
How To Make "Moon/High Jump" Game Genie Codes for Genesis Games


Version 0.5  Sept 15 2012


Written by Tony Hedstrom    t_hedstrom@yahoo.com

http://www.angelfire.com/games2/codehut/

http://codehut.gshi.org/


Back at the keyboard making another hacking guide.  This time, I'm going to
explain how to make Game Genie codes to make your character jump higher.

There are 2 different types of high jump codes.  The regular high jump code,
and the moon jump code.  Moon jump codes actually change the amount of gravity
in the game, which in turn makes you jump higher.  Moon jump codes also make
you jump up slower, and come back down slower (just like on the moon).  Much
easier to control your character with this type of code.

For now, I'm only going to explain how to make moon jump codes.  I'll add
regular high jump codes later.


For our example, I'm going to use a game called Blaster Master 2.  It's a
relatively easy game to make a moon jump code for.  There are some "official"
high jump Game Genie codes for this game, but they are completely different
than the moon high jump codes we're going to make.

Here's what you'll need...

1) The Blaster Master 2 ROM (use Google to find it).

2) An emulator that has RAM searching abilities (Gens Hacking, Fusion, etc).

3) A Genesis Debugger (Gens Tracer, ReGenD, MESS, etc).

4) A Game Genie conversion program.


For our example, I'm using Gens Hacking version for searching RAM addresses,
and Gens Tracer for the debugger.  Which ever debugger you use needs to be
able to make an assembly trace file, with register information.  You can
download Gens Hacking version, Gens Tracer, and a Game Genie conversion program
from here:

http://gamehacking.org/downloads/gens_hacking_version.zip

http://gamehacking.org/downloads/Gens2.12aR2Tracer.zip

http://gamehacking.org/downloads/ggconv.zip


OK, now on to the fun stuff.  

The first thing you need to do, is find the RAM address for your vertical
position.  Load up your Blaster Master 2 ROM, and get your vehicle up as high
as you can on one of the little platforms up above you.  The higher the better.

NOTE: In this game, if you stand still for more than a few seconds, a fireball
starts to attack you.  Very annoying if you're trying to make codes.  Here's a
Game Genie code to get rid of the fireball: ABNT-JAA0

Once you're up on one of the platforms, make a save state there.  Open up your
RAM searcher and reset it for a 2 or 4 byte search.  Go back to the game for a
few seconds and slightly move your vehicle without falling off.  Search for
"Equal to previous".  Go back to the game and move your vehicle off the platform
(without jumping) so it just starts to fall and pause the emulator (press ESC on
Gens to pause it).  Search for "Greater than previous".  Unpause the emulator for
a split second so you fall down just a bit more and then repause.  Search for
"Greater than previous".  Keep doing this until you only have a few RAM addresses
left.

Note that if searching for "Greater than previous" doesn't work for your game,
try searching for "Less than previous".

With our example, you should be able to narrow down your results to about 7 RAM
addresses.  Test each one until you find the address that makes your vehicle
float in mid-air.  This is the address that controls your vertical position.
In our example, the correct RAM address is FF179E.  In Gens, this code makes
your vehicle float in mid-air: FF179E:0113.


Now that we have our vertical RAM address, the next step is to make a memory
trace log of it to find out where in the ROM we need to look, and an assembly
trace log to find out exactly what's happening in the game.  If you're using
another debugger besides Gens Tracer, you can just set a breakpoint for our
RAM address instead of making a memory trace log.

To setup Gens Tracer to make a memory trace log, go to your Gens Tracer
folder and open up the file called 'hook_log.txt'.  Type in our RAM address
just like this:

hook_pc1 0 -1 -1
hook_pc2 1 -1 -1
hook_pc3 1 -1 -1

hook_rd1 0 -1 -1
hook_rd2 0 -1 -1
hook_rd3 0 -1 -1

hook_wr1 0 FF179E FF179E
hook_wr2 0 -1 -1
hook_wr3 0 -1 -1

hook_ppu1 1 -1 -1
hook_ppu2 1 -1 -1
hook_ppu3 1 -1 -1


Save and close.  

Start up Gens Tracer and load your Blaster Master 2 ROM.  If you made a save
state up on one of the platforms earlier with Gens, you can use that same save
state with Gens Tracer.  If not, get up as high as you can on one of the
platforms like you did before.  Make a save state here if you haven't already.

This part is very important, so follow the instructions exactly.  While on
the platform, move your vehicle off (without jumping) so that you start to fall.
While you are falling, press the "," key and immediately press the "," key
again.  This turns the memory logger on and off.  You only need it turned on
for about 1/2 of a second.  Just make sure that it is turned on and off while
you are falling.

Next we'll make our assembly trace log.  Load up your save state so that you are
up on the platform.  As before, move your vehicle off the platform (without
jumping) so that you start to fall.  While you are falling, press the "/" key
and immediately press the "/" key again.  This starts and stops the assembly
trace logger.  As before, make sure you start and stop it while you are falling.
Exit Gens Tracer.

We now have our memory and assembly trace logs.  Lets see what we can find.

Go to your Gens Tracer folder and open up the file called 'hook.txt'.  This is
our memory trace log we just made.  It should look something like this:

[03:D49A] W32 = 00A6D800 [FF179E]
[03:D49A] W32 = 00AC8800 [FF179E]
[03:D49A] W32 = 00B27000 [FF179E]
[03:D49A] W32 = 00B89000 [FF179E]
[03:D49A] W32 = 00BEE800 [FF179E]
[03:D49A] W32 = 00C57800 [FF179E]

TRACE STOPPED

As you can see, our vertical RAM address is having a value added to it from
ROM address 03:D49A.  Let's open up our assembly trace log file to find out
where that value is coming from.  In your Gens Tracer folder, open up the file
called 'trace.log'.  It's probably going to be a large file, so you'll need
something like MS Word to open it.

This part is a little confusing, so bear with me.  If you try to search our
'trace.log' for ROM address 03:D49A, you won't get any matches.  What I usually
do is just remove the last digit from the ROM address shown and that will get
you pretty close to where you need to be (unless the last digit is zero in which
case you would remove the last digit AND subtract 1 from the second to last 
digit).  If that's too confusing, just search for the address shown.  If you 
don't get any matches, subtract 2 and search again.  If still no matches, 
subtract 2 and search again, etc.  Just remember that they are hex numbers, so
use your Windows calculator if you need to.

Here is the assembly/instruction that is adding to our RAM address:


03:D498  D1 A8  ADD.L   D0,$001E(A0)            A0=00FF1780 A1=00FF5BA2
A2=0006E61A A3=0004DABA A4=00FF15D2 A5=00FF169E A6=0004B8E4 A7=FFFFFFF8
D0=0004D000 D1=001C00A7 D2=00000018 D3=000000FF D4=000000FF D5=00000180
D6=000680CC D7=00000022 xnzvc


Do not be intimidated by assembly.  Once you break it down, it's not that hard
to understand.  Plus, we're only interested in one small part of it.  We just 
want to know what is adding to our RAM address (FF179E).

In the assembly above, it's adding register D0 to RAM address $001E(A0).  The
RAM address can be figured out by adding 001E to the address in register A0.
A0 = 00FF1780, so 001E + 00FF1780 = 00FF179E.  Bingo!  That's our vertical
position RAM address, so we know we're on the right track.  So we know that 
register D0 is being added to our RAM address, so we just need to back trace
register D0 to see where the value there is coming from.  As you can see above,
the value in register D0 is 0004D000.  If you back trace and look at the
instruction right before that, here is what you'll see:


03:D494  20 28  MOVE.l  $002E(A0),D0            A0=00FF1780 A1=00FF5BA2
A2=0006E61A A3=0004DABA A4=00FF15D2 A5=00FF169E A6=0004B8E4 A7=FFFFFFF8
D0=FFFE0BE0 D1=001C00A7 D2=00000018 D3=000000FF D4=000000FF D5=00000180
D6=000680CC D7=00000022 xnzvc


This is moving the value from RAM address $002E(A0) into register D0.  Lets
figure out that RAM address (just like before): $002E + the address in register
A0.  So 002E + 00FF1780 = 00FF17AE.  We are one step closer.  Now we need to
figure out where the value for RAM address FF17AE is coming from.  We can do
this just like we did with our other RAM address... do a memory trace log with
Gens Tracer (or set a breakpoint if you're using a different debugger).

I've found that with most high jump/moon jump codes, you'll have to track down 2
different RAM addresses before you find what you're looking for.

Do a memory trace log just like before.  Setup your 'hook_log.txt' file like 
this:

hook_pc1 0 -1 -1
hook_pc2 1 -1 -1
hook_pc3 1 -1 -1

hook_rd1 0 -1 -1
hook_rd2 0 -1 -1
hook_rd3 0 -1 -1

hook_wr1 0 FF17AE FF17AE
hook_wr2 0 -1 -1
hook_wr3 0 -1 -1

hook_ppu1 1 -1 -1
hook_ppu2 1 -1 -1
hook_ppu3 1 -1 -1


Save and close.  Make sure you close your 'hook.txt' file from earlier, because
Gens Tracer needs to make another one for our new RAM address.

Run Gens Tracer, load your ROM and your save state up on the platform, move your
vehicle off the platform (without jumping), and start and stop the memory logger
while you are falling (by pressing the "," key twice).  Exit Gens.

Here's what our new 'hook.txt' file looks like:


[03:D4CA] W32 = 00046000 [FF17AE]
[03:D4CA] W32 = 00049800 [FF17AE]
[03:D4CA] W32 = 0004D000 [FF17AE]
[03:D4CA] W32 = 00050800 [FF17AE]
[03:D4CA] W32 = 00054000 [FF17AE]
[03:D4CA] W32 = 00057800 [FF17AE]
[03:D4CA] W32 = 0005B000 [FF17AE]

TRACE STOPPED


We're almost there.  As you can see, ROM address 03:D4CA is adding to our RAM
address.  One other thing you may notice, is that the value that is being
added is always 3800.  Keep that in mind.

Look in your assembly trace log from before and you'll see this is the assembly/
instruction that is adding to our RAM address (FF17AE):


03:D4C8  D1 A8  ADD.L   D0,$002E(A0)            A0=00FF1780 A1=00FF5BA2
A2=0006E61A A3=0004DABA A4=00FF15D2 A5=00FF169E A6=0004B8E4 A7=FFFFFFF8
D0=00003800 D1=001C00A7 D2=00000018 D3=000000FF D4=000000FF D5=00000180
D6=000680CC D7=00000022 xNzvC


Just like before, it's adding the value from register D0 to RAM address 
$002E(A0).  If you look at register D0, the value there is 00003800.  Let's
back trace register D0 to find out where that value is coming from.  That
00003800 is our holy grail.  Once we find that, we can make our moon jump
Game Genie codes.

Here is the instruction that we just looked at, as well as a few instructions
before it so we can back trace register D0:


03:D4AA  20 3C  MOVE.l  #$00003800,D0           A0=00FF1780 A1=00FF5BA2
A2=0006E61A A3=0004DABA A4=00FF15D2 A5=00FF169E A6=0004B8E4 A7=FFFFFFF8
D0=00000E00 D1=001C00A7 D2=00000018 D3=000000FF D4=000000FF D5=00000180
D6=000680CC D7=00000022 xnZvc

03:D4B0  0C 79  CMPI.W  #$0010,($00FF0534)      A0=00FF1780 A1=00FF5BA2
A2=0006E61A A3=0004DABA A4=00FF15D2 A5=00FF169E A6=0004B8E4 A7=FFFFFFF8
D0=00003800 D1=001C00A7 D2=00000018 D3=000000FF D4=000000FF D5=00000180
D6=000680CC D7=00000022 xnzvc

03:D4B8  66 0E  BNE     #$0E [03:D4C8]          A0=00FF1780 A1=00FF5BA2
A2=0006E61A A3=0004DABA A4=00FF15D2 A5=00FF169E A6=0004B8E4 A7=FFFFFFF8
D0=00003800 D1=001C00A7 D2=00000018 D3=000000FF D4=000000FF D5=00000180
D6=000680CC D7=00000022 xNzvC

03:D4C8  D1 A8  ADD.L   D0,$002E(A0)            A0=00FF1780 A1=00FF5BA2
A2=0006E61A A3=0004DABA A4=00FF15D2 A5=00FF169E A6=0004B8E4 A7=FFFFFFF8
D0=00003800 D1=001C00A7 D2=00000018 D3=000000FF D4=000000FF D5=00000180
D6=000680CC D7=00000022 xNzvC


As you can see, that "00003800" in register D0 is coming from the very top
instruction above (03:D4AA  20 3C  MOVE.l  #$00003800,D0).  BAM! We found it.
Changing that 3800 with a Game Genie code will change the gravity for our
vehicle.  Lower values will make you jump higher and descend slower.

One last thing... unless you're familiar with assembly, figuring out the exact
ROM address for our Game Genie code can be a little tricky.  Here's an easy way
to figure it out...

Open up your Blaster Master 2 ROM with a hex editor.  Go to the ROM address
listed next to our 00003800 value from above (03D4AA).  This is what you'll see:

203C00003800

By clicking on the "3" of the 3800 in your hex editor, it will show you what
ROM address that is.  In this case it's 03D4AE.  So enter 03D4AE:xxxx into your
Game Genie conversion program to get your GG codes.  This one will make you moon
jump all the way to the top of the screen and descend slower: 03D4AE:0A00.


Shoot me an email if you have any questions: t_hedstrom@yahoo.com

Tony H.

P.S. You may be wondering why we didn't just search for the 2nd RAM address
(FF17AE) to begin with to save time.  If you check RAM address FF17AE while
you're falling, you'll see that it gets to a certain value and then stops adding.
If you were searching for "greater than" while falling, that RAM address would
be eliminated from your matches.