The Secrets Of GameShark Assembly Programming

____ ______ ______ THE ______ ______ ____
/ \ | ___| | | _____ | ___| |_ _| / \
| |__| | |__ | |__| | \ | |__ | | | |__|
\ \ | __| | | | | | | __| | | \ \
_\ \ | | | |__ | / | | | | _\ \
| | | | |___ | | | | | \ | |___ | | | | |
\____/ |______| |______| |___|__\ |______| |__| \____/
Of GameShark Assembly Programming

[By: Parasyte and slab]

--------------------------------
Table of Contents
--------------------------------

Introduction
ch. 1 .................. Why it Works
ch. 2 .................. Where To Begin

--------------------------------
Introduction
--------------------------------

The Assembly language(ASM) is a form of 'human readable machine code'(binary). ASM is
not easy for most people to learn. But I bet you're not most people, right?
A game, a program, even the GameShark are written in ASM. Different game platforms use
different processors. And different processors use a different form of ASM. Through out this
document, we will be using the ASM language known as 'MIPS Rxxxx'. Where the 'xxxx' is the
processor number. MIPS is the company that designed these chips, they call them the
'R series chips' We won't get into detail of the processors, we only want to know the
language they use.

All R series chips from MIPS use a very similar ASM standard. It is possible to write a
program for the R3000A(PSX) and get it working on the R4300i(N64) with little to no changes.
This document will focus mainly on R3000A, so if you're interested in N64 programming, this
may or may not help. The big difference is that PSX has a built-in debugger. N64 does not.
Using the debugger, anyone with the knowledge can hack the ASM programming. Without it,
there is very little you can do to the programming. It is not impossible to hack N64's
programs, it's just a very long and frustrating process. The best way to hack N64's
programming is to use an emulator that has a built-in debugger. Currently, only a few
emulators have a debugger, and they don't play commercial games. So either write your own,
hack an exsiting emulator, or get someone to write one for you... Good luck.

If you absolutely MUST hack N64 ASM, I have included a few brief tutorials in this
document. I would not suggest you use these methods on PSX, as there are much easier ways to
hack PSX games. Though you could try if you're up for a challenge.
As for PSX hacking and programming, this should be a great source for information. So
sit back, grab a 2 liter of soda, and continue reading.

--------------------------------
Chapter 1 - Why it Works
--------------------------------

Why am I able to reprogram my PSX games using a cheat device that edits RAM?!

The answer is actually very simple. The Rxxxx chips will load instructions from ROM into
RAM, then execute the instructions that are placed in RAM. So if you edit the instuctions
that are already in RAM, the processor executes your instructions as it would normally
execute the unchanged instructions.
Sorry, that may be a bit confusing. But basically, if the program runs from RAM, and you
can edit RAM... Then you can obviously edit the program.

Not all RAM locations are programming instructions. After the processor loads the RAM,
it will start execution instructions from the 'entry point' in RAM. The entry point is the
location where the program will start execution. After it starts running, those instructions
will edit other parts of RAM. They will change your health and whatever while the game is
running. These instrctions create what we call a 'game loop'. The game loop will do one full
loop about 6 times a second(on average). That's usually over 500,000 instructions per
second.

--------------------------------
Chapter 2 - Where To Begin
--------------------------------

The very first, and most important thing you need is the knowledge. You will NEED to
know, at the bare minimum, how a few of the basic instructions work. Please note that the
terms 'instruction', and 'opcode' are one in the same, and 'opcode' is short for
'Operation Code'.

First I'd like to explain the use of certain opcodes, and we can learn others from
there. The 'nop' opcode, which is short for 'no operation' is very easy to use. The 'nop'
opcode in an assembler is just written as nop. This opcode is versatile. Using it you can
'kill' other opcodes that do something you don't like. A particularly good example is an
opcode that changes your characters health. If you nop that opcode, the game will not be
able to change your health at all.

The Jump opcode is also easy to use. In an assembler, you would write a jump opcode
like this -

j (address to jump to)
Example: j 80000400

This will unconditionally force the processor to jump to address 80000400 and continue
execution from there. An opcode similar to Jump is 'Branch'. Branch will check a condition
before jumping to the specified address. This is used to create a sort of if statement in
ASM. Branch will compare two registers, and if the condition is true, the processor jumps.
Before continuing with the Branch explanation, I'd like to point out what registers are.

All MIPS R series chips have 32 CPU registers, which are basically temporary holding
places where you can hold values to use later. Sort of like a really small ammount of RAM.
The first register is called $zero. $zero is very important, because it's value will always
remain as '00000000'. Hence the name. $zero can never be changed. The last register is
called $ra, which is short for 'return address'. $ra is mostly used to return from a
function. Other registers and their uses can be found here