[HelpMeHack] Weaken the B-check

[smozoma]

Intro / What is this?

In short, someone (or someones) please do the relatively easy Steps 1, 2, 3, and 4 of this hack for me, based on my instructions below.

This begins a series of hack posts where I lay out how to help me with the early parts of discovering how to do a hack.

This series should train up a few guys to be great at investigating the starting stages of hacks to give me the info needed to complete the hack -- or to discover that the hack may not be possible.

Often these steps can be done in 5-30 minutes.

So I hope people will follow the instructions in these HelpMeHack threads in order to find for me the early parts of hacks. And then these people will have gained skills in order to be able to look into other hacks more quickly (or even come up with the basis of their own hacks).

The steps will be rated by difficulty:

Difficulty levels:
1. Total Beginner (anyone can do this)
2. Beginner (still easy, but might take some time to find what you're looking for)
3. Intermediate
4. Mad Skillz
5. You are Mark Lesser

For the Total Beginner level, it might take 30 minutes the first time you ever do one of these steps, but after that, it'll feel trivial and you can often do it in 5 minutes.

You can also try out Part 1 of TonyH's awesome hacking tutorial in order to practice up. It's basically Steps 1-3 from this HelpMeHack, but the 'answers' are already known.

So here is the first hack! I have several in mind, but this is as far as I got tonight.

Purpose of Hack:
The purpose of this hack is to make it so the B-check no longer automatically trips a player.

The B-check allows any player to knock over any other player. Technically, it's supposed to be a tripping penalty, but the refs rarely call it. I think it would be interesting to eliminate the B-check.


Possible Side-Effects:
If coaches can no longer do the B-check, they may resort to holding instead, and holding is super annoying.

Maybe if you manage to get the trip to work on a breakaway, there won't be a penalty shot?

Basic Plan / Why I think the hack may be possible:
When you play with penalties turned off, the B-check no longer works. So it should be possible to find the place where the game decides if the B-check trips the player or not based on if penalties are on or off. Then, hack the game so it thinks penalties are off at the moment a trip is attempted, so the trip doesn't work.

Hack Steps:

Step 0: Get the Gens ReRecording emulator

Expand spoiler to see my guide/tips for doing this.

• Get the Gens ReRecording emulator (it's Gens, but with some hacking features added on),
• unzip it,
• run Gens.exe,
• and configure your controller in it.

Step 1: [Difficulty Level 1] To find the address in RAM where the game stores the penalty on/off/no-offsides value:

Expand spoiler to see my guide/tips for doing this.

• Run Gens Rerecorder emulator (Gens.exe). (Do not maximize the window)
• Load the game ROM
• Go to the team selection screen of the game
• In the emulator, show the RAM Search window using Tools -> RAM Search from the menu
• I think the best way to find the value is to assume the default value is either 0, 1, or 2.
  • Select "equal to" and "specific value" (enter the value "0" beside that) and hit "Search" to find all the current 0s in RAM.
  • then change the penalty setting in the game, and use "not equal to" and click "Search" again
  • then change the penalty setting back to the original value, and use "equal to" and click "Search" again
  • if that doesn't narrow the list down to just a handful of address lines, try it again, but using "1" instead of "0". If it still didn't work, then try "2". If that still didn't work, then my assumption was wrong, please let me know and I'll try to find it myself or think up a new plan.
• Now you should have the list narrowed down to one address that changes between 0,1,2 when you change the penalty setting in the menu. We will use this address in the next steps. The address looks like 00FF1234 (but 1234 will be different… your goal in Step 1 was to figure out what 1234 is actually supposed to be )
• Please post the address you found, so someone (maybe you) can do the next step.

Step 2. [Difficulty Level 1] To verify that you can "Hook" the address found in Step 1:

• In the same folder as gens.exe, open hook_log.txt
• Change the 6^th line of the file from "hook_rd2 0 -1 -1" to "hook_rd2 0 ff1234 ff1234", but change 1234 to whatever it was from Step 1 of this hack.
  • "rd" means "read", it tracks when the value in address ff1234 is read and tells you what code in the ROM accessed it.
• Load the game in the emulator
• Turn on Hooking using the menu: Tools->Tracing->Hook RAM.
  • You'll see text along the bottom of the screen saying "RAM Hook: ON", or something like that.
• In the game's main menu, change the penalty setting a few times.
• Turn off Hooking by using the menu again: Tools->Tracing->Hook RAM.
• Find "hook.txt" in the folder with gens.exe and open it.
• Hook.txt should contain some lines that look something like this: [0F:ABCD] R16 = 0000 [FF1234]
  • What these correspond to are times when the game read that address.
• If it only says MEMORY ACCESS LOGGING STARTED and STOPPED, then something didn't work. Let me know and I'll come up with something new.
• Please post those lines that were in hook.txt from step h. in the thread so someone (maybe you) can do the next step.

Step 3. [Difficulty Level 1] Hook the address found in Step 1 while doing a B-check.

• Follow steps 2a-d to enable Hooking.
• In the game menu, turn ON (no offsides) penalties in the game and start the game
• Play the game and do a B-check, knocking a player over.
• Turn off Hooking by using the menu again: Tools->Tracing->Hook RAM.
• Find "hook.txt" in the folder with gens.exe and open it.
• Please post the contents of hook.txt and that will give me ideas for the next step in making this hack.

So at this point, I'll see if the contents of hook.txt look promising for the next steps of the hack.

Step 4: [Difficulty Level 1] Run a Trace of doing a B-check

• Add a hook on writing to the check statistic for the Home team. This will help narrow down our search area. In hook_log.txt, set up the line "hook_wr1 0 ffEB56 ffEB57"
• Load and run the game in the emulator. Use the home team.
• Play until you have a B-check lined up (but not thrown yet) and press Esc key to pause the emulator, then F5 to make a quicksave.
• Turn on Hooking using the menu: Tools->Tracing->Hook RAM.
• Turn on Trace using the menu: Tools->Tracing->Trace.
• Press Esc key again to unpause the emulator
• Do the B check you had lined up, so it connects and knocks the player over.
  • (Note that the emulator will play slower if tracing is on. If you miss the check, keep following these steps)
• Press Esc again to pause.
• Turn off Hooking and Trace by repeating steps d-e.
• If you missed the check, press F8 to load your quicksave, then go back to step c.
• Please zip both hook.txt and trace.txt and post them as an attachment

I will inspect the trace.txt and the new hook.txt to see if I can figure out the B checking code.

Step 5: [Difficulty Level 3] Inspect the Trace to find how it decides to trip or not based on the penalties setting

Step 6: [Difficulty Level 3 or 4] Hack the code so it thinks penalties are always off when attempting a trip.

[smozoma]

If you want help for any of the steps, please just ask and I'll try my best!

[TomKabs93]

HelpMeHack is an amazing idea. I don't wanna be a Debbie Downer, but

What are you supposed to do when say a 7 weight forward comes at you, and you are a 7 weight defenceman? I think you're trying to make it so poke checks won't affect the player holding the puck, but they'll just knock the puck loose. Thing is, I don't believe that's how it works when penalties are off. I could be wrong, but I think when penalties are off the B check just doesn't plain work.

Can anyone confirm that B checks still work on the puck when penalties are off?

[smozoma]

You can still knock the puck off their stick, but it's more difficult, you have to be really accurate. There was actually a time when some people didn't use the B check . I used to just block their path and often the puck would pop off their stick by hitting my skates.

[TomKabs93]

Oh okay, fair enough. That's a scary world to imagine

[smozoma]

Maybe I'll be able to find a way to simply reduce the effectiveness of the B check

[kingraph]

Let's get this part started, shall we?

Step 1: 00FFD057

Step 2:

MEMORY ACCESS LOGGING STARTED

[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:7BAC] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0001 [FFD056]
[0F:7BAC] R16 = 0001 [FFD056]
[0F:79C6] R16 = 0001 [FFD056]
[0F:79C6] R16 = 0002 [FFD056]
[0F:7BAC] R16 = 0002 [FFD056]
[0F:79C6] R16 = 0002 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:7BAC] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:79C6] R16 = 0001 [FFD056]
[0F:7BAC] R16 = 0001 [FFD056]
[0F:79C6] R16 = 0001 [FFD056]
[0F:79C6] R16 = 0002 [FFD056]
[0F:7BAC] R16 = 0002 [FFD056]
[0F:79C6] R16 = 0002 [FFD056]
[0F:79C6] R16 = 0000 [FFD056]
[0F:7BAC] R16 = 0000 [FFD056]

MEMORY ACCESS LOGGING STOPPED

For step 3, what address do you want to hook? It looks like there are two places = 79C6 and 7BAC.

[smozoma]

Good stuff!

Step 2 was actually just to verify that the RAM hook worked. A practice step, basically. You can see that the value changes between 0, 1, and 2. The values [0F:79C6] and [0F:7BAC] are actually addresses in the ROM, the instructions that are reading the RAM address you hooked. They aren't needed at this point (because we aren't interested in the code that is changing the penalties option)

Step 3 is to use 00FFD057 again, but execute a B-check to see what happens. So you turn on the RAM hook before doing a B-check, do the B-check (knocking the player over), then turn the RAM hook off (in order for it to write the data into the hook.txt file).

Then with that data, I'll know where to look in the code to try to understand how it's deciding to use the easy B-check with penalties on, and the hard B-check with penalties off.

[smozoma]

Just pointing out that anyone can take over and do step 3 if they want.

[kingraph]

MEMORY ACCESS LOGGING STARTED


[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[01:3FDA] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]
[00:EAE2] R16 = 0002 [FFD056]



MEMORY ACCESS LOGGING STOPPED

Note there was a lot more [00:EAE2] R16 = 0002 [FFD056] lines before and after, I just truncated around the one different value found.

[trudatman]

threads like this one make me happy. good stuff.

[smozoma]

Thanks Raph

I got discouraged here because I was thinking too far ahead, when actually the next step is no more difficult than step 3. So:

Step 4 has been added. Step 4 will generate a code trace, in pretty much the exact same way step 3 was done. The combination of step 3 and step 4 can be used to inspect the code that executed by the game in order to try to understand how the B check works.

The trace.txt file generated will be quite large, probably 10-20mb. Please zip it and also the new hook.txt file and post them here as an attachment. The files will zip very nicely because they are very repetitive.

[Premium]

Your fourth step contains an error somewhere. This seems to be pretty straightforward to me, however I cannot trace the B-check. The home staistic for the home team's body check is NOT listed in the RAM search, so when I hook and trace nothing shows up.

I was able to get as far as Raph, and my file looks identical to his. After running many tests I can confirm that 01:3FDA is the address to signify a B-check making contact.

[smozoma]

Dang, ok, thanks for checking that (pun not intended).

Can you figure out the home check stat using the technique from Step 1?

What you need to do is just keep searching the list for "greater than" "previous value" after each check (c or b, doesn't matter)

[smozoma]

Then use that value to hook on

[Premium]

Thanks man! I was able to successfully alter the code to allow for full-on B-checks with penalties disabled

It's terrific.

[smozoma]

Nice, good job

Can you make a thread for how to do that and I'll add it to the thread guide?

Also, can you post the zipped trace.txt + hook.txt?

[smozoma]

Coach delivers:

I don't think this has been posted.
Posting for future reference:

013FDC Change 66 to 67
013FE6 Change 67 to 66

The above enables the B check with penalties off...

I assume doing the reverse disables them with penalties on? Someone'll have to try

013FDC Change 67 to 66
013FE6 Change 66 to 67

[Premium]

Doing the reverse would bring it back to normal.

[smozoma]

Doing the reverse would bring it back to normal.

Oh right.. haha of course

Hmm.. So maybe changing just one of the lines that Coach posted will create a no-B-checks ROM, should anyone ever want such a thing.

[AdamCatalyst]

@smozoma I cracked this. Can alter B-Checks effectiveness, and likelihood in causing a penalty. I don't have time to write this up, but PM me and I can give you my work in progress (spreadsheet).

Edited June 12, 2025 by AdamCatalyst

[chaos]

2 hours ago, AdamCatalyst said:

@smozoma I cracked this. Can alter B-Checks effectiveness, and likelihood in causing a penalty. I don't have time to write this up, but PM me and I can give you my work in progress (spreadsheet).

I'm interested in what you found. Sometime last year I analyzed this code, just haven't posted yet.

 

When penalties are off:

The B check is less effective, because a calculation is done using the Chk rating of the player throwing the B check, and the Agl of the player being checked. RNG is also used. If its a CPU player throwing the B check, this calculation is ignored and it would work just like if penalties are off.

Calculation (used when penalties are Off, and the player checking is controlled by a joypad):

- Start with 32 decimal
- Add Chk rating (0-30 dec scale) of checking player
- Sub Agl rating (0-30 dec scale) of player being checked

- Subtract 2 from result (this is due to crowd meter bug, it's always active)
- New result =  RNG (between 0 and the result above)
- If new result is less than 24 decimal, exit (unsuccessful B check)

If penalties are on, or it's a CPU player B checking, or the above calculation deemed it was good enough to continue:

- Get difference of the 2 players in X (X_checking - X_checked)
- Get difference of the 2 players in Y (Y_checking - Y_checked)
- Use those results to get a direction (Ex: If checking player is directly to the right of checked player, their Xpos is more positive than the checked player, the X difference will be positive. If the checking player is directly above the checked player, their Ypos is more positive than the checked player, so Y difference will be positive). This is used to determine where the checking player is relative to the checked player. The result will be 0-7 (0 would be above the checked player, 2 would be to the right, 4 below, 6 to the left)

- Subtract the checked player's direction from the above.
- Add 1 to the result
- Pass the first 3 bits (to make sure the result will be between 0-7)
- Compare the result to 2. If higher than 2, B check is unsuccessful.
- If lower than or equal to 2, code will enter the Fall Down routine
- After Fall Down routine, it will check for penalties using the Aggression attribute (check the thread on Penalties for this). It will check if the calculated result is more than 4. If so, no penalty, if less than or equal, Tripping penalty.

For Example:

- Player is joypad controlled, penalties on (bypasses the Chk-Agl calc)

- Checking player is above and to the right of the checked player. His position is top right of the checked player, which would result in a 1 after checking the positions. (Think 0-7 direction going clockwise, where 0 would be directly above).

- Sub the checked player's direction. Let's say the player is facing up (again 0-7 for direction CW, facing up is 0). So his direction value is 0. So 1-0=1

- Add 1 to the result. 1+1=2

- Pass the first 3 bits. In this case, it doesn't matter, since our result was <= 7. We still have 2.

- Compare to 2. We are equal to 2, so the check is deemed "successful" and we enter the Fall Down routine. On return, it will check for a penalty.

 

Let's use same above, but checking player is now directly to the right of the checked player (so direction would be 2). Checked player is still facing up.

- Sub checked player's direction - 2-0 = 0

- Add 1 to the result. 2+1=3

- Compare that to 2. We are higher than 2, so we will exit the routine. Also, there will be no check for a penalty here.

 

Note, this is just the checking part. Has nothing to do with stealing the puck. This is to determine if the player will fall down (or have a chance to toddle) from the B check. But when the player falls down, they lose the puck possession, and with the checker's stick close to the puck, they have a chance to collect it.

The other part of B checking where you steal the puck is different, it relies on the Stk rating of both players, and penalties on/off don't make a difference there. This other part also just happens if you bump into the player and the puck is near your player's stick.

[AdamCatalyst]

Here is my simplified understanding. I'm not considering all the variables, just enough that I can reliably affect B-Check knock-downs and Tripping penalty calls.
 

[chaos]

18 minutes ago, AdamCatalyst said:

Here is my simplified understanding. I'm not considering all the variables, just enough that I can reliably affect B-Check knock-downs and Tripping penalty calls.
 

Nice chart!

I'm confused about the "Make Up" Calls though. What are you using to determine that?

 

[AdamCatalyst]

I thought I saw in the code that penalty call likelihood was give the "make-up" (my name) value when the opposing team is already serving a penalty. Did I misunderstand?

 

[chaos]

4 minutes ago, AdamCatalyst said:

I thought I saw in the code that penalty call likelihood was give the "make-up" (my name) value when the opposing team is already serving a penalty. Did I misunderstand?

 

You mean the 127 value?

No, that's just to make sure during a delayed call that there's no coinciding action penalties. The team who is going on the PP can still get an interference penalty or penalty from injury, but can't get any others.

The 127 just insures it's not below the compare limits.

[AdamCatalyst]

I seriously need to have you look over ALL my homework! I will go back and re-trace my steps on misunderstanding that one. Thanks as always.

[chaos]

3 hours ago, AdamCatalyst said:

I seriously need to have you look over ALL my homework! I will go back and re-trace my steps on misunderstanding that one. Thanks as always.

I updated my repo yesterday. It has a new LST file you can open up in a text editor and look through the code with my comments.

[AdamCatalyst]

@chaos THANK-YOU!!!!’

[AdamCatalyst]

On 6/12/2025 at 2:13 PM, chaos said:

You mean the 127 value?

No, that's just to make sure during a delayed call that there's no coinciding action penalties. The team who is going on the PP can still get an interference penalty or penalty from injury, but can't get any others.

The 127 just insures it's not below the compare limits.

@chaos So you are saying the 127 fixed value goes away once the PowerPlay officially starts?