How to hack Game Genie codes into a SNES ROM (new method) Version 0.7 August 19, 2004 This original document was written by: Tony Hedstrom t_hedstrom@yahoo.com www.angelfire.com/games2/codehut As far as I know, this is a completely new and original method for hacking (or hard coding) Game Genie codes into a SNES ROM. If you've tried other methods before and didn't have any luck, or if you've never hacked a ROM before, or if you just want to try a new method, give this one a try, I'm pretty sure you'll like it. Once you've done it a couple times, you'll find that it's fast and very easy to do. Here are some of the advantages of using this method: -There's no need to figure out if a game is HiROM, LoROM FastROM or SlowROM, because the method is exactly the same for any type of game. -There's no hex math involved, so if you hate doing hex math, or if you don't know how, this method is perfect. -No need for a seperate Game Genie to hex conversion program (we just use the one that's built into ZSNES). -No need to worry about the $200 byte SNES header. (OK, maybe people don't "worry" about SNES headers. :-) There are a couple conditions for this method to work... First of all, the Game Genie code that you want to hack into your ROM must work with ZSNES. If the Game Genie code doesn't work with ZSNES, then this method probably won't work. And secondly, if any Game Genie code that you enter into ZSNES has an address that starts with 7E or 7F (on the ZSNES cheat screen), then those are "fake" Game Genie codes and this method won't work on those. Here's all you need to get started: 1) A copy of ZSNES. ZSNES is a SNES emulator. You can get the newest version from here: zophar.net 2) A ROM of the game you want to hack. Use your favorite search engine to find these. Search for something like "SNES ROMs", etc. 3) A hex editor. I use Hex Workshop. You can get a free trial version from bpsoft.com Make sure you make a back-up copy of your ROM before you make any changes to it, just in case something goes wrong. OK, now that you have all your goodies, lets get to the fun part... hacking! In short, what we're going to do is get a string of numbers from ZSNES, and search for that string in the ROM with a hex editor. Once we find the string in the ROM, we'll know exactly where to hack. For this tutorial, I'm going to hack a Game Genie code I made for Final Fantasy 5 into the FF5 ROM. The code is: 8239-EDD6 Infinite items outside of battle. The first step is to open up ZSNES and load your ROM (in this example, I'm loading the FF5 ROM). When the game loads, press "Esc" to bring up the ZSNES menu bar. Then click on "Cheat / Add code". This will bring up the ZSNES Cheat window. Where it says "Enter Code", type in your Game Genie code. Make sure to include the "-" in the middle of your Game Genie code. Now press the "Add" button. Once you press the Add button, your Game Genie code will be automatically converted into a hex address and displayed on the ZSNES cheat screen. My FF5 code looks like this: I entered 8239-EDD6, and got this... ADDRESS CV PV C2E350 BD 9D "CV" stands for Current Value, and "PV" stands for Previous Value. So by looking at that, we know that at address C2E350, the value there was changed from 9D (that's the PV), to BD (that's the CV). When we hack the ROM, we are going to change the 9D to BD. Write down the "CV" number for use later on. Now here's what my new method is based opon: We can use the "PV" numbers to lead us right to the correct ROM address for hacking. We just need to enter four consecutive addresses, and then put the "PV" numbers into a string and search the ROM for that string with a hex editor. In case you're wondering, a "PV" number is basically what was the original value in the ROM for that address. You may find that it helps if you think of the "PV" value as the "Original Value". In other words, it's the original value that's in the ROM before any changes are made to it with a Game Genie code. You may be asking "Why can't we just use the address that ZSNES gives us?" Because the address that ZSNES gives you is not the actual ROM address. There is another method that I wrote about that explains how to use that address and, depending on what type of game it is (HiROM, LoROM, FastROM, SlowROM), you can use hex math to figure out the actual ROM address. The main purpose of this doc is to show a different way of hacking Game Genie codes into a ROM, and it may be easier for people that had trouble with other methods. OK, I'm getting a little off track here. Once you enter your Game Genie code into ZSNES and it gives you the address and the CV and PV values, this is what you do next... We need to enter 3 more consecutive addresses into ZSNES. Since the original address (from the Game Genie code) was C2E350, the 3 new addresses we need to enter are: C2E351, C2E352, and C2E353. You'll also need to include a value with each address. Just use 00 as your value. So you'll type them in like this: C2E35100, C2E35200, and C2E35300. In other words, just add 00 to the end of each address. Now enter them one at a time into ZSNES where it says "Enter Code". When you're all done, it should look like this on the ZSNES cheat screen: ADDRESS CV PV C2E350 BD 9D C2E351 00 40 C2E352 00 07 C2E353 00 68 Now we have all the info we need to find the ROM address for hacking. Just write down all the "PV" numbers. So in the example above, you would write down: 9D400768. Close ZSNES. All we have left to do is open up the ROM (FF5 in this example) with a hex editor (I'm using Hex Workshop), click on "Find", and where it says "Find What", type in the "PV" numbers you wrote down from before (9D400768). Make sure that "Hex" is checked where is says "Value". Now click the "Find Next" button and with any luck, you'll only have one match. Now to hack the ROM, all you have to do is change the first byte of the match so that it's the same as the "CV" number of the Game Genie code. In our example for FF5, the "CV" number for the Game Genie code was "BD", so all we need to do is change the 9D to BD. Here is what our match looks like before and after you hack it: Before: 9D400768 After: BD400768 Save your changes, exit the hex editor and see if your hack works. Well, that's all there is to it. There are some important notes below that you should read. NOTES: If you're not sure how to use a hex editor, just open it up and click on the "Help" tab. You should find all the info you need in there. If you get more than 1 match when searching the ROM, just add a few more "PV" values to the search string. If you still get too many matches, try getting PV values from "before" the Game Genie code address instead of after it. Also, if you get more than 1 match, remember that the last 2 digits of the hex address that you got from ZSNES (for your Game Genie code) should be the same as the last 2 digits of your ROM address that you're going to hack. So if you get a few matches when searching the ROM with your hex editor, pick the one whose last 2 digits match the last 2 digits of the hex address that ZSNES gave you for your Game Genie code. In our FF5 example, the last 2 digits of the ROM address and the last 2 digits of the hex address from ZSNES were both "50", so we can be pretty sure we have the right ROM address. There are other similarities between the hex address that you get from ZSNES and the ROM address, but I'm leaving them out for the sake of simplicity. And remember that when you add consecutive addresses, the addresses need to be in consecutive *hex* numbers, and NOT decimal numbers. In case you don't know, here's how to count in hex: 0123456789ABCDEF. So if your original Game Genie address was something like C14448, then your consecutive addresses would be: C14448, C14449, C1444A, C1444B. One more example: Lets say your Game Genie address was 0477BE, then your consecutive addresses would be: 0477BE, 0477BF, 0477C0, 0477C1. It's never happened to me before, but if all your "PV" values are 00 or FF, then you will probably get WAY too many matches in the ROM. If that's the case, try getting consecutive PV values from "before" the Game Genie code address instead of after it. If you enter a Game Genie code into ZSNES and the address on the ZSNES cheat screen begins with 70, you may want to check the "SRM" file for that game and see if you find a match in there. Here's a good example of that type of code: This code works on Super Mario All- Stars (it's a debugger type code)... 176D-F2AD = 708007:63 Since the address starts with 70, that means you'll find the right match in the "SRM" file for Super Mario All-Stars, and not in the ROM. In other words, if you don't find a match in the ROM, check the SRM file. You might not be able to hack the SRM file with the GG code. ------------------------------------------------------ That's all folks. I hope your hacking was successful. If you're confused after reading this tutorial, I recommend getting a copy of the Final Fantasy 5 ROM and following along with the example. You can find a lot more tutorials on my web site, as well as tons of original Game Genie codes. Tony Hedstrom t_hedstrom@yahoo.com www.angelfire.com/games2/codehut