Register | Login | |||||
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
| |
0 users currently in ROM Hacking. |
Acmlm's Board - I3 Archive - ROM Hacking - SNES Hacking, RAM Write Breakpoints, and Frustration (Need Help) | New poll | | |
Add to favorites | Next newer thread | Next older thread |
User | Post | ||
QBRADQ Goomba Since: 01-18-06 From: Eastern Oklahoma Last post: 6781 days Last view: 6781 days |
| ||
Hello again.
Umm, I thought I had been posting to this board over the past few weeks, but none of the posts have gone through. Not sure what that's about, so I will be monitoring this one closely to see what's going on (possible I was forgetting to hit "Submit Thread" on the preview page). NOTE: Using snes9x1.43.ep9r8 Anyway... what brings me here to ask for help is something that is frustrating the heck out of me. I'm hacking into an SNES ROM that's almost untouched (I'll be telling you what game it is once I have enough info to post). I've been looking for the map data, but had to start out with the few values that I knew. So, I found the RAM locations for enemy stats and the like, then traced where those came from in the ROM. Then, I figured out how this data was indexed, and where the index is stored in RAM. However, I've now hit a wall while trying to trace where the index values are loaded from ROM. I've set a write breakpoint for 7EE83D, which is the RAM address of an enemy index value (8-bit, P->M=ON), but the breakpoint never trips. I can open up the hex viewer and watch the value change as expected, yet the breakpoint doesn't trip. Only on rare occassion (when the enemy loaded in at 7EE800 - 7EE9FF drops an item) does the breakpoint trip. At this point, the index value is set to 0xEA (possibly others, I've only seen this happen twice) no matter what the index value of the enemy was. So... I used some creative save states and the "Frame Advance" feature to get a full CPU trace of the frame preceeding, the frame of, and the frame after the index value is set. Being nearly 90,000 operations long, I couldn't got through the entire trace by hand, so I used OpenOffice's spreadsheet application to search through it. The only time the program makes referance to an E83D address is when it reads the index value before loading the enemy data. Digging a little deeper, I discovered that there are four DMA transfers (two General DMA, and two H-DMA) that occur at the begining of the frame in which the index value changes (I didn't look at the other frames). I thought this might be something, like the program is DMA'ing a bunch of data into the 7EE800 - 7EE9FF range on enemy load. However, from my understanding of the SNES's DMA, you can only transfer between the CPU and PPU. This has indeed be frustratting. I have yet to attempt and trace the DMA opperations to see what is going on with those. Questions 1) Is a CPU-ROM to CPU-RAM DMA transfer possible? 2) Are there any known bugs with snes9x1.43.ep9r8's debugger that might be makign it miss some instruction (specificaly something to do with storing to a relative memory address)? 3) Has anyone else come upon a similar problem? And if so, what was the solution? Thanks, QBRADQ (edited by QBRADQ on 02-17-06 05:50 PM) |
|||
BMF54123 Since: 11-18-05 From: MOOGLES Last post: 6431 days Last view: 6430 days |
| ||
Originally posted by QBRADQYes indeed. You just write a 17-bit RAM address ($00000-$1FFFF, or $7E0000-$7FFFFF) to $2181-$2183, and then DMA to $2180. (edited by BMF54123 EX Alpha + on 02-18-06 03:24 AM) |
|||
Parasyte + Red Paragoomba Since: 01-05-06 Last post: 6752 days Last view: 6752 days |
| ||
I recall Geiger's debugger had incomplete breakpoint support for certain instructions. For example, the MVP/MVN instructions would not snap the debugger as you'd expect. I haven't any idea if these issues were ever looked at. There was a big debate about the whole thing a long while back which went nowhere. | |||
d4s Shyguy Since: 12-01-05 Last post: 6553 days Last view: 6451 days |
| ||
Originally posted by BMF54123 EX Alpha +Originally posted by QBRADQYes indeed. You just write a 17-bit RAM address ($00000-$1FFFF, or $7E0000-$7FFFFF) to $2181-$2183, and then DMA to $2180. wrong. dma works by simultanously reading from the a-bus(rom,ram) and writing to the b-bus or vice versa. although this looks like a neat way to copy stuff from rom to ram, its not possible on the actual hardware. theres no way to transfer from a-bus to a register on the b-bus that in turn writes to the a-bus. i know zsnes allows it, but it will break your code on the real thing, so just dont use it. as parasyte suggested, use mvn/mvp instead, but be sure to read up how they work exactly before you try to implement them. oops, didnt read the initial post. i think its highly unlikely that things with a size of one or two bytes like individual enemy stats get transferred via block move commands (mvn/mvp). (edited by d4s on 02-18-06 05:40 PM) (edited by d4s on 02-18-06 05:41 PM) (edited by d4s on 02-18-06 05:48 PM) |
|||
QBRADQ Goomba Since: 01-18-06 From: Eastern Oklahoma Last post: 6781 days Last view: 6781 days |
| ||
Indeed. There are no MVN or MVP operations within the trace.
I really hope I can figure this out soon. Does anyone know of another emulator that has a debugger? Or perhaps just a command-line debugger I could use? I'm desperate here people! Thanks, QBRADQ |
|||
Sukasa Birdo Not quite as active as before. Xkeeper supporter Xk > ||bass I IP Banned myself! Twice! Since: 11-17-05 From: Somewhere over there Last post: 6432 days Last view: 6430 days |
| ||
d4s: What register did you forget about? There's a set of 4 registers (17-bit addy, and an 8-bit data register) that are in the $21xx range that you can write to for Rom-> RAM memory-fill and that.
Check Qwerty's SNES hardware doc, in the DMA section. |
|||
BMF54123 Since: 11-18-05 From: MOOGLES Last post: 6431 days Last view: 6430 days |
| ||
Originally posted by d4sOooookay...then what in the world are those registers good for? Seems silly to allow WRAM access from a PPU register when you can't even use DMA. |
|||
d4s Shyguy Since: 12-01-05 Last post: 6553 days Last view: 6451 days |
| ||
Originally posted by Sukasa + i dont think you got my point. of course, $2180-$2183 can be used to write to ram. that wasnt the question, however. the question was: "is it possible to transfer data to wram by dma'ing to registers $2180-$2183?" i will try to explain that again: the snes has two busses, the A-bus (24-bit adressbus, cartridge rom, wram) and the B-bus (8-bit adressbus, apu ports, ppu regs). from the cpu's pov, the B-bus is located at $2100-$21ff. each bus can only be accessed by one device at a time. dma works so fast because it accesses both busses simultanously, read from the a-bus (rom, for example) and write to the b-bus(vram ports) or vice versa. however, its not possible to read AND write to the same bus at the same time. but by dma'ing to regs $2180, youre exactly trying to do that. dma reads data from the rom(a-bus) and transfers it to the wram port(b-bus). at the same time, the wram port tries to write that data back to wram(a-bus). thus, the dma reads and the wram port writes conflict, because both try to access the a-bus at the same time. just because you CAN do this or that programming-wise, that doesnt mean that it will actually work, especially on the snes. writing to vram outside blanking periods would be another example of this. just dont do it. and if you cant test your code on a real machine, be sure to at least test it in byuus bsnes, its the most accurate snes emu out there and imho the only one that fully emulates the above-mentioned limitations of the hardware. i think byuu visits this board from time to time. if you've questions regarding limitations of the hardware, ask him. bmf: i've never used the wram port regs, either. but i think they're quite useful if you want to copy data from rom to ram fast and modify it at the same time.(decompressing data, building tilemaps and stuff like that) first, you dont have to update the pointer to wram and second, you dont have to do writes to a 24bit adress in order to access wram-adresses above $7e1fff. (edited by d4s on 02-19-06 10:28 AM) |
|||
MathOnNapkins 1100 In SPC700 HELL Since: 11-18-05 Last post: 6431 days Last view: 6430 days |
| ||
@QBRADQ: Try Sleuth. It both logs, does breakpoints, and allows you to step through code line by line. It also allows you to step through the SPC700, though you can't breakpoint or log.
@the thread: Of note is that Neviksti's InitSNES.asm file uses registers $2180-83 to initialize WRAM. I'll post it for your viewing pleasure: ;**** clear WRAM ******** STZ $2181 ;set WRAM address to $000000 STZ $2182 STZ $2183 LDX #$8008 STX $4300 ;Set DMA mode to fixed source, BYTE to $2180 LDX #wram_fill_byte STX $4302 ;Set source offset LDA #:wram_fill_byte STA $4304 ;Set source bank LDX #$0000 STX $4305 ;Set transfer size to 64k bytes LDA #$01 STA $420B ;Initiate transfer LDA #$01 ;now set the next 64k bytes STA $420B ;Initiate transfer ... And that's all it takes really. I didn't even know these registers existed until I was trying to fix something in Sukasa's homebrew rom he posted before the board crash. (It of course used Neviksti's code to initialize.) edit:@d4s: So uh... I noticed the code I gave above does not work, according to you, so I decided to try to find a professional game that used such a technique. My first try was DKC and it showed up as the first DMA transfer: DMA[0]: write Mode: 0 0x80A90B->0x2180 Bytes: 0 (fixed) V-Line:8 Now that's actually 64K of bytes but whatever. It's possible the developers at rare were incorrect and that this doesn't actually do anything on the real thing, but don't you find this at least a little bit odd, given they probably had way better debugging environments than us? Though... as far as the bus conflict goes, this is indeed a "fixed" address transfer, so that may be why it could theoretically work. i.e. if I understand correctly, only one bus access is needed from rom, though I don't know if this access is in reality performed only once. Edit2: Blackthorne also uses it in a similar fashion. Have not yet encountered a sequential write to $2180, and don't expect to. (edited by MathOnNapkins on 02-20-06 07:49 AM) (edited by MathOnNapkins on 02-20-06 08:25 AM) |
|||
Sukasa Birdo Not quite as active as before. Xkeeper supporter Xk > ||bass I IP Banned myself! Twice! Since: 11-17-05 From: Somewhere over there Last post: 6432 days Last view: 6430 days |
| ||
...And in that crash, it seemed to be related to either the tilemaps of the graphics later on. Before those I had a palette upload, which worked fine. Also, in that ROM, it seemed that the MVP instruction I was using didn't work for some reason... I think it might be interrupts messed with it.
Anyways, that ROM... died in my computer's hard drive failure, so I'm redoing it from scratch... On an old WIN3.1 compy :\ |
|||
Gideon Zhi Keese Since: 12-05-05 From: ...behind you! Boo! Last post: 6433 days Last view: 6430 days |
| ||
d4s- Dunno what you've been doing, but I've been using code like this in my games for a very long time. Copy and pasted from my DMA Beginner's Doc:
And damn straight it works on the real thing. Been doing this for years. I think the first game I used this code in was Gundam Wing Endless Duel, back in june of '02 :p Edit: I'm positive I've used the same code, or at least extremely similar derivatives, in at least Gundam Wing, Shin Megami Tensei 2, Kunio-tachi no Banka, G-Gundam, Rockman & Forte, Gunman's Proof, Super Robot Wars 3, King of Demons, Magical Pop'n, Jutei Senki, Cyborg 009, Madou Monogatari, and Hiouden. It's also used in Shiren, although that's not out yet (soon!), and I might have to employ it in Fire Emblem. I can also say for certain that I've completed Gundam Wing, Kunio, Rockman & Forte, Gunman's Proof, King of Demons, Magical Pop'n, and Madou Monogatari on my swcdx2 copier :p (edited by Gideon Zhi on 02-20-06 01:46 PM) |
|||
Sukasa Birdo Not quite as active as before. Xkeeper supporter Xk > ||bass I IP Banned myself! Twice! Since: 11-17-05 From: Somewhere over there Last post: 6432 days Last view: 6430 days |
| ||
Well, why would they even have those registers if they didn't work on the real thing? Those registers will really help with my filing system in my SNES game... fragmented files aren't always fun. | |||
MathOnNapkins 1100 In SPC700 HELL Since: 11-18-05 Last post: 6431 days Last view: 6430 days |
| ||
^ The issue is not whether they work, but whether they work with DMA. I'm pretty sure that using $2180-83 with a loop would be at least twice as fast as MVN or MVP. So even without DMA you could block move from WRAM to WRAM fairly quickly.
MVN/MVP use a lot of cycles - I've heard either 7 or 8 cycles per byte. that's why I think using these registers would be better. I'm wondering, however, if the cycles mentioned in documents are master cycles or cpu cycles. I'm leaning towards cpu cycles, but I can hope. |
|||
Sukasa Birdo Not quite as active as before. Xkeeper supporter Xk > ||bass I IP Banned myself! Twice! Since: 11-17-05 From: Somewhere over there Last post: 6432 days Last view: 6430 days |
| ||
7 cycles a byte. I've changed my mind to use DMA for all file loading in that ROM. Now I just have to put together a macro system that works... I might be asking for help in that regard... | |||
Gideon Zhi Keese Since: 12-05-05 From: ...behind you! Boo! Last post: 6433 days Last view: 6430 days |
| ||
I asked the question of former-emulator-coder MKendora in my IRC channel, and this was the response:
Simply put, I think d4s is wrong No offense, man! |
|||
eNathan Newcomer Since: 02-22-06 From: Earth Last post: 6658 days Last view: 6658 days |
| ||
QBRADQ, this is my only sugestion if your breakpoints are not triggering. Use an external software to do it, such as TSearch. Google for it | |||
d4s Shyguy Since: 12-01-05 Last post: 6553 days Last view: 6451 days |
| ||
Originally posted by Gideon Zhi yep, i was wrong there guys, sorry for causing confusion. ~_= mixed up wram/wram and rom/wram somehow. still, i wonder what other bus wram is supposed to be connected to. i'll have look at some official diagrams, but from what i recall, it was on the a-bus aswell. maybe wram is some kind of special case, i think i'm gonna ask neviksti how it works exactly. i will try this out later in places where i currently use mvn/mvp. (edited by d4s on 02-25-06 05:37 AM) (edited by d4s on 02-25-06 05:41 AM) (edited by d4s on 02-25-06 05:42 AM) |
|||
creaothceann Red Goomba Since: 11-22-05 Last post: 6626 days Last view: 6626 days |
| ||
Look for anomie's docs on RomHacking.net, I think he mentioned it somewhere. |
Add to favorites | Next newer thread | Next older thread |
Acmlm's Board - I3 Archive - ROM Hacking - SNES Hacking, RAM Write Breakpoints, and Frustration (Need Help) | | |