Working with Midway machines (mid?unit): tips?

If you are having problems finding or using cheats for an Emulator (particularly MAME/MESS) or have found a trick that you wish to share this is the place to do it. But please read the Cheat FAQ first.
Post Reply
rytz
Posts: 2
Joined: Sun Jul 14, 2013 7:18 pm

Working with Midway machines (mid?unit): tips?

Post by rytz »

Hi:

I'm looking for insight on how to more accurately pinpoint memory address changes on Midway MID?UNIT machines (working with UMK3 right now). Using the cheat engine on a "word" level provides me with the best results so far:

Code: Select all

ci uw, 0, 0xffffffff
Using the above init, I have been mostly successful in detecting the memory addresses I've been looking for. There are some values that I know exist (and are incrementing / decrementing) but I am not able to detect them using "cn in, cn de, cn eq, #, etc". The reason I know they exist is because I was able to find the values I want stored in the NVRAM, but I haven't been able to detect them in memory while the game was running. The value is only a single byte in length.

I know that these machines handle memory space in a weird way. I am aware of the memory space offset (0xFF800000).

Is there a way to break down midway (MID?UNIT) debugging to the byte level (for doing cheat search analysis)? Another option that I have considered is to diff multiple memory dumps.

Thanks.
syndromtr
Posts: 232
Joined: Wed Sep 25, 2013 8:18 am
Been thanked: 1 time

Re: Working with Midway machines (mid?unit): tips?

Post by syndromtr »

good luck&welcome :)
i'm also new on that midway system but it's good to share knowledge..
first examine "already found" cheats, as you see:
example: mk2
drain all energy now:
<action>maincpu.pb@10602F0=01</action>

what you notice here? it's a RAM cheat (p) and memory is at 1xxxxxx
as you check mk2.xml briefly, other (p) cheats are around 1030000 - 1060000
these are "real" memory addresses, so in debugger you can get its value with ctrl+m and entering 10602F0
but byte structure is "reversed" as explained.

Code: Select all

in monitor you'll see
1060280          0000000000000000   00A1000000000000
                                |     |            |
real memory               1060280  10602F0       10602C0
got it? first block's rightmost real value is 1060280, 2nd block's rightmost real value is 10602C0 and
10602F0 has the value A1.

so, for one byte catching, use this search in debugger:
ci ub,1000000,70000 (will search between 1000000-1070000)

yes, as you're aware, for ROM cheats,
<action>maincpu.mw@0003FD8=0300</action> (always secret game over)
use this to calculate REAL address: (or do the reverse for cheat.xml entry)
3FD8 * 8 = 1FEC0 + FF800000 = FF81FEC0
0300 is the NOP (no operation) opcode, so this ROM cheat stores 0300 to FF81FEC0, check in debugger, ctrl+D.
i can share other tips if needed..
Post Reply