Codes Tested Using VBI Hook\English
Inf Health (Press Zl on+off) [Thomas83Lin]
00463302 00000020
2818601A FF7F0080
CC000000 00000000
00461F37 00000020
E0000000 80008000
*Classic Controller*
Invincibility (Press Zr on+off) [Thomas83Lin]
2818601A FFFB0004
CC000000 00000000
00461F40 00000008
00461F7B 00000001
E0000000 80008000
*Classic Controller*
Moon Jump Press B+A [Thomas83Lin]
2818601A FFAF0050
00461F2D 00000004
E0000000 80008000
*Classic Controller*
*Don't Use During Text Messages you might get stuck*
All Weapons+Inf [Thomas83Lin]
084632F0 DC00DC00
20030004 00000000
All Sub.T [Thomas83Lin]
004632EB 00000080
024632EC 00008080
004632EE 00000080
Inf Lives [Thomas83Lin]
004632E8 00000009
Suit Upgrade [Thomas83Lin]
00463301 000000FF
Health Upgrade [Thomas83Lin]
00463302 00000020
Unlock Hadouken [Thomas83Lin]
00463301 000000FF
00463302 00000020
004632E6 00000085
Preform Hadouken (Press X+Shoot) [Thomas83Lin]
2818601A FFF70008
00461F8F 00000006
E0000000 80008000
*Classic Controller*
*Still Need Hadouken Unlocked*
Inf Dash [Thomas83Lin]
00461F62 0000001B
Invincibility (Press Zr on+off) [Thomas83Lin]
2818601A FFFB0004
42000000 90000000
041A69A4 1FA50805
CC000000 00000000
041A69A4 1F053005
E0000000 80008000
*Classic Controller*
*Asm Version*
1Hit Kill (Press A on+off) [Thomas83Lin]
28185F48 F7FF0800
42000000 90000000
061C06D3 00000003
A900EA00 00000000
CC000000 00000000
061C06D3 00000003
F937EF00 00000000
E0000000 80008000
*Don't Use on Intro Stage boss *
*Wiimote*
Inf Dash+Smoke [Thomas83Lin]
42000000 90000000
001A71F7 00000080
061A847F 00000002
EAEA0000 00000000
E0000000 80008000
*Requires Suit Upgrade*
EDIT:
Added Unlock Hadouken, and corrected Sub.t
Hadouken requires you to have full health to use it
Preform Hadouken Eliminates the need for that awkward Button Combo
added a Different Invincibility and 1hit Kill, Don't have on both Invincibility codes at the same time or you can't deactivate it
Did you know about Mega Man X's secret Hadouken? http://www.youtube.com/watch?v=2S_hflJUDTc
Think you can permanently unlock it? It's somewhat of a pain in the ass to get...
Quote from: dcx2 on April 20, 2011, 02:15:47 PM
Did you know about Mega Man X's secret Hadouken? http://www.youtube.com/watch?v=2S_hflJUDTc
Think you can permanently unlock it? It's somewhat of a pain in the ass to get...
Unlock Hadouken [Thomas83Lin]
00463301 000000FF
00463302 00000020
004632E6 00000085
I'm not sure if you can unlock it permanently or not, atleast that is what it says in that youtube link
Press Y to shoot full blast [dcx2]
2818601A FFDF0020
A8000000 FFF00001
00461F68 00000004
00461F6B 00000001
E0000000 80008000
00461F8D 00000000
You do not need the x-blaster upgrade in order to shoot full blast
However, to use enemy weapons at full blast, you DO need the x-blaster upgrade
Press A to shoot Hadouken [dcx2]
2818601A FFEF0010
04461F10 00024202
2A461F24 00FFBD00
00461F24 00000099
2C461F23 00000001
02461F22 00000001
E0000000 80008000
28461F24 00FFBD00
2C461F22 00000001
02461F22 00000001
E0000000 80008000
You will turn invisible without the Suit Upgrade, but you don't need it
You can hold A down to stream Hadouken (I nickname this "kame-hame-ha")
Based on thomas83lin's Unlock Hadouken
Unlimited shots on screen [dcx2]
00461F45 00000000
Set default buttons [dcx2]
06471328 00000006
XXXXXXXX XXXX0000
Because I hate forgetting to change the configuration when I load the game...
shot, jump, dash, select_l, select_r, menu
X = 0x10, A = 0x20, Y = 0x40, B = 0x80, L = 0x08, R = 0x04, + = 0x01, - = 0x02
For example, I use this configuration
06471328 00000006
10800408 02010000
In order, X = shot, B = jump, R = dash, L = select_l, - = select_r, + = menu
---
I was trying to look at the ASM...but I guess this doesn't work like it does for Wii games. Are VC cheats always pure RAM hacks?
Quote from: dcx2 on April 22, 2011, 08:20:29 PM
I was trying to look at the ASM...but I guess this doesn't work like it does for Wii games. Are VC cheats always pure RAM hacks?
Sense VC games are emulated, when you try to set a read\write break it throws you to the Emu's Asm instead of the Games actually Asm, at least thats my take on it
Thanks for Set default buttons mod :cool:
I was about to hack it but you beat to it ;)
dcx2 code as separated codes
Button for Shot
00471328 000000??
Button for Jump
00471329 000000??
Button for Dash
0047132A 000000??
Button for Select L
0047132B 000000??
Button for Select R
0047132C 000000??
Button for Menu Start
0047132D 000000??
Quote
Press Y to shoot full blast [dcx2]
2818601A FFDF0020
A8000000 FFF00001
00461F68 00000004
00461F6B 00000001
E0000000 80008000
00461F8D 00000000
I posted that [bold] Code on codemasters-project.net forum yesterday as Auto shoot Max charge :p
I don't have an account on CMP so I can't see any of those codes. I got near that address while working on "Press A to Hadouken".
I like having the full-blast as an alternate button, so I can use regular fire with enemy weapons too. There's also the A8 code that paces the firing so that it's smoother and you get the shield-like blast every now and then. Finally, the last 00 code is needed to prevent the game stopping charging.
re: all weapons + inf, that code stops you from fighting bosses. I added a button activator so that you can turn the weapons off, but keep inf and the current weapon. This will fool the game into thinking that you didn't beat the boss yet. You have to hold the activator down when entering the boss room in order for it to work. Once the boss fight has started, you can let go.
all weapons + inf, hold L to disable [thomas83lin]
2818601A DFFF0000
084632F0 DC00DC00
20030004 00000000
2818601B DFFF2000
084632F0 9C009C00
20030004 00000000
E0000000 80008000
disable when entering boss room to fight the boss
obsolete now that I know how to hack SNES ASM, see the post below "always fight bosses"
Ha! I have managed to hack SNES ASM. It's not very easy, though...
infinite enemy weapons [dcx2]
42000000 90000000
001A7D57 000200EA
001A7D79 000200EA
E0000000 80008000
shooting an enemy weapon doesn't consume energy
(this nops the store)
does not give all weapons
I'm not sure of your method but you can use a Emu for the PC to debug.
Invincibility (Press Zr on+off) [Thomas83Lin]
2818601A FFFB0004
42000000 90000000
041A69A4 1FA50805
CC000000 00000000
041A69A4 1F053005
E0000000 80008000
*Classic Controller*
*Asm Version*
My way was only difficult because I didn't have a disassembler, so I was working the op codes out by hand. A good learning exercise, but not practical in the long term.
It was relatively easy to find the PPC instructions that are parsing SNES op codes and they're probably the same across a given architecture. A combination of write and execute BPs leads to the correct ASM. Understanding it once I found it was more difficult...SNES has multi-length instructions, which makes disassembling pretty tedious.
Would it be possible to extract a ROM from a retail VC game that works with Snes9x, perhaps by dumping some portion of memory? That would spare me the trouble of looking for ROMs on warez sites...yuck.
Or perhaps...integrated Virtual Console debuggers in Gecko.NET..?
Quote from: dcx2 on April 23, 2011, 05:29:27 PM
Or perhaps...integrated Virtual Console debuggers in Gecko.NET..?
That would be great, and i'm sure well appreciated . is it doable though
Well, a half-assed one, yeah.
When you set a Write BP, and you land on the emulator's store, there's a place in memory you can peek at that will tell you what the current SNES instruction is. You can then jump to the disassembler tab and see what's happening. SNES disassemblers aren't very good, though...there are ASM hacks that make it difficult to disassemble correctly. But they should be good enough for looking at small chunks.
We could also hook the emulator directly if we needed to, the important thing to check is the SNES instruction pointer to know which store is being executed.
Okay, so I found a SNES disassembler called TRaCER. It seems to be able to read dumps.
I managed to make another ASM hack, this one was much easier this time.
inf lives [dcx2]
42000000 90000000
001A03A0 000200EA
E0000000 80008000
thanks thomas83lin for finding the life address
Always fight bosses [dcx2]
42000000 90000000
001C134A 00000000
E0000000 80008000
This can be used with all weapons + inf
EDIT: off by one byte
Quote from: dcx2 on April 23, 2011, 10:19:48 PM
Always fight bosses [dcx2]
42000000 90000000
001C134A 00000000
E0000000 80008000
This can be used with all weapons + inf
EDIT: off by one byte
lol i always took the easy rout when hacking EMU games ..
branching at the PPC side of the emu and just setting up calls depending on the value placed in R0 since every value that runs threw the emu holds a diffrent offset ..
but backtracking right to the rom .. now thats very nice .. :) never thought of doin that lol .. would make some problemmatic games alot easyer to hack .. :)
thanks for spiking my intrest i will have to look into this a little more not to .. since this will work on any platform that uses emus for loading roms . be it ps2 wii or even ps3 since they all seem to use the same emus ..
At least for this game, the most important line was this
800595E4: 7C6600AE lbzx r3,r6,r0
It belongs to the function that translates a SNES address into a Wii address. If you set an execute BP on this address, and the LR = 8005A97C, then it's in the middle of reading an op-code which will be put into r3. Pressing Show Mem will take you to r6 + r0, which is where the game's ASM is. At this point, use the Tools tab to dump the portion of memory you're interested in, then fire up a disassembler like Tracer and read the output. Because of SNES variable length instructions, you might need to adjust the offset that the disassembler starts at, in case your dump started in the middle of an op code.
To do e.g. inf lives, set a write BP on lives and die. Once it hits, set an ex BP on 800595E4. Then Show Mem. You'll be taken to the instruction just after the store. Dump and disassemble the region in this area, look for the decrement, nop it out.
Inf Dash+Smoke [Thomas83Lin]
42000000 90000000
001A71F7 00000080
061A847F 00000002
EAEA0000 00000000
E0000000 80008000
*Requires Suit Upgrade*
Just remove the 06 code to remove the inf smoke effect.
NGC Controller [lee4]
28172CD8 0000????
Megaman X SNES PAR simulator [lee4]
48000000 804A835C
DE000000 80008180
1000yyyy 000000xx
E0000000 80008000
offset and value are taken from http://gamehacking.org/?s=bsfree2&sys=4&gid=5844 (http://gamehacking.org/?s=bsfree2&sys=4&gid=5844) (former known as GSHI)
yyyy = offset
0BCF Inf HP [Ugetab]
1F9A Max HP [Ugetab]
0C03 Max Charge [Ugetab]
1F73 Enable Hadoken [Ugetab]
0C27 Hadoken Animation [Ugetab]
1F80 9 Lives [Ugetab]
1F83 Have Sub-Tank 1, Full [Ugetab]
1F84 Have Sub-Tank 2, Full [Ugetab]
1F85 Have Sub-Tank 3, Full [Ugetab]
1F86 Have Sub-Tank 4, Full [Ugetab]
1F99 All X Armor [Ugetab]
0C35 Unlimted Hadoken [xMrNx]
0BBB Fast animations [xMrNx]
1F7A Stage modifier [xMrNx]
1F81 Checkpoint modifier [xMrNx]
0BD8 Invincible [Parasyte]
0BFA Infinite Dash [Fangs]
0C0C Air Walker [Fangs]
0E8F 1 shot Kill [Fangs]
0BDD Can fire more normal shot [Fangs]
0C25 Can fire more charged shots [Fangs]
00B3 Screen Brightness Modifier [Hacc]
00C0 HUD/Sprite/BG Modifier [Hacc]
0BC6 Jump Height Modifier [Hacc]
1F88 Infinite Homing T [VisitntX]
1F8A Infinite C. Sting [VisitntX]
1F8C Infinite R. Shield [VisitntX]
1F8E Infinite Fire W. [VisitntX]
1F90 Infinite Storm T. [VisitntX]
1F92 Infinite E. Spark [VisitntX]
1F94 Infinite B. Cutter [VisitntX]
1F96 Infinite S. Ice [VisitntX]
xx = value
20 Inf HP [Ugetab]
20 Max HP [Ugetab]
01 Max Charge [Ugetab]
85 Enable Hadoken [Ugetab]
06 Hadoken Animation [Ugetab]
09 9 Lives [Ugetab]
FF Have Sub-Tank 1, Full [Ugetab]
FF Have Sub-Tank 2, Full [Ugetab]
FF Have Sub-Tank 3, Full [Ugetab]
FF Have Sub-Tank 4, Full [Ugetab]
FF All X Armor [Ugetab]
00 Unlimted Hadoken [xMrNx]
01 Fast animations [xMrNx]
00-0C Stage modifier [xMrNx]
00-04 Checkpoint modifier [xMrNx]
00-08 Invincible [Parasyte]
18 Infinite Dash [Fangs]
2C Air Walker [Fangs]
01 1 shot Kill [Fangs]
00 Can fire more normal shot [Fangs]
00 Can fire more charged shots [Fangs]
00-FF Screen Brightness Modifier [Hacc]
?? HUD/Sprite/BG Modifier [Hacc]
64-08 Jump Height Modifier [Hacc]
5C Infinite Homing T [VisitntX]
5C Infinite C. Sting [VisitntX]
5C Infinite R. Shield [VisitntX]
5C Infinite Fire W. [VisitntX]
5C Infinite Storm T. [VisitntX]
5C Infinite E. Spark [VisitntX]
5C Infinite B. Cutter [VisitntX]
5C Infinite S. Ice [VisitntX]