Original document written by: Tony Hedstrom [email protected] http://www.angelfire.com/games2/codehut/ http://codehut.gshi.org/ (no ads on this site) How to use a NES/6502 debugger to make Game Genie codes Version 0.7a Oct 17, 2003 This document will explain what is probably one of the easiest ways to make NES Game Genie codes. It is best if you have some basic knowledge of 6502 assembly language, but if you don't, that's OK. Here are some of the reasons why a debugger is better for making Game Genie codes than other methods I've written about... *No need to use a hex editor *Don't have to worry about the $10 byte NES header *Debugger will usually take you right to the correct address (hex editor usually takes MANY tries to find the right address). There are 2 NES debuggers that I know of: NESten and fceud. They are both very useful tools, but I like fceud better, so that's the one I'll use for this tutorial. You can also use fceuxd or any version that has the debugger in it. Here's a list of what you'll need: 1) FCEUD or fceuxd (NES debugger). You can get a free copy from here: http://www.zophar.net/nes/fce-ultra.html I'm using version 0.81.3 Also, make sure you get fceud or fceuxd (not fceu), because fceu doesn't have the debugger. 2) A copy of the ROM you want to make Game Genie codes for. Please don't ask me for ROMs. Use your favorite search engine, you'll find 'em. NOTE: In this tutorial, I'll be using Zelda 2 for an example. I highly recommend that you get a copy (ROM) of Zelda 2 and follow along with the example. There may be 2 different versions of that game, so if the addresses (mentioned in the example) aren't the same, or if the Game Genie code (mentioned in the example) doesn't work, then you probably have a different version than mine. You can download the same version I have from here: vimm.net 3) A Game Genie to hex conversion program. You can download one for free from my web site (in the Download section): http://www.angelfire.com/games2/codehut/ OK, now that you have all of your goodies, lets get started. Please keep in mind that there are MANY different ways to program games, so the methods I describe below may not work for your particular game. For this example, I'm going to show you how to make an infinite energy code for Zelda 2: The Adventures of Link There was never an infinite energy code in the Galoob Game Genie code book because the code had a small problem... Although the code gives you infinite energy, it also appears to give some bosses infinite energy as well. You can get around that problem by saving your game BEFORE you fight a boss, then restart from your save point with the code turned OFF. But the code is great for leveling up on the map screen. Ok, if we're going to make an infinite energy Game Genie code, the first thing we need to do is to find the RAM address for Links energy. There are 2 ways to do this. The first way is to find it yourself using the cheat search programs in either of these emulators: NESten or fceud. You can get fceud from the address listed above, or you can get NESten from zophar.net. Instructions on how to find cheat codes (RAM addresses) are included with NESten, or you can go to my web site (the address is above) and read "How to make SNES PAR codes" (in the SNES section). Although my doc was written for SNES, the methods used are more or less the same for NES. The second way to find the RAM address is to find a web site that has NES PAR codes. A NES PAR code is just a RAM address with a value added to it. One good place to find NES PAR codes is here: http://thegshi.org/ At The GSHI site, go to the Codes section, then look in either the "Nintendo" section or the "BSFree" section. If you go to the Nintendo/NES section, there are 2 listings for Zelda II... One says "GG" and one doesn't. We of course want the one that DOESN'T say GG (GG stands for Game Genie). We want PAR codes, not Game Genie codes. The very first code says: "Infinite/Max Health" and the code is: 000774 FF. So the RAM address for links energy is: 0774. Easy enough. The "FF" in that PAR code is the value used for the code, but we don't need it. Now that we have our RAM address (0774), fire up fceud. Once fceud is running, load your Zelda 2 ROM. Start a new game so that Link is inside the temple. Click on "Tools / Debug". A 6502 Debugger window will open. On the right side, click on "Add". Where it says "Address" type in your RAM address. So for our example, we will type in 0774. Next, put a check in the "Write" box. Now click "OK". Then go back to the game and have Link walk outside of the temple and walk off the road and find an enemy so that Link will go into the battle screen. Walk right into an enemy so that Link will take some damage. As soon as Link touches an enemy, the game should pause and bring up the 6502 Debugger screen. The reason this happened is because the game was trying to change (subtract) Links energy. What we did by typing in 0774 into the address box was to set a "Breakpoint". A breakpoint will pause the game and bring up the debugger screen anytime the game tries to change that RAM address. In our example, the game was trying to change our RAM address (0774) because Link was hit by an enemy, and it was trying to subtract some of his energy. Now that the game has paused, and the debugger screen is showing, lets see if we can find the info we need for our Game Genie code. This is where some knowledge of 6502 assembly language is really helpful, so if you know basic asm, then you can easily look at the debugger screen and figure out what's going on. If you don't know anything about 6502 assembly, then I'll just explain how to make the code without explaining much of the assembly language. Explaining 6502 assembly is way beyond the scope of this doc. If you really want to learn about it, there are several good docs out there, just use a search engine. If you look at the very top left side of the debugger screen, this is what you'll see: $E337:8D 74 07. Most of the info we need for our Game Genie code is right there. In short, what this is doing is trying to store Links energy (which has just been subtracted from because of the hit from the enemy) back into the RAM address for Links energy 74 07 (which is really 0774). So what we want to do is to make a Game Genie code to prevent this from happening. As I mentioned before, it is beyond the scope of this doc to explain the why, so I'll just explain how. To prevent the game from completing the process of subtracting from Links energy, all we need to do is to change the 8D to AD with a Game Genie code. So here's the info (mentioned above) from the debugger screen: $E337:8D 74 07. To make a Game genie code, we need 3 parts: an address, a compare value (or check value), and a data value (or code value). The first part of the Game Genie code (the address) is E337. The second part of the Game Genie code (compare value) is 8D. The third part of the Game Genie code (the data value) is AD. So this is what the code does: It goes to the address (E337) and changes the number there from 8D to AD. It's a bit more complicated than that, but that should help you understand what a Game Genie code does. Anyways, when we put our 3 parts together, this is what we get: E337 8D AD. If you're a little confused as to how I picked AD as the third part of the hex code, here's an easy way to figure it out... We know that a Game Genie code needs 3 parts, but the debugger only gives us 2 parts. To figure out what the third part should be, just take the second part of the code that you got from the debugger and find it in the list towards the end of this doc and the list will tell you what the third part should be. In our example, the code we got from the debugger was E337:8D so 8D is the second part of the hex code. If you look up 8D in the list below, it tells you that the 3rd part should be AD, so the 3 parts are E337 8D AD. Now to get our Game Genie code, all we have to do is take the 3 parts from above and enter it into the Game Genie to hex conversion program that I mentioned earlier. Open up the GG to hex conversion program (ggconv) and click on the "NES" button. Where it says "Hex Code" you will see 3 places to put numbers. This is where we put the 3 parts from above. If you type them in, this is what you get: E337 8D AD = SZUTYUSE. So SZUTYUSE is our Game Genie code for infinite energy for Zelda 2. Now use your favorite NES emulator that supports Game Genie codes, or a real NES and a Game Genie and go test your code. NOTES: If you got different results than the example above (ie. a different address than E337), then you probably have a different version of Zelda 2. You have 2 choices in that situation... You can make a new code for your version using the example as a guide, or you can get the same version I have from vimm.net. If you do have a different version, please email me and let me know where you got the ROM, or let me know what the new code is. Also, please remember that there are many, many different ways to program a game, so I'm sure that some of you will encounter a situation that's not mentioned in this doc. This doc is only meant to be a general guide, so there's lots of info that's not in here. To learn a little more about 6502 assembly language, and how it's used in conjunction with the Game Genie, go to my web site and read "Advanced code making tips". ------------------------------------------------------- Here is a general guide to help you figure out what 6502 instructions you can use to replace others... (or how to find the 3rd part of the Game Genie code)... In the example above (Zelda 2), I said to replace the 8D with AD. These are both 6502 assembly instructions. An "AD" tells the game to "load" the value from a RAM address (in this case, Links energy) into a holding area. Once in the holding area, the game subtracts from that number (because link was hit by an enemy). Then the "8D" tells the game to "store" the number from the holding area back into RAM. By changing that 8D to a AD instead, the new value (the one that was subtracted from) is never put back into RAM, so no energy is lost. This will give Link infinite energy. The Game Genie code we made in the example above does just that, it changes the 8D to an AD at address E337. If you really want to know how to make Game Genie codes, you should learn basic 6502 assembly langusge, but if you don't feel like investing all that time in learning asm, here is a list of replacement values to use when making Game Genie codes. Please keep in mind that these replacement instructions below may NOT work in many cases. This is only meant to be a general guide to help those who don't know any assembly language. If 2nd part of the hex code is 85, the 3rd part is A5 If 2nd part of the hex code is 8D, the 3rd part is AD If 2nd part of the hex code is 9D, the 3rd part is BD If 2nd part of the hex code is C6, the 3rd part is A5 If 2nd part of the hex code is CE, the 3rd part is AD If 2nd part of the hex code is D6, the 3rd part is B5 If 2nd part of the hex code is DE, the 3rd part is BD If the second part of your hex code isn't listed above, and you don't know what to use for the third part, or if you tried the one listed above and it didn't work, here's a little trick you can try... make the third part of your hex code EA. EA tells the game to do nothing. Using EA as the third part of your hex code will sometimes work, or it may cause all kinds of weird side effects, but at least you'll know that you probably have the right address, but the third part of the code is wrong. If the code does nothing, then you probably have the wrong address. ------------------------------------------------------ Well, that's it. I hope this doc helped at least one person figure out how to use a debugger to make Game Genie codes. If you have any questions, you can email me at: Tony Hedstrom [email protected] Also, be sure and visit my web site (The Code Hut) for LOTS of "home made" Game Genie codes, and lots of info for making them. http://www.angelfire.com/games2/codehut/ http://codehut.gshi.org/ (no ads on this site)