 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
| 0 users currently in ROM Hacking. |
| User | Post |
| probert Posts: 4/7 |
Hi, everyone.
I'm a little busy, but sometimes I got a time to study SF2 code and to learn some things... I figured out some kind of print (for those who knows C, printf) function in ROM. It's called in many places and prints out stuff like "Licensed by Nintendo", 1P, 2P, Fighters names, Start, Press, "Here's comes a new chalengers"; Games Start, Vs Battle and Options, and almost everything 
I guess, the function uses information that stores the color, and x-y position, but didn't realised how and where. Below is a snippet (not very well) commented by me... If you find some error, tell me. It will be good to learn a little more. If you have a doubt I will try to answer (if I know it, of course
P.S. Sorry but don't have a website to put this information into. I will got an account in any free webserver later, I promiss you. ; Snippet ; Some kind of printf ; ; Input ; A = index of pointer table stored in $07:AA8A (0003AA8A in ROM) ; Output ; String in color (?) and position defined from address $07:AC0C ; 00/8E50: E2 30 SEP #$30 ; 8BITS 00/8E52: 85 02 STA $02 ; $0002 = $04 f. example Licensed by Nintendo 00/8E54: 29 7F AND #$7F ; A = $04 -> The max is $7F 00/8E56: 0A ASL ; A *= 2 (pointer is 2 bytes long) 00/8E57: A8 TAY ; Y = A, Y = 8 ; ($aa8a = pointer table) 00/8E58: B9 8A AA LDA $AA8A,Y ; A = (07:AA92) 00/8E5B: 85 10 STA $10 ; ($10) = $0C 00/8E5D: B9 8B AA LDA $AA8B,Y ; A =(07:AA93) 00/8E60: 85 11 STA $11 ; ($11) = $AC 00/8E62: A6 A4 LDX $A4 ; X = $00, $A4 = $00 00/8E64: A0 00 LDY #$00 ; Y = $00 ; ; 00/8EC3: 80 A1 BRA $8E66 ; ; ($0C) = Offset which will be read 00/8E66: 84 0C STY $0C ; ($0C) = $00 00/8E68: A9 01 LDA #$01 00/8E6A: 85 04 STA $04 ;$04 = 01 -> $04 = IsFirstTime? 00/8E6C: A4 0C LDY $0C ; Y = $00 ; READ STRING LENGTH 00/8E6E: B1 10 LDA ($10),Y ; 07:Ac0c + Y => A = 14 (strlen) 00/8E70: F0 66 BEQ $8ED8 ; if end of string (null terminated) 00/8E72: 85 00 STA $00 ; $00 = 14 -> len 00/8E74: 0A ASL ; A *= 2 -> 28 times ; $603, $62f <-- strlen * 2 00/8E75: 9D 03 06 STA $0603,X ; 00/8E78: C8 INY ; $20 must be color 00/8E79: B1 10 LDA ($10),Y ; (07:ac0d) magic number?? A = $20 ; Don't know why to turn bit 0 on 00/8E7B: 09 01 ORA #$01 ; A = $21 00/8E7D: 85 01 STA $01 ; $01 = $21 = '!' char 00/8E7F: C8 INY 00/8E80: A9 80 LDA #$80 00/8E82: 9D 00 06 STA $0600,X ;($600) = $80; ($62c) = $80 00/8E85: E8 INX ; (07:ac0e) in the second time 00/8E86: C2 21 REP #$21 ; A 16bits, X 8bits 00/8E88: DA PHX ; Save X 00/8E89: B1 10 LDA ($10),Y ; A = $49c6 00/8E8B: C8 INY 00/8E8C: C8 INY ; Y += 2 00/8E8D: A6 04 LDX $04 ; X = $01; IsFisrtTime = True 00/8E8F: D0 03 BNE $8E94 ; if x != 0 ; If Not IsFirstTime A = $49c6 + $0020 = $49e6 00/8E91: 69 20 00 ADC #$0020 ;A = $49e6 ; ; 8e8f bne (#03) [$8e94] ; 00/8E94: FA PLX ; Restore X 00/8E95: 9D 00 06 STA $0600,X ; X = 1, ($601) = $49c6 (??) 00/8E98: E8 INX 00/8E99: E8 INX 00/8E9A: E8 INX ; X += 3, X = 4, where will start 00/8E9B: E2 20 SEP #$20 ; A 8bits 00/8E9D: A5 02 LDA $02 ; A = 04 00/8E9F: 30 24 BMI $8EC5 ; Not Minus, continue ; ; $07/AC0C until $07/AC23 is string 'LICENSED BY NINTENDO' area ; $00 -> string length ; ; Y = offset in $07:00ac0c ($0003AC0C in ROM) ; X = offset in $00:000600 ; fills $000600 until $00062f area ; after $000630 until $000657 ; ; $04 probably is a flag that means: 1 - first time, 0 - second time ; $04 = $IsFirstTime ? ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; start of loop ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 00/8EA1: DA PHX ; Save offset 00/8EA2: B1 10 LDA ($10),Y ; Next string's char 00/8EA4: AA TAX ; X = A = tiles index (i guess) 00/8EA5: BD EA A9 LDA $A9EA,X ; tile index starts in ($a9ea) ($0003A9EA in ROM) 00/8EA8: F0 05 BEQ $8EAF ; if $00 (space in string) goto $8eaf 00/8EAA: A6 04 LDX $04 ; X = 01 00/8EAC: D0 01 BNE $8EAF ; If X != 00 goto $8eaf, else INCrement A ; If not IsFirstTime 00/8EAE: 1A INC ;I guess Inc is for Shadow ; If IsFirstTime 00/8EAF: FA PLX ; Restore offset 00/8EB0: 9D 00 06 STA $0600,X ; Store tile index in $6xx 00/8EB3: C8 INY ; 00/8EB4: E8 INX ; 00/8EB5: A5 01 LDA $01 ; $01=$21 00/8EB7: 9D 00 06 STA $0600,X ; A ! ($21) char between every tile ; the reason we multiply for 2 above (00/$8E56) 00/8EBA: E8 INX 00/8EBB: C6 00 DEC $00 ; Decrement string len counter 00/8EBD: D0 E2 BNE $8EA1 ; If not end of string, continue ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; end of loop ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; IsFirstTime = false 00/8EBF: C6 04 DEC $04 ; $04 = 00, in second time, $04=$ff 00/8EC1: 10 A9 BPL $8E6C ; If IsFirstTime = -1, go away, else, continue in ($8e6c) ; ; ; 00/8EC3: 80 A1 BRA $8E66 ; 00/8EC5: 9E 00 06 STZ $0600,X 00/8EC8: C8 INY 00/8EC9: E8 INX 00/8ECA: 9E 00 06 STZ $0600,X 00/8ECD: E8 INX 00/8ECE: C6 00 DEC $00 00/8ED0: D0 F3 BNE $8EC5 00/8ED2: C6 04 DEC $04 00/8ED4: 10 96 BPL $8E6C 00/8ED6: 80 8E BRA $8E66 ; come here in the end of the string 
00/8ED8: 86 A4 STX $A4 ; $A4 = number of bytes writen since $000600 00/8EDA: 60 RTS ; return ($85a1, f.example) Hope this helps to undestand something... This function just fills region from $600, the function that really do the video stuff I am learning it yet. I wil try to post something more useful next time. Yeah, I almost forget. Below is a try to the function ; ; Input: A => Index of Text in a Table Pointer ($0003AA8A) ; $00/8e50 -> prepare for 'print' ; 00/859C A9 04 LDA #$04 00/859E 20 50 8E JSR $8E50 ; ; Try to change, for example, address $859d from range $01 to $7f and reset the emulator. You will got the concept behind the function
Best regards, everyone. |
| probert Posts: 2/7 |
I didn' t know that sf2 had a debug mode... What you said is true... There's a lot of garbage in the ROM, maybe the laziness was so big or the hurry to release sf2 avoided to remove them
I will post anything I find, too Best regards, people. |
| BMF54123 Posts: 187/876 |
Ooh, Street Fighter II? You could help me figure out how to enable the game's debug mode, if it still exists. There's all sorts of text left in the ROM.
I'll post my notes, if I can find them... |
| umbrellastyle Posts: 1/1 |
Whoa. This is exactly the reason I re-registered for these boards just now.
I am also interested into getting into the asm side of things, and I also can't find anything at all even related to SF hacking, I was hoping someone here could help point me in the right direction. |
| probert Posts: 1/7 |
Hi every one.
I am new to snes 65c816 asm, but not new to asm. I chose start with Sf2 Rom to study disassembled and debug (trace) code. The other game I think of get a look it's MegaMan (X or 7, haven't chosen yet), to try to realize password system, or something like that. Just read lots of lots of snes docs. I was able to figure out dma stuff, for instance. Although I got a look a bit fast, I could realize some routines like the one that prints out "Licensed by Nintendo", FadeIn Screen, FadeOut Screen, some SPC stuff and the bits of code that changes some important addresses. I'm using the Greig's Snes9x. I know a fight game have not much to change at all, but for learning, I think any game is good. I just like sf2 so much. My intent in this thread is... There's is plenty of SF2 hacks, but has no information about it on the net. Tried to google for some info, but nothing... have anyone tried to look at sf2 game?? Or just compare some code with some hacked roms? Looking for anyone who wants to share information. It's that. P.S. It's my first post, so sorry for anything. |
