What you need to make your own TLB Code
Find a 'blr' address (4E800020) that is constantly being executed.
The blr at the end of the section that reads the Joker address is a good choice. Just place breakpoint-read's on the Joker address and keep going until a 'normal' address is 'hit.' (ie. an address that doesn't start with 7F) Trace the ASM until you find a 'blr' instruction. That is the point you want to branch from.
Alternatively, you can just find a 'blr' that, when you place a breakpoint execute on it, consistently gets a 'hit.'
For both of these, it will come somewhere after 80003100 in memory.
Once you have that 'blr' address, subtract 80002F10 from it. Take that new value and subtract it from 4C000000. This will be the value you use to replace the 'blr' instruction (4E800020).
So, you have the address of the blr and the new value to place there.
TLB Master Code Template
04002F10 3C608000 04002F14 80832F40 04002F18 28040000 04002F1C 41820014 04002F20 28049424 04002F24 41820014 04002F28 80A32F44 04002F2C 90A40000 04002F30 38630008 04002F34 4BFFFFE0 04002F38 4E800020 04002FF8 00009424 4Cxxxxxx 4E800020 00002F10 0000E800 04xxxxxx yyyyyyyyFor xxxxxx, place the last six numbers/letters from the address.
For yyyyyyyy, place the value you get after subtracting from 4C000000.
Encrypt with your Game ID and region, and you have a TLB Master Code!
Say you found that 80005388 (with a value of 4E800020) was constantly being executed.
The last three lines of your code would be
4C005388 4E800020 00002F10 0000E800 04005388 4BFFDB88
To use a code with this game, write the 7F address to write to into an address that ends with 0 or 8 between 80002F40 and 80002FF0 (e.g. 04002F40, 04002F48, 04002F50, etc.). Write the value you want to write to the 7F address to on an address that ends with 4 or C between 80002F44 and 80002FF4 (e.g. 04002F44, 04002F4C, 04002F54, etc.).
Say you want to write the value 38030000 to 7FC39C9C. (ie. 7FC39C9C 38030000)
Your code could be
04002F40 7FC39C9C 04002F44 38030000
Q: What is a TLB Master Code?
A: A TLB (Trans Lookaside Buffer) Master Code is necessary for Action Replay codes on a GameCube game when breakpoint reads and/or writes yield addresses like 7Fxxxxxx. This means that a normal AR write won't work for that code and a TLB Master Code is needed.
Q: Do all games need a TLB Master Code?
A: No. Only games where a breakpoint read or write yields addresses like 7Fxxxxxx.
Q: Why does a TLB Master Code allow me to do writes that AR codes don't?
A: The TLB Master Code functions by using the GameCube's internal method to write values (stw, stb, etc.) to write the values you want to the addresses you want. These internal methods (ASM) can recognize and correctly apply the values to addresses like 7Fxxxxxx.
Q: What games need a TLB Master Code for some of their writes?
A: Known games (to me) as of July 23, 2004:
Very special thanks to Parasyte for basically providing the template with Metal Gear Solid: TTS, and for posting the disassembled version of his code at GSCentral.
Thanks to JAY007 for confirming with Parasyte that only the address to branch from is needed to port the TLB Master Code.
Main part of the TLB Master Code format disassembled:
(Modified from Parasyte at GSCentral)
#TLB Master Code lis r3,0x8000 loop: lwz r4,0x2F40(r3) cmplwi r4,0 beq next cmplwi r4,0x9424 beq end lwz r5,0x2F44(r3) stw r5,0x0000(r4) next: addi r3,r3,8 b loop end: blr
|Copyright © 2003-2017 Action Replay Central|