How to make Game Genie codes with a debugger (Version 0.7a)

Tony Hedstrom
       Original document written by:

       Tony Hedstrom   [email protected]

     http://www.angelfire.com/games2/codehut/

  http://codehut.gshi.org/  (no ads on this site)



How to use a NES/6502 debugger to make Game Genie codes

            Version 0.7a   Oct 17, 2003


This document will explain what is probably one of the
easiest ways to make NES Game Genie codes.  It is best
if you have some basic knowledge of 6502 assembly
language, but if you don't, that's OK.

Here are some of the reasons why a debugger is better
for making Game Genie codes than other methods I've
written about...

*No need to use a hex editor

*Don't have to worry about the $10 byte NES header

*Debugger will usually take you right to the correct
 address (hex editor usually takes MANY tries to find
 the right address).


There are 2 NES debuggers that I know of: NESten and
fceud.  They are both very useful tools, but I like 
fceud better, so that's the one I'll use for this 
tutorial.  You can also use fceuxd or any version that
has the debugger in it.

Here's a list of what you'll need:

1) FCEUD or fceuxd (NES debugger).  You can get a free 
copy from here: http://www.zophar.net/nes/fce-ultra.html

I'm using version 0.81.3

Also, make sure you get fceud or fceuxd (not fceu), 
because fceu doesn't have the debugger.


2) A copy of the ROM you want to make Game Genie codes
for.  Please don't ask me for ROMs.  Use your favorite
search engine, you'll find 'em.

NOTE:
In this tutorial, I'll be using Zelda 2 for an example.
I highly recommend that you get a copy (ROM) of Zelda 2
and follow along with the example.  There may be 2
different versions of that game, so if the addresses
(mentioned in the example) aren't the same, or if the
Game Genie code (mentioned in the example) doesn't work,
then you probably have a different version than mine.
You can download the same version I have from here:
vimm.net


3) A Game Genie to hex conversion program.  You can
download one for free from my web site (in the Download
section):   http://www.angelfire.com/games2/codehut/


OK, now that you have all of your goodies, lets get
started.  Please keep in mind that there are MANY 
different ways to program games, so the methods I
describe below may not work for your particular game.

For this example, I'm going to show you how to make an
infinite energy code for Zelda 2: The Adventures of Link

There was never an infinite energy code in the Galoob
Game Genie code book because the code had a small
problem... Although the code gives you infinite energy,
it also appears to give some bosses infinite energy as
well.  You can get around that problem by saving your
game BEFORE you fight a boss, then restart from your
save point with the code turned OFF.  But the code is
great for leveling up on the map screen.


Ok, if we're going to make an infinite energy Game Genie
code, the first thing we need to do is to find the RAM 
address for Links energy.  There are 2 ways to do this.
The first way is to find it yourself using the cheat
search programs in either of these emulators: NESten or
fceud.  You can get fceud from the address listed above,
or you can get NESten from zophar.net.  Instructions on
how to find cheat codes (RAM addresses) are included
with NESten, or you can go to my web site (the address
is above) and read "How to make SNES PAR codes" (in the
SNES section).  Although my doc was written for SNES,
the methods used are more or less the same for NES. 

The second way to find the RAM address is to find a web
site that has NES PAR codes.  A NES PAR code is just a
RAM address with a value added to it.  One good place to
find NES PAR codes is here:  http://thegshi.org/

At The GSHI site, go to the Codes section, then look in
either the "Nintendo" section or the "BSFree" section.  
If you go to the Nintendo/NES section, there are 2 listings
for Zelda II... One says "GG" and one doesn't.  We of
course want the one that DOESN'T say GG (GG stands for
Game Genie).  We want PAR codes, not Game Genie codes.
The very first code says:  "Infinite/Max Health" and the
code is:  000774 FF.   So the RAM address for links energy
is:  0774.  Easy enough.  The "FF" in that PAR code is the
value used for the code, but we don't need it.


Now that we have our RAM address (0774), fire up fceud.
Once fceud is running, load your Zelda 2 ROM.  Start
a new game so that Link is inside the temple.  Click on
"Tools / Debug".  A 6502 Debugger window will open.  On
the right side, click on "Add".  Where it says "Address"
type in your RAM address.  So for our example, we will
type in 0774.  Next, put a check in the "Write" box.
Now click "OK".  Then go back to the game and have Link
walk outside of the temple and walk off the road and
find an enemy so that Link will go into the battle
screen.  Walk right into an enemy so that Link will take
some damage.  As soon as Link touches an enemy, the game
should pause and bring up the 6502 Debugger screen.  The
reason this happened is because the game was trying to
change (subtract) Links energy.  What we did by typing
in 0774 into the address box was to set a "Breakpoint".
A breakpoint will pause the game and bring up the 
debugger screen anytime the game tries to change that
RAM address.  In our example, the game was trying to
change our RAM address (0774) because Link was hit by an
enemy, and it was trying to subtract some of his energy.

Now that the game has paused, and the debugger screen is
showing, lets see if we can find the info we need for
our Game Genie code.  This is where some knowledge of
6502 assembly language is really helpful, so if you know
basic asm, then you can easily look at the debugger
screen and figure out what's going on.  If you don't
know anything about 6502 assembly, then I'll just 
explain how to make the code without explaining much of
the assembly language.  Explaining 6502 assembly is way
beyond the scope of this doc.  If you really want to
learn about it, there are several good docs out there,
just use a search engine.

If you look at the very top left side of the debugger
screen, this is what you'll see: $E337:8D 74 07.  Most
of the info we need for our Game Genie code is right
there.  In short, what this is doing is trying to store
Links energy (which has just been subtracted from
because of the hit from the enemy) back into the RAM
address for Links energy 74 07 (which is really 0774).
So what we want to do is to make a Game Genie code to
prevent this from happening.  As I mentioned before, it
is beyond the scope of this doc to explain the why, so
I'll just explain how.  To prevent the game from 
completing the process of subtracting from Links energy,
all we need to do is to change the 8D to AD with a Game
Genie code.  So here's the info (mentioned above) from
the debugger screen: $E337:8D 74 07.  To make a Game
genie code, we need 3 parts: an address, a compare
value (or check value), and a data value (or code
value).  The first part of the Game Genie code (the
address) is E337.  The second part of the Game Genie
code (compare value) is 8D.  The third part of the Game
Genie code (the data value) is AD.  So this is what the
code does: It goes to the address (E337) and changes the
number there from 8D to AD.  It's a bit more complicated
than that, but that should help you understand what a
Game Genie code does.  Anyways, when we put our 3 parts
together, this is what we get:  E337 8D AD.  

If you're a little confused as to how I picked AD as the
third part of the hex code, here's an easy way to figure
it out... We know that a Game Genie code needs 3 parts,
but the debugger only gives us 2 parts.  To figure out
what the third part should be, just take the second part
of the code that you got from the debugger and find it
in the list towards the end of this doc and the list
will tell you what the third part should be.  In our
example, the code we got from the debugger was  E337:8D
so 8D is the second part of the hex code.  If you look
up 8D in the list below, it tells you that the 3rd part
should be AD, so the 3 parts are E337 8D AD.  


Now to get our Game Genie code, all we have to do is 
take the 3 parts from above and enter it into the Game
Genie to hex conversion program that I mentioned 
earlier.  Open up the GG to hex conversion program
(ggconv) and click on the "NES" button.  Where it says
"Hex Code" you will see 3 places to put numbers.  This
is where we put the 3 parts from above.  If you type
them in, this is what you get: 
E337 8D AD = SZUTYUSE.  So SZUTYUSE is our Game Genie
code for infinite energy for Zelda 2.  Now use your
favorite NES emulator that supports Game Genie codes,
or a real NES and a Game Genie and go test your code.


NOTES:
If you got different results than the example above
(ie. a different address than E337), then you probably
have a different version of Zelda 2.  You have 2 choices
in that situation... You can make a new code for your
version using the example as a guide, or you can get the
same version I have from vimm.net.  If you do have a 
different version, please email me and let me know where
you got the ROM, or let me know what the new code is.

Also, please remember that there are many, many
different ways to program a game, so I'm sure that some
of you will encounter a situation that's not mentioned
in this doc.  This doc is only meant to be a general
guide, so there's lots of info that's not in here.

To learn a little more about 6502 assembly language, and
how it's used in conjunction with the Game Genie, go to
my web site and read "Advanced code making tips".


-------------------------------------------------------

Here is a general guide to help you figure out what
6502 instructions you can use to replace others...
(or how to find the 3rd part of the Game Genie code)...

In the example above (Zelda 2), I said to replace the 8D
with AD.  These are both 6502 assembly instructions.
An "AD" tells the game to "load" the value from a RAM
address (in this case, Links energy) into a holding
area.  Once in the holding area, the game subtracts from
that number (because link was hit by an enemy).  Then
the "8D" tells the game to "store" the number from the
holding area back into RAM.  By changing that 8D to a
AD instead, the new value (the one that was subtracted
from) is never put back into RAM, so no energy is lost.
This will give Link infinite energy.  The Game Genie
code we made in the example above does just that, it
changes the 8D to an AD at address E337.

If you really want to know how to make Game Genie codes,
you should learn basic 6502 assembly langusge, but if
you don't feel like investing all that time in learning
asm, here is a list of replacement values to use when
making Game Genie codes.  Please keep in mind that these
replacement instructions below may NOT work in many
cases.  This is only meant to be a general guide to help
those who don't know any assembly language.


If 2nd part of the hex code is 85, the 3rd part is A5
If 2nd part of the hex code is 8D, the 3rd part is AD
If 2nd part of the hex code is 9D, the 3rd part is BD
If 2nd part of the hex code is C6, the 3rd part is A5
If 2nd part of the hex code is CE, the 3rd part is AD
If 2nd part of the hex code is D6, the 3rd part is B5
If 2nd part of the hex code is DE, the 3rd part is BD


If the second part of your hex code isn't listed above,
and you don't know what to use for the third part, or if
you tried the one listed above and it didn't work,
here's a little trick you can try... make the third part
of your hex code EA.  EA tells the game to do nothing.
Using EA as the third part of your hex code will
sometimes work, or it may cause all kinds of weird side
effects, but at least you'll know that you probably
have the right address, but the third part of the code
is wrong.  If the code does nothing, then you probably
have the wrong address.


------------------------------------------------------

Well, that's it.  I hope this doc helped at least one
person figure out how to use a debugger to make Game
Genie codes.  If you have any questions, you can email
me at:  

Tony Hedstrom   [email protected]

Also, be sure and visit my web site (The Code Hut) for
LOTS of "home made" Game Genie codes, and lots of info
for making them.

http://www.angelfire.com/games2/codehut/

http://codehut.gshi.org/  (no ads on this site)