Kodewerx

I am currently hacking a nintendo 64 emulator game(mupen re-recording)

I'm having trouble with some things:

1. I've found the code which stops bombs from exploding-->


the code in RAM is 00B5A598

I've successfully NOP'd the hit address which WRITES to it (102FCF50).

But now, how do I find the address which is NOP'd so I can put it in the main program, so the address is permanently NOP'd?

This is because the address in RAM, which stops bombs from exploding, only works on 1 stage in VS mode. I want bombs to -not- explode on all stages. NOPing the selected address in the screenshot above accomplishes this.
But is there a way to get another code which I can add so it is permanently NOP'd...

Anyone can help? Thanks!

If not, can Renegade64 set breakpoints or find what writes to a specific address?

Thanks if anyone can help!

It looks like you're doing what I did and debugging the emulator itself, but not the game. This isn't a bad approach (I've done plenty of nice work this way), but you have to be able to translate between the emulator's execution and the game's by keeping track of the game's Program Counter.

Emulators will always store variables like the program counter and other registers SOMEWHERE in the RAM. There a number of ways to find the PC, one of which is to abuse the ASM of the game that you DO know to write bogus plug in ASM that reads from an address without actually doing anything with that data.

If the address is one the game doesn't even use (and it should be) then you set a watch point for reads of that address with a guarantee that only the result you want will appear.

From there, set a break point on the emulator's instruction that handles that read, and then use a cheat search to search for PCs equal to or at least near (sometimes the PC isn't exactly equal to that of the instruction being emulated, when using dynamic recompiling cores, like you are) the address of the instruction you wrote to read that address. Keep in mind that I'm talking about the PC of the game, and not the emulator.

Doing the above just twice should give you just a handful of possible addresses, and likely only one of those addresses will be changing as often as the actual PC would be. That's your PC.

From then on, if you set a break point on say, that nop you found, checking the PC should bring you very close to the actual MIPS instruction (MIPS for N64, since you're using Mupen) that you're looking for.

I personally prefer to debug things using Project 64, and have a good set of instructions on how to do this with a program called Cheat Engine here.

_________________

TL;DR: Hacking games by debugging the emulator is difficult, and what you're doing is buggering with the emulator itself. It's far easier to use an emulator with a built-in debugger, unfortunately the only one I know of is Nemu.

_________________
143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!

Maybe the first time. After that, you already have enough information that it becomes streamlined.

What would you rather do, wait for Nemu to start working, or just use PJ 64 and go through a tiny bit more effort than you're used to? The health of your head, from lack of head desking at Nemu, will steadily rise with the latter method.

Now if you're talking about emulating something other than N64, in which Nemu would no longer apply, then yeah, it's probably better to just find a real debugging emulator. That's still not always easy. No$ costs money for some reason. Even the stripped down home version. :/ "No$" my ass...

_________________

Yeah, it costs money because the author is a fuck up idiot. It has nothing to do with the emulator's feature set.

_________________
I have to return some video tapes.

Feed me a stray cat.

Agreed. That guy has some serious issues. (Protip: put more effort into debugging than copy protection.)

Also, the SVN version of Mupen64plus apparently has a debugger (and a Linux version, in fact I don't think the Windows version has it yet), but I haven't been able to compile it with the debugger enabled.

_________________
143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!

Mupen has always had a debugger in the GTK+ flavor. I don't particularly care for it, myself, but it's always been there...

Also: viewtopic.php?f=11&t=5241 (Maybe people care enough to actually do something other than complain?)

_________________
I have to return some video tapes.

Feed me a stray cat.

So you've come up with this idea and decided on a protocol... so what do you want us to do?

_________________
143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!

No, I haven't decided on a protocol, that's the thing. The whole thing needs work. But it would fix all these problems with emulators and debugging, if it could be implemented properly.

_________________
I have to return some video tapes.

Feed me a stray cat.

What's wrong with RFC 909?

_________________
143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!

For one thing, it doesn't explicitly support 64-bit address ranges. You can extend it to do so, but that makes the standard not-so-standard. I don't know how much I can honestly appreciate that fact.

The other problem with it is that (as far as I know) there are no existing implementations of it. That means it has had no real-world testing as a viable protocol. It also means we will have to implement it ourselves, probably as a shared/static library. Ultimately, it will be extraordinarily time consuming to implement RFC-909 to its complete spec and fully test it.

_________________
I have to return some video tapes.

Feed me a stray cat.