An interactive Disasm

[psycho]

Hi all,

I am working on an NES specific disassembler in Java. It is fully interactive, does code / data separation, and more... I wish I could upload a screenshot. I hope to have a beta release ready by the weekend. Anyone interested?

[atari2600a]

I's is interested! Will it disassemble iNES ROM's directly or will they have to be split into numerous bin files?

[psycho]

It loads the .NES file. However, it does nothing with the CHR-ROM. And, it is currently limited to 2 code blocks ($8000 bytes). This is mainly because I don't know how mappers work. If there is enough interest, I could implement these things.

if the loaded .NES file has more than 2 code blocks, it only disasms the last 2.

I have only been working on it for 4 days but, I think it is coming along quite nicely.

Send me an email and I'll send you a screenshot if you want.

psycho @ dnsonline dot net

The offer is for everyone. I don't have a page to upload them to


kevin

[psycho]

I put up a picasa web album for it. I dunno why but the shot looks fuzzy ???? Anyway, this is what showed up after loading tengentetris. Note that when this shot was taken, I had not even pressed a key in the disasm. it shows this right out of the box.

link :

http://picasaweb.google.com/wa9ave/DizzyNES

(both pics are the same on there - I will have to learn how to use picassa a little better.

[griever]

Why to bother? IDA rules and can make EVERYTHING... Including ready-to-build asm6 sources!
D'oh! It's expensive =) But I don't know any IDA user which actually BOUGHT it... (man, cracks ARE bad, but I had no choice)

[tepples]

Why to bother? IDA rules

Because IDA is proprietary software. For some people, that's reason enough.

[Zepper]

The code and data separation is pretty easy to do, but it requires a few tricks, other than tracing the code. It can be traced using the reset vector, or "scanning" a bank located at $8000/$C000.

About the mappers, well... you should learn about them, but once you get it, the tracing becomes trivial.

Anyway, best luck with your program. ^_^;; I'm interested.

[never-obsolete]

fceudxsp has a code/data logger that will spit out a mask of what is what in a rom. maybe you could have your program support loading a *.cdl file.


i'd be interested as well.

[psycho]

I like IDA, too. But, all I have is the free version. I don't have the Do'H! to get the full version.

As far as the code/data sep, I just follow the code through the reset, nmi & irq_brk vectors. I have an interactive jump table builder in there, too - i.e, you give the start address and num of entries.

I will look into the .cdl file right now - that may be a great feature.

About mappers & disasm, if I am thinking right, say the game megaman.nes was loaded. it has 26 code blocks, and uses mapper 2 (UNROM). the last block in this rom loads at C000. All of the other blocks would have an org of $8000, correct?

thanks,

[tepples]

About mappers & disasm, if I am thinking right, say the game megaman.nes was loaded. it has 26 code blocks

26? Where did you get that number? UNROM has up to 8 banks (128 KiB), and UOROM has up to 16 (256 KiB).

and uses mapper 2 (UNROM). the last block in this rom loads at C000. All of the other blocks would have an org of $8000, correct?

Yes. In theory, it's also possible to switch the last bank into $8000 duplicating the bank fixed at $C000, but I don't see why any game would do that.

Mapper 180 (used for Crazy Climber) is like U*ROM, but it fixes the first bank of the ROM at $8000 and allows switching $C000. This can change where the vectors point, so be careful.

Mappers 7 (A*ROM), 34a (B*ROM), and 34b (NINA-001) use 32 KiB switching: writing to the bank register puts a whole 32 KiB bank into $8000. So if you're going by 16 KiB banks, you'd use org $8000 for even banks and $C000 for odd banks.

Mapper 1 (S*ROM, MMC1 chip) has multiple modes. Most games use it like UNROM, but it can also act like B*ROM or (rarely) like Crazy Climber.

[psycho]

Your right... It only has 8 blocks... I was looking at the mappers.nfo file and for mapper number 2 it says

Notes: - When the cart is first started, the first 16K ROM bank in the cart
is loaded into $8000, and the LAST 16K ROM bank is loaded into
$C000. This last 16K bank is permanently "hard-wired" to $C000,
and it cannot be swapped.

- This mapper has no provisions for VROM; therefore, all carts
using it have 8K of VRAM at PPU $0000.

- Most carts with this mapper are 128K. A few, mostly Japanese
carts, such as Final Fantasy 2 and Dragon Quest 3, are 256K.

- Overall, this is one of the easiest mappers to implement in
a NES emulator.

So, from that, I got that all blocks except the last one would be mapped at $8000, no?

[tokumaru]

So, from that, I got that all blocks except the last one would be mapped at $8000, no?

As tepples said, the programmer can choose to map the last bank at $8000 (just like any other bank), in adition to it being already mapped at $c000. I doubt many games, if any, did this. But it's just good to know that it's possible.

[psycho]

Ahhh. OK, now I see what you were saying. I am poking through the source for FCEUXD to try and find the defs for the cdl file. Not having any luck so far.

[griever]

Like this?

The format of each byte is like so (in binary):

xPdcAADCC = Whether it was accessed as code.
D = Whether it was accessed as data.
AA = Into which ROM bank it was mapped when last accessed:
00 = $8000-$9FFF
01 = $A000-$BFFF
10 = $C000-$DFFF
11 = $E000-$FFFF
c = Whether indirectly accessed as code (e.g. as the destination of a JMP ($nnnn) instruction)
d = Whether indirectly accessed as data (e.g. as the destination of an LDA ($nn),Y instruction)
P = If logged as PCM audio data.
x = unused.

[psycho]

Yeah... Thanks. is there a repository of cdl files, by chance?