RAM Dump [Vega]
#1
RAM Dump [Vega]

This code will make a RAM Dump for you (Mem80 - 81 only) and dump the contents to your Wii's NAND.

This code is only useful if you don't have Dolphin to do a RAM Dump.

How to Use the Code:
Whenever you want to initiate the RAM Dump, just press your activator. The game will freeze/stall for around 25-30 full seconds (be patient). Afterwards, you will be returned to the Wii Main Menu.

Launch HBC, use an app such as WiiXplorer. There will be a new directory created at the root of NAND, and it will be named after your game's Game ID. There should be a total of 128 files in the directory (000 - 127). The files will have no specific file extension. Copy paste the directory to your SD/USB, and back them up on your computer. Once you have them backed up on your computer, delete the directory off of your NAND.

Use a Hex Editor (such as HxD) to append all the files in order. Once completed, you will have an entire Mem80-81 RAM Dump. Congratz!

It's recommended to only run this code a few times for whatever Wii you are using this on (do whatever Dumps you need and be done with it). Using this code numerous times can cause premature wear to the Wii's NAND.

NTSC-U
2834XXXX YYYYZZZZ
C20095F4 00000031
3EC08000 3F96FFFD
3B600080 80960000
4800000D 2F585858
58000000 7C6802A6
90830001 BBC30000
BFC10008 3F408016
38800000 38A00003
38C00003 38E00003
63599DD4 7F2803A6
4E800021 2C03FF97
4182000C 2C030000
418000C4 3BA0FFFF
4800000D 2F253033
64000000 7C8802A6
7C972378 3BBD0001
7FA5EB78 7EE4BB78
3861000D 3D808001
618C0ECC 7D8803A6
4E800021 2C030000
4180007C 38610008
38800000 38A00003
38C00003 38E00003
6359ABD4 7F2803A6
4E800021 2C030000
41800054 38610008
38800002 6359ADBC
7F2803A6 4E800021
2C030000 41800038
7C781B78 3F9C0003
7F84E378 3CA00003
2C1D0000 41820039
6359B220 7F2803A6
4E800021 7F03C378
6359B2E4 7F2803A6
4E800021 377BFFFF
4082FF5C 3D80801A
618C87B8 7D8803A6
4E800020 7FC802A6
7C651B78 38800020
80ADA358 80A50024
3D808022 618C9490
7D8803A6 4E800021
38E3FFFC 3896FFFC
3CA0C000 54A5843E
84C40004 94C70004
34A5FFFF 4082FFF4
3CA00003 7C641B78
7F03C378 7FC803A6
4E800020 00000000
E0000000 80008000

PAL
2834XXXX YYYYZZZZ
C2009634 00000031
3EC08000 3F96FFFD
3B600080 80960000
4800000D 2F585858
58000000 7C6802A6
90830001 BBC30000
BFC10008 3F408016
38800000 38A00003
38C00003 38E00003
63599E74 7F2803A6
4E800021 2C03FF97
4182000C 2C030000
418000C4 3BA0FFFF
4800000D 2F253033
64000000 7C8802A6
7C972378 3BBD0001
7FA5EB78 7EE4BB78
3861000D 3D808001
618C1A2C 7D8803A6
4E800021 2C030000
4180007C 38610008
38800000 38A00003
38C00003 38E00003
6359AC74 7F2803A6
4E800021 2C030000
41800054 38610008
38800002 6359AE5C
7F2803A6 4E800021
2C030000 41800038
7C781B78 3F9C0003
7F84E378 3CA00003
2C1D0000 41820039
6359B2C0 7F2803A6
4E800021 7F03C378
6359B384 7F2803A6
4E800021 377BFFFF
4082FF5C 3D80801A
618C8858 7D8803A6
4E800020 7FC802A6
7C651B78 38800020
80ADA360 80A50024
3D808022 618C9814
7D8803A6 4E800021
38E3FFFC 3896FFFC
3CA0C000 54A5843E
84C40004 94C70004
34A5FFFF 4082FFF4
3CA00003 7C641B78
7F03C378 7FC803A6
4E800020 00000000
E0000000 80008000

NTSC-J
2834XXXX YYYYZZZZ
C2009590 00000031
3EC08000 3F96FFFD
3B600080 80960000
4800000D 2F585858
58000000 7C6802A6
90830001 BBC30000
BFC10008 3F408016
38800000 38A00003
38C00003 38E00003
63599D94 7F2803A6
4E800021 2C03FF97
4182000C 2C030000
418000C4 3BA0FFFF
4800000D 2F253033
64000000 7C8802A6
7C972378 3BBD0001
7FA5EB78 7EE4BB78
3861000D 3D808001
618C1950 7D8803A6
4E800021 2C030000
4180007C 38610008
38800000 38A00003
38C00003 38E00003
6359AB94 7F2803A6
4E800021 2C030000
41800054 38610008
38800002 6359AD7C
7F2803A6 4E800021
2C030000 41800038
7C781B78 3F9C0003
7F84E378 3CA00003
2C1D0000 41820039
6359B1E0 7F2803A6
4E800021 7F03C378
6359B2A4 7F2803A6
4E800021 377BFFFF
4082FF5C 3D80801A
618C8778 7D8803A6
4E800020 7FC802A6
7C651B78 38800020
80ADA360 80A50024
3D808022 618C9734
7D8803A6 4E800021
38E3FFFC 3896FFFC
3CA0C000 54A5843E
84C40004 94C70004
34A5FFFF 4082FFF4
3CA00003 7C641B78
7F03C378 7FC803A6
4E800020 00000000
E0000000 80008000

NTSC-K
2833XXXX YYYYZZZZ
C200973C 00000031
3EC08000 3F96FFFD
3B600080 80960000
4800000D 2F585858
58000000 7C6802A6
90830001 BBC30000
BFC10008 3F408016
38800000 38A00003
38C00003 38E00003
63599F10 7F2803A6
4E800021 2C03FF97
4182000C 2C030000
418000C4 3BA0FFFF
4800000D 2F253033
64000000 7C8802A6
7C972378 3BBD0001
7FA5EB78 7EE4BB78
3861000D 3D808001
618C1A94 7D8803A6
4E800021 2C030000
4180007C 38610008
38800000 38A00003
38C00003 38E00003
6359AD10 7F2803A6
4E800021 2C030000
41800054 38610008
38800002 6359AEF8
7F2803A6 4E800021
2C030000 41800038
7C781B78 3F9C0003
7F84E378 3CA00003
2C1D0000 41820039
6359B35C 7F2803A6
4E800021 7F03C378
6359B420 7F2803A6
4E800021 377BFFFF
4082FF5C 3D80801A
618C8BB4 7D8803A6
4E800020 7FC802A6
7C651B78 38800020
80ADA380 80A50024
3D808022 618C9B88
7D8803A6 4E800021
38E3FFFC 3896FFFC
3CA0C000 54A5843E
84C40004 94C70004
34A5FFFF 4082FFF4
3CA00003 7C641B78
7F03C378 7FC803A6
4E800020 00000000
E0000000 80008000



Code creator: Vega
Code credits: Megazig (ISFS Functions, Return to Menu function)



Source:

#~~~~~~~~~~~~~~~~#
# START ASSEMBLY #
#~~~~~~~~~~~~~~~~#

#

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Compilation Region Setting #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

.set region, '' #Fill in E, P, J, or K within the quotes for your region when Compiling! Lowercase letters can also be used.

#~~~~~~~~~~~~~~~~~~~~#
# Macros & Variables #
#~~~~~~~~~~~~~~~~~~~~#

.macro call_link address
    lis r12, \address@h
    ori r12, r12, \address@l
    mtlr r12
    blrl
.endm

.macro call_isfs address
    ori r25, r26, \address@l
    mtlr r25
    blrl
.endm

.macro call_nolink address
    lis r12, \address@h
    ori r12, r12, \address@l
    mtlr r12
    blr
.endm

.if    (region == 'E' || region == 'e') # RMCE
    .set sprintf, 0x80010ECC
    .set ISFS_CreateDir, 0x9DD4
    .set ISFS_CreateFile, 0xABD4
    .set ISFS_Open, 0xADBC
    .set ISFS_Write, 0xB220
    .set ISFS_Close, 0xB2E4
    .set Egg_Alloc, 0x80229490
    .set Wii_Menu, 0x801A87B8
.elseif (region == 'P' || region == 'p') # RMCP
    .set sprintf, 0x80011A2C
    .set ISFS_CreateDir, 0x9E74
    .set ISFS_CreateFile, 0xAC74
    .set ISFS_Open, 0xAE5C
    .set ISFS_Write, 0xB2C0
    .set ISFS_Close, 0xB384
    .set Egg_Alloc, 0x80229814
    .set Wii_Menu, 0x801A8858
.elseif (region == 'J' || region == 'j') # RMCJ
    .set sprintf, 0x80011950
    .set ISFS_CreateDir, 0x9D94
    .set ISFS_CreateFile, 0xAB94
    .set ISFS_Open, 0xAD7C
    .set ISFS_Write, 0xB1E0
    .set ISFS_Close, 0xB2A4
    .set Egg_Alloc, 0x80229734
    .set Wii_Menu, 0x801A8778
.elseif (region == 'K' || region == 'k') # RMCK
    .set sprintf, 0x80011A94
    .set ISFS_CreateDir, 0x9F10
    .set ISFS_CreateFile, 0xAD10
    .set ISFS_Open, 0xAEF8
    .set ISFS_Write, 0xB35C
    .set ISFS_Close, 0xB420
    .set Egg_Alloc, 0x80229B88
    .set Wii_Menu, 0x801A8BB4
.else # Invalid Region
    .err
.endif

#~~~~~~~~~~~~~~~~#
# Register Notes #
#~~~~~~~~~~~~~~~~#

#Code ends in blr, no need to save anything

# r31 = file name within directory-file name string (for sprintf formatting)
# r30 = LR for file fix subroutine
# r29 = file name incrementer
# r28 = Write address (r4 arg) for ISFS_Write
# r27 = Mega Loop Counter
# r26 = 0x8016 for ISFS calls
# r25 = For ISFS Macros
# r24 = fd for ISFS_Close
# r23 - Backup r4 sprintf arg
# r22 - 0x80000000
# r1 + 8 = Start of file pathway string
# r1 + 0xD = File Name within file pathway string

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Load Game ID, Setup ISFS_Write r4's arg for later, Set Mega Loop Counter #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

lis r22, 0x8000
addis r28, r22, -3 #Sets r28 as 0x7FFD0000
li r27, 0x80 #128 total files

#0x817FFFFF - 0x80000000 (then plus 1) = 0x1800000. 0x180000 / 0x80 = 0x30000
#0x80 is the mega loop counter
#0x30000 is ISFS_Write Amount

lwz r4, 0x0 (r22)

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Make incomplete file path, Store to Stack #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

bl make_dir

.string "/XXXX\0\0"

make_dir:
mflr r3

stw r4, 0x1 (r3) #Fill in Game ID Ascii for String

#~~~~~~~~~~~~~~~~~~~~~~~~#
# Store Pathway to Stack #
#~~~~~~~~~~~~~~~~~~~~~~~~#

lmw r30, 0x0 (r3)
stmw r30, 0x8 (r1)

#~~~~~~~~~~~~~~~~~~~~~~~#
# Set ISFS Macro Prefix #
#~~~~~~~~~~~~~~~~~~~~~~~#

lis r26, 0x8016

#~~~~~~~~~~~~~~~~~~~~~~#
# Create the Directory #
#~~~~~~~~~~~~~~~~~~~~~~#

li r4, 0
li r5, 3
li r6, 3
li r7, 3

call_isfs ISFS_CreateDir

cmpwi r3, -105
beq- dir_already_exists

cmpwi r3, 0
blt- big_error

dir_already_exists:
li r29, -1

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Create File Name, Append it to File Pathway String #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

bl the_integer

.string "/%03d\0\0"

the_integer:
mflr r4
mr r23, r4

#~~~~~~~~~~~#
# Mega Loop #
#~~~~~~~~~~~#

#~~~~~~~~~~~~~~~~~~~~~~~~~#
# SprintF Setup Then Call #
#~~~~~~~~~~~~~~~~~~~~~~~~~#

mega_loop:
addi r29, r29, 1 #Increment File Name
mr r5, r29 #Move updated file name to r5's sprintf arg
mr r4, r23 #Place in Sprintf r4 arg
addi r3, r1, 0xD #This will point right after '/RMCX'

call_link sprintf
cmpwi r3, 0
blt- __error

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Create New File Based off new Name #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

addi r3, r1, 8
li r4, 0
li r5, 3
li r6, 3
li r7, 3

call_isfs ISFS_CreateFile
cmpwi r3, 0
blt- __error

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Open the newly created File with Write Permissions #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

addi r3, r1, 8
li r4, 2

call_isfs ISFS_Open
cmpwi r3, 0
blt- __error

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Write the File (Dump current 0x30000 bytes of Mem80) #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

#r3 already set from fd return
mr r24, r3 #Backup fd for ISFS_Close

addis r28, r28, 3 #ISFS_Write mem location r4 arg incrementer
mr r4, r28

lis r5, 3 #Sets r5 to 0x30000, bytes to write

#~~~~~~~~~~~~~#
# File Checks #
#~~~~~~~~~~~~~#

#For some reason the Wii Console (Dolphin not an issue) doesn't like to use ISFS_Write r4 Arg of 0x80000000
#This is a quick hacky way to bypass the problem. This can easily be optimized like crazy, but I'm lazy
#and threw this together really quick.

#Subroutine will have customized r3, r4, r5 return values suited for ISFS_Write

cmpwi r29, 0
beql- file_fix

call_isfs ISFS_Write

#~~~~~~~~~~~~#
# Close File #
#~~~~~~~~~~~~#

mr r3, r24
call_isfs ISFS_Close

#~~~~~~~~~~~~~~~~~~~~~#
# Decrement Mega Loop #
#~~~~~~~~~~~~~~~~~~~~~#

__error:
subic. r27, r27, 1
bne+ mega_loop

#~~~~~~~~~~~~~~~~~~~~#
# Return to Wii Menu #
#~~~~~~~~~~~~~~~~~~~~#

big_error:
call_nolink Wii_Menu

#~~~~~~~~~~~~~~~~~~~~~~~~#
# Fix for 000 Subroutine #
#~~~~~~~~~~~~~~~~~~~~~~~~#

file_fix:
mflr r30

mr r5, r3
li r4, 0x20

.if (region == 'E' || region == 'e')
lwz r5, -0x5CA8(r13)
.elseif (region == 'P' || region == 'p')
lwz r5, -0x5CA0(r13)
.elseif (region == 'J' || region == 'j')
lwz r5, -0x5CA0(r13)
.elseif (region == 'K' || region == 'k')
lwz r5, -0x5C80(r13)
.endif

lwz r5, 0x0024 (r5)

call_link Egg_Alloc

addi r7, r3, -4 #Set Storing Address
addi r4, r22, -4 #Set Loading Address

lis r5, 0xC000 #0xC000 words is 0x30000 bytes
srwi r5, r5, 16 #r5 = 0x0000C000

silly_loop:
lwzu r6, 0x4 (r4)
stwu r6, 0x4 (r7)
subic. r5, r5, 1
bne+ silly_loop

lis r5, 3
mr r4, r3 #Put Heap pointer in r4 for ISFS_Write arg
mr r3, r24 #Put fd back into r3

mtlr r30
blr #Exit subroutine

#

#~~~~~~~~~~~~~~#
# END ASSEMBLY #
#~~~~~~~~~~~~~~#
Reply
#2
I'm out of town atm, so I can't test this on a real Wii. It works on Dolphin. If somebody can test this, that would be great. Be sure to read all the instructions before running the code.

This could be useful for those who don't have Dolphin and need RAM Dumps.
Reply
#3
This is cool
(10-14-2019, 11:55 PM)Vega Wrote: Was lucky enough to be one of few to learn proper ASM. Now I just post random garbage on Make it to a 1000 thread.
Was lucky enough to be one of few to learn proper ASM. Now I'm writing codes that I hope amaze!  Tongue
Reply
#4
I had somebody test the code for me and it's not working on the Wii console. It creates the file '000' (out of 128 total) and has no data. I think I already know what the problem is. The Wii doesn't like it when you use the very beginning of virtual memory (0x80000000) for an ISFS_Write function.

Will probably have to do something 'hacky' to get around this.
Reply
#5
Bump. Threw in a quick 'hacky' patch to bypass the ISFS_Write issue. Code now works on the Wii Console. To other Code creators, you will see a crap ton of optimization issues. I didn't wanna spend much time doing this silly patch. Feel free to optimize it. If you do, let me know, and I'll add you to the credits.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)