Cheatscript

ianpatt · Post by **ianpatt** » Fri Dec 06, 2002 7:59 am

Here's an early description of the virtual machine that I'll be implementing in the cheat engine.

I've added a new addressing type, currently called cheatscript. When it is selected, the cheat engine will look (either in the comment field or directly after the cheat) for a program in this format. When the cheat is activated, the program will be run until termination. For simple cheats, all the program would do would be display a dialog asking for information (board position, piece to place, etc.), calculate the cheat address, then return the calculated address back to the cheat.

I'm also including the capability to have the cheat script execute once per frame (by not setting the "program done" flag in the halt instruction) allowing many possible creative uses.

Code: Select all

cheatscript virtual machine 0.1 documentation

Register List:

32 main registers, labeled r0 to r31
    r31 acts as condition register
    divided in to 8 segments, labeled cr0 to cr7
    x---    less than
    -x--    greater than
    --x-    equal to
    ---x    unused
65536 bytes of local memory

Memory Organization:

00000000 - 0000FFFF local memory
00010000 - 0001FFFF program
00020000 - 0002FFFF memory maintained across invocations (must be allocated in first cheat)

Instruction Categories:

data movement
    load/store local memory
    load/store remote memory
    set target cpu (immediate + from register)
    
    indexed (ea = rx + ry)
    relative (ea = rx + simm)
    get 
arithmetic
    add
    add immediate
    subtract
    negate
    multiply
    multiply immediate
    divide
    divide immediate
logical
    and
    and immediate
    and bit
    or
    or immediate
    or bit
    xor
    xor immediate
    xor bit
    sign extend
    rotate
    shift
branch
    jump
    conditional jump
    function call
    function return
comparison
    compare unsigned/signed
    compare unsigned/signed with immediate
management
    halt
    dialog
    asynchronous dialog
    wait for user input
dialog
    to be determined later

Opcode List:

33222222222211111111110000000000
10987654321098765432109876543210
000-----------------------------    [ memory transfer relative ]
---xxx--------------------------        opcode/type
                                            000 = load byte         ldb
                                            001 = load signed byte  ldbs
                                            010 = load word         ldw
                                            011 = load signed word  ldws
                                            100 = load long         ldl
                                            101 = store byte        stb
                                            110 = store word        stw
                                            111 = store long        stl
------xxxxx---------------------        base register (ignored if r0)
-----------xxxxx----------------        source/dest register
----------------xxxxxxxxxxxxxxxx        offset
001000--------------------------    [ memory transfer indexed ]
------xxxxx---------------------        base register
-----------xxxxx----------------        index register
----------------xxxxx-----------        source/dest register
---------------------xxx--------        type
                                            000 = load byte         ldxb
                                            001 = load signed byte  ldxbs
                                            010 = load word         ldxw
                                            011 = load signed word  ldxws
                                            100 = load long         ldxl
                                            101 = store byte        stxb
                                            110 = store word        stxw
                                            111 = store long        stxl
001001--------------------------    [ compare immediate ] cmpi
------xxxxx---------------------        left-hand side
-----------xxxxx----------------        condition register bit
----------------xxxxxxxxxxxxxxxx        immediate
001010--------------------------    [ compare immediate signed ] cmpis
------xxxxx---------------------        left-hand side
-----------xxxxx----------------        condition register bit
----------------xxxxxxxxxxxxxxxx        immediate

100000--------------------------    [ bit move ]
------xxxxx---------------------        source register
-----------xxxxx----------------        source bit
----------------xxxxx-----------        dest register
---------------------xxxxx------        dest bit
100001--------------------------    [ bit xor ]
------xxxxx---------------------        lhs register
-----------xxxxx----------------        lhs bit
----------------xxxxx-----------        rhs register
---------------------xxxxx------        rhs bit
--------------------------xxxxx-        target bit (of rhs register)
100010--------------------------    [ bit or ]
100011--------------------------    [ bit and ]

110101--------------------------    [ xor immediate ] xori
------xxxxx---------------------        lhs (ignored if r0)
-----------xxxxx----------------        target
----------------xxxxxxxxxxxxxxxx        unsigned immediate
110110--------------------------    [ xor immediate shifted ] xoris
110111--------------------------    [ or immediate ] ori
111000--------------------------    [ or immediate shifted ] oris
111001--------------------------    [ and immediate ] andi
111010--------------------------    [ and immediate shifted ] andi

111011--------------------------    [ add immediate ] addi
------xxxxx---------------------        lhs (ignored if r0)
-----------xxxxx----------------        target
----------------xxxxxxxxxxxxxxxx        signed immediate
111100--------------------------    [ multiply immediate ] muli
111101--------------------------    [ divide immediate ] divi

1111100000000000----------------    [ add ] add
----------------xxxxx-----------        lhs
---------------------xxxxx------        rhs
--------------------------xxxxx-        target
1111100000000001----------------    [ subtract ] sub
1111100000000010----------------    [ multiply ] mul
1111100000000011----------------    [ divide ] div
1111100000000100----------------    [ negate ] neg (ignore rhs field)
1111100000010000----------------    [ shift left ] shl
1111100000010001----------------    [ shift left immediate ] shli (treat rhs field as immediate)
1111100000010010----------------    [ shift right ] shr
1111100000010011----------------    [ shift right immediate ] shri (treat rhs field as immediate)
1111100000010100----------------    [ rotate left ] rol
1111100000010101----------------    [ rotate left immediate ] roli (treat rhs field as immediate)

11111100000---------------------    [ set target cpu ] stc
--------------------------x-----        direction (0 = to register 1 = from register)
---------------------------xxxxx        source/dest register
11111100001---------------------    [ dialog ] dia
----------------xxxxxxxxxxxxxxxx        offset of dialog descriptor
11111100010---------------------    [ async dialog ] adia
----------------xxxxxxxxxxxxxxxx        offset of dialog descriptor
11111100011---------------------    [ wait for user input ] wait
11111100100---------------------    [ compare ] cmp
-----------xxxxx----------------        left-hand side
----------------xxxxx-----------        right-hand side
---------------------xxx--------        condition register bit
------------------------x-------        signed comparison
11111100101---------------------    [ jump ] jmp
-----------xxxxxxxxxxxxxxxxxxxxx        offset
11111100110---------------------    [ jump conditional set ] jmps
-----------xxxxx----------------        condition register bit
----------------xxxxxxxxxxxxxxxx        offset
11111100111---------------------    [ jump conditional clear ] jmpc
-----------xxxxx----------------        condition register bit
----------------xxxxxxxxxxxxxxxx        offset
11111101000---------------------    [ call function ] call
-----------xxxxxxxxxxxxxxxxxxxxx        offset
11111101001---------------------    [ return from function ] ret
11111101010---------------------    [ jump to register ]
-----------xxxxx----------------        target register
11111101011---------------------    [ call to register ]
-----------xxxxx----------------        target register
11111111111---------------------    [ halt ]
-------------------------------x        program done

Once I implement the instructions to do dialogs and interact with the rest of the cheat engine, it should be possible to do almost anything needed.

And, yes, I have heard of overkill.

Anyway, keeping in mind that I'd like to make a general case solution to this problem, is something like this too complex or unneeded? Also if there's anything you'd like implemented or see missing, please tell me.

kelvSYC · Post by **kelvSYC** » Fri Dec 06, 2002 9:42 pm

And I was expecting something closer to C (so that I don't have to learn it from scratch...)

A few questions:

1. What's "immediate"?
2. Can you do something like a cheat-if in CheatScript (ie. a cheat shows up or disappears from an Enable/Disable list, which can be useful for something like MLCs)?
3. Does CheatScript make RACs and Number-Selects (and maybe even list cheats) obsolete?
4. As I know very little of the general idea (ie. it's the assembly language of the virtual machine), can you point me to a reference (to assembly language in general) so that I know enough to understand what you are talking about?
5. Does CheatScript have the power to modify existing cheats, similar to DOM on HTML?
6. What's the difference between 66000000 (assuming that's the type for a CheatScript) where the "program done" flag is set and 66000001 where the "program done" flag is not set?
7. Would an easier alternative like a Cheat-C be available?
8. How are CheatScripts stored? Is it one CheatScript to a file, multiple CheatScripts to a file, or you can put it all in cheat.dat? If it is the latter two, would Underscore Commands be needed?

And a few comments:
1. The name of a CheatScript cheat would be to give a name to it. Thus, the cheat comment would be the path to a CheatScript, right?
2. Looks like this might make the cheat engine more complicated than it really should be. After all, it looks like any cheat that can be done now can be done through a CheatScript.

ianpatt · Post by **ianpatt** » Fri Dec 06, 2002 10:02 pm

kelvSYC wrote:And I was expecting something closer to C (so that I don't have to learn it from scratch...)

I was actually considering writing an assembler for this, so you'd be able to code in something "not quite unlike" C.

kelvSYC wrote:1. What's "immediate"?

An absolute value stored directly in the instruction, ie. not in a register.

kelvSYC wrote:2. Can you do something like a cheat-if in CheatScript (ie. a cheat shows up or disappears from an Enable/Disable list, which can be useful for something like MLCs)?

I wasn't planning on supporting changing visibility - it makes the UI code rather complex.

kelvSYC wrote:3. Does CheatScript make RACs and Number-Selects (and maybe even list cheats) obsolete?

Kind of. It's easy to make an RAC or number-select cheat purely in the cheat engine, but writing a script to do the same thing would be much more difficult.

kelvSYC wrote:4. As I know very little of the general idea (ie. it's the assembly language of the virtual machine), can you point me to a reference (to assembly language in general) so that I know enough to understand what you are talking about?

Hmm... not off the top of my head. However, most likely you won't have to code at the assembler level to write scripts.

kelvSYC wrote:5. Does CheatScript have the power to modify existing cheats, similar to DOM on HTML?

I'll be adding instructions for that soon.

kelvSYC wrote:6. What's the difference between 66000000 (assuming that's the type for a CheatScript) where the "program done" flag is set and 66000001 where the "program done" flag is not set?

If the flag is set, the program will not be called again next frame. If it isn't, it will be.

kelvSYC wrote:7. Would an easier alternative like a Cheat-C be available?

Hopefully yes. I plan to write something like a compiler which would translate a higher-level language in to bytecode.

kelvSYC wrote:8. How are CheatScripts stored? Is it one CheatScript to a file, multiple CheatScripts to a file, or you can put it all in cheat.dat? If it is the latter two, would Underscore Commands be needed?

I was thinking about just putting a hex dump after the cheat. Example:

Code: Select all

lastblad:A0080018:00000000:00000000:00000000:Do Stuff
DE4948C0 48CA19F0 40F3E845 EA329604 ...
STOP

kelvSYC wrote:1. The name of a CheatScript cheat would be to give a name to it. Thus, the cheat comment would be the path to a CheatScript, right?

Not sure what you're talking about here.

kelvSYC wrote:2. Looks like this might make the cheat engine more complicated than it really should be. After all, it looks like any cheat that can be done now can be done through a CheatScript.

Technically, yes. However, this would only be used when needed, because the time required to write a script would be much longer than just setting up a standard cheat. Most of the complex code in the cheat engine implements the UI; the core takes a small percentage of the total space.

kelvSYC · Post by **kelvSYC** » Sat Dec 07, 2002 5:48 am

So in theory, CheatScript can be used as a foundation of the cheat engine, while normal cheats like the ones we have now are merely shortcuts (or macros or functions, whatever you care to call them) to predetermined CheatScripts.

Do I have this right?

ianpatt · Post by **ianpatt** » Sat Dec 07, 2002 6:37 am

kelvSYC wrote:So in theory, CheatScript can be used as a foundation of the cheat engine, while normal cheats like the ones we have now are merely shortcuts (or macros or functions, whatever you care to call them) to predetermined CheatScripts.

Do I have this right?

In theory, yes. It's not implemented that way, though. I'm keeping the cheat engine core the same, just adding support for executing this code.

stephh · Post by **stephh** » Sat Dec 07, 2002 10:25 am

I haven't fully understood all the stuff yet, so correct me if I'm wrong ...

I'm currently working on an improved version of CheckCDB with its original author, so we need to have a "stable" version of the cheat line format ... So please do NOT add some extra stuff at the end (or it couldn't be included in our structure

) !

I think that such "script" cheats will be VERY RARE, so will there be a way to recgonize them (I mean a specific cheat type), so they can be "ignored" by our "syntaxer" ?

Now, if you could provide some samples about such cheats and what they should do, it would be helpful to understand what exactly their purpose are ...

Steph from The Ultimate Patchers

Visit

The Ultimate Patchers' site

ianpatt · Post by **ianpatt** » Sat Dec 07, 2002 5:34 pm

stephh wrote:I think that such "script" cheats will be VERY RARE, so will there be a way to recgonize them (I mean a specific cheat type), so they can be "ignored" by our "syntaxer" ?

Yes. I allocated a new location type for this purpose, so anything with the upper three bits equal to "101" could be ignored. The program itself would simply show up as a comment (unless CheckCDB has a custom format that it wants comments in,) so that part should not cause problems.

stephh wrote:Now, if you could provide some samples about such cheats and what they should do, it would be helpful to understand what exactly their purpose are ...

This could be used to add an "enemy editor" to games. Some of the games I've looked at recently use a linked list to store all on-screen objects, so something like that would be impossible without a small program. It could also be used to implement conditions for cheats - ie. only run this cheat during normal gameplay to avoid side effects.

There's a reasonable chance that this will never be implemented. It's insanely powerful, which I take as a Good Thing, but it would also be rather complex to implement, which is a Bad Thing. I would also need to write a compiler to make this accessable to people who don't want to code in assembler, which I would be interested in doing, but again would take time. So I'm not sure where this is going right now.

kelvSYC · Post by **kelvSYC** » Sun Dec 08, 2002 1:29 am

Let's hope that CheatScript will one day become reality. Otherwise I won't have to waste four posts describing how grid cheats in spf2t works:

viewtopic.php?t=486

(remember, this predates spf2t being xored and predating the new cheat engine!)

I guess with dialog routines in a future version of CheatScript, who needs cheat-ifs? Wait, that's not true, MLCs might need those...

ianpatt · Post by **ianpatt** » Sun Dec 08, 2002 10:41 am

kelvSYC wrote:Let's hope that CheatScript will one day become reality.

Mostly this depends on if I can implement it cleanly and without making cheat.c the largest source file in MAME. Right now only the 68k core files + a few other things are larger. It's at least in the top 10, if not the top 5.

That and the whole "compiler" concept. I actually want to try my hand at writing a compiler, but I question how long it will take.

kelvSYC wrote:I guess with dialog routines in a future version of CheatScript, who needs cheat-ifs? Wait, that's not true, MLCs might need those...

That was the idea; essentially killing 25 birds with one boulder.

kelvSYC · Post by **kelvSYC** » Wed Jan 08, 2003 4:26 am

ianpatt wrote:
kelvSYC wrote:So in theory, CheatScript can be used as a foundation of the cheat engine, while normal cheats like the ones we have now are merely shortcuts (or macros or functions, whatever you care to call them) to predetermined CheatScripts.

Do I have this right?
In theory, yes. It's not implemented that way, though. I'm keeping the cheat engine core the same, just adding support for executing this code.

On a side note, would it really make a difference in terms of speed, or is this not really noticeable?

ianpatt · Post by **ianpatt** » Wed Jan 08, 2003 6:41 am

kelvSYC wrote:On a side note, would it really make a difference in terms of speed, or is this not really noticeable?

It shouldn't be noticeable.

Well.. potentially you could make a script that would crash the computer or cause lots of lag. Don't do that. I'll probably put an upper limit on cycles executed for release versions to fix the problem.