+  RHDN Forum Archive
|-+  Romhacking
| |-+  ROM Hacking Discussion
| | |-+  Understanding an SNES Pointer
Pages: [1]
Author Topic: Understanding an SNES Pointer  (Read 2 times)
elixirnova
Guest
« on: May 26, 2008, 09:39:46 pm »
I read all the documents and information I could find on how pointer tables work. I have been having trouble with the mega man X3 graphics pointer table that euclid mentioned in his document.

Here is what I understand of it. As well as some clips of the document by Euclid.

Quote
Euclid's MMX3 Decomp document:
0x37732 to 0x37B83 - gfx pointers, there's 221 of them (followed by lotsa FFs), 5 bytes,
 - first 3 bytes are 3 byte pointers
 - the next 2 values is the length
So here are the values you would find in the rom at that address
00 80 1a c0 03
0c 83 1a 00 26
3e 88 1a a0 07
f6 8d 1a e0 07
82 93 1a 00 04

So when they are rearranged to become physical snes rom addresses they should be?

1A8000 (03C0 Bytes)
1A830C (2600 Bytes)
1A883E (07A0 Bytes)
1A8DF6 (07E0 Bytes)
1A9382 (0400 Bytes)


There sure isn't any gfx data at 1A8000, it is the Tile arrangement data for Doppler stage #1.

The thing that really confused me is he points to the following location and length for his sample C decompression routine that works great.
0xE84B3
Length of data it reads is  0xA00
0
According to this data wouldn't the pointer look like
B3 84 0E 00 0A
That surely does not show up anywhere in the rom or pointer table.

What I do know is the compressed graphics are stored around 0xD0000-0x110000 since I can easily corrupt them and see them get messed up...

I did read somewhere that pointers can be tricky and do not all follow the same rules. Obviously this one being three bytes long is different than the standard documents suggest.
I am working on learning to use the debugger and tracer to maybe understand it on my own.

Anybody got any ideas?
I'd like to put out a program to uncrompress all the compressed gfx in the rom so one can edit them and reinsert them.
Lenophis
Guest
« Reply #1 on: May 26, 2008, 10:07:37 pm »
24-bit pointers like that do not relate to file addresses. They are CPU pointers. In cases like this, the bank byte (0x1A) will be offset by some added value, but not always. MMX3 is a LoROM game, so 0x1A could be +0x80 it's value. So, the bank could be 9A or 1A, but how do we know for certain? I dunno, actually, most games know how to figure themselves out.

But, to get a good idea, you'll need to head to those offsets in the file to find out. If I did my math right, the data you seek is at 0xD0000 (add 0x200 if you have a header). However, I'd ask for some confirmation, since my knowledge of LoROM is about as good as crap, so don't assume I'm right on this.

--Edit--
Of course, it's entirely possible for any amount to be added to the bank byte...
« Last Edit: May 26, 2008, 10:25:53 pm by Lenophis »
elixirnova
Guest
« Reply #2 on: May 26, 2008, 11:06:06 pm »
It being at 0xD0000 would make perfect sense since when I corrupt it certain graphics get messed up.

But how do you go from adding 0x80 to 0x1A and getting a CPU bank of either 0x1A or 0x9A. To an address of 0xD0000?

I'm sure it is something simple I can find just by understanding ROM and RAM addressing better. So I'll go check that out for now and learn some more!

EDIT: I just figured out the whole Bank things! http://www.romhacking.net/docs/anusp.htm anusp's document really helped with that!
And here's what I determined!
Hex 0E8000 = 1D8000 Low-Rom SNES

0xE84B3(0x2600 Bytes) Tile screen graphics
What it would look like in Hex as a pointer B3 84 1D 00 26
I then did a search and I found the pointer at offset 0x37791

So the next pointer in the list is  (C3 9F 1D 00 08) and must point to
0xE9FC3 with a length of 0x800 Bytes! How cool, but I sure cannot get the gfx to decompress in the program yet.. ah well at least I understand the pointers now!
« Last Edit: May 27, 2008, 12:53:31 am by elixirnova »
HyperHacker
Guest
« Reply #3 on: May 27, 2008, 03:42:57 am »
Lunar Address.
Gideon Zhi
Guest
« Reply #4 on: May 27, 2008, 09:34:19 am »
LoROM banks are 32K in size (0x8000 bytes.) 1A8000 becomes D0000 by simple counting or modulo math. Banks are mirrored at 0x808000 as well.

LoROM banks are always addressed at 0x8000-0xFFFF in the direct page. If you set the pointer at anything less than 0x8000, you're pulling at memory. Thus....

Code:
LoROM 008000 or 808000 = file 000000.
LoROM 018000 or 818000 = file 008000.
LoROM 028000 or 828000 = file 010000.
... and so on and so forth.
MathOnNapkins
Guest
« Reply #5 on: May 27, 2008, 09:43:52 am »
Aw man Gideon.... I hate when people say the banks are 32K in size. The actual banks themselves in the processor's address space are not 32K, they're 64K (always!). It's just that a cart that has a LoROM mapping will sequentially map itself in 32K chunks into the second halves of consecutive banks.

For example:

in the rom file, addresses 0x0000 to 0x7FFF get mapped to $00:8000 to $00:FFFF in the cpu.
addresses 0x8000 to 0xFFFF in the rom get mapped to $01:8000 to $01:FFFF in the cpu.
addresses 0x10000 to 0x17FFF in the rom get mapped to $02:8000 to $02:FFFF in the cpu

Note the two digits before the colon denote the bank number, and that these addresses ignore any possibility of a rom header.

Quote
If you set the pointer at anything less than 0x8000, you're pulling at memory.

... You're only pulling at memory (RAM) if the pointer is < 0x2000. Otherwise you're either reading off of a bus or a hardware register. But yeah I'll agree that you certainly won't be accessing rom data.
KingMike
Guest
« Reply #6 on: May 27, 2008, 11:00:15 am »
Quote from: MathOnNapkins on May 27, 2008, 09:43:52 am
Aw man Gideon.... I hate when people say the banks are 32K in size. The actual banks themselves in the processor's address space are not 32K, they're 64K (always!). It's just that a cart that has a LoROM mapping will sequentially map itself in 32K chunks into the second halves of consecutive banks.

Technical nitpicking beyond most people's concern. Grin
Pages: [1]  


Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC