This is a tutorial on how to poll your controllers for button presses, so you can use the values for a trainer. This tutorial assumes you know how to open an xex file in IDA Pro and know how to already make a trainer. This tutorial will just tell you how to get the values that are contained in each register when people press buttons on their controllers. It is still unknown by me on how to get values for triggers on wireless controllers though. Perhaps when I get my own actual wireless controller I can do some more testing on it.
Ok, we will use the default.xex file for Dead Rising 2 for this tutorial. This is the original xex, except this one has been set to debug. The first step is to load the xex file into IDA Pro using xorloser's plugins. Next, go to the Function window and look for the "XamInputGetState" function:
Once you find that function, you double-click on it, and you will be taken to the function and you will see this on the screen:
Next you will double-click on this highlighted area here, which will take you to the function that calls this function:
Now we are at function sub_826A11C0:
You'll notice that this has two functions that call it:
I have decided to go with the bottom calling function, which I have highlighted:
So double-click that and it takes you to an actual function that should always get called now, but I have highlighted the function call that calls the controller stuff:
Now the function AFTER the return from the controller function is where we can hook in and get the values, and I've highlighted that here:
So you would put a branch function, to wherever you are branching to, then make sure you include "cmplwi %r3, 0" BEFORE you return to 828B50C0.
Now to let you know what the values should be to look for at this point.
First things first. If r3 is NOT 0, then return control back and do nothing, as the function is doing something other than polling the controllers at that point. If r3 is NOT 0, it is NOT checking the controllers. This is useful, because if r3 is 0, you can use r3 for whatever use you want, as long as you set the value of r3 back to 0 before returning control back to game and performing the "cmplwi %r3, 0" function. This is also true for the other registers, just make sure after you check them, and use them for other things, that you set them back to what they are, or if you notice later on in the function if a value will be loaded into a register, it won't matter anyway, as in the case of r11, which has a value loaded into it later on in the function, whether it jumps or not.
Ok, now that you know that r3 determines if it's actually polling the controllers if it is zero, I'll list all the important registers and the values they will contain:
r3 = 0 (This means that the game is actually checking your controllers)
r10 = 0 (when a face button is pressed, not trigger though) (Wired and Wireless)
r5 = left trigger value (00 - FF) (Wired ONLY)
r7 = right trigger value (00 - FF) (Wired ONLY)
r11 = value of button presses (do a cmplwi on it)
r6 = value of button presses (Wired ONLY, better to just use r11 anyway)
Button Press Table (Add values together if pressed together):
D-Pad Up: 1
D-Pad Down: 2
D-Pad Left: 4
D-Pad Right: 8
Start = 10
Back = 20
LSB = 40
RSB = 80
LB = 100
RB = 200
A Button = 1000
B Button = 2000
X Button = 4000
Y Button = 8000
e.g. Back + LB + X = 4120
I hope this explains the process well enough, and these values are correct and true for ALL games. I've checked multiple games and they've ALWAYS had these values, and ALWAYS used the same registers. If you need any further clarification, just ask. If you need further help on making an actual trainer though, don't ask.