News: 11 March 2016 - Forum Rules

Author Topic: Make a game genie code permanent?  (Read 13054 times)

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Make a game genie code permanent?
« on: February 11, 2012, 04:23:49 pm »
Yeah... So... I have a game genie code I want to use for NHL 94.
I'd just edit the hex data, but apparently the hex location is "not within rom range"
I'm assuming that means it can't be edited in a hex editor...
I tried looking for the hex location and it's not there =\
I was told this on another website:
Ah, the SNES uses a weird system of memory "banks" that make addresses strange.

http://en.wikibooks....SNES_memory_map

Unfortunately, the 7E bank is RAM bank, not a ROM bank (those start at 80), so this hack is not applicable to the ROM :(

Sorry, looks like this was a dead-end..

So can I edit the memory banks? Or just have a game genie code constantly on a game?

This will be put on a Game Doctor, so something like "Make it on for your emulator" won't work.
I won't be using an emulator...

Ryusui

  • Hero Member
  • *****
  • Posts: 4989
  • It's the greatest day.
    • View Profile
    • Tumblr
Re: Make a game genie code permanent?
« Reply #1 on: February 11, 2012, 05:26:31 pm »
Use a debugging emulator - in this case, Geiger's Snes9x Tracer. Find the memory address that the Game Genie code changes, set a write breakpoint to that address, and then work backwards to find where the value was originally loaded from, or how it was arrived at in the first place. Best-case scenario, it's a hard-coded value loaded from elsewhere in the ROM; worst-case scenario, it's calculated by the code and you'll need to do some hacking in order to make it work.
In the event of a firestorm, the salad bar will remain open.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #2 on: February 11, 2012, 06:34:48 pm »
What's a set write breakpoint?

Ryusui

  • Hero Member
  • *****
  • Posts: 4989
  • It's the greatest day.
    • View Profile
    • Tumblr
Re: Make a game genie code permanent?
« Reply #3 on: February 11, 2012, 06:42:52 pm »
Breakpoints are a debugging function that allow you to halt execution when a condition is met. In this case, you can set a write breakpoint to the address that the Game Genie code changes - this will pause the game when it tries to write to that same address. Then you can trace the code to figure out where the value written to that address came from in the first place. Once you do, you can make the Game Genie code permanent by changing the value that the game itself stores into that memory address.
In the event of a firestorm, the salad bar will remain open.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #4 on: February 11, 2012, 06:47:31 pm »
Use a debugging emulator - in this case, Geiger's Snes9x Tracer. Find the memory address that the Game Genie code changes, set a write breakpoint to that address, and then work backwards to find where the value was originally loaded from, or how it was arrived at in the first place. Best-case scenario, it's a hard-coded value loaded from elsewhere in the ROM; worst-case scenario, it's calculated by the code and you'll need to do some hacking in order to make it work.
I downloaded Geiger's Snes9x tracer, got the memory address the game genie code changes, set a write breakpoint to that address then it came up with this:
$9F/E42B 99 94 1C    STA $1C94,y[$9F:1C94]   A:0000 X:0000 Y:0000 P:envmxdiZC

Now...What...?

justin3009

  • Hero Member
  • *****
  • Posts: 1664
  • Welp
    • View Profile
Re: Make a game genie code permanent?
« Reply #5 on: February 11, 2012, 06:59:44 pm »
Go backwards.  The offset is 9FE42B.  Go back maybe 20 bytes so it's 9FE40B and see if there's a hardcoded value like "A9 xx" or something.  If it's like that, change the A9 xx to what the last 2 bytes of the code would be.
'We have to find some way to incorporate the general civilians in the plot.'

'We'll kill off children in the Juuban district with an infection where they cough up blood and are found hanging themselves from cherry blossom trees.'

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #6 on: February 11, 2012, 07:10:28 pm »
9FE42B as an offset can't be found.
The game was made in '93.
Maybe that has something to do with it? Smaller file?

FinS

  • Full Member
  • ***
  • Posts: 192
    • View Profile
    • nothing much
Re: Make a game genie code permanent?
« Reply #7 on: February 11, 2012, 07:11:49 pm »
Best thing to do is log the code up to your break point. Get real close to it (within micro seconds) then place a check next to "cpu" under logging. Then run up to the break point and step into it once to be sure to get the last instruction and uncheck cpu to finish the log. If the instruction you are looking for is very far away this is the way to find it.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #8 on: February 11, 2012, 07:15:27 pm »
The option I want to adjust is in the pause menu.
So the game is paused...
I change from "off" to "on"
Currently the breakpoint is set to write, and it's currently at default on due to the game genie code. (The game loads with default off, completely unedited).
I'm not getting any offsets that can be edited via hex editor, and, while, I'm not the best at this, I have done hex editing, and edited the game a bit, so I'm not completely oblivious.
I'm highlighted over the pause screen option. I click "Log cpu" I click "Step into" I unclick "Log Cpu" I check my logs, nothing is recorded >>!?!?!

$9F/E42B 99 94 1C    STA $1C94,y[$9E:1C94]   A:0000 X:0000 Y:0000 P:envmxdiZC
$80/B26F AD BC 07    LDA $07BC  [$7E:07BC]   A:0003 X:FFFF Y:2520 P:envmxdizc
$80/B26F AD BC 07    LDA $07BC  [$7E:07BC]   A:0003 X:FFFF Y:2520 P:envmxdizc
$80/B26F AD BC 07    LDA $07BC  [$7E:07BC]   A:0003 X:FFFF Y:2520 P:envmxdizc
$80/B26F AD BC 07    LDA $07BC  [$7E:07BC]   A:0003 X:FFFF Y:2520 P:envmxdizc
$80/B272 18          CLC                     A:210C X:FFFF Y:2300 P:envmxdizc
$80/B272 18          CLC                     A:210C X:FFFF Y:2300 P:envmxdizc
$80/B272 18          CLC                     A:210C X:FFFF Y:2300 P:envmxdizc
$9F/E42B 99 94 1C    STA $1C94,y[$9E:1C94]   A:0000 X:0000 Y:0000 P:envmxdiZC

FinS

  • Full Member
  • ***
  • Posts: 192
    • View Profile
    • nothing much
Re: Make a game genie code permanent?
« Reply #9 on: February 11, 2012, 07:26:38 pm »
There is a folder in the debugger folder called "logs". It should be in there.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #10 on: February 11, 2012, 07:28:56 pm »
yeah it's not in there dude.

FinS

  • Full Member
  • ***
  • Posts: 192
    • View Profile
    • nothing much
Re: Make a game genie code permanent?
« Reply #11 on: February 11, 2012, 07:36:38 pm »
I think I see what's going on. You may not have understood what I meant when I said run up to the break point, but I mean to get real close to your break point then,

1 check the "cpu" log
2 hit the "Run" button on the debugger
3 hit the "step into" button
4 uncheck the "cpu" logger

This should create a log of everything up to your breakpoint.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #12 on: February 11, 2012, 07:47:30 pm »
I've followed everything you said step by step, not getting a log.
Should I not have the breakpoint set?

I turned off the cheat... And it got me the logs apparently. +_+

Never mind, it's because I had something in trace from.
Alright, so I have 5 enormous logs.
Now what?

FinS

  • Full Member
  • ***
  • Posts: 192
    • View Profile
    • nothing much
Re: Make a game genie code permanent?
« Reply #13 on: February 11, 2012, 07:57:36 pm »
The logs are numbered. The last one should contain what you want. The final instruction in the log should be $9F/E42B and you need to follow the value from that instruction backwards to see what needs to be done.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #14 on: February 11, 2012, 08:05:19 pm »
Hoooo man I'm so confused.
I appreciate the help but I'm lost.
64jrgnhjfnh65yrk yj

FinS

  • Full Member
  • ***
  • Posts: 192
    • View Profile
    • nothing much
Re: Make a game genie code permanent?
« Reply #15 on: February 11, 2012, 08:16:21 pm »
Ok, you got 5 ginormous logs with numbers on the end like 0001.log, 0002.log, 0003.log. If you logged the cpu up to your breakpoint then the instruction you are looking for should be near the end of the last log. So you could pastebin the final lines, not the whole log of course because that would be too much. Then I could see and maybe have a better idea of what you need to do.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #16 on: February 11, 2012, 08:37:41 pm »
$9F/BAF8 CA          DEX                     A:0A3D X:0004 Y:0400 P:envmxdizc
$9F/BAF9 CA          DEX                     A:0A3D X:0003 Y:0400 P:envmxdizc
$9F/BAFA 10 F9       BPL $F9    [$BAF5]      A:0A3D X:0002 Y:0400 P:envmxdizc
$9F/BAF5 68          PLA                     A:0A3D X:0002 Y:0400 P:envmxdizc
$9F/BAF6 95 89       STA $89,x  [$00:008B]   A:009F X:0002 Y:0400 P:envmxdizc
$9F/BAF8 CA          DEX                     A:009F X:0002 Y:0400 P:envmxdizc
$9F/BAF9 CA          DEX                     A:009F X:0001 Y:0400 P:envmxdizc
$9F/BAFA 10 F9       BPL $F9    [$BAF5]      A:009F X:0000 Y:0400 P:envmxdiZc
$9F/BAF5 68          PLA                     A:009F X:0000 Y:0400 P:envmxdiZc
$9F/BAF6 95 89       STA $89,x  [$00:0089]   A:EE0F X:0000 Y:0400 P:eNvmxdizc
$9F/BAF8 CA          DEX                     A:EE0F X:0000 Y:0400 P:eNvmxdizc
$9F/BAF9 CA          DEX                     A:EE0F X:FFFF Y:0400 P:eNvmxdizc
$9F/BAFA 10 F9       BPL $F9    [$BAF5]      A:EE0F X:FFFE Y:0400 P:eNvmxdizc
$9F/BAFC A6 87       LDX $87    [$00:0087]   A:EE0F X:FFFE Y:0400 P:eNvmxdizc
$9F/BAFE A6 95       LDX $95    [$00:0095]   A:EE0F X:0258 Y:0400 P:envmxdizc
$9F/BB00 6B          RTL                     A:EE0F X:EC94 Y:0400 P:eNvmxdizc


$9F/E630 22 83 85 80 JSL $808583[$80:8583]   A:EE0F X:EC94 Y:0400 P:eNvmxdizc


$80/8583 48          PHA                     A:EE0F X:EC94 Y:0400 P:eNvmxdizc
$80/8584 AD 64 07    LDA $0764  [$9E:0764]   A:EE0F X:EC94 Y:0400 P:eNvmxdizc
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdizc
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/8587 CD 64 07    CMP $0764  [$9E:0764]   A:1999 X:EC94 Y:0400 P:envmxdiZC
$80/858A F0 FB       BEQ $FB    [$8587]      A:1999 X:EC94 Y:0400 P:envmxdiZC

Any chance you just wanna do it for me ? :D
« Last Edit: February 11, 2012, 08:52:01 pm by Pornchai »

Ryusui

  • Hero Member
  • *****
  • Posts: 4989
  • It's the greatest day.
    • View Profile
    • Tumblr
Re: Make a game genie code permanent?
« Reply #17 on: February 11, 2012, 08:57:02 pm »
Look in the logs for the address you originally broke at - $9F/E42B.
In the event of a firestorm, the salad bar will remain open.

Pornchai

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Make a game genie code permanent?
« Reply #18 on: February 11, 2012, 09:01:12 pm »
Could not find.

Ryusui

  • Hero Member
  • *****
  • Posts: 4989
  • It's the greatest day.
    • View Profile
    • Tumblr
Re: Make a game genie code permanent?
« Reply #19 on: February 11, 2012, 09:05:15 pm »
Then search for the memory address (just the last four digits, just to be safe).
In the event of a firestorm, the salad bar will remain open.