Kodewerx
https://www.kodewerx.org/forum/

[fixed] R4DS and 0xE ASM based codes....
https://www.kodewerx.org/forum/viewtopic.php?f=2&t=5101		 Page 1 of 1
Author:  Link [ Sun Jan 20, 2008 2:48 pm ]
Post subject:  [fixed] R4DS and 0xE ASM based codes....
Edit: sorry, I was stupid I should have read Enhackopedia better - I missed the bx r14 command.

Hi there,

I am thinking of returning to the hackers - just kinda from Gamecube to DS (I was however kinda active in writing trainers and mem editors for PC games here and there). Yet my testing platform is my R4 Action Replay. While I can happily do basic codes and sometimes a little more advanced ones using for example the offset enabled for 0x5/0x6 codes and such.

However, I fail on using the ASM based codes in any way.. the game (testing: Mario and Sonic (J) ) simply crashed.. for testing purposes I went with a simple nop command and the ASM to ARDS converter by Kenobi gave me:

Code:
023FE074 012FFF11
E0000000 00000004
E1A00000 00000000
023FE074 E3520003


That code alone was enough to crash the game :(

(Rest gets code specific to give you an idea what i was planning.. if the R4 Action Replay has a different code handler - then ignore the rest because it couldn't work anyway)

Why do I want assembler? Sometimes it is hard to detect who of all characters in game memory now actually the player is (there is one player and 3 computers - and the game mixes them). Now my idea was: it stores the player model id in the header at 20A8A40 and also at offset 0x40 of the player pointer. So I'd need to compare [20A8A40] == [[pointer]+40] - which would simply be impossible using assembler.

My idea was:

Code:
B2084038 00000000 //branch to player 1 (might be a computer) pointer
D9000040 00000000 //load the value at offset 40 (if I got that correctly, this value is now in r3)
D3000000 00000000 //reset the pointer offset
---asm---
ldr r0,=0x20A8A40 // r0 = [20A8A40] - loads the player model ID to r0
mvn r0,r0 //negate the model ID
and r3,r3,r0 //and perform an AND instruction on the loaded value at r3
//this is [[pointer]+40] & ! [20A8A40] - and if [20A8A40] and [[pointer]+40] are equal the result should be 0
---asm end---
D6000000 023FFFF8 //store the value to an unused memory address
D3000000 00000000 //reset offsets again
523FFFF8 00000000 //now is the value which was just written really 00000000
____ //instructions here
D2000000 00000000 //end


I know that's a kinda complicated idea - but well, I love challenge!

Thank you!
Author:  kenobi [ Tue Jan 22, 2008 12:58 pm ]
Post subject:  Re: [fixed] R4DS and 0xE ASM based codes....
Link wrote:
D9000040 00000000 //load the value at offset 40 (if I got that correctly, this value is now in r3)


I might have given false informations somewhere I guess. That's not in r3 at all.
Here is where it is stored :
[r13] = 'Dx repeat value'
[r13+0x4]= 'Dx next code to be executed'
[r13+0x8] = 'Dx code status'
[r13+0xC]='Dx data'

Also, the good syntax for the D9 code type is :
D9000000 00000040

And you make a ldr r0,=0x20A8A40, but after should follow a ldr r0,[r0] (else r0=0x020A8A40, and not [0x020A8A40]). You should also check that the pointer is not null at the very start of your code (62084038 00000000 - and then change the second D3000000 00000000 with a D2000000 00000000.).

Then I'm not quite sure if 0x023FFFF8 is really an unused place. Never looked into it (I prefer to use 0x02000000 - and I believe you could even use the ARM9 entry point in your case).

Finally, your way of comparing the 2 values is strange. A=B is not the same than A&(!B)=0
(2 and !6 =0, but 2!=6...). You should just xor them (unless you did that on purpose?).

Anyway, I also advise you do everything using asm (and not mix up ARDS and ASM) for your case, it'll be more efficient, but that's really up to you (it's kinda code size versus code efficiency - some people prefer small codes (by using the C code type for exemple), even if they do a crappy job).

ie. something like that (might be buggy I didn't try to compile it, it's just to give you an idea) :
Code:
---asm---
ldr r1,data // r1=0x02084038
ldr r0,[r1] // r0= 32bits value at 0x02084038
cmp r0,#0x0 // checks if the pointer exists
beq end // exits if the pointer is null (and then as r0=0, 0x02084038 (r1) will be written to 0x023FFFF8).
ldr r0,[r0,#0x40] // loads the 32bits value at 0x02084038+0x40
ldr r1,data+#0x04 // r1= 0x020A8A40
ldr r1,[r1] // r1= 32bits value at 0x020A8A40
end:
eor r1,r0 // if r1=r0 then r1=0, else r1!=0 - shouldn't we check if r1!=0 too ?
mov r0,#0x02400000
str r1,[r0,#-0x08] // stores r1 at 0x023FFFF8
bx r14 // jumps back to the AR
data:
.word 0x02084038
.word 0x020A8A40
---asm end---

523FFFF8 00000000 //now is the value which was just written really 00000000
____ //instructions here
D2000000 00000000 //end
Author:  Link [ Sun Jan 27, 2008 4:00 pm ]
Post subject:  Re: [fixed] R4DS and 0xE ASM based codes....
well, sorry for bumping, I got kinda lost.. first of all, thanks Kenobi

well in the end I used xor.. and I've used some of the stuff in my final code (see the Mario & Sonic [u] thread) and I also followed your idea to make the code as much assembler as possible - just those "Press select+up to grow" parts were made in AR code - the basic idea in the end was to overwrite the game assembler so that it relocates the player size value to another address and the AR can write this address with basic code types. This was quite easy as I got an iDeaS debugger version and used breakpoints on the size addresses - this way that whole "search which pointer is the correct one for this sport event" got useless as the assembler code already stores the correct address on r0.

Anyway, thanks for you help, there was really some quite interesting information in the post.
Page 1 of 1 All times are UTC - 8 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/