Post by dlevere on Aug 4, 2011 17:13:36 GMT -4
A FAQ I recently came across that deals with Xplorer/Xploder code types. Its relevance to someone with a GameShark is that it includes a basic explanation of what you can use between a GameShark and an Xplorer, and Vice Versa. This is also valid for the Code Breaker PSX. The conversion to/from GameShark is not quite correct...
(Parts of this FAQ requires a basic knowledge of Assembly Language.)
Introduction
In the following, T is the default status, not really used by the cheat code. It must be 8 or 0. If it is 8, and you select the whole game, that particular cheat is not activated. For example, in a game we may have the following:
A Fighting game
Unlimited energy
80123456 00ff
One hit death
80123456 0001
As you can see, we clearly would never want both of these cheats on at the same time because the second one will take priority. If we make our codes look like this:
A Fighting game
Unlimited energy
80123456 00ff
One hit death
88123456 0001
Then whenever you select the whole fighting game only the first code is automatically switched on. The user must manually select the others. Note that only the first code in a group of codes needs the 8, all others in the group are also switched off. This bit is then masked out and becomes identical to a normal code.
Normal Code Types
NOTE: The Xplorer and GameShark / Action Replay "80", "30", and "D0" code types are interchangeable!! You can also replace the GS / AR "D0" and "D1" prefixes with the Xplorer "70" and "90" prefixes respectively.
00xxxxxx - yyyy - 32 bit code. Writes the 32 bit code in yyyy to address xxxxxx i.e. the upper half word is zeroed out and is the equivalent of:
80xxxxxx-yyyy
80xxxxx(x+2)-0000
The one (1) code at the beginning of the address only needs to be present if there is a skip if true or a skip if false code immediately above the slide code. This is because a skip code only knows to skip two words (32 bits * 2) which is what a normal code ends up as. Mega codes and super codes simply have a pointer to flash as the second word. The one code is not understood by the X-terminator cheat engine and is therefore ignored. This is the simplest way at the moment to solve the problem.
10xxxxxx - yyyy - Does nothing. Used by slide code and skip if true and false.
4T000000 - XXXX - A 4 code is a slow motion code. Its success rate is not brilliant at the moment. It is simply a loop executed (XXXX << 12) times.
7TXXXXXX - YYYY - Skip if false code, Opposite of a 9 code. Only does the following code if xxxxxx = yyyy.
9TXXXXXX - YYYY - Skip if true code will not do the following cheat (including mega/supa) if the half word contained in XXXXXX = YYYY. One use is so that we can insert a dead/Super code only once, saves a lot of time if the codes are big!
CTXXXXXX - YYYY - This is the same as a D code again only used for Action Replay compatability.
DTXXXXXX - YYYY - Only for compatability with Datel. Use F or 7 codes instead. (The GS / AR "D0" code IS compatible with the Xplorer.)
FTXXXXXX – YYYY - Same as a 7 code but affects ALL cheats. This is our equivalent of a Datel D master code but better defined (Datel combines our F codes and 7 codes into one D code only entered in two separate places which is stupid). If the Xplorer finds any code in a game that starts with an F then it will switch it on any time you select another code and switch it off if it is the last code.
Special Code Types
Mega Code
6T?????0 YYYY
AAAAAAAA CCCC
FFFFFFFF 0011
22334455 6677
8899
?=Don't care
AA= Break address
YY= Count in bytes to insert at location 40
CC= Coprocessor break type (upper half)
FF= Breakpoint mask (usually FFFFFFFF)
00= bytes of code in address order
11
Super Code
5TXXXXXX 0YYY
00112233 4455
6677
XXXXXX = Address to place the code
YYY = Count in bytes of code
00
11 etc. = Actual code. Note, only Byte codes will be placed so you can place in single byte multiples. For example:
50123456 0001
00112233 4455
Slide Code
Brrraaaa-dddd
10xxxxxx-yyyy
rrr : repeat count
aaaa : increase address
dddd : increase data
xxxxxx : start address
yyyy : start date
Slide codes are so useful. They can turn a massive great long code into only two lines. A good example is something like.
Action Replay
Have all Licenses in gran turismo (Euro cheat used as example)
D009E3C4 0000
8009E3C4 0303
D009E3C6 0000
8009E3C6 0303
D009E3C8 0000
8009E3C8 0303
D009E3CA 0000
8009E3CA 0303
D009E3CC 0000
8009E3CC 0303
D009E3CE 0000
8009E3CE 0303
D009E3D0 0000
8009E3D0 0303
D009E3D2 0000
8009E3D2 0303
D009E3D4 0000
8009E3D4 0303
D009E3D6 0000
8009E3D6 0303
D009E3D8 0000
8009E3D8 0303
D009E3DA 0000
8009E3DA 0303
B. License
7005a4e60100 <<<<<<<<<< Do if True code.
B00400020000 <<<<<<<<<< Actual "B0" code.
1009e3c40303 <<<<<<<<<< Beginning address to modify.
A. License
7005a4e60100
B00400020000
1009e3cC0303
A. International License
7005a4e60100
B00400020000
1009e3d40303
Pretty cool huh....there are lots of other examples too!
SLIDE CODE CONVERSION: GS/AR <XP>>16 ;no need as already zero
76D8 34027728 : ori v0,zero,table16&65535 ;this command is non-relocatable
76DC 00481021 : addu v0,v0,t0
76E0 340A0104 : ori t2,zero,$0104 ;the lookup table in bitwise form
76E4 010A5006 : srl t2,t2,t0 ;put the appropriate bit at zero'th
76E8 314A0001 : andi t2,t2,1 ;OK got address increment
76EC 80440000 : lb a0,0(v0) ;lookup increase/decrease
76F0 006A1821 : addu v1,v1,t2 ;add address increment
76F4 80620000 : lb v0,0(v1)
76F8 340A000A : ori t2,zero,10 ;delay until next check
76FC 00442020 : add a0,v0,a0 ;add either 0 1 or ff
7700 A0640000 : sb a0,0(v1) ;store it
7704 A00A0000 : sb t2,0(zero) ;start count again
Finished
7708 8C030004 : lw v1,4(zero) ;restore the old register contents
770C 8C080008 : lw t0,8(zero)
lw t1,12(zero)
7710 8C040010 : lw a0,16(zero)
7714 26523E28 : addiu s2,s2,$3e28 ;from $80065E80, moved as used upper half
7718 3C028006 : lui v0,$8006
771C 34425E88 : ori v0,v0,$5e88
7720 00400008 : jr v0 ;go back to $80065E88
7724 8C0A0018 : lw t2,24(zero) ;although it looks weird,
it's executed before the JR V0
Table16
7728 00FF0000 : db 00,ff,ff,00,
772C 00000001 : 01,00,00,00,
7730 00000001 : 01 ;rest already zero ! - ,0,0,0,0,0,0,0
This gives us the code
F0065E72 3C10 The master code allows us to activate the cheat only
when the weapons selector code is in memory
70065E78 0018 Only do this when the old code is here i.e. once
50065E78 0010 Put the patch part of the code
0080023C 9076
42340800 4000
00000000 DEAD Note some of this line is not used (DEAD)
90007690 0018 9 code as we only want to insert the code once or the game may slow
50007690 00A1 a1 number of bytes
1800B2AF 0C80 The assembly code
123C1C00 BFAF
040003AC 0800
08AC1000 04AC
18000AAC 0C00
049238C6 4336 Slot 1 pointer, least significant word
00000890 8010
04000300 0011
FFFF0825 0000
08A00F00 0010
3C5F4886 2018 Joker, least significant word
62000F00 0831
28770234 2110
48000401 0A34
06500A01 0100
4A310000 4480
21186A00 0000
62800A00 0A34
20204400 0000
64A00000 0AA0
0400038C 0800
088C1000 048C
283E5226 0680 old code from $80065E80
023C885E 4234 JR $80065E88
08004000 1800
0A8C00FF FF00
01000000 0100
At the moment there are no patches for the French and Italian version. If you want to patch these versions, check the green colored code above. Finding joker and slot 1 pointer should be no problem. To find the breakpoint, use a disassembler and search between $80065000 and $80067000 for a sequence like this:
sw s2, 0x0018(sp)
lui s2, 0x800c
addiu s2, s2, 0x????
sw ra, 0x001c(sp)
sltiu v0, v1, 0x0005
or if you are using "N64PSX 0.4" look for:
sw $s2,0x0018($sp)
move $s2,0x800c????
sw $ra,0x001c($sp)
sltiu $v0,$v1,0x0005
That’s it!. Obviously I don't expect Many people to come up with these type of codes but If anyone is after a challenge then it does not get any more challenging than doing a good Super Code.
Good Luck,
Wayne
Last Modified: May 5, 2000
(Parts of this FAQ requires a basic knowledge of Assembly Language.)
Introduction
In the following, T is the default status, not really used by the cheat code. It must be 8 or 0. If it is 8, and you select the whole game, that particular cheat is not activated. For example, in a game we may have the following:
A Fighting game
Unlimited energy
80123456 00ff
One hit death
80123456 0001
As you can see, we clearly would never want both of these cheats on at the same time because the second one will take priority. If we make our codes look like this:
A Fighting game
Unlimited energy
80123456 00ff
One hit death
88123456 0001
Then whenever you select the whole fighting game only the first code is automatically switched on. The user must manually select the others. Note that only the first code in a group of codes needs the 8, all others in the group are also switched off. This bit is then masked out and becomes identical to a normal code.
Normal Code Types
NOTE: The Xplorer and GameShark / Action Replay "80", "30", and "D0" code types are interchangeable!! You can also replace the GS / AR "D0" and "D1" prefixes with the Xplorer "70" and "90" prefixes respectively.
00xxxxxx - yyyy - 32 bit code. Writes the 32 bit code in yyyy to address xxxxxx i.e. the upper half word is zeroed out and is the equivalent of:
80xxxxxx-yyyy
80xxxxx(x+2)-0000
The one (1) code at the beginning of the address only needs to be present if there is a skip if true or a skip if false code immediately above the slide code. This is because a skip code only knows to skip two words (32 bits * 2) which is what a normal code ends up as. Mega codes and super codes simply have a pointer to flash as the second word. The one code is not understood by the X-terminator cheat engine and is therefore ignored. This is the simplest way at the moment to solve the problem.
10xxxxxx - yyyy - Does nothing. Used by slide code and skip if true and false.
4T000000 - XXXX - A 4 code is a slow motion code. Its success rate is not brilliant at the moment. It is simply a loop executed (XXXX << 12) times.
7TXXXXXX - YYYY - Skip if false code, Opposite of a 9 code. Only does the following code if xxxxxx = yyyy.
9TXXXXXX - YYYY - Skip if true code will not do the following cheat (including mega/supa) if the half word contained in XXXXXX = YYYY. One use is so that we can insert a dead/Super code only once, saves a lot of time if the codes are big!
CTXXXXXX - YYYY - This is the same as a D code again only used for Action Replay compatability.
DTXXXXXX - YYYY - Only for compatability with Datel. Use F or 7 codes instead. (The GS / AR "D0" code IS compatible with the Xplorer.)
FTXXXXXX – YYYY - Same as a 7 code but affects ALL cheats. This is our equivalent of a Datel D master code but better defined (Datel combines our F codes and 7 codes into one D code only entered in two separate places which is stupid). If the Xplorer finds any code in a game that starts with an F then it will switch it on any time you select another code and switch it off if it is the last code.
Special Code Types
Mega Code
6T?????0 YYYY
AAAAAAAA CCCC
FFFFFFFF 0011
22334455 6677
8899
?=Don't care
AA= Break address
YY= Count in bytes to insert at location 40
CC= Coprocessor break type (upper half)
FF= Breakpoint mask (usually FFFFFFFF)
00= bytes of code in address order
11
Super Code
5TXXXXXX 0YYY
00112233 4455
6677
XXXXXX = Address to place the code
YYY = Count in bytes of code
00
11 etc. = Actual code. Note, only Byte codes will be placed so you can place in single byte multiples. For example:
50123456 0001
00112233 4455
Slide Code
Brrraaaa-dddd
10xxxxxx-yyyy
rrr : repeat count
aaaa : increase address
dddd : increase data
xxxxxx : start address
yyyy : start date
Slide codes are so useful. They can turn a massive great long code into only two lines. A good example is something like.
Action Replay
Have all Licenses in gran turismo (Euro cheat used as example)
D009E3C4 0000
8009E3C4 0303
D009E3C6 0000
8009E3C6 0303
D009E3C8 0000
8009E3C8 0303
D009E3CA 0000
8009E3CA 0303
D009E3CC 0000
8009E3CC 0303
D009E3CE 0000
8009E3CE 0303
D009E3D0 0000
8009E3D0 0303
D009E3D2 0000
8009E3D2 0303
D009E3D4 0000
8009E3D4 0303
D009E3D6 0000
8009E3D6 0303
D009E3D8 0000
8009E3D8 0303
D009E3DA 0000
8009E3DA 0303
B. License
7005a4e60100 <<<<<<<<<< Do if True code.
B00400020000 <<<<<<<<<< Actual "B0" code.
1009e3c40303 <<<<<<<<<< Beginning address to modify.
A. License
7005a4e60100
B00400020000
1009e3cC0303
A. International License
7005a4e60100
B00400020000
1009e3d40303
Pretty cool huh....there are lots of other examples too!
SLIDE CODE CONVERSION: GS/AR <XP>>16 ;no need as already zero
76D8 34027728 : ori v0,zero,table16&65535 ;this command is non-relocatable
76DC 00481021 : addu v0,v0,t0
76E0 340A0104 : ori t2,zero,$0104 ;the lookup table in bitwise form
76E4 010A5006 : srl t2,t2,t0 ;put the appropriate bit at zero'th
76E8 314A0001 : andi t2,t2,1 ;OK got address increment
76EC 80440000 : lb a0,0(v0) ;lookup increase/decrease
76F0 006A1821 : addu v1,v1,t2 ;add address increment
76F4 80620000 : lb v0,0(v1)
76F8 340A000A : ori t2,zero,10 ;delay until next check
76FC 00442020 : add a0,v0,a0 ;add either 0 1 or ff
7700 A0640000 : sb a0,0(v1) ;store it
7704 A00A0000 : sb t2,0(zero) ;start count again
Finished
7708 8C030004 : lw v1,4(zero) ;restore the old register contents
770C 8C080008 : lw t0,8(zero)
lw t1,12(zero)
7710 8C040010 : lw a0,16(zero)
7714 26523E28 : addiu s2,s2,$3e28 ;from $80065E80, moved as used upper half
7718 3C028006 : lui v0,$8006
771C 34425E88 : ori v0,v0,$5e88
7720 00400008 : jr v0 ;go back to $80065E88
7724 8C0A0018 : lw t2,24(zero) ;although it looks weird,
it's executed before the JR V0
Table16
7728 00FF0000 : db 00,ff,ff,00,
772C 00000001 : 01,00,00,00,
7730 00000001 : 01 ;rest already zero ! - ,0,0,0,0,0,0,0
This gives us the code
F0065E72 3C10 The master code allows us to activate the cheat only
when the weapons selector code is in memory
70065E78 0018 Only do this when the old code is here i.e. once
50065E78 0010 Put the patch part of the code
0080023C 9076
42340800 4000
00000000 DEAD Note some of this line is not used (DEAD)
90007690 0018 9 code as we only want to insert the code once or the game may slow
50007690 00A1 a1 number of bytes
1800B2AF 0C80 The assembly code
123C1C00 BFAF
040003AC 0800
08AC1000 04AC
18000AAC 0C00
049238C6 4336 Slot 1 pointer, least significant word
00000890 8010
04000300 0011
FFFF0825 0000
08A00F00 0010
3C5F4886 2018 Joker, least significant word
62000F00 0831
28770234 2110
48000401 0A34
06500A01 0100
4A310000 4480
21186A00 0000
62800A00 0A34
20204400 0000
64A00000 0AA0
0400038C 0800
088C1000 048C
283E5226 0680 old code from $80065E80
023C885E 4234 JR $80065E88
08004000 1800
0A8C00FF FF00
01000000 0100
At the moment there are no patches for the French and Italian version. If you want to patch these versions, check the green colored code above. Finding joker and slot 1 pointer should be no problem. To find the breakpoint, use a disassembler and search between $80065000 and $80067000 for a sequence like this:
sw s2, 0x0018(sp)
lui s2, 0x800c
addiu s2, s2, 0x????
sw ra, 0x001c(sp)
sltiu v0, v1, 0x0005
or if you are using "N64PSX 0.4" look for:
sw $s2,0x0018($sp)
move $s2,0x800c????
sw $ra,0x001c($sp)
sltiu $v0,$v1,0x0005
That’s it!. Obviously I don't expect Many people to come up with these type of codes but If anyone is after a challenge then it does not get any more challenging than doing a good Super Code.
Good Luck,
Wayne
Last Modified: May 5, 2000