EnHacklopedia EnHacklopedia » Individual Systems - In Depth » Hacking Gameboy

Hacking Gameboy

Creative Commons License

All files (HTML, CSS, images) included in EnHacklopedia are licensed under the Creative Commons Attribution-ShareAlike 3.0 License. All authors contributing to EnHacklopedia should be made aware of the license before contributing. If the author does not agree to the licensing, his or her contributions will not be accepted into the project.

History

  • 04-21-2007
    • Added images. (dlong)
  • 04-19-2007
    • Initial release. (dlong)

Game Genie

Game Genie Intro ScreenGame Boy Game Genie Splash Screen
Game Genie Code Entry Screen
Game Boy Game Genie

Description

Galoob's Game Genie for the Game Boy is a ROM patching device, just like all other Game Genie devices. The Game Genie scans a given address to see if it is being executed. If this is the case and the value at the given address is equal to the "compare value" provided, then the Game Genie intercepts the read and sends the specified replacement value. Otherwise, execution continues normally. The Game Genie can only execute three codes at a time.

Encoding/Decoding

Encoding and decoding Game Genie codes is done with Game Genie Encoder. Simply select the "Game Boy / Game Gear" radio button, and put the appropriat values in whatever box is needed.

GameShark

Description

The GameShark, made by Datel and distributed by Interact, was the main cheat device for the Game Boy and Game Boy Color. A Pro version was released that added code hacking functionality.

Code Types

Type Description
01xxyyzz 8-bit RAM write
Writes the byte xx to the address zzyy.
8bxxyyzz 8-bit RAM write (with bank change)
Changes the RAM bank to b, then writes the byte xx to the address zzyy.
9bxxyyzz 8-bit RAM write (with WRAM bank change)
Changes the WRAM bank to b and then writes the byte xx to the address zzyy. GBC only.

Hacking

To do.

Codebreaker

Game Boy Codebreaker

Description

Pelican's CodeBreaker came out after the GameShark Pro was released and provided similar functionality, including the trainer. However, the Codebreaker also provided extra features, including a memory editor.

Code Types

Type Description
01xxyyzz 8-bit RAM write
Writes the byte xx to the address yyzz.

Hacking

To do.

Converting

Converting 8-bit RAM writes between GameShark and Codebreaker formats is simple - byteswap the lower halfword. Converting between these devices and Game Genie is more difficult. No direct conversion is possible. Instead, a code must be found that causes the same or a similar effect. This is often difficult and sometimes impossible.

Z80 Assembly

The Gameboy uses a modified version of the Z80 processor. The Z80 provides between 4 and 7 general purpose registers. AF is an 8-bit accumulator with 8 flag bits provided. BC, DE, and HL can each be treated as one 16-bit register or two 8-bit registers. Specialized registers include a 16-bit program counter, 16-bit stack pointer, and two index registers to be used for offsets. More information can be found in the z80 Reference Manual.

Hacking using BGB

BGB's Cheat Searcher

BGB is a Game Boy and Game Boy Color emulator with Game Genie and GameShark code support as well as code searching and debugger functionability. To use the cheat search, first open up the emulator and load a game. Once loaded, right click and go to "cheat search" inside the "other" option. The cheat search provides 8 and 16-bit searches, both known and unknown. Search values need to be entered in hexadecimal.

Using BGB's Debugger

BGB's Disassembler

BGB's debugger is accessed by choosing "debugger" under the "other" menu. The main part of the window shows the assembly, with the instruction PC points to on top. 24 instructions are shown at a time. However, scrolling up and down to see others is possible. On the bottom, a memory viewer is shown. The top right area shows the values of all the registers and status flags, and on the right a scrollable memory viewer is available, showing 16-bits per line. On the memory viewer in the bottom middle of the screen, memory can be copied, editted, and inserted depending on the option chosen after right clicking on that area. The "modify code" instruction allows the memory address specified to be overwritten with assembly code entered into the message box. These same options are provided when right clicking on the disassembly section. Under the "File" menu, there are the normal "Load Rom", "Save State" and "Load State" options. Additionally, there is a "Save ROM" option, which will save the ROM with any changes that have been made to the assembly code. A "fix checksum" option is also provided, which recalculates the checksum byte for the ROM header. Memory and ASM dump options are provided as well. Under "Options", a "Search String" option is given. This searches the assembly code for an instruction that matches the search string provided. For instance, searching for "ld a," will find any instructions that load any value in a, such as "ld a, (ff00+91)" and "ld a, (bc)". Under the "Run" menu, the normal "Run" and "Reset" options are provided. The "trace" option is effectively a "step" instruction - it executes the next instruction. The "Run to next line" option is similar. The instruction that succeeds the current instruction in memory is executed. This means that all jumps are skipped. The "Animate" options runs the game with the disassembler highlighting the instruction being executed. The "run to cursor" option runs the game until the highlighted instruction is executed. The "step out" instruction executed assembly code until the code returns from a subroutine. Finally, the last option jumps to the instruction SP points to and then increments the stack pointer.

The "Debug" menu controls breakpoints and similar options. F2 ("Toggle Breakpoint") toggles a BPX on the highlighted instruction. An "evaluate expression" options attempts to evaluate an inputted instruction. The "breakpoint" option allows a BPX to be added or removed. To add a BPX, input the address of the instruction that should be broken upon into the "PC =" box, and add any necessary condition in the other box. If no condition is needed, leave it empty. The "Access Breakpoints" allows the addition and removal of BPR's and BPW's. Choose "read" and/or "write" to choose the break option, and put the address or address range into the "addr range" box.

The final menu, "window" controls several miscellaneous options. The VRAM view displays the VRAM - BG map, Tiles, OAM, and Palettes, as well as various VRAM values. The "options" item controls various emulation options. The "cheats" and "cheat searcher" options allow another way to add/remove cheats and search for cheats. The "IO Map" options shows a map of the I/O values. Finally, the "screen" options brings the game screen to the front.