(Link to AcmlmWiki) Offline: thank ||bass
Register | Login
Views: 13,040,846
 Main | Memberlist | Active users | Calendar | Chat | Online users
Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album 		04-29-24 05:19 AM
0 users currently in ROM Hacking.
Acmlm's Board - I3 Archive - ROM Hacking - Disassembly help New poll | |
Add to favorites | Next newer thread | Next older thread
User Post
interdpth

Mole
MZM rapist


 





Since: 11-18-05

Last post: 6279 days
Last view: 6279 days
Posted on 06-17-06 11:35 PM Link | Quote
Not sure if this should go in here or in Programming.
I'm disassembling a function in Metroid Zero Mission I know the basics of assembly now.
My question though is how can I find out how if it's accessing an array or a struct how would I be able to recognize this stuff. Oh, any explanations would be helpful thanks!
never-obsolete

Paragoomba








Since: 05-14-06
From: AZ

Last post: 6281 days
Last view: 6281 days
Posted on 06-18-06 01:04 AM Link | Quote 

an array would probably be accessed by indexed addressing.

($nnnn = base adress)



    opcode $nnnn, register



just plug in your processor opcode that loads/moves a value as well as the

indexing register. a struct would probably use indexed indirect adressing.



    opcode ($nnnn), register



the base address would point to the first byte of the struct and the register would

be used to move to different variables. then increase the base pointer by the length

of the struct to get to the next struct.
labmaster

Red Paragoomba


 





Since: 11-18-05
From: Away for exams, back mid-December.

Last post: 6355 days
Last view: 6285 days
Posted on 06-18-06 02:08 AM Link | Quote
With THUMB code you often see data in structs accessed by a ldrx reg, [base, #imm].

It's really important that you have some idea of what the function is supposed to do, and what the memory that is accessed represents. After you've done quite a lot of RE you'll get the hang of recognising what higher level control/data structures look like in assembly, it'll just take time. If you've got any specific examples you'd like some help with, post them here and I'll take a look.
Ryusui

Red Paragoomba








Since: 06-15-06

Last post: 6398 days
Last view: 6293 days
Posted on 06-18-06 03:36 AM Link | Quote
Listen to Labmaster. His VBA-SDL-H is a romhacker's tactical nuke for GBA programming.

On a side note, Labmaster...while you're here, do you know of any good GBA disassemblers? Something that would allow me to selectively dismantle a piece of ROM into code I could just run back through Goldroad (which still appears to have a couple of bugs, but hey) and get something I could insert back into the original file? I've come to a fateful decision with my SF4 VWF...I'm going to rip the guts out of the entire print routine and refashion the whole damn thing in my own image. Of course, this entails that I have its slippery intestines in hand to remake into my cat's cradle...

If you look at my avatar, you'll see what I've got done in action...sorta. 1, the text is just barely legible in that squashed screencap, and 2, it's displaying a quote from SMT3: Nocturne's opening...but it's functioning nonetheless. Problem is, the print routine used in the actual game uses most of the same functions but works slightly differently, so if I'm going to get it to look right everywhere, my one and only option is to do some massive code surgery.

Bah, here's what it looks like unsquashed. Click to view.

Attachments



(edited by Ryusui on 06-18-06 02:36 AM)
labmaster

Red Paragoomba


 





Since: 11-18-05
From: Away for exams, back mid-December.

Last post: 6355 days
Last view: 6285 days
Posted on 06-18-06 07:24 AM Link | Quote
I use a copy of IDA I found lying around for most of my 'major' disassembly work (which isn't really that often) as it has a lot of nifty interactive disassembly functions (hence the name) that can save you a lot of time when you're doing a lot of work on the single game. Unfortunately, it's syntax doesn't quite match that of Goldroad: 


ROM:08018038                 PUSH    {R5-R7,LR}      ; Arguments:

ROM:08018038                                         ; r0 = String ID

ROM:0801803A                 MOV     R7, R11

ROM:0801803C                 MOV     R6, R10

ROM:0801803E                 MOV     R5, R9

ROM:08018040                 PUSH    {R5-R7}

ROM:08018042                 MOV     R7, R8

ROM:08018044                 PUSH    {R7}

ROM:08018046                 SUB     SP, SP, #0x84

ROM:08018048                 STR     R0, [SP,#0xA4+StringID]

ROM:0801804A                 LDR     R0, =0x3001E8C

ROM:0801804C                 MOV     R11, R1

ROM:0801804E                 LDR     R1, [R0]

ROM:08018050                 MOV     R2, #1

ROM:08018052                 MOV     R3, #0

ROM:08018054                 LDR     R5, =0x12B2

ROM:08018056                 STR     R1, [SP,#0xA4+VRAMBufferPtr]

ROM:08018058                 STR     R2, [SP,#0xA4+unk1]

ROM:0801805A                 STR     R3, [SP,#0xA4+unk2]


(ignore the symbols 'StringID', 'VRAMBufferPtr' etc... one of it's aforementioned handy features).

You could probably run a couple of regex's over it to smooth things out, though.

Alternatively, if you can't get your hands on IDA you could use VBA-SDL's 'dt' command (or 'da') will disassemble chunks of code to the console (use dt
, address and len are optional - I'd put them in brackets but I'm not sure how to escape them correctly on this board). Again, you'll have to make changes to the output so that Goldroad likes it - a set of regular expressions should do the trick.

I'm not sure if there are any other disassembler out there that will disassemble to a more assembler-friendly format, you might want to try googling for generic ARM7 assemblers/disassembler - hopefully there's something out there that'll save you some time.

(edited by labmaster on 06-18-06 06:26 AM)
Ryusui

Red Paragoomba








Since: 06-15-06

Last post: 6398 days
Last view: 6293 days
Posted on 06-18-06 03:30 PM Link | Quote
Right now, I'm assembling source code by copy-and-pasting each line from a trace file or typing them in manually using vanilla VBA's disassembler. Anything would be a time improvement, not to mention an accuracy one: I realized to my horror at one point that if I had made any kind of mistake, I'd have to compare hundreds of lines of code to find it. My shortcut was to dump the original binary code and use WindHex's file compare to check for any differences (apart from the fact that Goldroad 1.6 and 1.7 compile ldrh instructions as ldsb ones at inappropriate times; I had to work around that to make my code behave properly); it worked well, but I'd prefer to be sure the first time.
interdpth

Mole
MZM rapist


 





Since: 11-18-05

Last post: 6279 days
Last view: 6279 days
Posted on 06-18-06 03:59 PM Link | Quote
I went out and purchased No$GBA for $15 dollars cheap, and well worth the money.
Add to favorites | Next newer thread | Next older thread
Acmlm's Board - I3 Archive - ROM Hacking - Disassembly help |


ABII

Acmlmboard 1.92.999, 9/17/2006
©2000-2006 Acmlm, Emuz, Blades, Xkeeper

Page rendered in 0.014 seconds; used 380.65 kB (max 458.93 kB)