Post by spinout on Jan 19, 2009 12:13:10 GMT -5
Well I just tried my first ASM hack and after staying up into the wee hours of the morning, it finally works. Yes, Souylsin has done this hack before, but he did not do it as I told him so I thought it would be a good introductory hack.
Here is the source:
Assembled as a Nemu Cheat:
And just as a normal code for all you PJ64 users (set the core to interpreter in 1.6):
Oh and it is only for DEBUG ROM
The code must be on as the game boots or it will not work, unless you know how to breakpoint, then just go to 80070ED0 and BP the word there and the one following it.
Controls:
D-Pad up to go to arrow location.
Have fun!
Here is the source:
J 80600000 ;80070ED0 PC=80600000
NOP ;80070ED0
LUI $k1, 8021 ;80600000 $k1=80210000
LW $at, 3C8C($k1) ;80600004 $at=word[80213C8C]
LW $k1, 0000($at) ;80600008 $k1 is now equal to the word located at the offset found at 80213C8C
LUI $gp, 0016 ;8060000C $gp = 00160000
ADDIU $gp, $gp, 07FF ;80600010 $gp = 001607FF
BNE $k1, $gp, DC ;80600014 is arrow? if not check_arrow_shot()
LUI $k1, 8021 ;80600018 $k1=80210000
LW $at, 3C8C($k1) ;8060001C $at=word[80213C8C]
LUI $gp, 8060 ;80600020 $gp=80600000
SW $at, 020C($gp) ;80600024 word[8060020C]=$at
LUI $k1, 0001 ;80600028 $k1=00010000
SW $k1, 0210($gp) ;8060002C word[80600210]=$k1
J 806000D0 ;80600030 exit()
LUI $gp, 8060 ;80600034 for writing xyz vals
LUI $k1, 8060 ;80600038 $k1=8060
LW $at, 020C($k1) ;8060003C $at=word[8060020C]
LW $k1, 0024($at) ;80600040 $k1=word[at+24]
SW $k1, 0200($gp) ;80600044 word[80600200]=$k1 X
LUI $k1, 8060 ;80600048 $k1=8060
LW $at, 020C($k1) ;8060004C $at=word[8060020C]
LW $k1, 0028($at) ;80600050 $k1=word[at+28]
SW $k1, 0204($gp) ;80600054 word[80600204]=$k1 Y
LUI $k1, 8060 ;80600058 $k1=8060
LW $at, 020C($k1) ;8060005C $at=word[806020C]
LW $k1, 002C($at) ;80600060 $k1=word[at+2C]
SW $k1, 0208($gp) ;80600064 word[80600208]=$k1 Z
J 8060009C ;80600068 set_link_xyz()
NOP ;8060006C
NOP ;80600070
LUI $gp, 8060 ;80600074 $gp=80600000 for adding onto SWs arrow has not been shot, position is backed up incase player decides to warp
LUI $k1, 8022 ;80600078 $k1=80220000 for adding onto LWs
LW $at, 45D4($k1) ;8060007C $at=word[802245D4]
SW $at, 0200($gp) ;80600080 word[80600200]=$at X
LW $at, 45D8($k1) ;80600084 $at=word[802245D8]
SW $at, 0204($gp) ;80600088 word[80600204]=$at Y
LW $at, 45DC($k1) ;8060008C $at=word[802245DC]
SW $at, 0208($gp) ;80600090 word[80600208]=$at Z
LUI $k1, 0001 ;80600094
SW $k1, 0210($gp) ;80600098
LUI $k1, 8016 ;8060009C $k1=80160000
LW $at, 65C0($k1) ;806000A0 $at=word[801665C0]
LUI $gp, 0800 ;806000A4 $gp=08000000
ADDIU $gp, $gp, 0000 ;806000A8 $gp=00000000
BNE $at, $gp, D0 ;806000AC D-up been hit? if not exit()
LUI $k1,8022 ;806000B0 $k1=8022 for adding onto SWs
LUI $gp, 8060 ;806000B4 $gp=8060 for adding onto LWs
LW $at, 0200($gp) ;806000B8 $at=word[80600200]
SW $at, 45D4($k1) ;806000BC word[802245D4]=$at X
LW $at, 0204($gp) ;806000C0 $at=word[80600204]
SW $at, 45D8($k1) ;806000C4 word[802245D8]=$at Y
LW $at, 0208($gp) ;806000C8 $at=word[80600208]
SW $at, 45DC($k1) ;806000CC word[802245DC]=$at Z
J 80070ED8 ;806000D0 back to original routine
NOP ;806000D4
NOP ;806000D8
LUI $k1, 8060 ;806000DC $k1=8060000
LW $at, 0210(k1) ;806000E0 $at=word[80600210]
LUI $k1, 0001 ;806000E4 $k1=00010000
BNE $k1, $at, 74 ;806000E8 if arrow has not been found yet copy_link_xyz()
LUI $k1, 8060 ;806000EC $k1=80600000
LW $at, 020C($k1) ;806000F0 $at=word[8060020C]
LW $k1, 0074($at) ;806000F4 $k1=word[$at+74]
LUI $gp, 0x0000 ;806000F8 $gp=0
BNE $k1, $gp, 34 ;806000FC is shot? if true copy_arrow_xyz()
NOP ;80600100
J 806000D0 ;80600102 else: exit()
;def copy_link_xyz() = 80600074
;def copy_arrow_xyz() = 80600034
;def set_link_xyz() = 8060009C
;def check_arrow() = 80600000
;def check_arrow_shot() =806000DC
;def exit() = 806000D0
Assembled as a Nemu Cheat:
CheatName6=TeleArrow
CheatName6Count=136
CheatName6Code0=81070ED0 0818
CheatName6Code1=81070ED2 0000
CheatName6Code2=81070ED4 0000
CheatName6Code3=81070ED6 0000
CheatName6Code4=81600000 3C1B
CheatName6Code5=81600002 8021
CheatName6Code6=81600004 8F61
CheatName6Code7=81600006 3C8C
CheatName6Code8=81600008 8C3B
CheatName6Code9=8160000A 0000
CheatName6Code10=8160000C 3C1C
CheatName6Code11=8160000E 0016
CheatName6Code12=81600010 279C
CheatName6Code13=81600012 07FF
CheatName6Code14=81600014 179B
CheatName6Code15=81600016 0031
CheatName6Code16=81600018 3C1B
CheatName6Code17=8160001A 8021
CheatName6Code18=8160001C 8F61
CheatName6Code19=8160001E 3C8C
CheatName6Code20=81600020 3C1C
CheatName6Code21=81600022 8060
CheatName6Code22=81600024 AF81
CheatName6Code23=81600026 020C
CheatName6Code24=81600028 3C1B
CheatName6Code25=8160002A 0001
CheatName6Code26=8160002C AF9B
CheatName6Code27=8160002E 0210
CheatName6Code28=81600030 0818
CheatName6Code29=81600032 0034
CheatName6Code30=81600034 3C1C
CheatName6Code31=81600036 8060
CheatName6Code32=81600038 3C1B
CheatName6Code33=8160003A 8060
CheatName6Code34=8160003C 8F61
CheatName6Code35=8160003E 020C
CheatName6Code36=81600040 8C3B
CheatName6Code37=81600042 0024
CheatName6Code38=81600044 AF9B
CheatName6Code39=81600046 0200
CheatName6Code40=81600048 3C1B
CheatName6Code41=8160004A 8060
CheatName6Code42=8160004C 8F61
CheatName6Code43=8160004E 020C
CheatName6Code44=81600050 8C3B
CheatName6Code45=81600052 0028
CheatName6Code46=81600054 AF9B
CheatName6Code47=81600056 0204
CheatName6Code48=81600058 3C1B
CheatName6Code49=8160005A 8060
CheatName6Code50=8160005C 8F61
CheatName6Code51=8160005E 020C
CheatName6Code52=81600060 8C3B
CheatName6Code53=81600062 002C
CheatName6Code54=81600064 AF9B
CheatName6Code55=81600066 0208
CheatName6Code56=81600068 0818
CheatName6Code57=8160006A 0027
CheatName6Code58=8160006C 0000
CheatName6Code59=8160006E 0000
CheatName6Code60=81600070 0000
CheatName6Code61=81600072 0000
CheatName6Code62=81600074 3C1C
CheatName6Code63=81600076 8060
CheatName6Code64=81600078 3C1B
CheatName6Code65=8160007A 8022
CheatName6Code66=8160007C 8F61
CheatName6Code67=8160007E 45D4
CheatName6Code68=81600080 AF81
CheatName6Code69=81600082 0200
CheatName6Code70=81600084 8F61
CheatName6Code71=81600086 45D8
CheatName6Code72=81600088 AF81
CheatName6Code73=8160008A 0204
CheatName6Code74=8160008C 8F61
CheatName6Code75=8160008E 45DC
CheatName6Code76=81600090 AF81
CheatName6Code77=81600092 0208
CheatName6Code78=81600094 3C1B
CheatName6Code79=81600096 0001
CheatName6Code80=81600098 AF9B
CheatName6Code81=8160009A 0210
CheatName6Code82=8160009C 3C1B
CheatName6Code83=8160009E 8016
CheatName6Code84=816000A0 8F61
CheatName6Code85=816000A2 65C0
CheatName6Code86=816000A4 3C1C
CheatName6Code87=816000A6 0800
CheatName6Code88=816000A8 279C
CheatName6Code89=816000AA 0000
CheatName6Code90=816000AC 1781
CheatName6Code91=816000AE 0008
CheatName6Code92=816000B0 3C1B
CheatName6Code93=816000B2 8022
CheatName6Code94=816000B4 3C1C
CheatName6Code95=816000B6 8060
CheatName6Code96=816000B8 8F81
CheatName6Code97=816000BA 0200
CheatName6Code98=816000BC AF61
CheatName6Code99=816000BE 45D4
CheatName6Code100=816000C0 8F81
CheatName6Code101=816000C2 0204
CheatName6Code102=816000C4 AF61
CheatName6Code103=816000C6 45D8
CheatName6Code104=816000C8 8F81
CheatName6Code105=816000CA 0208
CheatName6Code106=816000CC AF61
CheatName6Code107=816000CE 45DC
CheatName6Code108=816000D0 0801
CheatName6Code109=816000D2 C3B6
CheatName6Code110=816000D4 0000
CheatName6Code111=816000D6 0000
CheatName6Code112=816000D8 0000
CheatName6Code113=816000DA 0000
CheatName6Code114=816000DC 3C1B
CheatName6Code115=816000DE 8060
CheatName6Code116=816000E0 8F61
CheatName6Code117=816000E2 0210
CheatName6Code118=816000E4 3C1B
CheatName6Code119=816000E6 0001
CheatName6Code120=816000E8 143B
CheatName6Code121=816000EA FFE2
CheatName6Code122=816000EC 3C1B
CheatName6Code123=816000EE 8060
CheatName6Code124=816000F0 8F61
CheatName6Code125=816000F2 020C
CheatName6Code126=816000F4 8C3B
CheatName6Code127=816000F6 0074
CheatName6Code128=816000F8 3C1C
CheatName6Code129=816000FA 0000
CheatName6Code130=816000FC 179B
CheatName6Code131=816000FE FFCD
CheatName6Code132=81600100 0000
CheatName6Code133=81600102 0000
CheatName6Code134=81600104 0818
CheatName6Code135=81600106 0034
And just as a normal code for all you PJ64 users (set the core to interpreter in 1.6):
81070ED0 0818
81070ED2 0000
81070ED4 0000
81070ED6 0000
81600000 3C1B
81600002 8021
81600004 8F61
81600006 3C8C
81600008 8C3B
8160000A 0000
8160000C 3C1C
8160000E 0016
81600010 279C
81600012 07FF
81600014 179B
81600016 0031
81600018 3C1B
8160001A 8021
8160001C 8F61
8160001E 3C8C
81600020 3C1C
81600022 8060
81600024 AF81
81600026 020C
81600028 3C1B
8160002A 0001
8160002C AF9B
8160002E 0210
81600030 0818
81600032 0034
81600034 3C1C
81600036 8060
81600038 3C1B
8160003A 8060
8160003C 8F61
8160003E 020C
81600040 8C3B
81600042 0024
81600044 AF9B
81600046 0200
81600048 3C1B
8160004A 8060
8160004C 8F61
8160004E 020C
81600050 8C3B
81600052 0028
81600054 AF9B
81600056 0204
81600058 3C1B
8160005A 8060
8160005C 8F61
8160005E 020C
81600060 8C3B
81600062 002C
81600064 AF9B
81600066 0208
81600068 0818
8160006A 0027
8160006C 0000
8160006E 0000
81600070 0000
81600072 0000
81600074 3C1C
81600076 8060
81600078 3C1B
8160007A 8022
8160007C 8F61
8160007E 45D4
81600080 AF81
81600082 0200
81600084 8F61
81600086 45D8
81600088 AF81
8160008A 0204
8160008C 8F61
8160008E 45DC
81600090 AF81
81600092 0208
81600094 3C1B
81600096 0001
81600098 AF9B
8160009A 0210
8160009C 3C1B
8160009E 8016
816000A0 8F61
816000A2 65C0
816000A4 3C1C
816000A6 0800
816000A8 279C
816000AA 0000
816000AC 1781
816000AE 0008
816000B0 3C1B
816000B2 8022
816000B4 3C1C
816000B6 8060
816000B8 8F81
816000BA 0200
816000BC AF61
816000BE 45D4
816000C0 8F81
816000C2 0204
816000C4 AF61
816000C6 45D8
816000C8 8F81
816000CA 0208
816000CC AF61
816000CE 45DC
816000D0 0801
816000D2 C3B6
816000D4 0000
816000D6 0000
816000D8 0000
816000DA 0000
816000DC 3C1B
816000DE 8060
816000E0 8F61
816000E2 0210
816000E4 3C1B
816000E6 0001
816000E8 143B
816000EA FFE2
816000EC 3C1B
816000EE 8060
816000F0 8F61
816000F2 020C
816000F4 8C3B
816000F6 0074
816000F8 3C1C
816000FA 0000
816000FC 179B
816000FE FFCD
81600100 0000
81600102 0000
81600104 0818
81600106 0034
Oh and it is only for DEBUG ROM
The code must be on as the game boots or it will not work, unless you know how to breakpoint, then just go to 80070ED0 and BP the word there and the one following it.
Controls:
D-Pad up to go to arrow location.
Have fun!