You are not logged in.

Read the FAQ and Knowledge Base before posting.
We won't make a 3DS/2DS emulator.



#1 2015-10-01 11:27:50

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Cheat action replay engine load and stored instruction bug

rev 5292 (x86 x64) on default settings

Using this code below causes mario kart ds NTSC U to crash on a loaded course.    but works perfectly on hardware with R4 and AR.  also codes using  any of the 8 16 or 32 bit load and stored instructions  works  only some times  or crashes  (these codes used pointer too).  I've been making codes for years so i know there's nothing wrong with this code.  I think it might have something to do with the pointers and load or stored not hooking to the correct address in the ram. But im not sure.

this code  increase the width size of the blue shell and bomb explosion model infinity
6217B330 00000000
B217B060 00000000
B0000004 00000000
D9000000 0000009C
D4000000 00000001
D6000000 0000009C
D2000000 00000000

Setting a static write to the address 0000009C  and  it works on a set value.

Offline

#2 2015-10-01 22:43:04

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

I watched this code run.

It reads from 0x0217b330 which contains 0x022c6a70, when the condition begins passing about the time the course loads.
next, it reads from 0x0217b060 which contains 0x022c43b4
next, it reads from 0x022c43b8 which contains 0x00000000
next, it reads from 0x0000009c which contains 0xe59fc104, into 'datareg'
next, 'datareg' is incremented to 0xe59fc105
next, it writes 'datareg' to 0x0000009c. I traced through and discovered that it stores correctly into ITCM
All this will run REPEATEDLY, so 0xe59fXXXX will increase without bound. This doesn't make any sense to me

So you tell me, what's wrong with this process?

Offline

#3 2015-10-01 23:57:59

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

well i know this issue has existed for years cause i tried it on 9.7.  and ive always had issues with these instructions on desmume   i wish i could  but my knowledge on asm  is only  good enough to track a code  not to debug  So does it crash on your end?  Or am i just going crazy lol.

even with out the add instruction  it crashes  (for example below)
6217B330 00000000
d9000000 0217b700
B217B060 00000000
B0000004 00000000
D6000000 0000009C
D2000000 00000000 

i thought maybe it was effecting the wrong address  and naturally just crashing the game due to it being a sensitive location.  0x0000009c should be the value of 00001000 not e59fc104.  ill check my ds trainer with the ram viewer  and see if that value (e59fc104) is near by with in that pointer.

Last edited by fintogive (2015-10-02 00:04:38)

Offline

#4 2015-10-02 02:46:30

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

It does crash on my end, because the AR code clobbers a critical part of the program. It makes no sense.

I'm not sure how you can make cheats without being able to debug.

But anyway, that address 0000009C is within ITCM. It would be really, really weird for that to change while the game runs. It should contain a bunch of code and no surprise, e59fc104 looks a lot like an instruction.
Perhaps 0000009C doesn't mean the same thing to AR as it does to an NDS programmer. What you may need to do is find out if AR has some special behaviour or handling for ITCM memory

Offline

#5 2015-10-08 08:46:41

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

i can debug codes.  what i ment was, i dont understand asm coding very well  to make my own asm from scratch. 

Anyways i checked the code in my live ram viewer  i think i might have figured out why its crashing  my second pointer isnt a constant location  when the explosion is visible on screen  the secound pointer (B0000004 00000000)  is set to 0x022XXXXX.

  when the explosion goes away  then its value is on the secound pointer is 00000000  which points  to 0x0000009c  in arm9 mode which has the asm value of 0xe59fc104 and screws up asm.  thats why it didnt make any scene lol!  i can confirm this cause just simply puting in 0000009c 00000000 as a code  will crash the game.  anyways i think this pretty much wraps up this case.

On AR and every flash card ive used arm9 coding isnt editable, thats why it doesnt crash.  so a simple solution is to separate  arm7 and arm9 hooks  and have a small highlight to select when imputing a code  (arm7  action replay)  arm9.  or both.

now that i think about it this might be the reason many code i use crash  when loading a course  cause alot of pointer reset to zero temporary  or some crazy high value  when loading.

Last edited by fintogive (2015-10-08 08:52:30)

Offline

#6 2015-10-08 20:30:05

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

I need a more technical explanation before I feel confident in changing everything. It sounds like youre saying theres additional information to go along with every AR cheat code which is whether it's applying to ARM7 or ARM9, which doesn't make sense to me. And "coding" can mean several different things, I would need to know exactly how the AR prevents edits to the "coding" to mirror it in desmume.

Offline

#7 2015-10-08 22:03:46

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

ok i thought i explained it pretty well  ill try to be more specific.


when a bomb or blue shell is visible on the course  the code works correctly

6217B330 00000000  not equal to  (0x00000000)
d9000000 0217b700  load data 32bit
B217B060 00000000 pointer (0x022xxxxx)
B0000004 00000000 pointer 2 (0x022xxxxx)
D6000000 0000009C  stored data 32bit  (some where in (0x022xxxxx)
D2000000 00000000  end

when no bomb/blue shell explosion is on course  it does this
6217B330 00000000  not equal to  (0x00000000) value
d9000000 0217b700  load data 32bit
B217B060 00000000 pointer (0x022xxxxx) value
B0000004 00000000 pointer 2 (0x00000000) value
D6000000 0000009C  stored data 32bit  (0x0000009C 0xe59fc104 ) address and value
D2000000 00000000  end

which causes the game to crash.

the solution have only arm7 codes editable  (everything above 0x02000000) and arm9 be optional to edit  with a check box like this.

Untitled_editevd-2_zpslbuz2yzw.png

Last edited by fintogive (2015-10-08 22:04:59)

Offline

#8 2015-10-08 22:49:13

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

Sorry, you didnt answer my question. The only acceptable solution is to do exactly what a real AR device does. Your mockup doesnt make much sense, I dont think a real AR works that way. I doubt there's a checkbox at all on a real AR (I've never used one) and if there is, it doesnt have the nonsensical description "edit ARM9 codes". I'm not interested in creative solutions here, find some specifications on the exact AR solution.

Offline

#9 2015-10-09 04:32:02

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

Umm.. ok.  i guess i didnt understand your question then.  And we must be speaking on two different technical levels.  A real action replay doesn't support arm9 at all so all codes in arm9 are unaffected by cheat codes used on a real action replay.  generally speaking  most codes  that effect game mechanics are in the arm7 region.  so to put it bluntly   any address between  0x02000000 0x08000000  can be written to.  i thought the issue was the load and stored instruction.  but that wasnt the issue.  what answer are you wanting?  ill try to answer as best i can.  id fix it myself if i could  but im not a programmer.  ill see if i can extract the code handler from my AR  to help you

Offline

#10 2015-10-09 06:30:27

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

"doesn't support arm9" "generally speaking most codes that effect game mechanics are in the arm7 region". nonsense, games are written 99% on the ARM9 program.   There's no "arm7 region" and theres no "arm9 region".

I think what you're trying to say is that the AR codes are running on the ARM7 cpu, and thus can't access ITCM or DTCM.

Offline

#11 2015-10-09 07:59:01

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

Yes.  Precisely.  And your right.  But a real AR only effect the ARM7 CPU, with 95 percent of AR codes being make between 0x02000000 and 0x02400000 address  and the rest being in 0x02500000  to 0x04000000.  Thats why i think edits to the ARM9 CPU code should be optional.  It will probably fix alot of things with the cheat handler.  Sorry for being confusing to work with.

Last edited by fintogive (2015-10-09 08:12:47)

Offline

#12 2015-10-09 09:32:40

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

There's no such thing as _optional_. There's no such thing as "ARM9 CPU Code". There's only what a proper AR implementation does, and ITCM. If I find out that the AR is running on the ARM7, then I will very simply order all the memory accesses in the AR implementation to go through the ARM7 memory map, and there will be no options, and ITCM won't be available. I'll ask around for a bit.

Offline

#13 2015-10-09 10:01:46

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

ok, my guru says AR codes run on the arm7. In r5298 I made that change, but I couldnt verify that your cheat works. It seems to do nothing. But.. at least it doesn't crash. Can you investigate further? perhaps there are other bugs.

Offline

#14 2015-10-09 10:08:46

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

Ok ill check the build now  and update you if there are any issues.

Offline

#15 2015-10-09 10:50:32

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

Nope everything is working as it should now.   This should in theory fix the crash on loading a course with active pointers too. I should mention some codes crash the game on boot this being one of them 02072720 E3A00966 this is a speed code for mkds.  This is another issue that has existed for a long time.  Im not sure what would cause this issue.  Maybe the timing on when codes are loaded with the game being loaded causes a conflict of some sort?

btw i didnt want to limit desmumes editable locations  thats why i thought having an option to input an ar like code to ITCM  would satisfy every one.  or i guess that can be left to the internal codes.

Anyways Thanks!

Offline

#16 2015-10-09 11:48:51

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

The option would actually be "AR codes work like on an AR" and "AR codes work something like on an AR, but not exactly, it's kind of complicated." I don't like that option. I did leave internal cheats running on the ARM9, since we define those any way we wish.

For recordkeeping purposes can you describe what the cheat is supposed to actually do? I had the cheat running while I fired a blue shell and the explosion looked totally normal.

MKDS seems to overwrite part of its ARM9 binary after it boots up. The 0x02072720 address is written at about frame 14. I presume there is previously compressed data there. The code wrecks it and the decompression crashes. Thats pretty speculative, but there is something odd going on at bootup and the AR code could interfere. There may be some condition which triggers the running of the AR code which should not have happened yet by that point. I'll ask around.

Offline

#17 2015-10-10 01:55:05

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

Ah, ok i see.  Well im not sure how the boot up works but it sounds like the timing just needs a tweak forward to load a bit later  once decompression is complete so it doesn't crash the game. and yes that code i gave you was a demo to make it simple to work with.  heres the full code.

Warping explosions for Bombs/Blue shells
6217B330 00000000
d9000000 0217b700
B217B060 00000000
B0000004 00000000
D6000000 0000009C
D3000000 00000000
d9000000 0217b718
B217B060 00000000
B0000004 00000000
D6000000 000000a0
D3000000 00000000 
d9000000 0217b700
B217B060 00000000
B0000004 00000000
D6000000 000000a4
D2000000 00000000

these addresses
0x0217b700
0x0217b718
has a constant variable value that runs between 0x00001000 and 0xFFFFE000 and visa versa with the second address.
All i did was link those to the addresses  in the pointer to make the explosion change shape.

Last edited by fintogive (2015-10-10 01:59:34)

Offline

#18 2015-10-10 09:59:37

zeromus
Radical Ninja
Registered: 2009-01-05
Posts: 6,169

Re: Cheat action replay engine load and stored instruction bug

OK, we discussed it, and decided to run the codes whenever an ARM7 vblank happens. For MKDS this is frame 20, so the binary has time to decompress. However for other games it might be as early as frame 2. At any rate, the point is, it works like a real AR now. I fixed it in r5302.

Now. Supposedly some games have "master enable codes" that make the cheats run from the ARM9. I would have just broken those earlier by making them run on the ARM7. Perhaps you can find such codes, or tell me what you know about that. If I can inspect such a cheat, I can find out how to control whether it runs on ARM9 or ARM7 and make them all work together.

Thanks for giving me the expanded warpy code, and for making the stripped down one to begin with. It was helpful in the initial debugging.

Offline

#19 2015-10-10 20:51:35

fintogive
Member
From: USA
Registered: 2014-04-11
Posts: 346
Website

Re: Cheat action replay engine load and stored instruction bug

nice!  i just checked its working correctly now.  as for master codes  ive never heard of a master code gaining access to the arm9 cpu.  master codes for action replay  are generally used to reroute the code handler for certain games  that have sensitive data where the default location is usually set i believe. 

And no problem!  If you want more codes id be happy to post a link to the other 500 codes ive made over the years for mkds.

Offline

Board footer

Powered by FluxBB