Results 1 to 1 of 1
  1. 06-05-2011, 06:25 PM #1
    ikHaoZ
    ikHaoZ is offline
    Nooblet ikHaoZ's Avatar
    Join Date
    May 2011
    Posts
    36
    Points
    93
         User Info     Contact     Gamer ID
    Join Date
    May 2011
    Posts
    36
    Points
    93

    Default Ftb2 Joker Breakdown/Tut

    I believe this is a double dma joker.

    Before trying this I suggest learning how to subroutine and regular joker and joker on and off.

    Code:
    Our Code (FTB2):
#Player Grabber/Freezer
0xFFFFFFFF 0x00505858
0x00000630 0x0000001B
0x00000638 0x00000000
    Code:
    Our Control Address:

Real Controll Addresss: 09a8e1e4 ;ftb2
Fake; 0127e1e4
    Code:
    Our Button Values:

0100=L Trigger
0200=R Trigger
8000 ; []
4000 ; X
3000 ; ()

**Note these aren't all the values
    Code:
    To get L+[] I added 8000 + 0100 which got me 8100.

    Breaking down the MIPS.
    My Routine in REAL addressing:

    Code:
    0x08800098 0x0a200800;j $08802000 //Takes you to your safe area
0x08802000 0x3c0808d0;lui t0, $08d0 //first half of your pointer(0050)
0x08802004 0x3c0909a8;lui t1, $09a8 //First half of your control address
0x08802008 0x8529e1e4;lh t1, $e1e4(t1) //Second Half of your control address(e1e4)
0x0880200c 0x240b8100;addiu t3, zero, $8100 //Our Button Value Which in this case is L+[](8100)
0x08802010 0x35085858;ori t0, t0, $5858 //Second Half of Pointer (5858)
0x08802014 0x152b0007;bne t1, t3, $08802034 // Will branch to the jr ra line
0x08802018 0x00000000;nop //Skip a line after branching
0x0880201c 0x8d0c0000;lw t4, $0000(t0) //First half value of the first offset
0x08802020 0x240d001b;addiu t5, zero, $001b //Second Half value of the first offset
0x08802024 0xad8d0630;sw t5, $0630(t4) //First offset
0x08802028 0x8d0d0000;lw t5, $0000(t0) //First half value of the second offset
0x0880202c 0x240d0004;addiu t5, zero, $0004 //Second Half value of the second offset
0x08802030 0xad8d0638;sw t5, $0638(t4) //Second offset
0x08802034 0x03e00008;jr ra //jr ra will end my function
    08802000 minus 08800000 equals 2000 which ends us with this
    In Fake Addressing:

    Code:
    #Player Freezer
;Jokered to L+[]
0x00000098 0x0a200800
0x00002000 0x3c0808d0
0x00002004 0x3c0909a8
0x00002008 0x8529e1e4
0x0000200c 0x240b8100
0x00002010 0x35085858
0x00002014 0x152b0007
0x00002018 0x00000000
0x0000201c 0x8d0c0000
0x00002020 0x240d001b
0x00002024 0xad8d0630
0x00002028 0x8d0d0000
0x0000202c 0x240d0004
0x00002030 0xad8d0638
0x00002034 0x03e00008
;Joker by kHaoZ
    Posted because I was bored. There might be others ways but this is how I did it when I had a psp.

    0 Not allowed! Not allowed!
    Last edited by ikHaoZ; 06-07-2011 at 04:16 PM.

    -AKA Show-Stopper
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

All times are GMT -10. The time now is 11:48 PM.
Powered by vBulletin®
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.