Dolphin/docs/codehandler.s

#MIT License

#Copyright (c) 2010-2017 Nuke, brkirch, Y.S, Kenobi, gamemasterplc

#Permission is hereby granted, free of charge, to any person obtaining a copy
#of this software and associated documentation files (the "Software"), to deal
#in the Software without restriction, including without limitation the rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of the Software, and to permit persons to whom the Software is
#furnished to do so, subject to the following conditions:

#The above copyright notice and this permission notice shall be included in all
#copies or substantial portions of the Software.

#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
#OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
#SOFTWARE.

# Based off of codehandleronly.s from Gecko OS source code.
# Example command to build:
# powerpc-elf-gcc -mpowerpc -mpaired -mbig codehandler.s -nostartfiles -nodefaultlibs -nostdlib -T codehandler.ld -o codehandler.bin

.text
#Register Defines

.set r0,0;   .set r1,1;   .set r2,2; .set r3,3;   .set r4,4
.set r5,5;   .set r6,6;   .set r7,7;   .set r8,8;   .set r9,9
.set r10,10; .set r11,11; .set r12,12; .set r13,13; .set r14,14
.set r15,15; .set r16,16; .set r17,17; .set r18,18; .set r19,19
.set r20,20; .set r21,21; .set r22,22; .set r23,23; .set r24,24
.set r25,25; .set r26,26; .set r27,27; .set r28,28; .set r29,29
.set r30,30; .set r31,31; .set f0,0; .set f2,2; .set f3,3

.globl _start

gameid:
.long 0,0
cheatdata:
.long frozenvalue
.space 39*4

# Warning, _strip_and_align expects cheat codes to start on 0x0 or 0x8.
# Properly compiling it will add a nop if needed.
_start:
  stwu r1,-172(r1)  # stores sp
  stw r0,8(r1)  # stores r0

  mflr r0
  stw r0,176(r1)  # stores lr

  mfcr r0
  stw r0,12(r1)  # stores cr

  mfctr r0
  stw r0,16(r1)  # stores ctr

  mfxer r0
  stw r0,20(r1)  # stores xer

  stmw r3,24(r1)  # saves r3-r31

  mfmsr r25
  stw r25,168(r1) # save msr

  ori r26,r25,0x2000  #enable floating point ?
  andi. r26,r26,0xF9FF
  mtmsr r26

  stfd f2,152(r1)  # stores f2
  stfd f3,160(r1)  # stores f3

  lis r31,cheatdata@h  #0x8000

  lis r20, 0xCC00
  lhz r28, 0x4010(r20)

  ori r21, r28, 0xFF
  sth r21, 0x4010(r20) # disable MP3 memory protection

  lis r15, codelist@h
  ori r15, r15, codelist@l

  ori r7, r31, cheatdata@l # set pointer for storing data (before the codelist)

  lis r6,0x8000  # default base address = 0x80000000 (code handler)

  mr r16,r6   # default pointer =0x80000000 (code handler)

  li r8,0   # code execution status set to true (code handler)

  lis r3,0x00D0
  ori r3,r3,0xC0DE

  lwz r4,0(r15)
  cmpw r3,r4
  bne- _exitcodehandler
  lwz r4,4(r15)
  cmpw r3,r4
  bne- _exitcodehandler # lf no code list skip code handler
  addi r15,r15,8
  b _readcodes

_exitcodehandler:
  sth r28,0x4010(r20) # restore memory protection value

  lfd f2,152(r1)  # loads f2
  lfd f3,160(r1)  # loads f3

  lwz r25,168(r1)
  mtmsr r25

  lwz r0,176(r1)
  mtlr r0   # restores lr

  lwz r0,12(r1)
  mtcr r0   # restores cr

  lwz r0,16(r1)
  mtctr r0   # restores ctr

  lwz r0,20(r1)
  mtxer r0   # restores xer

  lmw r3,24(r1)  # restores r3-r31

  lwz r0,8(r1)  # loads r0

  addi r1,r1,172

  isync

  blr    # return back to game

_readcodes:

  lwz r3,0(r15)  #load code address
  lwz r4,4(r15)  #load code value

  addi r15,r15,8  #r15 points to next code

  andi. r9,r8,1
  cmpwi cr7,r9,0  #check code execution status in cr7. eq = true, ne = false

  li r9,0   #Clears r9

  rlwinm r10,r3,3,29,31  #r10 = extract code type, 3 bits
  rlwinm  r5,r3,7,29,31  #r5  = extract sub code type 3 bits

  andis. r11,r3,0x1000  #test pointer
  rlwinm r3,r3,0,7,31  #r3  = extract address in r3 (code type 0/1/2) #0x01FFFFFF
 
  bne +12   #jump lf the pointer is used

  rlwinm r12,r6,0,0,6  #lf pointer is not used, address = base address
  b +8

  mr r12,r16   #lf pointer is used, address = pointer

  cmpwi cr4,r5,0  #compares sub code type with 0 in cr4

  cmpwi r10,1
  blt+ _write   #code type 0 : write
  beq+ _conditional  #code type 1 : conditional

  cmpwi r10,3
  blt+ _ba_pointer  #Code type 2 : base address operation

  beq- _repeat_goto  #Code type 3 : Repeat & goto

  cmpwi r10,5
  blt- _operation_rN  #Code type 4 : rN Operation
  beq+ _compare16_NM_counter #Code type 5 : compare [rN] with [rM]

  cmpwi r10,7
  blt+ _hook_execute  #Code type 6 : hook, execute code

  b _terminator_onoff_ #code type 7 : End of code list

 _Write_32:
	lwz r18, 0(r12)	#Load data from registry that will be written to
	cmpw r18, r5 	#Is data to be written equal to the data in memory
	beq+ +72 		#Skip if yes
	stw r5, 0(r12) 	#store opcode
	li r9, 0 		#safe, check r9 if more write_32's are linked.
    b +48
    
_Write_08x:
	lbzx r18, r9, r12
	rlwinm r0, r4, 0, 24,31	#Clears any other data with r4's byte, for compare
	cmpw r0, r18
	beq+ +44
	stbx r4,r9,r12
	b +24 

_Write_16x:
	lhzx r18, r9, r12
	rlwinm r0, r4, 0, 16,31	#Makes sure r4 is just a halfword for compare
	cmpw r0, r18
	beq+ +20
	sthx r4,r9,r12
	icbi r9, r12 #branch target. Clears cache. Need dcbf?
	sync
	isync
	blr

#CT0=============================================================================
#write  8bits (0): 00XXXXXX YYYY00ZZ
#write 16bits (1): 02XXXXXX YYYYZZZZ
#write 32bits (2): 04XXXXXX ZZZZZZZZ
#string code  (3): 06XXXXXX YYYYYYYY, d1d1d1d1 d2d2d2d2, d3d3d3d3 ....
#Serial Code  (4): 08XXXXXX YYYYYYYY TNNNZZZZ VVVVVVVV

_write:
  add r12,r12,r3  #address = (ba/po)+(XXXXXX)
  cmpwi r5,3
  beq- _write_string  #r5  == 3, goto string code
  bgt- _write_serial  #r5  >= 4, goto serial code

  bne- cr7,_readcodes  #lf code execution set to false skip code

  cmpwi cr4,r5,1  #compares sub code type and 1 in cr4

  bgt- cr4,_write32  #lf sub code type == 2, goto write32

#lf sub code type = 0 or 1 (8/16bits)
  rlwinm r10,r4,16,16,31  #r10 = extract number of times to write (16bits value)

_write816:
  beq cr4,+16   #lf r5 = 1 then 16 bits write
  bl _Write_08x
  addi r9,r9,1
  b +12
  bl _Write_16x
  addi r9, r9, 2
  subic. r10,r10,1  #number of times to write -1
  bge- _write816
  b _readcodes

_write32:
  rlwinm r12,r12,0,0,29  #32bits align adress
  mr r5, r4
  bl _Write_32
  b _readcodes

_write_string:    #endianess ?
  mr r9,r4
  mr r22, r4
  bne- cr7,_skip_and_align #lf code execution is false, skip string code data

_stb:
  subic. r9,r9,1   #r9 -= 1 (and compares r9 with 0)
  blt- _skip_and_align  #lf r9 < 0 then exit
  lbzx r5,r9,r15
  mr r4, r5
  bl _Write_08x  #loop until all the data has been written
  mr r4, r22
  b _stb

_write_serial:

  addi r15,r15,8  #r15 points to the code after the serial code
  bne- cr7,_readcodes  #lf code execution is false, skip serial code

  lwz r5,-8(r15)  #load TNNNZZZZ
  lwz r11,-4(r15)  #r11 = load VVVVVVVV

  rlwinm r17,r5,0,16,31  #r17 = ZZZZ
  rlwinm r10,r5,16,20,31  #r10 = NNN (# of times to write -1)
  rlwinm r5,r5,4,28,31  #r5  = T (0:8bits/1:16bits/2:32bits)

_loop_serial:
  cmpwi cr5,r5,1
  beq- cr5,+16   #lf 16bits
  bgt+ cr5,+20   #lf 32bits

  bl _Write_08x
  b +40

  bl _Write_16x  #write serial halfword (CT04,T=1)
  b +32
  
  lwzx r18, r9, r12
  cmpw r4, r18
  beq+ +20
  stwx r4,r9,r12  #write serial word (CT04,T>=2)
  icbi r9, r12 #Invalidate Icache around real memory offset
  sync
  isync
  add r4,r4,r11  #value +=VVVVVVVV
  add r9,r9,r17  #address +=ZZZZ
  subic. r10,r10,1
  bge+ _loop_serial  #loop until all the data has been written

  b _readcodes

#CT1=============================================================================
#32bits conditional (0,1,2,3): 20XXXXXX YYYYYYYY
#16bits conditional (4,5,6,7): 28XXXXXX ZZZZYYYY

#PS : 31 bit of address = endlf.

_conditional:
  rlwinm. r9,r3,0,31,31  #r10 = (bit31 & 1) (endlf enabled?)

  beq +16   #jump lf endlf is not enabled

  rlwinm r8,r8,31,1,31  #Endlf (r8>>1)
  andi. r9,r8,1   #r9=code execution status
  cmpwi cr7,r9,0  #check code execution status in cr7
  cmpwi cr5,r5,4  #compares sub code type and 4 in cr5
  cmpwi cr3,r10,5  #compares code type and 5 in cr3

  rlwimi r8,r8,1,0,30  #r8<<1 and current execution status = old execution status
  bne- cr7,_true_end  #lf code execution is set to false -> exit

  bgt cr3,_addresscheck2 #lf code type==6 -> address check
  add r12,r12,r3  #address = (ba/po)+(XXXXXX)

  blt cr3,+12   #jump lf code type <5 (==1)
  blt cr5,_condition_sub #compare [rN][rM]
  b _conditional16_2 #counter compare
  bge cr5,_conditional16 #lf sub code type>=4 -> 16 bits conditional

_conditional32:
  rlwinm r12,r12,0,0,29  #32bits align
  lwz r11,0(r12)
  b _condition_sub

_conditional16:
  rlwinm r12,r12,0,0,30  #16bits align
  lhz r11,0(r12)
_conditional16_2:
  nor r9,r4,r4
  rlwinm r9,r9,16,16,31  #r9  = extract mask
  and r11,r11,r9  #r11 &= r9
  rlwinm r4,r4,0,16,31  #r4  = extract data to check against

_condition_sub:
  cmpl cr6,r11,r4  #Unsigned compare. r11=data at address, r4=YYYYYYYY
  andi. r9,r5,3
  beq _skip_NE  #lf sub code (type & 3) == 0
  cmpwi r9,2
  beq _skip_LE  #lf sub code (type & 3) == 2
  bgt _skip_GE  #lf sub code (type & 3) == 3

_skip_EQ:#1
  bne- cr6,_true_end  #CT21, CT25, CT29 or CT2D (lf !=)
  b _skip

_skip_NE:#0
  beq- cr6,_true_end  #CT20, CT24, CT28 or CT2C (lf==)
  b _skip

_skip_LE:#2
  bgt- cr6,_true_end  #CT22, CT26, CT2A or CT2E (lf r4>[])
  b _skip

_skip_GE:#3
  blt- cr6,_true_end  #CT23, CT27, CT2B or CT2F (lf r4<r4)

_skip:
  ori r8,r8,1   #r8|=1 (execution status set to false)
_true_end:
  bne+ cr3,_readcodes  #lf code type <> 5
  blt cr5,_readcodes
  lwz r11,-8(r15)  #load counter
  bne cr7,_clearcounter #lf previous code execution false clear counter
  andi. r12,r3,0x8  #else lf clear counter bit not set increase counter
  beq _increase_counter
  andi. r12,r8,0x1  #else lf.. code result true clear counter
  beq _clearcounter

_increase_counter:
  addi r12,r11,0x10  #else increase the counter
  rlwimi r11,r12,0,12,27  #update counter
  b _savecounter

_clearcounter:
  rlwinm r11,r11,0,28,11  #clear the counter
_savecounter:
  stw r11,-8(r15)  #save counter
  b _readcodes

#CT2============================================================================

#load base address    (0): 40TYZ00N XXXXXXXX = (load/add:T) ba from [(ba/po:Y)+XXXXXXXX(+rN:Z)]

#set base address    (1): 42TYZ00N XXXXXXXX = (set/add:T) ba to (ba/po:Y)+XXXXXXXX(+rN:Z)

#store base address  (2): 440Y0000 XXXXXXXX = store base address to [(ba/po)+XXXXXXXX]
#set base address to (3): 4600XXXX 00000000 = set base address to code address+XXXXXXXX
#load pointer        (4): 48TYZ00N XXXXXXXX = (load/add:T) po from [(ba/po:Y)+XXXXXXXX(+rN:Z)]

#set pointer         (5): 4ATYZ00N XXXXXXXX = (set/add:T) po to (ba/po:Y)+XXXXXXXX(+rN:Y)

#store pointer       (6): 4C0Y0000 XXXXXXXX = store pointer to [(ba/po)+XXXXXXXX]
#set pointer to      (7): 4E00XXXX 00000000 = set pointer to code address+XXXXXXXX

_ba_pointer:

  bne- cr7,_readcodes

  rlwinm r9,r3,2,26,29  #r9  = extract N, makes N*4

  rlwinm r14,r3,16,31,31  #r3 = add ba/po flag bit (Y)
  cmpwi cr3,r14,0

  cmpwi cr4,r5,4  #cr4 = compare sub code type with 4 (ba/po)
  andi. r14,r5,3  #r14 = sub code type and 3

  cmpwi cr5,r14,2  #compares sub code type and 2

  blt- cr5,_p01
  beq- cr5,_p2   #sub code type 2

_p3:
  extsh r4,r3
  add r4,r4,r15  #r4=XXXXXXXX+r15 (code location in memory)
  b _pend

_p01:

  rlwinm. r5,r3,20,31,31  #r3 = rN use bit (Z)
  beq +12   #flag is not set(=0), address = XXXXXXXX

  lwzx r9,r7,r9  #r9 = load register N
  add r4,r4,r9  #flag is set (=1), address = XXXXXXXX+rN

  beq cr3,+8   #(Y) flag is not set(=0), address = XXXXXXXX (+rN)

  add r4,r12,r4  #address = XXXXXXXX (+rN) + (ba/po)

  cmpwi cr5,r14,1   
  beq cr5,+8   #address = (ba/po)+XXXXXXXX(+rN)
  lwz r4,0(r4)  #address = [(ba/po)+XXXXXXXX(+rN)]

  rlwinm. r3,r3,12,31,31  #r5 = add/replace flag (T)
  beq _pend   #flag is not set (=0), (ba/po)= XXXXXXXX (+rN) + (ba/po)
  bge cr4,+12
  add r4,r4,r6  #ba += XXXXXXXX (+rN) + (ba/po)
  b _pend
  add r4,r4,r16  #po += XXXXXXXX (+rN) + (ba/po)
  b _pend  

_p2:
  rlwinm. r5,r3,20,31,31  #r3 = rN use bit (Z)
  beq +12   #flag is not set(=0), address = XXXXXXXX

  lwzx r9,r7,r9  #r9 = load register N
  add r4,r4,r9  #flag is set (=1), address = XXXXXXXX+rN

  bge cr4,+12
  stwx r6,r12,r4  #[(ba/po)+XXXXXXXX] = base address
  b _readcodes
  stwx r16,r12,r4  #[(ba/po)+XXXXXXXX] = pointer
  b _readcodes

_pend:
  bge cr4,+12
  mr r6,r4   #store result to base address
  b _readcodes
  mr r16,r4   #store result to pointer
  b _readcodes 

#CT3============================================================================
#set repeat     (0): 6000ZZZZ 0000000P = set repeat
#execute repeat (1): 62000000 0000000P = execute repeat
#return  (2): 64S00000 0000000P = return (lf true/false/always)
#goto  (3): 66S0XXXX 00000000 = goto (lf true/false/always)
#gosub  (4): 68S0XXXX 0000000P = gosub (lf true/false/always)


_repeat_goto:
  rlwinm r9,r4,3,25,28  #r9  = extract P, makes P*8
  addi r9,r9,0x40  #offset that points to block P's
  cmpwi r5,2   #compares sub code type with 2
  blt- _repeat


  rlwinm. r11,r3,10,0,1  #extract (S&3)
  beq +20   #S=0, skip lf true, don't skip lf false
  bgt +8
  b _b_bl_blr_nocheck #S=2/3, always skip (code exec status turned to true)
  beq- cr7,_readcodes  #S=1, skip lf false, don't skip lf true
  b _b_bl_blr_nocheck

_b_bl_blr:
  bne- cr7,_readcodes  #lf code execution set to false skip code

_b_bl_blr_nocheck:
  cmpwi r5,3

  bgt- _bl   #sub code type >=4, bl
  beq+ _b   #sub code type ==3, b

_blr:
  lwzx r15,r7,r9  #loads the next code address
  b _readcodes

_bl:
  stwx r15,r7,r9  #stores the next code address in block P's address
_b:
  extsh r4,r3   #XXXX becomes signed
  rlwinm r4,r4,3,9,28

  add r15,r15,r4  #next code address +/-=line XXXX
  b _readcodes

_repeat:
  bne- cr7,_readcodes  #lf code execution set to false skip code

  add r5,r7,r9  #r5 points to P address
  bne- cr4,_execute_repeat #branch lf sub code type == 1

_set_repeat:
  rlwinm r4,r3,0,16,31  #r4  = extract NNNNN
  stw r15,0(r5)  #store current code address to [bP's address]
  stw r4,4(r5)  #store NNNN to [bP's address+4]

  b _readcodes

_execute_repeat:
  lwz r9,4(r5)  #load NNNN from [M+4]
  cmpwi r9,0
  beq- _readcodes
  subi r9,r9,1
  stw r9,4(r5)  #saves (NNNN-1) to [bP's address+4]
  lwz r15,0(r5)  #load next code address from [bP's address]
  b _readcodes

#CT4============================================================================
#set/add to rN(0) : 80SY000N XXXXXXXX = rN = (ba/po) + XXXXXXXX
#load rN      (1) : 82UY000N XXXXXXXX = rN = [XXXXXXXX] (offset support) (U:8/16/32)
#store rN     (2) : 84UYZZZN XXXXXXXX = store rN in [XXXXXXXX] (offset support) (8/16/32)

#operation 1  (3) : 86TY000N XXXXXXXX = operation rN?XXXXXXXX ([rN]?XXXXXXXX)
#operation 2  (4) : 88TY000N 0000000M = operation rN?rM ([rN]?rM, rN?[rM], [rN]?[rM])

#copy1        (5) : 8AYYYYNM XXXXXXXX = copy YYYY bytes from [rN] to ([rM]+)XXXXXXXX
#copy2        (6) : 8CYYYYNM XXXXXXXX = copy YYYY bytes from ([rN]+)XXXXXX to [rM]


#for copy1/copy2, lf register == 0xF, base address is used.

#of course, sub codes types 0/1, 2/3 and 4/5 can be put together lf we need more subtypes.


_operation_rN:
  bne- cr7,_readcodes

  rlwinm r11,r3,2,26,29  #r11  = extract N, makes N*4
  add r26,r7,r11  #1st value address = rN's address
  lwz r9,0(r26)  #r9 = rN

  rlwinm r14,r3,12,30,31  #extracts S, U, T (3bits)

  beq- cr4,_op0  #lf sub code type = 0

  cmpwi cr4,r5,5
  bge- cr4,_op56   #lf sub code type = 5/6

  cmpwi cr4,r5,3
  bge- cr4,_op34   #lf sub code type = 3/4

  cmpwi cr4,r5,1

_op12: #load/store
  rlwinm. r5,r3,16,31,31  #+(ba/po) flag : Y
  beq +8   #address = XXXXXXXX
  add r4,r12,r4

  cmpwi cr6,r14,1
  bne- cr4,_store

_load:
  bgt+ cr6,+24
  beq- cr6,+12

  lbz r4,0(r4)  #load byte at address
  b _store_reg

  lhz r4,0(r4)  #load halfword at address
  b _store_reg

  lwz r4,0(r4)  #load word at address
  b _store_reg

_store:
  rlwinm r19,r3,28,20,31  #r9=r3 ror 12 (N84UYZZZ)
  
  mr r12, r4
  mr r4, r9
  mr r5, r9
  li r9, 0
_storeloop:
  bgt+ cr6,+32
  beq- cr6,+16

  bl _Write_08x  #store byte at address
  addi r12,r12,1
  b _storeloopend

  bl _Write_16x  #store byte at address
  addi r12,r12,2
  b _storeloopend

  bl _Write_32
  addi r12,r12,4
_storeloopend:
  subic. r19,r19,1
  bge  _storeloop
  b _readcodes

_op0: 
  rlwinm. r5,r3,16,31,31  #+(ba/po) flag : Y
  beq +8   #value = XXXXXXXX
  add r4,r4,r12  #value = XXXXXXXX+(ba/po) 

  andi. r5,r14,1  #add flag : S
  beq _store_reg  #add flag not set (=0), rN=value
  add r4,r4,r9  #add flag set (=1), rN=rN+value
  b _store_reg

_op34: #operation 1 & 2
  rlwinm r10,r3,16,30,31  #extracts Y

  rlwinm r14,r4,2,26,29  #r14  = extract M (in r4), makes M*=4

  add r19,r7,r14  #2nd value address = rM's address
  bne cr4,+8
  subi r19,r15,4  #lf CT3, 2nd value address = XXXXXXXX's address

  lwz r4,0(r26)  #1st value = rN

  lwz r9,0(r19)  #2nd value = rM/XXXXXXXX

  andi. r11,r10,1  #lf [] for 1st value
  beq +8
  mr r26,r4   

  andi. r11,r10,2  #lf [] for 2nd value
  beq +16
  mr r19,r9
  bne+ cr4,+8 
  add r19,r12,r19  #lf CT3, 2nd value address = XXXXXXXX+(ba/op)

  rlwinm. r5,r3,12,28,31  #operation # flag : T

  cmpwi r5,9
  bge _op_float

_operation_bl:
  bl _operation_bl_return

_op450:
  add r4,r9,r4  #N + M
  b _store_reg

_op451:
  mullw r4,r9,r4  #N * M
  b _store_reg

_op452:
  or r4,r9,r4  #N | M
  b _store_reg

_op453:
  and r4,r9,r4  #N & M
  b _store_reg

_op454:
  xor r4,r9,r4  #N ^ M
  b _store_reg

_op455:
  slw r4,r9,r4  #N << M
  b _store_reg

_op456:
  srw r4,r9,r4  #N >> M
  b _store_reg

_op457:
  rlwnm r4,r9,r4,0,31  #N rol M
  b _store_reg

_op458:
  sraw r4,r9,r4  #N asr M

_store_reg:
  stw r4,0(r26)  #Store result in rN/[rN]
  b _readcodes

_op_float:
  cmpwi r5,0xA
  bgt _readcodes

  lfs f2,0(r26)  #f2 = load 1st value
  lfs f3,0(r19)  #f3 = load 2nd value
  beq- _op45A


_op459:
  fadds f2,f3,f2  #N = N + M (float)
  b _store_float

_op45A:
  fmuls f2,f3,f2  #N = N * M (float)

_store_float:
  stfs f2,0(r26)  #Store result in rN/[rN]
  b _readcodes

_operation_bl_return:
  mflr r10
  rlwinm r5,r5,3,25,28  #r5 = T*8
  add r10,r10,r5  #jumps to _op5: + r5

  lwz r4,0(r26)  #load [rN]
  lwz r9,0(r19)  #2nd value address = rM/XXXXXXXX

  mtlr r10
  blr

#copy1        (5) : 8AYYYYNM XXXXXXXX = copy YYYY bytes from [rN] to ([rM]+)XXXXXXXX
#copy2        (6) : 8CYYYYNM XXXXXXXX = copy YYYY bytes from ([rN]+)XXXXXX to [rM]

_op56:    

  bne- cr7,_readcodes  #lf code execution set to false skip code

  rlwinm r9,r3,24,0,31  #r9=r3 ror 8 (NM8AYYYY, NM8CYYYY)
  mr r14,r12   #r14=(ba/po)
  bl _load_NM

  beq- cr4,+12   
  add r17,r17,r4  #lf sub code type==0 then source+=XXXXXXXX
  b +8
  add r9,r9,r4  #lf sub code type==1 then destination+=XXXXXXXX

  rlwinm. r4,r3,24,16,31  #Extracts YYYY, compares it with 0
  li r5,0

  _copy_loop:
  beq  _readcodes  #Loop until all bytes have been copied.
  lbzx  r10,r5,r17
  stbx  r10,r5,r9
  addi r5,r5,1
  cmpw r5,r4
  b  _copy_loop

#===============================================================================
#This is a routine called by _memory_copy and _compare_NM_16

_load_NM:    

  cmpwi cr5,r10,4  #compare code type and 4(rn Operations) in cr5

  rlwinm  r17,r9,6,26,29  #Extracts N*4
  cmpwi  r17,0x3C
  lwzx r17,r7,r17  #Loads rN value in r17
  bne  +8
  mr r17,r14   #lf N==0xF then source address=(ba/po)(+XXXXXXXX, CT5)

  beq cr5,+8
  lhz r17,0(r17)  #...and lf CT5 then N = 16 bits at [XXXXXX+base address]

  rlwinm  r9,r9,10,26,29  #Extracts M*4
  cmpwi  r9,0x3C
  lwzx r9,r7,r9  #Loads rM value in r9
  bne  +8
  mr r9,r14   #lf M==0xF then dest address=(ba/po)(+XXXXXXXX, CT5)

  beq cr5,+8
  lhz r9,0(r9)  #...and lf CT5 then M = 16 bits at [XXXXXX+base address]

  blr

#CT5============================================================================
#16bits conditional (0,1,2,3): A0XXXXXX NM00YYYY (unknown values)
#16bits conditional (4,5,6,7): A8XXXXXX ZZZZYYYY (counter)

#sub codes types 0,1,2,3 compare [rN] with [rM] (both 16bits values)
#lf register == 0xF, the value at [base address+XXXXXXXX] is used.

_compare16_NM_counter:
  cmpwi  r5,4
  bge _compare16_counter

_compare16_NM:

  mr r9,r4   #r9=NM00YYYY

  add r14,r3,r12  #r14 = XXXXXXXX+(ba/po)

  rlwinm r14,r14,0,0,30  #16bits align (base address+XXXXXXXX)

  bl _load_NM  #r17 = N's value, r9 = M's value

  nor r4,r4,r4  #r4=!r4
  rlwinm r4,r4,0,16,31  #Extracts !YYYY

  and r11,r9,r4  #r3 = (M AND !YYYY)
  and r4,r17,r4  #r4 = (N AND !YYYY)

  b _conditional

_compare16_counter:
  rlwinm r11,r3,28,16,31  #extract counter value from r3 in r11
  b _conditional

#===============================================================================
#execute     (0) : C0000000 NNNNNNNN = execute. End with 4E800020 00000000.
#hook1       (2) : C4XXXXXX NNNNNNNN = insert instructions at XXXXXX. Same as C2.
#hook2       (3) : C6XXXXXX YYYYYYYY = branch from XXXXXX to YYYYYY
#on/off      (6) : CC000000 00000000 = on/off switch
#range check (7) : CE000000 XXXXYYYY = is ba/po in XXXX0000-YYYY0000

_hook_execute:
  mr r26,r4   #r26 = 0YYYYYYY
  rlwinm r4,r4,3,0,28  #r4  = NNNNNNNN*8 = number of lines (and not number of bytes)
  bne- cr4,_hook_addresscheck #lf sub code type != 0
  bne- cr7,_skip_and_align

_execute:
  mtlr r15
  blrl

_skip_and_align:
  add r15,r4,r15
  addi r15,r15,7
  rlwinm r15,r15,0,0,28  #align 64-bit
  b _readcodes

_hook_addresscheck:

  cmpwi cr4,r5,3
  bgt- cr4,_addresscheck1 #lf sub code type ==6 or 7
  lis r5,0x4800
  add r12,r3,r12
  rlwinm r12,r12,0,0,29  #align address

  bne- cr4,_hook1  #lf sub code type ==2

_hook2:
  bne- cr7,_readcodes

  rlwinm r4,r26,0,0,29  #address &=0x01FFFFFC

  sub r4,r4,r12  #r4 = to-from
  rlwimi r5,r4,0,6,29  #r5  = (r4 AND 0x03FFFFFC) OR 0x48000000
  rlwimi r5,r3,0,31,31  #restore lr bit
  bl _Write_32
  b _readcodes

_hook1:
  bne- cr7,_skip_and_align

  sub r9,r15,r12  #r9 = to-from
  rlwimi r5,r9,0,6,29  #r5  = (r9 AND 0x03FFFFFC) OR 0x48000000
  bl _Write_32
  addi r12,r12,4
  add r11,r15,r4
  subi r11,r11,4  #r11 = address of the last word of the hook1 code
  sub r9,r12,r11
  rlwimi r5,r9,0,6,29  #r5  = (r9 AND 0x03FFFFFC) OR 0x48000000
  mr r12, r11
  bl _Write_32
  b _skip_and_align

_addresscheck1:
  cmpwi cr4,r5,6
  beq cr4,_onoff
  b _conditional
_addresscheck2:

  rlwinm r12,r12,16,16,31
  rlwinm r4,r26,16,16,31
  rlwinm r26,r26,0,16,31
  cmpw r12,r4
  blt _skip
  cmpw r12,r26
  bge _skip
  b _readcodes

_onoff:
  rlwinm r5,r26,31,31,31  #extracts old exec status (x b a)
  xori r5,r5,1
  andi. r3,r8,1   #extracts current exec status
  cmpw r5,r3
  beq _onoff_end
  rlwimi r26,r8,1,30,30
  xori r26,r26,2
  rlwinm. r5,r26,31,31,31  #extracts b
  beq +8

  xori r26,r26,1

  stw r26,-4(r15)  #updates the code value in the code list

_onoff_end:
  rlwimi r8,r26,0,31,31  #current execution status = a

  b _readcodes

#===============================================================================
#Full terminator  (0) = E0000000 XXXXXXXX = full terminator
#Endlfs/Else      (1) = E2T000VV XXXXXXXX = endlfs (+else)
#End code handler     = F0000000 00000000

_terminator_onoff_:
  cmpwi r11,0   #lf code type = 0xF
  beq _notTerminator
  cmpwi r5,1
  beq _asmTypeba
  cmpwi r5,2
  beq _asmTypepo
  cmpwi r5,3
  beq _patchType
  b _exitcodehandler
  _asmTypeba:
  rlwinm r12,r6,0,0,6 # use base address
  _asmTypepo:
  rlwinm r23,r4,8,24,31 # extract number of half words to XOR
  rlwinm r24,r4,24,16,31 # extract XOR checksum
  rlwinm r4,r4,0,24,31 # set code value to number of ASM lines only
  bne cr7,_goBackToHandler #skip code if code execution is set to false
  rlwinm. r25,r23,0,24,24 # check for negative number of half words
  mr r26,r12 # copy ba/po address
  add r26,r3,r26 # add code offset to ba/po code address
  rlwinm r26,r26,0,0,29 # clear last two bits to align address to 32-bit
  beq _positiveOffset # if number of half words is negative, extra setup needs to be done
  extsb r23,r23
  neg r23,r23
  mulli r25,r23,2
  addi r25,r25,4
  subf r26,r25,r26
  _positiveOffset:
  cmpwi r23,0
  beq _endXORLoop
  li r25,0
  mtctr r23
  _XORLoop:
  lhz r27,4(r26)
  xor r25,r27,r25
  addi r26,r26,2
  bdnz _XORLoop
  _endXORLoop:
  cmpw r24,r25
  bne _goBackToHandler
  b _hook_execute
  _patchType:
  rlwimi r8,r8,1,0,30  #r8<<1 and current execution status = old execution status
  bne cr7,_exitpatch  #lf code execution is set to false -> exit
  rlwinm. r23,r3,22,0,1
  bgt _patchfail
  blt _copytopo
  _runpatch:
  rlwinm r30,r3,0,24,31
  mulli r30,r30,2
  rlwinm r23,r4,0,0,15
  xoris r24,r23,0x8000
  cmpwi r24,0
  bne- _notincodehandler
  ori r23,r23,0x3000
  _notincodehandler:
  rlwinm r24,r4,16,0,15
  mulli r25,r30,4
  subf r24,r25,r24
  _patchloop:
  li r25,0
  _patchloopnext:
  mulli r26,r25,4
  lwzx r27,r15,r26
  lwzx r26,r23,r26
  addi r25,r25,1
  cmplw r23,r24
  bgt _failpatchloop
  cmpw r25,r30
  bgt _foundaddress
  cmpw r26,r27
  beq _patchloopnext
  addi r23,r23,4
  b _patchloop
  _foundaddress:
  lwz r3,-8(r15)
  ori r3,r3,0x300
  stw r3,-8(r15)
  stw r23,-4(r15)
  mr r16,r23
  b _exitpatch
  _failpatchloop:
  lwz r3,-8(r15)
  ori r3,r3,0x100
  stw r3,-8(r15)
  _patchfail:
  ori r8,r8,1   #r8|=1 (execution status set to false)
  b _exitpatch
  _copytopo:
  mr r16,r4
  _exitpatch:
  rlwinm r4,r3,0,24,31 # set code to number of lines only
  _goBackToHandler:
  mulli r4,r4,8
  add r15,r4,r15 # skip the lines of the code
  b _readcodes
  _notTerminator:

_terminator:
  bne cr4,+12   #check lf sub code type == 0
  li r8,0   #clear whole code execution status lf T=0
  b +20

  rlwinm. r9,r3,0,27,31  #extract VV
# bne  +8   #lf VV!=0
# bne- cr7,+16

  rlwinm r5,r3,12,31,31  #extract "else" bit

  srw r8,r8,r9  #r8>>VV, meaning endlf VV lfs

  rlwinm. r23,r8,31,31,31
  bne +8 # execution is false if code execution >>, so don't invert code status
  xor r8,r8,r5  #lf 'else' is set then invert current code status

_load_baseaddress:
  rlwinm. r5,r4,0,0,15
  beq +8
  mr r6,r5   #base address = r4
  rlwinm. r5,r4,16,0,15
  beq +8
  mr r16,r5   #pointer = r4
  b _readcodes

#===============================================================================

frozenvalue: #frozen value, then LR
.long        0,0
dwordbuffer:
.long        0,0
rem:
.long        0
bpbuffer:
.long 0  #int address to bp on
.long 0  #data address to bp on
.long 0  #alignement check
.long 0  #counter for alignement

regbuffer:
.space 72*4

.align 3

codelist:
.space 2*4
.end