in them this has been replaced by findcheat
Finding Direct Value Cheats
Finding cheats with the cheat.tcl script is easy. First make sure you have the script in your openmsx\share\scripts folder. If it is not there download it from the CVS on sf.net.
Start your openMSX with a rom inserted, I have chosen Pippols for this little tutorial.
Let's go over the first cheat step by step.
Direct Value Cheats
Pippols starts with 2 lives, which is actually enough to finish the game but we want more lives. So as soon as you see the playfield with our smiling friend pause openMSX with pause (it's next to your scroll lock key) and bring up the console with F10.
Since this is the first time we look for a cheat we have to make a snapshot form the current situation. We do this by typing:
findcheat -start
That was step 1, on to step 2. Finding the address where the amount of lives are stored. We look at the amount of lives and see the number 2. So we have to search for the value of 2. We do this by typing:
findcheat 2
Probably it will tell you that too many values are found. So we continue our search.
Unpause the game with the pause key. And touch an enemy, this might sound cruel but since it is a computer game I assure you the sprite will not feel a thing. After this the amount of lives should have gone down to 1, if not you are playing a cheated version. But for now I assume it is 1.
You guessed it, we pause the game and bring up the openMSX console again with F10. We then type:
findcheat 1
Most likely there are 2 values left. If not you are lucky and will see the address where the lives are stored. But just in case we get our cute little sprite killed again, pause the game and bring up the console again. This time we type:
findcheat 0
Amazing! OpenMSX tells us:0xE050 : 1 -> 0
I will explain this result:
0xE050 is the location where the lives are stored in hexadecimals
1 is the old value
0 is the new value
Now comes the tricky part. Putting more lives into the address we just found. This is easier than it sounds. Let's give our friend 10 lives since he's always smiling. Just make sure you are still in the console and type:
debug write memory 0xE050 10
The results may not show but after our sprite has committed suicide it will become clear he has 9 lives left.
Just to go into technical details really quick. Most games store their values in a hexadecimal way this means if you get strange results applying a value to an address just try to put a hexadecimal value in that address. For example:
debug write memory 0xE050 64 may not give you 64 lives. Try debug write memory 0xE050 0x64 instead.
Comparison search
If you didn't read part one then please read it now.
Comparison search is mostly used when the value you are looking for is not clear or if there is an offset in the value you are trying to find (e.a a value starting with a base of 40 instead of 0)
Comparison search is looking for an address by means of dropping addresses trough logical operations like looking for:
-equal values
-not equal values
-bigger values
-smaller values
-less or equal values
-more or equal values
I will use the power bar of metal gear as an example.
We start off with findcheat -start ,if you do not do this there will be no results. Next we do a search for an equal value since no changes have occurred to the power bar. We do this with findcheat equal
As you see only a few values have been dropped during this search. So let's make some guards angry so you can take some damage. After they have done some damage pause the game and bring up the console. Now type: findcheat smaller
This should reduce the amounts of addresses greatly.
Run the game for a second and do not take any damage. Now pause the game again and type in findcheat equal
Now we are almost there! The best thing to do it to refill your life and type findcheat bigger
Refilling your life can be done by picking up a ratio and using it or using the DS 4 cheat.
Now we probably have only a few values left. Keep on repeating to be hit followed by a findcheat smaller if you heal yourself of course use a findcheat bigger
In the end we should have found 0xC131 as the value where the bar information is stored.
Type : debug write memory 0xC131 64
You will see that the red bar is longer than the original box. It's good practice to not make the value bigger then the original box. So we type : debug write memory 0xC131 48
We now have found our second cheat address.
Operators that can be used are
- Code: Select all
findcheat equal
findcheat notequal
findcheat smaller
findcheat bigger
findcheat less
findcheat more
findcheat loe
findcheat moe
moe=more or equal
loe=less or equal
For convenience I have added 2 aliases for 2 operators:
- Less and smaller are the same operator.
- More and bigger are the same operator.
Using expressions
Now we have covered the basics of the cheat finder. Most users should be able to find most cheats with the functions described above. But after a while it gets boring looking for cheats or you just can't find that one cheat you are looking for. That's where expressions come into play.
What is an expression? An expression can be best described as a 'formula' that combines logical operators and 2 values. For example:
oldvalue=newvalue*2 this would translate into findcheat new == (2 * old) for the cheat finder. You are basicly putting TCL into the findcheat procedure.
More options are
findcheat new == (old+2) - find the old value +2
findcheat new == (old-2) -find the old value -2
findcheat new == (old/2) -find half of the old value (use only on multiples of 2)
If this sounds to complicated just watch the following example:
Gather experience of 4 then do a findcheat -start continue gathering experience until you have 8. Now do a findcheat new == (old*2) you could also do a findcheat new == (old+2) since that has the same result though.
Anyway here is an example with YS 1:
this example is the same as described above only I added an extra findcheat new == (old+2) I knew which value it was befor the last search but I just wanted to make sure I had the right value.
Little and Big endians.
not Indians!
With games like YS you have to look for values greater then the 8 bit range. So we have to go to the 16 bit range values. The MSX programmers never really had an agreement on how to use 16bit values so basicly some programmers have stores their values like this.
HH LL for example 34567 is stored as a 2 8 bit pair like hexadecimal 87 07
Let me explain this:
87 hexadecimal = 135 and 135*256=34560 We now miss the 7 so this means we have to add those hexadecimal 07 to the value making it 34560
Unfortunately some programmers use LL HH which means the same 34567 is stored as 07 87.
the only way to find out how a programmer did this is to change the address value before or after the initial value you found.
As you can see I first changed 0xCFC9 to 255 (hexadecimal FF) which brought my experience up to 255. I then changes 0xCFC8 which didn't do much to my experience but it just increased my money. Which was a nice surprise of course but not what I wanted. So I changed 0xCFCA to 255 which changed the value of my experience to 65535 (hexadecimal FF FF)
So I figured out by trial that YS (Falcon) stores is values like LL HH.
Most Konami's will store their values like HH LL so use this tip
Going deeper
findcheat -start (addr > 0xE000) && (new == 42)
look for a value for 42 above address 0xE0000
Anyway I leave it all up to you now
That's it.
thanks