The Legend of Zelda: Twilight Princess (GCN/WIIRD/NTSC-U)

Game Hacks, Trainers, Cheats

Moderator: Ralf@gc-forever

Ralf@gc-forever
Posts: 1669
Joined: Sun Mar 16, 2014 9:31 am

Re: The Legend of Zelda: Twilight Princess (GCN/WIIRD/NTSC-U)

Post by Ralf@gc-forever » Fri Sep 11, 2020 11:57 am

Is the NTSC-U version of the C2 code not working at all (e.g. Dolphin emulator), or is it only a Swiss specific problem?
CodyGC
Posts: 43
Joined: Fri Jun 17, 2016 12:40 am
Location: Canada

Re: The Legend of Zelda: Twilight Princess (GCN/WIIRD/NTSC-U)

Post by CodyGC » Sat Sep 12, 2020 12:24 pm

The code also does not work in Dolphin.
Ralf@gc-forever
Posts: 1669
Joined: Sun Mar 16, 2014 9:31 am

Re: The Legend of Zelda: Twilight Princess (GCN/WIIRD/NTSC-U)

Post by Ralf@gc-forever » Sun Sep 13, 2020 3:59 pm

Hmmm, I seems that the US version have other offsets to the load byte and branch instructions than the PAL version. Can you please check the start address of the NTSC-U River Run Fun mini-game overlay code module in Dolphin emulator? The start address should be 0x80D1BBD4 (more info below).

Code: Select all

River Run Fun Never Decrease Score patch ("do_link__20DynamicModuleControlFv" game function hook)

81830034 lwz  r12,0x0034(r3) ; r12: load start address of actual overlay code module
806C607C lwz  r3,0x687C(r12) ; r3:  load instruction at offset 0x607C
3C808883 lis  r4,0x8883
608400BC ori  r4,r4,0x00BC   ; r4: 0x888300BC ("lbz r4,188(r3)" instruction)
7C032000 cmpw r3,r4          ; instruction at offset 0x607C equal to "lbz r4,188(r3)" instruction?
40820010 bne  +0x10          ; no  (skip patch)
3C804800 lis  r4,0x4800      ; yes (apply patch (RRF overlay code module))
60840048 ori  r4,r4,0x0048   ; r4: 0x48000048 (patched branch instruction)
908C6084 stw  r4,0x6084(r12) ; r4: store patched branch instruction at offset 0x6084


English PAL River Run Fun mini-game overlay code module

80B6EE30: 00000000 00000000 00000000 00000000
80B6EE40: 00000000 00000000 00000000 00000000
80B6EE50: 00000000 9421FFF0 7C0802A6 90010014
80B6EE60: 3C6080B7 3863091C 4B6F50E5 4B6F501D
80B6EE70: 80010014 7C0803A6 38210010 4E800020
80B6EE80: 9421FFF0 7C0802A6 90010014 4B6F5001
...
80B74ED0: 888300BC 28040000 41820048 3804FFFF
80B74EE0: 980300BC 380000CE 90010010 3C608045


Start address of RRF overlay code module: 0x80B6EE54

Address of "lbz  r4,188(r3)" instruction: 0x80B74ED0
Address of "beq- 0x80b75a80" instruction: 0x80B74ED8

Offset to "lbz  r4,188(r3)" instruction:  0x80B74ED0 - 0x80B6EE54 = 0x607C
Offset to "beq- 0x80b75a80" instruction:  0x80B74ED8 - 0x80B6EE54 = 0x6084


NTSC-U (Dolphin emu)

Address of "lbz  r4,188(r3)" instruction: 0x80D21C50
Address of "beq- 0x80b75a80" instruction: 0x80D21C58

Start address of RRF overlay code module: 0x80D21C50 - 0x607C = 0x80D1BBD4 ???
CodyGC
Posts: 43
Joined: Fri Jun 17, 2016 12:40 am
Location: Canada

Re: The Legend of Zelda: Twilight Princess (GCN/WIIRD/NTSC-U)

Post by CodyGC » Sun Sep 13, 2020 7:20 pm

I think it might be one of the addresses below. But only a few values are equal.

80D03724

80D05A54

80D2016C

80D24574

80D2CCF4
Ralf@gc-forever
Posts: 1669
Joined: Sun Mar 16, 2014 9:31 am

Re: The Legend of Zelda: Twilight Princess (GCN/WIIRD/NTSC-U)

Post by Ralf@gc-forever » Tue Sep 15, 2020 12:19 pm

Okay, I think I've found the cause of the problem: the module offsets were wrong (0x1AE4/EC instead of 0x607C/84, address 0x80D2016C is the correct module start address, btw.). The revised NTSC-U version of the code below should work now for Swiss and Dolphin emulator.

Code: Select all


River Run Fun Mini-Game: Never Decrease Score [Ralf]
C2262EB0 00000005
81830034 806C1AE4
3C808883 608400BC
7C032000 40820010
3C804800 60840048
908C1AEC 00000000

CodyGC
Posts: 43
Joined: Fri Jun 17, 2016 12:40 am
Location: Canada

Re: The Legend of Zelda: Twilight Princess (GCN/WIIRD/NTSC-U)

Post by CodyGC » Tue Sep 15, 2020 6:47 pm

Perfect. Thanks again. I'll leave the ARM version tested also below in case anyone needs it.

04003200 81830034
04003204 806C1AE4
04003208 3C808883
0400320C 608400BC
04003210 7C032000
04003214 40820010
04003218 3C804800
0400321C 60840048
04003220 908C1AEC
04003224 4825FC90
04262EB0 4BDA0350
Post Reply