Advanced help on Game shark

[alb3530]

This a hard question.I couldnt find anything about on web.Cristfc and me were able to find the rom start address in 2 emulators for DC:sms plus and dcgenerator,using game shark.With it,its possible to change any byte in a rom,so that we can make little changes in a rom,like rename stages,etc...Example:rom start address is 0A00238C in a emulator.To change the line 257F in a rom,add 257F to 0A00238C,you get 0A00490B.Put this in 1st line of gameshark and below,000000xx,where xx is the byte.But we've been trying to find out the rom start in another genesis emulator and the following thing is happening:we've found the address,but when we try to change a byte,a ten bytes ahead are automatically changed too.We need to know how can we proceed now,once dcgenerator is not so good,and the emulator we're trying to perform this is better.Could it have something to do with the prefixes of game shark?

[Link]

Hi,



Ok, firstly before a mod locks this I need to ask which genesis emulator. If it is the smash pack one you should know that there is no discussion of it on these boards. If it is Genesis plus then while I can't really help I can say I am glad that someone is trying to crack the gameshark codes for emulators on DC. You may want to try DreamSnes also as well as Gnuboy. As far as the smash pack goes if you are working on it, it is a waste of your time. It will not ever be updated, where as Genesis Plus will be and will very soon surpass the smash pack. I know that CMGSCCC has codes for the original smash packs games but beyond that I have no clue.



I am very interested to see if this leads to Gameshark codes for all the emulators and games. If so it could be one heck of a great thing to happen. I mean the emulators that do not support cheat codes would finally be able to have them. I hope if it is genesis plus you have the best of luck. In general I wish you luck on making codes for any of the legal emulators

[alb3530]

Thanks for the advice,friend.I makes me glad that someone replied the topic that way,i thought nobody would reply.I tried it on dreamsnes,but i gave it up very early,cause our goal is to get it in a decent genesis emulator,so we can make some sonic hacks,etc.It doesnt matter the emulator,as long as it is good.I dont have genesis plus yet.Are you sure it will be the best sega genesis emulator for dreamcast?I hope your right,so we can speak about it on these boards.When i get it,surely i will try to find rom start in it too.Its only we get this genesis plus and we'll find the rom start address in no time...Any news i inbox you,friend.Hey,what is CMGSCCC?Id just like to know about game shark prefixes,once that problem can happen with any other thing i try to hack,like another emulator...Once i know how it works,no emulator will be a problem anymore.What are the prefixes for?What they do?

[hrb2k3]

i second gameshark codes fo Gnuboy DC. i'd like that.

question, how'd you find the rom start addy for those emus?

[Christuserloeser]

Genesis Plus DC will be the one to go in the future. While that Smash Pack emulator is a commercially developed, copyrighted product, Genesis Plus is a free developed emulator, that will see it's official release very soon. There are early preview versions released and they're already as good as the Smash Pack emu. You might want to check http://www.sbiffy.com or http://www.dcemu.co.uk

[alb3530]

Some genesis games make a check sum to see if the rom is ok,so that if you change any byte,the game simply wont work.To find the rom start,use a rom that makes this check sum.You oughta know the size of the rom your going to use,and convert it to hexadecimal system.If a rom is 100000(hex) bytes long,all you have to do is trying from 00000000 to FFFFFFFF,always adding F0000 every try.For example,go to game shark and put 000F0000 00000000,load the emulator and the rom.If the rom works,go back to game shark and add F0000 to the first line:000F0000 plus F0000=001E0000.Now load emu and rom again,and keep trying until the rom doesnt work.Dont forget you gotta know some address,that,oncechanged,changes something that is easily noticed in the game,for you to test if its really workin.For example,the address that changes the first stage in a game.It requires lots of patience.

[alb3530]

Any help is welcome,guys.

[BlackAura]

Alright... I can actually tell you the exact starting position of the ROM in Genesis Plus, but only when I release a new version.

Basically, it works like this: I compile a new version of the emulator. When that happens, the compiler assigns a new memory location for the start of the ROM, and that memory location is stored inside the ELF file that the compiler creates. These ELF files are like the BIN files that you use on the Dreamcast, but they contain a lot more information, such as the memory location of each and every piece of data in the program, including the start address of the ROM area, and the RAM area. If you have an ELF with this information, creating codes for it is really, really easy.

For example, a version of Genesis Plus I have here has the ROM starting at 8c0d6ec8, and the RAM starting at 8c4d6ec8.

That reminds me... I must make those properly aligned at some point.

[alb3530]

BlackAura said:
I can actually tell you the exact starting position of the ROM in Genesis Plus, but only when I release a new version.
I see.You cant choose where these addresses will be allocated,cause the compiler will do it,right?As i can see,RAM alloc is right after ROM alloc.Whats the hex size of the RAM?Thanks a lot for your help,it'll really save my time,though i dont know if the ROM start can be put as a gameshark code in its normal form or i have to convert it.For example,if the address is 800000,i dont know if putting
00800000
00000000 on gameshark will work.And with the RAM address i will be able to convert game genie codes to use on Genesis Plus.Thanks again,specially with the RAM address,thats surely much harder to find out than ROM,once theres no check sum in the RAM.Among so many questions, what id like to know the most:when will the new Genesis Plus be released?

[Arqueiro]

hey alb3530, this is my new nunber sendme a sms 85 91386464

[hrb2k3]

i read a new genesis plus around christmas.

has anyone found Gnuboy's ROM start.? i think its the latest version, 1.0.3.6...???

[BlackAura]

I see.You cant choose where these addresses will be allocated,cause the compiler will do it,right?As i can see,RAM alloc is right after ROM alloc.Whats the hex size of the RAM?Thanks a lot for your help,it'll really save my time,though i dont know if the ROM start can be put as a gameshark code in its normal form or i have to convert it.For example,if the address is 800000,i dont know if putting

Correct. And it's very annoying. Sometimes, a program runs really quickly one time, then you make one modification (which moves things around slightly) and the entire thing slows down again.

RAM does follow directly on from the ROM. The ROM is exactly 4 megabytes (0x00400000) in length.

If the cheat is patching a location in the ROM, then you can just add the two together. So, if the ROM starts at 0x8c0d6ec8, and your need to change address 0x001234, then you just add the two together and get 0x8c0d80fc.

One thing you might need to be careful of though. The MegaDrive GG codes change a 16-bit value, but the Dreamcast ones change a 32-bit value. So, you might have to open the ROM in a hex editor, and change the code accordingly, so you don't wipe out bits of data to either side of the bit you're trying to change.

when will the new Genesis Plus be released?

When it's ready to be released. At the moment, I can't get anything working properly, so I'm going to have to jump back to a slightly older version, and re-implement the changes I'd made.

That said, I'm aiming for a release toward the end of this year.

[alb3530]

You said GG MD codes change 16 bit and DC ones change 32 bit.When you said dreamcast codes you meant dc gameshark codes or gamegenie codes converted to be used with gameshark?Whatever,once dc codes change 32 bits,what does it mean,that the code i put on gameshark wont be changing that specific address,but some bytes ahead,or something like this?Im a little bit confused...

[BlackAura]

OK... Quick tutorial on the way Genesis GameGenie codes work.

First, the code is encoded and scrambled. Each letter encodes 5 bits of information, and there are eight of them, so that gives you a grand total of 40 bits (5 bytes).

The first 24 bits (3 bytes) are the address in the ROM of the data to change, which can go from 0 to 16M. Since the Genesis can only address 4MB of ROM, that leaves us with a range of 0 to 4M which actually does anyway.

The last 16 bits (2 bytes) contain the data to be inserted into the ROM. The real Game Genie doesn't actually modify the ROM, but it intercepts communication between the Genesis and the cartridge, and sends back this modified data instead of the real data. An emulator just modifies the ROM, because it's easier that way...

So, each Game Genie code replaces exactly 16 bits of data from the ROM. Because of the way the Genesis main CPU works, this replacement must be done on a 16-bit (2 byte) boundary. That means that the address must be a multiple of 2 bytes, and the data is exactly two bytes in length.

The Dreamcast is a bit different. The Gameshark codes contain a 32-bit address, which can go from 0 to 4G, although only the values that are inside the Dreamcast's RAM are useful, and a 32-bit data value. That means that each Gameshark code replaces exactly 32-bits (or 4 bytes) of main memory with whatever's in the code. Because of the way the SH-4 works, the address must be a multiple of 4 bytes, and you are replacing four bytes.

That's where the problem comes from. For the Genesis codes, we can replace any two bytes, at a two byte boundary. For the Dreamcast codes, we can replace any four bytes, at a four byte boundary.

And there is the problem. Say, for example, the first 16 bytes of our Genesis ROM look like this:

Code: Select all

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

Now, we want to replace the last two bytes, like this:

Code: Select all

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D FE FF

Now, using a Game Genie, that would be easy. We simply need to tell the Game Genie to change the value at 00000E to FEFF. Now, if we represent our code as ADDRESS:DATA, then our code would be:

00000E:FEFF

Now, let's say we want to do the same on a Dreamcast. The first problem is that we can only replace four bytes, but we want to replace two.

This problem isn't really that hard to work out. We replace the entire four-byte block where the two-byte block we actually want to change is stored. We have to look at what we already have in the four-byte block starting at 00000C (0C 0D 0E 0F). Then, we apply the change (0C 0D FE FF).

So, instead of replacing two bytes starting from 00000E, we replace four bytes starting from 00000C, but we copy some of the original data from the ROM. So, our code might look like this (assuming the ROM area starts at 80000000):

8000000C:0C0DFEFF

Then we come up against our second problem. The byte order is different. If you have four bytes in the Genesis ROM:

Code: Select all

01 02 03 04

However, a Dreamcast expects 16-bit numbers to be the opposite way around. That means that each pair of numbers is swapped around, because the emulator runs much faster that way. So, that same sequence would be stored inside the Dreamcast like this:

Code: Select all

02 01 04 03

Finally, the Dreamcast expects 32-bit numbers to be the opposite way around as well. That means that if you take your 32-bit number, you have to write it backwards to get it to work. So, if you want to write that in a GameShark code, you'd need to write it like this:

Code: Select all

03 04 01 02

Basically, you need to swap the first four digits with the last four digits. So, in our Dreamcast code above, we now have:

8000000C:FEFF0C0D

In theory, that last code should have the same effect as the first Game Genie code did.

[hrb2k3]

i think it would be easier to use codebreaker instead of gameshark here. with codebreaker, you can change just one byte with the 00 code type.

00AAAAAA
000000VV

AAAAAA=Address
VV=Value

more code types for DC and most systems are at the link below.

http://www.gscentral.com/view.pl?HackingText/hackv500c

unfortunately, codebreaker cant load cdr's without a specific bootdisc.

[alb3530]

BA,arent these codes you listed as being of game genie actually of pro action replay?As far as i know,DC game shark is something like this:
PPAAAAAA
xxxxxxxx
where PP is the prefix, AAAAAA is the address, and xxxxxxxx are the 4bytes.In dcgenerator,the ROM starts at 001597A0(gameshark code,not the real point!).Now let's say i wanna change the byte 17 at the line 00003D7C of a ROM,to FF: 00003D7C + 001597A0 = 0015D51C.Our code will be
0015D51C
000000FF.All the six zeros before FF dont change anything,so that you could write 13569AFF instead 000000FF,that it would do nothing in the ROM.That thing you spoke, the bytes in dc are swapped,is very interesting,ive been already thinking of something like that,but i think it will depend on the emulator.I didnt have any problem with dcgenerator or sms plus.I know the prefixes has anything to do with bytes swapping,but dont know what.Thanks again.

[BlackAura]

BA,arent these codes you listed as being of game genie actually of pro action replay?As far as i know,DC game shark is something like this:

Actually, they are. It's a lot easier than coverting to GameGenie / GameShark codes all the time.

Oh, and the Dreamcast's RAM starts at 80000000, and is 16MB in length. The GS codes probably start from there, so the three address bytes would be enough to cover the whole of RAM.

I didnt have any problem with dcgenerator or sms plus.

SMS Plus doesn't do any byte swapping. Doesn't need to, in fact. It's an 8-bit system, and it very rarely needs to read 16-bit values, so swapping the bytes around wouldn't gain any speed. I don't know why DCGenerator doesn't do it though. It's certainly not required, it's just faster if you do.

A Codebreaker code would be a bit easier. Unless there's a similar way to store two bytes using a GS code, of course.

[hrb2k3]

i thought DC RAM starts at 8C000000..??

[alb3530]

Hey,this info about DC RAM start is cool...I didnt know that!Back to the 2 problems you said:Once you say with bytes swapping the emulator get faster,thats why dcgenerator is that slow...But even if a emulator swap bytes,no problem,its easy to deal with.And the problem 2,about a gameshark code changing 4bytes at the same time,i realized that,in dcgenerator and smsplus it doesnt happen.You put the code on gameshark,and only one byte is changed.Id just like to know why...

[cristfc]

i thought DC RAM starts at 8C000000..??

I too think same thing and the number before "8C000000", its prefix digit? Anyone know which prefix codes and what they makes?