The Ultimate Article on Cheating!¢---------------------------------¢¢OK. There have been rather a lot of articles on the matter of cheating commercially released programs for your own twisted gain, but all of the ones I have seen have only concentrated on pumping up your number of lives to the maximum available. Unfortunately giving yourself 255 lives for a game like 'Diamonds' would make the screen look rather silly. Thus, I decided that if I were ever to write an article on cheating is should aim at the reader being able to learn about modifying a program to give INFINITE lives.¢¢PLEASE NOTE: This article is written under the assurance that you have access too and are familiar using a disk sector editor. The disk sector editor you use MUST have a HEX SEARCH facility. Use 'Bob's Disk Editor' on TGR 10 and you'll be fine.¢ Got that? Let's go...¢*¢The first thing we need to settle on is which game you with to modify. Start wish something simple, like a short menu program or something. It can be quite testing to try and find the right location on a boot disk of 720 sectors!¢ Right? Got the title you want to modify? Load it and take note of the number of lives you have. Write this down and now load your DSE (disk sector editor). Read the first sector of the file you wish to modify (if possible transfering the file to a boot disk will make things easier. You can always begin your search at sector 1 then) and bring up the option of HEX SEARCH.¢ Time for a breather here as I explain a little about Assemblers. Most machine code programs are first written with an assembler which understands commands like LDA, STA etc. Most assemblers allow you to edit the program and then assemble it into straight machine code. Straight machine code is all hex numbers and every different assembler instruction will convert into a different hexcode.¢ To install lives into the game the programmer would probably use the commands:¢¢ LDA #5¢ STA 1536¢¢ In BASIC this would simply look like¢¢ POKE 1536,5¢¢as all the command is doing it storing 5 in location 1536.¢¢ But this is in assembler and in machine code it would look like:¢¢ A9 05 8D 00 06¢¢ A9 is the machine code instruction for LDA #byte where 8D is the command for STA adr.¢ As you can see the 05 following the A9 is the #5 that followed LDA, but why does 00 06 followed the 8D?¢ Well, the assembly instruction was written in decimal so when assembling it is converted into hex. The hex of 1536 is $0600.¢ Wait a minute! If the hex of 1536 is $0600 why does 00 06 appear after the 8D?¢ Strange isn't it? You'll just have to get used to it though! When appearing in machine code all adr's are stored in reverse order from what they'd appear in assembler.¢ All this may appear confusing but it isn't once you get used to it. Honest!¢ Anyhow, back to the main part. You've sorted out your game and you know how many lives it has?¢ The little titch on understanding assemblers will make this easier to understand: If your games has 3 lives then the command you will search for is A9 03.¢ Do a HEX SEARCH for it and when you find it take a note of the sector and byte and then modify the $03 into $09. Now reload the game - do you have 9 lives? If so, great! If not, reload the disk editor, change the $09 back into $03 and restart the HEX SEARCH.¢ Right, you've made it here which means two things: you've either found the right byte or you haven't. If you've gone through the whole game and not found the right byte then it's just not your day! You'll have to try something else.¢ OK! Found the byte? Great! Return its value to $03 and check the 3 bytes after it. They should be something like this:¢¢ 8D xx xx¢¢ Where the 'xx xx' is a memory location which will be different every time.¢ Write down this location and read sector 1 of the file you wish to cheat.¢ Now another breather! When you lose a life the programmer could have used a couple of different instructions to take one away from your life total. The two most common will be explained.¢ Now, because we're not sure what the programmer has used to take away a life we'll simply do a HEX SEARCH for the memory location. So, if the 'xx xx' above is '94 34' simply search for 9434.¢ Found it? Right take a look at the byte before the 9434 - what is it? If it's '8D' then continue the search; if not then read on.¢ Hopefully the byte will be either 'CE' or 'AD'. If it's CE then excellent as to give your game infinite lives simply change the 'CE' to 'AD' and that's it! Why? Well, the 'CE' is the hex code for the assembler instruction¢¢ DEC adr¢¢which simply takes one away from the memory address! And 'AD' is the instruction for¢¢ LDA adr¢¢which doesn't modify the contents of the adr at all. Simple eh?¢ If the byte's originally 'AD' then a little more work is involved. Take a look a the bytes following AD9434 - is there a 'E9 01' there? There is! Brilliant! Simply change the 01 into 00 and you have infinite lives! Why? Well, the 'E9' is the hex for the assembler instruction¢¢ SBC #byte¢¢which doesn't do much on its own but in a crowd would come out:¢¢ LDA $3494¢ SBC #01¢ STA $3494¢¢(or AD 94 34 E9 01 8D 94 34)¢¢which loads the accumlator (LDA adr) with the contents of $3494, takes away $01 (SuBtraCt #01) and then stores the accumulator back into $3494 (STA adr). Beware because there'll also probably be a '38' (SEC) hanging around but, although important to the program, isn't anything to worry about!¢*¢There are different ways of taking lives away:¢¢ LDY adr¢ DEY¢ STY adr¢¢but the examples given are the most likely and, in my experience, the most used!¢ I cetainly hope you've found this article useful. Maybe now you'll complete that game!¢¢John E. (TEBSF)¢
