Acmlm's Board - I2 Archive - Super Mario World hacking - Now how's that RAT thing work again?
| User | Post |
Sukasa
Posts: 311/1981 |
Sorry, I misunderstood what he was saying *deletes post* |
Juggling Joker
Posts: 686/1033 |
Some of us (and obviously Fu is one of these people) actually respect the wishes of fellow programmers. |
FuSoYa
Posts: 173/255 |
I use a 65816 cross assembler by Jeremy Gordon. I've used it since I first started SNES hacking, actually. Problem is, the only compiled version I found on the net back then refused to run in Win9x (had to exit windows entirely). The source is out there, so I recompiled it as a win32 console app. Also had to fix a few rarely used stack opcodes so they'd assemble correctly. Come to think of it, PER was probably one of them. 
I'd send you a copy to see if it's more to your liking, but the doc with the source seems to prohibit distributing modified binaries/source. *shrugs*
|
HyperLamer
Posts: 3970/8210 |
Bah, damn thing. What do you use anyway? |
FuSoYa
Posts: 172/255 |
Originally posted by HyperHacker
Hmm, 'PER fb_return-1' is giving me illegal addressing mode errors.  (fb_return is just a few bytes after that.)
*downloads SNESASM and plays with it a bit*
As far as I can tell, this assembler doesn't properly handle using a label with that opcode. Even with values you have to be careful, as it apparently doesn't realize that PER is always a 3 byte instruction.  Looks like you'd have to use PER.w #$0007-1, and adjust the value yourself if the number of bytes between PER and "Fake" changes.
|
HyperLamer
Posts: 3966/8210 |
That was basically the idea, but I wanted it to be more universal. I may just use Fu's idea though. This should help a lot, thanks! 
[edit] Hmm, 'PER fb_return-1' is giving me illegal addressing mode errors. (fb_return is just a few bytes after that.)
Also, anyone know an assembler like SNESASM that won't crash when I try to BNE/BEQ/BRA backward, or a way to avoid it?  Proper inline hex support (db #$04) and a way to indicate to it that I'm using 16-bit instructions (like switching to 16-bit mode isn't enough  ) would be a plus too. It's difficult to use a 16-bit add when it only writes 2 bytes and you can't manually add the third byte to make up for it.  |
Parasyte
Posts: 393/514 |
You can also locate (or add) a small routine written specifically for calling subroutines from outside banks. These can usually be found directly before the subroutine they call. They look like this:
JSR $subroutine
RTL
Just JSL to that first instruction. Simple. |
FuSoYa
Posts: 171/255 |
Originally posted by HyperHacker
Also how can I JSL to a subroutine that ends with RTS? I know I heard some way to do it by messing with the stack...
There's a few lines of code I use all the time for this. You can run it from any bank, and it only requires finding a single existing 0x6B (RTL) byte within the same bank as the subroutine ending in RTS that you want to call.
PHK ;current bank byte for RTL
PER Fake-1 ;16 bits for RTL
PEA $804D-1 ;16 bit address of 0x6B byte
JML $Routine ;long jump to RTS subroutine
Fake (whatever) ;continues here
As for RATs, remember that LM uses a slightly older implementation of the RAT system. A tag will only protect data in the same LoROM bank, so it shouldn't be set larger than that. |
Sukasa
Posts: 289/1981 |
Originally posted by Escherial
Taken from LunarDLL.h, starting at line 1012:
The format of a RAT tag is as follows:
S T A R ssssssss SSSSSSSS cccccccc CCCCCCCC (8 bytes)
"STAR" Tag identifier, which is the word "RATS" reversed in
all-caps.
SSSSSSSS ssssssss Size-1 of data, 16 bit, little endian. It does not
include the size of the RAT tag itself.
CCCCCCCC cccccccc Inverse of size-1, 16 bit, little endian.
Sorry if i'm being dumb, but I've missed something. Could you please PM me how to make this work, because I will need to use a RATS tag soon. |
Escherial
Posts: 89/90 |
Ah, that one's easy: use the "XBA" opcode (hex value: EB). It swaps the bytes of the A register, as you desire. |
HyperLamer
Posts: 3965/8210 |
Ah, so that's where I saw that. Thanks. As for the JSR problem, I found a way: Push the return address manually and jump. Since JMP supports indirect addressing, it fixed some other stuff too. (Has to be done in the same bank, of course, but this allowed small enough code to fit it there.)
This is what I used, it won't work in 16-bit mode which I'd like to fix if possible (but probably not). (Put it at 0x3C80 in the ROM, write the address to $06FE, and JSL to it, and you can call code in bank 0 that's supposed to be JSRed to.  )
STA $FF ;Unused except between levels
LDA #$BA ;Store return address
PHA
LDA #$8C
PHA
LDA $FF
JMP ($06FE)
RTL
Now is there a way to swap the bytes of the A register? I need to read a byte in 8-bit mode, make it the high byte of A, read another byte, go to 16-bit and modify them. (Damn fireball code storing low and high bytes at two different places. ) I think I know a way, but I need to sleep.  |
Escherial
Posts: 88/90 |
Taken from LunarDLL.h, starting at line 1012:
The format of a RAT tag is as follows:
S T A R ssssssss SSSSSSSS cccccccc CCCCCCCC (8 bytes)
"STAR" Tag identifier, which is the word "RATS" reversed in
all-caps.
SSSSSSSS ssssssss Size-1 of data, 16 bit, little endian. It does not
include the size of the RAT tag itself.
CCCCCCCC cccccccc Inverse of size-1, 16 bit, little endian.
Min/Max size allowed: 1-0x10000 As far as I know, the only difference between RTS and RTL is that RTL pulls the program bank register value off the stack (that was pushed there by JSL) whereas RTS doesn't. With that in mind, I can't think of any way to have RTS jump back to the right section of code unless you somehow ensure that the PBR gets set to wherever the JSL came from originally, which would obviously require modifying the subroutine in question.
Sorry if that's not very helpful, but I can't figure any other way to do it.
EDIT: Actually, you'd already be screwed once you pulled the PBR, since you'd then be whisked off to some random point in the bank from which you JSLd. The beauty of RTL is that it changes the program counter and the program bank counter in one fell swoop. So yeah, *shrug*... |
HyperLamer
Posts: 3962/8210 |
Coulda sworn I had this written down (or in LM's help file ) but I can't seem to remember the RAT tag format. How exactly did that go?
[edit] Also how can I JSL to a subroutine that ends with RTS? I know I heard some way to do it by messing with the stack... Putting the code in RAM and using JSR doesn't work, because it just jumps to other parts of RAM. |
|
labmaster
