Hex Lesson

Written by: solid-tbone/ TEKHacks

The Beginning

Now this is I think the part that scares people.  Counting hex numbers.  It’s so simple after you get it.  You will smack yourself for not learning it before.  Hex goes a little something like this:

00,01,02,03,04,05,06,07,08,09,0A,0B,0C,0D,0E,0F…..

You really don’t need the 0 when counting, but for romhacking reasons, we will put them in there.  When you get so high it gets a tad confusing.  It goes like this:

D0,D1,D2,D3,D4,D5,D6,D7,D8,D9,DA,DB,DC,DD,DE,DF…

After DF comes E0.  People have the hardest part with that.  Always ends in F and always begins with 0 when counting.  It’s from 00 to FF.  In decimal the total is 255.  It NEVER goes any higher, ever!!  Just do not forget that after EF would come F0.  Another is 49 comes 4A and CD comes CE.  I would recommend writing down all the hex numbers so you get the idea.  Takes time, but do not give up.  Hex address are read in the same way except the numbers raise in value.  This number depends on the size of the rom.  At hex address 1001A, the byte there is 39.  Addresses and bytes are 2 different things and never get them mixed up.  Addresses hold bytes.  That should make it simple enough.  You can’t change addresses, but you can change bytes.  Bytes is what holds the rom data we go looking for.  It becomes easier, just read on.

A little history

When I first started, I had a little advantage.  When I was in school we learned hex.  So I was prepared when Gamemakr24 went over the basics of romhacking with me.  I would not be able to write this document if it wasn’t for the patience and knowledge of Gamemakr24, so thank you.  Also, when reading this document, you can use any hex editor.  I also suggest grabbing a copy of Castlevania , because it’s my favorite game and the one I use for this document.

The Next Step

Open up a hex editor and open Castlevania.  You will see a bunch of hex numbers.  All these numbers hold important data for the rom.  The first 10 bytes in ALL roms are for the header so emulators can read them.  Never touch them.  This will be important when I go over adding Game Genie Codes to a rom.  There is nothing in a rom you can’t find and change.  Searching through a rom can be a major pain in the ass.  If you do it correctly you can find good usable data for the rom.  Just take every 8 bytes or so, except for the first 10, and change them all to 00.  Make sure you copy the 8 bytes you changed so that after you see what it does you can put them back in.  I use Hex Workshop and Translhextion for my hex editing needs.  I ALWAYS make copies of the rom I am using and I write all my information down.  Always save after you get some great info.  It happens to the best of us, believe me I know. 

Finding level data

There really isn’t much to finding data in a rom.  Here is an example of what I did to find the level data.  I searched every 8 bytes until I found the data I was looking for.  At address &H1001A you will find the byte 39.  Change that byte and save it.  Open up the rom in your favorite emulator and play the first stage.  You will see the very first tile changed to an all black tile.  Isn’t that totally awesome.  I was very excited when I found this data.  It just takes time, don’t give up.  Let’s move on.

Finding more level data

This is a little easier since you found the level data for Castlevania.  This takes a little time, but just change so many bytes and keep checking the rom.  You should notice that level 2 begins right at the end of level 1.  The only difference is that the rooms are not in order.  The last byte in that room is where the fish men jump out of the water.  After that go to level 2.  You will see that the first byte in level 2 is changed.  I am pretty sure it’s around &H10865.  I haven’t been playing with hex in a while and I lost my CV document that I had with all my info.  I will find it though.  Using the same steps I am telling you here.  Level 2 level data is also not in order so mess with all the bytes from there and you will find the level data.  That is really it.  Search. 

Finding a title screen

This is easier than looking for level data.  I did this easily and was surprised how quick I found it.  Every title screen has some kind of text info in it.  I took Castlevania’s title sceen and looked up words like push start now in a hex editor.  Most hex editors support text search, like hexposure.  After that, you have part of the title screen.  Just keep going back until you find the very first byte in the screen.  Unlike level data, title screen data is usually 1 sprite big.  So changing it to your specifications can be a little time consuming, but definitely worth the trouble in the end.  I used Nesticle95 and TLP to view the pattern table and find out what byte is where.  You can click on a byte in Nesticle and find out what byte is assigned to a sprite.  There are 2 different sides.  They change due to changes in RAM I think.  The title screen data in a pattern table is usually on the right hand side.  Just click and find out what byte is assigned to what sprite.  It becomes easy after you do it.  Everything does technically.  Just keep plugging.

Finding Graphic data

This is the easiest part and the hardest part.  Open up TLP and Castlevania.  Scroll down until you begin to see sprites.  You will see a sprite that looks like a line.  That is the beginning graphical data for Castlevania.  It should begin at &H3508 and end around &H10000.  I been up for 15 straight hours and I am too lazy to open it.  You just saved yourself a ton of time looking through a rom for all this information.  Now when looking for data you can skip over a ton of bytes that were once unknown data.  Some nes roms have what they call compression.  They compress graphics to save space.  There are a good amount of different formats that  you have to learn.  I don’t have time to teach them here, because I don’t know them all and this is a hex document.  They do have programs that help you look for it and FuSoYa has made a program called Lunar Compress that decompresses certain roms.  Nifty program and I suggest you pick it up.  I sure hope that someone else can pick up on this subject.  Sorry if I don’t know that much here.  Getting help from people can be such a task sometimes.  Let’s move on to our final subject(s).

Finding other types of data

You be amazed by how one byte can hold important data.  I am going to use Megaman 5 as my example.  When I was learning how to convert Game Genie codes I learned that Megaman’s jump height data was held by one byte.  You could find this the hard way by changing all bytes one by one until you come to hex address 360BE.  The byte there is 05.  If you change it to 06 he will jump higher.  The higher you change it, the higher Megaman jumps.  It’s pretty fun to do.  I had help from fellow tekhacks member DahrkDaiz and another member named Gil_Galad I met in acmlm’s mIRC #romhacking channel.  I used a Game Genie code converter.  Open it up and select NES.  Enter the code and you should get the address and the bytes.  It will give you the address it’s at in memory and the byte it is and the byte you need to change it too.  Now the address you have is not the address that needs changing.  You must add 10 bytes to the address for the header.  This next part is a little tricky.  You must use the mathematical operation “AND” to the new address.  So if you got the hex address 9123 in your Game Genie Code Converter, you would open your calculator that comes with windows.  For the AND operation, you always use the hex address 1FFF.  I don’t know why it is, but it just is.  I believe that it also has to deal with RAM moving in and out of the rom.  If you do 9123 AND 1FFF you get 1123.  Now never forget to add 10 bytes for the header.  After that you get hex address 1133.  Now, because of something called banking you must search for the address by adding 2000 or 8000 bytes.  Sometimes you can just add 8000 bytes and you got your address, but sometimes different roms use different amounts of banking.  So just add 2000 bytes to the address until you find the desired result.  For some Game genie codes, you don’t get a starting byte value.  You get a byte to change it to and not a byte that you have to look for.  So just do what I said before and just change the byte held at every 2000 or 8000 bytes to the one that Game Genie Code Converter gave you.  You will eventually come up with the result you want.

The end for now

Thanks for reading.  I hope this helps people in need of learning hexidecial or hex.