It is currently Mon Oct 23, 2017 10:20 am

All times are UTC - 7 hours



Forum rules


Related:



Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Sun Oct 22, 2017 3:36 pm 
Offline

Joined: Mon Nov 10, 2008 3:09 pm
Posts: 430
I've been looking at Game Boy stuff lately, and I noticed that most Super Game Boy-enhanced games send one or two standard sequences of DATA_SND command packets (the SGB command to transfer up to 11 bytes to an arbitrary SNES address) at startup when they detect they are running on a SGB. The payloads of these standard packets looked a lot like 65816 code to me, so I put them together and disassembled them. Interesting.

If anyone has reverse-engineered the SGB firmware sufficiently to tell what these apparent hotpatches are for, or is interested in doing so, I'd be interested in your findings. The first one appears to be sprite-related--$7EC000 is where the SGB has its shadow OAM. Maybe it's related to the SGB sprite functionality which was never used by any official game?


Top
 Profile  
 
PostPosted: Mon Oct 23, 2017 7:12 am 
Offline

Joined: Fri Feb 24, 2012 12:09 pm
Posts: 531
Interesting, I didn't knew about those patches. I've disassembled some small snippets of the SGB ROM some years ago, and disassembled the patches today. And this is what I came up with...

OBJ Patch
this patch somehow hides 25 OBJ's in whatever situation. unknown when/why this is needed, and unknown which situations are triggering the conditions like [C9h]=7E7E80h.
the patch is done by many/most games, and it's also done automatically by SGBv1/SGBv2/SGB2v1 (ie. games would need to apply the patch themselves only for SGBv0).
Code:
                      ;------------------
0000:0810 4C 20 08     jmp  0820 ;hide_obj_patch_cont
                      ;---
0000:0813 EA EA ..     nop (5x)
                      ;---
0000:0818 60           ret
                      ;---
0000:0819 EA EA ..     nop (7x)
                      ;---
                      hide_obj_patch_cont:
0000:0820 A9 01        mov  a,01
0000:0822 CD 4F 0C     cmp  a,[0C4F]            ;\check if [0C4Fh]=01h
0000:0825 D0 39        jnz  0860 ;@@exit        ;/
0000:0827 CD 48 0C     cmp  a,[0C48]            ;\check if [0C48h]=01h
0000:082A D0 34        jnz  0860 ;@@exit        ;/
0000:082C A5 C9        mov  a,[C9]              ;\
0000:082E C9 80        cmp  a,80                ;
0000:0830 D0 0C        jnz  083E ;@@try_other   ; check if [C9h]=7E7E80h
0000:0832 A5 CA        mov  a,[CA]              ;
0000:0834 C9 7E        cmp  a,7E                ;
0000:0836 D0 06        jnz  083E ;@@try_other   ;
0000:0838 A5 CB        mov  a,[CB]              ;
0000:083A C9 7E        cmp  a,7E                ;
0000:083C F0 12        jz   0850 ;@@match       ;/
                      @@try_other:              ;-or, alternately...
0000:083E A5 C9        mov  a,[C9]              ;\
0000:0840 C9 C8        cmp  a,C8                ;
0000:0842 D0 1C        jnz  0860 ;@@exit        ; check if [C9h]=05C4C8h
0000:0844 A5 CA        mov  a,[CA]              ;
0000:0846 C9 C4        cmp  a,C4                ;
0000:0848 D0 16        jnz  0860 ;@@exit        ;
0000:084A A5 CB        mov  a,[CB]              ;
0000:084C C9 05        cmp  a,05                ;
0000:084E D0 10        jnz  0860 ;@@exit        ;/
                      @@match:
0000:0850 A2 28        mov  x,28 ;dst           ;\
0000:0852 A9 E7        mov  a,E7 ;yloc/fillvalue; set Yloc=E7h for 25 OBJ's
                      @@lop:                    ; (aka set them offscreen in
0000:0854 9F 01 C0 7E  mov  [far 7EC001+x],a    ; NTSC mode)
0000:0858 E8           inc  x                   ; (buggy in PAL mode?)
0000:0859 E8           inc  x                   ; (25 OBJs are the 24 OBJs for
0000:085A E8           inc  x                   ; use by gameboy, plus one
0000:085B E8           inc  x                   ; extra OBJ?)
0000:085C E0 8C        cmp  x,8C ;dst.end       ;
0000:085E D0 F4        jnz  0854 ;@@lop         ;/
                      @@exit:
0000:0860 60           ret
                      ;------------------


SOU_TRN Patch
this patch disables H+V IRQ during SOU_TRN, unknown when/why this is needed.
this patch is done by WHICH games? I haven't tried, but it should be easy to find such games using a hex editor with "find in multiple files" function, and then searching for the patch/packets.
Code:
                      ;------------------
0000:0800              jmp  0900 ;cmd_hook_cont
                      ;---
[...]                  [...]
                      ;---
                      cmd_hook_cont:
0000:0900 AD C2 02     mov  a,[02C2]  ;cmd      ;\
0000:0903 C9 09        cmp  a,09      ;SOU_TRN  ; check if SOU_TRN (cmd 09h)
0000:0905 D0 1A        jnz  0921 ;@@exit        ;/
0000:0907 A9 01        mov  a,01                ;\disable H+V IRQ
0000:0909 8D 00 42     mov  [4200],a            ;/
0000:090C AF DB FF 00  mov  a,[far 00FFDB]      ;\check ROM version
0000:0910 F0 05        jz   0917 ;@@version_0   ;/
0000:0912 20 73 C5     call C573 ;SOU_TRN_v1_v2 ;\
0000:0915 80 03        jr8  091A ;@@finish      ; execute SOU_TRN for SGBv0
                      @@version_0:              ; or SGBv1/SGBv2/SGB2v1
0000:0917 20 76 C5     call C576 ;SOU_TRN_v0    ;
                      @@finish:                 ;/
0000:091A A9 31        mov  a,31                ;\enable H+V IRQ
0000:091C 8D 00 42     mov  [4200],a            ;/
0000:091F 68           pop  a                   ;\flush retadr
0000:0920 68           pop  a                   ;/(cmd 09h already executed)
                      @@exit:
0000:0921 60           ret
                      ;------------------


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: Bing [Bot] and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group