Post by dlevere on Aug 31, 2011 5:51:08 GMT -4
BY GOLDENBOY
========================
INTRODUCTION
========================
I'll get straight to it. I made this guide because of break points. It eventually led to other things such as ASM but break points were still the main thing. Well, I'm not one for words, so just read this.
This "guide" can be considered a FAQ as well, because it answers many question in a FAQ form.
And you'll notice that if you scroll down quickly things don't stick out well. So your best bet is not to look for certain things, rather read the guide from beginning to end to be sure you find whatever you need.
Oh, and please keep in mind that this guide based on the NINTENDO 64. So if you have a N64 - read on. If you have another system and don't have a N64 - read on anyway, knowledge is power. And some of this crap is similar to systems such as the PSX, Saturn, etc.
========================
ASSUMPTIONS
========================
Many tutorials and how-to's come with "assumptions." The author assumes that the reader has done something or has something even before proceeding in the guide. I have very few assumptions - there's not many I can think of at this point, but....
1. You most definitely should have GSCC2K2 (a hacking utility by Code Master) and have installed it. You can download it at its official site: www.cmgsccc.com . The file size isn't that big, and the software is great. And you should have some kind of idea on how to use the thing.
2. This assumption corresponds with number 1; you have to have hacking utilities: Gameshark (or cheat device), 25 pin wire, GSCC2K2.
3. You should definitely have some kind of knowledge of hacking devices and all of the things that are incorporated with them (Hacking, Hexadecimal knowledge, RAM editor knowledge, etc).
========================
THE BEGINNING
========================
WHAT ARE BREAK POINTS?
Break point is a technical term referring to the debugger line breaking. The debugger "breaks", or halts the game when the address in the RAM (Random Access Memory) is READ/WRITTEN to. What's going on is that the debugger watches the address that you set the break point on.
WHAT IS ASM?
The letters "ASM" are an acronym for Assembly Language. ASM is a low-level programming language that doesn't require special commands like C or C++. Instead, it controls the computer chip and what it does by "going around" the high-level language such as C and C++. ASM tells the CPU to carry out operations (move or manipulate data ). Not only that, it tells the CPU how to do it, when to do it, where to do it, etc. Think of it as a job. You boss can tell you to do something and you do it, right? But maybe the way you do it is inefficient. So your boss tells you to do it a another, more specific way instead. That's basically what ASM is doing.
IS ASM THE SAME FOR ALL SYSTEMS, LIKE MANY LANGUAGES?
No. All types of ASM are similar, of course, but some differ in that they have different amounts of bit "OpCodes" and many other things. It all depends on the processor that the system is using. The N64 uses a 64 bit processor that is R4300i ASM. The processor was designed by MIPS and was put together by NEC.
HOW DO THEY FIGURE INTO VIDEOGAMES?
With the aid of breaking and ASM you can do just about anything with your codes. ASM does everything. You may want it to NOT do something, or change the way it does something. Say, for instance, the game takes away ammo from you every time you shoot a bullet. You can stop that operation from happening. OR you could modify how it happens by altering HOW MANY bullets it takes from your ammo every time you shoot the gun. That's possible with ASM. Here's the breakdown:
Normal routine that game does:
-1. When gun is shot
-2. Minus ammo
-3. Replace old ammo with new ammo
Now, you would alter that by changing the last line:
-1. When gun is shot
-2. Minus ammo
-3. Don't replace ammo [thus, ammo doesn't change]
See line 3? It's changed. You're stopping the last line from even taking place. Note that it's not going to be this way in all situations, but this should help you get the gist of what's going on.
What's so great about that? Well, if you playing a game that use a different memory block for each level (e.g. Goldeneye, TWINE, Duke Nuken ZH), and a different code is needed for each level, then the ASM code would work for all levels.
========================
BREAK POINTS
========================
WHAT ARE BREAK POINTS? [Repeated]
Break point is a technical term referring to the debugger line breaking. The debugger "breaks", or halts the game when the address in the RAM (Random Access Memory) is READ/WRITTEN to.
The break can be READ or can WRITE. READ is when the stack checks the address to see if it changed or to make sure it doesn't change, and is . WRITE is, of course, when the stack writes to the address, telling it to change; when, where, by how much, etc. There is a third, BP Execute, or BPX. But unfortunately, the GSCC2K doesn't support BPX.
HOW DO THEY FIGURE INTO VIDEOGAMES?
Well, scroll down to the "Using Code Master's GSCC2K2" section to find out how to use them.
THE TYPES OF BREAK POINTS AND WHAT THEY DO.
The break can be Read or can Write. Read is when the stack checks the address you set the break point on to see if it changed or to make sure it doesn't change. Write is, of course, when the stack writes to the address, telling it to change; when, where, by how much, etc. There is a third, BP Execute, or BPX. But unfortunately, the GSCC2K doesn't support BPX.
Types of Break points:
>Read - Reads the adddy that you set the BP on
>Write - Writes the addy that you set the BP on
>Execute - Watches an excecution of the addy (not important!)
WHAT BP IS THE MOST COMMON?
It's definitely the Write. The most useful and common thing to do is stop an address from being Written to. I never found Read really important, but it can be useful if used cleverly.
===========================
USING CODE MASTER'S GSCC2K2
===========================
To set a Breakpoint with CodeMaster's GSCC2K2 you must find an address to set a breakpoint on.
Say, for instance, you wanted to set a breakpoint on an Infinite Health line for a certain level that is at 80004454:
1. Make sure you're in the "Ram Edit" window. (view pic)
2. Scroll down in clip on "Set BP", and a small window will pop up. (view pic)
3. Decide whether you want to find the BP that WRITES to you line or READS to your line, or even both. Ask yourself some questions first: Do I want to disable the thing from not working at all (i.e. ammo)? If so, you may want to use WRITE. Do I want the game from not detecting that I have something (i.e. gun)? If so, you may want to use READ. Note: Some addys READ and WRITE, so if all else fails, check both boxes.
4. Next, type in the address that you want to watch in the box labeled "Address". (view pic) If it's a 16 bit code (81004454) leave the one off and replace it with a zero to make it 8 bit: 80004454, or the BP find will NOT work.
5. Once you put in the address you want to watch, click "Set BP" (view pic)
If and when a breakpoint is found the game will pause and you click yes on the box that popped up after you set the BP.
Then a new text document will pop. This text document is the N64regs - or CPU Registers.
After clicking of the N64regs box you will see the actual address that is READ to or WRITTEN to. (view pic) This is the fruit of your labor. That code that you see in the dialog box that should say "Break Point Address: [address here]". Write that down and go onto the OpCode section of this tutorial.
SO, WHAT CAN GSCC2K2 BE USED FOR WITH BREAK POINTS?
It can be used for just about anything. And break points are especially good for games with "random" or different addresses for each level (aka offsets).
>Infinite Health - All levels
>Stop Timer - All levels
>Infinite Ammo - All levels
>Infinite Items - All levels
>Characters Can't Move - All characters and levels
>All Guns
>All Items
>Moonjump - All levels
DOES GSCC2K2 SUPPORT BREAK POINT EXECUTES?
The GSCC2K2 doesn't support support BPXs, but here's how you can do it, according to Parasyte:
"I kinda wish it [GSCC2K2] had BPX (BP on execute) so you could watch a certain ASM address.. find out when it breaks, and when it doesn't.
Even though BPX is not supported, you can create a generic break. Just pick an used address.. like 80000090. (it'll be used later) in GSCC2K2's RAM editor, go to the address you want to BPX on. Halt gameplay by pushing Shift+F9 (this just makes writing to an opcode a lot safer, that address won't be run when in halted state).
Finally... Write down the 8 bytes beginning at your BPX address.. You will be overwriting them, and you'll want to restore them later!
Overwrite the 8 bytes with these -
3C 1B 80 00
AF 7B 00 90
(You can see in the last 2 bytes in each column - 80 00 00 90, 80000090 is that unused address that this BPX address will write to)
After the values are inserted, set a BPW on 80000090, then resume game play with Shift+F9 again.
FINALLY... When the game auto-halts, you know your address got executed. and you can tell GSCC2K2 to grab the regs like any normal BP.
You'll probably only use BPX when hacking WTWs or hit anywhere codes... among others..... just the code codes."
- End quote.
========================
ASM OPCODES
========================
WHAT ARE ASM OPCODES?
Short for "Operation Code," the OpCode identifies the type of instruction and provides some information about the instruction length. Say for example you use the command "NOP" (which stands for "No Operation", this stops the address from operating!!), which it's 16 bit hex value is '0000', you would change the end of your code to whatever you're OpCode's hex value is:
Ex: The address that you found is 81002222 and you want it to not operate. Easy. All you have to do is find the hex value to that OpCode - which NOP's hex value is '9090' (but '0000' works just as well). So you would make the code "81002222 9090" or "81002222 0000."
That's the bare bones of it, but I suggest you learn all the ASM OpCodes and their Hexidecimal worth and if they're 16, 32, or 64 bit (etc). It's pretty cool if you actually learn all the OpCodes hex values, this way you can do pretty much ANYTHING with your codes.
Note that ASM OpCodes are only useful AFTER you find your BP address.
TIP: You can find out more about OpCodes by getting an ASM assembler/disassembler and viewing a RAM dump with it. The best site to get one would be www.dextrose.com . You can tinker with these:
ADD rd,rs,rt: ADD; rd=rs+rt; trap on overflow\$zero,0018($v0)
ADDI rt,rs,imm: ADD IMMEDIATE; rd=rs+imm; trap on overflow
ADDIU rt,rs,imm: ADD IMMEDIATE UNSIGNED; rd=rs+imm; never trap
ADDU rd,rs,rt: ADD UNSIGNED; rd=rs+rt; never trap\$a0
AND rd,rs,rt: logical AND; rd=(rs AND rt)u \$v1,$t6,0AF5
ANDI rt,rs,imm: logical AND IMMEDIATE; rd=(rs AND imm)\$v1)
BCnF offset: BRANCH ON COPROCESSOR n FALSE 000464B8
BCnFL offset: BRANCH ON COPROCESSOR n FALSE LIKELY058(\$sp)
BCnT offset: BRANCH ON COPROCESSOR n TRUE \$zero,0060($sp) BCnTL offset: BRANCH ON COPROCESSOR n TRUE LIKELY8011
BEQ rs,rt,offset: BRANCH ON EQUAL; branch if rs=rt690(\$v0)
BEQL rs,rt,offset: BRANCH ON EQUAL LIKELY; branch if rs=rt
BGEZ rs,offset: BRANCH ON > OR = TO ZERO; branch if rs>=0 (SIGNED)
BGEZAL rs,offset: BRANCH ON > OR = TO ZERO AND LINK; (return adress in \$ra)
BGEZALL rs,offset: BRANCH ON >= TO ZERO AND LINK LIKELY; (return adr in \$ra)
BGEZL rs,offset: BRANCH ON > OR = TO ZERO LIKELY; branch if rs>=0 (SIGNED)
BGTZ rs,offset: BRANCH ON > THAN ZERO; branch if rs>0 (SIGNED)
BGTZL rs,offset: BRANCH ON > THAN ZERO LIKELY; branch if rs>0 (SIGNED)
BLEZ rs,offset: BRANCH ON < OR = TO ZERO; branch if rs<=0 (SIGNED)
BLEZL rs,offset: BRANCH ON < OR = TO ZERO LIKELY; branch if rs<=0 (SIGNED)
BLTZ rs,offset: BRANCH ON < THAN ZERO; branch if rs<0 (SIGNED)
BLTZAL rs,offset: BRANCH ON < THAN ZERO AND LINK; (return adress in \$ra)
BLTZALL rs,offset: BRANCH ON < THAN ZERO AND LINK LIKELY;(return adr in \$ra)
BLTZALL rs,offset: BRANCH ON < THAN ZERO AND LINK LIKELY;(return adr in \$ra)
BLTZL rs,offset: BRANCH ON < THAN ZERO LIKELY; branch if rs<0 (SIGNED)n \$ra)
BNE rs,rt,offset: BRANCH ON NOT EQUAL; branch if rs<>rtf rs<0 (SIGNED)n \$ra)
BNEL rs,rt,offset: BRANCH ON NOT EQUAL LIKELY; branch if rs<>rtSIGNED)n \$ra)
BREAK : BREAKPOINT; Breakpoint trap occursELY; branch if rs<>rtSIGNED)n \$ra)
CACHE op,offset(base): not yet implemented rt = COPn control reg rdED)n \$ra)
CFCn rt,rd: MOVE CONTROL FROM COPROCESSOR; rt = COPn control reg rdED)n \$ra)
COPn : Coprocessor n OperationCOPROCESSOR; rt = COPn control reg rdED)n \$ra)
CTCn rt,rd: MOVE CONTROL TO COPROCESSOR; COPn control reg rd = rtrdED)n \$ra)
DADD rd,rs,rt: Doubleword ADD; rd=rs+rt; (MUST BE IN 64 BIT MODE)E)ED)n \$ra)
DADDI rt,rs,imm: Doubleword ADD IMMEDIATE; rt=rs+imm; (64 BIT MODE) BIT)\$ra)
DADDIU rt,rs,imm: Doubleword ADD IMMEDIATE UNSIGNED; rt=rs+imm; (64 BIT)\$ra)
DADDU rd,rs,rt: Doubleword ADD UNSIGNED; rd=rs+rt; (64 BIT MODE)(64 BIT)\$ra)
DDIV rs,rt: Doubleword DIVIDE; LO=rs/rt; HI=rs mod rt; (B4 BIT MODE) BIT)ra)
DDIVU rs,rt: Doubleword DIVIDE UNDIGNED; LO=rs/rt; HI=rs mod rt; (B4 BIT)ra)
DIV rs,rt: DIVIDE; LO=rs/rt; HI=rs mod rt; no trap HI=rs mod rt; (B4 BIT)ra)
DIVU rs,rt: DIVIDE UNSIGNED; LO=rs/rt; HI=rs mod rt; no trap4 BIT MODE)T)ra)
DMFCn rt,rd: Doubleword MOVE FROM SYS CONTROL COPROCESSOR (64 BIT MODE)))ra)
DMULT rs,rt: Doubleword MULTIPLY; LO=low(rs*rt) HI=high(rs*rt); (64 BIT))ra)
DMULTU rs,rt: Doubleword MULTIPLY UNSIGNED; (MUST BE IN 64 BIT MODE)IT))ra)
DSLL rd,rt,sa: Doubleword SHIFT LEFT LOGICAL; rd=rt<<sa (64 BIT MODE) BIT)a)
DSLLV rd,rt,rs: Doubleword SHIFT LEFT LOGICAL VARIABLE; rd=rt<<rs (64 BIT)a)
DSLL32 rd,rt,sa: Doubleword SHIFT LEFT LOGICAL+32; rd=rt<<(sa+32) (64 BIT)a)
DSRA rd,rt,sa: Doubleword SHIFT RIGHT ARITHMETIC; rd=rt>>sa (64 BIT MODE))a)
DSRAV rd,rt,rs: Doubleword SHIFT RIGHT ARITHMETIC VARIABLE; (64 BIT MODE))a)
DSRA32 rd,rt,sa: Doubleword SHIFT RIGHT ARITHM+32; rd=rt>>(sa+32) (64 BIT)a)
DSRL rd,rt,sa: Doubleword SHIFT RIGHT LOGICAL; rd=rt>>sa (64 BIT MODE)BIT)a)
DSRLV rd,rt,rs: Doubleword SHIFT RIGHT LOGICAL VARIABLE; (64 BIT MODE)BIT)a)
DSRL32 rd,rt,sa: Doubleword SHIFT RIGHT LOGIC+32; rd=rt>>(sa+32) (64 BIT))a)
DSUB rd,rs,rt: Doubleword SUBSTRACT; rd=rs-rt (64 BIT)t>>(sa+32) (64 BIT))a)
DSUBU rd,rs,rt: Doubleword SUBSTRACT UNSIGNED; rd=rs-rt (64 BIT) (64 BIT))a)
ERET : EXCEPTION RETURN: returns from an interrupt, exception or error trap)
J target: JUMP: unconditionally jumps to targetupt, exception or error trap)
JAL target: JUMP AND LINK: call a subroutine at target. (return adr in \$ra))
JALR rd,rs: JUMP AND LINK: call a subroutine at rs. (return adr in rd) \$ra))
JR rs: JUMP REGISTER: unconditionally jumps to the adress contained in rsa))
LB rt,offset(base): LOAD BYTE; rt=byte[base+offset] (SIGNED)ntained in rsa))
LBU rt,offset(base): LOAD BYTE UNSIGNED; rt=byte[base+offset]tained in rsa))
LD rt,offset(base): LOAD DOUBLEWORD; rt=doubleword[base+offset] (64 BIT)sa))
LDCn rt,offset(base): LOAD DOUBLEWORD TO COP n; COP rt=d[base+offset]IT)sa))
LDL rt,offset(base): LOAD DOUBLEWORD LEFT; left(rt)=r[base+offset] (64 BIT))
LDR rt,offset(base): LOAD DOUBLEWORD RIGHT; right(rt)=l[base+offset] (64 BIT)
LH rt,offset(base): LOAD HALFWORD; rt=halfword[base+offset] (SIGNED) (64 BIT)
LHU rt,offset(base): LOAD HALFWORD UNSIGNED; rt=halfword[base+offset](64 BIT)
LL rt,offset(base): LOAD LINKEDORD UNSIGNED; rt=halfword[base+offset](64 BIT)
LLD rt,offset(base): LOAD LINKED DOUBLEWORD; (64 BIT MODE)ase+offset](64 BIT)
LUI rt,imm: LOAD UPPER IMMEDIATE; rt=imm*10000h4 BIT MODE)ase+offset](64 BIT)
LW rt,offset(base): LOAD WORD; rt=word[base+offset]T MODE)ase+offset](64 BIT)
LWCn rt,offset(base): LOAD WORD TO COPROCESSOR n; COP rt=word[base+offset]IT)
LWL rt,offset(base): LOAD WORD LEFT; left(rt)=right[base+offset]se+offset]IT)
LWR rt,offset(base): LOAD WORD RIGHT; right(rt)=left[base+offset]e+offset]IT)
LWU rt,offset(base): LOAD WORD UNSIGNED; rt=word[base+offset]; (64 BIT MODE))
MFCn rt,rd: MOVE FROM SYSTEM CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MFHI rd: MOVE FROM HI; rd=HI CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MFLO rd: MOVE FROM LO; rd=LO CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MTCn rt,rd: MOVE TO SYSTEM CONTROL COPROCESSOR n; COP rd=rtrd; (64 BIT MODE))
MULT rs,rt: MULTIPLY; LO=low(rs*rt); HI=high(rs*rt)OP rd=rtrd; (64 BIT MODE))
MULTU rs,rt: MULTIPLY UNSIGNED; LO=low(rs*rt); HI=high(rs*rt); (64 BIT MODE))
NOP : NO OPERATION; do nothing; LO=low(rs*rt); HI=high(rs*rt); (64 BIT MODE))
NOR rd,rs,rt: logical NOR; rd=(rs NOR rt)*rt); HI=high(rs*rt); (64 BIT MODE))
OR rd,rs,rt: logical OR; rd=(rs OR rt)rt)*rt); HI=high(rs*rt); (64 BIT MODE))
ORI rt,rs,imm: logical OR IMMEDIATE; rd=(rs OR imm)igh(rs*rt); (64 BIT MODE))
SB rt,offset(base): STORE BYTE; byte[base+offset]=rtgh(rs*rt); (64 BIT MODE))
SC rt,offset(base): STORE CONDITIONALbase+offset]=rtgh(rs*rt); (64 BIT MODE))
SCD rt,offset(base): STORE CONDITIONAL DOUBLEWORD (64 BIT MODE)(64 BIT MODE))
SD rt,offset(base): STORE DOUBLEWORD; dword[base+offset]=rt (64 BIT)IT MODE))
SDCn rt,offset(base): STORE DOUBLEWORD FROM COP n; d[base+offset]=COP rtODE))
SDL rt,offset(base): STORE DOUBLEWORD LEFT; r[base+offset]=left(rt) (64 BIT))
SDR rt,offset(base): STORE DOUBLEWORD RIGHT;l[base+offset]=right(rt) (64BIT))
SH rt,offset(base): STORE HALFWORD; halfword[base+offset]=rtight(rt) (64BIT))
SLL rd,rt,sa: SHIFT LEFT LOGICAL; rd=rt<<sad[base+offset]=rtight(rt) (64BIT))
SLLV rd,rt,rs: SHIFT LEFT LOGICAL VARIABLE; rd=rt<<rsset]=rtight(rt) (64BIT))
SLT rd,rs,rt: SET ON LESS THAN; rd=1 if rs<rt (UNSIGNED) else rd=0t) (64BIT))
SLTI rd,rs,imm: SET ON LESS THAN IMMEDIATE; rd=1 if rs<imm (SIGND) else rd=0)
SLTIU rd,rs,imm: SET ON LESS THAN IMM UNSIGNED; rd=1 if rs<imm else rd=0rd=0)
SLTU rd,rs,rt: SET ON LESS THAN UNSIGNED; rd=1 if rs<rt else rd=0se rd=0rd=0)
SRA rd,rt,sa: SHIFT RIGHT ARITHMETIC; rd=rt>>saif rs<rt else rd=0se rd=0rd=0)
SRAV rd,rt,rs: SHIFT RIGHT ARITHMETIC VARIABLE rd=rt<<rslse rd=0se rd=0rd=0)
SRL rd,rt,sa: SHIFT RIGHT LOGICAL; rd=rt>>saLE rd=rt<<rslse rd=0se rd=0rd=0)
SRLV rd,rt,rs: SHIFT RIGHT LOGICAL VARIABLE; rd=rt>>rs<rslse rd=0se rd=0rd=0)
SUB rd,rs,rt: SUBSTRACT; rd=rs-rt; traps if overflowss<rslse rd=0se rd=0rd=0)
SUBU rd,rs,rt: SUBSTRACT UNSIGNED; rd=rs-rt; no trap on overflow0se rd=0rd=0)
SW rt,offset(base): STORE WORD; word[base+offset]=rt on overflow0se rd=0rd=0)
SWCn rt,offset(base): STORE WORD FROM COP n; word[base+offset]=COP rtd=0rd=0)
SWL rt,offset(base): STORE WORD LEFT; right[base+offset]=left(rt)P rtd=0rd=0)
SWR rt,offset(base): STORE WORD RIGHT; left[base+offset]=right(rt) rtd=0rd=0)
SYNC : SYNCHRONIZE): STORE WORD RIGHT; left[base+offset]=right(rt) rtd=0rd=0)
SYSCALL : SYSTEM CALL; system call exception occursfset]=right(rt) rtd=0rd=0)
TEQ rs,rt: TRAP IF EQUAL; if rs=rt then a trap exception occursrt) rtd=0rd=0)
TEQI rs,imm: TRAP IF EQUAL IMMEDIATE; if rs=imm then a trap exception occurs)
TGE rs,rt: TRAP IF GREATER THAN OR EQUAL; if rs>=rt then trapxception occurs)
TGEI rs,imm: TRAP IF GREATER THAN OR EQUAL IMMEDIATE; if rs>=imm then traprs)
TGEIU rs,imm: TRAP IF GREATER THAN OR EQUAL IMM UNSIGNED; if rs>=imm traprs)
TGEU rs,rt: TRAP IF GREATER THAN OR EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBP : PROBE TLB FOR MATCHING ENTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBR : READ INDEXED TLB ENTRY ENTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBWI : WRITE INDEXED TLB ENTRYNTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBWR : WRITE RANDOM TLB ENTRYYNTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLT rs,rt: TRAP IF LESS THAN; if rs<rt then trapED; if rs>=rt then trapraprs)
TLTI rs,imm: TRAP IF LESS THAN IMMEDIATE; if rs<imm then trap (SIGNED)praprs)
TLTIU rs,imm: TRAP IF LESS THAN IMMEDIATE UNSIGNED; if rs<imm then trapraprs)
TLTU rs,rt: TRAP IF LESS THAN UNSIGNED; if rs<rt then trapimm then trapraprs)
TNE rs,rt: TRAP IF NOT EQUAL; if rs<>rt then trapthen trapimm then trapraprs)
TNEI rs,imm: TRAP IF NOT EQUAL IMMEDIATE; if rs<>imm then trapthen trapraprs)
XOR rd,rs,rt: logical XOR; rd=(rs XOR rt) if rs<>imm then trapthen trapraprs)
XORI rt,rs,imm: logical XOR IMMEDIATE; rd=(rs XOR imm)hen trapthen trapraprs)
Yes, it probably seems like Jibberish and hyroglyphics to you, but all you really need to see right now is the capped letters on the far left - those are the commands. The next set of capped text is the more exact and detailed definition of what the commands do.
Once you learn a little bit more about this, the other crap will become important. But for now, forget it.
[If anyone has the Hex values for all or any of these ASM OpCodes, please email me at goldenboy446@hotmail.com so I can get them added to this guide. Thank you.]
========================
TOPICAL JARGON**
========================
Stack: The stack is used to store temporary data. It isn't used in the program.
Registers: [See "N64 Registers" section]
RAM: Acronym for Random Access Memory; the RAM is where all of the games temporary data is stored. When the system is powered off, it loses all of the data in the RAM.
ROM: Acronym for Read Only Memory; the ROM is where all of the permanent data for the game is stored. Basically, all the game's data is stored in the ROM. When the system is powered off, the ROM is still present and can't be altered by standard means.
**Sorry that there isn't more stuff in here, but if you want to find out about something, I'm sure you can find it in other parts in this guide.
========================
N64 REGISTERS
========================
WHAT ARE REGISTERS?
I can't really explain it - I really can't. I can say that I know that they are different "sections" of the CPU of some sort and different registers do different things. I can also say that the Nintendo 64 has 32 registers. That's all I can really say. Sorry.
And seeing that I'm pretty much done with videogames at this point, I didn't take the time to find out more about them. You can view the registers when you're using GSCC2K2 by looking at the text document that pops up when your code breaks or whatever. Those are the registers.
The two characters on the left (e.g. r0, at, v0) represent each N64 register. The corresponding text on the right is the register and its number.
Note: These may look familar to you if you use GSCC2K2. Check the text document that pops up when your line breaks to see what I'm talking about.
r0 - reg 0
at - reg 1
v0 - reg 2
v1 - reg 3
a0 - reg 4
a1 - reg 5
a2 - reg 6
a3 - reg 7
t0 - reg 8
t1 - reg 9
t2 - reg 10
t3 - reg 11
t4 - reg 12
t5 - reg 13
t6 - reg 14
t7 - reg 15
s0 - reg 16
s1 - reg 17
s2 - reg 18
s3 - reg 19
s4 - reg 20
s5 - reg 21
s6 - reg 22
s7 - reg 23
t8 - reg 24
t9 - reg 25
k0 - reg 26
k1 - reg 27
gp - reg 28
sp - reg 29
fp - reg 30
ra - reg 31
pc - N/A (GS2K2 purposes, I believe)
========================
HISTORY OF THIS GUIDE
========================
11/22/01 - Thanksgiving. Since my Gameshark is screwed up, and I can no longer hack, I dediced that I will release this guide. Since I can't hack (cuz my gs is broke) there's no point to hold this guide any longer.
11/13/01 - More stuff spruced up. :-) Assumptions added.
11/12/01 - More things things cleared up to ensure the accuracy.
11/09/01 - Many things added and especially cleaned up. This guide is almost completed (to the point that I can get it anyway
).
10/30/01 - Added the registers and a ton of stuff to the credit section.
10/27/01 - Added a whole bunch of content, including ASM Jargon, ASM crap, finished the BP section and added the Credits/Sources.
10/23/01 - Started this whole thing. At this point I don't know what the hell I'm doing. I got a little bit of documentation from Viper, a little encouragement from a few people I know, and that got me started. I don't know where this guide is going or where it's going to end up. I just hope it's finished.
=========================
CONTACT & MUMBO JUMBO
=========================
"N64 Break Points and ASM"
> By Goldenboy
> Contact me: <goldenboy446@hotmail.com , or jhgoldenboy@yahoo.com>
> My website: < www.bond-station.8m.com >
> Guide started: 10/23/01
> Authorization: So far, I've only have plans to put this guide on Hacking 101's homesite, dlevere1.proboards.com/index.cgi , and my TWINE site, www.bond-station.8m.com . There you'll find an HTML version of this guide and pictures on how to use GSCC2K2... and maybe even some ASM assembler/disassembler pics and info as well.
> This guide is NOT copyrighted, I'm not going to lie and say it is. But before using this guide for other than your personal viewing purposes, please email me and ask permission. It the least you can do, after all, I worked hard on this guide. And if I weren't to get credit for my work I would've never done this in the first place.
> Note: I did my best to keep this guide as acurrate as possible. If there is some inaccurate things, I am sorry. This guide was put together in about a 15 days, and with about 12 man-hours on it. And I sure hope it helps all of hackers that love to make great codes for everyone to see. :-)
======================
CREDITS/SOURCES/THANKS
======================
>Viper187 of GSCentral. He gave me the info and files that I needed to truly get started. I owe you, man.
>Parasyte of GSCentral. What can I say??, he's a great guy. He's the one that gave me the beta version of CM's BP utils before it was even released. He's helped dozens of times (whether he realizes it or not). Just a brilliant guy.
>CodeMaster of CMGSCCC. He made the BP software. And after me bugging him numerous times at his board and once in mIRC chat he released it (couple months later, lol). Thanks! (www.cmgsccc.com)
> Dr Ian of GSCentral. He had a little bit of content on his site that was useful in the making of this guide.
> Dlevere~The Hackmaster of Hacking 101. This guy encouraged me to do this guide in the first place.
>Stinky of GSCentral. Thanks for having the best GS site on the planet. IA can't take us down that easy!! :-) (www.gscentral.com - currently down)
>All of GSCentral's message board. If you're cool with me then I'm cool with you. The place is the stomping grounds of hundreds of kick ass hackers.
> Dextrose.com for providing the best documention and tools for this sort of thing.
>Anarko <anarko@flashback.net> for his ASM documents - some which influenced this document. ALL of the OpCodes came from this guy. Big thanks to him.
>IA for releasing the GS. Other than that, they can kiss my ass!
>Last but not least, the crew of Hacking 101. From the mods to the small-time members who supported the board. ( dlevere1.proboards.com/index.cgi ).
//End of guide//Edition 1.0//
========================
INTRODUCTION
========================
I'll get straight to it. I made this guide because of break points. It eventually led to other things such as ASM but break points were still the main thing. Well, I'm not one for words, so just read this.
This "guide" can be considered a FAQ as well, because it answers many question in a FAQ form.
And you'll notice that if you scroll down quickly things don't stick out well. So your best bet is not to look for certain things, rather read the guide from beginning to end to be sure you find whatever you need.
Oh, and please keep in mind that this guide based on the NINTENDO 64. So if you have a N64 - read on. If you have another system and don't have a N64 - read on anyway, knowledge is power. And some of this crap is similar to systems such as the PSX, Saturn, etc.
========================
ASSUMPTIONS
========================
Many tutorials and how-to's come with "assumptions." The author assumes that the reader has done something or has something even before proceeding in the guide. I have very few assumptions - there's not many I can think of at this point, but....
1. You most definitely should have GSCC2K2 (a hacking utility by Code Master) and have installed it. You can download it at its official site: www.cmgsccc.com . The file size isn't that big, and the software is great. And you should have some kind of idea on how to use the thing.
2. This assumption corresponds with number 1; you have to have hacking utilities: Gameshark (or cheat device), 25 pin wire, GSCC2K2.
3. You should definitely have some kind of knowledge of hacking devices and all of the things that are incorporated with them (Hacking, Hexadecimal knowledge, RAM editor knowledge, etc).
========================
THE BEGINNING
========================
WHAT ARE BREAK POINTS?
Break point is a technical term referring to the debugger line breaking. The debugger "breaks", or halts the game when the address in the RAM (Random Access Memory) is READ/WRITTEN to. What's going on is that the debugger watches the address that you set the break point on.
WHAT IS ASM?
The letters "ASM" are an acronym for Assembly Language. ASM is a low-level programming language that doesn't require special commands like C or C++. Instead, it controls the computer chip and what it does by "going around" the high-level language such as C and C++. ASM tells the CPU to carry out operations (move or manipulate data ). Not only that, it tells the CPU how to do it, when to do it, where to do it, etc. Think of it as a job. You boss can tell you to do something and you do it, right? But maybe the way you do it is inefficient. So your boss tells you to do it a another, more specific way instead. That's basically what ASM is doing.
IS ASM THE SAME FOR ALL SYSTEMS, LIKE MANY LANGUAGES?
No. All types of ASM are similar, of course, but some differ in that they have different amounts of bit "OpCodes" and many other things. It all depends on the processor that the system is using. The N64 uses a 64 bit processor that is R4300i ASM. The processor was designed by MIPS and was put together by NEC.
HOW DO THEY FIGURE INTO VIDEOGAMES?
With the aid of breaking and ASM you can do just about anything with your codes. ASM does everything. You may want it to NOT do something, or change the way it does something. Say, for instance, the game takes away ammo from you every time you shoot a bullet. You can stop that operation from happening. OR you could modify how it happens by altering HOW MANY bullets it takes from your ammo every time you shoot the gun. That's possible with ASM. Here's the breakdown:
Normal routine that game does:
-1. When gun is shot
-2. Minus ammo
-3. Replace old ammo with new ammo
Now, you would alter that by changing the last line:
-1. When gun is shot
-2. Minus ammo
-3. Don't replace ammo [thus, ammo doesn't change]
See line 3? It's changed. You're stopping the last line from even taking place. Note that it's not going to be this way in all situations, but this should help you get the gist of what's going on.
What's so great about that? Well, if you playing a game that use a different memory block for each level (e.g. Goldeneye, TWINE, Duke Nuken ZH), and a different code is needed for each level, then the ASM code would work for all levels.
========================
BREAK POINTS
========================
WHAT ARE BREAK POINTS? [Repeated]
Break point is a technical term referring to the debugger line breaking. The debugger "breaks", or halts the game when the address in the RAM (Random Access Memory) is READ/WRITTEN to.
The break can be READ or can WRITE. READ is when the stack checks the address to see if it changed or to make sure it doesn't change, and is . WRITE is, of course, when the stack writes to the address, telling it to change; when, where, by how much, etc. There is a third, BP Execute, or BPX. But unfortunately, the GSCC2K doesn't support BPX.
HOW DO THEY FIGURE INTO VIDEOGAMES?
Well, scroll down to the "Using Code Master's GSCC2K2" section to find out how to use them.
THE TYPES OF BREAK POINTS AND WHAT THEY DO.
The break can be Read or can Write. Read is when the stack checks the address you set the break point on to see if it changed or to make sure it doesn't change. Write is, of course, when the stack writes to the address, telling it to change; when, where, by how much, etc. There is a third, BP Execute, or BPX. But unfortunately, the GSCC2K doesn't support BPX.
Types of Break points:
>Read - Reads the adddy that you set the BP on
>Write - Writes the addy that you set the BP on
>Execute - Watches an excecution of the addy (not important!)
WHAT BP IS THE MOST COMMON?
It's definitely the Write. The most useful and common thing to do is stop an address from being Written to. I never found Read really important, but it can be useful if used cleverly.
===========================
USING CODE MASTER'S GSCC2K2
===========================
To set a Breakpoint with CodeMaster's GSCC2K2 you must find an address to set a breakpoint on.
Say, for instance, you wanted to set a breakpoint on an Infinite Health line for a certain level that is at 80004454:
1. Make sure you're in the "Ram Edit" window. (view pic)
2. Scroll down in clip on "Set BP", and a small window will pop up. (view pic)
3. Decide whether you want to find the BP that WRITES to you line or READS to your line, or even both. Ask yourself some questions first: Do I want to disable the thing from not working at all (i.e. ammo)? If so, you may want to use WRITE. Do I want the game from not detecting that I have something (i.e. gun)? If so, you may want to use READ. Note: Some addys READ and WRITE, so if all else fails, check both boxes.
4. Next, type in the address that you want to watch in the box labeled "Address". (view pic) If it's a 16 bit code (81004454) leave the one off and replace it with a zero to make it 8 bit: 80004454, or the BP find will NOT work.
5. Once you put in the address you want to watch, click "Set BP" (view pic)
If and when a breakpoint is found the game will pause and you click yes on the box that popped up after you set the BP.
Then a new text document will pop. This text document is the N64regs - or CPU Registers.
After clicking of the N64regs box you will see the actual address that is READ to or WRITTEN to. (view pic) This is the fruit of your labor. That code that you see in the dialog box that should say "Break Point Address: [address here]". Write that down and go onto the OpCode section of this tutorial.
SO, WHAT CAN GSCC2K2 BE USED FOR WITH BREAK POINTS?
It can be used for just about anything. And break points are especially good for games with "random" or different addresses for each level (aka offsets).
>Infinite Health - All levels
>Stop Timer - All levels
>Infinite Ammo - All levels
>Infinite Items - All levels
>Characters Can't Move - All characters and levels
>All Guns
>All Items
>Moonjump - All levels
DOES GSCC2K2 SUPPORT BREAK POINT EXECUTES?
The GSCC2K2 doesn't support support BPXs, but here's how you can do it, according to Parasyte:
"I kinda wish it [GSCC2K2] had BPX (BP on execute) so you could watch a certain ASM address.. find out when it breaks, and when it doesn't.
Even though BPX is not supported, you can create a generic break. Just pick an used address.. like 80000090. (it'll be used later) in GSCC2K2's RAM editor, go to the address you want to BPX on. Halt gameplay by pushing Shift+F9 (this just makes writing to an opcode a lot safer, that address won't be run when in halted state).
Finally... Write down the 8 bytes beginning at your BPX address.. You will be overwriting them, and you'll want to restore them later!
Overwrite the 8 bytes with these -
3C 1B 80 00
AF 7B 00 90
(You can see in the last 2 bytes in each column - 80 00 00 90, 80000090 is that unused address that this BPX address will write to)
After the values are inserted, set a BPW on 80000090, then resume game play with Shift+F9 again.
FINALLY... When the game auto-halts, you know your address got executed. and you can tell GSCC2K2 to grab the regs like any normal BP.
You'll probably only use BPX when hacking WTWs or hit anywhere codes... among others..... just the code codes."
- End quote.
========================
ASM OPCODES
========================
WHAT ARE ASM OPCODES?
Short for "Operation Code," the OpCode identifies the type of instruction and provides some information about the instruction length. Say for example you use the command "NOP" (which stands for "No Operation", this stops the address from operating!!), which it's 16 bit hex value is '0000', you would change the end of your code to whatever you're OpCode's hex value is:
Ex: The address that you found is 81002222 and you want it to not operate. Easy. All you have to do is find the hex value to that OpCode - which NOP's hex value is '9090' (but '0000' works just as well). So you would make the code "81002222 9090" or "81002222 0000."
That's the bare bones of it, but I suggest you learn all the ASM OpCodes and their Hexidecimal worth and if they're 16, 32, or 64 bit (etc). It's pretty cool if you actually learn all the OpCodes hex values, this way you can do pretty much ANYTHING with your codes.
Note that ASM OpCodes are only useful AFTER you find your BP address.
TIP: You can find out more about OpCodes by getting an ASM assembler/disassembler and viewing a RAM dump with it. The best site to get one would be www.dextrose.com . You can tinker with these:
ADD rd,rs,rt: ADD; rd=rs+rt; trap on overflow\$zero,0018($v0)
ADDI rt,rs,imm: ADD IMMEDIATE; rd=rs+imm; trap on overflow
ADDIU rt,rs,imm: ADD IMMEDIATE UNSIGNED; rd=rs+imm; never trap
ADDU rd,rs,rt: ADD UNSIGNED; rd=rs+rt; never trap\$a0
AND rd,rs,rt: logical AND; rd=(rs AND rt)u \$v1,$t6,0AF5
ANDI rt,rs,imm: logical AND IMMEDIATE; rd=(rs AND imm)\$v1)
BCnF offset: BRANCH ON COPROCESSOR n FALSE 000464B8
BCnFL offset: BRANCH ON COPROCESSOR n FALSE LIKELY058(\$sp)
BCnT offset: BRANCH ON COPROCESSOR n TRUE \$zero,0060($sp) BCnTL offset: BRANCH ON COPROCESSOR n TRUE LIKELY8011
BEQ rs,rt,offset: BRANCH ON EQUAL; branch if rs=rt690(\$v0)
BEQL rs,rt,offset: BRANCH ON EQUAL LIKELY; branch if rs=rt
BGEZ rs,offset: BRANCH ON > OR = TO ZERO; branch if rs>=0 (SIGNED)
BGEZAL rs,offset: BRANCH ON > OR = TO ZERO AND LINK; (return adress in \$ra)
BGEZALL rs,offset: BRANCH ON >= TO ZERO AND LINK LIKELY; (return adr in \$ra)
BGEZL rs,offset: BRANCH ON > OR = TO ZERO LIKELY; branch if rs>=0 (SIGNED)
BGTZ rs,offset: BRANCH ON > THAN ZERO; branch if rs>0 (SIGNED)
BGTZL rs,offset: BRANCH ON > THAN ZERO LIKELY; branch if rs>0 (SIGNED)
BLEZ rs,offset: BRANCH ON < OR = TO ZERO; branch if rs<=0 (SIGNED)
BLEZL rs,offset: BRANCH ON < OR = TO ZERO LIKELY; branch if rs<=0 (SIGNED)
BLTZ rs,offset: BRANCH ON < THAN ZERO; branch if rs<0 (SIGNED)
BLTZAL rs,offset: BRANCH ON < THAN ZERO AND LINK; (return adress in \$ra)
BLTZALL rs,offset: BRANCH ON < THAN ZERO AND LINK LIKELY;(return adr in \$ra)
BLTZALL rs,offset: BRANCH ON < THAN ZERO AND LINK LIKELY;(return adr in \$ra)
BLTZL rs,offset: BRANCH ON < THAN ZERO LIKELY; branch if rs<0 (SIGNED)n \$ra)
BNE rs,rt,offset: BRANCH ON NOT EQUAL; branch if rs<>rtf rs<0 (SIGNED)n \$ra)
BNEL rs,rt,offset: BRANCH ON NOT EQUAL LIKELY; branch if rs<>rtSIGNED)n \$ra)
BREAK : BREAKPOINT; Breakpoint trap occursELY; branch if rs<>rtSIGNED)n \$ra)
CACHE op,offset(base): not yet implemented rt = COPn control reg rdED)n \$ra)
CFCn rt,rd: MOVE CONTROL FROM COPROCESSOR; rt = COPn control reg rdED)n \$ra)
COPn : Coprocessor n OperationCOPROCESSOR; rt = COPn control reg rdED)n \$ra)
CTCn rt,rd: MOVE CONTROL TO COPROCESSOR; COPn control reg rd = rtrdED)n \$ra)
DADD rd,rs,rt: Doubleword ADD; rd=rs+rt; (MUST BE IN 64 BIT MODE)E)ED)n \$ra)
DADDI rt,rs,imm: Doubleword ADD IMMEDIATE; rt=rs+imm; (64 BIT MODE) BIT)\$ra)
DADDIU rt,rs,imm: Doubleword ADD IMMEDIATE UNSIGNED; rt=rs+imm; (64 BIT)\$ra)
DADDU rd,rs,rt: Doubleword ADD UNSIGNED; rd=rs+rt; (64 BIT MODE)(64 BIT)\$ra)
DDIV rs,rt: Doubleword DIVIDE; LO=rs/rt; HI=rs mod rt; (B4 BIT MODE) BIT)ra)
DDIVU rs,rt: Doubleword DIVIDE UNDIGNED; LO=rs/rt; HI=rs mod rt; (B4 BIT)ra)
DIV rs,rt: DIVIDE; LO=rs/rt; HI=rs mod rt; no trap HI=rs mod rt; (B4 BIT)ra)
DIVU rs,rt: DIVIDE UNSIGNED; LO=rs/rt; HI=rs mod rt; no trap4 BIT MODE)T)ra)
DMFCn rt,rd: Doubleword MOVE FROM SYS CONTROL COPROCESSOR (64 BIT MODE)))ra)
DMULT rs,rt: Doubleword MULTIPLY; LO=low(rs*rt) HI=high(rs*rt); (64 BIT))ra)
DMULTU rs,rt: Doubleword MULTIPLY UNSIGNED; (MUST BE IN 64 BIT MODE)IT))ra)
DSLL rd,rt,sa: Doubleword SHIFT LEFT LOGICAL; rd=rt<<sa (64 BIT MODE) BIT)a)
DSLLV rd,rt,rs: Doubleword SHIFT LEFT LOGICAL VARIABLE; rd=rt<<rs (64 BIT)a)
DSLL32 rd,rt,sa: Doubleword SHIFT LEFT LOGICAL+32; rd=rt<<(sa+32) (64 BIT)a)
DSRA rd,rt,sa: Doubleword SHIFT RIGHT ARITHMETIC; rd=rt>>sa (64 BIT MODE))a)
DSRAV rd,rt,rs: Doubleword SHIFT RIGHT ARITHMETIC VARIABLE; (64 BIT MODE))a)
DSRA32 rd,rt,sa: Doubleword SHIFT RIGHT ARITHM+32; rd=rt>>(sa+32) (64 BIT)a)
DSRL rd,rt,sa: Doubleword SHIFT RIGHT LOGICAL; rd=rt>>sa (64 BIT MODE)BIT)a)
DSRLV rd,rt,rs: Doubleword SHIFT RIGHT LOGICAL VARIABLE; (64 BIT MODE)BIT)a)
DSRL32 rd,rt,sa: Doubleword SHIFT RIGHT LOGIC+32; rd=rt>>(sa+32) (64 BIT))a)
DSUB rd,rs,rt: Doubleword SUBSTRACT; rd=rs-rt (64 BIT)t>>(sa+32) (64 BIT))a)
DSUBU rd,rs,rt: Doubleword SUBSTRACT UNSIGNED; rd=rs-rt (64 BIT) (64 BIT))a)
ERET : EXCEPTION RETURN: returns from an interrupt, exception or error trap)
J target: JUMP: unconditionally jumps to targetupt, exception or error trap)
JAL target: JUMP AND LINK: call a subroutine at target. (return adr in \$ra))
JALR rd,rs: JUMP AND LINK: call a subroutine at rs. (return adr in rd) \$ra))
JR rs: JUMP REGISTER: unconditionally jumps to the adress contained in rsa))
LB rt,offset(base): LOAD BYTE; rt=byte[base+offset] (SIGNED)ntained in rsa))
LBU rt,offset(base): LOAD BYTE UNSIGNED; rt=byte[base+offset]tained in rsa))
LD rt,offset(base): LOAD DOUBLEWORD; rt=doubleword[base+offset] (64 BIT)sa))
LDCn rt,offset(base): LOAD DOUBLEWORD TO COP n; COP rt=d[base+offset]IT)sa))
LDL rt,offset(base): LOAD DOUBLEWORD LEFT; left(rt)=r[base+offset] (64 BIT))
LDR rt,offset(base): LOAD DOUBLEWORD RIGHT; right(rt)=l[base+offset] (64 BIT)
LH rt,offset(base): LOAD HALFWORD; rt=halfword[base+offset] (SIGNED) (64 BIT)
LHU rt,offset(base): LOAD HALFWORD UNSIGNED; rt=halfword[base+offset](64 BIT)
LL rt,offset(base): LOAD LINKEDORD UNSIGNED; rt=halfword[base+offset](64 BIT)
LLD rt,offset(base): LOAD LINKED DOUBLEWORD; (64 BIT MODE)ase+offset](64 BIT)
LUI rt,imm: LOAD UPPER IMMEDIATE; rt=imm*10000h4 BIT MODE)ase+offset](64 BIT)
LW rt,offset(base): LOAD WORD; rt=word[base+offset]T MODE)ase+offset](64 BIT)
LWCn rt,offset(base): LOAD WORD TO COPROCESSOR n; COP rt=word[base+offset]IT)
LWL rt,offset(base): LOAD WORD LEFT; left(rt)=right[base+offset]se+offset]IT)
LWR rt,offset(base): LOAD WORD RIGHT; right(rt)=left[base+offset]e+offset]IT)
LWU rt,offset(base): LOAD WORD UNSIGNED; rt=word[base+offset]; (64 BIT MODE))
MFCn rt,rd: MOVE FROM SYSTEM CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MFHI rd: MOVE FROM HI; rd=HI CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MFLO rd: MOVE FROM LO; rd=LO CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MTCn rt,rd: MOVE TO SYSTEM CONTROL COPROCESSOR n; COP rd=rtrd; (64 BIT MODE))
MULT rs,rt: MULTIPLY; LO=low(rs*rt); HI=high(rs*rt)OP rd=rtrd; (64 BIT MODE))
MULTU rs,rt: MULTIPLY UNSIGNED; LO=low(rs*rt); HI=high(rs*rt); (64 BIT MODE))
NOP : NO OPERATION; do nothing; LO=low(rs*rt); HI=high(rs*rt); (64 BIT MODE))
NOR rd,rs,rt: logical NOR; rd=(rs NOR rt)*rt); HI=high(rs*rt); (64 BIT MODE))
OR rd,rs,rt: logical OR; rd=(rs OR rt)rt)*rt); HI=high(rs*rt); (64 BIT MODE))
ORI rt,rs,imm: logical OR IMMEDIATE; rd=(rs OR imm)igh(rs*rt); (64 BIT MODE))
SB rt,offset(base): STORE BYTE; byte[base+offset]=rtgh(rs*rt); (64 BIT MODE))
SC rt,offset(base): STORE CONDITIONALbase+offset]=rtgh(rs*rt); (64 BIT MODE))
SCD rt,offset(base): STORE CONDITIONAL DOUBLEWORD (64 BIT MODE)(64 BIT MODE))
SD rt,offset(base): STORE DOUBLEWORD; dword[base+offset]=rt (64 BIT)IT MODE))
SDCn rt,offset(base): STORE DOUBLEWORD FROM COP n; d[base+offset]=COP rtODE))
SDL rt,offset(base): STORE DOUBLEWORD LEFT; r[base+offset]=left(rt) (64 BIT))
SDR rt,offset(base): STORE DOUBLEWORD RIGHT;l[base+offset]=right(rt) (64BIT))
SH rt,offset(base): STORE HALFWORD; halfword[base+offset]=rtight(rt) (64BIT))
SLL rd,rt,sa: SHIFT LEFT LOGICAL; rd=rt<<sad[base+offset]=rtight(rt) (64BIT))
SLLV rd,rt,rs: SHIFT LEFT LOGICAL VARIABLE; rd=rt<<rsset]=rtight(rt) (64BIT))
SLT rd,rs,rt: SET ON LESS THAN; rd=1 if rs<rt (UNSIGNED) else rd=0t) (64BIT))
SLTI rd,rs,imm: SET ON LESS THAN IMMEDIATE; rd=1 if rs<imm (SIGND) else rd=0)
SLTIU rd,rs,imm: SET ON LESS THAN IMM UNSIGNED; rd=1 if rs<imm else rd=0rd=0)
SLTU rd,rs,rt: SET ON LESS THAN UNSIGNED; rd=1 if rs<rt else rd=0se rd=0rd=0)
SRA rd,rt,sa: SHIFT RIGHT ARITHMETIC; rd=rt>>saif rs<rt else rd=0se rd=0rd=0)
SRAV rd,rt,rs: SHIFT RIGHT ARITHMETIC VARIABLE rd=rt<<rslse rd=0se rd=0rd=0)
SRL rd,rt,sa: SHIFT RIGHT LOGICAL; rd=rt>>saLE rd=rt<<rslse rd=0se rd=0rd=0)
SRLV rd,rt,rs: SHIFT RIGHT LOGICAL VARIABLE; rd=rt>>rs<rslse rd=0se rd=0rd=0)
SUB rd,rs,rt: SUBSTRACT; rd=rs-rt; traps if overflowss<rslse rd=0se rd=0rd=0)
SUBU rd,rs,rt: SUBSTRACT UNSIGNED; rd=rs-rt; no trap on overflow0se rd=0rd=0)
SW rt,offset(base): STORE WORD; word[base+offset]=rt on overflow0se rd=0rd=0)
SWCn rt,offset(base): STORE WORD FROM COP n; word[base+offset]=COP rtd=0rd=0)
SWL rt,offset(base): STORE WORD LEFT; right[base+offset]=left(rt)P rtd=0rd=0)
SWR rt,offset(base): STORE WORD RIGHT; left[base+offset]=right(rt) rtd=0rd=0)
SYNC : SYNCHRONIZE): STORE WORD RIGHT; left[base+offset]=right(rt) rtd=0rd=0)
SYSCALL : SYSTEM CALL; system call exception occursfset]=right(rt) rtd=0rd=0)
TEQ rs,rt: TRAP IF EQUAL; if rs=rt then a trap exception occursrt) rtd=0rd=0)
TEQI rs,imm: TRAP IF EQUAL IMMEDIATE; if rs=imm then a trap exception occurs)
TGE rs,rt: TRAP IF GREATER THAN OR EQUAL; if rs>=rt then trapxception occurs)
TGEI rs,imm: TRAP IF GREATER THAN OR EQUAL IMMEDIATE; if rs>=imm then traprs)
TGEIU rs,imm: TRAP IF GREATER THAN OR EQUAL IMM UNSIGNED; if rs>=imm traprs)
TGEU rs,rt: TRAP IF GREATER THAN OR EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBP : PROBE TLB FOR MATCHING ENTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBR : READ INDEXED TLB ENTRY ENTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBWI : WRITE INDEXED TLB ENTRYNTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBWR : WRITE RANDOM TLB ENTRYYNTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLT rs,rt: TRAP IF LESS THAN; if rs<rt then trapED; if rs>=rt then trapraprs)
TLTI rs,imm: TRAP IF LESS THAN IMMEDIATE; if rs<imm then trap (SIGNED)praprs)
TLTIU rs,imm: TRAP IF LESS THAN IMMEDIATE UNSIGNED; if rs<imm then trapraprs)
TLTU rs,rt: TRAP IF LESS THAN UNSIGNED; if rs<rt then trapimm then trapraprs)
TNE rs,rt: TRAP IF NOT EQUAL; if rs<>rt then trapthen trapimm then trapraprs)
TNEI rs,imm: TRAP IF NOT EQUAL IMMEDIATE; if rs<>imm then trapthen trapraprs)
XOR rd,rs,rt: logical XOR; rd=(rs XOR rt) if rs<>imm then trapthen trapraprs)
XORI rt,rs,imm: logical XOR IMMEDIATE; rd=(rs XOR imm)hen trapthen trapraprs)
Yes, it probably seems like Jibberish and hyroglyphics to you, but all you really need to see right now is the capped letters on the far left - those are the commands. The next set of capped text is the more exact and detailed definition of what the commands do.
Once you learn a little bit more about this, the other crap will become important. But for now, forget it.
[If anyone has the Hex values for all or any of these ASM OpCodes, please email me at goldenboy446@hotmail.com so I can get them added to this guide. Thank you.]
========================
TOPICAL JARGON**
========================
Stack: The stack is used to store temporary data. It isn't used in the program.
Registers: [See "N64 Registers" section]
RAM: Acronym for Random Access Memory; the RAM is where all of the games temporary data is stored. When the system is powered off, it loses all of the data in the RAM.
ROM: Acronym for Read Only Memory; the ROM is where all of the permanent data for the game is stored. Basically, all the game's data is stored in the ROM. When the system is powered off, the ROM is still present and can't be altered by standard means.
**Sorry that there isn't more stuff in here, but if you want to find out about something, I'm sure you can find it in other parts in this guide.
========================
N64 REGISTERS
========================
WHAT ARE REGISTERS?
I can't really explain it - I really can't. I can say that I know that they are different "sections" of the CPU of some sort and different registers do different things. I can also say that the Nintendo 64 has 32 registers. That's all I can really say. Sorry.
And seeing that I'm pretty much done with videogames at this point, I didn't take the time to find out more about them. You can view the registers when you're using GSCC2K2 by looking at the text document that pops up when your code breaks or whatever. Those are the registers.
The two characters on the left (e.g. r0, at, v0) represent each N64 register. The corresponding text on the right is the register and its number.
Note: These may look familar to you if you use GSCC2K2. Check the text document that pops up when your line breaks to see what I'm talking about.
r0 - reg 0
at - reg 1
v0 - reg 2
v1 - reg 3
a0 - reg 4
a1 - reg 5
a2 - reg 6
a3 - reg 7
t0 - reg 8
t1 - reg 9
t2 - reg 10
t3 - reg 11
t4 - reg 12
t5 - reg 13
t6 - reg 14
t7 - reg 15
s0 - reg 16
s1 - reg 17
s2 - reg 18
s3 - reg 19
s4 - reg 20
s5 - reg 21
s6 - reg 22
s7 - reg 23
t8 - reg 24
t9 - reg 25
k0 - reg 26
k1 - reg 27
gp - reg 28
sp - reg 29
fp - reg 30
ra - reg 31
pc - N/A (GS2K2 purposes, I believe)
========================
HISTORY OF THIS GUIDE
========================
11/22/01 - Thanksgiving. Since my Gameshark is screwed up, and I can no longer hack, I dediced that I will release this guide. Since I can't hack (cuz my gs is broke) there's no point to hold this guide any longer.
11/13/01 - More stuff spruced up. :-) Assumptions added.
11/12/01 - More things things cleared up to ensure the accuracy.
11/09/01 - Many things added and especially cleaned up. This guide is almost completed (to the point that I can get it anyway
).10/30/01 - Added the registers and a ton of stuff to the credit section.
10/27/01 - Added a whole bunch of content, including ASM Jargon, ASM crap, finished the BP section and added the Credits/Sources.
10/23/01 - Started this whole thing. At this point I don't know what the hell I'm doing. I got a little bit of documentation from Viper, a little encouragement from a few people I know, and that got me started. I don't know where this guide is going or where it's going to end up. I just hope it's finished.
=========================
CONTACT & MUMBO JUMBO
=========================
"N64 Break Points and ASM"
> By Goldenboy
> Contact me: <goldenboy446@hotmail.com , or jhgoldenboy@yahoo.com>
> My website: < www.bond-station.8m.com >
> Guide started: 10/23/01
> Authorization: So far, I've only have plans to put this guide on Hacking 101's homesite, dlevere1.proboards.com/index.cgi , and my TWINE site, www.bond-station.8m.com . There you'll find an HTML version of this guide and pictures on how to use GSCC2K2... and maybe even some ASM assembler/disassembler pics and info as well.
> This guide is NOT copyrighted, I'm not going to lie and say it is. But before using this guide for other than your personal viewing purposes, please email me and ask permission. It the least you can do, after all, I worked hard on this guide. And if I weren't to get credit for my work I would've never done this in the first place.
> Note: I did my best to keep this guide as acurrate as possible. If there is some inaccurate things, I am sorry. This guide was put together in about a 15 days, and with about 12 man-hours on it. And I sure hope it helps all of hackers that love to make great codes for everyone to see. :-)
======================
CREDITS/SOURCES/THANKS
======================
>Viper187 of GSCentral. He gave me the info and files that I needed to truly get started. I owe you, man.
>Parasyte of GSCentral. What can I say??, he's a great guy. He's the one that gave me the beta version of CM's BP utils before it was even released. He's helped dozens of times (whether he realizes it or not). Just a brilliant guy.
>CodeMaster of CMGSCCC. He made the BP software. And after me bugging him numerous times at his board and once in mIRC chat he released it (couple months later, lol). Thanks! (www.cmgsccc.com)
> Dr Ian of GSCentral. He had a little bit of content on his site that was useful in the making of this guide.
> Dlevere~The Hackmaster of Hacking 101. This guy encouraged me to do this guide in the first place.
>Stinky of GSCentral. Thanks for having the best GS site on the planet. IA can't take us down that easy!! :-) (www.gscentral.com - currently down)
>All of GSCentral's message board. If you're cool with me then I'm cool with you. The place is the stomping grounds of hundreds of kick ass hackers.
> Dextrose.com for providing the best documention and tools for this sort of thing.
>Anarko <anarko@flashback.net> for his ASM documents - some which influenced this document. ALL of the OpCodes came from this guy. Big thanks to him.
>IA for releasing the GS. Other than that, they can kiss my ass!
>Last but not least, the crew of Hacking 101. From the mods to the small-time members who supported the board. ( dlevere1.proboards.com/index.cgi ).
//End of guide//Edition 1.0//