It is currently Sat Mar 23, 2019 9:20 am

All times are UTC - 7 hours





Post new topic Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Wed Jun 01, 2016 9:28 am 
Offline

Joined: Wed Jun 01, 2016 7:44 am
Posts: 2
I'm looking for a disassembler which would recognize unofficial/illegal opcodes, preferably recognizing labels also AND any assembler which would be able to recreate a working .nes file from a received code. I've already tried several disassemblers which could run on Windows 8.1. A following one (a link to a thread) has given best results, which I've attached to a this thread with .nes file I'd like to work with. Like you'll surely notice, there's a lot of editing work for .asm file I'd like to avoid. I can't assemble it back to .nes file with asm.exe - even if I add .chr file in a command line (copy /b), it doesn't work.

EDIT: I've removed attached .nes and .chr files.
Game name: Godzilla 2: War of the Monsters. Here's a NES header if you need more information without looking for NES ROM file.
Code:
.db "NES", $1A     ; Header
            .db 8              ; 8 x 16k PRG banks
            .db 16             ; 16 x 8k CHR banks
            .db %00010000      ; Mirroring: Horizontal
                               ; SRAM: Not used
                               ; 512k Trainer: Not used
                               ; 4 Screen VRAM: Not used
                               ; Mapper: 1
            .db %00000000      ; RomType: NES
            .hex 00 00 00 00   ; iNES Tail
            .hex 00 00 00 00


I have almost no experience with programming, but seeing how many tools and any other information are available there, I think I'd like to try editing that game, starting with replacing any scenario with a custom one. I already have other tools like e.g. Nitendulator, FCEUX, Tile Layer, Hexecute and few others, but it seems to me that working on 6502 Assembly code in a text format (i.e. with text opcodes) would be best to figure out how that game works and to how to edit it later on.

If you have or just know a pair of those tools which will allow to recreate an original .nes file without (or at least: with little) additional editing of a disassembled code, please let me know so I can look for them. Thanks in advance for any help.


Attachments:
asm6.zip [46.56 KiB]
Downloaded 85 times
disasm6-1.5.zip [3.06 MiB]
Downloaded 103 times


Last edited by cyb3k on Thu Jun 02, 2016 1:39 am, edited 2 times in total.
Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 9:50 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7328
Location: Canada
da65 has a "6502X" option which includes a set of unofficial opcodes.


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 10:03 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7328
Location: Canada
Being able to disassemble and reassemble from and to an NES file probably isn't going to happen in a single step. I don't know of a good disassembler that's NES banking-aware.

Normally what you'd need to do is split your NES file into banks. How the banks are organized is very different from mapper to mapper, so there's no "one size fits all" solution to this. The simplest version is NROM (mapper 0), where you have a 16 byte header, then one 16 or 32k PRG bank, then one 8k CHR bank.

Once your banks are split, you can disassemble and reassemble each PRG bank individually, then finally you can recombine your banks into a working NES file.

You can write scripts to do this, but I don't know of a disassembler that will do all of this for you.


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 10:09 am 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3959
Location: A world gone mad
Supposedly disasm6 is supposed to do this, but I've not tried it. The methodology I've used for a couple decades is exactly what rainwarrior described.


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 10:18 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7328
Location: Canada
For any mapper that lets you bank code to more than one location, you have to manually figure out what address each bank belongs at too, so in a lot of cases even if you know the mapper you can't make it turnkey.

There's also the big problem of sorting data from code. I think your request for unofficial opcodes might be a mistake; are you asking for this because you've tried disassemblers and are frustrated that they spit out a bunch of hex data? Using unofficial opcodes to disassemble data into code isn't going to help anything. The number of games actually use unofficial opcodes is very few; in most cases trying to disassemble this way is just going to generate a lot of junk code you can't work with. If you're actually trying to make modifications to a game, you'll want to be able to edit the data too, not just the code, and for that you need to disassemble data as data.

FCEUX has a code-data-log feature which can be used to tell a disassembler which parts of the ROM are code vs data. Very useful! Again, though, not manual at all. You have to play the game for a while to get the emulator to track which things are data and code.


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 10:20 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21210
Location: NE Indiana, USA (NTSC)
By "very few", there are probably fewer than a half dozen licensed U.S. NES games using unofficial opcodes. Which game are you disassembling?

If you have made your own ld65 linker config files for a project using the same mapper, you might try da65. It takes an info file that could be called an "unlinker config file". The syntax is somewhat different. But I don't know whether it allows segments' run addresses to overlap the way ld65 does.


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 10:25 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7328
Location: Canada
No, segments in a da65 info file may not overlap. The disassembly works only on a contiguous block of data. Each bank requires its own da65 call.


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 10:28 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7328
Location: Canada
koitsu wrote:
Supposedly disasm6 is supposed to do this, but I've not tried it. The methodology I've used for a couple decades is exactly what rainwarrior described.

I took a look at DISASM6. It supports only two mappers (0 NROM, 2 UxROM), but it sounds like it produces a convenient "one file" output like OP is looking for, and it has direct support for FCEUX code data logs which is great. (For da65 you'd have to write a script to convert the CDL to an info file.)

If you want to use it with any other mapper, though, you might be back to square one, but I think this is as close as you're going to get.


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 12:40 pm 
Offline

Joined: Sun Apr 13, 2008 11:12 am
Posts: 8178
Location: Seattle
clever-disasm can follow bankswitching, although it's only implemented for a subset (UNROM, SKROM, MMC3, VRC6a).

The current version in bisqwit's source doesn't support unofficial opcodes, but from experience after I added support in my local version, 99% of the time that you think you found one, you're wrong and the disassembler went off the rails instead.

Then again, having just run it against the, uh, thing in the first post, I see that it immediately goes off the rails. Because the 6502 pseudo-core inside clever-disasm doesn't meaningfully support INC, it never gets the MMC1 control register reset, and jumps off into nowhere. Having added enough support for INC abs to get MMC1 initialization working, I've got something that's passable... I guess I could attach it or PM it to you.

(p.s. please don't post that, just tell what game you're looking at instead)


Last edited by lidnariq on Wed Jun 01, 2016 5:23 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 5:21 pm 
Offline

Joined: Wed Jun 01, 2016 7:44 am
Posts: 2
First of all, thanks for so much of interest. I really appreciate all that help.

rainwarrior wrote:
da65 has a "6502X" option which includes a set of unofficial opcodes.
After a while I've found cc65 package here (click), but it seems to be maintained no longer. A version of da65 which I've got can't use that CPU mode. Command line returns this:
Code:
da65 -o Godzilla2.asm --cpu 6502x Godzilla2.nes
Error: Unsupported CPU

koitsu wrote:
Supposedly disasm6 is supposed to do this, but I've not tried it.
The earlier attached .asm file was created by disasm6 (also attached) and results prove it cant't recognize those opcodes.

rainwarrior wrote:
For any mapper that lets you bank code to more than one location, you have to manually figure out what address each bank belongs at too, so in a lot of cases even if you know the mapper you can't make it turnkey.

There's also the big problem of sorting data from code. I think your request for unofficial opcodes might be a mistake; are you asking for this because you've tried disassemblers and are frustrated that they spit out a bunch of hex data? Using unofficial opcodes to disassemble data into code isn't going to help anything.
Well, I was thinking that this particular game might be using such opcodes and that could be the reason why a reassembled file doesn't work. I tested DISASM6 and ASM6 with a simpler game (Excitebike, like mentioned here) and it worked. DISASM6 separates CHR data and returns them in a separate file which can be merged later with a compiled code. Like you've already noticed, DISASM6 will not work properly with MMC1 mapper and that's a most likely cause.

rainwarrior wrote:
The number of games actually use unofficial opcodes is very few
tepples wrote:
By "very few", there are probably fewer than a half dozen licensed U.S. NES games using unofficial opcodes. Which game are you disassembling?
If that's not a game I'm going to edit, any disassembler working with MMC1 mapper, even without support for unofficial opcodes, should be enough for to get a code which can be reassembled into a working file.

lidnariq wrote:
(p.s. please don't post that, just tell what game you're looking at instead)
Sorry, I was thinking that attaching a .nes file will be even better.
Game name: Godzilla 2: War of the Monsters. Here's a NES header if you need more information without opening attached files.
Code:
.db "NES", $1A     ; Header
            .db 8              ; 8 x 16k PRG banks
            .db 16             ; 16 x 8k CHR banks
            .db %00010000      ; Mirroring: Horizontal
                               ; SRAM: Not used
                               ; 512k Trainer: Not used
                               ; 4 Screen VRAM: Not used
                               ; Mapper: 1
            .db %00000000      ; RomType: NES
            .hex 00 00 00 00   ; iNES Tail
            .hex 00 00 00 00


lidnariq wrote:
clever-disasm can follow bankswitching, although it's only implemented for a subset (UNROM, SKROM, MMC3, VRC6a).

The current version in bisqwit's source doesn't support unofficial opcodes, but having added support in my local version, 99% of the time that you think you found one, you're wrong and the disassembler went off the rails instead.
Then again, having just run it against the, uh, thing in the first post, I see that it immediately goes off the rails. Because the 6502 pseudo-core inside clever-disasm doesn't meaningfully support INC, it never gets the MMC1 control register reset, and jumps off into nowhere. Having added enough support for INC abs to get MMC1 initialization working, I've got something that's passable... I guess I could attach it or PM it to you.
Well, let me have a look then. I haven't tried with clever-disasm yet, but if you modified it for MMC1 mapper, it probably wouldn't have worked too, just like with DISASM6.



BTW: I've already noticed that certain debuggers, like e.g. the one built into Nitendulator, have own disassemblers for purposes of tracing. For Nitendulator, it also displays unofficial opcodes, but only a portion of a visible bytes is disassembled - bytes in the neighboring, invisible lines are ignored and created opcodes on the edges might be displayed incorrectly then. I guess that is also a case for a partially disassembled code? You mentioned splitting NES into banks, that's why I'm asking. If disassembler has to work correctly, a whole code must be put into a single input file, right? And, of course, without certain data like e.g. CHR and, possibly, data carefully hidden between code lines (if there are any).


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 5:42 pm 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7328
Location: Canada
cyb3k wrote:
Game name: Godzilla 2: War of the Monsters. Here's a NES header if you need more information without opening attached files.

You should edit your original post and delete the attached file. We are not allowed to host ROMs here in violation of copyright. (This includes the CHR file too.)


Last edited by rainwarrior on Wed Jun 01, 2016 5:47 pm, edited 2 times in total.

Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 5:44 pm 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 7328
Location: Canada
cyb3k wrote:
rainwarrior wrote:
da65 has a "6502X" option which includes a set of unofficial opcodes.
After a while I've found cc65 package here (click), but it seems to be maintained no longer.

The still maintained version is here: http://cc65.github.io/cc65/


Top
 Profile  
 
PostPosted: Wed Jun 01, 2016 5:55 pm 
Offline

Joined: Sun Apr 13, 2008 11:12 am
Posts: 8178
Location: Seattle
The trace I get out of my lightly-modified clever-disasm produces something pretty sane, although incomplete.

Like I said, the MMC1 support was present, it was just starting off with nonsense because it didn't correctly trace through the power-on initialization.


Anyway, please note that even if you had a fully-correct fully-automated disassembly of the game, it is likely that that is still less useful than manually drilling down to the specific functions of interest, as found by using Nintendulator/FCEUX's debuggers.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group