Copy Link
Add to Bookmark
Report

Nintendo 64 hacking reference

PS_2's profile picture
Published in 
N64 various
 · 1 year ago

Author: Goldenboy (Jeffrey H.)

Version: 2.5
Updated: 9/22/03

TABLE OF CONTENTS

1.00 PREFACE
1.10 ..Introduction
1.20 ..Assumptions
2.00 BASIC CODE HACKING
2.10 ..Terms and Definitions
2.20 ..Counting in Hexadecimal
2.30 ..Code Hacking
2.40 ..Code Types
2.41 ....Code Types Explained
2.50 ..Convert Decimal to Hexadecimal
3.00 ASM HACKING
3.10 ..Frequently Asked Questions
3.20 ..Break Points
3.30 ..Using GSCC2K2 Program
3.40 ..ASM OpCodes
3.50 ..N64 Registers
4.00 GUIDE-RELATED
4.20 ..Contact & Info
4.30 ..Credits & Thanks
4.40 ..Legal Information

1.00 | PREFACE

1.10 | Introduction

The intent of this guide is to teach you how to hack simple and advanced cheat device codes for your Nintendo 64 games. Such devices are called GameShark Pro (NSTC) and Action Replay (PAL). The means of "hacking" provided in this guide are in NO way malicious, unethical, or illegal. All methods are legal in the United States, Cananda, and the United Kindom. I would assume that this stuff is legal in the rest of the world as well.

It first started with me wanting to teach people how to use the GSCC2K2 program in a way that they could hack simple ASM codes. Eventually, I included new material.

This "guide" can be considered a FAQ as well, because it answers many question in a FAQ form. And you'll notice that if you scroll down quickly things don't stick out well. So your best bet is not to look for certain things, rather read the guide from beginning to end to be sure you find whatever you need.

Oh, and please keep in mind that this guide based on the NINTENDO 64. So if you have a N64 - read on. If you have another system and don't have a N64 - read on anyway, knowledge is power. And some of this crap is similar to systems such as the PSX, Saturn, etc.


1.20 | Assumptions

Many tutorials and how-to's come with "assumptions." The author assumes that the reader has done something or has something even before proceeding in the guide. I have very few assumptions - there's not many I can think of at this point, but....

BASIC CODE HACKING:

  1. Knowledge of hexadecimal number system is a must. This guide covers hexadecimal and shows you how to use it.
  2. You must have/own a GameShark Pro or Action Replay along with your Nintendo 64 set.


ASM HACKING:

  1. You most definitely should have GSCC2K2 (a hacking utility by Code Master) and have installed it. You can download it at its official site: www.cmgsccc.com. The file size isn't that big, and the software is great. And you should have some kind of idea on how to use the thing.
  2. This assumption corresponds with number 1; you have to have hacking utilities: Gameshark (or cheat device), 25 pin wire, GSCC2K2.
  3. You should definitely have some kind of knowledge of hacking devices and all of the things that are incorporated with them (Hacking, Hexidecimal knowledge, RAM editor knowledge, etc).

2.00 | BASIC CODE HACKING

2.10 | Terms and Definitions

Code Generator(Code Gen): The basis for most hacking. Allows for finding and creation of codes. Using this you can hack your very own codes explained below.

Memory Editor(Mem Ed): Underrated hacking tool(I should now, I've hacked most of my TWINE codes with the aid of it). Allows for the user to see the RAM. Great for finding good stuff. Also great for 'looking around' RAM, especially when you find a great memory block.

Key Code: Basically, it allows the game and GS to boot at all while together.

Enable Code: (M) is the proper label. Allows the Code Gen and Codes to work while in the game. If you're lucky like me, some of the supposed "(M)" games will fully function even w/o the (M) code.

Stack: The stack is used to store temporary data. It isn't used in the program.

Registers: [See "N64 Registers" section]

RAM: Acronym for Random Access Memory; the RAM is where all of the games temporary data is stored. When the system is powered off, it loses all of the data in the RAM.

ROM: Acronym for Read Only Memory; the ROM is where all of the permanent data for the game is stored. Basically, all the game's data is stored in the ROM. When the system is powered off, the ROM is still present and can't be altered by standard means.

Memory Block: Not sure where this term came from, but it refers to confined area in the RAM that holds certain information (i.e gun block, attribute block, player's location block, etc.). See Memory Editor Section.

Floating Point: . They're often used for size, physics, and speed. They can often be used for data that requires a decimal or percentage. A common value for a floating point is 3F80.

Activator: Tells the game to activate the below code when the above code's value is matched (or not matched). See code types.

Button Activator(Joker Command): Same as previous but button address is used to turn on code below.

8bit-Uses one slot in the RAM. In the code, it uses only the last two spaces. Value goes from 0-255, 00-FF in hexadecimal.

16bit-Uses two slots in the RAM. In the code, it uses all spaces of the tail of the code. Value is from 0-65535, or 0000-FFFF in hexadecimal.


2.20 | Counting in Hexadecimal

If you can't count, don't go any further--you need help! That is, if you can't count in Decimal, which is our basic 10 system. Hexadecimal is the language that the Gameshark (and game) uses, and is the exact same thing but uses letter and a 16 system, that means it goes to 16 as it becomes 2 slots. Don't be discouraged, it's very easy to learn. Some guides can be very discouraging because they stop at F.

DEC:00,01,02,03,04,05,06,07,08,09,10,11,12,13,14,15,16,17,18, etc...
HEX:00,01,02,03,04,05,06,07,08,09,0A,0B,0C,0D,0E,0F,10,11,12, etc...

See how they line up? That's because they are the same until you get to 15. Hexadecimal's 0F is Decimal's 15. It's THAT simple really.

Who invented hex or why videogames use it is beyond the scope of this guide.


2.30 | Code Hacking

Unknown Value Searches:
.......................
First, look for the thing you want to alter, whether be time, location, or any other thing that you don't know the exact number to. Lose or gain some of the thing you're looking for. If you lost some of it do a "Less than" search, if you gained some of it, do a "Greater than" search. If you don't know if you lost or gain some of it, do a "Different than" search. Keep the value the same and choose "Equal to". That should narrow things down. Keep searching until you have 1 or very few possibilities.

Known Value Searches:
.....................
You can tell if the code will require a 16 Bit or 8 Bit search by looking at the number. If you know that the number doesn't go higher than 255 then do an 8-Bit search. But if it goes higher than 255 do a 16Bit search. Search for the number. Loose or gain some it, whether it is ammo, health, etc. Now look for the new number. Repeat last two steps until code is found.

Hacking: Moon Jumps (a.k.a. levitation code):
.............................................
Search type: Unknown, 16Bit
Do an "Unknown search" while on the ground. Don't move, and pick "Equal to". Now move up to a higher ground or lower ground (it doesn't matter as long as you change position) and search "Equal to" again. There are two ways you can go from here:
1) Fall off a cliff and do a "Different than" search OR...
2) Jump up in the air and do a "Greater than" search. This way is much better because most of the time you value IS GREATER when rising, so you can just search for "Greater than".
No land back on the ground and search "Different than" while standing still. NOTE: If you did the jump method, you can just search "Less than" while on the ground. Now do a few more equals and repeat the jumping/falling off ledge steps if necessary.

Hacking: Size Modifiers:
........................
Vital Code Info:

Difficulty: 8 (out of 10)
What it is: A size modififer is just that. It modifies the size of an object, person, or character in a game.
Does every game have one?: Most likely. 3D games always have them, but 2D games are less likely to.

Before you start:
You need to figure out what you want to make a size modifier for (an object, character, ect.)

Know this*:

A Size Modifier can be a pointer or it can be an actual size modifier. Usually, a pointer is an 8 Bit code, and an actual Size Modifier is 16 Bit.

The default Size Modifier value is usually 3F80 (16256) in games. This is what is known as a floating point value.

Some of the size mod values that I've seen:
3F80 (16256), 3C00 (15360), 3E80 (16000), and 3DCC (15820).

What are pointer Size Modifiers? They are usually 8 Bit codes that point to certain addresses with the Size Modifier value. Example: 0=size 1, 1=size 2, ect...

*In most, but not all, games.


Hacking The Code:

Method 1 (unknown):
Important! The following search should be done in 8 Bit AND 16 Bit, because you could find a pointer Size Mod, or an actual Size Mod.

  1. Start an unknown value search.
  2. Do something that will make your object change in size (i.e. shrink or get bigger).
  3. Do a Different To search.
  4. While still that size search Equal To.
  5. Do a couple of more Equal To searches (if possible).
  6. Change size again and search Different To.
  7. Do a Equal To search while still that size.
  8. Change size and do a Different To.
  9. Repeat steps 2 through 8 until code is found.

If you believe that you've found you code, turn it on. Now do something that would normally change your object's/character's size. If his size stays the same, then you've found the code.

Method 2 (blind hacking):

  1. Find the coordinates of the object/character (see hacking coordinate mods).
  2. Go into the memory editor near the area where the objects coordinate mods are.
  3. First, look for 3F80 (change to 3FF0)... If no 3F80 values are present, look for some other obvious values (mentioned earlier).
  4. Change some of the values then go back into the game and see if the object's size has changed. Go back into the memory editor. If the addresses that you have changed have gone back to normal, those might be size mods. In this case, you'll need to turn that address into an actual code, by reseting the game, typing in the code with it's new value (i.g. 3FF0). Start the game and if the size is NOW changed, then you'll have to do this with the rest of the Size Mods you find.

2.40 | Code Types

80000000 00xx Standard 8bit (0-255 dec. or 00-FF hex.) 
81000000 xxxx Standard 16bit (0-65535 dec. or 0000-FFFF hex.)
D0000000 00xx When Equal To Activator 8bit
D1000000 xxxx When Equal To Activator 16bit
D2000000 00xx When Not Equal To Activator 8bit
D3000000 xxxx When Not Equal To Activator 16bit
88000000 00xx When GS Button Is Pressed 8bit
89000000 xxxx When GS Button Is Pressed 16bit
50000000 00xx Patch Code

Others Code Types Yes, there are, but it is not necessary for me to explain them because they are practically unhackable by standard means.


2.41 Code Types Explained

80 - Applies to just the RAM address.

D0 - Tells the game 'hey, if the end of this code (it's value) is matched, turn on, or activate, the following code.
EXAMPLE:

  • D0123456 0000 When my health reaches zero...
  • 80123456 0064 Turn it to 100

50 - Also known as a Patch Code, this shortens many repetitious lines of code. In other words, if you have many lines of codes that follow a pattern (i.e. go up a certain amount on the ram address and/or the value) the patch code can reduce many lines to two lines.

EXAMPLE:

--80000003 0008 
--80000005 0009
--80000007 000A

Converts to:

--50000302 0001 
--80000003 0008

Breakdown: It's three lines long, so the lines 5 and 6 tell how many lines to patch the code, so '03' takes care of that. Now, more importantly, the line goes up two times each line, so the lines 7 and 8 of the '50' code covers that, so our number is '2'. The last part is rare but I've had cases where I've used this (particularly in slot mods).

Requirements: The lines that you want to patch (make shorter) MUST follow a pattern in the RAM address (8000000), meaning: each line must go up an equal amount every time it goes up. Important: Since the Gameshark can only support 15 codes on w/o the RAM pack and 100 codes w/the RAM pack, it's impossible to have a 16-bit '50' code.

-----------------------

88 - This code is like a hybrid between a normal code and an activator (joker). What it does is activate the value for the address of ITSELF. It doesn't activate the following line like a normal activator. So, whenever the button on your GS/AR is pressed the address will recieve the value at the end.

EXAMPLE:

Let's say a code for Infinite Health was:

80000001 0064

To make that a GS Button code all you do is add an 8 to the second digit in the base code:

88000001 0064

Great code type, but since the code generator is now standard on GS, these bad-boys have faded with Mario. To add to that, people have gotten even lazier, so instead of getting up and pressing the GS button, they can now just press a button on their control; which I can't blame them.


2.50 | Convert Decimal to Hexadecimal

So you're tired of booting up Windows and using the calculator everytime you want to convert some Decimal numbers into Hexidecimal numbers? Well, here's how:

I'm going to use an example number to demonstrate how to do this. The number will be 201 (decimal). We want to convert that to hexidecimal.

NOTE: The lower-cased letter after a number is to tell you type of number it is. For example: 2Ch = 2C in hexadecimal, 10d = 10 in decimal.

First take the number and divide it by 16d.
201 divided by 16d is 12d, which has a remainder of 9d.
Keep in mind that you DON'T want to have a number with a decimal point (i.e. 12.99), that's why you don't want to use a basic calculator.

Instead, see how many times you can put 16d into your number and then find the remainder (16d x 12d = 192d). So that leaves us a remainder of 9d.

Here's how you find out you hex number:
Take the first number you got by dividing into the decimal number: 12d, convert it to hex: Which would be C

That "C" will be the first hex number, now to find the second:
The remainder, which is 9d, will be our second number. But we need to convert it to hext first. 9 in decimal is 9 in hex also, so you won't need to change anything this time.

Take the C then use the 9 as your second number:

201 in decimal is C9 in hex. So C9 is your answer.

Here's the breakdown:

201d 
divided by 16d
equals 12d with a remainder of 9d
12 equals C in hex
9 equals 9 in hex
=============
= C9

This method works for any and every number. And you can convert back by completely reversing this method, however.

3.00 | ASM HACKING

3.10 | Frequently Asked Questions

WHAT IS ASM?

The letters "ASM" are an acronym for Assembly Language. ASM is a low-level programming language that doesn't require special commands like C or C++. Instead, it controls the computer chip and what it does by "going around" the high-level language such as C and C++. ASM tells the CPU to carry out operations (move or manipulate data ). Not only that, it tells the CPU how to do it, when to do it, where to do it, etc. Think of it as a job. You boss can tell you to do something and you do it, right? But maybe the way you do it is inefficient. So your boss tells you to do it a another, more specific way instead. That's basically what ASM is doing.

IS ASM THE SAME FOR ALL SYSTEMS, LIKE MANY LANGUAGES?
No. All types of ASM are similar, of course, but some differ in that they have different amounts of bit "OpCodes" (see OpCode section for more details) and many other things. It all depends on the processor that the system is using. The N64 uses a 64 bit processor that is R4300i ASM. The processor was designed by MIPS and was put together by NEC.

HOW DO THEY FIGURE INTO VIDEOGAMES?
With the aid of breaking and ASM you can do just about anything with your codes. ASM does everything. You may want it to NOT do something, or change the way it does something. Say, for instance, the game takes away ammo from you every time you shoot a bullet. You can stop that operation from happening. OR you could modify how it happens by altering HOW MANY bullets it takes from your ammo every time you shoot the gun. That's possible with ASM. Here's the breakdown:

Normal routine that game does:

  1. When gun is shot
  2. Minus ammo
  3. Replace old ammo with new ammo

Now, you would alter that by changing the last line:

  1. When gun is shot
  2. Minus ammo
  3. Don't replace ammo [thus, ammo doesn't change]

See line 3? It's changed. You're stopping the last line from even taking place. Note that it's not going to be this way in all situations, but this should help you get the gist of what's going on.

What's so great about that? Well, if you playing a game that use a different memory block for each level (e.g. Goldeneye, TWINE, Duke Nukem ZH), and a different code is needed for each level, then the ASM code would work for all levels.


3.20 | Break Points

WHAT ARE BREAK POINTS? [Repeated]

Break point is a technical term referring to the debugger line breaking. The debugger "breaks", or halts the game when the address in the RAM (Random Access Memory) is READ/WRITTEN to. The break can be READ or can WRITE. READ is when the stack checks the address to see if it changed or to make sure it doesn't change, and is . WRITE is, of course, when the stack writes to the address, telling it to change; when, where, by how much, etc. There is a third, BP Execute, or BPX. But unfortunately, the GSCC2K doesn't support BPX.

HOW DO THEY FIGURE INTO VIDEOGAMES?
Well, scroll down to the "Using Code Master's GSCC2K2" section to find out how to use them.

THE TYPES OF BREAK POINTS AND WHAT THEY DO.
The break can be Read or can Write. Read is when the stack checks the address you set the break point on to see if it changed or to make sure it doesn't change. Write is, of course, when the stack writes to the address, telling it to change; when, where, by how much, etc. There is a third, BP Execute, or BPX.
But unfortunately, the GSCC2K doesn't support BPX.

Types of Break points:

  • Read - Reads the adddy that you set the BP on
  • Write - Writes the addy that you set the BP on
  • Execute - Watches an execution of the addy (not important!)


WHAT BP IS THE MOST COMMON?
It's definitely the Write. The most useful and common thing to do is stop an address from being Written to. I never found Read really important, but it can be useful if used cleverly.


3.30 | Using GSCC2K2 Program

NOTE: To obtain this program, refer to the "Assumptions" area.

To set a Breakpoint with CodeMaster's GSCC2K2 you must find an address to set a breakpoint on.

Say, for instance, you wanted to set a breakpoint on an Infinite Health line for a certain level that is at 80004454:

  1. Make sure you're in the "Ram Edit" window.
  2. Scroll down in clip on "Set BP", and a small window will pop up.
  3. Decide whether you want to find the BP that WRITES to you line or READS to your line, or even both. Ask yourself some questions first: Do I want to disable the thing from not working at all (i.e. ammo)? If so, you may want to use WRITE. Do I want the game from not detecting that I have something? (i.e. gun) If so, you may want to use READ. Note: Some addys READ and WRITE, so if all else fails, check both boxes.
  4. Next, type in the address that you want to watch in the box labeled "Address". If it's a 16-bit code (81004454) leave the one off and replace it with a zero to make it 8 bit: 80004454, or the BP find will NOT work.
  5. Once you put in the address you want to watch, click "Set BP".

If and when a breakpoint is found the game will pause and you click yes on the box that popped up after you set the BP.

Then a new text document will pop. This text document is the N64regs - or CPU Registers.

After clicking of the N64regs box you will see the actual address that is READ to or WRITTEN to. This is the fruit of your labor. The code that you see in the dialog box that should say "Break Point Address: [address here]".
Write that down and go onto the OpCode section of this tutorial.

SO, WHAT CAN GSCC2K2 BE USED FOR WITH BREAK POINTS?
It can be used for just about anything. And break points are especially good for games with "random" or different addresses for each level (a.k.a. offsets).

  • Infinite Health - All levels
  • Stop Timer - All levels
  • Infinite Ammo - All levels
  • Infinite Items - All levels
  • Characters Can't Move - All characters and levels
  • All Guns
  • All Items
  • Moonjump - All levels

DOES GSCC2K2 SUPPORT BREAK POINT EXECUTES?

The GSCC2K2 doesn't support BPXs, but here's how you can do it, according to Parasyte:

<-quote->

I kinda wish it [GSCC2K2] had BPX (BP on eXecute) so you could watch a certain ASM address.. find out when it breaks, and when it doesn't.
even though BPX is not supported, you can create a generic break. Just pick an used address.. like 80000090. (it'll be used later) in GSCC2K2's RAM editor, go to the address you want to BPX on. Halt gameplay by pushing Shift+F9 (this just makes writing to an opcode a lot safer, that address won't be run when in halted state). Finally... Write down the 8 bytes beginning at your BPX address.
You will be overwriting them, and you'll want to restore them later!

Overwrite the 8 bytes with these -

3C 1B 80 00 
AF 7B 00 90

(You can see in the last 2 bytes in each column - 80 00 00 90, 80000090 is that unused address that this BPX address will write to)

After the values are inserted, set a BPW on 80000090, then resume gameplay with Shift+F9 again. FINALLY... When the game auto-halts, you know your address got executed. and you can tell GSCC2K2 to grab the regs like any normal BP. You'll probably only use BPX when hacking WTWs or hit anywhere codes... among others... just the code codes."


3.40 | ASM OpCodes

WHAT ARE ASM OPCODES?

Short for "Operation Code," the OpCode identifies the type of instruction and provides some information about the instruction length. Say for example you use the command "NOP" (which stands for "No Operation", this stops the address from operating!!), which it's 16 bit hex value is '0000', you would change the end of your code to whatever you're OpCode's hex value is:

Ex: The address that you found is 81002222 and you want it to not operate.
Easy. All you have to do is find the hex value to that OpCode - which NOP's hex value is '9090' (but '0000' works just as well). So you would make the code "81002222 9090" or "81002222 0000."

That's the bare bones of it, but I suggest you learn all the ASM OpCodes and their Hexadecimal worth and if they're 16, 32, or 64 bit (etc). It's pretty cool if you actually learn all the OpCodes hex values, this way you can do pretty much ANYTHING with your codes.

Note that ASM OpCodes are only useful AFTER you find your BP address.

TIP: You can find out more about OpCodes by getting an ASM assembler / disassembler and viewing a RAM dump with it. The best site to get one would be www.dextrose.com. You can tinker these:

ADD rd,rs,rt: ADD; rd=rs+rt; trap on overflow$zero,0018($v0) 
ADDI rt,rs,imm: ADD IMMEDIATE; rd=rs+imm; trap on overflow
ADDIU rt,rs,imm: ADD IMMEDIATE UNSIGNED; rd=rs+imm; never trap
ADDU rd,rs,rt: ADD UNSIGNED; rd=rs+rt; never trap$a0
AND rd,rs,rt: logical AND; rd=(rs AND rt)u $v1,$t6,0AF5
ANDI rt,rs,imm: logical AND IMMEDIATE; rd=(rs AND imm)$v1)
BCnF offset: BRANCH ON COPROCESSOR n FALSE 000464B8
BCnFL offset: BRANCH ON COPROCESSOR n FALSE LIKELY058($sp)
BCnT offset: BRANCH ON COPROCESSOR n TRUE $zero,0060($sp) BCnTL offset: BRANCH ON COPROCESSOR n TRUE LIKELY8011
BEQ rs,rt,offset: BRANCH ON EQUAL; branch if rs=rt690($v0)
BEQL rs,rt,offset: BRANCH ON EQUAL LIKELY; branch if rs=rt
BGEZ rs,offset: BRANCH ON > OR = TO ZERO; branch if rs>=0 (SIGNED)
BGEZAL rs,offset: BRANCH ON > OR = TO ZERO AND LINK; (return adress in $ra)
BGEZALL rs,offset: BRANCH ON >= TO ZERO AND LINK LIKELY; (return adr in $ra)
BGEZL rs,offset: BRANCH ON > OR = TO ZERO LIKELY; branch if rs>=0 (SIGNED)
BGTZ rs,offset: BRANCH ON > THAN ZERO; branch if rs>0 (SIGNED)
BGTZL rs,offset: BRANCH ON > THAN ZERO LIKELY; branch if rs>0 (SIGNED)
BLEZ rs,offset: BRANCH ON < OR = TO ZERO; branch if rs<=0 (SIGNED)
BLEZL rs,offset: BRANCH ON < OR = TO ZERO LIKELY; branch if rs<=0 (SIGNED)
BLTZ rs,offset: BRANCH ON < THAN ZERO; branch if rs<0 (SIGNED)
BLTZAL rs,offset: BRANCH ON < THAN ZERO AND LINK; (return adress in $ra)
BLTZALL rs,offset: BRANCH ON < THAN ZERO AND LINK LIKELY;(return adr in $ra)
BLTZALL rs,offset: BRANCH ON < THAN ZERO AND LINK LIKELY;(return adr in $ra)
BLTZL rs,offset: BRANCH ON < THAN ZERO LIKELY; branch if rs<0 (SIGNED)n $ra)
BNE rs,rt,offset: BRANCH ON NOT EQUAL; branch if rs<>rtf rs<0 (SIGNED)n $ra)
BNEL rs,rt,offset: BRANCH ON NOT EQUAL LIKELY; branch if rs<>rtSIGNED)n $ra)
BREAK : BREAKPOINT; Breakpoint trap occursELY; branch if rs<>rtSIGNED)n $ra)
CACHE op,offset(base): not yet implemented rt = COPn control reg rdED)n $ra)
CFCn rt,rd: MOVE CONTROL FROM COPROCESSOR; rt = COPn control reg rdED)n $ra)
COPn : Coprocessor n OperationCOPROCESSOR; rt = COPn control reg rdED)n $ra)
CTCn rt,rd: MOVE CONTROL TO COPROCESSOR; COPn control reg rd = rtrdED)n $ra)
DADD rd,rs,rt: Doubleword ADD; rd=rs+rt; (MUST BE IN 64 BIT MODE)E)ED)n $ra)
DADDI rt,rs,imm: Doubleword ADD IMMEDIATE; rt=rs+imm; (64 BIT MODE) BIT)$ra)
DADDIU rt,rs,imm: Doubleword ADD IMMEDIATE UNSIGNED; rt=rs+imm; (64 BIT)$ra)
DADDU rd,rs,rt: Doubleword ADD UNSIGNED; rd=rs+rt; (64 BIT MODE)(64 BIT)$ra)
DDIV rs,rt: Doubleword DIVIDE; LO=rs/rt; HI=rs mod rt; (B4 BIT MODE) BIT)ra)
DDIVU rs,rt: Doubleword DIVIDE UNDIGNED; LO=rs/rt; HI=rs mod rt; (B4 BIT)ra)
DIV rs,rt: DIVIDE; LO=rs/rt; HI=rs mod rt; no trap HI=rs mod rt; (B4 BIT)ra)
DIVU rs,rt: DIVIDE UNSIGNED; LO=rs/rt; HI=rs mod rt; no trap4 BIT MODE)T)ra)
DMFCn rt,rd: Doubleword MOVE FROM SYS CONTROL COPROCESSOR (64 BIT MODE)))ra)
DMULT rs,rt: Doubleword MULTIPLY; LO=low(rs*rt) HI=high(rs*rt); (64 BIT))ra)
DMULTU rs,rt: Doubleword MULTIPLY UNSIGNED; (MUST BE IN 64 BIT MODE)IT))ra)
DSLL rd,rt,sa: Doubleword SHIFT LEFT LOGICAL; rd=rt<>sa (64 BIT MODE))a)
DSRAV rd,rt,rs: Doubleword SHIFT RIGHT ARITHMETIC VARIABLE; (64 BIT MODE))a)
DSRA32 rd,rt,sa: Doubleword SHIFT RIGHT ARITHM+32; rd=rt>>(sa+32) (64 BIT)a)
DSRL rd,rt,sa: Doubleword SHIFT RIGHT LOGICAL; rd=rt>>sa (64 BIT MODE)BIT)a)
DSRLV rd,rt,rs: Doubleword SHIFT RIGHT LOGICAL VARIABLE; (64 BIT MODE)BIT)a)
DSRL32 rd,rt,sa: Doubleword SHIFT RIGHT LOGIC+32; rd=rt>>(sa+32) (64 BIT))a)
DSUB rd,rs,rt: Doubleword SUBSTRACT; rd=rs-rt (64 BIT)t>>(sa+32) (64 BIT))a)
DSUBU rd,rs,rt: Doubleword SUBSTRACT UNSIGNED; rd=rs-rt (64 BIT) (64 BIT))a)
ERET : EXCEPTION RETURN: returns from an interrupt, exception or error trap)
J target: JUMP: unconditionally jumps to targetupt, exception or error trap)
JAL target: JUMP AND LINK: call a subroutine at target. (return adr in $ra))
JALR rd,rs: JUMP AND LINK: call a subroutine at rs. (return adr in rd) $ra))
JR rs: JUMP REGISTER: unconditionally jumps to the adress contained in rsa))
LB rt,offset(base): LOAD BYTE; rt=byte[base+offset] (SIGNED)ntained in rsa))
LBU rt,offset(base): LOAD BYTE UNSIGNED; rt=byte[base+offset]tained in rsa))
LD rt,offset(base): LOAD DOUBLEWORD; rt=doubleword[base+offset] (64 BIT)sa))
LDCn rt,offset(base): LOAD DOUBLEWORD TO COP n; COP rt=d[base+offset]IT)sa))
LDL rt,offset(base): LOAD DOUBLEWORD LEFT; left(rt)=r[base+offset] (64 BIT))
LDR rt,offset(base): LOAD DOUBLEWORD RIGHT; right(rt)=l[base+offset] (64 BIT)
LH rt,offset(base): LOAD HALFWORD; rt=halfword[base+offset] (SIGNED) (64 BIT)
LHU rt,offset(base): LOAD HALFWORD UNSIGNED; rt=halfword[base+offset](64 BIT)
LL rt,offset(base): LOAD LINKEDORD UNSIGNED; rt=halfword[base+offset](64 BIT)
LLD rt,offset(base): LOAD LINKED DOUBLEWORD; (64 BIT MODE)ase+offset](64 BIT)
LUI rt,imm: LOAD UPPER IMMEDIATE; rt=imm*10000h4 BIT MODE)ase+offset](64 BIT)
LW rt,offset(base): LOAD WORD; rt=word[base+offset]T MODE)ase+offset](64 BIT)
LWCn rt,offset(base): LOAD WORD TO COPROCESSOR n; COP rt=word[base+offset]IT)
LWL rt,offset(base): LOAD WORD LEFT; left(rt)=right[base+offset]se+offset]IT)
LWR rt,offset(base): LOAD WORD RIGHT; right(rt)=left[base+offset]e+offset]IT)
LWU rt,offset(base): LOAD WORD UNSIGNED; rt=word[base+offset]; (64 BIT MODE))
MFCn rt,rd: MOVE FROM SYSTEM CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MFHI rd: MOVE FROM HI; rd=HI CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MFLO rd: MOVE FROM LO; rd=LO CONTROL COPROCESSOR n; rt=COP rd; (64 BIT MODE))
MTCn rt,rd: MOVE TO SYSTEM CONTROL COPROCESSOR n; COP rd=rtrd; (64 BIT MODE))
MULT rs,rt: MULTIPLY; LO=low(rs*rt); HI=high(rs*rt)OP rd=rtrd; (64 BIT MODE))
MULTU rs,rt: MULTIPLY UNSIGNED; LO=low(rs*rt); HI=high(rs*rt); (64 BIT MODE))
NOP : NO OPERATION; do nothing; LO=low(rs*rt); HI=high(rs*rt); (64 BIT MODE))
NOR rd,rs,rt: logical NOR; rd=(rs NOR rt)*rt); HI=high(rs*rt); (64 BIT MODE))
OR rd,rs,rt: logical OR; rd=(rs OR rt)rt)*rt); HI=high(rs*rt); (64 BIT MODE))
ORI rt,rs,imm: logical OR IMMEDIATE; rd=(rs OR imm)igh(rs*rt); (64 BIT MODE))
SB rt,offset(base): STORE BYTE; byte[base+offset]=rtgh(rs*rt); (64 BIT MODE))
SC rt,offset(base): STORE CONDITIONALbase+offset]=rtgh(rs*rt); (64 BIT MODE))
SCD rt,offset(base): STORE CONDITIONAL DOUBLEWORD (64 BIT MODE)(64 BIT MODE))
SD rt,offset(base): STORE DOUBLEWORD; dword[base+offset]=rt (64 BIT)IT MODE))
SDCn rt,offset(base): STORE DOUBLEWORD FROM COP n; d[base+offset]=COP rtODE))
SDL rt,offset(base): STORE DOUBLEWORD LEFT; r[base+offset]=left(rt) (64 BIT))
SDR rt,offset(base): STORE DOUBLEWORD RIGHT;l[base+offset]=right(rt) (64BIT))
SH rt,offset(base): STORE HALFWORD; halfword[base+offset]=rtight(rt) (64BIT))
SLL rd,rt,sa: SHIFT LEFT LOGICAL; rd=rt<>saif rs>saLE rd=rt<>rs=rt then trapxception occurs)
TGEI rs,imm: TRAP IF GREATER THAN OR EQUAL IMMEDIATE; if rs>=imm then traprs)
TGEIU rs,imm: TRAP IF GREATER THAN OR EQUAL IMM UNSIGNED; if rs>=imm traprs)
TGEU rs,rt: TRAP IF GREATER THAN OR EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBP : PROBE TLB FOR MATCHING ENTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBR : READ INDEXED TLB ENTRY ENTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBWI : WRITE INDEXED TLB ENTRYNTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLBWR : WRITE RANDOM TLB ENTRYYNTRY EQUAL UNSIGNED; if rs>=rt then trapraprs)
TLT rs,rt: TRAP IF LESS THAN; if rs=rt then trapraprs)
TLTI rs,imm: TRAP IF LESS THAN IMMEDIATE; if rsrt then trapthen trapimm then trapraprs)
TNEI rs,imm: TRAP IF NOT EQUAL IMMEDIATE; if rs<>imm then trapthen trapraprs)
XOR rd,rs,rt: logical XOR; rd=(rs XOR rt) if rs<>imm then trapthen trapraprs)
XORI rt,rs,imm: logical XOR IMMEDIATE; rd=(rs XOR imm)hen trapthen trapraprs)

Yes, it probably seems like Gibberish and hieroglyphics to you, but all you really need to see right now is the capped letters on the far left - those are the commands. The next set of capped text is the more exact and detailed definition of what the commands do.
Once you learn a little bit more about this, the other crap will become important. But for now, forget it.

[If anyone has the Hex values for all or any of these ASM OpCodes, please email me at goldenboy446(at)hotmail(dot)com so I can get them added to this guide.]


3.50 | N64 Registers
WHAT ARE REGISTERS?

They are different "sections" of the CPU of some sort and different registers do different things. I can also say that the Nintendo 64 has 32 registers.

You can view the registers when you're using GSCC2K2 by looking at the text document that pops up when your code breaks or whatever. Those are the registers.

The two characters on the left (e.g. r0, at, v0) represent each N64 register. The corresponding text on the right is the register and its number.

Note: These may look familiar to you if you use GSCC2K2. Check the text document that pops up when your line breaks to see what I'm talking about.

r0 - reg 0 
at - reg 1
v0 - reg 2
v1 - reg 3
a0 - reg 4
a1 - reg 5
a2 - reg 6
a3 - reg 7
t0 - reg 8
t1 - reg 9
t2 - reg 10
t3 - reg 11
t4 - reg 12
t5 - reg 13
t6 - reg 14
t7 - reg 15
s0 - reg 16
s1 - reg 17
s2 - reg 18
s3 - reg 19
s4 - reg 20
s5 - reg 21
s6 - reg 22
s7 - reg 23
t8 - reg 24
t9 - reg 25
k0 - reg 26
k1 - reg 27
gp - reg 28
sp - reg 29
fp - reg 30
ra - reg 31
pc - N/A (GS2K2 purposes. Not important.)


4.00 | GUIDE-RELATED

4.10 | Revision History

mm/dd/yy
09/22/03 - Some more and new info added. A few errors fixed.
09/20/03 - New stuff added and I cleaned up the guide a bit.
07/21/03 - Seeing that I never finished the Soft Ice I deleted it and merged my hacking guides with this one. Many corrections & clean up.
12/27/01 - Began revision for V1.1. SoftIce section started.
11/22/01 - Thanksgiving. Since my Gameshark is screwed up, and I can no longer hack, I dediced that I will release this guide. Since I can't hack (cuz my gs is broke) there's no point to hold this guide any longer.
11/13/01 - More stuff spruced up. :-) Assumptions added.
11/12/01 - More things cleared up to ensure the accuracy.
11/09/01 - Many things added and especially cleaned up. This guide is almost completed (to the point that I can get it anyway :-/).
10/30/01 - Added the registers and a ton of stuff to the credit section.
10/27/01 - Added a whole bunch of content, including ASM Jargon, ASM crap, finished the BP section and added the Credits/Sources.
10/23/01 - Started this whole thing. At this point I don't know what the hell I'm doing. I got a little bit of documentation from Viper, a little encouragement from a few people I know, and that got me started. I don't know where this guide is going or where it's going to end up. I just hope it's finished.


4.20 | Contact & Info
"Nintendo 64 Hacking Reference"

> By: Goldenboy
> Contact me: goldenboy446(at)hotmail(dot)com
> My website: www.gameallegiance.com.com
> Guide started: 10/23/01
> Authorization:
www.gamefaqs.com
www.hacking101.5u.com
www.gameallegiance.com
Before using this guide for other than your personal viewing purposes, please email me and ask permission. It the least you can do, after all, I worked hard on this guide. And if I weren't to get credit for my work I would've never done this in the first place.
> Links:
www.gscentral.com
www.hacking101.5u.com

4.30 | Credits & Thanks

  • Viper187. He gave me the info and files that I needed to truly get started.
  • Parasyte of GSCentral. What can I say??, he's a great guy.
  • CodeMaster of CMGSCCC. He made the GSCC2K2 software. Thanks!
  • Dlevere~The Hackmaster. So much help and inspiration came from him.
  • Dr Ian. He had some helpful reference on his site.
  • Stinky of GSCentral. Thanks for having the best GS site on the planet.
  • All of GSCentral's message board.
  • Dextrose.com for providing cool N64 documents.
  • Anarko for his ASM documents - some which influenced this document. ALL of the OpCodes came from this guy. Big thanks to him.
  • IA for releasing the GS & GS Pro.
  • The crew of Hacking 101. From the mods to the small-time members who supported the board. (www.hacking101.5u.com).

Everyone else who has support the VG hacking community


4.40 | Legal Information
All trademarks and copyrights contained in this document are owned by their respective trademark and copyright holders. The owner of this guide is in no way affiliated with Nintendo, Interact, Datel, SCEA, SEGA, 3D Realms, or any other companies and their trademarks.

Copyright 2003 Jeffrey H. This may be not be reproduced under any circumstances except for personal, private use. It may not be placed on any web site or other wise distributed publicly without advance written permission. Use of this guide on any other web site or as a part of any public display is strictly prohibited, and a violation of copyright.

End of guide//Edition 2.5

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT