5ちゃんねる ★スマホ版★ ■掲示板に戻る■ 全部 1- 最新50  

■ このスレッドは過去ログ倉庫に格納されています

【プロアクション】NINTENDODSのPAR【リプレイ】

1 :名無しさん@お腹いっぱい。:2005/07/11(月) 18:32:34 ID:xnHyXyWk
出るように祈ろうぜ

221 :名無しさん@お腹いっぱい。:2006/08/30(水) 01:58:18 ID:76XCpMFa
PS : most AR codes look like this :
ZXXXXXXX YYYYYYY

Z is the code type, XXXXXXX is the address, YYYYYYYY is the value.

Note : everytime the code handler is called, it clears all the value it uses (ie. the offset, the code status, the Dx registers), and then executes all the code 'at once'.

Official codes types :

0 : 32 bits write (str)
0XXXXXXX YYYYYYYY : writes word YYYYYYYY to [XXXXXXXX].

1 : 16 bits write (strh)
1XXXXXXX 0000YYYY : writes halfword YYYY to [XXXXXXXX].

2 : 8 bits write (strb)
2XXXXXXX 000000YY : writes byte YY to [XXXXXXXX].

For all the If codes, if the check is false, execution status is stopped (ie. following codes are disabled)
Also, these If codes don't support the offset :/...

222 :名無しさん@お腹いっぱい。:2006/08/30(水) 01:59:19 ID:76XCpMFa
3 : 32 bits If (code value)>(data at address) (bhi, "unsigned higher")
3XXXXXXX YYYYYYYY : checks if YYYYYYYY > (word at [XXXXXXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

4 : 32 bits If (code value)<(data at address) (bcc, 'unsigned lower")
4XXXXXXX YYYYYYYY : checks if YYYYYYYY < (word at [XXXXXXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

5 : 32 bits If ==
5XXXXXXX YYYYYYYY : checks if YYYYYYYY == (word at [XXXXXXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

6 : 32 bits If !=
6XXXXXXX YYYYYYYY : checks if YYYYYYYY != (word at [XXXXXXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

Code 7, 8, 9, A are perfect for any 'joker' code (to check the pad status). They should also be used for event flag check.

7 : 16 bits If (code value)>(data at address) (unsigned)
7XXXXXXX ZZZZYYYY : checks if (not (XXXX) &YYYY) > (halfword at [XXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

8 : 16 bits if (code value)<(data at address) (unsigned)
8XXXXXXX ZZZZYYYY : checks if (not (XXXX) &YYYY) < (halfword at [XXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

9 : 16 bits if ==
9XXXXXXX ZZZZYYYY : checks if (not (XXXX) &YYYY) == (halfword at [XXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

223 :名無しさん@お腹いっぱい。:2006/08/30(水) 02:01:08 ID:76XCpMFa
A : 16 bits if !=
9XXXXXXX ZZZZYYYY : checks if (not (XXXX) &YYYY) != (halfword at [XXXX]).
If no, the code(s) following this one are not executed (ie. execution status is set to false) untila code type D0 or D2 is encountered, or until the end of the code list is reached.

B : adds the offset stored in 'address' to all the next codes addresses. (?) (used to execute all the code type on a pointer address !).
BXXXXXXXX 00000000 : offset = word at [0XXXXXXX].

C : pushes/stores code value, position of current code and execution status in some registers. The code value will then be use to know how much time to repeat the next code. (?)
C0000000 YYYYYYYY : set the 'Dx repeat value' to YYYYYYYY, saves the 'Dx next code to be executed' and the 'Dx execution status'. Repeat will be executed when a D1/2 code is encountered.
When repeat is executed, the AR reloads the 'next code position in code list' and the 'execution status'.

D0 : 'terminator' (clears execution status).
D0000000 00000000 : loads the previous execution status (if none exists, execution status is set to 'execute codes').

D1 : Used to apply the code type C setting (executes the code after type C several times, but does not clear them upon finishing).
D1000000 00000000 : if the 'Dx repeat value', set by code type C, is different than 0, it is decremented and then the AR loads the
'Dx next code to be executed' and the 'execution status' (=jumps back to the code following the type C code).
When the repeat value is 0, this code will load the saved code status value.

D2 : Used to apply the code type C setting (executes the code after type C several times). 'full terminator' (clears all temporary data, ie. execution status, offsets, code C settings...). (?).
D2000000 00000000 : if the 'Dx repeat value', set by code type C, is different than 0, it is decremented and then the AR loads the
'Dx next code to be executed' and the 'execution status' (=jumps back to the code following the type C code).
When the repeat value is 0, this code will clear the code status, the offset value, and the Dx data value (which can be set by codes DA, DB and DC).

D3 : set the 'offset' to the value of the code.
D3000000 XXXXXXXX : set the offset value to XXXXXXXX.

224 :名無しさん@お腹いっぱい。:2006/08/30(水) 02:01:40 ID:76XCpMFa
Codes D4~DB use what I called the Dx registers. They are 4 32-bits, located before the code list, which is used by the are to store/load data. I call them 'Dx repeat value', 'Dx next code to be executed', 'Dx code status' and 'Dx data'.

D4 : adds the value of the code to the data register used by D6~DB. Kind of add code ?. (?)
D4000000 XXXXXXXX : adds XXXXXXXX to the 'Dx data'.

D5 : sets the data register used by D6~DB to the value of the code.
D5000000 XXXXXXXX : sets the 'Dx data' to XXXXXXXX. XXXXXXXX to the 'Dx data'.


D6 : write to pointer (str) *. (?)
D6000000 XXXXXXXX : writes the 'Dx data' word to (XXXXXXXX+offset), and increments the offset by 4.

D7 : write to pointer (strh) *. (?)
D7000000 XXXXXXXX : writes the 'Dx data' halfword to (XXXXXXXX+offset), and increments the offset by 2.

D8 : write to pointer (strb) *. (?)
D8000000 XXXXXXXX : writes the 'Dx data' byte to (XXXXXXXX+offset), and increments the offset by 1.

D9 : read from pointer (ldr) *. (?)
D9000000 XXXXXXXX : loads the word at (XXXXXXXX+offset) and stores it in the 'Dx data'.

DA : read from pointer (ldrh) *. (?)
D9000000 XXXXXXXX : loads the halfword at (XXXXXXXX+offset) and stores it in the 'Dx data'.

DB : read from pointer (ldrb) *. (?)
D9000000 XXXXXXXX : loads the byte at (XXXXXXXX+offset) and stores it in the 'Dx data'.

DC : adds the offset 'data' to the current offset (some kind of dual offset ?). (?)
DC000000 XXXXXXXX : offset = (offset + XXXXXXXX).

225 :名無しさん@お腹いっぱい。:2006/08/30(水) 02:02:48 ID:76XCpMFa
* = it reads/writes the data stored in/to a register. !!! When I refer to register, I don't mean a sofwtare register... But and 'internal hardware' register (actually I might not have used the register work...).

E : 'patch' code. Writes YYYYYYYY bytes from (curent code location + 8) to XXXXXXXX.
EXXXXXXX YYYYYYYY
...
exemple :
EXXXXXXX 00000010
AAAAAAAA BBBBBBBB
CCCCCCCC DDDDDDDD
writes AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD to XXXXXXXX (XXXXXXXX if fixed, ie. no offset are added to it).

F : memory copy code. It seems you have to use the code type D3, DC or B before, to set the offset (which is then an address). Then D2 should be needed to clear the offset (else it will affect all the next codes). (?)
D3000000 XXXXXXXX
FYYYYYYY ZZZZZZZZ
should copy ZZZZZZZZ bytes from offset (=XXXXXXXX in this case) to YYYYYYYY (YYYYYYYY if fixed, ie. no offset are added to it).

The E and F type work as follow:
If the number of data to write/copy if >3, it is done with a ldr/str, and then 4 is removed from the number of data to copy.
Else, if the number of data to copy if <3, it's done with a ldrb/strb and then 1 is removed from the number of data to copy.
And it loops until the number of data to copy is eqal to zero.

Codes explanations with a question mark at their end means their might not be 100% correct, or incomplete.


(... more to come later)
Note 2 : For now everything is untested. Although I have the AR, I'm just working on the disassembly right now. Testing will come later.
Note 3 : Sorry if everything is a bit difficult to understand. I'm trying to get as much infos as I can decrypt, but the code engine is a bit more evolved than the one I/(we) used to see (especially with the offsets thing).

225 KB
★スマホ版★ 掲示板に戻る 全部 前100 次100 最新50

read.cgi ver 05.04.02 2018/11/22 Walang Kapalit ★
FOX ★ DSO(Dynamic Shared Object)