| Welcome, Guest |
You have to register before you can post on our site.
|
| Forum Statistics |
» Members: 82
» Latest member: saradk
» Forum threads: 1,023
» Forum posts: 1,707
Full Statistics
|
| Online Users |
There are currently 33 online users.
» 0 Member(s) | 32 Guest(s)
Bing
|
| Latest Threads |
Automated Perfect License...
Forum: Cheat Codes
Last Post: zak
04-18-2019, 09:43 PM
» Replies: 2
» Views: 66
|
Timer Clock Display Modif...
Forum: DBZ BT3
Last Post: zak
04-18-2019, 01:03 PM
» Replies: 0
» Views: 18
|
480p Graphics Fix
Forum: Cheat Codes
Last Post: zak
04-16-2019, 05:51 PM
» Replies: 1
» Views: 121
|
Random Track Selection Fo...
Forum: Cheat Codes
Last Post: zak
04-14-2019, 02:37 PM
» Replies: 0
» Views: 80
|
Annoucements/Updates
Forum: Site Advancement
Last Post: zak
04-12-2019, 08:21 PM
» Replies: 36
» Views: 7,461
|
TAS BKT Sheet
Forum: TAS
Last Post: Cameron_MKW
04-07-2019, 12:13 PM
» Replies: 3
» Views: 1,029
|
List of Certain Functions...
Forum: Hacking General
Last Post: zak
04-05-2019, 06:23 PM
» Replies: 0
» Views: 106
|
Graphical In-Game Item Sp...
Forum: Cheat Codes
Last Post: zak
03-31-2019, 09:12 PM
» Replies: 0
» Views: 164
|
Graphical In-Game Item Sp...
Forum: Cheat Codes
Last Post: zak
03-31-2019, 09:10 PM
» Replies: 0
» Views: 76
|
Go From Complete Noob to ...
Forum: Guides/How-To's
Last Post: Cameron_MKW
03-31-2019, 02:29 PM
» Replies: 1
» Views: 166
|
|
|
| Automated Perfect License Unlock and/or VR+BR Modifier |
|
Posted by: zak - 04-18-2019, 08:42 PM - Forum: Cheat Codes
- Replies (2)
|
 |
Automated Perfect License Unlock and/or VR+BR Modifier
This code will do one or both of the following...
1. Unlock Everything for all current licenses already Made (no star rank applied)
2. Set VR+BR for all current licenses already made
Why this Unlock-Everything/VR+BR Code is better than all others..
1. The entire process is automated, you are automatically returned to the Wii Menu moments after you boot the game
2. No silly controller button activator combinations required
3. No need to force the game to update the data save file (such as Change Miis)
4. No need to go Online to update the VR/BR
5. 0% chance of corrupting the data save file. Proper values are used for the unlocking mechanism, and the game's own checksum function is called to finish the data save writes.
Instructions for filling in X,Y,Z values:
First, set your 'user option' (this is the part of the code that has the X value highlighted in Bold). Here are the options you can set-
0 = Unlock Everything, Set VR & BR
1 = Unlock Everything, no VR & BR changes
2 = Set VR & BR, don't unlock
The YYYY value in the code is the VR rating and the ZZZZ value is the BR rating. If your user option (X value) is 1, then set the YYYY/ZZZZ values to anything random, it doesn't matter as the code will NOT apply the VR/BR changes.
Example YYYY/ZZZZ value:
270F = 9999 VR/BR
The code makes the desired changes on all licenses that are already made. If a license doesn't exist, the code will skip execution of the current license and check the next license slot.
Instructions on using the code:
All you have to do is boot MKWii. After a split second (your TV screen may have a visual glitch, this is normal), you will automatically be returned to the Wii Main Menu. And... that's it!!! You're done. Congratz.
NOTE: If using this on Dolphin, the automatic return to the Wii Menu will most likely fail (emulation freezes/glitches) but the code will still take effect.
NTSC-U
C20095F4 00000035
3AA0000X 3AC0YYYY
3AE0ZZZZ 3C600002
60638000 7C791B78
38800020 80ADA358
80A50024 7CBA2B78
3D808022 618C9490
7D8803A6 4E800021
7C7B1B78 3FA08016
4800002D 2F746974
6C652F30 30303130
3030342F 35323464
34333435 2F646174
612F726B 7379732E
64617400 7C6802A6
7C7E1B78 38800001
63BCADBC 7F8803A6
4E800021 2C030000
4180010C 7C7F1B78
7F64DB78 7F25CB78
63BCB15C 7F8803A6
4E800021 7C03C800
408200EC 7FE3FB78
63BCB2E4 7F8803A6
4E800021 3B1B0032
3E208CC0 5631843E
7F11C050 39600004
7D98886E 2C0C0000
40820011 356BFFFF
4082FFF0 48000044
7E8802A6 2C150001
40820025 39E00000
39EFFFFF 3E00031F
6210FFFC 91F80006
9218000A 7E8803A6
4E800020 B2D80086
B2F80088 2C150002
41A2FFEC 4E800020
7F63DB78 3899FFFC
3D80801D 618C1C00
7D8803A6 4E800021
3C9B0002 90647FFC
7FC3F378 38800002
63BCADBC 7F8803A6
4E800021 2C030000
41800034 7C7F1B78
7F64DB78 7F25CB78
63BCB220 7F8803A6
4E800021 7C03C800
40820014 7FE3FB78
63BCB2E4 7F8803A6
4E800021 3D80801A
618C87B8 7D8803A6
4E800020 00000000
PAL
C2009634 00000035
3AA0000X 3AC0YYYY
3AE0ZZZZ 3C600002
60638000 7C791B78
38800020 80ADA360
80A50024 7CBA2B78
3D808022 618C9814
7D8803A6 4E800021
7C7B1B78 3FA08016
4800002D 2F746974
6C652F30 30303130
3030342F 35323464
34333530 2F646174
612F726B 7379732E
64617400 7C6802A6
7C7E1B78 38800001
63BCAE5C 7F8803A6
4E800021 2C030000
4180010C 7C7F1B78
7F64DB78 7F25CB78
63BCB1FC 7F8803A6
4E800021 7C03C800
408200EC 7FE3FB78
63BCB384 7F8803A6
4E800021 3B1B0032
3E208CC0 5631843E
7F11C050 39600004
7D98886E 2C0C0000
40820011 356BFFFF
4082FFF0 48000044
7E8802A6 2C150001
40820025 39E00000
39EFFFFF 3E00031F
6210FFFC 91F80006
9218000A 7E8803A6
4E800020 B2D80086
B2F80088 2C150002
41A2FFEC 4E800020
7F63DB78 3899FFFC
3D80801D 618C1CA0
7D8803A6 4E800021
3C9B0002 90647FFC
7FC3F378 38800002
63BCAE5C 7F8803A6
4E800021 2C030000
41800034 7C7F1B78
7F64DB78 7F25CB78
63BCB2C0 7F8803A6
4E800021 7C03C800
40820014 7FE3FB78
63BCB384 7F8803A6
4E800021 3D80801A
618C8858 7D8803A6
4E800020 00000000
NTSC-J
C2009590 00000035
3AA0000X 3AC0YYYY
3AE0ZZZZ 3C600002
60638000 7C791B78
38800020 80ADA360
80A50024 7CBA2B78
3D808022 618C9734
7D8803A6 4E800021
7C7B1B78 3FA08016
4800002D 2F746974
6C652F30 30303130
3030342F 35323464
34333461 2F646174
612F726B 7379732E
64617400 7C6802A6
7C7E1B78 38800001
63BCAD7C 7F8803A6
4E800021 2C030000
4180010C 7C7F1B78
7F64DB78 7F25CB78
63BCB11C 7F8803A6
4E800021 7C03C800
408200EC 7FE3FB78
63BCB2A4 7F8803A6
4E800021 3B1B0032
3E208CC0 5631843E
7F11C050 39600004
7D98886E 2C0C0000
40820011 356BFFFF
4082FFF0 48000044
7E8802A6 2C150001
40820025 39E00000
39EFFFFF 3E00031F
6210FFFC 91F80006
9218000A 7E8803A6
4E800020 B2D80086
B2F80088 2C150002
41A2FFEC 4E800020
7F63DB78 3899FFFC
3D80801D 618C1BC0
7D8803A6 4E800021
3C9B0002 90647FFC
7FC3F378 38800002
63BCAD7C 7F8803A6
4E800021 2C030000
41800034 7C7F1B78
7F64DB78 7F25CB78
63BCB1E0 7F8803A6
4E800021 7C03C800
40820014 7FE3FB78
63BCB2A4 7F8803A6
4E800021 3D80801A
618C8778 7D8803A6
4E800020 00000000
NTSC-K
C200973C 00000035
3AA0000X 3AC0YYYY
3AE0ZZZZ 3C600002
60638000 7C791B78
38800020 80ADA380
80A50024 7CBA2B78
3D808022 618C9B88
7D8803A6 4E800021
7C7B1B78 3FA08016
4800002D 2F746974
6C652F30 30303130
3030342F 35323464
34333462 2F646174
612F726B 7379732E
64617400 7C6802A6
7C7E1B78 38800001
63BCAEF8 7F8803A6
4E800021 2C030000
4180010C 7C7F1B78
7F64DB78 7F25CB78
63BCB298 7F8803A6
4E800021 7C03C800
408200EC 7FE3FB78
63BCB420 7F8803A6
4E800021 3B1B0032
3E208CC0 5631843E
7F11C050 39600004
7D98886E 2C0C0000
40820011 356BFFFF
4082FFF0 48000044
7E8802A6 2C150001
40820025 39E00000
39EFFFFF 3E00031F
6210FFFC 91F80006
9218000A 7E8803A6
4E800020 B2D80086
B2F80088 2C150002
41A2FFEC 4E800020
7F63DB78 3899FFFC
3D80801D 618C1FFC
7D8803A6 4E800021
3C9B0002 90647FFC
7FC3F378 38800002
63BCAEF8 7F8803A6
4E800021 2C030000
41800034 7C7F1B78
7F64DB78 7F25CB78
63BCB35C 7F8803A6
4E800021 7C03C800
40820014 7FE3FB78
63BCB420 7F8803A6
4E800021 3D80801A
618C8BB4 7D8803A6
4E800020 00000000
Code creator: zak
Code credits: RiiDefi (EGG::Heap::alloc & NETCalcCRC32 functions), Megazig (All ISFS functions)
Source:
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~#
# Macros and Variables #
#~~~~~~~~~~~~~~~~~~~~~~#
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro call_isfs address
ori r28, r29, \address@l
mtlr r28
blrl
.endm
.macro call_nolink address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blr
.endm
.set region, '' #Fill in E, P, J, or K within the quotes for your region when Compiling! Lowercase letters can also be used.
.if (region == 'E' || region == 'e') # RMCE
.set ISFS_Open, 0xADBC
.set ISFS_Read, 0xB15C
.set ISFS_Write, 0xB220
.set ISFS_Close, 0xB2E4
.set Wii_Menu, 0x801A87B8
.set Egg_Alloc, 0x80229490
.set NET_Calc, 0x801D1C00
.elseif (region == 'P' || region == 'p') # RMCP
.set ISFS_Open, 0xAE5C
.set ISFS_Read, 0xB1FC
.set ISFS_Write, 0xB2C0
.set ISFS_Close, 0xB384
.set Wii_Menu, 0x801A8858
.set Egg_Alloc, 0x80229814
.set NET_Calc, 0x801D1CA0
.elseif (region == 'J' || region == 'j') # RMCJ
.set ISFS_Open, 0xAD7C
.set ISFS_Read, 0xB11C
.set ISFS_Write, 0xB1E0
.set ISFS_Close, 0xB2A4
.set Wii_Menu, 0x801A8778
.set Egg_Alloc, 0x80229734
.set NET_Calc, 0x801D1BC0
.elseif (region == 'K' || region == 'k') # RMCK
.set ISFS_Open, 0xAEF8
.set ISFS_Read, 0xB298
.set ISFS_Write, 0xB35C
.set ISFS_Close, 0xB420
.set Wii_Menu, 0x801A8BB4
.set Egg_Alloc, 0x80229B88
.set NET_Calc, 0x801D1FFC
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# r31 = fd #
# r30 = File Path Address #
# r29 & r28 = Part of call_isfs Macro #
# r27 = Heap Address Pointer / Data Save Contents Address Pointer #
# r26 = System Heap Calc Address #
# r25 = Read/Write's 3rd Arg #
# r24 = Copied from r27 for use in updating Loop #
# r23 = BR, r22 = VR, r21 = User Option #
# r20 = Link Register Subroutine Storage #
# r17 = License Slot Increase Offset For Load Word Update Index Instruction #
# r16 = Unlocker Hex Code String / Double-Word Pt 2 #
# r15 = Unlocker Hex Code String / Double-Word Pt 1 #
# r12 = License existence value check #
# r11 = Countdown Amount Tracker for Loop #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Data Save (rksys.dat) Contents 'Map' #
# 0x0038 License 1 Unlock String Doubleword #
# 0x00B8 License 1 VR Halfword #
# 0x00BA License 1 BR Halfword #
# 0x8CF8 License 2 Unlock String Doubleword #
# 0x8D78 License 2 VR Halfword #
# 0x8D7A License 2 BR Halfword #
# 0x119B8 License 3 Unlock String Doubleword #
# 0x11A38 License 3 VR Halfword #
# 0x11A3A License 3 BR Halfword #
# 0x1A678 License 4 Unlock String Doubleword #
# 0x1A6F8 License 4 VR Halfword #
# 0x1A6FA License 4 BR Halfword #
# 0x27FFC CRC-32 Checksum Word #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# No need to backup anything, code ends in a function blr call; Set User's Options of Code #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
li r21, 0x0 #User Option, zero used just for compilation
li r22, 0x270F #VR, random value for compilation
li r23, 0x270E #BR, random value for compilation
#~~~~~~~~~~~~~~~~~~~~~~~#
# EGG::Heap::alloc #
# r3 = Size of Heap #
# r4 = Alignment #
# r5 = System Heap Calc #
#~~~~~~~~~~~~~~~~~~~~~~~#
lis r3, 0x0002
ori r3, r3, 0x8000
mr r25, r3 #Backup Size of Data Save for later use of ISFS_Read & ISFS_Write
li r4, 0x20
.if (region == 'E' || region == 'e')
lwz r5, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p')
lwz r5, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j')
lwz r5, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k')
lwz r5, -0x5C80(r13)
.endif
lwz r5, 0x0024 (r5)
mr r26, r5 #Backup System Heap Calc Address
call_link Egg_Alloc
mr r27, r3 #Backup Heap Address Pointer
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# ISFS_Open #
# r3 = File Path #
# r4 = 0x1 for Read Permissions #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r29, 0x8016 #Set 1st half address for all ISFS Functions
bl open_datasave
.if (region == 'E' || region == 'e')
.string "/title/00010004/524d4345/data/rksys.dat"
.elseif (region == 'P' || region == 'p')
.string "/title/00010004/524d4350/data/rksys.dat"
.elseif (region == 'J' || region == 'j')
.string "/title/00010004/524d434a/data/rksys.dat"
.elseif (region == 'K' || region == 'k')
.string "/title/00010004/524d434b/data/rksys.dat"
.endif
open_datasave:
mflr r3
mr r30, r3 #Backup file path address pointer
li r4, 0x1
call_isfs ISFS_Open
cmpwi r3, 0x0 #r3 should return fd value. If negative value, then error occured.
blt- launch_menu
mr r31, r3 #Backup file descriptor
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# ISFS_Read #
# r3 = fd #
# r4 = Address Pointer to dump read Data to #
# r5 = Amount of Bytes to read & dump #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
mr r4, r27
mr r5, r25 #Backed up size arg from Egg Alloc moved to r5
call_isfs ISFS_Read
cmpw r3, r25 #r3 should return r5's aka r25's value. If negative value, then error occured.
bne- launch_menu
#~~~~~~~~~~~~#
# ISFS_Close #
# r3 = fd #
#~~~~~~~~~~~~#
mr r3, r31
call_isfs ISFS_Close
#~~~~~~~~~~~~~~~~~#
# Pre-Loop Config #
#~~~~~~~~~~~~~~~~~#
addi r24, r27, 0x0032 #0x32 instead of 0x38 (perfect alignment for later storing unlock doubleword) is used because when the upcoming loop is loading the word into r12 (to see if a license exist), it will cross check the existence of a avatar ID and client ID. If 0x38 is used, a possible 0x0 can be loaded into r12 with a license that does exist thus causing the code to not unlock everything for an existing license.
lis r17, 0x8CC0
srwi r17, r17, 16
subf r24, r17, r24
li r11, 0x4
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Loop #
# r24 will hold eact address for unlocker string location of lic. 1, then 2, then 3, and finally 4 #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
the_loop:
lwzux r12, r24, r17 #Middle register (r24) gets updated with the amount from r17
cmpwi r12, 0x0
bnel- make_writes
subic. r11, r11, 1
bne+ the_loop
b start_checksum
#~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# License Unlock Subroutine #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~#
make_writes:
mflr r20
cmpwi r21, 0x1
bnel- vrbr_writes
li r15, 0
addi r15, r15, -1 #Everything unlocked has a doubleword of 0xFFFFFFFF031FFFFC. Use r15 and r16 for that doubleword
lis r16, 0x031F
ori r16, r16, 0xFFFC
stw r15, 0x6 (r24) #Unlock everything for current license
stw r16, 0xA (r24) #Unlock everything for current license
blr_go:
mtlr r20
blr
#~~~~~~~~~~~~~~~~~~#
# VR/BR Subroutine #
#~~~~~~~~~~~~~~~~~~#
vrbr_writes:
sth r22, 0x86 (r24) #Write VR amount for current license
sth r23, 0x88 (r24) #Write BR amount for current license
cmpwi r21, 0x2
beq- blr_go
blr
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# NETCalcCRC32 #
# r3 = File Contents Address Pointer #
# r4 = Amount of Bytes to use for Calculation #
# r3's return value = CRC32 Word #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
start_checksum:
mr r3, r27 #Move backed up Heap Address Pointer to r3
addi r4, r25, -0x4 #Subtract 0x4 from data save size alloc to get byte size amount, 0x27FFC
call_link NET_Calc
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Store CRC32 Word to spot in Data Save Contents #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
addis r4, r27, 0x0002 #Add 0x00020000 to r27
stw r3, 0x7FFC (r4) #Store CRC32 Word to spot (which is final word location of entire contents)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# ISFS_Open #
# r3 = File Path #
# r4 = 0x2 for Write Permissions #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
mr r3, r30 #Move backed up file path address pointer to r3
li r4, 0x2
call_isfs ISFS_Open
cmpwi r3, 0x0
blt- launch_menu
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# ISFS_Write #
# r3 = fd #
# r4 = Address Pointer where String Data that will used for writes is located #
# r5 = Amount of Bytes to Write to File #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
mr r31, r3 #Backup fd
mr r4, r27 #Move backed up Heap Address Pointer to r4
mr r5, r25 #Move backed up Byte Write Size to r5
call_isfs ISFS_Write
cmpw r3, r25
bne- launch_menu
#~~~~~~~~~~~~#
# ISFS_Close #
# r3 = fd #
#~~~~~~~~~~~~#
mr r3, r31
call_isfs ISFS_Close
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Data Saves Successful, Return to Wii Menu. No need to free the Heap. #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
launch_menu:
call_nolink Wii_Menu
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
|
|
|
| Timer Clock Display Modifier Version 2; DBZ BT3 |
|
Posted by: zak - 04-18-2019, 01:03 PM - Forum: DBZ BT3
- No Replies
|
|
DBZ BT3 Timer Clock Display Modifier Version 2
Offline only. This code will change the Timer Value to whatever you want. It's a display modification only. Actual timer of the match still works.
NTSC-U
04121B44 3B800XXX
XXX = Amount to Display
Example: 12B = 999 on Timer
Source:
lwz r28, 0xC (r4) changed to li 28, 0x0XXX
Code creator: zak
|
|
|
|
| 480p Graphics Fix |
|
Posted by: Leseratte10 - 04-16-2019, 04:10 PM - Forum: Cheat Codes
- Replies (1)
|
 |
480p Graphics Fix
The user "Extrems" apparently found a bug in the Nintendo SDK that causes 480p graphics to not look as good as they could, and made a patch for libogc (more info: https://shmups.system11.org/viewtopic.ph...8#p1361158 )
I just implemented that patch as a cheat code for Mario Kart Wii, but I don't have a 480p display config ready so I can't test if it works properly. At least it doesn't crash the game. Anyone want to test that cheat code with a 480p config and see if it improves video quality?
NTSC-U
C21BCD3C 00000002
38600003 98610019
60000000 00000000
PAL
C21BCDDC 00000002
38600003 98610019
60000000 00000000
NTSC-J
C21BCCFC 00000002
38600003 98610019
60000000 00000000
NTSC-K
C21BD138 00000002
38600003 98610019
60000000 00000000
Code created by: Leseratte10
Code contributor(s): Extrems (found bug and made libogc patch)
|
|
|
|
| Random Track Selection For Offline |
|
Posted by: zak - 04-14-2019, 02:37 PM - Forum: Cheat Codes
- No Replies
|
|
Random Track Selection For Offline
Offline only. Does not work in Grand Prix.
This code will give you the ability to have a "random" feature for track selection. Just select any track at the track selection screen. When the Race/TT/Battle begins, it will be a random track that is loaded. For TT's this also effects the loading of the ghost preview screen.
This code makes use of memory addresses 0x8000149E 0x8000149F. Make sure no other codes in your GCT/Cheat-Manager are using those addresses.
NTSC-U
C21A9CDC 00000009
3C808000 8864149E
2803001F 41A10008
3860001F 38630001
2803002A 41A00008
38600020 9864149E
8864149F 38630001
28030020 41A00008
38600000 9864149F
38800000 00000000
C2825F74 00000002
3FE08000 8BFF149F
93E31758 00000000
C28529C8 00000002
3F808000 8B9C149E
93861758 00000000
PAL
C21A9D7C 00000009
3C808000 8864149E
2803001F 41A10008
3860001F 38630001
2803002A 41A00008
38600020 9864149E
8864149F 38630001
28030020 41A00008
38600000 9864149F
38800000 00000000
C28409D4 00000002
3FE08000 8BFF149F
93E31758 00000000
C283D0E8 00000002
3F808000 8B9C149E
93861758 00000000
NTSC-J
C21A9C9C 00000009
3C808000 8864149E
2803001F 41A10008
3860001F 38630001
2803002A 41A00008
38600020 9864149E
8864149F 38630001
28030020 41A00008
38600000 9864149F
38800000 00000000
C2840040 00000002
3FE08000 8BFF149F
93E31758 00000000
C283C754 00000002
3F808000 8B9C149E
93861758 00000000
NTSC-K
C21AA0D8 00000009
3C808000 8864149E
2803001F 41A10008
3860001F 38630001
2803002A 41A00008
38600020 9864149E
8864149F 38630001
28030020 41A00008
38600000 9864149F
38800000 00000000
C282ED94 00000002
3FE08000 8BFF149F
93E31758 00000000
C282B4A8 00000002
3F808000 8B9C149E
93861758 00000000
List of Sources-
1st ASM (Track Byte Cycler);
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Memory Address & Value Notes #
# 0x8000149E = Battle Track Byte #
# 0x8000148F = VS Track Byte #
# 0x00 thru 0x1F = VS Tracks #
# 0x20 thru 0x29 = Battle Tracks #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Safey Notes #
# r3 safe for use, gets overwritten next address #
# r4 safe for use, gets overwritten by default instruction at end #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~#
# Load Battle Track Byte #
#~~~~~~~~~~~~~~~~~~~~~~~~#
lis r4, 0x8000
lbz r3, 0x149E (r4)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Battle Track Byte 1st Comparsion Check #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmplwi r3, 0x1F
bgt+ _skipinitial #If greater than 0x1F, the battle cycle has already started
li r3, 0x1F #If not greater than 0x1F, begin the start of byte cycle, set value to 0x1F since the next instruction adds 1 to itself, value 0x20 is lowest byte value out of the battle tracks
_skipinitial:
addi r3, r3, 1 #Increment the Battle Byte by 1
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Battle Track Byte 2nd Comparison Check #
# If 0x2A, reset the cycle back down to 0x20 #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmplwi r3, 0x2A
blt+ _dontreset1
li r3, 0x20
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Store Updated Battle Byte to Exception Vector Area #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
_dontreset1:
stb r3, 0x149E (r4)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Load VS Track Byte, Increment It #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lbz r3, 0x149F (r4)
addi r3, r3, 1
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Compare VS Track Byte to 0x20 (first battle track) #
# If 0x20, reset the cycle #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmplwi r3, 0x20
blt+ _dontreset2
li r3, 0
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Store Updated Track Byte, Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
_dontreset2:
stb r3, 0x149F (r4)
li r4, 0 #Default Instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
====
2nd ASM (Load updated VS Track Byte to replace selected Track):
lis r31, 0x8000
lbz r31, 0x149F (r31) #Load Track Byte
stw r31, 0x1758 (r3) #Default Instruction, Store Track Word Value to Memory
====
3rd ASM (Load updated Battle Track Byte to replaced selected Track):
lis r28, 0x8000
lbz r28, 0x149E (r28) #Load Track Byte
stw r28, 0x1758 (r6) #Default Instruction, Store Track Word Value to Memory
Code creator: zak
|
|
|
|
| List of Certain Functions with Arguments Plus Descriptions |
|
Posted by: zak - 04-05-2019, 06:23 PM - Forum: Hacking General
- No Replies
|
|
List of Certain Functions with Arguments Plus Descriptions
This is a list of functions I have used in codes I have made or attempted to have made. Arguments, descriptions, and return values are provided. If you are wanting to view a list of many many more functions (not as detailed as this), view this thread HERE. There's no need to have essentially two symbol map type threads in the Resources sub-forum, hence why this thread is in Hacking General sub-forum.
ISFS Specific Return Values (r3)
For any function that has the term ISFS in it, they all have the same return value numbering. Here's a list of those values (shown in decimal form):
-1 = Permission Denied
-2 = File/Directory already exists
-4 = Invalid Register Argument
-6 = File/Directory not found
-8 = Resource busy
-12 = ECC error
-22 = Could not allocate Memory
-101 = Invalid Register Argument
-102 = Permission Denied
-105 = File/Directory already exists
-106 = File/Directory not found
-107 = Too many fds open
-108 = Memory is full
-109 = Too many fds open
-110 = Pathname is too long
-111 = fd already open
-114 = ECC error
-115 = Directory not empty
-116 = Max directory depth exceeded
-118 = Resource busy
-119 = Fatal error
Function: memcpy
Summary: Copies Data from a spot in Memory to another spot; useful for very large amounts of data
Address (region-free):
0x80005F34
Arguments:
r3 = Destination Start Address
r4 = Source Start Address
r5 = Amount of Bytes to Copy Over
Return Values:
r0 = Last byte that was copied
r3 = Remains the same
r4 = Address for final byte of Source
r5 = 0x0
r6 = Address for final byte of Destination
~~~
Function: sprintf
Summary: Formats a String (C++ style) and stores string to desired memory location
Addresses:
NTSC-U 0x80010ECC
PAL = 0x80011A2C
NTSC-J = 0x80011950
NTSC-K = 0x80011A94
Arguments:
r3 = Address Pointer where Formatted String ASCii-Hex will be written to
r4 = Address Pointer where non-formatted ASCii-Hex String is located, must end in NULL
r5 thru r10 = Non-Float Values to be formatted
f1 thru f13 = Float Values to be formatted
NOTE: You must use single precision (lfs instruction) if loading floats from memory into FPRs
Another NOTE: If using Float Values ,then this instruction must be required after the lfs (before the function call) - crset 4*cr1+eq
Google printf Format for a list of format characters/symbols for use in the ASCii-Hex String.
Return Value (r3):
Value matching amount of bytes written to r3 = Success
Any negative value = Error
~~~
Function: DirectPrint: SetupFB
Summary: Sets up a Frame Buffer to allow later use of DirectPrint: Printf & DirectPrint: StoreCache
Addresses:
NTSC-U 0x800223E0
PAL 0x80022480
NTSC-J 0x800223A0
NTSC-K 0x800224E0
Arguments:
For r3, 2 instructions must bed used to get the Render Mode of mpVideo from RKSystem, the first instruction slightly differ per region:
NTSC-U = lwz r3, -0x5CA8 (r13)
PAL = lwz r3, -0x5CA0 (r13)
NTSC-J = lwz r3, -0x5CA0 (r13)
NTSC-K = lwz r3, -0x5C80 (r13)
Then execute the 2nd instruction (region-free): lwz r3, 0x0 (r3)
r3 now contains the RenderMode
Return Values:
Any negative value = Error
~~~
Function: DirectPrint: Printf w/ DirectPrint: StoreCache
Summary: Both functions should be executed back-to-back hence why they are coupled together. These functions will preform a printf-style function that draws on the TV Screen; DirectPrint: SetupFB must already have been called beforehand
Addresses (Printf first, StoreCache second)
NTSC-U = 0x80021DF0, 0x80021DD0
PAL = 0x80021E90, 0x80021E70
NTSC-J = 0x80021DB0, 0x80021D90
NTSC-K = 0x80021EF0, 0x80021ED0
Arguments (for Printf only, StoreCache has no arguments):
r3 = X Coordinate (Starts Far Left)
r4 = Y Coordinate (Starts Very Top)
r5 = 0 for No Text Wrap, 1 for Text Wrap (Wrapping allows the text to enter into a new line if it reaches the edge of the screen)
r6 = Address Pointer to ASCii-Hex String that will be Drawn on Screen
r7 thru r10 = Standard printf format non-float arguments
f1 thru f13 = Standard printf format float arguments
NOTE: You must use single precision (lfs instruction) if loading floats from memory into FPRs
Another NOTE: If using Float Values ,then this instruction must be required after the lfs (before the function call) - crset 4*cr1+eq
Google printf Format for a list of format characters/symbols for use in the ASCii-Hex String.
Return Values:
Any negative value = Error
~~~
Function: ISFS_CreateDir
Summary: Creates a new directory on the NAND
Addresses:
NTSC-U = 80169DD4
PAL = 0x80169E74
NTSC-J = 0x80169D94
NTSC-K = 0x80169F10
Arguments:
r3 = Address that points to the File Path w/ new Directory that will be created (must be 32 bit aligned)
r4 = 0x0 (u8 attributes)
r5 = 0x3 (owner permissions)
r6 = 0x3 (group permissions)
r7 - 0x3 (other permissions)
Return Values (r3)
0 = Success
View ISFS List at top for negative values
##SPECIAL NOTE ABOUT ISFS_CreateDir & DOLPHIN##
Return value -105 will never occur on Dolphin for a Directory that already exists. It will instead return 0.
~~~
Function: ISFS_Delete
Summary: Delete a file or directory (recursively) from the NAND.
Addresses:
NTSC-U = 0x8016A6EC
PAL = 0x8016A78C
NTSC-J = 0x8016A6AC
NTSC-K = 0x8016A828
Arguments:
r3 = Address that points to file path (must be 32 bit aligned)
Return Values (r3):
0 = Success
View ISFS List at top for negative values
~~~
Function: ISFS_CreateFile
Summary: Creates a new file on the NAND, must use a pre-existing directory
Addresses:
NTSC-U = 0x8016ABD4
PAL = 0x8016AC74
NTSC-J = 0x8016AB94
NTSC-K = 0x8016AD10
Arguments:
r3 = Address that points to the File Path w/ new File that will be created
r4 = 0x0 (u8 attributes)
r5 = 0x3 (owner permissions)
r6 = 0x3 (group permissions)
r7 = 0x3 (other permissions)
Return Values (r3)
0 = Success
View ISFS List at top for negative values
~~~
Function: ISFS_Open
Summary: Opens a pre-existing file on the NAND to allow you to later read from it or write to it
Addresses:
NTSC-U = 0x8016ADBC
PAL = 0x8016AE5C
NTSC-J = 0x8016AD7C
NTSC-K = 0x8016AEF8
Arguments:
r3 = Address that points to the File Path
r4 = Permissions (Use 0x1 for Read, or 0x2 for Write)
Return Values (r3):
Success = File Descriptor Value Returned
View ISFS List at top for negative values
~~~
Function: ISFS_Seek
Summary: Only recommended for /readingwriting in a particular region of a very large file when not reading/writing at the very beginning of said file. Use after Open, before Read/Write.
Addresses:
NTSC-U = 0x8016B0CC
PAL = 0x8016B16C
NTSC-J = 0x8016B08C
NTSC-K = 0x8016B208
Arguments:
r3 = File Descriptor (value that was returned from ISFS_Open)
r4 = Offset from Location Mode aka where
r5 = Location Mode aka whence; 0x0 for Start of File, 0x1 = Current Spot of File, 0x2 = End of File
Return Values (r3):
Address after calculation of offset and mode, 0 is returned if r4 and r5 args were both zero
View ISFS List at top for negative values
~~~
Function: ISFS_Read
Summary: Read a file on the NAND to dump it's contents to a spot in Memory
Addresses:
NTSC-U = 0x8016B15C
PAL = 0x8016B1FC
NTSC-J = 0x8016B11C
NTSC-K = 0x8016B298
Arguments:
r3 = File Descriptor (value that was returned from ISFS_Open)
r4 = Address that points where the File's data will be dumped to (must be 32 byte aligned aka is address divisible by 0x20?)
r5 = Amount of Bytes of Data to dump from the File
Return Values (r3):
If r3 value's equals r5, then Success.
View ISFS List at top for negative values
~~~
Function: ISFS_Write
Summary: Write to a file on the NAND.
Addresses:
NTSC-U = 0x8016B220
PAL = 0x8016B2C0
NTSC-J = 0x8016B1E0
NTSC-K = 0x8016B35C
Arguments:
r3 = File Descriptor (value that was returned from ISFSOpen)
r4 = Address that points to the string of data that will be used to write to the File (must be 32 byte aligned aka is address divisible by 0x20?)
r5 = Amount of Bytes of Data to write from the string
Return Values (r3):
If r3 value's equals r5, then Success.
View ISFS List at top for negative values
~~~
Function: ISFS_Close
Summary: Close a file after reading from it or writing to it. This function must be done after the read/write.
Addresses:
NTSC-U = 0x8016B2E4
PAL = 0x8016B384
NTSC-J = 0x8016B2A4
NTSC-K = 0x8016B420
Arguments:
r3 = File Descriptor (value that was returned from ISFS_Open)
Return Values (r3):
0 = Success
View ISFS List at top for negative values
~~~
Function: OSFatal
Summary: Stops the game and displays a desired message on the TV screen. BG color, FG color, and text are all modifiable.
Addresses:
NTSC-U = 0x801A4E24
PAL = 0x801A4EC4
NTSC-J = 0x801A4DE4
NTSC-K = 0x801A5220
Arguments:
r3 = Address Pointer to Foreground (text) color
r4 = Address Pointer to Background color
r5 = Address Pointer to String of ASCII Text
Extra Notes:
Color = RRGGBBFF
RR = Red Value, GG = Green Value, BB = Blue Value
Return Values: None ofc...
~~~
Function: OSShutdownSystem
Summary: Standard shutdown of the Wii.
Addresses:
NTSC-U = 0x801A84CC
PAL = 0x801A856C
NTSC-J = 0x801A848C
NTSC-K = 0x801A88C8
Arguments: None
Return Values: None ofc...
~~~
Function: OSRestart
Summary: Reboots the game.
Addresses:
NTSC-U = 0x801A85E8
PAL = 0x801A8688
NTSC-J = 0x801A85A8
NTSC-K = 0x801A89E4
Arguments: None
Return Values: None ofc...
~~~
Function: OSReturnToMenu
Summary: Returns you to the Wii Menu.
Addresses:
NTSC-U = 0x801A87B8
PAL = 0x801A8858
NTSC-J = 0x801A8778
NTSC-K = 0x801A8BB4
Arguments: None
Return Values: None ofc...
~~~
Function: OSGetTime
Summary: Returns a 64 bit Time value base.
Addresses:
NTSC-U = 0x801AACBC
PAL = 0x801AAD5C
NTSC-J = 0x801AAC7C
NTSC-K = 0x801AB0B8
Arguments: None
Return Values (r3, r4):
r3 = Upper 32 bits of Time Base
r4 = Lower 32 bits of Time Base
~~~
Function: _OSShutdownToSBY
Summary: Shuts down the Wii to 'Red' light mode (completely off) even if your Wii is configured to shut down to 'Yellow' light mode
Addresses:
NTSC-U = 0x801AB8C0
PAL = 0x801AB960
NTSC-J = 0x801AB880
NTSC-K = 0x801ABCBC
Arguments: None
Return Values: None ofc...
~~~
Function: _OSHotReset
Summary: Reboots the Wii
Addresses:
NTSC-U = 0x801AB938
PAL = 0x801AB9D8
NTSC-J = 0x801AB8F8
NTSC-K = 0x801ABD34
Arguments: None
Return Values: None ofc...
~~~
Function: OSLaunchTitleI
Summary: Launches desired Wii Channel
Addresses:
NTSC-U = 0x801ADEC0
PAL = 0x801ADF60
NTSC-J = 0x801ADE80
NTSC-K = 0x801AE2BC
Arguments:
r3 = Upper 32 Bits of Title ID (ASCii-Hex)
r4 = Lower 32 Bits of Title ID
r5 = 0x03010000
r6 = 0x0
Return Values: None ofc...
~~~
Function: SCGetSimpleAddr
Summary: This will dump your Country Code, Region Residence Code, and Globe location from SYSCONF to a desired address. You will need at least 0x1008 blocks/bytes of free space.
Addresses:
NTSC-U = 0x801B1FD4
PAL = 0x801B2074
NTSC-J = 0x801B1F94
NTSC-K = 0x801B23D0
Arguments:
r3 = Address Where Country Code byte will be stored to (must be 32 bit aligned)
r3 + 0x1 = Address Where Region Residence byte will be stored to
r3 + 0x1004 = Address Where Globe Location word will be stored to
Return Values:
If r3 = 1, then success. If not, then unable to get Simple Address Data from SYSCONF.
~~~
Function: SCGetProductArea
Summary. This will dump your Console Area (3 Byte Capitalized ASCII) to a speicific address in Memory.
Addresses:
NTSC-U = 0x801B2300
PAL = 0x801B23A0
NTSC-J = 0x801B22C0
NTSC-K = 0x801B26FC
Arguments:
r3 = Address to Dump Console Area too
Return Values:
If r3 = 1, then success. If not, then unable to get Product Area from setting.txt.
~~~
Function: SCGetProductCode
Summary: This will dump the product code at a specific address in Static Memory. Once the product code is dumped, it will stay there until the Game is turned off
Addresses:
NTSC-U = 0x801B2384
PAL = 0x801B2424
NTSC-J = 0x801B2344
NTSC-K = 0x801B2780
Arguments: None
Return Values
If r3 = 1, then success. If not, then unable to get Product Code from setting.txt.
r4 minus r6 = Address where Product Code was dumped to
r5 = 6
~~~
Function: SCGetProductSN
Summary: This will dump the Serial Number at a specific address in Dynamic Memory. It will only be there during the DWC process of connecting to Wifi, then it will be cleared.
Addresses:
NTSC-U = 0x801B23C0
PAL = 0x801B2460
NTSC-J = 0x801B2380
NTSC-K = 0x801B27BC
Arguments: None
Return Values (r3, r4)
If r3 = 1, then success. If not, then unable to get SN from setting.txt.
r4's value minus 0xA = Address where Serial Number (in ASCII) was dumped to. Serial Number will always be 9 bytes in length)
~~~
Function: NCDiGetWirelessMacAddress
Summary: This will dump your MAC Address at a speicific address in Dynamic Memory. It will only be there during the DWC process of connecting to Wifi, then it will be cleared. However, you can change the first argument (r3) to dump it to a different spot if needed and not have it cleared.
Addresses:
NTSC-U = 0x801D0CD0
PAL = 0x801D0D70
NTSC-J = 0x801D0C90
NTSC-K = 0x801D10CC
Arguments: r3 = Address to dump MAC to
Return Values (r3)
If r3 = 0, then success. If not, then error attempting to get MAC from dev/fs.
~~~
Function: NETCalcCRC32
Summary: Calculates a CRC32-bit checksum. This function is required if you are wanting to make a code to modify MKWii's data save file (rksys.dat)
Addresses:
NTSC-U = 0x801D1C00
PAL = 0x801D1CA0
NTSC-J = 0x801D1BC0
NTSC-K = 0x801D1FFC
Arguments (r3, r4):
r3 = Address Pointer to start of Contents in Memory to be used for the CRC32 Calculation
r4 = Amount of Bytes to be used for the CRC32 Calculation
Return Value (r3);
r3 = CRC32-bit checksum calculated from contents (word)
~~~
Function: EGG::Heap::alloc
Summary: Creates a block of empty memory for available use.
Addresses:
NTSC-U = 0x80229490
PAL = 0x80229814
NTSC-J = 0x80229734
NTSC-K = 0x80229B88
Arguments (r3, r4, r5):
r3 = Size of Memory Block in Bytes
r4 = Alignment of Memory Block (if not sure, use 0x20 for 32 bit alignment)
For r5, 2 instructions must be preformed. The first instruction (get pointer from System Heap) will vary per region...
NTSC-U = lwz r5, -0x5CA8 (r13)
PAL = lwz r5, -0x5CA0 (r13)
NTSC-J = lwz r5, -0x5CA0 (r13)
NTSC-K = lwz r5, -0x5C80 (r13)
Second instruction for r5: lwz r5, 0x0024 (r5)
r5 thus has the Heap to allocate memory block in
Return Value (r3):
r3 = Pointer to Beginning of new Heap to use
~~~
Function: EGG::Heap::free
Summary: Free the block of memory that was created from EGG::Heap::alloc
Addresses (r3, r4):
NTSC-U = 0x80229800
PAL = 0x80229B84
NTSC-J = 0x80229AA4
NTSC-K = 0x80229EF8
Arguments:
r3 = Return value from EGG::Heap::alloc (Pointer to Beginning of Heap)
For r4, 2 instructions must be preformed. The first instruction (get pointer from System Heap) will vary per region...
NTSC-U = lwz r4, -0x5CA8 (r13)
PAL = lwz r4, -0x5CA0 (r13)
NTSC-J = lwz r4, -0x5CA0 (r13)
NTSC-K = lwz r4, -0x5C80 (r13)
Second instruction for r4: lwz r4, 0x24 (r4)
Return Value (r3):
If r3 = 1, then Success. Heap is freed. If not, then some sort of error occured.
~~~
Credits:
Megazig
RiiDefi
Bushing
Star
|
|
|
|
| Graphical In-Game Item Spy Online |
|
Posted by: zak - 03-31-2019, 09:12 PM - Forum: Cheat Codes
- No Replies
|
|
Graphical In-Game Item Spy Online
Works Online only.
This code will place a graphical image on the bottom on your screen. The screen will contain the held items (in inventory) of every player in the race. The listing of the items will be ordered by the player slot number. The items presented will be shown in their hex value...
Hex Item Image Values:
00 - Green Shell / No Player on Slot
01 - Red Shell
02 - Banana
03 - Fib
04 - Shroom
05 - Triple Shrooms
06 - Bomb
07 - Blue Shell
08 - Shock
09 - Star
0A - Golden
0B - Mega
0C - Blooper
0D - Pow
0E - TC
0F - Bill
10 - Triple Greens
11 - Triple Reds
12 - Triple Nanas
14 - No Item / No Item Available
NOTE: This code makes use of the following memory addresses...
0x80001500 thru 0x80001518
0x81660000 thru 0x8166002F
0x81670000 thru 0x81670003
Make sure no other codes in your GCT/Cheat-Manager are using those addresses.
NTSC-U
C200A3F0 00000007
9421FF80 BC610008
806DA358 80630044
80630000 3D808002
618C23E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009640 0000001D
3D808167 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08166
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C0ECC
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C0ECC
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1DF0
7D8803A6 4E800021
3D808002 618C1DD0
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C265EE14 00000003
88030001 1D960004
3D8C8166 900C0000
60000000 00000000
C265EE30 00000004
88100011 1D960004
3D8C8166 900C0000
3D608167 920B0000
60000000 00000000
PAL
C200A430 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C2480 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009680 0000001D
3D808167 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08166
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C1A2C
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C1A2C
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1E90
7D8803A6 4E800021
3D808002 618C1E70
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C265E18C 00000003
88030001 1D960004
3D8C8166 900C0000
60000000 00000000
C265E1A8 00000004
88100011 1D960004
3D8C8166 900C0000
3D608167 920B0000
60000000 00000000
NTSC-J
C200A38C 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C23A0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C20095DC 0000001D
3D808167 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08166
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C1950
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C1950
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1DB0
7D8803A6 4E800021
3D808002 618C1D90
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C265D7F8 00000003
88030001 1D960004
3D8C8166 900C0000
60000000 00000000
C265D814 00000004
88100011 1D960004
3D8C8166 900C0000
3D608167 920B0000
60000000 00000000
NTSC-K
C200A538 00000007
9421FF80 BC610008
806DA380 80630044
80630000 3D808002
618C24E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009788 0000001D
3D808167 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08166
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C1A94
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C1A94
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1EF0
7D8803A6 4E800021
3D808002 618C1ED0
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C264C4A4 00000003
88030001 1D960004
3D8C8166 900C0000
60000000 00000000
C264C4C0 00000004
88100011 1D960004
3D8C8166 900C0000
3D608167 920B0000
60000000 00000000
List of Sources:
1st ASM (When Game loads StaticR.rel, Get Render Mode & Call Direct Print Setup Frame Buffer)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r0, 0x0014 (r1)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_SetupFB, 0x800223E0
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_SetupFB, 0x80022480
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_SetupFB, 0x800223A0
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_SetupFB, 0x800224E0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Get Render Mode (RKSystem->mpVideo()->pRenderMode) #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
.if (region == 'E' || region == 'e') # RMCE
lwz r3, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p') # RMCP
lwz r3, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j') # RMCJ
lwz r3, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k') # RMCK
lwz r3, -0x5C80(r13)
.endif
lwz r3, 0x0044(r3)
lwz r3, 0x0 (r3)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Call nw4r::db: DirectPrint_SetupFB #
# r3 = Render Mode #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
call_link nw4r_db_DirectPrint_SetupFB
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
pop_stack
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
2nd ASM Source:
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Memory Address Notes: #
# 0x80001500 thru 0x80001512 - Formatted 1st Half of String #
# 0x80001512 - Null Byte appended from 1st Call of Sprintf #
# 0x80001512 thru 0x80001517 - Formatted 2nd Half of String #
# 0x80001518 - Null Byte appneded from 2nd Call of Sprintf #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r12, 0x0 (r3)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set sprintf, 0x80010ECC
.set nw4r_db_DirectPrint_Printf, 0x80021DF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021DD0
.elseif (region == 'P' || region == 'p') # RMCP
.set sprintf, 0x80011A2C
.set nw4r_db_DirectPrint_Printf, 0x80021E90
.set nw4r_db_DirectPrint_StoreCache, 0x80021E70
.elseif (region == 'J' || region == 'j') # RMCJ
.set sprintf, 0x80011950
.set nw4r_db_DirectPrint_Printf, 0x80021DB0
.set nw4r_db_DirectPrint_StoreCache, 0x80021D90
.elseif (region == 'K' || region == 'k') # RMCK
.set sprintf, 0x80011A94
.set nw4r_db_DirectPrint_Printf, 0x80021EF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021ED0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check to See if a Race is Active: #
# Load Status Word from Mem 81 #
# If not zero, we know to execute the Draw Code #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x8167
lwz r12, 0x0 (r12)
cmpwi r12, 0x0
beq- dont_execute
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Sprintf #1 #
# r3 = Address Pointer to Dump Formatted String #
# r4 = Address Pointer to String that needs Formatting #
# r5 thru r10 = Non Float Format Args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
bl printf_string
.llong 0x2530325820253032 #1st String for 1st Sprintf - "%02X %02X %02X %02X %02X %02X "
.llong 0x5820253032582025
.llong 0x3032582025303258
.llong 0x2025303258200000
printf_string:
mflr r4
li r5, 0x20
stb r5, 0x1D (r4) #This is needed because the final 0x20 gets nulled out for second sprintf, so we always need to 'recover' it before first sprintf
mr r29, r4 #Backup String Address Pointer to r29
lis r30, 0x8166
lswi r5, r30, 24 #Load the first 6 slot Item Words into r5 - r10
lis r3, 0x8000 #Set Address to Dump String To
ori r3, r3, 0x1500
addi r31, r3, 0x0012 #First Formatted String Ends at 0x80001512 (null), so add 0x18 to r3 for start of 2nd string on 2nd call of sprintf. Put result in r31 for global variable storage thru function calls
call_link sprintf
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check Sprintf #1 Return Value #
# If negative, error occured #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmpwi r3, 0x0
blt- _error
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Sprintf #2 #
# r3 = Address Pointer to Dump Formatted String #
# r4 = Address Pointer to String that needs Formatting #
# r5 thru r10 = Non Float Format Args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
mr r4, r29 #Move backed up string address pointer to r4
li r5, 0x0
stb r5, 0x1D (r4) #The space in the ASCII string near the end is not needed, null it out, string is now ready for 2nd call of sprintf
mr r3, r31 #2nd String will be dumped to exactly where null byte of 1st string of ended at
addi r30, r30, 0x18 #Add 0x18 to r30, now address points to beginning of second half of the 12 player item slot listing
lswi r5, r30, 24 #Load slot's 7 - 12 Item Words into r5 - r10
call_link sprintf
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check Sprintf #2 Return Value #
# If negative, error occured #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmpwi r3, 0x0
blt- _error
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# DirectPrint Printf & Store Cache #
# Purpose: Draw on Screen #
# r3 = X coordinate (starts far left) #
# r4 = Y coordinate (starts at very top) #
# r5 = 0 No Wrap; 1 Wrap #
# r6 = Address Pointer to String that will be Drawn on Screen #
# r7 thru r10 printf format args #
# f1 thru f13 printf float format args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
li r3, 0x30
li r4, 0xDA
li r5, 0x1
addi r6, r31, -0x12 #Make r6 have 0x80001500, beginning of entire formatted string
call_link nw4r_db_DirectPrint_Printf
call_link nw4r_db_DirectPrint_StoreCache
#~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety #
#~~~~~~~~~~~~~~~~~~~~~#
_error:
pop_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# dont_execute label; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
dont_execute:
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
3rd ASM Source:
lbz r0, 0x1 (r3) #Default instruction
mulli r12, r22, 0x4 #Multiple Player slot by 4, store in r12. Thus lower 16 bits of r12 will hold second half of mem81 address
addis r12, r12, 0x8166 #Add 0x8166 to upper 16 bits of r12. The player slot will increment/separate the address by 0x4 depending on slot value
stw r0, 0x0 (r12) #Store current read player's item to r12 plus offset 0x0193 (address for that player's item is now finalized)
==========
4th ASM Source:
lbz r0, 0x0011 (r16) #Default instruction
mulli r12, r22, 0x4 #Multiple Player slot by 4, store in r12. Thus lower 16 bits of r12 will hold second half of mem81 address
addis r12, r12, 0x8166 #Add 0x8166 to upper 16 bits of r12. The player slot will increment/separate the address by 0x4 depending on slot value
stw r0, 0x0 (r12) #Store current read player's item to r12 plus offset 0x0193 (address for that player's item is now finalized)
lis r11, 0x8167 #Set 1st Half Address for Race-Status Word Check
stw r16, 0 (r11) #We need anything not zero at 0x81670000, store r16 to that spot
Code creator: zak
Code credits: Star & RiiDefi (Draw Text to Screen Code); Bully (Both Item Spy ASMs)
|
|
|
|
| Graphical In-Game Item Spy Offline |
|
Posted by: zak - 03-31-2019, 09:10 PM - Forum: Cheat Codes
- No Replies
|
|
Graphical In-Game Item Spy Offline
Works Offline only.
This code will place a graphical image on the bottom on your screen. The screen will contain the held items (in inventory) of every player in the race. The listing of the items will be ordered by the player slot number. The items presented will be shown in their hex value...
Hex Item Image Values:
00 - Green Shell / No Player on Slot
01 - Red Shell
02 - Banana
03 - Fib
04 - Shroom
05 - Triple Shrooms
06 - Bomb
07 - Blue Shell
08 - Shock
09 - Star
0A - Golden
0B - Mega
0C - Blooper
0D - Pow
0E - TC
0F - Bill
10 - Triple Greens
11 - Triple Reds
12 - Triple Nanas
14 - No Item / No Item Available
NOTE: This code makes use of the following memory addresses...
0x80001500 thru 0x80001518
0x81500000 thru 0x8150002F
0x81510000 thru 0x81510003
Make sure no other codes in your GCT/Cheat-Manager are using those addresses.
NTSC-U
C200A3F0 00000007
9421FF80 BC610008
806DA358 80630044
80630000 3D808002
618C23E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009640 0000001D
3D808151 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08150
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C0ECC
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C0ECC
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1DF0
7D8803A6 4E800021
3D808002 618C1DD0
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C278EEF8 00000004
801D008C 1D9B0004
3D8C8150 900C0000
3D608151 93AB0000
60000000 00000000
PAL
C200A430 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C2480 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009680 0000001D
3D808151 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08150
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C1A2C
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C1A2C
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1E90
7D8803A6 4E800021
3D808002 618C1E70
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C2797F04 00000004
801D008C 1D9B0004
3D8C8150 900C0000
3D608151 93AB0000
60000000 00000000
NTSC-J
C200A38C 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C23A0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C20095DC 0000001D
3D808151 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08150
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C1950
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C1950
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1DB0
7D8803A6 4E800021
3D808002 618C1D90
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C2797570 00000004
801D008C 1D9B0004
3D8C8150 900C0000
3D608151 93AB0000
60000000 00000000
NTSC-K
C200A538 00000007
9421FF80 BC610008
806DA380 80630044
80630000 3D808002
618C24E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009788 0000001D
3D808151 818C0000
2C0C0000 418200D4
9421FF80 BC610008
48000025 25303258
20253032 58202530
32582025 30325820
25303258 20253032
58200000 7C8802A6
38A00020 98A4001D
7C9D2378 3FC08150
7CBEC4AA 3C608000
60631500 3BE30012
3D808001 618C1A94
7D8803A6 4E800021
2C030000 41800064
7FA4EB78 38A00000
98A4001D 7FE3FB78
3BDE0018 7CBEC4AA
3D808001 618C1A94
7D8803A6 4E800021
2C030000 41800034
38600030 388000DA
38A00001 38DFFFEE
3D808002 618C1EF0
7D8803A6 4E800021
3D808002 618C1ED0
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C27862C4 00000004
801D008C 1D9B0004
3D8C8150 900C0000
3D608151 93AB0000
60000000 00000000
List of Sources:
1st ASM (When Game loads StaticR.rel, Get Render Mode & Call Direct Print Setup Frame Buffer)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r0, 0x0014 (r1)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_SetupFB, 0x800223E0
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_SetupFB, 0x80022480
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_SetupFB, 0x800223A0
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_SetupFB, 0x800224E0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Get Render Mode (RKSystem->mpVideo()->pRenderMode) #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
.if (region == 'E' || region == 'e') # RMCE
lwz r3, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p') # RMCP
lwz r3, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j') # RMCJ
lwz r3, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k') # RMCK
lwz r3, -0x5C80(r13)
.endif
lwz r3, 0x0044(r3)
lwz r3, 0x0 (r3)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Call nw4r::db: DirectPrint_SetupFB #
# r3 = Render Mode #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
call_link nw4r_db_DirectPrint_SetupFB
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
pop_stack
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
2nd ASM Source:
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Memory Address Notes: #
# 0x80001500 thru 0x80001512 - Formatted 1st Half of String #
# 0x80001512 - Null Byte appended from 1st Call of Sprintf #
# 0x80001512 thru 0x80001517 - Formatted 2nd Half of String #
# 0x80001518 - Null Byte appneded from 2nd Call of Sprintf #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r12, 0x0 (r3)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set sprintf, 0x80010ECC
.set nw4r_db_DirectPrint_Printf, 0x80021DF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021DD0
.elseif (region == 'P' || region == 'p') # RMCP
.set sprintf, 0x80011A2C
.set nw4r_db_DirectPrint_Printf, 0x80021E90
.set nw4r_db_DirectPrint_StoreCache, 0x80021E70
.elseif (region == 'J' || region == 'j') # RMCJ
.set sprintf, 0x80011950
.set nw4r_db_DirectPrint_Printf, 0x80021DB0
.set nw4r_db_DirectPrint_StoreCache, 0x80021D90
.elseif (region == 'K' || region == 'k') # RMCK
.set sprintf, 0x80011A94
.set nw4r_db_DirectPrint_Printf, 0x80021EF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021ED0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check to See if a Race is Active: #
# Load Status Word from Mem 81 #
# If not zero, we know to execute the Draw Code #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x8151
lwz r12, 0x0 (r12)
cmpwi r12, 0x0
beq- dont_execute
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Sprintf #1 #
# r3 = Address Pointer to Dump Formatted String #
# r4 = Address Pointer to String that needs Formatting #
# r5 thru r10 = Non Float Format Args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
bl printf_string
.llong 0x2530325820253032 #1st String for 1st Sprintf - "%02X %02X %02X %02X %02X %02X "
.llong 0x5820253032582025
.llong 0x3032582025303258
.llong 0x2025303258200000
printf_string:
mflr r4
li r5, 0x20
stb r5, 0x1D (r4) #This is needed because the final 0x20 gets nulled out for second sprintf, so we always need to 'recover' it before first sprintf
mr r29, r4 #Backup String Address Pointer to r29
lis r30, 0x8150
lswi r5, r30, 24 #Load the first 6 slot Item Words into r5 - r10
lis r3, 0x8000 #Set Address to Dump String To
ori r3, r3, 0x1500
addi r31, r3, 0x0012 #First Formatted String Ends at 0x80001512 (null), so add 0x18 to r3 for start of 2nd string on 2nd call of sprintf. Put result in r31 for global variable storage thru function calls
call_link sprintf
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check Sprintf #1 Return Value #
# If negative, error occured #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmpwi r3, 0x0
blt- _error
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Sprintf #2 #
# r3 = Address Pointer to Dump Formatted String #
# r4 = Address Pointer to String that needs Formatting #
# r5 thru r10 = Non Float Format Args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
mr r4, r29 #Move backed up string address pointer to r4
li r5, 0x0
stb r5, 0x1D (r4) #The space in the ASCII string near the end is not needed, null it out, string is now ready for 2nd call of sprintf
mr r3, r31 #2nd String will be dumped to exactly where null byte of 1st string of ended at
addi r30, r30, 0x18 #Add 0x18 to r30, now address points to beginning of second half of the 12 player item slot listing
lswi r5, r30, 24 #Load slot's 7 - 12 Item Words into r5 - r10
call_link sprintf
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check Sprintf #2 Return Value #
# If negative, error occured #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmpwi r3, 0x0
blt- _error
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# DirectPrint Printf & Store Cache #
# Purpose: Draw on Screen #
# r3 = X coordinate (starts far left) #
# r4 = Y coordinate (starts at very top) #
# r5 = 0 No Wrap; 1 Wrap #
# r6 = Address Pointer to String that will be Drawn on Screen #
# r7 thru r10 printf format args #
# f1 thru f13 printf float format args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
li r3, 0x30
li r4, 0xDA
li r5, 0x1
addi r6, r31, -0x12 #Make r6 have 0x80001500, beginning of entire formatted string
call_link nw4r_db_DirectPrint_Printf
call_link nw4r_db_DirectPrint_StoreCache
#~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety #
#~~~~~~~~~~~~~~~~~~~~~#
_error:
pop_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# dont_execute label; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
dont_execute:
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
3rd ASM:
lwz r0, 0x8C (r29) #Default Instruction, r0 holds current Player/CPU's Held Item
mulli r12, r27, 0x4 #Multiple Player Slot value in r27 by 0x4, put result in r11
addis r12, r12, 0x8150 #Add 0x8150 to upper 16 bits of r12. The player slot will increment/separate the address by 0x4 depending on slot value
stw r0, 0x0 (r12) #Store current Player/CPU's Held Item value to address of r12
lis r11, 0x8151 #Set 1st Half Address for Race-Status Word Check
stw r29, 0x0 (r11) #We need anything not zero at 0x81510000, store 29 to that spot
Code creator: zak
Code credits: Star & RiiDefi (Draw Text to Screen Code); Bully (Item Spy ASM)
|
|
|
|
| Go From Complete Noob to Veteran ASM Coder |
|
Posted by: zak - 03-30-2019, 09:23 PM - Forum: Guides/How-To's
- Replies (1)
|
|
Go From Complete Noob to Veteran ASM Coder
I've always tried to make teaching various things that I know about this game easier to others. I have guides after guides after guides, but I still run into 'noobs' with no sense of direction. Even tough I have a lot of good quality guides/tuts, this can be overwhelming for the 'noob'. They may not know which threads to read first, or at least read a list of desired threads in a proper order.
Therefore, if you are a complete noob, I will list the threads that you should read in order. It is CRUCIAL that you actually read the threads. No skimming. I repeat, no skimming. Once again... no skimming....
Once you have 'mastered' the info of a particular thread, move onto the next one. This will be a long journey. Don't expect to learn everything in a few days. Going through all the threads listed below will take weeks.
Requirements before you start:
Have a quality computer (i5 processor or better, 8gb of RAM or higher, running in good condition)**
A working Wii
An SD Card (in size anywhere from 512gb to 16gb)
A Media Card Reader***
USB Stick (at least 4gb in size)
An MKWii Disc or an MKWii ISO/WBFS file
**NOTE: I personally use Linux as my computer operating system. I do not own a Windows Machine. If you are a Windows computer user, MOST guides will still work for windows. The only issue is anything dealing with Wiimm's Tools. I have no idea how to run those Tools on a Windows machine. For anything Wiimm Tools's related on Windows, you will mostly be on your 'own'. Apologies~
***A media card reader is simply a small device that uses a USB plugin that has a SD slot in it. You only need it if you computer doesn't have an SD slot.
For those wondering, yes I know you technically don't need a Wii & SD Card. One can do everything with Dolphin. But a lot of the beginner guides are designed around the use of a Wii Console. If you are a complete noob and don't have any way to get a Wii with SD card, this will be a lot harder to do.
Even if you are not a complete noob (maybe somewhere in the intermediate level range if you will), this thread will still be of good use to you.
Enough talk, here are the threads. One at time! Follow the order!
N00b Level Threads
Intro to Wii/MKW Hacking
http://mkwii.org/showthread.php?tid=297
Summary: The very beginning where everything starts... Let's go.
Glossary
http://mkwii.org/showthread.php?tid=298
Summary: An overview of many terms (or slang words) used in coding/hacking. You will need to get your vocabulary up early on.
SD Card Thread
http://mkwii.org/showthread.php?tid=81
Summary: You need an SD card, this thread will give you info of which SD cards are best/worse.
How to install HBC
http://mkwii.org/showthread.php?tid=30
Summary: The custom Wii channel that allows you to hack your Wii and/or play Wii games with cheats.
How to play MKW w/ Cheat Codes
http://mkwii.org/showthread.php?tid=223
Summary: Know how to make the appropriate files to use to load cheats in Mario Kart Wii
Ocarina Guide
http://mkwii.org/showthread.php?tid=37
Summary: This thread is linked within the previous one. This thread is specifically about the computer program you will ues to make cheat code files
Beginner Level Threads
Simplified MKW Cheat Code Documentation
http://mkwii.org/showthread.php?tid=434
Summary: Very basic documentation of formats of very basic cheat codes.
Fill in XYZ Values
http://mkwii.org/showthread.php?tid=29
Summary: This is required for codes that require you to 'activate' them or 'deactivate' them
Create Activators and Deactivators
http://mkwii.org/showthread.php?tid=68
Summary: Teaches you how to make your own activators and deactivators on a code that doesn't have them
Port Codes
http://mkwii.org/showthread.php?tid=113
Summary: Teaches you how to make basic cheat codes work in any 'version'/'region' of Mario Kart Wii
Intermediate Level Threads
Softmod Any Wii (skip this thread if you don't care about playing Wii games on a usb stick)
http://mkwii.org/showthread.php?tid=34
Summary: Modifies your wii greatly to allow many hacks such as the ability to play games on a USB stick. You will learn about Bootmii and other WIi Hacing items.
Rip ISO/WBFS from Disc (skip this thread if you don't care about playing Wii games on a usb stick)
http://mkwii.org/showthread.php?tid=122
Summary: ANother step to get you close to play games on a USB stick.
Add ISO/WBFS to USB Stick (skip this thread if you don't care about playing Wii games on a usb stick)
http://mkwii.org/showthread.php?tid=121
Summary: The final step to get you playing games on a USB stick
Sub-forum to Wiimm's Tools; Read sticky threads first (linux only, sorry Windows users...)
http://mkwii.org/forumdisplay.php?fid=17
Summary: Teaches you endlesss ways to modify ISO/WBFS files.
Expert Level Threads
Install Dolphin from Source (only for Linux users); windows stuff is covered in Dolphin Cheat codes thread further down)
http://mkwii.org/showthread.php?tid=625
Summary: Will learn how to build and install the Dolphin Emulator
Install Aldelaro5's LIVE RAM Viewer (only for linux users; window sstuff is cover in Dolphin CHeat codes thread)
http://mkwii.org/showthread.php?tid=626
Summary: Will learn how to build and install the needed RAM Viewer to help assist in making Cheat Codes
How to make Cheat Codes on Dolphin (also teaches Windows users how to install and run Dolphin) plus Adelaro5's LIVE RAM Viewer)
http://mkwii.org/showthread.php?tid=830
Summary: Yep, this is it. How to make your own real codes from scratch!
Assembly Tutorial
http://mkwii.org/showthread.php?tid=940
Summary: This thread is linked within the Dolphin Cheat Codes thread. Scared to learn ASM? Fear not! This thread by far is the best guide anywhere on the web to teach you basic PowerPC Assembly Code.
Simple ASM Reference
http://mkwii.org/showthread.php?tid=863
Summary: This thread is linked within the ASM Tutorial thread. Once you have learned ASM, view this as a refrence for ASM assistance.
ASM Tips n Trix
http://mkwii.org/showthread.php?tid=974
Summary: Having trouble writing basic ASM after learning it? Fear not! Here are some tips to make things easier
Using the Exception Vector Area
http://mkwii.org/showthread.php?tid=1106
Summary: Once your ASM codes get a bit less basic, you may need to store data/values at a unused spot in Memory. This thread will teach you how.
ASM & Register Safety
http://mkwii.org/showthread.php?tid=873
Summary: Proper safety etiquette for ASM Codes
Pr0 Level Threads
Using Mem81 to Auto-Clear Data in ASM Codes
http://mkwii.org/showthread.php?tid=1107
Summary: Gives you some insight on the usage of Mem81 for ASM
Pointer Trick
http://mkwii.org/showthread.php?tid=1011
Summary: A workaround for certain ASM troubles in regards to breakpoints
Convert Floats to Integers
http://mkwii.org/showthread.php?tid=967
Summary: Ew floaters, let's convert them to integers!
Creating Loops Pt 1
http://mkwii.org/showthread.php?tid=975
Summary: How to create a list of repeating instructions in ASM
Calling Functions
http://mkwii.org/showthread.php?tid=1052
Summary: Call basic static functions within the game using ASM
Creating Loops Pt 2
http://mkwii.org/showthread.php?tid=976
Summary: Pt 2 to the Creating Loops episode if you will...
Branch Link (BL) Trick
http://mkwii.org/showthread.php?tid=977
Summary: An optimized way to copy over large amounts of data in Power PC ASM
About Creating Stack Frames
http://mkwii.org/showthread.php?tid=1108
Summary: Create Stack Frames to store registers/data to for backup
Utilizing Macros
http://mkwii.org/showthread.php?tid=1083
Summary: Teaches you the ins & outs of Macros in an ASM Code's source
Conclusion
Welp there you go. Not many ppl in this community have the patience to learn all of this. You may be asking why? Well it's sort of an entitlement issue. Many in this community want handouts (all the answers just given to them). If you want learn all this stuff, you have to be able to figure out some stuff on your own. Nothing wrong with getting some help or asking questions. But if you are the type that just wants a 'copy-paste' answer to every small bump, you won't make it far.
Best of luck! Thanks for reading!
|
|
|
|
| Graphical SpeedBar |
|
Posted by: zak - 03-23-2019, 02:16 PM - Forum: Cheat Codes
- Replies (5)
|
|
Graphical SpeedBar
Shout outs to Star & RiiDefi for Draw Text To Screen Code!
This code will output your vehicle speed view a graphical image depicting an interactive bar. The bar length will vary depending on your vehicle speed. The bar works in an exponential manner, NOT linear. The higher the speeds, the more the bar will change depending on differences at the higher speeds.
NOTE: This code makes use of the following memory addresses...
0x80001660 thru 0x80001689
0x815F0000 thru 0x815F0003
Make sure no other codes in your GCT/Cheat-Manager are using those addresses!
NTSC-U
06001670 00000010
25336420 6B6D2F68
0A000000 00000000
C200A3F0 00000007
9421FF80 BC610008
806DA358 80630044
80630000 3D808002
618C23E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009640 00000016
3D80815F 818C0000
2C0C0000 4182009C
9421FF80 BC610008
3D808000 816C1660
C1AB0024 FDA06A10
FDA0681C D9AC1664
806C1668 7C671B78
7C6319D6 38800370
7C6323D6 3BA00000
2C030000 41820020
39E0007C 61901678
9DF00001 3463FFFF
4082FFF8 9BB00001
48000008 9BAC1679
38600009 388000D0
38A00001 61861670
3D808002 618C1DF0
7D8803A6 4E800021
3D808002 618C1DD0
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C27E4C9C 00000007
3D80809C 818CD110
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807FEE20
60000000 00000000
PAL
06001670 00000010
25336420 6B6D2F68
0A000000 00000000
C200A430 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C2480 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009680 00000016
3D80815F 818C0000
2C0C0000 4182009C
9421FF80 BC610008
3D808000 816C1660
C1AB0024 FDA06A10
FDA0681C D9AC1664
806C1668 7C671B78
7C6319D6 38800370
7C6323D6 3BA00000
2C030000 41820020
39E0007C 61901678
9DF00001 3463FFFF
4082FFF8 9BB00001
48000008 9BAC1679
38600009 388000D0
38A00001 61861670
3D808002 618C1E90
7D8803A6 4E800021
3D808002 618C1E70
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C27EEFAC 00000007
3D80809C 818C18F8
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807F3618
60000000 00000000
NTSC-J
06001670 00000010
25336420 6B6D2F68
0A000000 00000000
C200A38C 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C23A0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C20095DC 00000016
3D80815F 818C0000
2C0C0000 4182009C
9421FF80 BC610008
3D808000 816C1660
C1AB0024 FDA06A10
FDA0681C D9AC1664
806C1668 7C671B78
7C6319D6 38800370
7C6323D6 3BA00000
2C030000 41820020
39E0007C 61901678
9DF00001 3463FFFF
4082FFF8 9BB00001
48000008 9BAC1679
38600009 388000D0
38A00001 61861670
3D808002 618C1DB0
7D8803A6 4E800021
3D808002 618C1D90
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C27EE618 00000007
3D80809C 818C0958
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807F2678
60000000 00000000
NTSC-K
06001670 00000010
25336420 6B6D2F68
0A000000 00000000
C200A538 00000007
9421FF80 BC610008
806DA380 80630044
80630000 3D808002
618C24E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009788 00000016
3D80815F 818C0000
2C0C0000 4182009C
9421FF80 BC610008
3D808000 816C1660
C1AB0024 FDA06A10
FDA0681C D9AC1664
806C1668 7C671B78
7C6319D6 38800370
7C6323D6 3BA00000
2C030000 41820020
39E0007C 61901678
9DF00001 3463FFFF
4082FFF8 9BB00001
48000008 9BAC1679
38600009 388000D0
38A00001 61861670
3D808002 618C1EF0
7D8803A6 4E800021
3D808002 618C1ED0
7D8803A6 4E800021
B8610008 38210080
81830000 00000000
C27DD36C 00000007
3D80809B 818CFF38
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807F1C58
60000000 00000000
List of Sources:
1st ASM (When Game loads StaticR.rel, Get Render Mode & Call Direct Print Setup Frame Buffer)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r0, 0x0014 (r1)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_SetupFB, 0x800223E0
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_SetupFB, 0x80022480
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_SetupFB, 0x800223A0
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_SetupFB, 0x800224E0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Get Render Mode (RKSystem->mpVideo()->pRenderMode) #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
.if (region == 'E' || region == 'e') # RMCE
lwz r3, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p') # RMCP
lwz r3, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j') # RMCJ
lwz r3, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k') # RMCK
lwz r3, -0x5C80(r13)
.endif
lwz r3, 0x0044(r3)
lwz r3, 0x0 (r3)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Call nw4r::db: DirectPrint_SetupFB #
# r3 = Render Mode #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
call_link nw4r_db_DirectPrint_SetupFB
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
pop_stack
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
2nd ASM (Convert Speed Float, Calc Bar Length, Write Bar Amtn to Gecko ASCii String, Draw it to Screen)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Mem Address Notes: #
# 0x80001660 = Speed Float Word #
# 0x80001664 = Converted Hex 1st Word of Double Word Float #
# 0x80001668 = Converted Hex 2nd Word of Double Word Float (Speed in Hex) #
# 0x80001670 = Gecko String ASCii, r6 Arg for Direct Print #
# 0x80001678 = 0x0A ASCii byte for Entering into new Line for Speed Bar #
# 0x80001679 = Start of Bar #
# 0x80001688 = Last Bar byte at its highest amount possible #
# 0x80001689 = Last Null of Bar byte string at its highest amount possible #
# 0x815F0000 = "Status Word" If not zero, Draw Code will execute, auto clears after every race #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r12, 0x0 (r3)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_Printf, 0x80021DF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021DD0
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_Printf, 0x80021E90
.set nw4r_db_DirectPrint_StoreCache, 0x80021E70
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_Printf, 0x80021DB0
.set nw4r_db_DirectPrint_StoreCache, 0x80021D90
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_Printf, 0x80021EF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021ED0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check to See if a Race is Active: #
# Load Status Word from Mem 81 #
# If not zero, we know to execute the Draw Code #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x815F
lwz r12, 0x0 (r12)
cmpwi r12, 0x0
beq- dont_execute
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Pointer Load, Float Load, Conversion, Storage #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x8000 #Set 1st Half Address of Exception Vector Area
lwz r11, 0x1660 (r12) #Load Pointer
lfs f13, 0x0024 (r11) #Load the Speed Float from the Pointer
fabs f13, f13 #Convert Float to handle negative values approriately; aka fix Reverse Speed reading
fctiw f13, f13 #Convert Float to Word Integer, use Standard Rounding; aka fix Funky Kong 96/97 issue
stfd f13, 0x1664 (r12) #Store the whole converted float to 0x80001664 (using this instead of a li then stfiwx will save us one instruction total)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Calculate Bar Amount to Write to Memory #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lwz r3, 0x1668 (r12) #Load Vehicle Hex Speed Amnt into r3
mr r7, r3 #Copy hex value to r7 for DirectPrintf's 1st format Arg
mullw r3, r3, r3 #Raise Vehicle Hex Speed to the Power of 2
li r4, 0x370 #Load 0x370 into r4 for upcoming divw instruction
divw r3, r3, r4 #Divide Vehicle Hex Speed by 0x370
li r29, 0x0 #Clear out r29 for Bar End or else Bar will never decrease when speed decreases
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check if Bar Amnt is Zero. If so, we don't need to Write the Bar, skip upcoming Loop #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
cmpwi r3, 0x0
beq- skip_loop
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Set ASCii Symbol (divider), Setup Loop Store Address #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
li r15, 0x7C
ori r16, r12, 0x1678
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Loop #
# Write Approriate Bar Amount Based on finalized Hex Speed Amnt #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
the_loop:
stbu r15, 0x1 (r16)
subic. r3, r3, 1
bne+ the_loop
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Store NULL (Bar End) after last Byte of Bar #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
stb r29, 0x1 (r16)
b draw_toscreen
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Store NULL to what would be first Bar Byte #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
skip_loop:
stb r29, 0x1679 (r12)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# DirectPrint Printf & Store Cache #
# Purpose: Draw on Screen #
# r3 = X coordinate (starts far left) #
# r4 = Y coordinate (starts at very top) #
# r5 = 0 No Wrap; 1 Wrap #
# r6 = Address Pointer to String that will be Drawn on Screen #
# r7 thru r10 printf format args #
# f1 thru f13 printf float format args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
draw_toscreen:
li r3, 0x9
li r4, 0xD0
li r5, 0x1
ori r6, r12, 0x1670 #Gecko String Write Address
call_link nw4r_db_DirectPrint_Printf #r7 already set from earlier
call_link nw4r_db_DirectPrint_StoreCache
#~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety #
#~~~~~~~~~~~~~~~~~~~~~#
pop_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# dont_execute label; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
dont_execute:
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
3rd ASM (Store Memory Pointer)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.macro default_instruction
lwz r3, -0x11E0 (r31)
.endm
.macro set_playerbase
lis r12, 0x809C
lwz r12, 0xFFFFD110 (r12)
.endm
.elseif (region == 'P' || region == 'p') # RMCP
.macro default_instruction
lwz r3, 0x3618 (r31)
.endm
.macro set_playerbase
lis r12, 0x809C
lwz r12, 0x18F8 (f12)
.endm
.elseif (region == 'J' || region == 'j') # RMCJ
.macro default_instruction
lwz r3, 0x2678 (r31)
.endm
.macro set_playerbase
lis r12, 0x809C
lwz r12, 0x0958 (r12)
.endm
.elseif (region == 'K' || region == 'k') # RMCK
.macro default_instruction
lwz r3, 0x1C58 (r31)
.endm
.macro set_playerbase
lis r12, 0x809B
lwz r12, 0xFFFFFF38 (r12)
.endm
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Set Region-Specific Player-Base #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
set_playerbase
#~~~~~~~~~~~~~~~~~~~~~~~#
# Pointer Level Loading #
#~~~~~~~~~~~~~~~~~~~~~~~#
lwz r12, 0x0020 (r12) #Load Word from 1st Level Pointer
slwi r11, r0, 2 #Shift the bits of r0 by 2 to the left, result in r11. This is the same as multiplying by 0x4. r0 is current player slot.
lwzx r12, r12, r11 #Load into 2nd Level Pointer
lwz r12, 0x0010(r12) #Load into 3rd Level Pointer
lwz r12, 0x0010(r12) #Load into 4th Level Pointer
#~~~~~~~~~~~~~~~~~~~~~#
# Store Final Pointer #
#~~~~~~~~~~~~~~~~~~~~~#
lis r11, 0x8000 #Set up 1st Half Address of Exception Vector Area
stw r12, 0x1660 (r11) #Store Pointer Address to 0x80001660
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Set Status Word in Mem81 for Draw Text ASM #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x815F #Set up 1st Half Address of dynmaic Mem81
stw r31, 0x0 (r12) #Store r31 to 0x815F0000, we simply need a value not zero to be stored here. This will make the Speed Bar ASM only trigger during races.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Default Instruction; Region-Specific #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
Code creator: zak
Code credits: Star & RiiDefi (Draw Text To Screen Code); SwareJonge (Speed-O-Meter); Chadderz (source fixes to Mdmwii's OG Speed source), Mdmwii (original Speed-O-Meter)
|
|
|
|
| Graphical Speed/MTC/Air/Boost Meter |
|
Posted by: zak - 03-23-2019, 02:14 PM - Forum: Cheat Codes
- No Replies
|
|
Graphical Speed/MTC/Air/Boost Meter
Shout outs to Star & RiiDefi for Draw Text To Screen Code!
This code will display your vehicle speed, air time, mini turbo charge, and shroom/zipper boost as its own graphical image at the bottom of your screen only during the race/battle. The image will not appear if you are not in a race/battle. Works everywhere.
NOTE: This code makes use of the following memory addresses...
0x80001660 thru 0x80001663
0x815F0000 thru 0x815F0003
Make sure no other codes in your GCT/Cheat-Manager are using those addresses.
NTSC-U
C200A3F0 00000007
9421FF80 BC610008
806DA358 80630044
80630000 3D808002
618C23E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009640 00000017
3D80815F 818C0000
2C0C0000 418200A4
9421FF70 D8210008
BC610010 3D808000
816C1660 C02B0024
FC200A10 4CC63242
A10B021A A12B0110
A0EB0100 2C070000
40820008 A0EB00FE
4800002D 25332E30
66206B6D 2F682C20
25336420 4D54432C
20253364 20416972
2C202533 64204273
74000000 7CC802A6
38600009 388000DC
38A00001 3D808002
618C1DF0 7D8803A6
4E800021 3D808002
618C1DD0 7D8803A6
4E800021 B8610010
C8210008 38210090
81830000 00000000
C27E4C9C 00000007
3D80809C 818CD110
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807FEE20
60000000 00000000
PAL
C200A430 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C2480 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009680 00000017
3D80815F 818C0000
2C0C0000 418200A4
9421FF70 D8210008
BC610010 3D808000
816C1660 C02B0024
FC200A10 4CC63242
A10B021A A12B0110
A0EB0100 2C070000
40820008 A0EB00FE
4800002D 25332E30
66206B6D 2F682C20
25336420 4D54432C
20253364 20416972
2C202533 64204273
74000000 7CC802A6
38600009 388000DC
38A00001 3D808002
618C1E90 7D8803A6
4E800021 3D808002
618C1E70 7D8803A6
4E800021 B8610010
C8210008 38210090
81830000 00000000
C27EEFAC 00000007
3D80809C 818C18F8
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807F3618
60000000 00000000
NTSC-J
C200A38C 00000007
9421FF80 BC610008
806DA360 80630044
80630000 3D808002
618C23A0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C20095DC 00000017
3D80815F 818C0000
2C0C0000 418200A4
9421FF70 D8210008
BC610010 3D808000
816C1660 C02B0024
FC200A10 4CC63242
A10B021A A12B0110
A0EB0100 2C070000
40820008 A0EB00FE
4800002D 25332E30
66206B6D 2F682C20
25336420 4D54432C
20253364 20416972
2C202533 64204273
74000000 7CC802A6
38600009 388000DC
38A00001 3D808002
618C1DB0 7D8803A6
4E800021 3D808002
618C1D90 7D8803A6
4E800021 B8610010
C8210008 38210090
81830000 00000000
C27EE618 00000007
3D80809C 818C0958
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807F2678
60000000 00000000
NTSC-K
C200A538 00000007
9421FF80 BC610008
806DA380 80630044
80630000 3D808002
618C24E0 7D8803A6
4E800021 B8610008
38210080 80010014
60000000 00000000
C2009788 00000017
3D80815F 818C0000
2C0C0000 418200A4
9421FF70 D8210008
BC610010 3D808000
816C1660 C02B0024
FC200A10 4CC63242
A10B021A A12B0110
A0EB0100 2C070000
40820008 A0EB00FE
4800002D 25332E30
66206B6D 2F682C20
25336420 4D54432C
20253364 20416972
2C202533 64204273
74000000 7CC802A6
38600009 388000DC
38A00001 3D808002
618C1EF0 7D8803A6
4E800021 3D808002
618C1ED0 7D8803A6
4E800021 B8610010
C8210008 38210090
81830000 00000000
C27DD36C 00000007
3D80809B 818CFF38
818C0020 540B103A
7D8C582E 818C0010
818C0010 3D608000
918B1660 3D80815F
93EC0000 807F1C58
60000000 00000000
List of Sources:
1st ASM (When Game loads StaticR.rel, Get Render Mode & Call Direct Print Setup Frame Buffer)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x80 (r1)
stmw r3, 0x8 (r1)
.endm
.macro pop_stack
lmw r3, 0x8 (r1)
addi r1, r1, 0x80
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r0, 0x0014 (r1)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_SetupFB, 0x800223E0
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_SetupFB, 0x80022480
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_SetupFB, 0x800223A0
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_SetupFB, 0x800224E0
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Get Render Mode (RKSystem->mpVideo()->pRenderMode) #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
.if (region == 'E' || region == 'e') # RMCE
lwz r3, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p') # RMCP
lwz r3, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j') # RMCJ
lwz r3, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k') # RMCK
lwz r3, -0x5C80(r13)
.endif
lwz r3, 0x0044(r3)
lwz r3, 0x0 (r3)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Call nw4r::db: DirectPrint_SetupFB #
# r3 = Render Mode #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
call_link nw4r_db_DirectPrint_SetupFB
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
pop_stack
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
2nd ASM (Take Float Speed, Convert It, Draw it to Screen)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Register Notes: #
# No need to backup r0 or LR #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Mem Address Notes: #
# 0x80001660 Speed Float Word #
# 0x815F0000 "Status Word" If not zero, Draw Code will execute, auto clears after every race #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.macro push_stack
stwu r1, -0x90 (r1)
stfd f1, 0x8 (r1)
stmw r3, 0x10 (r1)
.endm
.macro pop_stack
lmw r3, 0x10 (r1)
lfd f1, 0x8 (r1)
addi r1, r1, 0x90
.endm
.macro call_link address
lis r12, \address@h
ori r12, r12, \address@l
mtlr r12
blrl
.endm
.macro default_instruction
lwz r12, 0x0 (r3)
.endm
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.set nw4r_db_DirectPrint_Printf, 0x80021DF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021DD0
.elseif (region == 'P' || region == 'p') # RMCP
.set nw4r_db_DirectPrint_Printf, 0x80021E90
.set nw4r_db_DirectPrint_StoreCache, 0x80021E70
.elseif (region == 'J' || region == 'j') # RMCJ
.set nw4r_db_DirectPrint_Printf, 0x80021DB0
.set nw4r_db_DirectPrint_StoreCache, 0x80021D90
.elseif (region == 'K' || region == 'k') # RMCK
.set nw4r_db_DirectPrint_Printf, 0x80021EF0
.set nw4r_db_DirectPrint_StoreCache, 0x80021ED0
.else # Invalid Region
.abort
.endif
.set _speed, 0x24 #Speed Float
.set _mtc, 0xFE #MT Charge
.set _omtc, 0x100 #Kart Only Orange MT Charge
.set _mushb, 0x110 #Mushroom Boost
.set _air, 0x21A #Air Time
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Check to See if a Race is Active: #
# Load Status Word from Mem 81 #
# If not zero, we know to execute the Draw Code #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x815F
lwz r12, 0x0 (r12)
cmpwi r12, 0x0
beq- dont_execute
#~~~~~~~~~~~~~~~~~~~~~~~#
# Start Register Safety #
#~~~~~~~~~~~~~~~~~~~~~~~#
push_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Load Pointer, Load Float #
#~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x8000 #Set 1st half address of Exception Vector Area
lwz r11, 0x1660 (r12) #Load the Pointer
lfs f1, _speed (r11) #Load the Single Float into FPR 1 for first float format arg of DirectPrint Printf
fabs f1, f1 #Handle negative values
crset 4*cr1+eq #Set the Condition Register before the Float Arg is used in DirectPrint Printf
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Load MTC, Air, MTB into appropriate DirectPrintf registers #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lhz r8, _air (r11) #Set 2nd GPR format arg
lhz r9, _mushb (r11) #Set 3rd GPR format arg
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Load MT, do Orange MT Check Calc #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lhz r7, _omtc (r11) #First Load the Orange MT value
cmpwi r7, 0x0
bne- skip_blue #If not zero, we don't need to read Blue MT, follow skip_blue branch
lhz r7, _mtc (r11) #If zero, read Blue MT instead of Orange MT
skip_blue: #1st GPR format arg is set
#~~~~~~~~~~~~~~~~~~~~~#
# Create ASCii String #
#~~~~~~~~~~~~~~~~~~~~~#
bl the_string #Create the C++ string
.llong 0x25332E3066206B6D #Hex for "%3.0f km/h, %3d MTC, %3d Air, %3d Bst"
.llong 0x2F682C2025336420
.llong 0x4D54432C20253364
.llong 0x204169722C202533
.llong 0x6420427374000000
the_string:
mflr r6 #Move C++ string's address location to r4, r5 thru r8 arguments already set
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# DirectPrint Printf & Store Cache #
# Purpose: Draw on Screen #
# r3 = X coordinate (starts far left) #
# r4 = Y coordinate (starts at very top) #
# r5 = 0 No Wrap; 1 Wrap #
# r6 = Address Pointer to String that will be Drawn on Screen #
# r7 thru r10 printf format args #
# f1 thru f13 printf float format args #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
li r3, 0x9
li r4, 0xDC
li r5, 0x1
call_link nw4r_db_DirectPrint_Printf
call_link nw4r_db_DirectPrint_StoreCache
#~~~~~~~~~~~~~~~~~~~~~#
# End Register Safety #
#~~~~~~~~~~~~~~~~~~~~~#
pop_stack
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# dont_execute label; Default Instruction #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
dont_execute:
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
==========
3rd ASM (Store Memory Pointer)
#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~#
# Macros & Statements #
#~~~~~~~~~~~~~~~~~~~~~#
.set region, '' #Must set region value, or else source will not compile
.if (region == 'E' || region == 'e') # RMCE
.macro default_instruction
lwz r3, -0x11E0 (r31)
.endm
.macro set_playerbase
lis r12, 0x809C
lwz r12, 0xFFFFD110 (r12)
.endm
.elseif (region == 'P' || region == 'p') # RMCP
.macro default_instruction
lwz r3, 0x3618 (r31)
.endm
.macro set_playerbase
lis r12, 0x809C
lwz r12, 0x18F8 (f12)
.endm
.elseif (region == 'J' || region == 'j') # RMCJ
.macro default_instruction
lwz r3, 0x2678 (r31)
.endm
.macro set_playerbase
lis r12, 0x809C
lwz r12, 0x0958 (r12)
.endm
.elseif (region == 'K' || region == 'k') # RMCK
.macro default_instruction
lwz r3, 0x1C58 (r31)
.endm
.macro set_playerbase
lis r12, 0x809B
lwz r12, 0xFFFFFF38 (r12)
.endm
.else # Invalid Region
.abort
.endif
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Set Region-Specific Player-Base #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
set_playerbase
#~~~~~~~~~~~~~~~~~~~~~~~#
# Pointer Level Loading #
#~~~~~~~~~~~~~~~~~~~~~~~#
lwz r12, 0x0020 (r12) #Load Word from 1st Level Pointer
slwi r11, r0, 2 #Shift the bits of r0 by 2 to the left, result in r11. This is the same as multiplying by 0x4. r0 is current player slot.
lwzx r12, r12, r11 #Load into 2nd Level Pointer
lwz r12, 0x0010(r12) #Load into 3rd Level Pointer
lwz r12, 0x0010(r12) #Load into 4th Level Pointer
#~~~~~~~~~~~~~~~~~~~~~#
# Store Final Pointer #
#~~~~~~~~~~~~~~~~~~~~~#
lis r11, 0x8000 #Set up 1st Half Address of Exception Vector Area
stw r12, 0x1660 (r11) #Store Pointer Address to 0x80001660
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Set Status Word in Mem81 for Draw Text ASM #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
lis r12, 0x815F #Set up 1st Half Address of dynmaic Mem81
stw r31, 0x0 (r12) #Store r31 to 0x815F0000, we simply need a value not zero to be stored here. This will make the Speed Bar ASM only trigger during races.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Default Instruction; Region-Specific #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
default_instruction
#
#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
Code creator: zak
Code credits: Star & RiiDefi (Draw Text To Screen Code); SwareJonge (Speed-O-Meter); Chadderz (source fixes to Mdmwii's OG Speed source); Mdmwii (original Speed-O-Meter)
|
|
|
|
|
