Kodewerx

There's a new emulator (Gens 9.5b) that lets you search SH2 memory (Sega 32x). 32x games use regular Genesis "FF" type RAM, and they also use special SH2 memory. I've spent many hours playing around with this new emulator and using the SH2 memory addresses that I found in the regular Gens 2.11 32x debugger.

I adopted Chemist's method of using save states and tracing through lines of code in the Gens 68000 debugger and got it to work with the 32x debugger. I finally have a working 32x assembly hack for Knuckles Chaotix 32x.

I've been able to make a lot of Game Genie codes for Knuckles Chaotix 32x, but I could never make any GG codes for the special stages. The main reason was because none of the useful RAM addresses used in the special stages were in the FF0000 to FFFFFF range. The special stages use mainly SH2 memory instead.

Anyways, the bad news is that as of now, Game Genie codes that modify areas of the ROM that are specifically for the 32x won't work in Gens. The good news is that you CAN hack the codes into the 32x ROM...


Knuckles Chaotix 32x (5/NTSC version only, will not work on A/PAL version)

This hack will make it so that you don't lose any rings because of
time in special stages (you normally lose 1 ring about every second).
Don't let your ring count go over 255 or else you may "time out".


Open up your Knuckles Chaotix ROM (5/NTSC version) with a hex editor
(your ROM must be in "bin" format). Hack the following codes into
your ROM...


32x Master Code (bypasses 32x checksum routine)(see note below)
$07CC:6002


Don't lose rings (from time) in special stages
$07D31C:7000


===================================

The "7000" in the second code is a 32x instruction. You can modify it so your ring count goes up or down with time.

7000 = add #00, r0

7001 = add #01, r0

7002 = add #02, r0

70FF = add #FF, r0 (this would subtract 1)

70FE = add #FE, r0 (this would subtract 2)

Be warned that if your ring count goes above 255 while in a special stage, you will "time out".

====================================

Side note:

It appears that the 32x part of the ROM uses a different checksum routine than the regular Genesis 68000 part. I also found that several 32x games can have their checksum routines disabled with the same code/hack: $07CC:6002. As far as I can tell, this code/hack only needs to be done if you hack areas of the ROM that are specifically for the 32x.

If any one has some 32x knowledge, please let me know, I've got LOTS of questions.

Only took me 2 frigin' hours to figure out I had to use the sub/slave 32x debugger for this one...

Kolibri 32x

Open up your Kolibri 32x ROM with a hex editor (must be in "bin"
format). Hack the following codes into the ROM...

32x Master Code
$07CC:6002


Protection from most damage (toad can still kill you)
$0925C6:7100

=====================================

BTW, here's a link for Gens 9.5b....

http://www.homeactionreplay.org/info/

It can search 32x RAM addresses as well as Sega CD RAM, and it has a memory tracer and 68000 assembly trace logger.

I moved this out of the Game Hacking Development forum, which is for documentation and programs. I wasn't sure if it would fit well in the actual code forum, because your posts contain mostly information and not just codes. So here it is, in Hacking Jargon.

_________________
I have to return some video tapes.

Feed me a stray cat.

The 32X sucked, few games were okay.

See why

_________________

WWDD? - What Would Dale Do?

The 32x sucked? Are you sure? Damn, I wish you would have told me that before I spent all that time making those 32x ROM hacks. I didn't believe you at first, but after clicking on your "See why" link, that really convinced me. lol.

Knuckles Chaotix and Kolibri are actually two of the better games available for 32X. The NBA Jam T.E. and Mortal Kombat 2 ports are also good; both very close to the original arcade games, and both completely owning the SNES and Genesis versions.

_________________
I have to return some video tapes.

Feed me a stray cat.

Yep, there were several good 32x games. I hope the sarcasm in my previous post was obvious enough.

Shadow Squadron was one 32x game I really wanted to make some ROM hacks for, but Gens 9.5b doesn't seem to be able to run it (which seems odd because it works on other versions of Gens). Now that I think about it, maybe an asm trace log will shed some light on why it won't run.

I do all of my 32X emulation in Kega Fusion. Definitely my choice in Genesis emulators. Last I talked to Steve Snake about adding a public debugger, he thought it would be a good idea. But then again, this was about 3 years ago.

_________________
I have to return some video tapes.

Feed me a stray cat.

Finally got the Shadow Squadron 32x problem resolved...

Shadow Squadron / Stellar Assualt 32x

Open up your Shadow Squadron 32x ROM with a hex editor (must be in
"bin" format). Hack the following codes into the ROM...


$07CC:6002
32x Master Code


$116572:0009
Blasts from the large ship guns won't hurt you. Works on either
"Feather 1" or "Feather 2".


$10D1A2:0009
The "Feather 1" ship won't use up any fuel when you use the special
weapon (special weapon is activated by double tapping the "A" button
and holding it on the second tap). Doesn't work on "Feather 2" ship.

=========================

In case anyone was wondering, the "0009" 32x instruction in those 2 codes is our good friend Mr. NOP.

Some interesting things I've noticed about the 32x...

It appears that all 32x instructions are only 2 bytes (meaning there are no operands). A little hard to get use to after spending so much time with 6502, 65c816 and 68k.

While trying to figure out why Shadow Squadron wouldn't run, I made an assembly trace and found what appears to be how the 68k goes into "32x mode" (I have no idea what it's really called, but the 68k only does this with 32x games).

00:04BE 4E D0 JMP (A0) A0=00FF0000 A1=00FF0020 A2=00C00011 A3=00000512 A4=FFFFFFC0 A5=00A10000 A6=00000000 A7=00FFEE00 D0=00000000 D1=00000000 D2=0000FFFF D3=00000000 D4=00000000 D5=00000000 D6=00000000 D7=00000100 xnzvc

FF:0000 1B 7C MOVE.b #$01,$5101(A5) A0=00FF0000 A1=00FF0020 A2=00C00011 A3=00000512 A4=FFFFFFC0 A5=00A10000 A6=00000000 A7=00FFEE00 D0=00000000 D1=00000000 D2=0000FFFF D3=00000000 D4=00000000 D5=00000000 D6=00000000 D7=00000100 xnzvc

FF:0006 41 F9 LEA ($000006BC),A0 A0=00FF0000 A1=00FF0020 A2=00C00011 A3=00000512 A4=FFFFFFC0 A5=00A10000 A6=00000000 A7=00FFEE00 D0=00000000 D1=00000000 D2=0000FFFF D3=00000000 D4=00000000 D5=00000000 D6=00000000 D7=00000100 xnzvc

FF:000C D1 FC ADDA.L #$88,A0 A0=000006BC A1=00FF0020 A2=00C00011 A3=00000512 A4=FFFFFFC0 A5=00A10000 A6=00000000 A7=00FFEE00 D0=00000000 D1=00000000 D2=0000FFFF D3=00000000 D4=00000000 D5=00000000 D6=00000000 D7=00000100 xnzvc

FF:0012 4E D0 JMP (A0) A0=008806BC A1=00FF0020 A2=00C00011 A3=00000512 A4=FFFFFFC0 A5=00A10000 A6=00000000 A7=00FFEE00 D0=00000000 D1=00000000 D2=0000FFFF D3=00000000 D4=00000000 D5=00000000 D6=00000000 D7=00000100 xnzvc

88:06BC 41 F9 LEA ($00FF0000),A0 A0=008806BC A1=00FF0020 A2=00C00011 A3=00000512 A4=FFFFFFC0 A5=00A10000 A6=00000000 A7=00FFEE00 D0=00000000 D1=00000000 D2=0000FFFF D3=00000000 D4=00000000 D5=00000000 D6=00000000 D7=00000100 xnzvc


Hopefully, someone will make a 32x assembly tracer someday.

================================

In case anyone wants to know how to make 32x ROM hacks (I'm sure there are thousands of people. lol), here's a quick guide...

Use Gens 9.5b to find the SH2 memory address (32x RAM).

Use regular (non modded) Gens 2.10 (or any version that has the 32x debugger) and open your 32x ROM.

We'll use Shadow Squadron as an example. The SH2 memory address for damage/shield is $061CE19. Remove the "06" from the address to get the actual RAM address used in the debugger: 1CE19.

Once the game is running, wait until your ship is just about to take some damage and press F5 to make a save state. The closer to the exact point when you'll actually take damage the better. Enter the 32x debugger. Look in the SH2 memory section of the debugger and use these keys to find the SH2 memory address that you found earlier:

Memory (RAM) Window Movement Keys:
R-Up 1 Line
F-Down 1 Line
E-Up 12 Lines
D-Down 12 Lines
W-Up 144 Lines
S-Down 144 Lines

Once you can see the value for your RAM address, all you have to do is start tracing through lines of code until your RAM address changes. Find the exact line of code that caused the RAM address to change, and you have your hack (almost).

Here's the keys to use to trace through the code...

Debugger Tracing Keys:
T - Trace 1 command
Y - Trace 10 commands
U - Trace 100 commands
I - Trace 1,000 commands
O - Trace 10,000 commands
P - Trace 100,000 commands

If you go past the line of code that caused the RAM address to change, press F8 to reload the save state.

There is one fairly big problem though... many games will go into an endless loop when you enter the debugger and try tracing. If you're familiar with 32x assembly, this should be no problem, but if you're like me and know very little 32x asm, here's how to get out of those endless loops...

Trace one line of code at a time (the "T" key) and look for something like this: "bf 02xxxxxx" or "bf/s 02xxxxxx". When you get to that line, press the "N" key to step over that instruction. You may have to do this more than once.

One last thing, the ROM/CPU address shown in the 32x debugger isn't the actual ROM address. If it begins with "02xxxxxx", then you can usually just ignore the "02" for the actual ROM address, but if it begins with "06xxxxxx", you'll need to write down a string of numbers (32x opcodes) and search for that string in the ROM.

Since there are no operands, NOP will work in many situations to kill additions, subtractions, etc (0009 = NOP).

Don't forget to hack the 32x master code into your ROM or else you'll get a blank screen.