Yes, something went wrong, the file size should stay the same. When you go to patch the file, make sure you use the same file that you first opened to edit. That's something that I may change in a future update, where it doesn't bring up a window when you press the patch button, and just patches the file. That save window when you click on the Patch button isn't really needed.

Can you send me a PM of where you got that single file from (make sure it's a PM, since ROM links aren't allowed).

EDIT: May as well send me the link where you got the 4 part file from too.

Thanks my man. Overwriting seems to work, I've been making a new file before.

Nevermind, I eventually found what I was looking for without even using tracing, breakpoints and whatnot.

Which emulator do you recommend for hacking Sega games?

Sega has many different systems, but since this is in a Sega CD thread, I'll assume you're talking about SCD.

If this is your first attempt at hacking, I wouldn't recommend starting off with Sega CD. You would probably be better off starting with Sega Genesis, since there are better tools available for hacking. Sega Genesis and Sega CD both use the same assembly language (68000), so once you learn how to hack Genesis games, moving over to SCD will be much easier.

I personally use Gens Tracer for most of my Genesis hacking, but there are other emulators/debuggers that you can use as well.

Here's a link to a guide for Gens Tracer: https://codehut.gshi.org/GensTracerGuide.txt

Thank you for these codes. The only problem is that the games don't have music when I play.

Hi Tony， i am trying to hack <Ninja Warriors>, i see in another thread, somebody has hacked infinite health, but I want to hack continues(both 1P and 2P) and use "gens_r57shell_mod_r665" to locate RAM Address : "0002F0FD" for 1P continue, and "0002F0FF" for 2P continue, but genesis RAM range should be 0xFFxxxx? right? Then i put them into "M68K" debugger and try to add break points for write/read this RAM, but it not work, how can i do that ? Any tutorial i can refer?

I haven't done much Sega CD stuff in a while, so I'm a little rusty on the details. Sega CD uses two different types of RAM. One is the conventional FF type like what the Genesis uses, and the other is what you found. The type that you found is not supported by most emulators when it comes to debugging and using the RAM codes as cheats. There was one or two emulators that were supposed to be updated to be able to support those types of RAM addresses, but I haven't checked in awhile so don't know if that ever happened. I think Mame is supposed to have complete support for those types of RAM addresses, but I've never tried it.

If you don't want to use Mame, you can always use Cheat Engine, together with your favorite emulator. Once you find the RAM address with CE, right click on the address and click on "Find out what writes to this address". This will open a new debugger window. Play the game until the debugger window shows a line of code. Double click on the line of code and it will open another window called "Extra info". Now, double click on "ESI" (or possibly "EAX"?) and it will open another new window called Memory Viewer. This will show the RAW assembly that you're interested in.

Lee4 also wrote a guide with several pictures. Have never tried it but Lee4 is a good hacker, so I'm sure it will be useful: https://gamehacking.org/vb/forum/vid...559#post143559


EDIT: Just remembered that you can use the address you found with Gens to possibly find a code in the ROM/ISO or a trace log. I believe you subtract 0x20000 from the RAM address you found and search for that. So in your case, 0002F0FD - 20000 = 0000F0FD. Search for 0000F0FD (or possibly 0000F0FC) in the ISO/ROM itself, or in an assembly trace log. This will not always work, but worth a try.

Markle666, I downloaded the Ninja Warrior Sega CD ROM and found that the method I mentioned above about subtracting 0x20000 from your RAM addresses looks like it will work in this case.

I checked the ROM with a hex editor, and found what appears to be the assembly for moving a value of 04 to both of your continue RAM addresses. This can be changed to let you start a new game with more continues. There is also a subtract instruction for both of them that is most likely what subtracts 1 when you use up a continue. This would be where you make your infinite continue code. Haven't tested any of these, but they look like they should work. I won't give any specific details unless asked, since I'm guessing you want to find this stuff yourself.

One last thing, there appears to be some programing that gives each player 99 continues. Either this is something you can select in an Option menu (don't even know if there is an Option menu), or it is possibly some kind of cheat that the developers included. Haven't seen any controller button cheats for this game anywhere online, so this may be previously undocumented.


EDIT: Had forgotten that Gens Tracer looks like it can do Sega CD break points for any type of RAM address, including the type you found.

Thank you for your suggestion. i try to locate "0002F0FD" in iso and find 25 results, then look for "SUB" instruction(9X or 09) among these codes, but still be at a loss, since you find "There is also a subtract instruction for both of them that is most likely what subtracts 1", could you tell me how you locate it? Maybe is there any assembly viewer tool to make location more efficient?

About "Option menu"(debug mode), i checked , it does have( https://tcrf.net/The_Ninja_Warriors_(Sega_CD) ), need do a ips patch, i patched but not work, my iso is ccd+img+sub, do i need convert it into cue+bin?

Markle666, you didn't follow the instructions, so I will just copy and paste it again:

EDIT: Just remembered that you can use the address you found with Gens to possibly find a code in the ROM/ISO or a trace log. I believe you subtract 0x20000 from the RAM address you found and search for that. So in your case, 0002F0FD - 20000 = 0000F0FD. Search for 0000F0FD (or possibly 0000F0FC) in the ISO/ROM itself, or in an assembly trace log. This will not always work, but worth a try.

There is no "assembly viewer tool" that I know of, so it's just a matter of getting to know some of the more popular instructions, or looking them up. Doing it this way (just searching for the RAM address in the ROM) is kind of a short cut and probably not the best way to learn. You may want to use one of the other methods I mentioned as well since that is the best way to do it, and so you can see how everything works. When you just search in the ROM, you are kind of guessing whether or not it will work.

As for the patch on TCRF, I don't know anything about it.

Tony, I used Gen+CE. i follow your instructions:

right click on the address and click on "Find out what writes to this address". This will open a new debugger window. Play the game until the debugger window shows a line of code. Double click on the line of code and it will open another window called "Extra info". Now, double click on "ESI" (yes it should be ESI) and it will open another new window called Memory Viewer.


I can locate RAM memory 01057C06(this represent 1P heath), but this digit is not the RAM address as real Genesis memory, right?
then i follow your instructions to open ESI, it give another window called Memory Viewer. i can see base address:010600000 (program base address?)
and it also show a chart as following:
01060418 04 84 6E 42 28 00 ...
01060428 9F4C 01 00 75 4E ...
...
...
So the first row is the writing action point, right? sub this 01060418 with 010600000, i get 418, so this "418" is the ROM address in iso file?

Markle666, one easy way to find the actual ROM address in this situation is to search for a string of bytes that CE gives you in the Memory Viewer. Unfortunately, some Gens emulators will have the byte order swapped, so it can be a bit difficult to read and figure out a string to search for in the ROM. In your example above, the second line you show: 9F4C 0100 754Eis actually in the ISO/ROM like this: 4C9F 0001 4E75 If you search in the ROM for that string you'll get a few matches, but the correct one is the fourth match. It looks like you copied the values incorrectly for the first line, you wrote 04 84, but it should be 04 64.

If you don't want to deal with this reverse byte stuff, you can use Kega Fusion and it will show the bytes in the correct order.

Once you find the correct ROM address, you'll need to figure out what the values mean and this is where some 68000 assembly knowledge is useful. Usually, when CE snaps and gives you the address, the part you're interested in will usually be right before the address that CE gives you.

If you can't figure out what all the instructions are in the ROM, you may want to try Gens Tracer or Gens 9.5b like I mentioned before, and set a break point and do a trace log. The trace log will show you what all of the instructions are. I wrote a guide on how to use Gens tracer (it's on my site). It doesn't show Sega CD specifically, but it will get you pointed in the right direction.

EDIT: I just read a note to myself from a while back that says that I got the asm trace log working on Gens 9.5b for Sega CD, but couldn't get the memory log working. The memory log in Gens Tracer works with Sega CD.

Thank you, Tony. I will try Gens Tracer, let's end up this topic temperarily, if any further question I come back to you

Hi Tony, i am coming back.
I am trying hack continues(credits) on Lethal Enforcers and Lethal Enforcers 2(both version are JP).
Lethal Enforcers continues RAM address: 00238403
Lethal Enforcers 2 continues RAM address: 000292A5
i have tried to search 00238403-00230000 = 00008403 and 000292A5 - 00020000 = 000092A5, but still failed.
Firstly, i used "Gens Tracer", but it seems it can not look for the break point based on 00008403 or 000092A5.
Secondly, i used "Fusion 3.5 + ArtMoney" which "lee4" has recommanded.
1) i located RAM: 00238403(x86 RAM Address is 025CB9CA)



2) i click "Find an instruction..."



3) start debug when "00238403" is written, i can get the instruction address:



So what is the next step in this way?

i got stuck...T-T