Hacking How do I display that monospace font?

  • Thread starter Thread starter LawnMeower
  • Start date Start date
  • Views Views 1,134
  • Replies Replies 5
  • Likes Likes 1

LawnMeower

Well-Known Member
Member
Joined
Apr 18, 2013
Messages
1,787
Reaction score
1,763
Trophies
2
Location
on the cool side of the pillow
Website
lawnmeower.de
XP
3,268
Country
Germany
Hello,
I've been working on code types for cheat codes and thought it'd be great to have a code type that outputs text without freezing/pausing the game and turning the screen black.
Just using that monospace font you can see when an exploit fails.
So we could easily display any value of the RAM on screen.

The problem is I don't know how to call up this function. The code handler is being executed by a hijacked rpl in the RAM. @BullyWiiPlaza has compiled some .bin files for me that call up the print function. I can load them into RAM but don't know where to branch the execution on it and where to exit it from there.

But this should be possible. Here you can see something similar being done with Wind Waker (GCN version)
 

Attachments

  • Like
Reactions: Net-KILLER
Try to load the assembly into the RAM fully somewhere and branch to it from the rpl assembly. Then make another branch back to where you came from (to the next instruction in the rpl). This should be similar to how you did it with the code handler injection. Theoretically it should then display the text. Or maybe I'm misunderstanding your problem?
 
Last edited by BullyWiiPlaza,
That's what I tried before, do you remember?
The problem is that the first .word of the code doesn't look like the beginning of the code.
It begins with a stwu instruction which doesn't make sense there:
upload_2016-4-18_20-9-10.png


should I branch to the mflr instruction?
 
hmm.. ok, well, from where should I branch back to the code handler?
overwrite the last blr with a branch instruction?
blr already returns to the address in the link register. You can use mtlr followed by a register to write its content to the link register. For example, you can replace blr with the following to decide where to return to:
Code:
lis r0, 0xRETURN
ori r0, r0, 0xADDRESS
mtflr r0
blr
Or maybe a simple always branch would work too:
Code:
b 0xRETURN_ADDRESS
 
Last edited by BullyWiiPlaza,

Site & Scene News

Popular threads in this forum