How to Make your own Cheat Codes
#1
How to Make your own Cheat Codes

IMPORTANT: This guide shows the steps on re-creating a primitive version of a C2 (Insert ASM) cheat code in MKWii I have personally made during my early days of learning how to create codes. It's not important to worry about having the ability to exactly mimic the creation of this code (considering the fact there may be readers here who don't own MKWii and want to make codes for other Wii games). What's important is to understand how the code was made (methods & tools used) and know how to apply that methodology to other codes that you desire to make in the future.

NOTE: All screenshots were taken from older versions of Dolphin Emulator & Dolphin-Memory-Engine. Therefore, there may be some slight visual discrepancies.



Chapter 1. Requirements

**Certain codes may not work in Dolphin or a code could work on Dolphin but not on the Wii/Wii U Console. Therefore it's recommended to have some sort of Console so you can test your new codes on both the Console and Dolphin.



Chapter 2. Overview of Dolphin

The Dolphin Emulator is software installed on your computer meant to emulate the Wii Console and its games. Dolphin comes with a debugger mode. There are a variety of panels/tabs that come with the debugger mode. However, we will only be focusing on the following three:
  • Breakpoints
  • Code (will be called Code View in this guide)
  • Registers

There is another panel/tab called Memory to view the game's memory, but we will use Aldelaro5's Dolphin-memory-engine instead because Dolphin's default memory view is not live.

How to Enable Dolphin Debug Mode:
Launch Dolphin how you normally would. Once Dolphin has booted. Go to Options, then Configuration. Click on the Interface Tab. You should see a tickable box that says "Enable Debugging UI". Click in the box to checkmark it. Once it has been checkmarked. Close the Tab. You should see a myriad of new menus/items if this was your first time enabling the Debugger Mode.

---

Once Dolphin Debugger Mode has been enabled: At the top, click on View, you will see a list of features including the ones that I have mentioned earlier. Select the following: Breakpoints, Code View, and Registers. The Tabs will now appear on Dolphin. It's recommended that you click on each tab/panel and hold/drag them, so they each become their own movable 'window'. This will allow you to view all 3 of these tabs/panels at the same time.

---

Breakpoints:

[Image: Breakpoint.png]

This is how all codes begin. A user sets a breakpoint predicting that breakpoint will effect a certain instruction of the game. If their prediction is correct, the game will pause and they would work from there.

There are two main breakpoints: Instruction & Memory

Without going into too much detail...

Instruction Breakpoints are used when you are working on an existing code (want to modify it). You use these on static memory.

Memory Breakpoints are used when you are making a new code from scratch. You use these on dynamic memory.

Code View:

[Image: CodeView.png]

Dolphin should already be running, launch your MKWii ISO/WBFS. Once it has launched, pause the Dolphin Emulator. You can now see the Code View.

The Code View lets you view a section of the game's instructions. It takes the assembled hexadecimal byte code of the game's memory and disassembles it all so it can be readable to a Coder/Developer. The code view can only be seen when the emulation is paused.

Registers:

[Image: Registers.png]

Your emulation should still be paused (unless you have un-paused it yourself). This panel will allow you to view the values of all the Registers. The Register tab can be viewed at anytime, BUT it only updates the values when the emulation has been paused.



Chapter 3. Overview of Dolphin-memory-engine

Dolphin should already be opened with the emulation paused. Launch Dolphin-memory-engine. Please note that on newer versions of the Memory-Engine, the "Open memory viewer" big button has been removed. You will need to click on View at the top. Then click on Memory Viewer.

[Image: RAMViewer.png] - 

Here's a pic of Dolphin-memory-engine with the Memory Viewer opened while MKWii is playing

[Image: LiveViewMemory.png]

Overview of Dolphin-memory-engine:
  • First scan = Initiates a search in memory (changes to two options of Next Scan and Reset Scan once a first scan has been issued)
  • Byte w/ drop down arrow = List of options to specify the length of the data that will be searched
  • Exact Value w/ drop down arrow = List of options for conditional searching
  • Empty Field bar immediately underneath = The data/value to search for

The Memory Viewer opens up a new tab that shows a live view of a particular region of the Game's Memory. The large left hand box displays the results (memory addresses) of your scans. The bottom box will contain results that you decide to add into it and can save them for later use. The rest of program is pretty much self-explanatory.

Pic of many panels (emulation paused)~

[Image: AllPanels.png]



Chapter 4. Cheat Code Assembler

[Image: codewrite.png]

An Assembler is a tool that takes written Assembly (ASM) Instructions and changes the Instructions to their corresponding Hexadecimal values. You need an Assembler (one that is designed for Wii Gecko Codes) to make your Codes. Unfortunately, Dolphin doesn't come with an Assembler. We will use the CodeWrite Assembler. It is the easiest to install.

Download CodeWrite - HERE (Linux users will need the Wine emulator to run it)

Move the zip package to a desired folder. Extract/unzip the package. Launch the Codewrite.exe file. This is the Assembler.

The left hand box is where you would write your Aseembly instructions from scratch! The right hand box is the C2 ASM Gecko Code that has been assembled. If you have some ASM instructions in the left hand box and hit the right arrow key, your code will be assembled. If there are any errors on your part, the code will not assemble and the program will give a broad answer on why assembling fail.

Obviously, you can insert an already made C2 ASM Code in the right hand box, and then disassemble it by hitting the left arrow button. Finally, Insertion Address is for your code's address.

Can't get CodeWrite Assembler to launch on your computer?
There is another Assembler called PyiiASMH, it has more features, but requires other files to be installed on your computer beforehand. Guide to install PyiiASMH - https://mkwii.com/showthread.php?tid=1529 When assembling with PyiiASMH, be sure the 'C2/D2' option is checked.



Chapter 5. PowerPC Assembly

Before continuing any further in this guide, you MUST learn PowerPC Assembly language. This is the language of the Wii's CPU. There's no way around it. You have to learn this.

When you read the following thread... you MUST ACTUALLY READ THE THREAD! Don't be inpatient and 'skim' through just looking for things that catch your eye. You have to buckle down and take the time to read everything.

Assembly Tutorial - http://mkwii.com/showthread.php?tid=940

Once you have finished the Assembly Tutorial, come back here and continue onto Chapter 6.



Chapter 6. Making your first code (Pt 1)

Let's get Started!

Alright for this guide, we want to make a code to that forces our CC mode chosen in Grand Prix in MKWii regardless of what we select in the game.

Launch Dolphin debugger mode, bring up the Code View, Breakpoints, and Registers. Boot your game first then launch Dolphin-memory-engine. On the memory-engine, click the Memory Viewer button to launch the live view of the game's memory.

Select any license, choose Single Player, choose Grand Prix. At this point you will see options for 50cc, 100cc, 150cc (and Mirror Mode if it's unlocked). Whenever you make codes, sometimes you will need to do some brainstorming or guess work on what numerical values the game uses for various items. For what we are working on, we will make the assumption that the game uses the value '0' for 50cc, '1' for 100cc, and '2' for 150cc.

Select the 50cc option! You should now be at the character select screen.

On your Dolphin-memory-engine, make sure Byte is selected on the drop down menu. Change 'Base to Use' from Decimal to Hex. Enter 0 for the search field. Even though in this tutorial we will be using basic numerical values in the search field (0, 1, 2), you want to get into the habit of always having the 'Base to Use' option on Hex.

If you have everything setup correctly, Dolphin-memory-engine should look like this...

[Image: 0003.png]

Click First Scan!

The memory-engine will scan for any instance of the hex byte value of '00' in memory. Obviously, we will have millions of results. The objective is to narrow down those results down to a few, and work from there. On this instance I did for this tutorial, I had over 57 million results after the first scan. In fact, it's so many results, the program won't even bother listing all the memory address's. See below.

[Image: 0004.png]

Exit out of the character selection screen back to the Grand Prix CC selection screen. Select 100cc option!

You will notice that the button for First Scan is no longer present on the program. It has now split into two buttons: Next Scan, and Reset Scan. We will now be using the Next Scan button to help shorten down that list of 57 million results.

On Dolphin-memory-engine, change the byte value of 0 to 1.

Click Next Scan!

The Next Scan feature will use the current 57 million results and rerun the search using '01' this time, thus eliminating any of the '00' results. Let's take a look at how many results we have now...

[Image: 0006.png]

Now we are down to 5153 results. Do not be concerned if you are not getting the exact result amounts that I am getting. In fact, if you repeat this tutorial again and again, your result amount will not be the exact same for the initial first few searches.

This list is still too large. Exit out of the character selection screen again. Select the 150cc option! Change the byte value from 1 to 2. Click NEXT scan to further narrow down the list.

[Image: 0008.png]

At this point you see there are only 34 results. For yourself, you should be under 100 at this point. The list is now small enough where the program has listed the results on the left handside. You will notice that some of the results are constantly changing values every split second. It's obviously those specific results are not what we are looking for. We can easily filter these 'flickering' results out. Stay at the character selection, do NOT navigate back to the CC selection. Do NOT change the Byte value, Keep it on 2. 

Now just keep hitting Next Scan repeatedly for about 15-20 straight seconds. You will weed out the 'flickering' results and will be left with 5 or less. If you are down to 3 great. If not, you will need to back out to the CC selection change it, re-enter character selection, update the byte value in the memory-engine accordingly (0 for 50cc, 1 for 100cc, 2 for 150cc), then finally hit Next Scan. That should get your list of results down to just 3.

[Image: 0010.png]

Mem9 addresses are Fynamic memory addresses, meaning if you did this guide again and again those 3 addresses will be slightly different every time. This is normal.

Please remember that your list will be slightly different than what you see in the above picture! Your addresses should still be in mem9 like the list shown. If you had trouble getting down to 3 results (maybe stuck at 4, 5 or 6), or if you have any mem80 addresses, you can get rid of them. I already know which result is the exact one we want, You obviously don't know this if this is your first time doing this tutorial, but for the sake of saving time and getting to other important things, we've covered enough of how to search for addresses. It's time to move onto the more fun stuff. Just be aware that doing searches like this can be a real pain with constantly having to narrow down a list.

Click the 'Add All' button in Dolphin-memory-engine to put all the addresses in the lower box.

Your Dolphin-memory-engine should now look like this...

[Image: 0011.png]

Right click on your first address (which in the picture shown that would be 909A802F), and select 'Browse memory at this address'. Your memory viewer will auto navigate to that address. In your memory viewer, the byte value that you've last searched for will be at that address. It will at the very top left of the memory viewer.

[Image: 0012.png]

Now that we have our list of addresses, it's time to use our Breakpoints! Obviously, we will start with the first address on the list (spoiler alert: this address is the one that will work for making this code). Keep in mind that in many cases, the first address listed will not pan out in making your desired code.

It's Breakpoint time!

Go to your Breakpoints tab. Click the New button. Select Memory Breakpoint. We choose Memory Breakpoint because our Address is in Dynamic Memory.

Set the Address value to what you got for your top result (should be a mem9 address if you have been following along correctly).

Set Condition to Write (I will explain why shortly) and set Action to 'Break'. Your Breakpoint window should look like this...

[Image: 0013.png]

Let's talk about Read Vs Write Breakpoints before continuing any further:

Which one do we set? Read or Write? Well this all depends on the scenario. Let's say you have a value in memory, and you know that the game reads said value later on during a certain event in the game. Well, you would use a Read Breakpoint because we want to know what address/instruction that's read the value before utilizing it.

Let's say we have a value that changes while you are in the race, or changes periodically after certain events in the game, or a value that's constantly changing nonstop. We would use a Write Breakpoint because we need to figure out what address/instruction in memory is writing the value.

Just use some common sense, that's all. We will set a Write Breakpoint to make our code. We want to know what address/instruction is responsible for writing the byte value that we have been searching for.

---

CLICK OK! to set your Breakpoint. Your Breakpoint window will now look like this (but with slightly different address ofc)

[Image: 0014.png]

Your emulation should still be running, we want our Breakpoint to be 'hit' and that will auto-pause your emulation. To do this, simply back out to CC selection again and re-enter back to character selection.

The emulation will instantly pause, and we will be able to see the Code View. If the emulation doesn't pause, your assumptions were incorrect and the Breakpoint failed. Remember, you will fail a lot when making codes! Re-read the earlier steps and try again.

Take a look at your Code View. The address that the game 'broke' on will be highlighted in GREEN.

The address that the game broke on should be one of the following 4 (depending on what region of MKWii you are using)
  • NTSC-U = 8082509C
  • PAL = 8083FAFC
  • NTSC-J = 8083F168
  • NTSC-K = 8082DEBC

The address has this instruction: stw r0, 0x175C (r5)

[Image: 0015.png]

This is called the default instruction. If a coder was to say what's the default instruction of your code? You now know what that coder is referring to. Some coders may also call this the 'original instruction'.



Chapter 7. Making your first code (Pt 2)

Alright at this point, you now have the address you need for making the code, and we have the address's default instruction. We can now move onto to actually making/writing the code via some Assembly!

So we have our code's default instruction: stw r0, 0x175C (r5)

Let's break it down.

stw = Store the Word
The game is deciding to use an entire word value (instead of just storing a byte) to store the CC value to memory. This isn't an issue at all, I will explain more on this shortly.

stw r0 = Store the Word of Register 0
Go to your Registers tab. Take a look at what is in r0. It will be the last value that you had searched for on Dolphin-memory-engine.

stw r0, 0x175C (r5)
Store the Word of r0 (CC value) to the memory address of r5+0x175C. Take the value of r5 and add 0x175C (use a hex calculator). The address in r5 is very close to the address of your Breakpoint. The reason that it is off is because the game is storing the CC value as a word (0000000x), instead of a byte. If you simply add 0x3 to what's in r5 (to mimic a store-byte instruction), and then add the 0x175C, you will see that value would then exactly match your Memory Breakpoint Address.

This stw instruction is telling us that we our storing the CC selection word value to dynamic memory (mem9).

Our goal is to modify this r0 value before the stw instruction writes it to memory.


TIME TO WRITE SOME ASM!

First, we need to manually change the value of r0. We do this with a simple Load Immediate instruction. From reading the ASM tutorial, you should know how to do this.

li r0, X

X being the CC value you want to apply to r0. We can use 0, 1, or 2. Let's use the value of 0 to force 50cc.

li r0, 0

Alright, we have r0 set to the CC value we want, now all we need to do for the next instruction is use the address's original instruction to allow the forced 50cc value to be written to memory.

So we have the following two instructions...

li r0, 0
stw r0, 0x175C (r5)

CAUTION: in MOST codes you will need to have the default instruction, or else you could break some other function of the game or the code might not work at all.

Open up CodeWrite! Time to assemble!

Put the two instructions into the large lefthand box. The green highlighted address from the Code View goes into the Insert Address field (the Mem80 address, NOT the Mem9 address!). You can simply right click on it in Code View, and select Copy Address. Then you can use CTRL+V on your keyboard within CodeWrite's Insertion Address field to paste it in.

Codewrite should now look like this... (your mem80 address must be one of the ones from the list of 4 I've listed from Chapter 7, make sure it matches the region of your MKWii game). For the following picture, I'm using NTSC-U.

[Image: 0017.png]

Click the right arrow button to assemble the Code!

You should now have an assembled C2 Gecko code on the righthand side!

[Image: 0018.png]


Let's break down the assembled Code of the above picture one 'word' at a time.

C282509C = The C2 byte is for the Gecko code handler to designate an Insert ASM Code. The 82509C is for the static memory address 8082509C.
00000002 = The amount of lines (in hex) below.
38000000 = li r0, 0
9005175C = stw r0, 0x175C (r5); default instruction
60000000 = nop; auto added by the Assembler so code can have odd amount of instructions
00000000 = For the code handler to know it's the end of the code, all Insert ASM codes will have a final word of 00000000

You can remove the final '0' digit on '38000000' and plug in an 'X' value to allow you to force a different CC option, since the CC value can only be 0, 1, or 2.

NTSC-U Force CC Selection on Grand Prix
C282509C 00000002
3800000X 9005175C
60000000 00000000

Keep in mind this is a primitive version. A better version (that allows utilizing Mirror Mode in other CC's) is located HERE Feel free to analyze the better version if you want to take a crack to learn how I was able to add more features.



Chapter 8. Testing Your Codes

Read this thread HERE to learn how to apply cheat codes in Dolphin.

Testing codes can be annoying at times, but thorough testing is always recommended.  Some codes won't work on Dolphin or a code could work in Dolphin but not on the Wii/Wii U Console. If possible, test your codes on both Dolphin and Console.
Reply
#2
While USB Geckos are superior, finding one is quite the challenge. Luckily, we have Dolphin and a RAM Viewer made by person named Aldelaro5.

You CANNOT use a public/stable release. Those versions are VERY outdated, making codes with those types of dolphins is simply not possible.

1. Download the latest dev version of Dolphin HERE.

2. Once Downloaded, open the zip folder, there you will find a folder named: "Dolphin-x64" (for 64 bit versions.

3. Open the Folder and Run the application named "Dolphin"

Second, you need the RAM Viewer.

1. Download the latest version of aldelaro5's dolphin memory engine (This will prompt an auto download) HERE


2. open the zip folder, and put the folder entitled "Windows" wherever you want.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Simply:

1. Run Dolphin with your iso

2. Open the memory engine, and click "hook"

Good Job xD
Reply
#3
Windows support added!

Thank you Phyz!
Reply
#4
Great tutorial! Very detailed and helpful to people like me who wanna get better and more experienced in this kind of stuff. Unfortunately when I try to run Dolphin in debugger mode, it loads up, then the application crashes 5 seconds later... Idk why it happens, but I checked to see all my settings were correct and they were. I tried it 2 days ago. I woke up just now from sleeping and I remembered to say this. Gonna sleep again now goodnight.
Reply
#5
Are you on Windows? if so, what processor are you using? You will need a modern i5 or better w/ a decent graphics card.

If you have a good processor plus graphics card, head over to the Dolphin forums for assistance.

On Linux (base debian), I can strip the OS down so much, that I can get Dolphin to run on an old Windows 8 laptop w/ a crapshoot AMD E-300 processor.
Reply
#6
How to run Dolphin debug mode in Windows:

1. Go to the folder where Dolphin is found

2. Right click on the Dolphin application and click "Create Shortcut"

3. Right click on the new shortcut, and click properties

4. the "Target:" will be highlighted blue

5. Un-highlight and move the keyboard to the right of the quotations, which should end with Dolphin.exe"

6. Creat a space after the quote, and type: "-d"

The Targe should now look like: "C:\Users\Santoro\Desktop\Code Dev\Dolphin-x64\Dolphin.exe" -d

7. Click "Apply"

8. Click Ok

9. Run the shortcut, and Dolphin Debugger should come up.

10. Go to "View" (On the drop-down menu)

11. Select "Code", "Registers", and "BreakPoints"

12. Now, Run MKWii, and learn how to make Breakpoints, glance at some registers, and try to read some ASM.

Congrats
Reply
#7
^That's exactly what my steps in the Tut already do but with much much less steps.

Whenever you shift+right click in a directory/folder on windows, the command prompt opens up in that directory. Thus, on my part of the tut, it says just type "Dolphin.exe -d" which would do exactly what you are saying.
Reply
#8
(08-17-2018, 05:58 PM)Vega Wrote: Are you on Windows? if so, what processor are you using? You will need a modern i5 or better w/ a decent graphics card.

If you have a good processor plus graphics card, head over to the Dolphin forums for assistance.

On Linux (base debian), I can strip the OS down so much, that I can get Dolphin to run on an old Windows 8 laptop w/ a crapshoot AMD E-300 processor.

Yes. Windows 10 Pro. I have a gaming PC HP Omen i7 Octa Core, 8 GB RAM 1TB HDD, Nividia GeForce GTX I forgot the number, but you get the point. I don't have the vcredist x64 installed tho. Could that be the reason why it is crashing?
Reply
#9
(08-19-2018, 01:07 AM)420 Matt Wrote:
(08-17-2018, 05:58 PM)Vega Wrote: Are you on Windows? if so, what processor are you using? You will need a modern i5 or better w/ a decent graphics card.

If you have a good processor plus graphics card, head over to the Dolphin forums for assistance.

On Linux (base debian), I can strip the OS down so much, that I can get Dolphin to run on an old Windows 8 laptop w/ a crapshoot AMD E-300 processor.

Yes. Windows 10 Pro. I have a gaming PC HP Omen i7 Octa Core, 8 GB RAM 1TB HDD, Nividia GeForce GTX I forgot the number, but you get the point. I don't have the vcredist x64 installed tho. Could that be the reason why it is crashing?

Could be. It's what the Dolphin Devs recommend to install if your Dolphin cannot boot, or is crashing constantly. The link is posted directly on their downloads page - https://dolphin-emu.org/download/
Reply
#10
(08-19-2018, 02:28 PM)Vega Wrote:
(08-19-2018, 01:07 AM)420 Matt Wrote:
(08-17-2018, 05:58 PM)Vega Wrote: Are you on Windows? if so, what processor are you using? You will need a modern i5 or better w/ a decent graphics card.

If you have a good processor plus graphics card, head over to the Dolphin forums for assistance.

On Linux (base debian), I can strip the OS down so much, that I can get Dolphin to run on an old Windows 8 laptop w/ a crapshoot AMD E-300 processor.

Yes. Windows 10 Pro. I have a gaming PC HP Omen i7 Octa Core, 8 GB RAM 1TB HDD, Nividia GeForce GTX I forgot the number, but you get the point. I don't have the vcredist x64 installed tho. Could that be the reason why it is crashing?

Could be. It's what the Dolphin Devs recommend to install if your Dolphin cannot boot, or is crashing constantly. The link is posted directly on their downloads page - https://dolphin-emu.org/download/
Oh okay. Thanks. Smile
Reply


Forum Jump:


Users browsing this thread: 6 Guest(s)