content search

How to hack Game Genie codes into a SNES ROM

in article > Guides: Super Nintendo

Version 0.7 August 19, 2004


This original document was written by:

Tony Hedstrom t_hedstrom@yahoo.com

www.angelfire.com/games2/codehut



As far as I know, this is a completely new and original
method for hacking (or hard coding) Game Genie codes
into a SNES ROM. If you've tried other methods before
and didn't have any luck, or if you've never hacked a
ROM before, or if you just want to try a new method,
give this one a try, I'm pretty sure you'll like it.
Once you've done it a couple times, you'll find that
it's fast and very easy to do.


Here are some of the advantages of using this method:

-There's no need to figure out if a game is HiROM, LoROM
FastROM or SlowROM, because the method is exactly the
same for any type of game.

-There's no hex math involved, so if you hate doing hex
math, or if you don't know how, this method is perfect.

-No need for a seperate Game Genie to hex conversion
program (we just use the one that's built into ZSNES).

-No need to worry about the $200 byte SNES header.
(OK, maybe people don't "worry" about SNES headers. :-)

There are a couple conditions for this method to work...
First of all, the Game Genie code that you want to hack
into your ROM must work with ZSNES. If the Game Genie
code doesn't work with ZSNES, then this method probably
won't work. And secondly, if any Game Genie code that
you enter into ZSNES has an address that starts with 7E
or 7F (on the ZSNES cheat screen), then those are "fake"
Game Genie codes and this method won't work on those.



Here's all you need to get started:

1) A copy of ZSNES. ZSNES is a SNES emulator. You can
get the newest version from here: zophar.net

2) A ROM of the game you want to hack. Use your
favorite search engine to find these. Search for
something like "SNES ROMs", etc.

3) A hex editor. I use Hex Workshop. You can get a
free trial version from bpsoft.com


Make sure you make a back-up copy of your ROM before you
make any changes to it, just in case something goes
wrong.


OK, now that you have all your goodies, lets get to the
fun part... hacking!


In short, what we're going to do is get a string of
numbers from ZSNES, and search for that string in the
ROM with a hex editor. Once we find the string in the
ROM, we'll know exactly where to hack.


For this tutorial, I'm going to hack a Game Genie code
I made for Final Fantasy 5 into the FF5 ROM. The code
is:

8239-EDD6
Infinite items outside of battle.

The first step is to open up ZSNES and load your ROM (in
this example, I'm loading the FF5 ROM).

When the game loads, press "Esc" to bring up the ZSNES
menu bar. Then click on "Cheat / Add code". This will
bring up the ZSNES Cheat window. Where it says "Enter
Code", type in your Game Genie code. Make sure to
include the "-" in the middle of your Game Genie code.
Now press the "Add" button.

Once you press the Add button, your Game Genie code will
be automatically converted into a hex address and
displayed on the ZSNES cheat screen. My FF5 code looks
like this:

I entered 8239-EDD6, and got this...

ADDRESS CV PV
C2E350 BD 9D


"CV" stands for Current Value, and "PV" stands for
Previous Value. So by looking at that, we know that at
address C2E350, the value there was changed from 9D
(that's the PV), to BD (that's the CV). When we hack
the ROM, we are going to change the 9D to BD.

Write down the "CV" number for use later on.

Now here's what my new method is based opon: We can use
the "PV" numbers to lead us right to the correct ROM
address for hacking. We just need to enter four
consecutive addresses, and then put the "PV" numbers
into a string and search the ROM for that string with a
hex editor.

In case you're wondering, a "PV" number is basically
what was the original value in the ROM for that address.
You may find that it helps if you think of the "PV"
value as the "Original Value". In other words, it's the
original value that's in the ROM before any changes are
made to it with a Game Genie code.


You may be asking "Why can't we just use the address
that ZSNES gives us?" Because the address that ZSNES
gives you is not the actual ROM address. There is
another method that I wrote about that explains how to
use that address and, depending on what type of game it
is (HiROM, LoROM, FastROM, SlowROM), you can use hex
math to figure out the actual ROM address.

The main purpose of this doc is to show a different way
of hacking Game Genie codes into a ROM, and it may be
easier for people that had trouble with other methods.


OK, I'm getting a little off track here. Once you enter
your Game Genie code into ZSNES and it gives you the
address and the CV and PV values, this is what you do
next...

We need to enter 3 more consecutive addresses into
ZSNES. Since the original address (from the Game Genie
code) was C2E350, the 3 new addresses we need to enter
are: C2E351, C2E352, and C2E353. You'll also need to
include a value with each address. Just use 00 as your
value. So you'll type them in like this: C2E35100,
C2E35200, and C2E35300. In other words, just add 00 to
the end of each address. Now enter them one at a time
into ZSNES where it says "Enter Code".

When you're all done, it should look like this on the
ZSNES cheat screen:

ADDRESS CV PV

C2E350 BD 9D
C2E351 00 40
C2E352 00 07
C2E353 00 68


Now we have all the info we need to find the ROM address
for hacking. Just write down all the "PV" numbers. So
in the example above, you would write down: 9D400768.

Close ZSNES.

All we have left to do is open up the ROM (FF5 in this
example) with a hex editor (I'm using Hex Workshop),
click on "Find", and where it says "Find What", type in
the "PV" numbers you wrote down from before (9D400768).
Make sure that "Hex" is checked where is says "Value".
Now click the "Find Next" button and with any luck,
you'll only have one match.

Now to hack the ROM, all you have to do is change the
first byte of the match so that it's the same as the
"CV" number of the Game Genie code. In our example for
FF5, the "CV" number for the Game Genie code was "BD",
so all we need to do is change the 9D to BD. Here is
what our match looks like before and after you hack it:

Before: 9D400768

After: BD400768

Save your changes, exit the hex editor and see if your
hack works.


Well, that's all there is to it. There are some
important notes below that you should read.


NOTES:

If you're not sure how to use a hex editor, just open it
up and click on the "Help" tab. You should find all the
info you need in there.

If you get more than 1 match when searching the ROM,
just add a few more "PV" values to the search string.
If you still get too many matches, try getting PV values
from "before" the Game Genie code address instead of
after it.

Also, if you get more than 1 match, remember that the
last 2 digits of the hex address that you got from ZSNES
(for your Game Genie code) should be the same as the
last 2 digits of your ROM address that you're going to
hack. So if you get a few matches when searching the
ROM with your hex editor, pick the one whose last 2
digits match the last 2 digits of the hex address that
ZSNES gave you for your Game Genie code. In our FF5
example, the last 2 digits of the ROM address and the
last 2 digits of the hex address from ZSNES were both
"50", so we can be pretty sure we have the right ROM
address.

There are other similarities between the hex address
that you get from ZSNES and the ROM address, but I'm
leaving them out for the sake of simplicity.


And remember that when you add consecutive addresses,
the addresses need to be in consecutive *hex* numbers,
and NOT decimal numbers. In case you don't know, here's
how to count in hex: 0123456789ABCDEF. So if your
original Game Genie address was something like C14448,
then your consecutive addresses would be:
C14448, C14449, C1444A, C1444B. One more example:
Lets say your Game Genie address was 0477BE, then your
consecutive addresses would be: 0477BE, 0477BF, 0477C0,
0477C1.


It's never happened to me before, but if all your "PV"
values are 00 or FF, then you will probably get WAY too
many matches in the ROM. If that's the case, try
getting consecutive PV values from "before" the Game
Genie code address instead of after it.


If you enter a Game Genie code into ZSNES and the
address on the ZSNES cheat screen begins with 70, you
may want to check the "SRM" file for that game and see
if you find a match in there. Here's a good example of
that type of code: This code works on Super Mario All-
Stars (it's a debugger type code)...

176D-F2AD = 708007:63

Since the address starts with 70, that means you'll
find the right match in the "SRM" file for Super Mario
All-Stars, and not in the ROM. In other words, if you
don't find a match in the ROM, check the SRM file. You
might not be able to hack the SRM file with the GG code.

Credit: Tony Hedstrom (t_hedstrom@yahoo.com)
All trademarks are copyright their respective owners, all other content is copyright Codemasters Project
Date / Time
 
Select Theme


Google AdSense
Online
Guests: 4
Team Members: 0
Team Login
Username:

Password:


Remember me

[ Forgot password? ]
Render time: 0.2397 second(s); 0.0999 of that for queries. DB queries: 160. Memory Usage: 4mb