Mario Kart Wii Address Map (WIP)
#1
Information 
Mario Kart Wii Code Address Map (WIP)

This is an informative work-in-progress map of the addresses of known parts of the game, such as physics, timers, and such.
It also lists what the known values of registers at the addresses are for, as well as how these have been used in the past for codes. Lastly, only relevant and up-to-date addresses will be shown.



Vehicle Speed



Volderbeek Addresses:
NTSC-U = 0x805743C8
PAL = 0x8057AC2C
NTSC-J = 0x8057A5AC
NTSC-K = 0x80568C84

Known Registers:
Unknown

Summary:
Hook address for speed cap float that is ran through during live play.


JoshuaMK Addresses:
NTSC-U = 0x80571CA4, 0x80571CF4
PAL = 0x80578508, 0x80578558
NTSC-J = 0x80577E88, 0x80577ED8
NTSC-K = 0x80566560, 0x805665B0

Known Registers:
f1 = Base Speed
f0 = Max Speed

Summary:
Hook address for speed cap + speed base floats that is read from once during race boot.


Hamster35000vr Addresses:
NTSC-U = 0x8088D550
PAL = 0x80891A68
NTSC-J = 0x808910B8
NTSC-K = 0x8087FE70

Summary:
Memory Address for reverse speed float that is read from during live play.



Gravity



JoshuaMK Addresses:
NTSC-U = 0x80590400
PAL = 0x80596C24
NTSC-J = 0x805965A4
NTSC-K = 0x80584C7C

Known Registers:
f1 = Gravity float value

Summary:
Hook Address for per racer gravity changes through a special loop during live play.


Hamster35000vr Addresses:
NTSC-U = 0x808B1C80
PAL = 0x808B6540
NTSC-J = 0x808B56A0
NTSC-K = 0x808A49B8

Summary:
Memory Address for gravity float value that is read from during live play.



Handling



JoshuaMK Addresses:
NTSC-U = 0x80574220, 0x80574268, 0x805742C0
PAL = 0x8057AA84, 0x8057AACC, 0x8057AB24
NTSC-J = 0x8057A404, 0x8057A44C, 0x8057A4A4
NTSC-K = 0x80568ADC, 0x80568B24, 0x80568B7C

Known Registers:
f3 = Handling sharpness cap (First Address)
f0 = Drift(?) sharpness cap (Second Address)
f1 = Drift(?) sharpness cap (Third Address)

Summary:
Hook addresses used to modify the cap of turning sharpness. Needs a forced branch after third address if modifying the cap.
I found this function by reverse engineering a "master" float used for a lot of the games physics.



Boost Start



JoshuaMK Addresses:
NTSC-U = 0x8058E374, 0x8058F20C
PAL = 0x80594B98, 0x80595A30
NTSC-J = 0x80594518, 0x805953B0
NTSC-K = 0x80582BF0, 0x80583A88

Known Registers:
f0 = How long you've been charging up (First Address)

Summary:
Hook address to modify how long you've "charged" during countdown. Nopping the second address disables needing to hold the A button.



This can be edited by anyone wanting to add onto this, I just thought I would put this out there, with some of my addresses + a few others as a base. Tongue
(10-14-2019, 11:55 PM)Vega Wrote: Was lucky enough to be one of few to learn proper ASM. Now I just post random garbage on Make it to a 1000 thread.
Was lucky enough to be one of few to learn proper ASM. Now I'm writing codes that I hope amaze!  Tongue
Reply
#2
Timer (Time Trail Result Timer, Running Race/Battle Timer, Online Disconnection Timer etc) - 8053XXXX

Damage and such (Damage types, Power Invincibility, Damage Timer etc) - 8056XXXX

Online Part (Packet sending, more can be seem at Network Protocol on Custom Mario Kart Wiki) - 8063XXXX to 8066XXXX (possibly)

Items (Item glow, item functions, item size and such) - 8079XXXX

Buttons and such (Selection button, regions etc) - 8089XXXX

etc
Reply
#3
Nice thread. This could help pinpoint actual function calls and know what the args are so we can expand on the Symbol Map. Let's say for example you see that address 0x80786AAC is something for bloopers. After more analysis you find that r3 points to address that keeps a timer on the blooper squirt span and r4 is a mode type (like 1 is blooper to start, 2 is blooper squirts and 3 is blooper goes away.) That would be something to add to the symbol map.

The current symbol map only has functions (mostly generic Wii stuff) for the main.dol. It would be nice to actually get some game-specific physics-engine stuff. Ofc, get some software like IDA pro or Ghidra to help. http://mkwii.com/showthread.php?tid=1193

For any symbol map stuff please port it to PAL as that's the region the current symbol map is using. http://mkwii.com/showthread.php?tid=922

Check out Fish's code - http://mkwii.com/showthread.php?tid=1254

Notice how he sets up args and calls a function that is related to shooting out dropped items.

~Over 100 MKWii Cheat Codes created
~Main Time Updater for the MKWii Player's Page

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)