Kodewerx

Our culture has advanced beyond all that you could possibly comprehend with one hundred percent of your brain.
It is currently Thu Mar 28, 2024 1:55 am

All times are UTC - 8 hours [ DST ]


Forum rules





Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Mon Sep 15, 2008 10:29 am 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
These might be wrong, as I converted them from addresses given to me by Cheat Engine.

To help my case, here's an example of one code I hacked:

Time remaining in level - VBA's cheat search claims that this variable is stored at 01:CA00. However, when I found the same variable in Cheat Engine and looked at the pointer the emulator was accessing that variable with, it matched the pointer that the emulator had used in the past for accessing addresses in the 0xD000 through 0xDFFF range.

So, I'm posting the address as 0xDA00.

Here's the stuff I found in the short time it took me to beat the game using Cheat Engine:

Code:
0xC0A0 - Word of score (BCD)

0xC0D3 - Byte of star power remaining

0xDA00 - Halfword of time remaining (format unknown)

0xDA15 - Byte of lives (BCD)

0xFFFA (RAM) - Byte of coin count (BCD)

At the least, for the values that are BCD it should be easier to locate yourself knowing that they are in BCD format.

Note that the coin count appears to be in the I/O area (it would explain why the cheat search couldn't find it. I dictate that it's in the I/O area because the variable was accessed using the pointer the emulator had used for that area in the past).

_________________
Image


Last edited by Hextator on Thu Sep 18, 2008 10:50 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 17, 2008 10:22 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
I actually found the coin counter ages ago, and had the same problem using real hardware. Gameshark wouldn't search the I/O area, while Codebreaker would.

01:CA00 doesn't make much sense, because only GBC has banked RAM, and that's at Dxxx. Cxxx is generally considered to be bank 0.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 18, 2008 8:45 am 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
Well there you go. 0xDA00 probably really is what VBA calls 01:CA00 then.

Anyhow, I can't test any of the codes myself right now because I don't have the game.

It'd be nice if someone else could. >.>

Edit:

I went and tested my codes.

They all work.

Even the I/O address was correct, but of course, that means there can't be a code for it.

Code:
0xC0A0 - Word of score (BCD)

Max Score:

0199A0C0
0199A1C0
0199A2C0

0xC0D3 - Byte of star power remaining

Infinite Star Power:

0140D3C0

0xDA00 - 3 Byte array of time remaining (little endian)
   Order is:
      Frame count
      Low second count (BCD)
      High second count (BCD; 100s place)

Infinite Time:

019901DA
010902DA

0xDA15 - Byte of lives (BCD)

Infinite Lives:

019915DA

0xFFFA (RAM) - Byte of coin count (BCD)

Can't be overwritten by codes. :/

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 18, 2008 5:03 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
I'm sure the GS was able to write to I/O (and CB definitely was), it just wouldn't search there.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 18, 2008 5:10 pm 
Offline
Komrade
Komrade

Joined: Tue Mar 27, 2007 10:18 am
Posts: 1328
Really? How?

I'm pretty sure VBA would complain about

0199FAFF

Though if you ask me, VBA doesn't emulate cheat devices all too well anyway.

_________________
Image


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 21, 2008 12:15 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
No, it doesn't. I don't think GS did any sanity checking of its codes. You give it an address and value and it writes there. I don't have one around to test (maybe should buy the $5 one at the pawn shop), but I bet something like 01xx0020 would crash a lot of games, by making them unexpectedly switch ROM banks.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 115 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group