I've made a Trainer for Resident Evil 4 on the Xbox 360. The trainer allows you to select different characters like Krauser to play as. The tool can be found here: https://github.com/ReclaimerShawn/Xbox-360-Trainers
The only problem is Radio Transmissions crash the game with different characters as it did in the Gamecube version. Ralf made a code on Gamecube to disable the radio tranmissions to bypass this crash and I have no idea how to remake it. The code can be found here: viewtopic.php?t=2750
Ralf, if you're seeing this thread, could you please help me remake the code for the 360? I have no idea how your original code works and wouldn't know how to find it. You could perhaps Team Viewer me while I had my computer debugging the 360 and with a copy of RE4's game executable in IDA Pro. Thank you for reading this and have a nice day!
Need Help Porting Disable Radio Transmissions Code from Gamecube to Xbox 360
Moderator: Ralf@gc-forever
-
Reclaimer Shawn
- Posts: 17
- Joined: Tue Jan 09, 2024 8:19 pm
-
Ralf@gc-forever
- Posts: 3877
- Joined: Sun Mar 16, 2014 9:31 am
Re: Need Help Porting Disable Radio Transmissions Code from Gamecube to Xbox 360
Here's some info about the "No Radio Transmissions" code:
A good starting point to port the code is the loop counter, the "press Start button" logic and the FP constants starting at address 0x801e60b8.
Code: Select all
Radio transmissions function (GC/PAL)
8005B478: 812D8B28 lwz r9,-29912(r13)
8005B47C: 7FE3FB78 mr r3,r31
8005B480: 389F01D8 addi r4,r31,472
8005B484: 38C00000 li r6,0
8005B488: 81690050 lwz r11,80(r9)
8005B48C: 38E00000 li r7,0
8005B490: 39200000 li r9,0
8005B494: 39000201 li r8,513
8005B498: 80AB01E4 lwz r5,484(r11)
8005B49C: 3BC00000 li r30,0
8005B4A0: 7CA55A14 add r5,r5,r11
8005B4A4: 480CFFDD bl 0x8012b480
8005B4A8: 38600001 li r3,1
8005B4AC: 480FE8D1 bl 0x80159d7c
8005B4B0: 816D8B28 lwz r11,-29912(r13)
8005B4B4: 3D208029 lis r9,-32727
8005B4B8: 3BA9DA70 subi r29,r9,9616 ; r29: joker base address (0x8028da70)
8005B4BC: 800B0054 lwz r0,84(r11)
8005B4C0: 540005A8 rlwinm r0,r0,0,22,20
8005B4C4: 900B0054 stw r0,84(r11)
8005B4C8: 813D0018 lwz r9,24(r29)
8005B4CC: 815D001C lwz r10,28(r29) ; r10: get button IDs (0x8028da8c, one shot)
8005B4D0: 39200000 li r9,0
8005B4D4: 554A0084 rlwinm r10,r10,0,2,2 ; mask out Start button (bit2 - 0x20000000)
8005B4D8: 7D205379 or. r0,r9,r10 ; Start button pressed ?
8005B4DC: 4082013C bne- 0x8005b618 ; yes: skip radio transmission
8005B4E0: 38600001 li r3,1 ; no: play radio transmission
8005B4E4: 3BDE0001 addi r30,r30,1
8005B4E8: 480FE895 bl 0x80159d7c
8005B4EC: 2C1E0014 cmpwi r30,20 ; loop 20 times
8005B4F0: 4081FFD8 ble+ 0x8005b4c8
8005B4F4: 3FC08029 lis r30,-32727
8005B4F8: 3880000B li r4,11
8005B4FC: 387EDDD0 subi r3,r30,8752
8005B500: 481837F5 bl 0x801decf4
8005B504: 907C0324 stw r3,804(r28)
8005B508: 816D8B28 lwz r11,-29912(r13)
8005B50C: 812B0050 lwz r9,80(r11)
8005B510: 808901DC lwz r4,476(r9)
8005B514: 80A901E0 lwz r5,480(r9)
8005B518: 7C844A14 add r4,r4,r9
8005B51C: 7CA54A14 add r5,r5,r9
8005B520: 480CD955 bl 0x80128e74
8005B524: 2C030000 cmpwi r3,0
8005B528: 40820014 bne- 0x8005b53c
8005B52C: 809C0324 lwz r4,804(r28)
8005B530: 387EDDD0 subi r3,r30,8752
8005B534: 480D3555 bl 0x8012ea88
8005B538: 480001E4 b 0x8005b71c
8005B53C: 3D40801E lis r10,-32738
8005B540: 3D00801E lis r8,-32738
8005B544: 3D20801E lis r9,-32738
8005B548: 3D60801E lis r11,-32738
8005B54C: 3C60801E lis r3,-32738
8005B550: 3FC0801E lis r30,-32738
8005B554: C12960B8 lfs f9,24760(r9) ; f9: 0x42DE0000
8005B558: 38A00010 li r5,16
8005B55C: C14B60BC lfs f10,24764(r11) ; f10: 0xC1B00000
8005B560: 38C10068 addi r6,r1,104
8005B564: C00360C8 lfs f0,24776(r3) ; f0: 0x3EA0D97C
8005B568: 38E10078 addi r7,r1,120
8005B56C: C1BE60CC lfs f13,24780(r30) ; f13: 0xBF3BA866
8005B570: 7FE4FB78 mr r4,r31
8005B574: C16A60C0 lfs f11,24768(r10) ; f11: 0x42840000
8005B578: C18860C4 lfs f12,24772(r8) ; f12: 0xBEFA35DD
FP constants
801E60B0: 00000003 00000000 42DE0000 C1B00000
801E60C0: 42840000 BEFA35DD 3EA0D97C BF3BA866
Button IDs (joker address 0x8028da8c, one shot):
80080480 - A
40040040 - B
00020200 - X
00110000 - Y
10200000 - Z
00400820 - L
00800010 - R
20003000 - Start
08000008 - DPad Left
04000004 - DPad Right
01000001 - DPad Up
02000002 - DPad Down
08000008 - A-Stick Left
04000004 - A-Stick Right
01000001 - A-Stick Up
02000002 - A-Stick Down
00004000 - C-Stick Up
00008000 - C-Stick Down
-
Reclaimer Shawn
- Posts: 17
- Joined: Tue Jan 09, 2024 8:19 pm
Re: Need Help Porting Disable Radio Transmissions Code from Gamecube to Xbox 360
I appreciate you for commenting, Ralf! I've used the tidbits here to try to find it and I cannot find anything. For one, buttons in the game are different. The back button is what ends the radio call, not the start button. And the back button and start button are 0x0020 and 0x0010, respectively. I also cannot locate any of the values you said were associated with FP in memory. I have no idea how I'd go about finding the loop counter or the "Press start button" logic in memory by just doing RAM searches.Ralf@gc-forever wrote: ↑Sun Jun 08, 2025 3:28 pmHere's some info about the "No Radio Transmissions" code:
A good starting point to port the code is the loop counter, the "press Start button" logic and the FP constants starting at address 0x801e60b8.Code: Select all
Radio transmissions function (GC/PAL) 8005B478: 812D8B28 lwz r9,-29912(r13) 8005B47C: 7FE3FB78 mr r3,r31 8005B480: 389F01D8 addi r4,r31,472 8005B484: 38C00000 li r6,0 8005B488: 81690050 lwz r11,80(r9) 8005B48C: 38E00000 li r7,0 8005B490: 39200000 li r9,0 8005B494: 39000201 li r8,513 8005B498: 80AB01E4 lwz r5,484(r11) 8005B49C: 3BC00000 li r30,0 8005B4A0: 7CA55A14 add r5,r5,r11 8005B4A4: 480CFFDD bl 0x8012b480 8005B4A8: 38600001 li r3,1 8005B4AC: 480FE8D1 bl 0x80159d7c 8005B4B0: 816D8B28 lwz r11,-29912(r13) 8005B4B4: 3D208029 lis r9,-32727 8005B4B8: 3BA9DA70 subi r29,r9,9616 ; r29: joker base address (0x8028da70) 8005B4BC: 800B0054 lwz r0,84(r11) 8005B4C0: 540005A8 rlwinm r0,r0,0,22,20 8005B4C4: 900B0054 stw r0,84(r11) 8005B4C8: 813D0018 lwz r9,24(r29) 8005B4CC: 815D001C lwz r10,28(r29) ; r10: get button IDs (0x8028da8c, one shot) 8005B4D0: 39200000 li r9,0 8005B4D4: 554A0084 rlwinm r10,r10,0,2,2 ; mask out Start button (bit2 - 0x20000000) 8005B4D8: 7D205379 or. r0,r9,r10 ; Start button pressed ? 8005B4DC: 4082013C bne- 0x8005b618 ; yes: skip radio transmission 8005B4E0: 38600001 li r3,1 ; no: play radio transmission 8005B4E4: 3BDE0001 addi r30,r30,1 8005B4E8: 480FE895 bl 0x80159d7c 8005B4EC: 2C1E0014 cmpwi r30,20 ; loop 20 times 8005B4F0: 4081FFD8 ble+ 0x8005b4c8 8005B4F4: 3FC08029 lis r30,-32727 8005B4F8: 3880000B li r4,11 8005B4FC: 387EDDD0 subi r3,r30,8752 8005B500: 481837F5 bl 0x801decf4 8005B504: 907C0324 stw r3,804(r28) 8005B508: 816D8B28 lwz r11,-29912(r13) 8005B50C: 812B0050 lwz r9,80(r11) 8005B510: 808901DC lwz r4,476(r9) 8005B514: 80A901E0 lwz r5,480(r9) 8005B518: 7C844A14 add r4,r4,r9 8005B51C: 7CA54A14 add r5,r5,r9 8005B520: 480CD955 bl 0x80128e74 8005B524: 2C030000 cmpwi r3,0 8005B528: 40820014 bne- 0x8005b53c 8005B52C: 809C0324 lwz r4,804(r28) 8005B530: 387EDDD0 subi r3,r30,8752 8005B534: 480D3555 bl 0x8012ea88 8005B538: 480001E4 b 0x8005b71c 8005B53C: 3D40801E lis r10,-32738 8005B540: 3D00801E lis r8,-32738 8005B544: 3D20801E lis r9,-32738 8005B548: 3D60801E lis r11,-32738 8005B54C: 3C60801E lis r3,-32738 8005B550: 3FC0801E lis r30,-32738 8005B554: C12960B8 lfs f9,24760(r9) ; f9: 0x42DE0000 8005B558: 38A00010 li r5,16 8005B55C: C14B60BC lfs f10,24764(r11) ; f10: 0xC1B00000 8005B560: 38C10068 addi r6,r1,104 8005B564: C00360C8 lfs f0,24776(r3) ; f0: 0x3EA0D97C 8005B568: 38E10078 addi r7,r1,120 8005B56C: C1BE60CC lfs f13,24780(r30) ; f13: 0xBF3BA866 8005B570: 7FE4FB78 mr r4,r31 8005B574: C16A60C0 lfs f11,24768(r10) ; f11: 0x42840000 8005B578: C18860C4 lfs f12,24772(r8) ; f12: 0xBEFA35DD FP constants 801E60B0: 00000003 00000000 42DE0000 C1B00000 801E60C0: 42840000 BEFA35DD 3EA0D97C BF3BA866 Button IDs (joker address 0x8028da8c, one shot): 80080480 - A 40040040 - B 00020200 - X 00110000 - Y 10200000 - Z 00400820 - L 00800010 - R 20003000 - Start 08000008 - DPad Left 04000004 - DPad Right 01000001 - DPad Up 02000002 - DPad Down 08000008 - A-Stick Left 04000004 - A-Stick Right 01000001 - A-Stick Up 02000002 - A-Stick Down 00004000 - C-Stick Up 00008000 - C-Stick Down
I did set a read breakpoint on the joker value (the raw joker value, not the strange encrypted one the address you gave me had) and I at least got what reads the raw button input on the Xbox 360. It's the instruction lhz r8, 0(r6) at 0x82519500. I know this because if I set r8 to 0x0020, it'll continuously press the back button and the player won't be able to make any inputs.
The game logic is likely significantly different and the code would have to be remade from scratch. There's also barely any symbols in the game executable and there's no PDB file for the game executable online, so whatever I find I'd have to find via a RAM search. What values associated with the radio transmission could I search for in RAM to help me find the branch instruction? If you'd be willing to help recreate it from scratch on the Xbox 360 with me allowing you to TeamView to make realtime edits to the console memory, I'd highly appreciate it. You'd of course get full credit for such a code, too.
-
Ralf@gc-forever
- Posts: 3877
- Joined: Sun Mar 16, 2014 9:31 am
Re: Need Help Porting Disable Radio Transmissions Code from Gamecube to Xbox 360
These "joker" values are RE4 game specific action IDs and should be used in all version of the game.
e.g.
The Start button is assigned to three actions:
20003000 - Start
Bit02 - skip radio transmissions action ID
Bit18 - ??? (skip cutscenes or open option menu?)
Bit19 - ??? (")
and the A button is assigned to four actions:
80080480 - A
e.g.
The Start button is assigned to three actions:
20003000 - Start
Bit02 - skip radio transmissions action ID
Bit18 - ??? (skip cutscenes or open option menu?)
Bit19 - ??? (")
and the A button is assigned to four actions:
80080480 - A
Code: Select all
Button masher routine
800E9A74: 3D208029 lis r9,-32727
800E9A78: 39600000 li r11,0
800E9A7C: 3929DA70 subi r9,r9,9616
800E9A80: 80E90018 lwz r7,24(r9)
800E9A84: 8109001C lwz r8,28(r9)
800E9A88: 550C0318 rlwinm r12,r8,0,12,12 ; mask out button masher ID (bit12 - 0x00080000)
800E9A8C: 7D606379 or. r0,r11,r12
Bit12 - button masher action ID
-
Reclaimer Shawn
- Posts: 17
- Joined: Tue Jan 09, 2024 8:19 pm
Re: Need Help Porting Disable Radio Transmissions Code from Gamecube to Xbox 360
Thank you for all the help! After telling me that, I ended up getting it working for the Xbox 360 and uploading it to the tool on the Github. There were two interesting changes, though. The back button (what skips cutscenes in this game instead of Start) is 20002000 and not 20003000. Otherwise, the other action IDs (at least DPAD Right and DPAD Left) ended up being the same, allowing me to find the address. Also, instead of loading a word, a double word is loaded and compared. Otherwise, the skip radio transmission logic is pretty much the same. Here is a snippet from the Radio Transmission function:Ralf@gc-forever wrote: ↑Wed Jun 11, 2025 7:14 amThese "joker" values are RE4 game specific action IDs and should be used in all version of the game.
e.g.
The Start button is assigned to three actions:
20003000 - Start
Bit02 - skip radio transmissions action ID
Bit18 - ??? (skip cutscenes or open option menu?)
Bit19 - ??? (")
and the A button is assigned to four actions:
80080480 - A
Code: Select all
Button masher routine 800E9A74: 3D208029 lis r9,-32727 800E9A78: 39600000 li r11,0 800E9A7C: 3929DA70 subi r9,r9,9616 800E9A80: 80E90018 lwz r7,24(r9) 800E9A84: 8109001C lwz r8,28(r9) 800E9A88: 550C0318 rlwinm r12,r8,0,12,12 ; mask out button masher ID (bit12 - 0x00080000) 800E9A8C: 7D606379 or. r0,r11,r12 Bit12 - button masher action ID
Code: Select all
82373384 ld r11,18h(r26) //Read Action ID
82373388 rlwinm r11,r11,0,2,2 //Mask out Back button
8237338C cmpldi cr6,r11,0 //Compare
82373390 bne cr6,82373514 //If Back button pressed, skip Radio Tranmsission. Changing this to b 82373514 (0x48000184) always skips the Radio Transmission, preventing the crash.
82373394 li r3,1 //Otherwise, play radio tranmission
82373398 bl 822FBDB8