You should be using FCEUX. Any address under 8000 can't be converted to Game Genie.

After following nolberto82's advice, because it's good advice, put a write breakpoint on $66A9, then play the game to see what instructions write to the address. A game genie code alters those instructions for desired effects.

There are many tutorials in our library that cover this subject. Feel free to browse them, and ask any more questions.

Where's your library of tutorials.
FCEUX...what advantages does it have?

Hmm, anything under 8000. Now that's great advice.
Is it possible to find some search value that can make the door always open.
I kept searching the changing values of the door, but maybe there's another method to get a different address.

edit: Ooh, FCEUX is better at outputting.
0F:C717:91 E9 STA ($E9),Y @ $66A9 = #$4F

http://gamehacking.org/?s=faqs

The debugger is far more advanced than any other nes debugger, and it's just a better emulator. Try to find a recent version, within the last few months, as there was a bug fix concerning cheat files and the compare byte used with genie codes.
I was referring to his suggesting fceux. In the nes, the range from $0-$7FFF is RAM, and $8000-$FFFF is ROM. Since genies intercept the prg and overwrite bytes before loading to the rom space, they can only patch addresses in the range above $8000.

You have to change the instructions controlling the state of the door, instead of the state of the door itself.

Its not hard to do here is the code and what I did to change it from what it was to what the new code is.

$C712:B1 E9 LDA ($E9),Y @ $66A9 = #$CF A:66 X:47 Y:00 S:EB P:nvUbdIZc (Loads the value of the into register A)
$C714:60 RTS A:CF X:47 Y:00 S:EB P:NvUbdIzc (Return function from sub routine)
$CA5F:25 AF AND $00AF = #$7F A:CF X:47 Y:00 S:ED P:NvUbdIzc (load value at $00AF and perform calculation, looks like subtraction)
$CA61:20 15 C7 JSR $C715 A:4F X:47 Y:00 S:ED P:nvUbdIzc (Jump to address $C715)
$C715:A0 00 LDY #$00 A:4F X:47 Y:00 S:EB P:nvUbdIzc (Load 00h into Y register, could be for some other function below)
$C717:91 E9 STA ($E9),Y @ $66A9 = #$CF A:4F X:47 Y:00 S:EB P:nvUbdIZc (Stores the register of A back into the address that holds the door value)

Looking at that we see the value 207 which is CF in hex is the default value loaded from that address then there is a calculation made followed by it storing back into the address with the new value of 4F so the fastest and easiest way would be to make the STA into a LDA so it never saves the new value so this is what the line would look like:

$C717:B1 E9 LDA ($E9),Y @ $66A9 = #$CF A:4F X:47 Y:00 S:EB P:nvUbdIZc


and this is what we would put into the GG program:

RAW
C717:91:B1

GG
OLOGYYOP

or even possibly NOP out the calculation part but that would require 2 codes:

$CA5F:25 AF AND $00AF = #$7F

Raw
CA5F:25:EA
CA60:AF:EA

GG
XTSKNZIX
XTVGEXNX

but after messing around a bit with the codes I just posted it seems many game functions use that same routine for other things like in the beginning where you have to pull the mat to reveal a key, with the codes to NOP it the door wont open and with the change of the STa to LDA we can't even pull the Rug to reveal the key. So it seems like it might not so easy to make such a code without messing other vital functions.

I believe I understand.

edit: Ignored your bottom text, so this code will be tricky. Either way, I'm learning.
Why does the address work fine but the game genie does not? Why is there a difference?

I was doing a little searching in smb3 world level and found this...
0F:E401:8D E5 04 STA $04E5 = #$00

However, the "start on world code"
PEUZUGAA Start on World 2
ZEUZUGAA Start on World 3
LEUZUGAA Start on World 4
GEUZUGAA Start on World 5
IEUZUGAA Start on World 6
TEUZUGAA Start on World 7
YEUZUGAA Start on World 8

decodes to ACB3 with different values.
What search method did they use to find this info? Maybe this same info can help me with maniac mansion.

You're missing the most important stuff which is what comes before that STA which stands for STore whats in register A to that address, there is usually a LDA or LD of some kind which loads the value of the said stage and then sores it at the address in the STA. Best thing to do is set a break on this address as Execute and put the tracer on and when you try to start a stage it should break there and the trace screen will show all the instructions that came before that STA, there is where you would want to look at what to change.

0F:E401:8D E5 04 STA $04E5 = #$00
^ no LDA or anything import before this one.

I told it to Break for E401, which gave me another value with nothing interesting.
Told it to break for the next value and it gave me another value which used a different address then $04E5 but still no LDA or anything.
How many breaks do I need?

Ok after decrypting the actual codes for start on different worlds it breaks down to what you had posted which was ACB3:01:00 now if you put a break on this address you would probably get no hits but if you subtract 1 from the address you would get ACB2 which is LDA. The address then stores the value into 2 ram locations 0160 and 0727, after messing around with both I see that 0727 is the address that stores which world you're in NOT what stage which is maybe what you were trying to make? So if you put a write break on 0727 and start a new game with the tracer on you will see:

$ACB2:A9 00 LDA #$00 A:00 X:FF Y:97 S:FB P:nvUbdizc
$ACB4:8D 27 07 STA $0727 = #$00 A:00 X:FF Y:97 S:FB P:nvUbdiZc
$ACB7:8D 60 01 STA $0160 = #$00 A:00 X:FF Y:97 S:FB P:nvUbdiZc

so you see there is a LDA followed by a STA which stores the value to that ram location 0727, and if you break it down to a code you would modify the LDA with the value of the world you want so that is where the code that exists was made from : ACB3:01. That value would load world 2 and so on.