So you want to learn ASM but you don't know where to start. Perhaps a picture will help you understand what's going on.
Today's example will work with Super Mario Galaxy again. We're going to look at the code which subtracts 1 from your health when an enemy hits you, so that we can understand what the assembly code is doing. Here's the disassembly of the interesting section.
802B1C20: 80830380 lwz r4,896(r3)
802B1C24: 2C040000 cmpwi r4,0
802B1C28: 4182000C beq- 0x802b1c34
802B1C2C: 3804FFFF subi r0,r4,1
802B1C30: 90030380 stw r0,896(r3)
The non-bold part isn't relevant to this discussion, but I left in there for completeness.
Hidden in the spoilers below is an
extremely simplified block diagram of the Wii's processor. It shows four parts
1) Memory (MEM). Pointers point to places in memory. Mario's health, currently 3, is at address 810B5CB4.
2) Registers (REG). This is where data being worked on is placed
3) Arithmetic Logic Unit (ALU). This performs operations on data.
4) Instruction Register (IR). This tells the CPU what to do.
Note that OP stands for Operation (add, subtract, load, store, and, or, etc). rD stands for destination register. rA stands is for the first source register. rB is for the second (we won't be using that today). I stands for "Immediate", which is how we refer to values that come from the IR as opposed to a normal register. Word means any 32-bit value (as opposed to half-word, which is 16-bits, or byte, which is 8-bits)
As you can see, right now the IR has lwz r4,896(r3) in it. It stands for
Load Word. It is telling the CPU to
1) Take the value in r3, which is 0x810B5934 (Hex!)2) Add the immediate value 896 (0x380 hex!) to it3) Use the result as an address in memory4) Put the data from that address into r4Skip the irrelevant instructions...
IR now has subi r0,r4,1. It stands for
SUBtract Immediate. This instruction tells the CPU to
1) Take the value in r4, which is 32) Subtract 1 from it3) Put the result into r0Finally, the last instruction is stw r0,896(r3), which stands for
STore Word. It tells the CPU to
1) Take the value in r3, which is 0x810B5934 (Hex!)2) Add 896 (0x380 hex!) to it3) Use the result as an address in memory4) Put the data from r0 into that addressNow, what if you wanted to give infinite life? There are several ways to do this. The classic way is to replace the stw with a nop.
nop tells the CPU to do...nothing. It stands for "
no operation".
There are other ways. You could replace subi r0,r4,1 with mr r0,r4 (
Move Register, more like "copy register"); this would move 3 from r4 to r0, and then the stw would always write the original health value back into memory. You could also replace subi with li r0,3 (
Load Immediate), which puts 3 into r0. Then stw will always write 3 back into memory. You could replace lwz with li r4,4, so that the subi will put 3 into r0 and the stw will always write 3 back into memory.
Remember, this was extremely simplified. There's a lot more going on. Sometimes, instead of rD, there's an rS. Sometimes rA is the destination register. Sometimes there's an rB or an immediate or three immediates (like rlwinm,
Rotate Left Word Immediate then aNd with Mask). The above is just meant to give you a mental set of building blocks to work with. Hopefully you can piece together the rest.
May you go forth and write more ASM hacks!
