It is currently Mon Oct 23, 2017 5:41 pm

All times are UTC - 7 hours





Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Sun Nov 01, 2015 9:09 am 
Offline

Joined: Sat Sep 12, 2015 3:42 pm
Posts: 44
I'm trying to disassemble a NES ROM to have a reference to use in a fan game. But I realized I have no idea what I'm doing. There wouldn't happen to be any documentation on the subject, would there? I am using disasm6 and a cdl file generated in FCEUX 2.2.2.


Top
 Profile  
 
PostPosted: Sun Nov 01, 2015 10:06 am 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 10068
Location: Rio de Janeiro - Brazil
I don't know if there are any useful documents out there, but if there are, they'll certainly only cover the disassembly part, and you'll still be responsible for making sense out of the code. Reverse engineering a game engine is no picnic, a lot of things don't make sense at first, and you have to go back and forth all the time until you can understand what the engine is actually doing and you can properly name all labels and variables. You practically have to get inside another programmer's head to do this, and this can't be easy. I certainly wouldn't want to go through all this work... I'd much rather "re-engineer" the game based on observation and use my own coding techniques than try (and most likely fail) to make sense out of undocumented code written by another programmer, specially if it's something as complex as a game.


Top
 Profile  
 
PostPosted: Sun Nov 01, 2015 11:04 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 5736
Location: Canada
I disassembled StarTropics' music engine a little while ago, and there's some source files here: http://rainwarrior.ca/projects/nes/startropics_music_fix.zip

I explain the process a little bit in some of those source files, but basically, I start with a CDL to identify code vs data, then I use that to create an "info" file for the disassembler (da65) to use. At first the info file just separates code from data.

Then what I do is analyze the code. Everything I figure out a name for, I add the name for those labels/symbols to the info file, and run the disassembler on it again. This replaces all use of those labels in the disassembly with the name I created for it. Do this for long enough, and eventually you can replace all of the symbols with labels, and you end up with something that looks a lot like source code.


Top
 Profile  
 
PostPosted: Sun Nov 01, 2015 11:11 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19122
Location: NE Indiana, USA (NTSC)
For popular games, there's probably a ROM map or a RAM map on RomHacking.net. This might give you a head start in coming up with labels for the technique described by rainwarrior.

The "reengineering" described by tokumaru is another way in theory. In the wake of Nintendo's takedown of YouTube videos of hacks of Mario games around the release of Super Mario Maker, I proposed restarting development of my own side-scroller engine for NES as an alternative to hacking SMB1. But some users in #nesdev told me nobody would likely care about it because the value of SMB1 hacks is allegedly that they use the physics of the game that people grew up with, including all its glitches.


Top
 Profile  
 
PostPosted: Sun Nov 01, 2015 11:59 am 
Offline
User avatar

Joined: Fri Nov 19, 2004 7:35 pm
Posts: 3944
Making the ram map is very important. If you start from scratch, a cheat finder can help find the global variables, and using the hex editor to freeze random bytes can go far too.

_________________
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!


Top
 Profile  
 
PostPosted: Mon Nov 02, 2015 6:39 am 
Offline

Joined: Sat Sep 12, 2015 3:42 pm
Posts: 44
tepples wrote:
For popular games, there's probably a ROM map or a RAM map on RomHacking.net. This might give you a head start in coming up with labels for the technique described by rainwarrior.

The "reengineering" described by tokumaru is another way in theory. In the wake of Nintendo's takedown of YouTube videos of hacks of Mario games around the release of Super Mario Maker, I proposed restarting development of my own side-scroller engine for NES as an alternative to hacking SMB1. But some users in #nesdev told me nobody would likely care about it because the value of SMB1 hacks is allegedly that they use the physics of the game that people grew up with, including all its glitches.

I see this game isn't as well known and is more mixed in how well it is liked. The game is called Arkista's Ring, I was trying myself to disassemble it, but soon realized I was trying to avoid it because I had no idea what I was doing. My goal was to disassemble it so I could have a very close version to compare to for a Windows clone. But "reengineering" seems like a better way for my purposes. I didn't know the work involved to disassemble the thing compared to other things.

Edit: The goal was to find unused code in the game. I know the game has unused sprites, but I was hoping to find some unused code that may have some use of some of those unused sprites or even some unused features.


Top
 Profile  
 
PostPosted: Mon Nov 02, 2015 2:37 pm 
Offline

Joined: Sun Apr 13, 2008 11:12 am
Posts: 6303
Location: Seattle
Here's a clever-disasm config to trace Arkista's Ring:
Code:
CertainlyData $0D13
CertainlyData $0D1B
CertainlyData $0D1D
JumpTableRoutineWithAppendix $5022
JumpTable $264D $264E 2 19
JumpTable $1CF5 $1CFC 1 8
JumpTable $3F58 $3F59 2 6
JumpTable $380E $380F 2 9
JumpTable $30E7 $30E8 2 23
JumpTable $62A7 $62A8 2 23
CertainlyCode $B988
With it, there are a few stubs of dummied-out code here and there, most of which are only a few bytes.
Clever-disasm indicates dummied-out code at $8301, $89D4, $8A93, $8D7B, $92A0, $92B2, $92C6, $95AE, $9F32, $A35E, $AD1A, $B05B, $B06B, $B43D, $B4DD, $B923, $BD14, $C27E, $C326, $C500, $C58C, $C7EF, $C896 (bold means ≥ 47 bytes long) ... but make sure that your CDL agrees. (i.e. contains 0 at the corresponding address)

Tangent: the game uses NOP #imm ($89) at $B986.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group