🎃 Happy Halloween, TCRF! 🎃
User:Andlabs/MAME Cheats
The MAME cheat engine is analogous to in-emulator Game Genie/Pro Action Replay/GameShark/etc. plugins. Though mainly intended for actual heat codes, the engine is useful for changing code or memory on the fly, making it easier to find unused content if you are doing a code analysis.
Somewhere around version 0.130, Aaron Giles rewrote the cheat engine to tie it with the debugger, allowing more intelligent cheats at the cost of introducing a third cheat format (this time based on XML) and getting rid of the ability to make cheats from within MAME. As no updated tutorial exists (outside the source comment for the cheat engine itself), this page serves as an introduction to making cheats.
Two resources to have in hand (and the way I (andlabs) started) is to take the cheat files provided by Pugsy and the documentation at the top of the MAME cheat engine source code and then just modify the example cheats. The README in the cheat pack download will tell you not to extract the cheat pack, but of course in this case you will need to. (The cheat pack can also help with reverse-engineering as the cheats will tell you what important memory and ROM locations are!)
Galaxy Force II (gforce2) will be used as an example.
Cheat files are text files with the filename form gamename.xml. For instance, the cheat file for the gforce2 set would be called gforce2.xml.
When running MAME directly, use the -cheat option to enable cheats and the -cheatpath option to tell MAME where you put these cheat files. For instance,
$ ls cheats gforce2.xml $ mame64d -cheat -cheatpath cheats -window gforce2
(TODO default directory?)
The file format is mostly standard XML. There is no <?xml?> directive; the files merely start with the opening tag:
<mamecheat version="1"> <cheat desc="Description for Cheat 1"> ... </cheat> <cheat desc="Description for Cheat 2"> ... </cheat> </mamecheat>
Leave the version attribute at 1 for now.
When running MAME with cheats, press Tab to open the MAME menu. You will now see a Cheat option; enter that to see your list of cheats.
Cheats consist of a series of actions that occur on a given state. There are four states:
- on - when the cheat is turned on
- run - while the cheat is on
- off - when the cheat is turned off
- change - ??????? TODO
Actions are debugger statements with optional conditions.
All numbers are hexadecimal; no prefix is needed.
The format of an address is
chip.ms@address
where chip is the chip name (maincpu, soundcpu, etc.), m is a memory mode, s is a size, and address is the actual address. I am not entirely sure what the memory modes are (TODO) but for gforce2 m is used for ROM and p is used for everything else. Size is b for byte, w for word (2 bytes), d for doubleword (4 bytes), and q for quadword (8 bytes). (TODO example)
notes
- cheats are irreversible by themselves