Announcement

Collapse
No announcement yet.

Sega Mega CD ISO Hacks & Editors

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • You're really close...

    FF:87FA 4A 78 TST.W ($F854) .... This is testing your inv flashing timer RAM address. The instruction right after this should be a conditional branch, and that is the one you want.
    The Code Hut: http://codehut.gshi.org/

    Comment


    • Originally posted by Tony Hedstrom View Post
      You're really close...

      FF:87FA 4A 78 TST.W ($F854) .... This is testing your inv flashing timer RAM address. The instruction right after this should be a conditional branch, and that is the one you want.
      Hi Tony :
      Thans for your great help,
      after hours of search and learning ( complete new to 68K and programming )
      I figure the following code maybe important,
      but I can not understand,
      can you give me more instruction and hint ?
      thanks a lot !!!

      ===
      FF:87FA 4A 78 TST.W ($F854)
      condition code, set Z if ($F854)=0
      ( $F854 = inv time count ram address )
      FF:87FE 67 00 BEQ #$0014 [FF:8814]
      if $F854=0000, branch to ?? FF:8814 ?
      what is #$0014 means ?
      is it branch to FF:8828 ( 14+14 ? ) or something ?

      FF:8814 4A 79 TST.W ($FFFFCC02)
      compare ($FFCC02) with zero
      FF:881A 67 00 BEQ #$0006 [FF:8822]
      if yes, branch to FF:8822 ? ( what is $#0006 ? )
      Raw code FF8814:60 02 will incinvible, but loss joystick control...
      FF:8822 4A 78 TST.W ($F828)
      if Ram address $F828 = 0000 <-- ram address for inv or not inv ?
      if I bypass this code, change 4A 78 to 60 02,
      it will become invincible, but character still mild blurred and double vision, and can not get items
      check for collision ?
      FF:8826 67 00 BEQ #$002E [FF:8856]
      branch to FF:8856 ?

      FF:8856 61 00 BSR #$FAEC [FF:8344]
      branch subroutine go to FF:8344
      ( what is #$FAEC means ? )
      FF:8344 70 00 MOVEQ #$00,D0
      move 00 to D0 ? ( what address ? )
      FF:8346 12 38 MOVE.B ($FE20),D1
      D1 : 181C FFFF --> 181C FF00
      ( assume $FE20 = ram address for not invincible if = 00 )
      FF:834A 02 41 ANDI.W #$000F,D1
      $000F and $FF00 --> D1= 18EC 0000
      FF:834E 10 3B MOVE.B $08(PC,D1),D0
      program count 08 --> D0 ??
      FF:8352 12 38 MOVE.B ($FE20),D1
      D1 become 18EC 0000
      FF:8356 4E 75 RTS
      Return
      =====
      IF $FE20 is the ram address for invincibility ( 0 = not invincible ),
      How do I bypass the routine to set it to zero ?

      Thanks for your great help !!!
      I think I need more learning for X68, sorry...
      Last edited by dewen; 03-17-2017, 09:39:22 AM.

      Comment


      • This should be your non flashing inv code. I don't have the ISO file, so I can't test it...

        FF87FE:6002 .... this code will make it so that it will never follow the "if equal to zero" branch, which should give you invincibility.

        FF:87FE 67 00 BEQ #$0014 [FF:8814].... The 0014 tells you how many bytes it will branch, and it shows you the address it is branching to in the brackets: [FF:8814]
        The Code Hut: http://codehut.gshi.org/

        Comment


        • Dewen, it looks like the method I mentioned (using "read" breakpoints for the flicker timer) is not correct. You'll need to search for the byte that determines if you're inv or not and then do a "read" breakpoint on that one. I think I got the two methods mixed up (haven't done that type of code in a while).

          Here are some tips on how to find the inv on/off byte...

          Usually, the inv on/off byte will be zero when off, and either 01 or FF when on. You can use this info to greatly narrow down your RAM search results. You can also look at the assembly trace log right where the flicker timer is being activated and see what other RAM addresses are being changed in that area. Here is a tip: The value that is loaded for the flicker timer is D2, so look in your assembly trace log for #$00D2,($F854). Changing the "00D2" will change how long your invincibility will last. There are a few "MOVE" instructions in that immediate area that might be what you're looking for.

          EDIT: I previously got the search results for the inv on/off RAM address down to around 20 results, but could not figure out how to "add" the RAM codes with the emulator you mentioned in the PM (Gens r57 shell mod). Do you know how to add them? The "add cheat" button is blanked out. I seem to remember having the same problem a few years ago when I first tried that emulator.
          Last edited by Tony H; 03-19-2017, 01:41:20 PM.
          The Code Hut: http://codehut.gshi.org/

          Comment


          • Hi Tony :

            Thanks for the great tips, I used to search the on/off address but failed ( use compare different )
            with your hint ( 01 or FF ), I will try it again after work and feel it will success !

            I can not "add the RAM code", it's gray out as you said, I use mobile phone photo it and
            input to game genie area manually, a little inconvinence,
            maybe it's a bug or some procedure I got wrong...
            If I figure out, I will tell you...

            Thank you.

            Comment


            • Originally posted by dewen View Post
              I can not "add the RAM code", it's gray out as you said, I use mobile phone photo it and
              input to game genie area manually,
              Actually not a bad idea, although still time consuming.
              The Code Hut: http://codehut.gshi.org/

              Comment


              • Use Tony's "00 or FF" trick, I find the address store the invincible data ( 00 or FF ).

                FFF852:FFFF --> invincible
                FFF852:0000 --> not invincible

                Gens r57 shell mod has a "ram watch" function,
                you can select and mark the possible searched address and add them to "watch" window,
                then play the game, the watch windows will show the changes,
                you can select the address "not 00 or FF" and remove them to narrowing the possibility,
                sometimes it's more fast then the way "add address to game genie and test"
                ( "add to cheat" seems no function ? )

                Hook the address to read FFF852, log shows
                [FF:89AC] R16 = FFFF [FFF852]
                [FF:88F2] R16 = FFFF [FFF852]

                search trace.log with "FF:89AA", find :
                FF:89AA 4A 78 TST.W ($F852) <-- check if $F852 = 00 = not invincible
                FF:89AE 67 00 BEQ #$000A [FF:89BA]

                so I use RAW Genie code 1/2
                FF89AA:6002 ( replace 4A 78 with 60 02 )

                then I must fix the FFF852 with FFFF,
                so log ram write FFF852
                find [FF:880C] W16 = 0000 [FFF852]
                search trace log
                find FF:880A 42 78 CLR.W ($F852) <-- set $F852 to 0000
                so raw game genie code 2/2 FF880A:6002

                finally I got 2 combine game genie code for invincible without flash
                FF89AA:6002 <-- check if $F852=0 by log read $FFF852 from FFFF to 0000
                FF880A:6002 <-- set $F852 to 0 by log write (CLR.W) $FFF852 to 0000

                it seems works ( the first life will die, then the left become invincible )

                Hex patch : Keiou Yuugekitai (Japan)
                =======================
                Invincible ( no flashing, first will die ), total 11 patch x 2
                find for 4278F8523B7C
                replace 6002F8523B7C

                find for 4A78F8526700
                replace 6002F8526700
                ===========
                unlimited Lives ( raw genie code FF8B50:6002 ), 11 patch
                find for 5378F8566A00
                replace 6002F8566A00
                ==========

                Thank Tony for your great help !
                Last edited by dewen; 03-20-2017, 12:09:26 PM.

                Comment


                • Does anyone have codes for Battlecorps and AH3 Thunderstrike?

                  Actually earlier in the thread someone posted these codes for Battlecorps, but I need advice in formatting them for use in Gens Plus GX:

                  F9E84A790000F9E2670E91790000F9E2
                  F9E84A790000F9E2670E60040000F9E2

                  Comment


                  • Originally posted by vgcuts View Post
                    Does anyone have codes for Battlecorps and AH3 Thunderstrike?

                    Actually earlier in the thread someone posted these codes for Battlecorps, but I need advice in formatting them for use in Gens Plus GX:

                    F9E84A790000F9E2670E91790000F9E2
                    F9E84A790000F9E2670E60040000F9E2
                    You'll need to hack those codes into your ISO file using a hex editor.
                    The Code Hut: http://codehut.gshi.org/

                    Comment


                    • Originally posted by Tony Hedstrom View Post
                      You'll need to hack those codes into your ISO file using a hex editor.
                      Patched the Battlecorps ISO and this one works great

                      Still need an AH3 Thunderstrike (US) infinite health code.

                      Also, the Snatcher codes here don't seem to work: https://gamehacking.org/game/85416

                      Comment


                      • Originally posted by vgcuts View Post
                        Still need an AH3 Thunderstrike (US) infinite health code.
                        Did you look through here? http://gamehacking.org/vb/threads/45...ks-amp-Patches

                        There are a ton of Sega CD codes there and most of them aren't in the db.

                        Assuming you've already looked through the codes in that link (and didn't find any), you might be able to make the code yourself using the RAM search feature in an emulator called Gens r57 Tracer. It's the basic method of searching Greater Than, Less Than, etc. If the search results show that the RAM address starts with "FFxxxx", then you should have no problem getting the code to work.

                        EDIT: Does anyone know of a better Sega CD hacking emulator than Gens r57? I haven't kept current on that stuff.
                        Last edited by Tony H; 05-07-2017, 05:27:14 PM.
                        The Code Hut: http://codehut.gshi.org/

                        Comment


                        • Originally posted by Tony Hedstrom View Post
                          Did you look through here? http://gamehacking.org/vb/threads/45...ks-amp-Patches

                          There are a ton of Sega CD codes there and most of them aren't in the db.

                          Assuming you've already looked through the codes in that link (and didn't find any), you might be able to make the code yourself using the RAM search feature in an emulator called Gens r57 Tracer. It's the basic method of searching Greater Than, Less Than, etc. If the search results show that the RAM address starts with "FFxxxx", then you should have no problem getting the code to work.

                          EDIT: Does anyone know of a better Sega CD hacking emulator than Gens r57? I haven't kept current on that stuff.
                          Already tried using Bizhawk. Found codes that freeze the health meter, but you still die (the game 'knows' how many damage you've taken still, I guess). Exactly the same problem I had trying to hack an 'always first place' code for Diddy Kong Racing.

                          Comment


                          • If I find a cheat in Cheat Engine, is there a way to figure out where to patch the ISO?

                            Comment


                            • Originally posted by vgcuts View Post
                              If I find a cheat in Cheat Engine, is there a way to figure out where to patch the ISO?
                              Did you find a RAM address or ROM address?
                              The Code Hut: http://codehut.gshi.org/

                              Comment


                              • RAM addresses (for instance infinite health).

                                Comment

                                Working...
                                X