Copy Link
Add to Bookmark
Report

How to "hard-code" a GameGenie patch into the NES ROM

Nintendo's profile picture
Published in 
Famicom
 · 4 years ago

If I understand you correctly, you want to "hard-code" a GameGenie patch into the ROM. You don't have to reverse-engineer the ROM to do this; I'll attempt to guide you through the process.

The first step is to convert the GG code to its binary format. There are a couple of ways of doing this; an easy was is to enter the code in NESticle's ROM patcher, then edit the .PAT file it creates. Assuming a 6-character GG code as input, it will look like this:

  
XXXX:YY [Code]

Where XXXX is the CPU address that is to be modified minus $8000, and YY is the byte value to enter at this address. Add $8000 to XXXX to get the real CPU address. The result will always be in range $8000-$FFFF, because this is where program ROM resides.

The next step is to run the ROM in NESticle, then select "Dump RAM" from the CPU menu ( extremely useful hacking feature for a variety of things, by the way). This will result in a 64K file which is a dump of the current contents of the NES' CPU memory. Load the file in a hex editor and GoTo the address of the Game Genie patch. This is the location you want to modify to value YY. Except it's no good to modify it in the RAM dump... You have to locate this data in the NES ROM. You do this by writing down 8+ bytes starting from the CPU address, then search for that data chunk in the ROM. Hopefully you will get only one hit, and this is where you apply byte YY.

Here's an example:

Game Genie code = SXIOPO (SMB1: infinite lives)
Resulting .PAT:

  
11D9:AD

So the real CPU address is $91D9.
Do a RAM dump and at $91D9 you will find...

  
CE 5A 07 10 0B A9 00 8D

Search for this string in the SMB1 ROM. There will be only one occurance. Change the value at this location from $CE to $AD (the GG patch value), and save the ROM. And presto, the Game Genie code is permanent. Always remember to keep backups of the original ROM, in case you screw up or regret the changes later! (As if that ever happens to any of us... 8-) )

If the GG code is 8 characters long, the approach is slightly more complicated. The .PAT file will look like this:

  
XXXX?ZZ:YY

Here a new parameter is introduced: The ZZ value. This is known as the "compare value", and is a (not 100% fool-proof) method of verifying that the CPU address to patch contains the right data. It works like so: The byte at CPU address XXXX+$8000 is only changed to value YY if its original value is ZZ. This comparison is necessary because, in a game that uses bank switching, program ROM is swapped in and out of memory, so you can't be sure that the value at a given CPU address will remain the same during the entire execution of the game (like you can in a mapper #0 game, which can't bankswap). Modifying the memory location when the wrong ROM bank is loaded might cause undesired effects, such as the game crashing. The compare byte is a protection against that.

The way to apply such a patch to the ROM is to go through the ROM banks one by one until you find the location that contains the compare byte. How big one ROM bank is depends on the mapper the game uses; for MMC1, the banks are 16K, for MMC3 (which is probably most interesting to you, since SMB3 uses it) the banks are 8K in size.

Start by converting the CPU address to the equivalent address in the first bank of the NES ROM. Do this by logically ANDing it with banksize-1 ($1FFF, in the case of MMC3) and add $10 (size of .NES header). You can perform these calculations with Windows Calculator in scientific mode, for example. Check if the value at the resulting ROM offset matches the GG compare value. If it does, you've found the place to patch. Otherwise, add banksize to the ROM offset and compare again at that location. Keep repeating this process until you've reached the bank which has the correct compare value. Once you found it, change it to value YY. And that's it.

Maybe this is a bit confusing, so let's clarify with another example.

Game Genie code = SLXPLOVS (SMB3: infinite lives)
The following info is derived from SMB3.PAT:
CPU address: $9123
Compare value: $DE
Patch value: $BD

ROM address to start comparing: $9123 & $1FFF + $10 = $1133.

The value at offset $1133 in the ROM doesn't match, so move on to the next bank at $1133+$2000.
Doesn't match here either, so move on to the next bank. Continue like so and you will eventually reach $3D133, where the value is indeed our compare value, $DE. Change it to $BD, and Mario will have a minimum of 4 lives next time you play the game.

Hope this was what you wanted to know... Let me know if something is still unclear.

SnowBro

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT