This original document was written by: Tony Hedstrom t_hedstrom@yahoo.com http://www.angelfire.com/games2/codehut/ Advanced NES/SNES code making tips (Game Genie) Version 0.6 August 14, 2004 What's new: Updated section 6 Changed / corrected a few odds and ends Version 0.4 Added index (finally). Updated section 1 (Infinite type codes). Updated section 2 (Infinite type codes). Added section 3 (more "Infinite" type codes). Updated section 4: "Start with more" type codes. Updated section 5: "6502/65c816 instructions". Added section 7 (Hacking a ROM to see if a code works). Corrected a few errors. Version 0.3 Added: Easier method for converting NES ROM Addresses into Game Genie codes (section 6). Added: Updated section 1 on "Infinite" type codes. Below are some notes I made for myself while I was making some Game Genie codes. I am in the process of turning these notes into a code making tutorial, but this will take some time, so I decided to post what I have so far on my web site. Please remember that this doc is far from finished, so some of it may not make much sense unless you read some of my other code making docs first. You can read them on my site: http://www.angelfire.com/games2/codehut/ Although the notes below deal with assembly language, you really don't need any knowledge of it to use this doc for making codes. NESten (mentioned below) is a NES emulator. It helps you find the right RAM address which in turn helps you find the right ROM address. You can do the same thing for SNES games by using ZSNES or SNES9x emulators. When you get the code with ZSNES or SNES9x, just remove the 7E or 7F from the front of the code and you have the RAM address. Just remember... The RAM address is only used to help you find the right ROM address. The ROM address is then converted into a Game Genie code. The notes below were written for NES, but will also work for SNES (unless otherwise noted). *UPDATED* (ver 0.4) In the past, most of the tutorials that I've written for code making have been geared towards RPG type games. This one however, applies to ANY type of game. Also, keep in mind that games are programmed in many different ways, so if a method described below works on one game, it may not work on a different game. *UPDATED* (ver 0.5) Below, when I mention "ROM search" or "search ROM", it means to search the ROM for that string of numbers using a hex editor. When you type the numbers into the hex editor, don't include any spaces. I've included spaces to make it easier to read. ====================================================== These are some 6502 (NES) tips I've found (for Game Genie codes): Most of the info also works for 65c816 (SNES). By Tony Hedstrom t_hedstrom@yahoo.com ====================================================== Index... 1) Infinite type codes. 2) Infinite type codes (different method). 3) Miscellaneous codes (infinite, etc.) 4) "Start with more" type codes. 5) 6502/65c816 instructions. 6) Converting a NES ROM address into a Game Genie code. 7) Hacking a ROM to see if a code works. ====================================================== *UPDATED* (ver 0.4) 1) Infinite type codes... Find RAM address using NESten cheat search program (or ZSNES/Snes9x). Search ROM for AD aa aa ?? ?? ?? 8D aa aa Then change 8D to AD for infinite type code. AD = LDA Q (Load into ACC.). aa = RAM address (reverse order). aa = RAM address (reverse order). ?? = Math (etc) that is done to it. (Can be MANY bytes). 8D = STA Q (Store the contents of A in given address). This simply stores the value back into A instead of back into RAM, so the value never changes. The value that was left in A (acc), will simply be overwritten the next time it is accessed. A little better explanation... AD loads the amount of aa aa (address) into A (acc). ?? ?? ?? represents any math that is done to it (can be much more than 3 bytes). 8D stores the new value back to the address (aa aa). By making a Game Genie code that changes the 8D into an AD instead, the process of lowering your HP (or whatever) is never completed, so you have infinite HP (or infinite whatever). As far as I know, this is one of the most common methods used by Galoob (the people who made the Game Genie), and should work with most games. I'll hopefully add an example in a future update. *UPDATED* (ver 0.4). If the RAM address is only 1 byte, try this method... Search for A5 aa ?? ?? ?? 85 aa. Then change the 85 to A5 for infinite amount. A5 = LDA Z LDA direct (Load into A). aa = RAM address ?? = Math (etc) that is done to it. (Can be many bytes). 85 = STA Z STA direct (Store from A). The "85 aa" *may* have an "A9 00" right before it. Example: Castlevania 3 (NES)... RAM address for energy is $003C (treat this as 1 byte). So ROM search would be: 85 3C There are a few matches, but the right one is at $3829A. Changing the 85 to A5 will give you infinite energy! ====================================================== *UPDATED* (ver 0.4) 2) Infinite type codes (different method)... How to make "something doesn't decrease" type codes... (Health doesn't decrease (inf health), ammo doesn't decrease (inf ammo), time doesn't decrease (inf time), etc.) ONLY works for things that decrease by one at a time. See sections 1 or 3 for infinite type code when item decreases by one, or more than one at a time. Find RAM address using NESten cheat search program (or ZSNES/Snes9x). Then search ROM for CE aa aa CE = DEC Q (Decrease (by one) Q). aa = RAM address (reverse order). aa = RAM address (reverse order). Example: Fester's Quest... (NES) RAM address for health is $04E9. So ROM search would be: CE E9 04. Then change the CE to EA. (EA = NOP (No Operation)). This would give you infinite health. *See NOTE below*. Basically, what this does is prevents the program from subtracting anything from your health. The original instuction told the program to subtract 1 from your health, but you changed that instruction and told it to do nothing instead. *NOTE* If that doesn't work, try changing the CE to an AD instead. I have recently found out that using AD is probably a better choice than EA (for replacing CE). *UPDATED* (ver 0.4) If the above method doesn't work, try this... Find RAM address using NESten cheat search program (or ZSNES/Snes9x). Then search ROM for DE aa aa DE = DEC Q,X aa = RAM address (reverse order). aa = RAM address (reverse order). Then change DE to BD for infinite amount. Example: Final Fantasy 3j (NES)... RAM address for Potions is $60E0. So ROM search would be DE E0 60. Change the DE to BD for infinite potions (outside of battle). If the RAM address is only 1 byte, use this method... Search ROM for C6 aa, or D6 aa. And remember, this ONLY works on things that decrease by one at a time. To make infinite type codes for things that decrease by one, or MORE than one, see sections 1 or 3. ==================================================== *NEW* (ver 0.4) 3) Miscellaneous (infinite lives, etc.)... If something in a game is always subtracted by the same amount everytime (from 1 to 255), here is how you can make a code for an infinite amount of that item, or have less (or more) of that item subtracted. If the amount subtracted is always 1, then see section 2 above if this method doesn't work. For example, if it always costs you 5 points to use a super missile, then this method will let you make a code for infinite missiles, or a code to adjust the amount of points it costs to use the missiles. Find RAM address (using NESten/ZSNES cheat program), then search ROM for: E9 xx 8D aa aa. E9 = SBC #n Subtract (from 1 to 255). xx = Number that is subtracted from your amount. 8D = STA Q STA absolute aa = RAM address (reverse order). aa = RAM address (reverse order). Example: Fester's Quest (NES)... RAM address for money is 0162. Hot Dogs always cost $5. (I think Hot Dogs are the only thing you can buy in this game.) So ROM search would be: E9 05 8D 62 01. To make an "Infinite" type code, change the 8D to AD. You can also change the E9 to 69 to make the game add to your amount instead of subtracting, although this can sometimes have strange side effects. To make a code that adjusts the amount that is subtracted, just change the "05" to a higher or lower number. For infinite lives... If RAM address for lives is $032F, then search would be: E9 01 8D 2F 03. Change 8D to AD for infinite lives. If the RAM address is only 1 byte, use this search... E9 01 85 aa. Then change the 85 to A5 for infinite amount. Or you could probably change 01 to 00 for infinite amount (I haven't tried it yet, but it should work). ==================================================== *Updated* (ver. 0.4) 4) "Start with more" type codes: For "Start with more gold, health, bullets, etc" codes, find RAM address (using NESten/ZSNES cheat program), then search ROM for A9 xx ?? aa aa. A9 = LDA #n (load A) xx = number of item game starts with. ?? = not sure, can be 85, 8D, 9D, aa = RAM address (reverse order). aa = RAM address (reverse order). Example: Fester's Quest... (NES) RAM address for gun power is $04E7. Game starts with gun power at 1. So ROM search would be: A9 01 ?? E7 04 Change "01" to higher number to start with stronger gun. Another example: Crash 'n the Boys: Street Challenge... (NES) RAM address for Gold pieces is $0331. Game starts with 5 gold pieces. So ROM search would be: A9 05 ?? 31 03 Change "05" to a higher number to start with more gold. *Updated* (ver. 0.4) NOTE: If address from cheat search is only one byte, then try searching for A9 xx 85 aa. Example: Castlevania 3 (NES)... RAM address for lives is $0035 (treat this as 1 byte). Game starts with 2 lives. So ROM search would be: A9 02 85 35 Change 02 to a higher number to start with more lives. ======================================================= *UPDATED* (ver 0.4) 5) 6502/65c816 instructions... A few useful 6502/65c816 instructions: 69 ADC #n Add (from 1 to 255) to an address. 6D ADC Q ADC absolute 81 STA (Z,X) STA direct indirect indexed w/ X 85 STA Z STA direct (1 byte) 8D STA Q STA absolute 91 STA (Z),Y STA direct indirect indexed w/ Y 95 STA Z,X STA direct indexed w/ X 9A STA Q,Y STA absolute indexed w/ Y 9D STA Q,X STA absolute indexed w/ X 8D = STA Q = Store the contents of A in given address. A9 = LDA #n = Load into A A1 LDA (Z,X) LDA direct indirect indexed w/ X A5 LDA Z LDA direct A9 LDA #n LDA immediate AD LDA Q LDA absolute B1 LDA (Z),Y LDA direct indirect indexed w/ Y B5 LDA Z,X LDA direct indexed B9 LDA Q,Y LDA absolute indexed w/ Y BD LDA Q,X LDA absolute indexed w/ X C6 DEC Z DEC direct CE DEC Q DEC absolute D6 DEC Z,X DEC direct indexed w/ X DE DEC Q,X DEC absolute indexed w/ X CE = DEC Q = Decrease (by 1) given address. EA = NOP = Do nothing (No Operation) E9 SBC #n Subtract (from 1 to 255) from an address. ED SBC Q SBC absolute EE INC Q = Increase (by 1) given address. E6 INC Z INC direct EE INC Q INC absolute F6 INC Z,X INC direct indexed w/ X FE INC Q,X INC absolute indexed w/ X Z is a 1 byte address (between $00 and $FF). Q is a 2 byte address, (between $0000 to $FFFF). ====================================================== *NEW* (ver 0.3) 6) Converting a NES ROM address into a Game Genie code: An easy way to convert NES ROM addresses into Game Genie codes... NOTE: The examples below assume that you have already compensated for the $10 byte NES ROM header. If you haven't compensated for the NES header, all you do is subtract $10 (in hex) from your ROM address. For example, if your NES ROM address is 1447, then: 1447 - 10 = 1437, so you would enter 1437 into the GG to hex conversion program (remember, this is hex math). YOU MUST COMPENSATE FOR THE NES ROM HEADER OR ELSE YOUR GAME GENIE CODE WON'T WORK. As far as I know, all NES ROMs have a $10 byte header. This method (below) does not apply to SNES. If your ROM address is 4 digits or less (ie. 90B2, 03AF, etc.), then you can simply enter it into the GG to hex conversion program (available from my web site) with no problems. Just be sure to add any leading zeros so it is 4 digits long (ie. 52D becomes 052D). If your ROM address is more than 4 digits long (ie. 32FE1, 1A223, etc.), then all you have to do is remove the first digit and then enter it into the GG to hex conversion program. So 32FE1 becomes 2FE1, 1A223 becomes A223, etc. If you use the method described above and the code doesn't work, and you're pretty sure that it *should* work, then here is what you need to do... Take the last 3 digits of you ROM address and make 8 new codes using the numbers 0 thru 7 as the first digit. I know that's kinda confusing, so here's an example... If the ROM address is 4BB2, but that code doesn't work when converted into a Game Genie code, take the last 3 digits of the ROM address (BB2) and add the numbers 0 - 7 as the first digit. So here are the 8 new codes you get... 0BB2 1BB2 2BB2 3BB2 4BB2 5BB2 6BB2 7BB2 (see update below) Of course since 4BB2 was the original code, you don't need to try it again. If you try each of the new codes, one of them should work. Remember, you only need to do this if the original code doesn't work. As far as I can tell, the reason why you need to use this method on some codes is because of memory mappers. Luckily, memory mappers were not used on the SNES. *UPDATED* (ver 0.5) If your ROM address starts with an even number, then you only need to try the codes that start with even numbers, if your hex code starts with an odd number, then you only need to try the codes that start with odd numbers. So in the example above, since the hex code was 4BB2, "4" is an even number, so you only need to check these: 0BB2 2BB2 4BB2 6BB2 But if the example above started with an odd number (lets say it was 3BB2), then you only need to check these: 1BB2 3BB2 5BB2 7BB2 ======================================================= *NEW* (ver. 0.4) 7) Hacking a ROM to see if a code will work... This tip will work for NES, SNES, Gameboy, or Genesis, but it is most useful for NES, so that's the system I'll refer to. Basically, I use this method whenever I make new Game Genie codes for NES games because it lets me now right away if I have the right ROM address or not. If you read section 6 (above), you will see that sometimes, you will have to try up to 8 different codes before you find the right one. This can be very time consuming, and very frustrating if you find out that none of the codes even worked. The method I'm explaining here will pretty much guarantee that one of the codes will work. It will let you know for sure if you have the right ROM address or not. Here's how: All you do is make a backup copy of the ROM you're trying to make codes for, then open that ROM with a hex editor and change the address that you want to make a code for. Save the change and play that ROM with your favorite emulator and see if the hack works. If it does, than you know for sure that you have the right ROM address and you can proceed with making the Game Genie code. If the hack doesn't work, then you know you have the wrong ROM address, but at least you didn't have to waste a lot of time trying lots of different codes just to find out that none of them worked. =======================================================