The Basics of Wii Cheat Codes & the Gecko Code Handler
#1
The Basics of Wii Cheat Codes & the Gecko Code Handler

This thread will teach the beginner about the basics of Wii Cheat Codes that are used via the Gecko Code Handler. If you are a complete beginner to code usage on the Wii, or if you are at the very start of your journey of wanting to become a Code Creator, it's recommended that you read this thread.



Chapter 1: Intro

Cheat codes are applied in your Wii game by what is called a code handler. The code handler that is universally used for Wii gaming is called Gecko. The Gecko code handler will make modifications to the game's Random Access Memory (RAM or just called Memory) depending on what cheat codes are being implemented. Your Homebrew Disc/ISO application comes with the Gecko Code Handler. The Handler itself (along with your codes) are injected into memory. Once the game is running, the Code Handler will get executed thus executing your codes.

Cheat Codes reside in a Gecko Code Type file (called GCT). This GCT file resides on the SD/USB device (usually within a folder called 'codes'). A tutorial teaching the user how to create and use GCT files can be found HERE

Regarding Dolphin Emulator, cheat codes are applied via a Cheat Manager (a simple box where you just paste in the cheat codes). The code handler used is still the Gecko code handler but with slight modifications. A tutorial teaching how to apply cheats in the Dolphin Emulator can be found HERE.



Chapter 2: Regions

Many Wii games, but not all, come in different regions so they can run on their corresponding region of Wii Console. MKWii is available in 4 different regions, so this is why you see 4 regions (or versions) of every cheat code for MKWii (excluding the incomplete/outdated sub-forum). This must be done because the contents of memory will slightly differ per region. You cannot take something such as a PAL code and run it on a NTSC-U game.

Overview of the 4 regions of MKWii~

NTSC-U = American MKW (RMCE01)
PAL = European/Australian MKW (RMCP01)
NTSC-J = Japanese MKW (RMCJ01)
NTSC-K = Korean MKW (RMCK01)

RMCE01, RMCP01, RMCJ01, & RMCK01 are all of MKWii's Game ID's.




Chapter 3: Basic Vocabulary, Data/Number Types

Before we can continue further, you will need to know the Basics. You will need to know what Hexadecimal is. What is Hexadecimal? First off, regular Decimal is something you already know. It's the commonly known numbers that everyone uses on a regular basis. Such as 3, 16, 2057, 5168430, etc. The regular Decimal number system uses what is called Base 10. You start at 0 and go to 9. After 9, you must start a new "base of 10". This new base starts at 10 and goes thru 19. After 19, you have to start another new base of 10 at the number 20.

Hexadecimal uses a Base 16 system. Similar to decimal, you start with 0. However, once you get to 9, you proceed to A, the first letter of the English Alphabet. You keep proceeding through the Alphabet til you hit F. 0 thru F are 16 total numbers/values. This is the first "base of 16" After F, you can then go to 10. 10 thru 1F is the next "Base of 16". After that would be 20 thru 2F, etc etc.

Here's a basic decimal to hex conversion chart~

[Image: dechex.png]

Once numbers become pretty large, trying to manually convert Decimal to Hex is silly. Instead, here's a Decimal-to-Hex converter - > HERE

Okay now we need to cover Binary. Binary values are the lowest and most simplest number form. A Binary value is also known as a Bit. Bits can only be 0 or 1, nothing else. Every Hexadecimal digit can be represented by 4 consecutive binary values (bits). Like this...

[Image: hexbinary.png]

As you can see, the chart is pretty easy to remember. Trying to convert regular Decimal to Binary is more difficult. This is why you should try to stick with defaulting to Hex over standard Decimal. Now what about going beyond the binary value 1111? Simple, like this..

Hex = Binary
10 = 0001 0000
11 = 0001 0001
12 = 0001 0010
.. ..
19 = 0001 1001
1A = 0001 1010
.. ..
1F = 0001 1111
20 = 0010 0000

I've separated the binary values via pairs of four bits, since every hex digit can be converted to its 4-digit Binary value. The first 4-bit pair is blue in color. The second pair is violet in color. 

You will notice that some Code Creators will write out Hex numbers that are pre-pended with "0x". For example, the Hex Value BC is written as 0xBC. This is usually due to habit because Code Creators must pre-pend Hex numbers in such a fashion when using Cheat Code Creation programs.

Now let's move on into some key essential Vocabulary. For starters, the term "null" simply means zero. You will come across that term quite a bit on this site. There are also certain terms for Hex Values when they are of a certain length/width.
  • 8 Bits = Byte (2 Hex digits) Example: 4A
  • 16 Bits = Halfword (4 Hex digits) Example: F0C8
  • 32 Bits = Word (8 Hex digits) Example: DEDD0020

The terms Byte, Halfword, and Word are used very frequently. You need to remember these terms! We need to discuss some common terminology regarding portions of values within values. For example, lets say we have the following value...

8045CD0A

The "8045" portion (lefthand 16-bits) of the word value is known as the upper 16-bits. The "CD0A" portion (righthand 16-bits) is known as the lower 16-bits.



Chapter 4: Memory

All Wii games operate in the following memory ranges...
80000000 thru 817FFFFF
90000000 thru 93FFFFFF

Memory can be broken up into 3 categories~
  • Mem 80 (Any memory address starting with '80')
  • Mem 81 (Any memory address starting with '81')
  • Mem 90 (Any memory address starting with '9')

For most Wii games, Mem80 is the region of memory where most of the game's instructions reside at that will be executed by the Wii's CPU. Mem80 is called Static Memory, meaning that the contents (mostly the game's instructions) will be placed in the same spot (address/location) of Mem80 every time a specific game is booted/played.

Mem81 and Mem90 are called Dynamic Memory, and these regions of memory are mainly used as space to hold data at that the Wii's CPU instructions will read/write to/from. The memory addresses/locations where this data resides at can differ every time the game is booted/played, hence the name Dynamic. There are many exceptions to everything just mentioned, but this is the basic concept of how Wii games use Memory.

An alternate name used for Mem80 & Mem81 is Mem1
An alternate name used for Mem9 is Mem2

View of Memory:
Here is a screenshot of a random place in static memory (NTSC-U Mario Kart Wii) ~

[Image: staticmem.png]

The Hex values you see are assembled byte code of various instructions to be executed by the Wii's CPU.



Chapter 5: Navigating Thru Memory

Every instruction is a Word (32 bits) in length and must be "32-bit aligned". This means every Instruction resides at a Memory Address that is divisible by 4. For example, take a look at the below pic and view Memory Address 80516074. To navigate to the Address correctly, first, go to the row 80516070. Once at that row, go to column '4'. 

80516070 + 4 in Hex Math is 80516074. Thus, you are at Memory Address 80516074.

The 4 bytes starting at that address is 38A00000. This is a Wii CPU instruction.

[Image: memnav.png]


Let's go over how to use the terms byte, halfword, and word correctly when navigating thru memory. Look at the next below pic. Go to Address 805160BC. 

The word at this memory address is 4BAF3AC5. The picture shown below has the word circled in red.

[Image: memnavword.png]

The halfword at the same memory address is 4BAF. The picture below has the halfword circled in blue.

[Image: memnavhalfword.png]

The byte at that same address is 4B. The picture below has the byte circled in green.

[Image: memnavbyte.png]

So, if I was to say.. what is the halfword at 80516086? The correct answer is 1B78.
If I was to say.. what is the byte at 8051600E? The correct answer is FF.



Chapter 6: Basic Codetypes

The Gecko Code Handler has various codetypes (formats) that the Code Creator can use to create various codes. Let's cover some of the most common types.

~~~

32 Bit RAM (Word) Write

04XXXXXX YYYYYYYY: The Y Values overwrite the default word value at memory address 80XXXXXX. The 32 Bit RAM Write is by far the most common type of Gecko code that is used. They are mainly used to edit in a new instruction in Static Memory.

Example:
0456A308 38A00001

This code will replace the default word value at address 8056A308 with new value 38A00001.

~~~

Nop

04XXXXXX 60000000: Any 32 bit RAM Write that writes the value 60000000 is called a nop. A nop basically cancels out an instruction. Many 'noobies' will abuse this codetype, as in randomly placing nops in Memory hoping to 'create' a code by sheer chance.

Example:
0485E300 60000000

This code will replace the default 32 word value of address 8085E300 with the value 60000000.

~~~

16 Bit RAM (Halfword) Write

02XXXXXX 0000YYYY: The Y values overwrite the default halfword value at memory address 80XXXXXX.

Example:
0211D2C2 0000FFFF

This code will replace the default halfword value at address 8011D2C2 with the value FFFF.

~~~

8 Bit RAM (Byte) Write

00XXXXXX 000000YY: The Y values overwrite the default byte value at memory address 80XXXXXX.

Example:
0077AB0F 00000003

This code will replace the default byte value at address 8077AB0F with the value 03.

~~~

16-bit If Equal Statements (Controller Lines)

Format of a 16-bit If Equal Statement
28XXXXXX YYYYZZZZ

The halfword value at memory address 80XXXXXX is compared to the halfword value used for ZZZZ. If it is a match, the contents below this gecko codetype line are executed.

Most Wii cheat codes use the 16-bit If Equal Statement to make cheat codes that can be activated/deactivated depending on what button values of a certain controller are being pressed/held-down. When a 16-bit If Equal Statement is used for this purpose, it is called a 'controller line'.

These button values are always displayed as a halfword (16-bits) in memory (hence the usage of ZZZZ). They are usually located somewhere (maybe multiple times) in Static Memory. Since they are in Static Memory, their location will always be the same every time said Wii game is booted/played.

Each button of each controller has it's own value and if multiple buttons are pressed at once, those values are essentially combined. The ZZZZ button values of a specific controller is the same regardless of what game is being played (i.e. ZZZZ values of Classic Controller is the same in both Mario Kart Wii and Super Smash Bros Brawl).

The location of the ZZZZ values will differ all depending on what Wii game you are on, what region of the game you are using, and what controller you are using. (i.e. ZZZZ value location for Classic Controller on MKWii is NOT the same location for GCN)

YYYY is a mask. Without getting into complicated technical details, you would set this value to 0000 if you are checking if a button value is pressed and NOTHING else is being pressed.

If you are checking if a button value is AT LEAST being pressed, you will need to do the following hex equation for YYYY--

YYYY = FFFF - ZZZZ

Use any online generic hex calculator to produce the YYYY result.

You can find almost every controller line combination for many Wii games, since most past Coders/Devs have already found them in memory and have posted the controller lines on multiple other Wii coding sites/archives.

Regarding Mario Kart Wii...
An entire thread listing all X and Z values can be found HERE. Remember that ZZZZ values are game-universal, they only differ depending on what controller is used.

A more in-depth tutorial on how to fill out the X, Y, and Z values can be found HERE.

Example (NTSC-U Mario Kart Wii, Classic Controller, L button, no Mask):
283414C2 00002000

~~~

Halfway & Final Terminators

When 16-bit If Equal Statements (controller lines) are used, the code needs to end in some sort of 'end-if'. End-if's are also called terminators. There are two types of terminators.

E0000000 00000000: The Halfway Terminator. It is placed after a code to allow a secondary controller line to be added afterwards for deactivation purposes.

E0000000 80008000: The Final Terminator: This is needed at the very end for most codes so multiple codes in a GCT file don't conflict.

Example:
28343E80 F77F0880 <-- Controller Line
040F4B4C 60000000 <-- Word RAM Write (nop)
E0000000 00000000 <-- Halfway Terminator
28343E80 EF7F1080 <-- 2nd Controller Line
040F4B4C 922F0000 <-- Word RAM Write
E0000000 80008000 <-- Final Terminator

A tutorial explaining how to add these terminators (plus controller lines) to make codes activate/deactivate at will can be found HERE.

~~~

Off/On Switch

CC000000 00000000: Off/On switch. It replaces the use of a Halfway Terminator + Second Controller Line to allow the same button to be used to both activate and deactivate a code.

Example:
28341462 FFEF0010
040F4B4C 60000000
CC000000 00000000 <-- Off/On Switch; Halfway Terminator and 2nd Controller line are removed
040F4B4C 922F0000
E0000000 80008000 <-- Final Terminator still needed

~~~

String Write

06XXXXXX 000000YY
ZZZZZZZZ ZZZZZZZZ
...

The XXXXXX is for memory address 80XXXXXX where the string write begins. YY designates how many bytes the string is in length. If the string length is not divisible by 8, then extra 0's are needed to be added at the end of the string so the last row of the code is completed. However these extra 0's are NOT written to memory. Z values is the string's contents.

Example
0600151C 00000018
60000000 380000FF
3B800000 3F808042
639C5BEC 7C630A14

60000000 is written at memory address 8000151C
380000FF is written at memory address 80001520
3B800000 is written at memory address 80001524
3F808042 is written at memory address 80001528
639C5BEC is written at memory address 8000152C
7C630A14 is written at memory address 80001530

~~~

Set Base Address

42000000 XXXXXXXX
...
E0000000 80008000

RAM & String Writes by default have a starting memory address of 80000000. You may run into a situation where you have a value in dynamic memory but it remains in the same spot every time the game is booted/played. Thus, you will need to adjust this starting memory adddress (know as the base address) to something else to be able to write to Dynamic Memory via a RAM or String Write.

The XXXXXXXX is to change the base address to something other than 80000000. At the end of any code using 'Set Base Address', you must end it with a Final Terminator.

Example:
42000000 90000000 <-- Change base address to 90000000
04230C00 60000000 <-- Word Write nop at address 90230C00
E0000000 80008000 <-- Clear/erase the changes to base address (final terminator) fyi: a halfway terminator applies an 'end-if' but doesn't clear/erase the base address.

~~~

Insert ASM

C2XXXXXX 000000YY: 'Insert ASM (Assembly)' code. At memory address 80XXXXXX a certain amount of code (placed underneath the first line) written in Assembly Language will be executed. The amount of lines underneath the 'C2' line designates the YY value (in hex). C2 Codes that have an even number for the YY value will always end with "60000000 00000000"

Example:
C2565088 00000002
38A00010 90BE0020
60000000 00000000

Insert ASM gecko codetype (C2) is by far the most useful codetype to make complex cheat codes, but you will need to learn Assembly to make these. Most Wii code users who want to learn how to become a Code Creator will simply stick to something such as RAM Writes and use the RAM Writes to abuse the application of nops and/or use random (literally random) compiled instructions not knowing at all what these compiled instructions actually do. This results in primitive/hacky codes and you will find many of these codes all over the internet.

If you want to learn how to become an actual Code Creator, read the following tutorials--

How to Make your own Cheat Codes -> https://mkwii.com/showthread.php?tid=830
Assembly Tutorial -> https://mkwii.com/showthread.php?tid=940

It's honestly not much work, just a small amount of time that will reward you will being able to make a much wider range of cheat codes. Good luck!



More examples (Using MKWii specific controller lines)

28348200 00001080 <-- PAL GCN Start button for Activation (if other buttons are not being pressed)
0074CBBF 00000000 <-- Byte RAM Write
E0000000 00000000 <-- Halfway Terminator to allow the use of a second controller line to deactivate
28348200 00000880 <-- PAL GCN Y button for De-Activation (if other buttons are not being pressed)
0074CBBF 00000001 <-- Byte RAM Write
E0000000 80008000 <-- Final Terminator

~~~

28341462 DFFF2000 <-- NTSC-U Minus Button for Activation (other buttons are allowed to also be pressed)
02383AF2 0000270F <-- Halfword RAM Write
CC000000 00000000 <-- Off/On Switch placed here to allow the user to also use the Minus Button for De-Activation
02383AF2 000038A0 <-- Halfword RAM Write
E0000000 80008000 <-- Final Terminator

~~~

28336200 FB7F0480 <-- NTSC-K GCN X button for Activation
C2009604 00000002 <-- Insert ASM code at Address 80009604
3BE01000 B3E00000 <-- Some ASM Contents
60000000 00000000 <-- YY value for ASM code is 02, therefore this line is here
E0000000 00000000 <-- Halfway Terminator
28336200 FF3F00C0 <-- NTSC-K L Button for De-Activation
04009604 B3E00000 <-- Word RAM Write
E0000000 80008000 <-- Final Terminator
Reply


Messages In This Thread
The Basics of Wii Cheat Codes & the Gecko Code Handler - by Vega - 03-30-2018, 08:49 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)