GCNrd Brief Tutorial

Please before you even attempt to use GCNrd, make sure you have basic knowledge of hex & Binary, code types & how to use GCNcrypt, if you dont have knowledge of these things, please leave GCNrd, and GCN hacking to someone else.


Part 1 - Getting started
Part 2 - Code Search Functions Explained in full
         Compare Type
         Dump & Poke
         Pause & Run
Part 3 - Breakpoints Introduction
         What is a breakpoint?
         Using Breakpoints
         Reading Breakpoints
         Using it outside of the GUI
         Setting a breakpoint
Part 4 - Dissasembler Introduction
         What is a dissasembler?
         Using the Dissasembler
         Using it outside of the GUI
Part 5 - Memory Viewer Introduction
         Auto Update
Part 6 - GCNrdGUI - Action Replay Code
Part 1 - Getting Started

Once you have everything setup on your PC, and PSO so that it will connect with GCNrd's GUI you are ready to go. Double click on the GCNrdGUI icon, and it should ask "Launch Loader.exe?" click yes, and the GUI will say "Connecting" in the top left hand corner, its now awaiting a signal from PSO.
Switch on your GCN with PSO inserted, and load it up as normal, load up your character as normal, and you should get the standard starry screen, the screen will go black, and come up with the IP, & Remote IP settings, that you should have configured correctly, now press start.
A message will now appear on screen saying "Open Disc Tray" open the disc tray, take out PSO, and insert the game you would like to hack codes for, and close the lid, you should now see a disc info screen similar to the one on the GCN menu. This will be there for around 2 - 3 seconds and will dissapear, GCNrdGUI is now connected to your GCN, and your ready to hack some codes with it.

Part 2 - Code Search Functions Explained in full

GCNrdGUI has many different features that may seem daunting at first, but hopefully this will give you some help in discerning what each one does.

Compare Type

These functions will probabally be a very useful tool in trying to find unknown value types, or joker addresses. Both Value Type,Compare type & Data size are linked together, if you set Value type to unknown search, then GCNrd will search for any values currently in the memory, if you set it to known search, it will search for whatever value you enter into the box below it, this is also dependent on the Data size. 8 bit, will only search for values that are 8 bit in size, 16 bit will only search for values 16 bit in size, and so on. TO begin an unknown, or known search, firstly select the option you want, enter the value you wish to look for ( if its a known search) the Data size, and hit start, and it should display aload of addresses in the box on the right hand side. Note it probabally wont find all addresses in the game using that value, you will have to play further on into the game, and search again to get more results.
Once you have done your first search, you can now use the tabs in Compare type, these are explained as follows.

Equal - This will search for any values that equal the last value searched (known or unknown)
Not Equal - This will search for a value that dosent equal the last value (If your not sure if the value goes up or down)
Less Than - This will search for values that are less than the previous value searched (known or unknown)
Less or Equal - Use this if you arent sure if the value is Less or equal to the last
Greater Than - This will search for values that are greater than the previous value searched (known or unknown)
Greater or Equal - Use this if your not sure if the value is Greater or equal to the last
Flag Search - These search for input commands, useful when searching for joker addresses.
Different by - You can use this to determine, exactly the difference of the next value will be

An example of using these would be to say searching for address in a game that stores your lives remaining.

Go into the game as normal, say you currently have 5 lives, click the known search tab, and make sure data size is set to 8 bit, now in the search value enter 05, or just 5, and hit start.
GUI will now search the games memory, it will probabally show hundreds of results, and almost none of these are what you want, the next step would be to lose a life, your lives will be now be at 4, so in the search value type in 04, and hit search again, you may still have lots of values, so keep repeating this, until you only have afew to choose from.
This will now lead onto our next section.

Poke & Dump

Poke is abit like Action Replay, the difference being Poke only writes to the chosen area of memory once, so its best to do this before that area of memory will be overwritten.
Once you know what address you want to write to, enter it into the address bar, the address goes into the first bar, and the value you want to write goes into the second bar (remember the address must start with an 8!)
Once youve done this, hit poke, and it will write the value to the area of memory you have chosen, so if you know the address for your lives, you can poke whatever value you want to that address to give you said amount of lives.
This goes for any address you want to test out, using poke, and a value that is different to the one stored there already is basically the same as using an AR, accept for one vital difference, but more on that later on.

Dump is also a very useful feature, this can be used to dump a section of the games memory (or all of it) to your computer, so that you can view it (through a hex editor) and see whats going on.
Its very useful if you want to search a large amount of memory quickly, or if your just after something in particular. There are 2 ways in which to dump a memory file, you can either use GCNrd, or use the GUI itself (only when debug is on)

To use the GCNrd, you would type Dump (filename.bin) (start area) (end area)
ie, Dump Jay.bin 80070000 80080000, then hit enter, and GCNrd will dump the memory file to your PC.
To use the GUI, make sure debug is set to on, then were you normally enter an address to poke, put in the start area of memory in the left bar, and the end area of memory in the right, and hit dump.

Pause & Run

Fairly easy these, Pause, will halt the GCN, Run will resume it.
These are useful if you want to freeze areas of memory, if your searching for constantly changing values.

Part 3 - Breakpoints Introduction

What is a breakpoint?

Many of the codes we make just write a certain value to memory again and again to prevent a value from decreasing/increasing/etc. However, we don't actually stop the game from writing to that area of memory, because we don't know from where the instruction is coming. With breakpoints, we can find where and what the assembly (ASM) instruction is that is writing/reading/executing a value or other ASM instruction in memory.

Now for basic ASM/breakpoint usage, it is not necessary to be able to read/program in ASM.
However for more advanced uses, it is highly recommended.
A basic sheet on PowerPC ASM instructions (pretty much the same as used in the GameCube) can be found here.

Using Breakpoints

Breakpoint options:


This will pause your game and dump the register, when the game reads the address you put the breakpoint on.


This will pause your game and dump the register, when the game attempts to write to the address you put the breakpoint on.


This will pause your game and dump the register, when the game executes the ASM in the memory address you put the breakpoint on. This is mainly used for advanced programming of ASM or debugging an ASM routine (GameCube supplied or homemade).

Mostly you will be using the read, write, and read/write breakpoint options.


1. Input the memory address you wish to put the breakpoint on into the address field.
2. Choose what type of breakpoint you want.
3. Hit Set Breakpoint. If the breakpoint hasn't hit, and you wish to cancel it, just hit Stop.

Reading Breakpoints

Once the breakpoint hits, a file called bp.log is created with the register values, floating point values, etc.
This should be what is displayed in the middle window.

The bottom window should show the address that read/wrote to the address with the breakpoint.
It's ASM should already be disassembled. You can also go to the disassembler tab (see that Disassembler Section), and the address that read/wrote should be preloaded into the memory address field on that tab.

If you were wanting to freeze the value in the address you put the breakpoint on, writing 60000000 (ie. nop) to the address with the ASM instruction will often accomplish this.

If you are wanting to do more advanced uses of the breakpoints, you can use the Step button to go through each instruction in the ASM program block. The Step button will also follow the 'break' commands in the ASM to follow the true program.

Using it outside of the GUI

If you set GCNrd into debug mode, you will now be able to set the breakpoint read (bpr), breakpoint write (bpw), breakpoint read/write (bprw), and breakpoint execute (bpe) commands.

Setting a breakpoint

1. Type in your breakpoint type followed by the address you want the breakpoint on.
GCNrd will be unable to take additional commands until the breakpoint is hit.
2. Once the breakpoint is hit, GCNrd will create a bp.log file. The first line of this file shows the address that read, wrote, etc. to the address with the breakpoint.

Once you know the address where the breakpoint hit, decide whether you want to see the ASM or not.
If you just want to try out 60000000 on the address and see what it does, 'poke' that ASM address and type 'run' to resume normal execution of the game. If you want to see the ASM intstructions at that address, dump that area of memory to a file and feed it into vdappc.exe from an MS-DOS prompt.
See the Disassemble Section for more details.

Part 4 - Dissasembler Introduction

What is a disassembler?

This disassembler (vdappc.exe with mods by Parasyte) will disassemble GameCube hex into it's raw assembly format.
To have any solid understanding of what is shown on this tab, it is necessary to have some knowledge of assembly.
I recommend using this website as a quick reference to the GameCube assembler instructions.

Using the Disassembler

1. Input the address you want to see the assembly for into the address box.
2. Hit 'Enter'.

To scroll up or down, use the little arrows on the address field.

This tab is most useful in conjunction with the breakpoint tab, as you won't know the register values otherwise.

Using it outside of the GUI

Once you have a dump of the memory you want disassembled, pull up an MS-DOS prompt and cd to the directory where you put GCNrd and vdappc.exe (included with the GCNrd/GUI package).

vdappc.exe uses the following format:

vdappc.exe dump_file output_file [memory offset]

The dump file and output file are probably obvious. The memory offset is very important if you want to follow ASM break commands.
Just put the starting memory address for the dump file in that call line field.
If you don't specify it, it will default to 80003100.

Part 5 - Memory Viewer Introduction

The Memory viewer is every hackers dream, it allows you to see what each address is currently doing, and allows you to poke those addresses at anytime you want, remember all addresses must start with 8.
The bar on the left hand side, is where you enter the block of memory you want to view, and the results in the box on the right hand side, are all the addresses in that current block of memory along with there current values.
You can then use the up & down arrows, to cycle through the memory.

Auto Update
This is also a great feature, this allows you to see the GCN's memory in real time, allowing you to visually see what the memory is doing, its great for finding codes like timers, and double checking on an address that you think does a certain thing.

Part 5 - GCNrdGUI - Action Replay
This will be by far, the most asked about section, so here it is, a guide on how to transfer the code you have in the GUI, into a code that will work on your AR.
The only thing that you really need to know is about code types, Im in noway an expert on this subject, so I will just tell you what I do know, if the code type is wrong, it will not work in your AR, either that or seriously damage it, you have been warned.

Most AR codes are either 8bit writes, 16bit writes, or 32bit writes.
8bit writes can end in 0-F.
16bit writes can end in 0, 2, 4, 6, 8, A, C, or E.
32bit writes end in 0, 4, 8, or C.
You also need to look at the value itself. Usually, the different writes work like this -

8bit write 000000XX
16bit write 0000XXXX
32bit write XXXXXXXX

X represents the value it will write to that address, so if your code is only using the last 2 values it would be an 8bit write, and so on.

The other thing to know, is how to tell the AR, what write it is, these are as follows -

8bit write - 00
16bit write - 02
32bit write - 04

These numbers will go at the start of your address, replacing the 8X thats there now with 0X + the type of write. These are only 3 of the many different code types, but these are the ones that are mainly used.
If you want to know more on these, see Jason Haffners or Kenobi's Code types FAQ.
eg - You have found that the lives address is stored at 80211D9E, and you want to give yourself 99 lives.
So the code would endup as 80211D9E 00000063 (63 is 99 in hex), but as we know this is incorrect, and wont work in an AR, it also isnt decrypted yet. The code type is that of an 8bit write, so an 8bit write activator is needed, so the code you enter into GCNcrypt will be -
00211D9E 00000063, you would encrypt this (making sure the ID is correct for the game your playing) and away you go.

Please remember, test all codes on an AR first, because even if they work on the GUI, there is no guarantee they will work on an AR, this is due to some games doing strange things with memory.