Page 22 of 22 FirstFirst ... 1213141516171819202122
Results 211 to 217 of 217
  1. #211


    You're really close...

    FF:87FA 4A 78 TST.W ($F854) .... This is testing your inv flashing timer RAM address. The instruction right after this should be a conditional branch, and that is the one you want.

  2. #212
    Join Date
    Mar 2017


    Quote Originally Posted by Tony Hedstrom View Post
    You're really close...

    FF:87FA 4A 78 TST.W ($F854) .... This is testing your inv flashing timer RAM address. The instruction right after this should be a conditional branch, and that is the one you want.
    Hi Tony :
    Thans for your great help,
    after hours of search and learning ( complete new to 68K and programming )
    I figure the following code maybe important,
    but I can not understand,
    can you give me more instruction and hint ?
    thanks a lot !!!

    FF:87FA 4A 78 TST.W ($F854)
    condition code, set Z if ($F854)=0
    ( $F854 = inv time count ram address )
    FF:87FE 67 00 BEQ #$0014 [FF:8814]
    if $F854=0000, branch to ?? FF:8814 ?
    what is #$0014 means ?
    is it branch to FF:8828 ( 14+14 ? ) or something ?

    FF:8814 4A 79 TST.W ($FFFFCC02)
    compare ($FFCC02) with zero
    FF:881A 67 00 BEQ #$0006 [FF:8822]
    if yes, branch to FF:8822 ? ( what is $#0006 ? )
    Raw code FF8814:60 02 will incinvible, but loss joystick control...
    FF:8822 4A 78 TST.W ($F828)
    if Ram address $F828 = 0000 <-- ram address for inv or not inv ?
    if I bypass this code, change 4A 78 to 60 02,
    it will become invincible, but character still mild blurred and double vision, and can not get items
    check for collision ?
    FF:8826 67 00 BEQ #$002E [FF:8856]
    branch to FF:8856 ?

    FF:8856 61 00 BSR #$FAEC [FF:8344]
    branch subroutine go to FF:8344
    ( what is #$FAEC means ? )
    FF:8344 70 00 MOVEQ #$00,D0
    move 00 to D0 ? ( what address ? )
    FF:8346 12 38 MOVE.B ($FE20),D1
    D1 : 181C FFFF --> 181C FF00
    ( assume $FE20 = ram address for not invincible if = 00 )
    FF:834A 02 41 ANDI.W #$000F,D1
    $000F and $FF00 --> D1= 18EC 0000
    FF:834E 10 3B MOVE.B $08(PC,D1),D0
    program count 08 --> D0 ??
    FF:8352 12 38 MOVE.B ($FE20),D1
    D1 become 18EC 0000
    FF:8356 4E 75 RTS
    IF $FE20 is the ram address for invincibility ( 0 = not invincible ),
    How do I bypass the routine to set it to zero ?

    Thanks for your great help !!!
    I think I need more learning for X68, sorry...
    Last edited by dewen; 03-17-2017 at 09:39:22 AM.

  3. #213


    This should be your non flashing inv code. I don't have the ISO file, so I can't test it...

    FF87FE:6002 .... this code will make it so that it will never follow the "if equal to zero" branch, which should give you invincibility.

    FF:87FE 67 00 BEQ #$0014 [FF:8814].... The 0014 tells you how many bytes it will branch, and it shows you the address it is branching to in the brackets: [FF:8814]

  4. Thanks! dewen is thankful for this post
  5. #214


    Dewen, it looks like the method I mentioned (using "read" breakpoints for the flicker timer) is not correct. You'll need to search for the byte that determines if you're inv or not and then do a "read" breakpoint on that one. I think I got the two methods mixed up (haven't done that type of code in a while).

    Here are some tips on how to find the inv on/off byte...

    Usually, the inv on/off byte will be zero when off, and either 01 or FF when on. You can use this info to greatly narrow down your RAM search results. You can also look at the assembly trace log right where the flicker timer is being activated and see what other RAM addresses are being changed in that area. Here is a tip: The value that is loaded for the flicker timer is D2, so look in your assembly trace log for #$00D2,($F854). Changing the "00D2" will change how long your invincibility will last. There are a few "MOVE" instructions in that immediate area that might be what you're looking for.

    EDIT: I previously got the search results for the inv on/off RAM address down to around 20 results, but could not figure out how to "add" the RAM codes with the emulator you mentioned in the PM (Gens r57 shell mod). Do you know how to add them? The "add cheat" button is blanked out. I seem to remember having the same problem a few years ago when I first tried that emulator.
    Last edited by Tony Hedstrom; 03-19-2017 at 01:41:20 PM.

  6. #215
    Join Date
    Mar 2017


    Hi Tony :

    Thanks for the great tips, I used to search the on/off address but failed ( use compare different )
    with your hint ( 01 or FF ), I will try it again after work and feel it will success !

    I can not "add the RAM code", it's gray out as you said, I use mobile phone photo it and
    input to game genie area manually, a little inconvinence,
    maybe it's a bug or some procedure I got wrong...
    If I figure out, I will tell you...

    Thank you.

  7. #216


    Quote Originally Posted by dewen View Post
    I can not "add the RAM code", it's gray out as you said, I use mobile phone photo it and
    input to game genie area manually,
    Actually not a bad idea, although still time consuming.

  8. #217
    Join Date
    Mar 2017


    Use Tony's "00 or FF" trick, I find the address store the invincible data ( 00 or FF ).

    FFF852:FFFF --> invincible
    FFF852:0000 --> not invincible

    Gens r57 shell mod has a "ram watch" function,
    you can select and mark the possible searched address and add them to "watch" window,
    then play the game, the watch windows will show the changes,
    you can select the address "not 00 or FF" and remove them to narrowing the possibility,
    sometimes it's more fast then the way "add address to game genie and test"
    ( "add to cheat" seems no function ? )

    Hook the address to read FFF852, log shows
    [FF:89AC] R16 = FFFF [FFF852]
    [FF:88F2] R16 = FFFF [FFF852]

    search trace.log with "FF:89AA", find :
    FF:89AA 4A 78 TST.W ($F852) <-- check if $F852 = 00 = not invincible
    FF:89AE 67 00 BEQ #$000A [FF:89BA]

    so I use RAW Genie code 1/2
    FF89AA:6002 ( replace 4A 78 with 60 02 )

    then I must fix the FFF852 with FFFF,
    so log ram write FFF852
    find [FF:880C] W16 = 0000 [FFF852]
    search trace log
    find FF:880A 42 78 CLR.W ($F852) <-- set $F852 to 0000
    so raw game genie code 2/2 FF880A:6002

    finally I got 2 combine game genie code for invincible without flash
    FF89AA:6002 <-- check if $F852=0 by log read $FFF852 from FFFF to 0000
    FF880A:6002 <-- set $F852 to 0 by log write (CLR.W) $FFF852 to 0000

    it seems works ( the first life will die, then the left become invincible )

    Hex patch : Keiou Yuugekitai (Japan)
    Invincible ( no flashing, first will die ), total 11 patch x 2
    find for 4278F8523B7C
    replace 6002F8523B7C

    find for 4A78F8526700
    replace 6002F8526700
    unlimited Lives ( raw genie code FF8B50:6002 ), 11 patch
    find for 5378F8566A00
    replace 6002F8566A00

    Thank Tony for your great help !
    Last edited by dewen; 03-20-2017 at 12:09:26 PM.

  9. Likes Tony Hedstrom liked this post

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Sega Mega CD Hacks & Patches
    By Mezmorize in forum Retro Hacking
    Replies: 155
    Last Post: 03-19-2017, 12:34:21 AM
  2. PS3 Software Hacks
    By dlevere in forum Hacking Scene News
    Replies: 0
    Last Post: 08-12-2012, 02:51:47 AM
  3. Castlevania Hacks
    By helgaharley in forum Miscellaneous Game Hacking
    Replies: 16
    Last Post: 07-07-2012, 11:07:43 AM
  4. How do I use the hacks I download
    By CD_Kind in forum School of Hacking
    Replies: 1
    Last Post: 09-03-2011, 08:24:35 AM
  5. Who is behind the hacks? (FAQ)
    By dlevere in forum Hacking Scene News
    Replies: 2
    Last Post: 06-15-2011, 09:31:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts