Easy Way To Joker Your Subroutines

Easy way to joker a subroutine tutorial by TheEliteOne

Here is a subroutine that I will be using:

Quote :

#Call Recoil Function
;TheEliteOne
;Calls the recoil function
0x00080CBC 0x0a200400
0x00001000 0x27bdfff8
0x00001004 0xafa40000
0x00001008 0xafbf0004
0x0000100c 0x3c0409b8
0x00001010 0x0e25c1ea
0x00001014 0x3484a720
0x00001018 0x8fbf0004
0x0000101c 0x8fa40000
0x00001020 0x03e00008
0x00001024 0x27bd0008

This is for Medal of Honor Heroes 2, ULUS-10310. This code is not a joker or anything, it will automatically activate when turned on. So what if we

wanted to joker it? We can joker the hook of the subroutine. Follow this template:

Quote :

Lui t0, $First half of controller address +0880
Lh t0, $Second half of controlller addresss(t0)
Addi t1, zero, $Button value to activate
Bne t1, t0, $Branch to the jr ra
Nop
J $Start of subroutine (Not hook)
Nop
Jr ra
Nop

In this case I would have the J be this:

Quote :

J $08801000

Now we will not call are subroutine unless we are pressing the button. We will need a hook to jump to the joker that we just created though.

How does the joker work?

Controller Address: 0x08DD3068 (Real addressing)
Button Value: 0x80 (Left button)

Line 1 - Lui t0, $First half of controller address +0880
Loads the first half of the controller address into the upper half of the register t0
Lui t0, $08DD
t0 = 0x08DD0000

Line 2 - Lh t0, $Second half of controlller addresss(t0)
Loads a half word (16 bits or 0x0000) value from the address. The address is {(t0)XXXX}
Lw t0, $3068(t0)
t0 = lower 16Bits of value at address 0x08DD3068

Line 3 - Addi t1, zero, $Button value to activate
Adds the contents of the register zero (0x00000000) to an immediate value that we give (Are button value) then puts the result into another

register, in this case that register is t1
Addi t1, zero, $80
t1 = 0x00000000 + 0x00000080
t1 = 0x00000080

Line 4 - Bne t1, t0, $Branch to the jr ra
Checks the contents of the registers t1 and t0, if they are not equal go to the jr ra, if they are continue on
Beq t1, t0, $08801200
if (t1 == t0) {Go to address 0x00001200} else {Continue on}

Line 5 - Nop
This is the delay slot of the branch. If the branch does branch to the target address this line will be executed.

Line 6 - J $Start of subroutine (Not hook)
Jumps to the start of are subroutine, this will act as a hook for us.

Line 7 - Nop
This is the delay slot of the jump. If the jump is used then this line will be executed.

Line 8 - Jr ra
Jumps to the address contained in the register ra.

Line 9 - Nop
This is the delay slot of the jump register. If the jump register is used then this will will be executed.

Working example:

Code:

#Jokered Call Recoil
;TheEliteOne
;Press left
;Here is the joker:
0x00000098 0x0a200800
0x00002000 0x3c0808dd
0x00002004 0x85083068
0x00002008 0x24090080
0x0000200c 0x15280003
0x00002014 0x0a200400
0x0000201c 0x03e00008
;Here is the code:
0x00001000 0x27bdfff8
0x00001004 0xafa40000
0x00001008 0xafbf0004
0x0000100c 0x3c0409b8
0x00001010 0x0e25c1ea
0x00001014 0x3484a720
0x00001018 0x8fbf0004
0x0000101c 0x8fa40000
0x00001020 0x03e00008
0x00001024 0x27bd0008

Was that so hard?