Helder if you don't mind me saying in my opinion looking back over this thread, this is a great read for any novice game hackers out there like me, who were almost clueless about how to hack a game at the beginning of this thread. The 32 pages of this topic cover a wide variety of different aspects that are involved in game hacking.

I have found myself that the past few ew days that I've been reading over all the previous pages of this thread from start to finish, drilling what you and all the other hackers have been teaching me about ram and rom hacking and how I could implement what and then apply this knowledge to hacking codes I want to hack for games.

Now what's confusing me about the Balrog animation code, is I don't fully understand why I used the values 3 and 1 to make the asm code? because I also placed a breakpoint on player 2's ram animation addresstoo and then got into a fight with player 2 Cpu Balrog, and then checked the registers in the debugger for the value that's responsible for loading the start of his cpu animation, and noticed that one of the registers on the left hand site of the debugger was loading a value of 1 in register s1, but on players 1 side the ram address loads the value 3 into register v0, to load the start of his punchbag animation?

Do registers s0 to s6 always load the values for player 2's data, because It can get confusing when you have to try and differentiate were player 1 and players 2's values are are and what register there being stored in.

You have the same 2 addresses repeated with different values, and you found the code though ram searching which eventually led to the asm code. After 32 pages you finally see what I have said some 20+ pages ago about how hacking asm is something that comes with experience and observing what is happening in the registers and instructions. Now take this experience and hack more codes, I want to see some advanced stuff from you now.

No need to use Mess man I finally found the music modifier code, for the game, all I had to do to find the asm code was put a write breakpoint on the ram address music modifier code, then wait for the break to occur then look at the registers, and modify them to the values being loaded in the game during the fight.

Example I tried investigating what was being loaded into register a1 in the debugger, during the against cpu shin bison, and found it was storing the value $306 in register a1 the moment the breakpint occured during the playing of the music, so all I had to do then was change that value in the register to the value needed so I used the ori command instruction like you told me to which was ori a1, zero, $306, and notice that It played shin bison music on all the other fight stages in arcade mode.


What I found to be quite interesting about using the debugger was normally the values for loading the music of shin bison, wouldn't be possible via a ram hacking the game, but with the help of the debugger, It makes things that seem impossible in ram hacking to achieve possible and much easier to figure out, in the long run, I guess when it comes to hacking asm codes just have to know what your doing, or have at least some idea of what your trying to accomplish, which usually requires somewhat a bit of knowledge into how a code could be found.

Also I finally found the asm Balrog punchbag animation the problem is i'm a bit confused as to how exactly I hacked the code?
Here it is its the asm code for the game.

801BEA14 0003
801BEA16 3402
801BEA14 0001
801BEA16 3402

If you can use MESS then you can do a trace log and it will show all addresses right before that break so you can easily see what instructions are loaded and it will be alot easier to figure where the address is loaded into the registers which you can then modify.

Helder say i wanted to find the asm address that controls the loading of the music in the game Street Fighter Alpha 3, how can I investigate and manipulate the registers in the debugger to help me locate the correct address when using a read breakpoint to do so?

Also Is there anyway I might be able to find the asm address that loads the music in the debugger working backwards in asm and then placing a breakpoint on an address in the debugger in order modify that address by changing what value is currently being loaded into that register?

Example say I placed a write breakpoint on that ram music address for the game you previously found for me, and then worked backwards in the debugger placing a breakpoint on every address after the first one I got the break on and then go line by line changing what address is currently being loaded into that chosen register, will this hacking method allow me to find the code I want or in your opinion as an advanced game hacker is that a very ineffective way of going about hacking an asm code for a psx game?

Right I found out what i was doing wrong man, once the condition has been met I didn't know I needed to push the F7 or the trace button to jump from one branch to another, but I know now.

Also after a condition has been met and the condition is true and you have jumped from one branch to another in the debugger, do you put a breakpoint on all the instructions before or after the branch? example do you scroll up or down when placing a breakpoint on the instructions between a branch or when inspecting the instructions between a branch?

Also how do you know when one branch ends and another begins in the debugger?

When the conditional is met it branches/jumps to the address in the branch instruction if it doesn't then the condition isn't met and doesn't jump, it's not a hard concept to understand.

Helder after i have placed a break on the bne or beq branch instruction, and get the break, and when it saids true or false depending on which one it is, shouldn't it jump automatically itself to another address in the debugger?

Branches jump to different routines based on the condition set before the branch instruction so you need to inspect that condition. Jump (jal, j, etc) don't have conditionals and always jump to whatever location it's supposed to go. The way I look at branches/jumps is to put a break on the conditional or few lines up before the branch and when I have a break I go line by line and look at what's happening in the registers. I look at what is there in the registers when the branch condition is met and it jumps or not and then theorize how to make it always branch or not depending on the code I'm trying to hack.

Helder. I have a question to ask you man, about whether or not I'm actually following the correct procedure when dealing with conditional and unconditional jumps in asm and in the debugger.

Whenever I scroll up in the debugger and find a jai j, bne, or beq instruction in the debugger,usually I push the right arrow key on the keyboard of the computer which allows me to jump from one section of an address in the debugger to another, I then place a breakpoint on that address, then after It breaks on the address I want I assemble the instruction of the selected address accordingly, is this method okay? to use, by doing this am I actually manipulating a branch or jump instruction in asm? because I would like to know if I'm doing it correctly because I'm a bit lost in regards to understanding jumps and branches in mips?

Give me time to do these things, I have other things I'm busy with at the moment but will look at all this soon.

Can any one tell me how to jump from one branch to another in the debugger, because I'm finding it really confusing, and don't fully understand what exactly to do?

Helder could you please educate or teach me how to perform conditional and unconditional jumps in mips? because i'm having a lot of trouble understanding how to manipulate branches in general, in asm hacking?

So Helder did you find anything?

Sure thing man, I really appreciate you taking a look for me.

Music modifier Asm 801D5940
801D5942

Stage modifier Asm 801D62F0
801D62F2

Music modifier Ram code 8019ED9D

Character Modifier Player 1 ram 801943E6

Character Modifier Player 2 8019482E

Stage Modifier 80198C78

Not sure on that bug but post all codes you have so I can have a look.