Patching Gameshark codes to the ROM


Patching a Gameshark/Action Replay code to the SM64 US ROM can be easy or very hard depending
on the kind of code. This guide will cover the simplest and most useful case, by which you can add
interesting
tweaks for your ROM Hack.


Part 1. Doing it (praxis)

The most useful case is patching Gameshark codes type "80" or "81" which range from 0x80246000 to about
0x80333000.
Within this range, lies pretty much all Mario/objects coding, so these are generally the codes that
will be interesting to have in your ROM Hack as permanent.

Let's suppose you want to have the "Yoshi is Always on the Castle Roof" code by Viper187 in your hack. Here is the code:

812F8EC8 2400

The code type is 81 (write 2 bytes) to address 0x2F8EC8 in RAM with value 0x2400.

To find the ROM address, just subtract 0x245000 from the address (more about it on part 2 of this guide).
[ Warning: this conversion will only work for RAM addresses which range from 0x80246000 to about 0x80333000 ]

You can use Windows Calculator (in hexadecimal mode) to calculate it:

2F8EC8 - 2450000 = B3EC8


Now just open the ROM with you favorite hex editor, go to offset 0xB3EC8 and change it's value to 2400.If you have done
it right, this is what it should look like (pic from Hex Workshop):




At this point, if you attempt to run your ROM in a emulator the game won't load. That's because all the ROM range
between 0x1000 and 0x100000 is checksum protected. Just use any of the CRC utilities found at Dextrose.com
to correct it. An alternate way is to disable the CIC checking, which might be useful if you want experiment
patching many codes to the ROM without having to correct the checksum every time.

If the code type was "80", the procedure would be the same, except that you would write only the modified byte
(ie, for 802F8EC7 0020, write 0x20 at offset 0xB3EC7).

Other code ranges:

For codes between 800EB180 - 800F083C (behavior bank modifiers),  just add 12EC80 to find the ROM address.
You don't have to recalculate the checksum for these codes.


Pat 2. Understanding it (theory)

Like most N64 codes, in Mario 64 all the game code is first copied from the ROM and then executed from the RAM.
When you boot the game, the first thing that happens is that the entire ROM area from 0x1000 to 0x100000 is copied
to RAM starting at 0x80246000 (in the US version).
There's a lockout chip that will check if the checksum is right, so
if you modify anything in this range the
console will be set on an infinite loop. This check only happens during the
boot process, so that's why there aren't problems when you apply a Gameshark code to this area when the game is
running.

This area, which as stated before contain most game code
(except for script commands and a few other tings) is
static, so in this case it's easy to make a Gameshark code permanent. Other areas in memory are reserved
either for level-specific
content (ie, polygons, collision, scripts and textures), which is loaded on demand, or are
run-time variables, meaning they are
generated during the game (ie, number of stars, RAM objects, etc). Most pure
"cheating" codes affect run-time variables, and can't be made permanent unless you implement an ASM hack that
will access this memoy address at the right time.

Comments