It is currently Tue Dec 12, 2017 6:50 pm

All times are UTC - 7 hours



Forum rules


Related:



Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Mon Mar 07, 2016 10:22 am 
Offline
User avatar

Joined: Fri May 08, 2015 7:17 pm
Posts: 1866
Location: DIGDUG
did anyone else see this post?

http://nintendoage.com/forum/messagevie ... did=159275

Its a hidden SNES debugger embedded in Jim Lee's WILDC.A.T.S. I've located its code, and did a (very bad, uncommented) disassemby. But, my knowledge of 65816 is weak. Does anyone out there want this?

By the way, disassembling SNES code is damned hard, every opcode is something, and the processor frequently jumps from 8-bit to 16-bit mode, so you can easily get a page full of the WRONG opcodes if you're off by 1 on the start point.

Here's a picture of it...
https://www.dropbox.com/s/djkmu8pbl1y217n/wildcats1.png

_________________
nesdoug.com -- blog/tutorial on programming for the NES


Top
 Profile  
 
PostPosted: Mon Mar 07, 2016 10:33 am 
Offline
User avatar

Joined: Fri May 08, 2015 7:17 pm
Posts: 1866
Location: DIGDUG
I should probably descibe it better.

Upon reading a #00 BRK, it jumps to this screen, which shows you the contents of the system RAM and the last processor status and Program Counter, etc, at the time of the crash. Also, there are ASCII tags all over the ROM, and this program somehow prints the name of the area of code that triggered the BRK.

It says "6502 IRQ/BRK vector", because I forced the Program to go there, but if another area of code caused the BRK, it would display that areas name on screen instead.

Pressing Up/Down/Left/Right and R/L buttons scrolls through the RAM.

Also, interestingly, it stores the graphics for this screen as 1 bit per pixel, and doubles each byte to produce a 2 bit per pixel version.

_________________
nesdoug.com -- blog/tutorial on programming for the NES


Top
 Profile  
 
PostPosted: Mon Mar 07, 2016 11:03 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19335
Location: NE Indiana, USA (NTSC)
This discovery has been posted on The Cutting Room Floor, along with usage instructions.


Top
 Profile  
 
PostPosted: Mon Mar 07, 2016 12:55 pm 
Online

Joined: Sun Apr 13, 2008 11:12 am
Posts: 6511
Location: Seattle
I've found that https://github.com/andlabs/65816disasm does a passable job of being an automated tracing 65816 disassembler.

It's not as configurable as bisqwit's 6502-targetting clever-disasm, but seems to work.


Top
 Profile  
 
PostPosted: Mon Mar 07, 2016 3:33 pm 
Offline

Joined: Sat Apr 25, 2015 1:47 pm
Posts: 336
Location: FL
The same screen (with slightly different text) appears in a lot of Beam Software's other SNES games (MechWarrior / BattleTech comes to mind). I've also found pretty similar crash screens in a handful of other games, more or less all of which have the same functionality.

If you want to see something really neat, a few years ago I discovered that GT Racing (and a couple of other games developed by Lenar) has a full-blown machine code monitor in the ROM, designed to run on the SNES and be used via a 9600 baud terminal connection.

I made a small assembly hack that changed the SNES-side connection handling to send/receive text via RAM instead, and Xkeeper made a Lua script for snes9x-rr that, together, made it possible to connect to the emulated SNES via TCP, enter commands to the monitor and see the results in the terminal. It's not a very useful debugger anymore since running from a ROM makes some of the functions no longer work as intended, but it was cool to see something that you didn't usually see on consoles.


Top
 Profile  
 
PostPosted: Mon Mar 07, 2016 5:21 pm 
Offline

Joined: Sun Mar 19, 2006 9:44 pm
Posts: 924
Location: Japan
That is very cool.

I also found vestigial (but working) Hu7 uploader/debugger code in these PC-Engine games:
Code:
game                    ver.    address

Atomic Robo Kid         1.10    $F400
Deep Blue               1.00    $F800
Drop Rock Hora Hora     1.10    $F400
Drop Off (U)            1.20    $F200
F-1 Pilot               1.00    $F800
Gai Flame               1.20    $F200
Gaia no Monshou         1.00    $F800
Mahjong Goku Special    1.10    $F400
Niko Niko Pun           1.10    $F400
Out Run                 1.10    $F400
P-47                    1.00    $F800
Titan           (? possibly 1.10) ~$F400


Version 1.20 of the debugger, disassembled: http://www.chrismcovell.com/texts/chris_hu7_dis.asm

The Hu7 interface is parallel-port based, and has versions for FC and SFC, I'll bet. If you look through the ROMs of Hudson-developed FC/SFC games for "DB rom" or other header text, maybe you'll find the same routines.

_________________
http://www.chrismcovell.com


Top
 Profile  
 
PostPosted: Tue Mar 08, 2016 2:43 pm 
Offline

Joined: Sat Apr 25, 2015 1:47 pm
Posts: 336
Location: FL
No luck searching either "Hu7" or "DB rom" in the No-Intro SNES set, and I don't have nearly a large enough collection of NES ROMs to try doing that at the moment.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group