Pages: 1
Posted on 05-03-15, 01:30 pm (rev. 2 by  Shadey21 on 05-04-15, 11:57 am)
Flurry


Karma: 487
Posts: 195/254
Since: 10-14-11
So i'm using Cheat Engine to change a couple of values in Super Mario 64 DS and I was able to change the time to whatever value I want. My only problem now I don't know how to actually find where the value is in the rom.
For example, the address 06277574 is holding the value for the current time. Is there a way to find where the time is stored from the address?
Posted on 05-18-15, 08:01 pm (rev. 1 by Fiachra on 05-18-15, 08:02 pm)


Karma: 16
Posts: 2/2
Since: 07-28-14
The easiest way to find something like time is to use DeSmuME's RAM Search feature:
- When VS. mode starts, pause the game and open the RAM search window.
- Search for a byte with hex. value 0x1E (30)
- There'll be a very long list so let the game run until the time decrements to 29 and then pause it. Search for a value different by 1 against the previous value.
- Do this two or three more times. You end up with only one address: 0x02189D48
- Note: The address used depends on the level, the above is for the Castle Grounds and using the EUR ROM.

To find out where changes to this value are made you need to use the No$gba debug version (it's freeware now):
- Open the ROM and select VS. mode.
- Before entering a level, place the following breakpoint:
[02189D48]=#0x1E
This will break when a value of 30 is written to 0x02189D48
- You'll find it gets written at 0x020FDEDC, using the value in r0. 0x1E is placed into r0 at 0x020FDED8 if the level ID is 51. You'll find the code for setting the time limit for the other levels in the following few instructions.
- If you wanted to change the starting time eg. to 100 you could use the SM64DS ASM Hacking Template (same as Dirbaio's NSMB one but works for SM64DS) to create a patch:
repl_020FDED8()
{
asm
(
"moveq r0, #0x64 \t\n"
);
}
- If you wanted to disable the decrementing of the time limit, place the following breakpoint:
[02189D48]!
which will break when a different value is written.
- This reveals 0x020FCF38 as the location the decremented value is written, based on the value of r0 with r0 being decremented at 0x020FCF34.
- If you wanted to disable the decrement you could use:
repl_020FCF34() { }
or if you wanted to increment the value:
repl_020FCF34()
{
asm
(
"add r0, #0x01 \t\n"
);
}
Posted on 05-18-15, 08:53 pm
Flurry


Karma: 487
Posts: 201/254
Since: 10-14-11
Thanks for the reply but I actually figured out how to already with the help of  skawo.
I actually still have a few questions so I'll PM you now!
Pages: 1