Author
|
Topic: So who do I have to kill to learn 6502 ASM? (Read 1496 times)
|
hippiejake
Guest
|
|
« Reply #15 on: December 30, 2006, 02:25:17 am » |
|
I should compile what I've learned and hopefully it will help in explaining ASM to people like me who arn't programing savy.
Please do so. I've been haphazardly mashing through wikipedia, google, and various ROMs hoping to learn something. I can never find documentation covering certain things, like switching memory banks, so I could actually insert a routine into the game. I went to the Barnes & Noble Bookstore yesterday and there wasn't a single book on assembly. However, there were about 8 books about HTML. o.0
|
|
|
|
Kitsune Sniper
Guest
|
|
« Reply #16 on: December 30, 2006, 11:09:05 am » |
|
I should compile what I've learned and hopefully it will help in explaining ASM to people like me who arn't programing savy.
Please do so. I've been haphazardly mashing through wikipedia, google, and various ROMs hoping to learn something. I can never find documentation covering certain things, like switching memory banks, so I could actually insert a routine into the game. I went to the Barnes & Noble Bookstore yesterday and there wasn't a single book on assembly. However, there were about 8 books about HTML. o.0 I would've expected more books on HTML to be around.
|
|
|
|
Jigglysaint
Guest
|
|
« Reply #17 on: December 30, 2006, 12:56:14 pm » |
|
Well I still don't know things like bank switching. Mostly what I've been doing is utilizing the free space allready in the rom to modify current routines. That's still kind of hard if you don't know what you are doing though. It's still a big step up from game genie hacking.
The game I am working on is rather simple in terms of banks. The data banks are at the beginning of the ROM, and pretty much make up the first 10000 0h. After that is a bank from 10000 to 14000 and that's for one aspect of the game. The next bank is for music, and after that is for the game's second aspect, then finally universal ASM code. I count about 8 banks and if you arn't doing fancy stuff like DahrkDaiz is doing, really it's a matter of finding free space and making sure you can use it.
|
|
|
|
Ryusui
Guest
|
|
« Reply #18 on: December 30, 2006, 03:04:55 pm » |
|
Bank swapping is not so much ASM knowledge as hardware knowledge.
By writing to certain addresses, you can swap banks, or read the current bank from a particular register.
|
|
|
|
Kitsune Sniper
Guest
|
|
« Reply #19 on: December 30, 2006, 03:44:11 pm » |
|
One of the things that bugs me about debuggers is that you can't start the game on the very first opcode that runs unless you -know- what it's going to be. I know some mappers start off executing a certain address in memory, then they jump somewhere else and begin execution... but I can't figure out HOW TO GET THE FIRST ADDRESS. Argh.
|
|
|
|
RedComet
Guest
|
|
« Reply #20 on: December 30, 2006, 04:05:14 pm » |
|
Oh, that's simple. The start point is fixed. The reset vector is 2 bytes at $FFFC-FFFD. What ever address is there is where execution starts at. The only thing that changes is what bank is loaded into the $F000-$FFFF space initially, and that varies from mapper to mapper. For example, mapper 16, the last $4000 bytes of PRG-ROM are hard-wired (can't be swapped) at $C000-$FFFF. So, for say, DBZ3 (since I can still remember it), PRG-ROM is from 0-$3FFFF. That last $4000 bytes ($3c000-3FFFF) is the bank that'll be hardwired. So you go to $3FFFC, and what ever address is there (I don't remember right off) is where execution starts. EDIT: This is specific for the NES. Other CPUs have reset vectors (or may be different entirely), so you'll need to check some documentation about those chips. Here's an okay explanation of the reset vector. Look under "What's Happening?"
|
|
|
|
tomaitheous
Guest
|
|
« Reply #21 on: December 30, 2006, 07:33:59 pm » |
|
I know some mappers start off executing a certain address in memory, then they jump somewhere else and begin execution... but I can't figure out HOW TO GET THE FIRST ADDRESS. Argh. Tongue I'm not sure about the other emus with debuggers, but if you use mednafen do the following: mednafen <somegame>.nes press ALT+D to get into the debugger press ALT+S to stop the emulation/debugger press F10 to reset the game. The debug cursor will now be paused at the very first address of execution. Btw, mednafen 0.7.1 adds a tile/sprite viewer for NES/PCE/PCFX in the debugger ( press ALT+2 for the tile viewer and ALT+1 for debugger )
|
|
|
|
Kitsune Sniper
Guest
|
|
« Reply #22 on: December 30, 2006, 08:25:59 pm » |
|
Is there a GUI yet?
I like Mednafen, I just don't like having to type huge paths and stuff. >_>
|
|
|
|
tomaitheous
Guest
|
|
« Reply #23 on: December 30, 2006, 08:35:40 pm » |
|
No, not yet. Saren is adding support for a Frontend app to interface with mednafen (realtime EMU changes and such ). Although I don't know of any frontends written for this - yet.
|
|
|
|
KingMike
Guest
|
|
« Reply #24 on: December 30, 2006, 10:24:33 pm » |
|
For example, mapper 16, the last $4000 bytes of PRG-ROM are hard-wired (can't be swapped) at $C000-$FFFF. So, for say, DBZ3 (since I can still remember it), PRG-ROM is from 0-$3FFFF. That last $4000 bytes ($3c000-3FFFF) is the bank that'll be hardwired. So you go to $3FFFC, and what ever address is there (I don't remember right off) is where execution starts.
Well, it's actually + $3C010-4000F because of the header. You should also know that $FFFA-FFFB and FFFE-FFFF control the NMI and IRQ routines (can't recall which is which, but you may need to know them, since those routines can happen at any time in your code, so you'll need to be prepared if they bankswap on you. If they do, they're probably loading the original ROM bank bank in. Hopefully, it's reading some RAM value that held the last value written to the bank control register, and you'll just need to update that value when you bankswap. Or it could read banks from a table, which is uglier.) Most mappers' registers can't be read, since they usually occupy the same address range as ROM. Like mapper #3 allows you to write a CHR bank to any value between 8000 to FFFF(*), and that CHR bank will be swapped in. But if you try to read it, you'll just get a value from the ROM. (I later realized that $2000 and $2001, which configure the PPU, shouldn't be read either, and that's why the FDS BIOS routines that write to $2000/1 will copy the value to RAM, so you can read it if you need to ) (*)this mapper's bus conflict is kinda besides the point, so I'm ignoring it. As for reset vectors, I believe the SNES uses the same reset vectors, but it's at $7FFC for games with 32KB banks and $FFFC for games with 64KB banks (since they'll both resolve to $80:FFFC in the SNES memory map) GB/C I believe starts at $0100, which is supposed to be a jump to the start point (since $0103 is where the cart header and license-unprotection Nintendo logo starts)
|
|
|
|
Kitsune Sniper
Guest
|
|
« Reply #25 on: January 04, 2007, 08:10:24 pm » |
|
Well, my book arrived today. It's the third edition, so it's not that old... It's a shame, though - I'm too sick to read it right now. Ah well. It'll make for good bathroom reading. ;p
|
|
|
|
Sliver X
Guest
|
|
« Reply #26 on: January 04, 2007, 09:45:44 pm » |
|
Is there a GUI yet?
I like Mednafen, I just don't like having to type huge paths and stuff. >_>
Built in GUIs are redundant, at least for Windows (Even DOS has a few good frontends): Runtime changes for some things would be of benefit for Mednafen, but that itself doesn't require a GUI.
|
|
|
|
Kitsune Sniper
Guest
|
|
« Reply #27 on: January 04, 2007, 11:52:24 pm » |
|
I meant an external GUI that especially designed for Mednafen.
|
|
|
|
Sliver X
Guest
|
|
« Reply #28 on: January 05, 2007, 05:36:55 am » |
|
There is one for Win32: http://lhsp.s206.xrea.com/works/frontend.htmlI still prefer QuickPlay + edited INI file. Being able to run any of my ROMs from one common interface (And having most of my console ROMs in 7z archives) is invaluable, and the one thing I'm really missing in my current adventures of jumping headfirst into Linux. And to keep this on topic... :p Learning the language of the CPU of a computer is only half (or less) of the battle. You also need to have an understanding of the peripheral hardware in the machine, like the RAM, video hardware, sound hardware (Which in the case of the NES *is* the CPU), etc. Shit like $0200 - $07FF (RAM), $6000 - $7FFF (SRAM, if a game has it), $2001 (PPU register that controls color emphasis, monochrome mode, enabled/disabled sprite layer), yadda yadda. While I understand the architecture somewhat, my biggest obstacle was simply programming the damn thing, since I am extremely weak at programming in general; a lot of the concepts of what need to be done escape me, so I was pretty limited in what I could do with that Dragoon X Omega II hack I was a part of. I did, however, become a lot more proficient than I ever have been over the course of a few months, mainly just by reading a ton and experimenting a lot. NESDev is a godsend for information: I would suggest making that one of your first stops. Also, FCEUXD (I hear FCEUXDSP is good too, but I never used it) is invaluable for assembly hacking, mainly because of the quality of Parasyte's debugger and the awesomeness of bbitmaster's real-time hex editor. The hex editor lets you manipulate RAM or ROM on the fly, and highlights what has been changed in red; you can undo to hell and back as well, if you screw something up. I got to the point where I was conceiving/entering all my hacks in machine code in the thing, and it was *easy*; no other NES hacking environment is so user friendly. There are also some other interesting tools, like the code/data logger. I used this to quickly track down the routines for the HEAL/PURE/TENT/CABIN/Etc items in Final Fantasy by going to the item menu, starting the logger, using an item, then dumping the log to a stripped iNES file. A quick browsing with a hex editor showed small strings of code in a sea of 00s, since it only logs what was executed into the stripped ROM, at the address it's located. Searching for the first few opcodes in RAM during the item screen revealed where the game was loading the routines, and I set execute breakpoints there; from that point I was able to trace the code, gut the bastards, and splice in my own routines in their place: This allowed me to create unique item effects. I also traced some of the routines the game already had (Like refilling MP from the House, the save routine, etc), so I could call them as needed without having to reinvent the wheel, so to speak, which saved tons of room (I was extremely limited in free space in this particular bank). Once you even get a taste of assembly hacking, you'll wonder why in the hell you never learned how to use it earlier... I went 8 years without bothering to even really try to learn/use it, and regret it immensely.
|
|
« Last Edit: January 05, 2007, 05:54:07 am by Sliver X »
|
|
|
|
|