000
  266. 80001b88: ori r5, r31, 0x2788
  267. 80001b8c: lwz r16, 0 (r5)
  268. 80001b90: lwz r17, 0x0004 (r5)
  269. 80001b94: lwz r19, 0x000C (r5)
  270. 80001b98: cmpwi r19, 0
  271. 80001b9c: beq- ->0x80001C10
  272. 80001ba0: cmpwi r19, 2
  273. 80001ba4: bne- ->0x80001BBC
  274. 80001ba8: lwz r9, 0x0014 (r4)
  275. 80001bac: addi r9, r19, 3
  276. 80001bb0: stw r9, 0 (r5)
  277. 80001bb4: stw r9, 0x000C (r5)
  278. 80001bb8: b ->0x80001C24
  279. 80001bbc: cmpw r16, r19
  280. 80001bc0: beq- ->0x80001BF8
  281. 80001bc4: cmpw r17, r19
  282. 80001bc8: beq- ->0x80001BF8
  283. 80001bcc: add r9, r16, r17
  284. 80001bd0: stw r9, 0x000C (r5)
  285. 80001bd4: lwz r16, 0x0008 (r5)
  286. 80001bd8: cmpwi r16, 0
  287. 80001bdc: beq- ->0x80001C24
  288. 80001be0: lwz r3, 0x0010 (r4)
  289. 80001be4: cmpw r16, r3
  290. 80001be8: bne- ->0x80001BF8
  291. 80001bec: li r16, 0
  292. 80001bf0: stw r16, 0x0008 (r5)
  293. 80001bf4: b ->0x80001C24
  294. 80001bf8: li r17, 0
  295. 80001bfc: stw r17, 0x000C (r5)
  296. 80001c00: lwz r9, 0x0018 (r4)
  297. 80001c04: ori r9, r9, 0x0400
  298. 80001c08: stw r9, 0x0018 (r4)
  299. 80001c0c: b ->0x80001C3C
  300. 80001c10: mtspr IABR, r16
  301. 80001c14: mtspr DABR, r17
  302. 80001c18: li r9, 1
  303. 80001c1c: stw r9, 0x000C (r5)
  304. 80001c20: b ->0x80001C3C
  305. 80001c24: li r5, 2
  306. 80001c28: ori r4, r31, 0x2774
  307. 80001c2c: stw r5, 0 (r4)
  308. 80001c30: li r3, 17
  309. 80001c34: bl ->0x80001DEC
  310. 80001c38: bl ->0x800018A8
  311. 80001c3c: mfmsr sp
  312. 80001c40: rlwinm sp, sp, 0, 31, 29 (fffffffd)
  313. 80001c44: rlwinm sp, sp, 0, 17, 15 (ffff7fff)
  314. 80001c48: mtmsr sp
  315. 80001c4c: ori sp, r31, 0x2798
  316. 80001c50: lwz r3, 0 (sp)
  317. 80001c54: mtcr r3
  318. 80001c58: lwz r3, 0x0014 (sp)
  319. 80001c5c: mtspr SRR0, r3
  320. 80001c60: lwz r3, 0x0018 (sp)
  321. 80001c64: mtspr SRR1, r3
  322. 80001c68: lwz r3, 0x009C (sp)
  323. 80001c6c: mtlr r3
  324. 80001c70: lmw rtoc, 0x0024 (sp)
  325. 80001c74: lwz r0, 0x001C (sp)
  326. 80001c78: lwz sp, 0x0020 (sp)
  327. 80001c7c: rfi
  328. 80001c80: stw r21, 0 (r18)
  329. 80001c84: b ->0x80001ED8
  330. 80001c88: cmpwi cr5, r29, 2
  331. 80001c8c: li r3, 8
  332. 80001c90: ori r12, r31, 0x277C
  333. 80001c94: bl ->0x80001D90
  334. 80001c98: lwz r5, 0 (r12)
  335. 80001c9c: lwz r3, 0x0004 (r12)
  336. 80001ca0: stb r3, 0 (r5)
  337. 80001ca4: blt- cr5 ->0x80001CB4
  338. 80001ca8: sth r3, 0 (r5)
  339. 80001cac: beq- cr5 ->0x80001CB4
  340. 80001cb0: stw r3, 0 (r5)
  341. 80001cb4: dcbf r0, r5
  342. 80001cb8: sync
  343. 80001cbc: icbi r0, r5
  344. 80001cc0: isync
  345. 80001cc4: b ->0x80001ECC
  346. 80001cc8: bl ->0x80001DE8
  347. 80001ccc: li r3, 4
  348. 80001cd0: ori r12, r31, 0x277C
  349. 80001cd4: bl ->0x80001D90
  350. 80001cd8: lwz r16, 0 (r12)
  351. 80001cdc: lis r12, 0x8000
  352. 80001ce0: ori r12, r12, 0x28B8
  353. 80001ce4: b ->0x80001D00
  354. 80001ce8: bl ->0x80001DE8
  355. 80001cec: li r3, 8
  356. 80001cf0: ori r12, r31, 0x277C
  357. 80001cf4: bl ->0x80001D90
  358. 80001cf8: lwz r16, 0x0004 (r12)
  359. 80001cfc: lwz r12, 0 (r12)
  360. 80001d00: ori r27, r31, 0x2784
  361. 80001d04: li r17, 3968..
  362. 80001d08: bl ->0x80001F40
  363. 80001d0c: beq- ->0x80001D2C
  364. 80001d10: mr r3, r17
  365. 80001d14: bl ->0x80001D90
  366. 80001d18: bl ->0x80001DE8
  367. 80001d1c: beq+ ->0x80001D18
  368. 80001d20: add r12, r12, r14
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!