There's no trick to it, really. You just need to learn how the machine code is accomplishing things, and figure out how you might alter it to achieve the same effects as a code that's just overlaying game data. That varies from fairly trivial (infinite health where the data code just writes 0x64 to the health byte, and an ASM code overwrites the op that sets or stores health), to horribly complicated depending on what you're trying to do.

hEY Best Pyriel,

i make normal codeswith Wiirdgui and Gecko Dnet
when i go to the tab Breakpoint after i found a good working code for example
99 lives how is it work to make an ASM code for it can you help me with some screen when you have time?

thx in advance

Depends. Does the 99 lives code only write once and you can lose lives thereafter, or is it just infinite and the value it writes happens to be 99?

If it's the latter, and you have the operations that are establishing and storing the value, the easiest way is to stop the value being stored by NOPing the store instruction. Lives would be effectively infinite, since they can't decrease, but the display wouldn't show anything other than the starting amount the game sets. It's worth noting that doing a code like this by changing the game's programming can be trivial or painful, depending on how many routines update that variable. If the developer did a more object-oriented style, and there's one function that updates it, called from everywhere, then it's easy. If they went more procedural and spaghetti-like, there might be a few to many routines updating it using different logic and/or hard-coded values.

If it's the former, and you just start with 99 lives you might either have to find the start-up routine, rather than routines that update lives when you gain or lose one, or create a self-disabling code.

You can overwrite the instruction that updates the life's value with a nop (or ori r0, r0, 0x000) instruction to effectively turn it off.
There should also be an instruction that subtracts 1 from your life's amount. you can also overwrite it with nop.

You could also find an instruction that is ALWAYS active. Find out what register is free and branch to an empty area. there you can backup enough registers to another empty area, then use any assembly code to perform permanent RAM writes, pointer codes with unlimited depths, nasty looping and advanced condition.
This is how I have made the Wind Waker Chaos Edition
I even created an RNG inspired by the one of SM64 to randomize my codes

Hey Cosmo Mate German friend

will you do me an favorit and make some screens with wiirdgui
to make of an normal code an asm code
i' know you make an Breakpoint of youre normal code that you have found
but than (Read Or Whrite ) i'll don't know
you get an list down below when you get hit
and the wii makes an noisy sound like normal code hacking
but how did i'll know what for ASM instruction i can use for example 99 lives?

I've been making an extensive PPC guide and documentary for about a year now but never finished it.. Here are some screenshots of it.
Here I have put the address of rings (Sonic Adventure 2: Battle) and set a breakpoint on write on it.


Once I collected another Ring I can see the assembly code and all registers' values. The instruction that write the assembly value will be marked in blue:

sth r0, 0x104 (r31) means that the half word (PPC slang for 16bit/2Byte value) inside of r0 will be written to 104/0x68Bytes remote to the address inside of r31

Now change to the Disassembly tab and overwrite this function with nop to disable it



If you want to make a cheat of it right click the instruction and go to the memory viewer. there you can copy the address + value.




Above you can find other interesting instruction that prepare r0 to be written to the rings' address.



By having a close look at the registers value we can find the right one.

Here we can see that the lower assembly instruction is relevant to us. r4 contains the increment. r29 the amount of rings we currently have. r0 the updated value to be written to the rings' address.
add r0, r29, r4 also adds the value inside of r4 to the value inside of r29 and put the result inside of r0.

You can make some nice cheats to increase the increment for instant to gain 10 rings when you collect only one.
Remember the address of the assembly code and find an unused area in the memory. It should be full of zeros like this:

Mind that the Disassembler tends to scroll when you click on "assemble".

Now click on the pause button to freeze the game.
Go back to your assembly code and copy the instruction into notepad.
Overwrite it with a branch instruction to where your empty area is.
b 0x80003500 means that the execution jumps to address 80003500.
The address and it's hex value will be the last line of your cheat.



Now I go back to the empty are and start writing my assembly code at 0x80003500.
I have decided to load a value of 2 into register 28 by an ori instruction. you could also use lis if you want to clear the register.
then instead of adding r4 to the current amount of rings i add now r28 to it. so now each time i collect a ring it i will gain 2!
To branch back to the actual executable code use another branch instruction with the address + 0x04 added to it to continue the execution just normally.

just copy and paste the address and their corresponding hex values in order to make a cheat of it. The address + hex value of the first branch instruction must be the last, otherwise you will crash the system.

Hey Cosmo mate,

did you have this guide in pdf format or something like that?
is very helpfull for me
when you can upload this for me i'm youre very greatfull
if you hef this document you can mail me the link where i can download it

Thx in advance

the current progress is written in several open office documents. Once all this is done I will make a .php file for my website. I'd like to share it once it's finished.
The problem is there are quite a few PPC commands I don't understand such as like as the c (carrying) of the addic command, i don't understand the rotate word commands in detail and the paired single ones are very obfuscating. No documentary you can find in the internet extensively tells you what it does.

Damn i'll get not further than this

sth r0,104(r31)

okay what i'm doing is this

i'll hack on the normal way and poke this adress
801CC1D0


make an breakpoint on whrite and come back with this instruction
sth r0,104(r31)
Go to the Assembly tab and see the same
this sth r0,104(r31)
but than i'll don't know what to do with it