[bbhcotw] Stop Lightgun Screen Flash

This forum is for posting M.A.M.E. arcade cheats. Requests will be fulfilled here....but please keep the requests to the requests forum.
Post Reply
WunderEnrique
Posts: 9
Joined: Thu Sep 23, 2021 5:10 pm

[bbhcotw] Stop Lightgun Screen Flash

Post by WunderEnrique »

This cheat is for Big Buck Hunter - Call of The Wild. This bypasses the flashing screen which is reduntant when using other input than light guns.

Code: Select all

<mamecheat version="1">
  <cheat desc="Stop Screen Flash on Shooting">
    <script state="on">
      <action>temp0 =maincpu.pb@8005550f</action>
    </script>
    <script state="run">
      <action>maincpu.pb@8005550f=14</action>
    </script>
    <script state="off">
      <action>maincpu.pb@8005550f=temp0</action>
    </script>
  </cheat>
</mamecheat>
Nothing below this line is relevant for using this cheat, If you do not care about writing cheats, read no further!

Story Time

Because it is my first ever MAME cheat, I would like to write a bit about the discovery hopefully to help others in the future write similar cheats.

First step was figuring out more or less where the relevant instructions were, this was done by tracing using the debugger:

Code: Select all

trace tracefile.txt,0,noloop
then I shot 5 times, and quickly typed out

Code: Select all

trace off
Now I knew the instructions that I wanted would appear exactly 5 times in this trace!
But It was still a hefty file at ~500k instructions, so I had to go through it programatically.

I wrote a Python script that found all the lines that appeared 5 times, this amounted to only 1779 lines of instructions.
Going through 1779 lines of assembly code is a hassle to say the least. So I would rather find an easier solution.

I hypothesized that the flash would happen in some kind of conditional, e.g. an if-statement. And with the MIPS instruction set, this is done using the

Code: Select all

beq # Branch on equal
and

Code: Select all

bne # Branch on not equal
The hypothesis could be tested by flipping each and every one of these conditionals individually, beq->bne and bne->beq, and then firing a shot. But this task might still be quite big if there are many such statements.

First step was looking up how many of these statements there were, and this amounted to 102 such statements. Only a 102 statements! It should be possible to go through these by hand.

So I changed the python script to output a cheat file containing one cheat for every such statement, changing it from a beq to a bne or the other way around. This was the python code I ended up with:

Code: Select all

import collections
print("<mamecheat version=\"1\">")
with open("trace.txt","r") as trace:
    lines = trace.readlines()
    dupl = collections.defaultdict(list)
    for i, e in enumerate(lines):
        dupl[e].append(i)
    bneqcounter = 0
    for k, v in dupl.items():
        if len(v) == 5:
            hexval = k.split(":")[0]
            if ("beq" in k or "bne" in k):
                bneqcounter += 1
                location = hex(int(hexval, 16) + 3)[2:]
                print("  <cheat desc=\"" + str(bneqcounter) + "\">")
                print("    <script state=\"run\">")
                if ("beq" in k):
                    print("      <action>maincpu.pb@" + location + "=14</action>")
                else:
                    print("      <action>maincpu.pb@" + location + "=10</action>")
                print("    </script>")
                print("  </cheat>")
print("</mamecheat>")
Then I launched the game and went trough the cheats one by one, enabling it, shooting a shot, observe light, disabling it and then moving on to the next. Quite luckily the correct branch was the 7th I tested, which is the one posted in this cheat.

Remember, what I just outlined was the succesful route, there were many unsuccesful ones on the path to this one.

I hope this helps someone in the future write a cheat for another lightgun game, or any game at all.
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Re: [bbhcotw] Stop Lightgun Screen Flash

Post by Pugsy »

Thanks, added.

Nice work, especially for your first cheat and nice write up.

Trace file analysis is quite an advanced method so really impressive you've come up with your own tool straight out of the box.

I've been using my own TFAN tool for over 20 years, so I know how useful it can be.

One very minor observation about the above though, it's not really ideal to convert between BEQ <--> BNE. Ideally you should either convert a BEQ or BNE into the equivalent of a BRA or the equivalent of a NOP (actual NOP or jump address change) depending on how you want the branch to be forced.

For MIPs although there is no actual BRA instruction 1000???? beq $0,$0,address_offset can be taken as a BRA (as branch if zero=zero will always be true). So maincpu.pw@8005550e=1000 maybe a cleaner solution.
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
WunderEnrique
Posts: 9
Joined: Thu Sep 23, 2021 5:10 pm

Re: [bbhcotw] Stop Lightgun Screen Flash

Post by WunderEnrique »

Thank you!

The thought of stepping through assembly lines one by one seemed less enticing than writing a tool to do trace analysis :D
One very minor observation about the above though, it's not really ideal to convert between BEQ <--> BNE. Ideally you should either convert a BEQ or BNE into the equivalent of a BRA or the equivalent of a NOP (actual NOP or jump address change) depending on how you want the branch to be forced.
This is true for the end result, but not for the discovery phase where we don't know if a branch is happening or not. But I would definitely agree that a cleaner cheat would replace the BEQ/BNE with BRA/NOP
Post Reply