Any documentation on the disassembly of a NES ROMs?

[mugenfighter]

I'm trying to disassemble a NES ROM to have a reference to use in a fan game. But I realized I have no idea what I'm doing. There wouldn't happen to be any documentation on the subject, would there? I am using disasm6 and a cdl file generated in FCEUX 2.2.2.

[tokumaru]

I don't know if there are any useful documents out there, but if there are, they'll certainly only cover the disassembly part, and you'll still be responsible for making sense out of the code. Reverse engineering a game engine is no picnic, a lot of things don't make sense at first, and you have to go back and forth all the time until you can understand what the engine is actually doing and you can properly name all labels and variables. You practically have to get inside another programmer's head to do this, and this can't be easy. I certainly wouldn't want to go through all this work... I'd much rather "re-engineer" the game based on observation and use my own coding techniques than try (and most likely fail) to make sense out of undocumented code written by another programmer, specially if it's something as complex as a game.

[rainwarrior]

I disassembled StarTropics' music engine a little while ago, and there's some source files here: http://rainwarrior.ca/projects/nes/star ... ic_fix.zip

I explain the process a little bit in some of those source files, but basically, I start with a CDL to identify code vs data, then I use that to create an "info" file for the disassembler (da65) to use. At first the info file just separates code from data.

Then what I do is analyze the code. Everything I figure out a name for, I add the name for those labels/symbols to the info file, and run the disassembler on it again. This replaces all use of those labels in the disassembly with the name I created for it. Do this for long enough, and eventually you can replace all of the symbols with labels, and you end up with something that looks a lot like source code.

[tepples]

For popular games, there's probably a ROM map or a RAM map on RomHacking.net. This might give you a head start in coming up with labels for the technique described by rainwarrior.

The "reengineering" described by tokumaru is another way in theory. In the wake of Nintendo's takedown of YouTube videos of hacks of Mario games around the release of Super Mario Maker, I proposed restarting development of my own side-scroller engine for NES as an alternative to hacking SMB1. But some users in #nesdev told me nobody would likely care about it because the value of SMB1 hacks is allegedly that they use the physics of the game that people grew up with, including all its glitches.

[Dwedit]

Making the ram map is very important. If you start from scratch, a cheat finder can help find the global variables, and using the hex editor to freeze random bytes can go far too.

[mugenfighter]

For popular games, there's probably a ROM map or a RAM map on RomHacking.net. This might give you a head start in coming up with labels for the technique described by rainwarrior.

The "reengineering" described by tokumaru is another way in theory. In the wake of Nintendo's takedown of YouTube videos of hacks of Mario games around the release of Super Mario Maker, I proposed restarting development of my own side-scroller engine for NES as an alternative to hacking SMB1. But some users in #nesdev told me nobody would likely care about it because the value of SMB1 hacks is allegedly that they use the physics of the game that people grew up with, including all its glitches.

I see this game isn't as well known and is more mixed in how well it is liked. The game is called Arkista's Ring, I was trying myself to disassemble it, but soon realized I was trying to avoid it because I had no idea what I was doing. My goal was to disassemble it so I could have a very close version to compare to for a Windows clone. But "reengineering" seems like a better way for my purposes. I didn't know the work involved to disassemble the thing compared to other things.

Edit: The goal was to find unused code in the game. I know the game has unused sprites, but I was hoping to find some unused code that may have some use of some of those unused sprites or even some unused features.

[lidnariq]

Here's a clever-disasm config to trace Arkista's Ring:

Code: Select all

CertainlyData $0D13
CertainlyData $0D1B
CertainlyData $0D1D
JumpTableRoutineWithAppendix $5022
JumpTable $264D $264E 2 19
JumpTable $1CF5 $1CFC 1 8
JumpTable $3F58 $3F59 2 6
JumpTable $380E $380F 2 9
JumpTable $30E7 $30E8 2 23
JumpTable $62A7 $62A8 2 23
CertainlyCode $B988

With it, there are a few stubs of dummied-out code here and there, most of which are only a few bytes.
Clever-disasm indicates dummied-out code at $8301, $89D4, $8A93, $8D7B, $92A0, $92B2, $92C6, $95AE, $9F32, $A35E, $AD1A, $B05B, $B06B, $B43D, $B4DD, $B923, $BD14, $C27E, $C326, $C500, $C58C, $C7EF, $C896 (bold means ≥ 47 bytes long) ... but make sure that your CDL agrees. (i.e. contains 0 at the corresponding address)

Tangent: the game uses NOP #imm ($89) at $B986.