| |||
Views: 88,479,965 |
Main | FAQ | Uploader | IRC chat | Radio | Memberlist | Active users | Latest posts | Calendar | Stats | Online users | Search | 04-25-24 03:20 AM |
|
Guest: Register | Login |
0 users currently in ROM Hacking | 2 guests | 1 bot |
Main - ROM Hacking - Question about NES ASM - JSR (20) Opcode | New thread | New reply |
Trax |
| ||
Yellow Stalfos Level: 71 Posts: 90/1145 EXP: 3035471 Next: 131643 Since: 07-06-07 From: Québec Last post: 3625 days Last view: 2877 days |
Okay, when I do ASM hacking and disassembly (?), I'm not exactly sure what to do about Opcode 20, which is Jump to Subroutine (JSR), with a 2-bytes operand. Since I don't have access to incredible software like FCEU or such, I can't do any RAM tracing. Chunks of data are often copied from ROM directly to RAM. The question also applies to JMP (4C).
My question is, how do I know where the pointer is actually pointing to? Here's a real example, with the Zelda II ROM, at 0x5C17: 20 A2 E9 So the reconstituted address is 0xE9A2. Of course, it doesn't necessarily mean I can go to 0xE9A2 in ROM and assume it's what happens in real-time. Sometimes you have to ajust the address according to specific factors, like RAM pages, mappers, etc... How can I make absolutely sure that I'm moving to the correct address? |
Jigglysaint |
| ||
Red Paragoomba Level: 20 Posts: 11/62 EXP: 38535 Next: 3904 Since: 04-04-07 Last post: 4616 days Last view: 2353 days |
Posted by Trax Well actually, the last 4 pages in ram are always static($C000 to $FFFF), so it always points there. Pointers don't seem to be so much about pointing to data offsets in rom as much as it's in ram. Also, don't forget the 16 byte header to add. So if a trace returns $20 A2E9, the destination address is actually $E9B2 The static banks contain the game's program code that allows all the core data that is used everywhere. |
Trax |
| ||
Yellow Stalfos Level: 71 Posts: 91/1145 EXP: 3035471 Next: 131643 Since: 07-06-07 From: Québec Last post: 3625 days Last view: 2877 days |
So basically, are there any way I can find out where to go in ROM according to my example?
What is the portion of ROM data that is stored at 0xC000? |
Ice Ranger |
| ||
Newcomer Level: 8 Posts: 6/8 EXP: 1792 Next: 395 Since: 02-21-07 Last post: 6108 days Last view: 5540 days |
Actually, I think the easiest way to do this is to use some version of FCEUXDSP... I really don't know how people did it before. If you could give me a list of 8 bytes of where you wanted the code to jump, I might be able to help you since I'm picking up my desktop tomorrow. I just hope you put it into a section of the ROM where it can easily be accessed as I don't know how to switch out pages quite yet... just messing with the current page. (and I am sure "pages" is not the correct term; it's probably banks I'm thinking)
Also, I'm assuming this is for Zelda 2. What kind of code are you putting into place or doing a subroutine jump? Is it something already in the game or some new code you have written? |
Trax |
| ||
Yellow Stalfos Level: 71 Posts: 92/1145 EXP: 3035471 Next: 131643 Since: 07-06-07 From: Québec Last post: 3625 days Last view: 2877 days |
It's something already in the game. I'm only trying to decompile everything and attempt to understand the inner workings of the game from that. From some of what I see, I can deduce what it does (approximately), but it's just too bad I have to stop every time I bump into 20, 4C or 60...
There must be a kind of pattern to determine how a pointer should be converted... |
never-obsolete |
| ||
Rat Level: 24 Posts: 7/96 EXP: 74488 Next: 3637 Since: 02-22-07 From: Phoenix, AZ Last post: 2595 days Last view: 2595 days |
this is mapper/setup dependent. the mmc1 can also be set up so that $8000-$BFFF is mapped to the 2nd to last 16K prg bank and $C000-$FFFF is programmer mappable, or a 3rd way provides a full 32K switch.
you could keep track of writes to $E000-$FFFF (where the prg register is mapped) and keep a running tab on what prg-banks are mapped where in your head. |
Main - ROM Hacking - Question about NES ASM - JSR (20) Opcode | New thread | New reply |
© 2005-2023 Acmlm, blackhole89, Xkeeper et al. |
MySQL - queries: 62, rows: 88/88, time: 0.045 seconds. |