A Cheat Finder for AppleWin

[Steve Nickolas]

This is a bit weird and specialized, and was inspired by the cheat finder
in ZSNES.

http://3.buric.co/aiicheat.zip

Source included. Periodically, you need to go into the debugger, save all
of main memory (bsave "filename.dmp",0,c000). First, you type
"ofilename.dmp" to tell it where to look for data. Then:

* r - reset; mark all bytes as matching.
* c - close; stop looking at the current filename.
* d - display all matching bytes.
* < - match only marked bytes which are LESS than they were before.
* > - match only marked bytes which are GREATER than they were before.
* = - match only marked bytes which HAVE NOT changed.
* # - match only marked bytes which HAVE changed.
* : - followed by a number (it should support 0x for hex, but not
tested) matches only marked bytes which equal this exact value.
* q - quit.

As an example, I created this infinite lives code for Mr. Cool:
4C47: EA EA EA

-uso.

[Michael AppleWin Debugger Dev]

This is pretty cool !

I've been wanting a proper cheat front end in AppleWin for years but always seem to get "distracted" fixing the debugger and/or video or architecture. :-)

I used to have a list of many self created cheats for noclip,infinite lives, infinite ammo, player location, etc. for many games but I've misplaced my notes years ago :-/ This is one of the reasons I've started the Apple Games Disassembly Project. To year games apart documenting their architecture - specifically the map format. :-)

One of the things MAME does is provide a sweet simple UI to turn specific cheats on / off. CheatEngine also has an awesome real-time memory diff. Ideally there should be some sort of plugin architecture so that after every executed instruction the plugin would get called.

The problem with real time memory analysis is that you take a huge performance hit. I've started work on a new CPU type, 65d02, for debug, that (eventually) after every load and store will have a visual way to see the memory "heat map".

Read = Green
Write = Red
Exec = Blue

This way a simple 256x256 "waterfall memory" bitmap could help in seeing the patterns of what is changing.

What I like about your solution is that it helps inspire other tools! Ideally there are 2 ways we could track memory.

- Take a memory snapshot every X cycles

- Evey store/load we keep a log of memory transactions. We found need a time stamp and a delta value, along with a way to "replay" the log but it would greatly simplify memory probing without the speed hit.

I've used CheatEngine to successfully create 2 trainers for PC games -- some day I would love to have its "Pointer Scan" functionality built into AppleWin's Memory Analysis. :-)

Please keep us posted of your follow up work !

[Steve Nickolas]

On Sat, 29 Nov 2014, Michael AppleWin Debugger Dev wrote:

> This is pretty cool !

*^^*

Thanks

> What I like about your solution is that it helps inspire other tools!

That was my idea.

As I think I mentioned, I got the idea from ZSNES, and just decided to
make the simplest possible tool that would implement a ZSNES-style
cheatfinder.

When I found the address I wanted, I went into the debugger, used BPM to
trap changes, and found the instruction I needed to edit.

-uso.

[Michael AppleWin Debugger Dev]

On Saturday, November 29, 2014 10:29:26 AM UTC-8, Steve Nickolas wrote:
> As I think I mentioned, I got the idea from ZSNES, and just decided to
> make the simplest possible tool that would implement a ZSNES-style
> cheatfinder.

I'll have to check out ZSNES !

> When I found the address I wanted, I went into the debugger, used BPM to
> trap changes, and found the instruction I needed to edit.

Yup, that's the easiest way to find the code that is updating it.

You can use the S search memory tool, and use the @ operator to target the address:

i.e.
S 0:C000 63 // search for 99 lives
MEB @1 FF // change the value of result 1 to 255