Tutorial on the 'Pointer Trick' (ASM)
#1
Tutorial on the Pointer Trick

NOTICE: For beginner-level ASM Coders.

Sometimes a breakpoint can fail, or only occur during certain situations. Thus, a coder will then try to find another viable breakpoint for the dynamic memory value(s) they are wanting to manipulate. However, sometimes no breakpoints will be viable, or finding the correct value to break is too difficult to find.



Explanation Of When To Use Pointer Trick

Let's say you wanted to get a value, and you need this value to be stored somewhere in unused memory (like the Exception Vector Area, read this HERE for details of that Area) that will later be loaded via a 2nd ASM Code. Unfortunately, when you set a breakpoint on this value. It either doesn't break at all, or you get separate address results that one is responsible for increasing the value, one is responsible for decreasing the vale, one responsible for setting the value to 0, etc etc.

Instead of trying to write multiple ASM codes that use the addresses responsible for separately increasing/decreasing/setting said value. You can do what's called a pointer trick. A pointer is simply a value that points to the spot in dynamic memory where your value is or a spot nearby your wanted value.

What you do is find a nearby value that is not too far away from the value you would normally set a BP on. You need to find a value that gets read or written to every frame. Meaning it will break any time that you need it to break.

This will take some trial and error obviously.



Methods of Use

For example, let's say we found where your IP Address is at in dynamic memory after a wifi login.  And you wanna see know function (code address) that reads the value during the login. So you set a read breakpoint on it. But the breakpoint doesn't work, and a write breakpoint doesn't work either. However, we see 0x4 before the IP Address is a halfword value. So instead, we set a breakpoint on that value, and try the login again. Now the game breaks with this instruction...

Code:
lhz r5, 0x0108 (r27) #Default Instruction

The halfword value was 0x4 before of the IP Address. So we know that using 0x104 (instead of 0x108) with r27 is the location of the IP. You have two types of methods of doing the pointer trick...

---

Method #1 Store Pointer to Memory

First method is to simply store r27 to some place like the Exception Vector Area. Let's say you are storing it to 0x80001600 location within the Exception Vector Area. Like this..

Code:
lhz r5, 0x0108 (r27) #Default Instruction
lis r12, 0x8000
stw r27, 0x1600 (r12)

Then on your 2nd ASM code, when you need to load the IP Address into a register, you do this...

Code:
lis r12, 0x8000 #Set 1st Half Address of Exception Vector Area
lwz r12, 0x1600 #Load r27's value (aka the pointer) into r12
lwz r12, 0x0104 (r12) #Load the value offset 0x104 of the pointer; r12 now contains the IP Address

---

Method #2

Instead of storing the pointer, you can load the IP Address via offset 0x0104 of r27 into a free register on the first ASM. Then store the IP Address to the Exception Vector Area like this....

Code:
lwz r11, 0x0104 (r27) #IP Address now in r11
lhz r5, 0x0108 (r27) #Default Instruction
lis r12, 0x8000 #Set 1st Half Address of Exception Vector Area
stw r11, 0x1600 #Store IP Address to 0x80001600

That way, you normally load the value (IP Address) on your 2nd ASM like this...

Code:
lis r12, 0x8000
lwz r12, 0x1600 (r12)



Conclusion

Alright, so now you know not to give up hope entirely if your breakpoints are not working. Try the pointer trick, it may get your code to work. Thanks for reading. By the way here is an actual code created (for displaying your IP Address on game's timer) via what was described in Method #2 - http://mkwii.org/showthread.php?tid=832
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)