804545d1 combo counter
0x80453FC0 p2 pointer
follow the pointer to 80cb0ae0
action state at 0x70 offset from the pointer of the player
resultant address:80CB0B50
state when waiting: E
combo logic notes
comboee is jumpable within damage fall
wait1 and wait 2 are completely actionable
downboundD downboundwait
current combo check is basically
they just got hit!
are they in hitstun
yes
combo continued add 1
no?
new combo started set to one (or just set to zero and add one)
combo is happening!
are they in hitstun?
yes
carry on
no?
set the combo back to zero
address of the current combo 804545d4
current combo happening 804545d4
last combo (training mode thingk) 8047380c
r3:80473758
line where the game zeros the combo
80041210
lbz r0, 0x0022 (r30)
line where the game checks if the combo is less than 999
80188984
cmpwi r30, 999
line that I want to replace
80188980
lwz r30, 0x010C (r31)
instead of loading whatever is at r31 (which from testing seems to be 8047380c somehow) just load the value at the current combo instead
proposed line:
80188980
lhz r30, 804545d4
gecko code time:
Insert ASM
C2______ NNNNNNNN
ZZZZZZZZ ZZZZZZZZ
ZZZZZZZZ ZZZZZZZZ
ZZZZZZZZ 00000000
This code will replace the instruction at ba+______ with a branch that will point to ZZZZZZZZ.
The replaced is not saved, the code creator must then put it in his code manualy (if needed).
The instruction MUST end with ONE 00000000, because the code handler will add a "b (ba+______)" instruction there.
If your asm code fills all the line, add a 60000000 00000000 under it (and count this line in NNNNNNNN).
To use po instead of ba, change the codetype from C2 to D2.
For values of ______ >= 0x01000000, add one to the codetype.
value of r31 at this point:80473700
the value of the memory address which contains the displayed combo counter in training mode: 0x8047380c
0x80473700 + x = 0x8047380c
x = 0x8047380c - 0x80473700
x = 0x010C
which explains why the 0x010C is there:
80188980
lwz r30, 0x010C (r31)
(this really took me hours to figure out asm is really cryptic :( )
ok so now we need to change it to the value that I want: the current combo counter: 804545d4
0x80473700 + x = 0x804545d4
x = 0x804545d4 - 0x80473700
x = -1f12c
(doesnt seem possible in one line)
-0xF12D + -0x7fff = -1f12c
lwz r30, -0xF12D (r31)
now to subtract a furthur
0x1f12c - 0x7fff - 0x7fff - 0x7fff =
0x712F
to get: at 80188980
subfic r31,r31,0x00007fff
subfic r31,r31,0x00007fff
subfic r31,r31,0x00007fff
lwz r30,-0x712F(r31)
My code:
C2188980 00000003
23FF7FFF 23FF7FFF
23FF7FFF 83DF8ED1
60000000 00000000
(it works but I realise now that it was a little stupid since the counter seems to only update when a hit happens so the positioning was quite terrible)
ok so now to the real thing:
80041194
add r3, r3, r4
//r4 seems to contain the current combo at this point or just zero
r3 has address 804545b8
8003820c//this seems to be the line that it all happens on (setting the value to the number of hits)
rlwinm. r3, r27, 0, 16, 31 (0000ffff)
5763043f
80041210 (this seems to be where it clears)
lbz r0, 0x0022 (r30)
881e0022
80041214 // the first hit?
rlwinm. r0, r0, 25, 31, 31 (00000080)
5400cfff
current damage of the hit
804545c8
strange pointer?
80041204
->
c3e285a0
0x80453FC0 p2 pointer
follow the pointer to 80cb0ae0
action state at 23A0 offset from the pointer of the player
resultant address:0x80CB2E80
p2 hitstun address:0x80CB2E80
probably a better address for the combo
804545ce
main condition for adding
80041140
cmpwi r0, 0
8004114c
bne- ->0x80041194
need some way to check this: 80CB0B50
some possible registers:
r25:80cb4080
r10:80cb58c4
r30 looks clean: 0
80cb4080 - 80CB0B50 = x
x = 0x3530
//AT 8004114c
//load the action state of p2
lwz r30, 0x3530(r25)
//compare the action state with the one that is wait (wait is 0x000E)
cmpi 2,0,r30,0x000E
//80041194 is the address of where it goes
//r28 happens to be free :)
//the program counter happens to be the closest value to 80041194
//at this point the pc should be 6 + 80041194
//lwz r28,6(PC)
//PC cannot be used for that :( its probably for the best actually
//I think this is how slw is supposed to work
addi r28,0,0x7fff
addi r28,r28,0x5
slw r28,r28,0x4
addi r28,0,0x1194
//branch if they are not equal to the part of the code where the combo is added
//001zy is the value to branch if it is false
//2 for the equal comparison bit in the conditional register
//bc 001zy,2,r28
bc 8,2,r28
lwz r30, 0x3530(r25)
cmpi 2,0,r30,0x000E
addi r30,0,0x7fff
addi r30,r30,0x5
slw r30,r30,0x4
addi r30,0,0x1194
bc 8,2,r28
C204114C 00000004
83D93530 2D1E000E
3B807FFF 3B9C0005
7F9C2030 3B801194
4102001C 00000000