GBS Request
Hmm, seems like ugetab has ripped two other GBS files. Do I understand correctly that the Harvest Moon 2 rip is good (just doesn't work as a .GB file, which doesn't concern me much), and the Simpsons one isn't?
In the mean time I've added them both to my listning for now, if you think I should remove any/both, tell me.
In the mean time I've added them both to my listning for now, if you think I should remove any/both, tell me.
The Harvest Moon 2 GBS only works in NEZPlug for reasons that I believe relate to stack overflows or underflows. I had to re-engineer the GBS2GB player code just to keep it from crashing. Escape from Camp Deadly sounds far from correct. Even with the BGB debugger, I can't seem to get either to work to a degree that satasfies me.
If these are acceptable to you, feel free to add them, with the noted issues.
If these are acceptable to you, feel free to add them, with the noted issues.
NSFs I've ripped:
http://www.angelfire.com/nc/ugetab/
A Searchable list of NSFs from other sites. In Internet Explorer, go to Edit>Find (on This Page)...
http://www.angelfire.com/nc/ugetab/NSFList.txt
http://www.angelfire.com/nc/ugetab/
A Searchable list of NSFs from other sites. In Internet Explorer, go to Edit>Find (on This Page)...
http://www.angelfire.com/nc/ugetab/NSFList.txt
Thanks for Mole Mania! Please fix it so that it works in Audio Overload.kingshriek wrote:Mole Mania and Spanky's Quest are done and uploaded.
www.snesmusic.org/hoot/kingshriek
Track 15 is beta, I believe.
BTW, would any of you know how snesmusic.org managed to do Super Punch-Out?(seeing as neither ZSNES or SNES9x can rip it)
-
- Posts: 98
- Joined: Tue Sep 13, 2005 7:53 am
- Contact:
Yes, I ripped all the HES files on my page. I wouldn't be surprised at all if some are duplicates of what has been done the Japanese ripping community, though. I wouldn't know, given how the Japanese ripping scene consists of posting links to low-retention upload sites on 2ch (also low-retention).
I don't have an information page about CD rips, though I'll give a short description right here.
Most CD games use the System Card PSG driver (thankfully). To determine if a game does, make a save state while PSG music is playing, and search for occurances of "20 D8 E0" in a hex editor. If you get some matches, chances are the game uses the System Card driver.
The System Card PSG driver comprises bank 2 of the system card and is loaded into MPR6 when needed. The PSG driver has two interface routines, one for intialization and one for playback. These are called through a jump table at the top of bank 0 of the system card which is loaded into MPR7. The initialization routines are called through $E0D8 and the play routine through $E0E1. Song data is loaded into MPR4-MPR5 - one or the other or both. In summary, for an System Card driver rip, you will need to rip bank 2 from the system card, the interface routines in bank 0, and of course the music data itself.
$E0D8 takes at least one parameter which determines which one of the initialization routines is chosen. This parameter is located at $FF on the zero-page. The initialization routines make take additional parameters (usually $F8 and $F9 depending on the routine). For HES rips, you only need to care about 9 or 10 of these routines. These are:
The above init routines (other than the song select one) are called sequentially in a block of code in just about every game I've seen that uses the system card driver. So, they are very easy to find in a hex editor. The song selection is handled the same way in every System Card driver game.
You can take out routine #$03 if you NOP out the banking used in the driver and handle it from the outside (this is what I prefer). Also, not all games will used all the above routines. #$05-#$09 are purely optional, for example, although the music will generally sound better if they are used.
Below is a typical init routine (assuming banking is handled outside as described above):
The play routine takes no parameters. However, depending on the game, it can be driven either by IRQ1 or TIQ. You'll need to check this for each game.
Finding all the music data can be a challenge in itself. I usually search for strings of repeated "1F"s or "01"s - common sequences that occur in additional waveform data. You can also try searching for "DD FF", a common bytecode sequence in the music data which sets the pan to full volume on both sides. I don't know of any search criteria that will guarantee finding all of the music data in a game, but I've been very successful with the criteria listed above. If the game has a soundtest, you can easily just use save states to extract the music data. Much easier than combing through the CD image.
Also, it isn't uncommon for their to be a lot redundancy among the music data blocks in the data section of the CD. I found over 100 16K blocks of music data in Kabuki Den for example.
Zeograd's lair has a full disassembly of the System Card PSG driver (with comments). A very good reference.
For games that don't use the System Card driver, there's not much I can say other than doing a lot of disassembling, analysis, and testing (and hair pulling, praying to the gods, etc.). Luckily these don't come up to often. Another driver I've seen come up a few times is one where each section of song data begins with the ASCII string "MUZ". You can look to my rips of Fiend Hunter or Cal II as a reference for these.
Hope the above is helpful.
I don't have an information page about CD rips, though I'll give a short description right here.
Most CD games use the System Card PSG driver (thankfully). To determine if a game does, make a save state while PSG music is playing, and search for occurances of "20 D8 E0" in a hex editor. If you get some matches, chances are the game uses the System Card driver.
The System Card PSG driver comprises bank 2 of the system card and is loaded into MPR6 when needed. The PSG driver has two interface routines, one for intialization and one for playback. These are called through a jump table at the top of bank 0 of the system card which is loaded into MPR7. The initialization routines are called through $E0D8 and the play routine through $E0E1. Song data is loaded into MPR4-MPR5 - one or the other or both. In summary, for an System Card driver rip, you will need to rip bank 2 from the system card, the interface routines in bank 0, and of course the music data itself.
$E0D8 takes at least one parameter which determines which one of the initialization routines is chosen. This parameter is located at $FF on the zero-page. The initialization routines make take additional parameters (usually $F8 and $F9 depending on the routine). For HES rips, you only need to care about 9 or 10 of these routines. These are:
Code: Select all
$E0D8 init routines - parameter $FF selects the routine
$FF parameters description
-----------------------------------------------------------------------------------
#$00 $F8=0 turns on playback
#$02 $F8=(0..5) sets clock rate, preps RAM
#$03 $F8,$F9 - stored into MPR4,MPR5 respectively banks for song data
#$04 $F8,$F9 - address (little endian) song data
#$05 $F8,$F9 - " " wave data*
#$06 $F8,$F9 - " " envelope data*
#$07 $F8,$F9 - " " pitch envelope data
#$08 $F8,$F9 - " " frequency modulation data
#$09 $F8,$F9 - " " percussion data
#$0B $F8 - song number song select
*additional to what's in the system card
You can take out routine #$03 if you NOP out the banking used in the driver and handle it from the outside (this is what I prefer). Also, not all games will used all the above routines. #$05-#$09 are purely optional, for example, although the music will generally sound better if they are used.
Below is a typical init routine (assuming banking is handled outside as described above):
Code: Select all
.
.
.
PHA ; push HES song number
TAX
LDA banktable,X ; load banks - set up music data in $8000-$BFFF
TAM #$10
INC
TAM #$20
CLA
STA $FF
STA $F8
JSR $E0D8 ; turn on playback
LDA #$02
STA $FF
LDA #$05
STA $F8
JSR $E0D8 ; set clock frequency (w/ arg=#$05)
LDA #$04
STA $FF
LDA $8000 ; song address LSB
STA $F8
LDA $8001 ; song address MSB
STA $F9
JSR $E0D8 ; set song data address
.
. ; insert data init routines #$05-#$09 - similar to that of #$04
.
PLA ; pull HES song number
TAX
LDA songtable,X ; load song number specific to music data block
STA $F8
LDA #$0B
STA $FF
JSR $E0D8 ; establish song number
.
.
.
Finding all the music data can be a challenge in itself. I usually search for strings of repeated "1F"s or "01"s - common sequences that occur in additional waveform data. You can also try searching for "DD FF", a common bytecode sequence in the music data which sets the pan to full volume on both sides. I don't know of any search criteria that will guarantee finding all of the music data in a game, but I've been very successful with the criteria listed above. If the game has a soundtest, you can easily just use save states to extract the music data. Much easier than combing through the CD image.
Also, it isn't uncommon for their to be a lot redundancy among the music data blocks in the data section of the CD. I found over 100 16K blocks of music data in Kabuki Den for example.
Zeograd's lair has a full disassembly of the System Card PSG driver (with comments). A very good reference.
For games that don't use the System Card driver, there's not much I can say other than doing a lot of disassembling, analysis, and testing (and hair pulling, praying to the gods, etc.). Luckily these don't come up to often. Another driver I've seen come up a few times is one where each section of song data begins with the ASCII string "MUZ". You can look to my rips of Fiend Hunter or Cal II as a reference for these.
Hope the above is helpful.
http://www.purose.net/befis/download/ne ... esspec.txtccovell wrote:Anyway, do you know of any pages with the HES format specification
This might count as a tutorial (The Legend of Xanadu .hes ripper with sourcecode).
http://www.purose.net/befis/download/ne ... 020519.zip
-
- Posts: 98
- Joined: Tue Sep 13, 2005 7:53 am
- Contact:
More on the HES format:
PCE ROM compatibility - Just about all HES files out there have a segment of code located at $FF00-$FFFF included so that the rip becomes functional as a PCE ROM (using I and II to select songs). So when you make a rip, just copy this section from another rip into the same place. The IRQ1 and TIQ vectors in this code are $E020 and $E023 respectively, so put entry points to the vsync and timer routines in these locations.
Data size field - Make this the size of the rip in bytes minus the 32 byte header. Some HES players strictly enforce this field, others don't.
Load address field - Make this $20 if you want the rip to be compatible as a PCE ROM.
MPR values and compatibility - HES rips can use SGX RAM if they need extra RAM, however this presents compatibility problems when loading as a PCE ROM in an emulator that doesn't support/allow you to force SGX emulation. For rips that use 16K of RAM, they can be played in these emulators by changing the MPR value 'F9' to 'F7', using battery RAM instead. However, I know for one thing that NEZplug doesn't support battery RAM (even though it should).
DDA samples - Some games use DDA for drums rather than synthesized noise. This is mostly done via the timer interrupt (with the PSG synth driven by vsync). These aren't usually too hard to deal with - just follow the TIQ vector in the ROM for the DDA code (you'll see it write to $0806). Just make sure you write the correct value to $0C00 so that the samples will play at the correct rate (very easy to find if you know where your emulator of choice stores it in its save-state files).
ADPCM - I don't think it's supported. Ru^3's version of NEZplug looks like it has partial support, but I couldn't get anything working (in both rips that use it and small test HES's I made).
General ripping strategy:
Tools - PCE emulator, Hex editor, HuC6280 disassembler
The two general methods of attack are from the outside-in and from the inside-out. The first being tracing from TIQ and IRQ vectors and the second being picking a place that's obviously part of the music driver (writes to $0800-$0807) and working from there. I prefer the latter of these two methods, especially for CD game ripping, as the first method will just send you through a bunch of BIOS routines which will surely use an indirect jump somehwere to get to music player routine. The rest of the information I provide below will imply the inside-out methodology.
Obviously, you'll want to locate the chunk of code that contains the music driver. Searching for writes to $0800-$0807 should lead you to it (unless it's a System Card driver game, which I already explained in my last post). What I usually do is just throw in an infinite loop ("80 FE") in place of one of these sound register writes, reload the ROM/save-state and if it locks up, I know I'm inside the play routine. From here, you can get a stack trace to help lead you to the entry point. You'll of course want to disassemble the bank that it resides in as well. Sometimes, inspection is enough to find the necessary routines (hope for a jump table at the top of the bank).
If you can find the play routine, search for a JSR to it elswhere in the ROM/save-state, and see what's being written to the memory registers (MPR0-MPR7) before it's being called. Searching on these MPR writes may give you the init routine. You can try the "80 FE" technique here as well - if the game locks up when it tries to load a song and not any time else, you're in the init routine. Watch for what is passed into the init routine - the accumulator is common, but it can be an index register, a memory address, or even from the stack.
I wish there was a good PCE/CD debugger. Would make the process so much easier.
PCE ROM compatibility - Just about all HES files out there have a segment of code located at $FF00-$FFFF included so that the rip becomes functional as a PCE ROM (using I and II to select songs). So when you make a rip, just copy this section from another rip into the same place. The IRQ1 and TIQ vectors in this code are $E020 and $E023 respectively, so put entry points to the vsync and timer routines in these locations.
Data size field - Make this the size of the rip in bytes minus the 32 byte header. Some HES players strictly enforce this field, others don't.
Load address field - Make this $20 if you want the rip to be compatible as a PCE ROM.
MPR values and compatibility - HES rips can use SGX RAM if they need extra RAM, however this presents compatibility problems when loading as a PCE ROM in an emulator that doesn't support/allow you to force SGX emulation. For rips that use 16K of RAM, they can be played in these emulators by changing the MPR value 'F9' to 'F7', using battery RAM instead. However, I know for one thing that NEZplug doesn't support battery RAM (even though it should).
DDA samples - Some games use DDA for drums rather than synthesized noise. This is mostly done via the timer interrupt (with the PSG synth driven by vsync). These aren't usually too hard to deal with - just follow the TIQ vector in the ROM for the DDA code (you'll see it write to $0806). Just make sure you write the correct value to $0C00 so that the samples will play at the correct rate (very easy to find if you know where your emulator of choice stores it in its save-state files).
ADPCM - I don't think it's supported. Ru^3's version of NEZplug looks like it has partial support, but I couldn't get anything working (in both rips that use it and small test HES's I made).
General ripping strategy:
Tools - PCE emulator, Hex editor, HuC6280 disassembler
The two general methods of attack are from the outside-in and from the inside-out. The first being tracing from TIQ and IRQ vectors and the second being picking a place that's obviously part of the music driver (writes to $0800-$0807) and working from there. I prefer the latter of these two methods, especially for CD game ripping, as the first method will just send you through a bunch of BIOS routines which will surely use an indirect jump somehwere to get to music player routine. The rest of the information I provide below will imply the inside-out methodology.
Obviously, you'll want to locate the chunk of code that contains the music driver. Searching for writes to $0800-$0807 should lead you to it (unless it's a System Card driver game, which I already explained in my last post). What I usually do is just throw in an infinite loop ("80 FE") in place of one of these sound register writes, reload the ROM/save-state and if it locks up, I know I'm inside the play routine. From here, you can get a stack trace to help lead you to the entry point. You'll of course want to disassemble the bank that it resides in as well. Sometimes, inspection is enough to find the necessary routines (hope for a jump table at the top of the bank).
If you can find the play routine, search for a JSR to it elswhere in the ROM/save-state, and see what's being written to the memory registers (MPR0-MPR7) before it's being called. Searching on these MPR writes may give you the init routine. You can try the "80 FE" technique here as well - if the game locks up when it tries to load a song and not any time else, you're in the init routine. Watch for what is passed into the init routine - the accumulator is common, but it can be an index register, a memory address, or even from the stack.
I wish there was a good PCE/CD debugger. Would make the process so much easier.
Last edited by kingshriek on Fri Apr 21, 2006 7:12 pm, edited 2 times in total.
Hi, I have a few GBS requests myself. I'm glad people are still ripping them, and doing a great job of it too - ripping the popular as well as the obscure. Mine are as follows:
Adventure Island 2
Alleyway (this was a launch title, why hasn't it been ripped yet? )
Burger Time Deluxe
F-1 Race (rad title tune)
Xtreme Sports (a GBC title by WayForward)
Thanks in advance~ Getting these would complete my collection!
Edit: I have just discovered Xtreme Sports has a sound test. So that doesn't need to be a priority should someone decide to rip one of these.
Adventure Island 2
Alleyway (this was a launch title, why hasn't it been ripped yet? )
Burger Time Deluxe
F-1 Race (rad title tune)
Xtreme Sports (a GBC title by WayForward)
Thanks in advance~ Getting these would complete my collection!
Edit: I have just discovered Xtreme Sports has a sound test. So that doesn't need to be a priority should someone decide to rip one of these.
I've made a new thread about HES file ripping here: http://nesdev.com/bbs/viewtopic.php?t=1416 so we can stay on-topic here.
http://drag.wootest.net/gbs/
That's the stuff I've done.
I have ripped Mario's Picross 2, but the reason I don't release it is that it has a really strange problem which I can't fix (Data East games have this problem too), the PCM channel doesn't silence, it just hangs, which makes songs sound wrong. The .gb version of the gbs works fine though, so I'm thinking it's possibly an emulation problem, but still, I don't feel comfortable releasing GBSes that blatently don't work. :S
That's the stuff I've done.
I have ripped Mario's Picross 2, but the reason I don't release it is that it has a really strange problem which I can't fix (Data East games have this problem too), the PCM channel doesn't silence, it just hangs, which makes songs sound wrong. The .gb version of the gbs works fine though, so I'm thinking it's possibly an emulation problem, but still, I don't feel comfortable releasing GBSes that blatently don't work. :S
-
- Posts: 40
- Joined: Sun Oct 09, 2005 11:22 pm
I noticed a problem with your Donkey Kong gbs rip. Track 46 is the credits theme, but for some reason it just keeps looping the first few notes over and over and never starts up the rest of the song.Drag wrote:http://drag.wootest.net/gbs/
That's the stuff I've done.
Also I'd like to request "Tenchi Wo Kurau", a Gameboy installment of Capcom's Destiny of an Emperor series, to anyone willing.