Post by dlevere on Aug 4, 2011 15:09:27 GMT -4
PD general RAM shit
by Insom(niadmx)
You might not want to use wordwrap...
Everything is in order as it comes in RAM. I may add a section for ROM crap eventually.
Part 1 | What are N64 gameshark cheats?
Part 2 | Square Guru's cheats and beyond. (Static data in RAM and what it means to you.)
Part 3 | To the ends of the known universe.
Part 4 | Goodies!
Part 1 | What are N64 gameshark cheats?
I remember the days when cheats were magic spells worked in conjunction with magical two slot cartridges.
Those days are long gone...
About two or three years ago, I found a program that would change SNES gamegenie cheats into, ROM addresses, and values that would replace the originals.
That gave me my start with a hex editor and cheats.
Those cheats were encrypted in whatever way they were, which is quite a pain.
I later got into making GBA codebreaker cheats with Visual Boy Advance, these weren't encrytped.
I eventually got pretty good at this, and built the skill with which I make them for this game.
The syntax for both the GBA's codebreaker codes and the N64's gameshark codes are almost identical.
Enough about all that though, to the flesh of the subject...
In every computer, data must be stored.
Most computers utilize banks and addresses to map this data. (you aren't gonna worry about banks today)
ie: '80:06D2EE,' the first two digits are called the bank, the ones after make an address.
A N64 gameshark cheat simply takes a prefix, sticks it onto an address and sticks a value onto that.
Everything that the N64 GS can edit is in the bank 80, which is RAM, by the way.
ie: '8006D2EE 0004' (note that the first two digits in this code aren't a bank, they're a prefix.)
Here's a table of prefixes for common N64 GS cheats. (Copied and edited from the PJ64 faq.)
80-XXXXXX 00YY 8-Bit Constant Write <------- Type one
81-XXXXXX YYYY 16-Bit Constant Write <---/
88-XXXXXX 00YY 8-Bit GS Button Write <------- Type two
89-XXXXXX YYYY 16-Bit GS Button Write <---/
D0-XXXXXX 00YY 8-Bit If Equal To <------- Type three
D1-XXXXXX YYYY 16-Bit If Equal To <---/
D2-XXXXXX 00YY 8-Bit If Not Equal To <------- Type four
D3-XXXXXX YYYY 16-Bit If Not Equal To <---/
F0-XXXXXX 00YY 8-Bit Bootup Write Once <------- Type five
F1-XXXXXX YYYY 16-Bit Bootup Write Once <---/
You'll probably recognize the first type of cheat;
throw in an address for the xx's and throw in a value for the yy's.
At that address, that value will be written once per frame.
...meaning it will stay that value regardless of what the game tries to put there.
The second type work the same way, only they write that value when you press the gameshark button.
The third and fourth types compare the current value at that address with the value you put:
For the third, the cheat that comes after this one will write only when the values are equal.
The fourth only lets the cheat that comes after work when the values aren't equal.
The fifth type writes the value you put at the address you put when the game starts up.
You'll need to apply this knowledge to use this document.
Insom is either a laaaaazy ass guy, or he wants people to learn something, I don't know...
Part 2 | Square Guru's cheats and beyond. (Static data in RAM and what it means to you.)
The cheats that Square Guru discovered all edit static data tables in RAM.
They are written to RAM when the game initializes.
"Why is there data that does not change in RAM, Insom?"
Because it can be accessed faster, I won't go in depth there, because I don't know enough about computer archetecture in general to answer that.
"What does this mean?"
That means it's a gold mine for making cool cheats.
"Why?"
First of all, you can edit some parameters of guns, exclusively for that gun, usually, you can't do cool stuff like this with cheats.
Second, everything's in somewhat neat tables, so as long as you've mapped one table and know where one part in all of them is, you know virtually everything.
I may have many holes in my map, but at least it's more thorough than that of Square Guru's.
Square Guru's "FAQ" was written in a way that I don't like;
it caters to those who want to throw a bunch of pre-fab crap together.
Not my style...
So... Insom is gonna teach you how to apply 3rd grade math to the real world.
Keep that in mind and bear with me.
Everything in this section is either an address for magazine capacity, or something for the shotgun.
[Look under all this crap for some kind of insufficient instruction.]
0x8006B708 - Falcon 2, Falcon 2 (silenced)
0x8006B71C - Falcon 2 (scope)
0x8006B9F8 - MagSec 4
0x8006C154 - Mauler
0x8006BF28 - Phoenix
0x8006BD30 - DY357 Magnum, DY357 LX
0x8006C3B8 - CMP-150
0x8006C564 - Cyclone
0x8006C83C - Callisto NTG
0x8006C6C8 - RC-P120
0x8006D168 - Laptop Gun
0x8106C98C - Dragon
0x8006CF4C - K7 Avenger
0x8006CD74 - AR34
0x8006CBB0 - SuperDragon
Shotgun:
0x8006D2E0 - Magazine Capacity (4 byte value)
0x8006D2E4 - Reload Motion (4 byte pointer)
0x8006D2EC - Object held in your hand?
0x8006D2EE - Object held in opponent's hand?
0x8006D2F0 - Pointer to Primary Function Motions (4 byte pointer)
0x8006D2F8 - How gun is held in secondary function. (4 byte pointer)
0x8006D2FC - Transition Between functions if they look different. (4 byte pointer)
0x8006D300 - Primary Function (4 byte pointer)
0x8006D304 - Secondary Function (4 byte pointer)
0x8006D308 - Reload Method (4 byte pointer)
0x8006D30C - Pointer to secondary function alternate ammo type. (4 byte pointer)
0x8006D310 - Zoom (4 byte pointer)
0x8006D318 - Gun position Shotgun X axis
0x8006D31C - Gun position Shotgun Y axis
0x8006D320 - Gun position Shotgun Z axis
0x8006D328 - Seems to point to a shell casing table.
0x8006D33A - Double Gun Status Flag
0x8006D332 - Gun Name Pointer
Shotgun Primary Function Table: 0x8006D258 - 0x8006D2??
0x8006D25A - Ammo depletion (set to 1 for full depletion in one shot or rapid fire if $0x8006D29C allows it, set to anything else for regular.)
0x8006D25C - Function Name
0x8006D258 - Set to FF to make guns have unlimited ammo, used in the laser.
0x8006D264 - Gun Shooting Motion
0x8006D268 - Modifiers such as Explosive shells, Burst Fire, Threat Detector on screen, .ect (4 byte pointer)
0x8006D274 - Damage Value
0x8006D27C - Rate of Fire (Button Tapping)
0x8006D278 - Accuracy (Spread)
0x8006D292 - Shot Sound
0x8006D294 - How many things the gun can shoot through.
0x8006D29C - Automatic Fire rate
Shotgun Secondary Function Table: 0x8006D298 - 0x8006D2C7 (64 bytes)
0x8006D29A - Ammo depletion (set to 1 for full depletion in one shot or rapid fire if $0x8006D29C allows it, set to anything else for regular.)
0x8006D29C - Function Name
0x8006D298 - Set to FF to make guns have unlimited ammo, used in the laser.
0x8006D2A4 - Gun Shooting Motion
0x8006D2A8 - Modifiers such as Explosive shells, Burst Fire, Threat Detector on screen, .ect (4 byte pointer)
0x8006D2B4 - Damage Value
0x8006D2BC - Rate of Fire (Button Tapping)
0x8006D2B8 - Accuracy (Spread)
0x8006D2D2 - Shot Sound
0x8006D2D4 - How many things the gun can shoot through.
0x8006D2DC - Automatic Fire rate
Shotgun Primary Function Motion Table: 0x8006D218 - 0x8006D237
Uncharted
Shotgun Secondary Function Motion Table: 0x8006D238 - 0x8006D257
Uncharted
0x8006D4E4 - Reaper
0x8006E674 - Sniper Rifle
0x8006E080 - Farsight XR-20
0x8006D9E4 - Devastator
0x8006D6C0 - Rocket Launcher
0x8006D834 - Slayer
0x800703D8 - Combat Knife
0x8006E290 - Crossbow
0x8006E468 - Tranquilizer
0x800703B0 - Grenade
0x80070444 - N-Bomb
0x80070414 - Timed Mine
0x80070408 - Proximity Mine
0x800703FC - Remote Mine
0x8006F45C - Combat Boost
0x8006E850 - PP9i
0x8006E90C - CC13
0x8006E9C4 - KLO1313
0x8006EB34 - ZZT (9mm)
0x8006EBEC - DMC
0x8006ECA4 - AR53
0x8006ED5C - RC-P45
Say you want to change the zoom for the crossbow, you would do this:
Take the shotgun's ammo capacity, the shotgun's zoom, and the crossbow's ammo capacity.
Make it into an equation...
shotgun capacity - shotgun zoom = crossbow zoom - crossbow capacity
8006D2E0 - 8006D310 = cz - 8006E290
30 = cz - 8006E290
30 + 8006E290 = cz - 8006E290 + 8006E290
8006E2C0 = cz
It should make sense...
You ask yourself, shouldn't the difference between the capacity and zoom of both weapons be the same?
That should work for everything.
Part 3 | To the ends of the known universe.
I'll give you everything else I found in RAM here.
Multiplayer:
Player 1's Ammo
0x801BCE4C - Pistol ammo
0x801BCE50 - SMG ammo
0x801BCE54 - Crossbow Bolts
0x801BCE58 - Assault Rifle ammo
0x801BCE60 - Farsight Orbs
0x801BCE64 - Frag Grenades
0x801BCE68 - Rockets
0x801BCE6C - Combat Knives
0x801BCE70 - Magnum Bullets
0x801BCE74 - Ballistic Grenades
0x801BCE78 - Remote Mines
0x801BCE7c - Proxy Mines
0x801BCE80 - Timed Mines
0x801BCE84 - Reaper Ammo
0x801BCE90 - N-Bombs
0x801BCE94 - Tranquilizer Ammo
0x801BCEA0 - Psychosis Gun Ammo
Favorite weapon of the match timer table.
0x801BCF20 - Unarmed
everything else comes after...
0x801BBCD8 - Value for Gun Shit for right arm weapon.
0x801BC47C - Value for Gun Shit for left arm weapon.
0x801BCC20 - Value for other gun stuff. (both guns share this)
Part 4 | Goodies!
This is the place for everything else that's cool;
that includes just cheats that I've made as of now.
Everything here was created solely from all of the knowledge above.
Falcon 2 chambered for shotshells: (Attempts to make a second shotgun that doesn't conflict with the original, sort of works...)
D01BBCD8 0002
801BCC20 0013
D01BBCD8 0002
8106D2F2 B5FC
D01BBCD8 0002
8106D30A B700
D01BBCD8 0002
8106D306 B6B4
D01BBCD8 0013
8106D2F2 D218
D01BBCD8 0013
8106D30A D2D8
D01BBCD8 0013
8106D306 D298
D01BBCD8 0002
8106B66E 8073
D01BBCD8 0004
8106B66E 804D
D01BBCD8 0002
8106B658 0310
D01BBCD8 0002
8106B65A 00FF
D01BBCD8 0004
8106B658 0305
D01BBCD8 0004
8106B65A 0200
D01BBCD8 0002
8106B638 4C59
D01BBCD8 0004
8106B638 4C55
D01BBCD8 0002
8106B654 4190
D01BBCD8 0004
8106B654 3F80
D01BBCD8 0002
8006B709 0005
D01BBCD8 0003
8006B709 0008
Credit to Square Guru and everyone who has contributed to his weapon faq, because it gave me a good start.
Credit to cactus for inspiration and company.
Credit to Jathys and Kejardon for giving me my start in the ROM-Hacking world.
Credit to Nintendo and Rare for releasing this game.
Credit to urmom for last night.
And... credit to everyone else.
by Insom(niadmx)
You might not want to use wordwrap...
Everything is in order as it comes in RAM. I may add a section for ROM crap eventually.
Part 1 | What are N64 gameshark cheats?
Part 2 | Square Guru's cheats and beyond. (Static data in RAM and what it means to you.)
Part 3 | To the ends of the known universe.
Part 4 | Goodies!
Part 1 | What are N64 gameshark cheats?
I remember the days when cheats were magic spells worked in conjunction with magical two slot cartridges.
Those days are long gone...
About two or three years ago, I found a program that would change SNES gamegenie cheats into, ROM addresses, and values that would replace the originals.
That gave me my start with a hex editor and cheats.
Those cheats were encrypted in whatever way they were, which is quite a pain.
I later got into making GBA codebreaker cheats with Visual Boy Advance, these weren't encrytped.
I eventually got pretty good at this, and built the skill with which I make them for this game.
The syntax for both the GBA's codebreaker codes and the N64's gameshark codes are almost identical.
Enough about all that though, to the flesh of the subject...
In every computer, data must be stored.
Most computers utilize banks and addresses to map this data. (you aren't gonna worry about banks today)
ie: '80:06D2EE,' the first two digits are called the bank, the ones after make an address.
A N64 gameshark cheat simply takes a prefix, sticks it onto an address and sticks a value onto that.
Everything that the N64 GS can edit is in the bank 80, which is RAM, by the way.
ie: '8006D2EE 0004' (note that the first two digits in this code aren't a bank, they're a prefix.)
Here's a table of prefixes for common N64 GS cheats. (Copied and edited from the PJ64 faq.)
80-XXXXXX 00YY 8-Bit Constant Write <------- Type one
81-XXXXXX YYYY 16-Bit Constant Write <---/
88-XXXXXX 00YY 8-Bit GS Button Write <------- Type two
89-XXXXXX YYYY 16-Bit GS Button Write <---/
D0-XXXXXX 00YY 8-Bit If Equal To <------- Type three
D1-XXXXXX YYYY 16-Bit If Equal To <---/
D2-XXXXXX 00YY 8-Bit If Not Equal To <------- Type four
D3-XXXXXX YYYY 16-Bit If Not Equal To <---/
F0-XXXXXX 00YY 8-Bit Bootup Write Once <------- Type five
F1-XXXXXX YYYY 16-Bit Bootup Write Once <---/
You'll probably recognize the first type of cheat;
throw in an address for the xx's and throw in a value for the yy's.
At that address, that value will be written once per frame.
...meaning it will stay that value regardless of what the game tries to put there.
The second type work the same way, only they write that value when you press the gameshark button.
The third and fourth types compare the current value at that address with the value you put:
For the third, the cheat that comes after this one will write only when the values are equal.
The fourth only lets the cheat that comes after work when the values aren't equal.
The fifth type writes the value you put at the address you put when the game starts up.
You'll need to apply this knowledge to use this document.
Insom is either a laaaaazy ass guy, or he wants people to learn something, I don't know...
Part 2 | Square Guru's cheats and beyond. (Static data in RAM and what it means to you.)
The cheats that Square Guru discovered all edit static data tables in RAM.
They are written to RAM when the game initializes.
"Why is there data that does not change in RAM, Insom?"
Because it can be accessed faster, I won't go in depth there, because I don't know enough about computer archetecture in general to answer that.
"What does this mean?"
That means it's a gold mine for making cool cheats.
"Why?"
First of all, you can edit some parameters of guns, exclusively for that gun, usually, you can't do cool stuff like this with cheats.
Second, everything's in somewhat neat tables, so as long as you've mapped one table and know where one part in all of them is, you know virtually everything.
I may have many holes in my map, but at least it's more thorough than that of Square Guru's.
Square Guru's "FAQ" was written in a way that I don't like;
it caters to those who want to throw a bunch of pre-fab crap together.
Not my style...
So... Insom is gonna teach you how to apply 3rd grade math to the real world.
Keep that in mind and bear with me.
Everything in this section is either an address for magazine capacity, or something for the shotgun.
[Look under all this crap for some kind of insufficient instruction.]
0x8006B708 - Falcon 2, Falcon 2 (silenced)
0x8006B71C - Falcon 2 (scope)
0x8006B9F8 - MagSec 4
0x8006C154 - Mauler
0x8006BF28 - Phoenix
0x8006BD30 - DY357 Magnum, DY357 LX
0x8006C3B8 - CMP-150
0x8006C564 - Cyclone
0x8006C83C - Callisto NTG
0x8006C6C8 - RC-P120
0x8006D168 - Laptop Gun
0x8106C98C - Dragon
0x8006CF4C - K7 Avenger
0x8006CD74 - AR34
0x8006CBB0 - SuperDragon
Shotgun:
0x8006D2E0 - Magazine Capacity (4 byte value)
0x8006D2E4 - Reload Motion (4 byte pointer)
0x8006D2EC - Object held in your hand?
0x8006D2EE - Object held in opponent's hand?
0x8006D2F0 - Pointer to Primary Function Motions (4 byte pointer)
0x8006D2F8 - How gun is held in secondary function. (4 byte pointer)
0x8006D2FC - Transition Between functions if they look different. (4 byte pointer)
0x8006D300 - Primary Function (4 byte pointer)
0x8006D304 - Secondary Function (4 byte pointer)
0x8006D308 - Reload Method (4 byte pointer)
0x8006D30C - Pointer to secondary function alternate ammo type. (4 byte pointer)
0x8006D310 - Zoom (4 byte pointer)
0x8006D318 - Gun position Shotgun X axis
0x8006D31C - Gun position Shotgun Y axis
0x8006D320 - Gun position Shotgun Z axis
0x8006D328 - Seems to point to a shell casing table.
0x8006D33A - Double Gun Status Flag
0x8006D332 - Gun Name Pointer
Shotgun Primary Function Table: 0x8006D258 - 0x8006D2??
0x8006D25A - Ammo depletion (set to 1 for full depletion in one shot or rapid fire if $0x8006D29C allows it, set to anything else for regular.)
0x8006D25C - Function Name
0x8006D258 - Set to FF to make guns have unlimited ammo, used in the laser.
0x8006D264 - Gun Shooting Motion
0x8006D268 - Modifiers such as Explosive shells, Burst Fire, Threat Detector on screen, .ect (4 byte pointer)
0x8006D274 - Damage Value
0x8006D27C - Rate of Fire (Button Tapping)
0x8006D278 - Accuracy (Spread)
0x8006D292 - Shot Sound
0x8006D294 - How many things the gun can shoot through.
0x8006D29C - Automatic Fire rate
Shotgun Secondary Function Table: 0x8006D298 - 0x8006D2C7 (64 bytes)
0x8006D29A - Ammo depletion (set to 1 for full depletion in one shot or rapid fire if $0x8006D29C allows it, set to anything else for regular.)
0x8006D29C - Function Name
0x8006D298 - Set to FF to make guns have unlimited ammo, used in the laser.
0x8006D2A4 - Gun Shooting Motion
0x8006D2A8 - Modifiers such as Explosive shells, Burst Fire, Threat Detector on screen, .ect (4 byte pointer)
0x8006D2B4 - Damage Value
0x8006D2BC - Rate of Fire (Button Tapping)
0x8006D2B8 - Accuracy (Spread)
0x8006D2D2 - Shot Sound
0x8006D2D4 - How many things the gun can shoot through.
0x8006D2DC - Automatic Fire rate
Shotgun Primary Function Motion Table: 0x8006D218 - 0x8006D237
Uncharted
Shotgun Secondary Function Motion Table: 0x8006D238 - 0x8006D257
Uncharted
0x8006D4E4 - Reaper
0x8006E674 - Sniper Rifle
0x8006E080 - Farsight XR-20
0x8006D9E4 - Devastator
0x8006D6C0 - Rocket Launcher
0x8006D834 - Slayer
0x800703D8 - Combat Knife
0x8006E290 - Crossbow
0x8006E468 - Tranquilizer
0x800703B0 - Grenade
0x80070444 - N-Bomb
0x80070414 - Timed Mine
0x80070408 - Proximity Mine
0x800703FC - Remote Mine
0x8006F45C - Combat Boost
0x8006E850 - PP9i
0x8006E90C - CC13
0x8006E9C4 - KLO1313
0x8006EB34 - ZZT (9mm)
0x8006EBEC - DMC
0x8006ECA4 - AR53
0x8006ED5C - RC-P45
Say you want to change the zoom for the crossbow, you would do this:
Take the shotgun's ammo capacity, the shotgun's zoom, and the crossbow's ammo capacity.
Make it into an equation...
shotgun capacity - shotgun zoom = crossbow zoom - crossbow capacity
8006D2E0 - 8006D310 = cz - 8006E290
30 = cz - 8006E290
30 + 8006E290 = cz - 8006E290 + 8006E290
8006E2C0 = cz
It should make sense...
You ask yourself, shouldn't the difference between the capacity and zoom of both weapons be the same?
That should work for everything.
Part 3 | To the ends of the known universe.
I'll give you everything else I found in RAM here.
Multiplayer:
Player 1's Ammo
0x801BCE4C - Pistol ammo
0x801BCE50 - SMG ammo
0x801BCE54 - Crossbow Bolts
0x801BCE58 - Assault Rifle ammo
0x801BCE60 - Farsight Orbs
0x801BCE64 - Frag Grenades
0x801BCE68 - Rockets
0x801BCE6C - Combat Knives
0x801BCE70 - Magnum Bullets
0x801BCE74 - Ballistic Grenades
0x801BCE78 - Remote Mines
0x801BCE7c - Proxy Mines
0x801BCE80 - Timed Mines
0x801BCE84 - Reaper Ammo
0x801BCE90 - N-Bombs
0x801BCE94 - Tranquilizer Ammo
0x801BCEA0 - Psychosis Gun Ammo
Favorite weapon of the match timer table.
0x801BCF20 - Unarmed
everything else comes after...
0x801BBCD8 - Value for Gun Shit for right arm weapon.
0x801BC47C - Value for Gun Shit for left arm weapon.
0x801BCC20 - Value for other gun stuff. (both guns share this)
Part 4 | Goodies!
This is the place for everything else that's cool;
that includes just cheats that I've made as of now.
Everything here was created solely from all of the knowledge above.
Falcon 2 chambered for shotshells: (Attempts to make a second shotgun that doesn't conflict with the original, sort of works...)
D01BBCD8 0002
801BCC20 0013
D01BBCD8 0002
8106D2F2 B5FC
D01BBCD8 0002
8106D30A B700
D01BBCD8 0002
8106D306 B6B4
D01BBCD8 0013
8106D2F2 D218
D01BBCD8 0013
8106D30A D2D8
D01BBCD8 0013
8106D306 D298
D01BBCD8 0002
8106B66E 8073
D01BBCD8 0004
8106B66E 804D
D01BBCD8 0002
8106B658 0310
D01BBCD8 0002
8106B65A 00FF
D01BBCD8 0004
8106B658 0305
D01BBCD8 0004
8106B65A 0200
D01BBCD8 0002
8106B638 4C59
D01BBCD8 0004
8106B638 4C55
D01BBCD8 0002
8106B654 4190
D01BBCD8 0004
8106B654 3F80
D01BBCD8 0002
8006B709 0005
D01BBCD8 0003
8006B709 0008
Credit to Square Guru and everyone who has contributed to his weapon faq, because it gave me a good start.
Credit to cactus for inspiration and company.
Credit to Jathys and Kejardon for giving me my start in the ROM-Hacking world.
Credit to Nintendo and Rare for releasing this game.
Credit to urmom for last night.
And... credit to everyone else.