News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - MarkGrass

Pages: [1]
2
Programming / x6502 Ricoh 2A03 Disassembler
« on: September 04, 2015, 04:15:34 pm »
x6502 is a simple commandline utility used to disassemble PRG ROM data from a NES video game.

I developed this application in order to help myself understand how 6502 processing works for the NES so that I may move on from PSone hacking. I'm not sure what the point is, but I've already laid the groundwork for 6502->R3000A conversion, as well. Furthermore, I may add a GUI in the future if I get bored enough.

Disassembled output can be used in a variety of assemblers, though it was particularly developed with Disch's "Schasm" assembler in-mind.

I'm fairly new to 6502 hacking, so don't hesitate to point out any errors.

Download

EDIT: (Sept 05, 2015)

Version 1.1 is now available with two new optional commands.

The first optional command, label, will implement labels for each JMP, branch type and sub-routine. With this option, these address pointers are no longer hardcoded.

The second optional command, comment, will automatically add two semi-colons on each line for future commenting.

EDIT: (Sept 06, 2015)

Version 1.2 is now available with three new optional commands and a few minor bug fixes.

DATA will disassemble to #byte.

APPEND will open an existing file and append disassembly to the end of the file. Useful for Text+Data disassembly output.

ADDRESS adds commented file addresses and counters to each line.

Example output from Mega Man 3
Code: [Select]
#org $C4F8, $0003C508 ;;
LDX #$00 ;; C4F8 0003C508 ;;
STX $0019 ;; C4FA 0003C50A ;;
BRANCHC4FC: LDA $0780,X ;; C4FC 0003C50C ;;
BMI BRANCHC51C ;; C4FF 0003C50F ;;
STA $2006 ;; C501 0003C511 ;;
LDA $0781,X ;; C504 0003C514 ;;
STA $2006 ;; C507 0003C517 ;;
LDY $0782,X ;; C50A 0003C51A ;;
BRANCHC50D: LDA $0783,X ;; C50D 0003C51D ;;
STA $2007 ;; C510 0003C520 ;;
INX ;; C513 0003C523 ;;
DEY ;; C514 0003C524 ;;
BPL BRANCHC50D ;; C515 0003C525 ;;
INX ;; C517 0003C527 ;;
INX ;; C518 0003C528 ;;
INX ;; C519 0003C529 ;;
BNE BRANCHC4FC ;; C51A 0003C52A ;;
BRANCHC51C: RTS ;; C51C 0003C52C ;;

#org $C6D8, $0003C6E8, $74 ;;
#byte $58 ;; C6D8 0003C6E8 ;;
#byte $F1 ;; C6D9 0003C6E9 ;;
#byte $02 ;; C6DA 0003C6EA ;;
#byte $28 ;; C6DB 0003C6EB ;;
#byte $E0 ;; C6DC 0003C6EC ;;
#byte $F1 ;; C6DD 0003C6ED ;;
#byte $02 ;; C6DE 0003C6EE ;;
#byte $28 ;; C6DF 0003C6EF ;;
#byte $B8 ;; C6E0 0003C6F0 ;;
#byte $F1 ;; C6E1 0003C6F1 ;;
#byte $02 ;; C6E2 0003C6F2 ;;
#byte $70 ;; C6E3 0003C6F3 ;;
#byte $20 ;; C6E4 0003C6F4 ;;
#byte $F1 ;; C6E5 0003C6F5 ;;
#byte $02 ;; C6E6 0003C6F6 ;;
#byte $A0 ;; C6E7 0003C6F7 ;;
#byte $68 ;; C6E8 0003C6F8 ;;
#byte $F1 ;; C6E9 0003C6F9 ;;
#byte $02 ;; C6EA 0003C6FA ;;
#byte $D0 ;; C6EB 0003C6FB ;;
#byte $D8 ;; C6EC 0003C6FC ;;
#byte $F1 ;; C6ED 0003C6FD ;;
#byte $02 ;; C6EE 0003C6FE ;;
#byte $D0 ;; C6EF 0003C6FF ;;
#byte $90 ;; C6F0 0003C700 ;;
#byte $F2 ;; C6F1 0003C701 ;;
#byte $02 ;; C6F2 0003C702 ;;
#byte $10 ;; C6F3 0003C703 ;;
#byte $40 ;; C6F4 0003C704 ;;
#byte $F2 ;; C6F5 0003C705 ;;
#byte $02 ;; C6F6 0003C706 ;;
#byte $58 ;; C6F7 0003C707 ;;
#byte $D0 ;; C6F8 0003C708 ;;
#byte $F2 ;; C6F9 0003C709 ;;
#byte $02 ;; C6FA 0003C70A ;;
#byte $58 ;; C6FB 0003C70B ;;
#byte $78 ;; C6FC 0003C70C ;;
#byte $F2 ;; C6FD 0003C70D ;;
#byte $02 ;; C6FE 0003C70E ;;
#byte $80 ;; C6FF 0003C70F ;;
#byte $28 ;; C700 0003C710 ;;
#byte $F2 ;; C701 0003C711 ;;
#byte $02 ;; C702 0003C712 ;;
#byte $D8 ;; C703 0003C713 ;;
#byte $A8 ;; C704 0003C714 ;;
#byte $F2 ;; C705 0003C715 ;;
#byte $02 ;; C706 0003C716 ;;
#byte $D8 ;; C707 0003C717 ;;
#byte $90 ;; C708 0003C718 ;;
#byte $E4 ;; C709 0003C719 ;;
#byte $03 ;; C70A 0003C71A ;;
#byte $18 ;; C70B 0003C71B ;;
#byte $28 ;; C70C 0003C71C ;;
#byte $E4 ;; C70D 0003C71D ;;
#byte $03 ;; C70E 0003C71E ;;
#byte $20 ;; C70F 0003C71F ;;
#byte $68 ;; C710 0003C720 ;;
#byte $E4 ;; C711 0003C721 ;;
#byte $03 ;; C712 0003C722 ;;
#byte $30 ;; C713 0003C723 ;;
#byte $58 ;; C714 0003C724 ;;
#byte $E4 ;; C715 0003C725 ;;
#byte $03 ;; C716 0003C726 ;;
#byte $60 ;; C717 0003C727 ;;
#byte $80 ;; C718 0003C728 ;;
#byte $E4 ;; C719 0003C729 ;;
#byte $03 ;; C71A 0003C72A ;;
#byte $70 ;; C71B 0003C72B ;;
#byte $10 ;; C71C 0003C72C ;;
#byte $E4 ;; C71D 0003C72D ;;
#byte $03 ;; C71E 0003C72E ;;
#byte $98 ;; C71F 0003C72F ;;
#byte $58 ;; C720 0003C730 ;;
#byte $E4 ;; C721 0003C731 ;;
#byte $03 ;; C722 0003C732 ;;
#byte $C0 ;; C723 0003C733 ;;
#byte $80 ;; C724 0003C734 ;;
#byte $E4 ;; C725 0003C735 ;;
#byte $03 ;; C726 0003C736 ;;
#byte $D0 ;; C727 0003C737 ;;
#byte $18 ;; C728 0003C738 ;;
#byte $E4 ;; C729 0003C739 ;;
#byte $03 ;; C72A 0003C73A ;;
#byte $10 ;; C72B 0003C73B ;;
#byte $A0 ;; C72C 0003C73C ;;
#byte $E4 ;; C72D 0003C73D ;;
#byte $03 ;; C72E 0003C73E ;;
#byte $48 ;; C72F 0003C73F ;;
#byte $28 ;; C730 0003C740 ;;
#byte $E4 ;; C731 0003C741 ;;
#byte $03 ;; C732 0003C742 ;;
#byte $58 ;; C733 0003C743 ;;
#byte $40 ;; C734 0003C744 ;;
#byte $E4 ;; C735 0003C745 ;;
#byte $03 ;; C736 0003C746 ;;
#byte $90 ;; C737 0003C747 ;;
#byte $98 ;; C738 0003C748 ;;
#byte $E4 ;; C739 0003C749 ;;
#byte $03 ;; C73A 0003C74A ;;
#byte $A0 ;; C73B 0003C74B ;;
#byte $78 ;; C73C 0003C74C ;;
#byte $E4 ;; C73D 0003C74D ;;
#byte $03 ;; C73E 0003C74E ;;
#byte $D8 ;; C73F 0003C74F ;;
#byte $30 ;; C740 0003C750 ;;
#byte $E4 ;; C741 0003C751 ;;
#byte $03 ;; C742 0003C752 ;;
#byte $E0 ;; C743 0003C753 ;;
#byte $A0 ;; C744 0003C754 ;;
#byte $E4 ;; C745 0003C755 ;;
#byte $03 ;; C746 0003C756 ;;
#byte $E8 ;; C747 0003C757 ;;
#byte $00 ;; C748 0003C758 ;;
#byte $00 ;; C749 0003C759 ;;
#byte $00 ;; C74A 0003C75A ;;
#byte $00 ;; C74B 0003C75B ;; 

3
Personal Projects / [PS1] Resident Evil All-Stars
« on: July 01, 2015, 08:00:09 pm »
I began working on this project roughly a year ago (codenamed "Bio Remix"), just playing around in dis/assembly, but a recent "all-in-one" Mega Man project here at RHDN inspired me to combine all PSone Resident Evil games onto one disc. There is a major difference from most "all-in-one" projects, however - all games are ran using one executable.

I did not make a executable boot loader or anything of the sort for these games, rather, converted all runtime data to be compatible with the BH2/RE2 engine.

Until about a month ago, my work was done solely on the beta version of Bio Hazard 2 / Resident Evil 2. Since that short period of time, I have ported all of my assembly work over to the USA Dual Shock version of Resident Evil 2.

Each game has it's own set of music, rooms, weapons, etc. Transition from beta to Retail Dual Shock was a bumpy ride, so very few things haven't made its way, yet. I also built many, many things from scratch, including "Quick-Turn" (used in Bio3) and a lot of runtime data for Bio 1.5.

The games included are:

Resident Evil
Resident Evil 1.5
Resident Evil 2
Resident Evil 3

My YouTube channel with gameplay videos can be found here, and a demo build can be found here.

 Resident Evil 2 Dual Shock [SLUS-00748] Complete Disassembly

Many, many thanks to KC for armips, as none of this would have been possible otherwise. Also, a huge thanks to Gemini, for teaching me much ado with PSone programming and hacking.

4
ROM Hacking Discussion / MegaMan 8 - Debug Menu
« on: October 13, 2013, 12:37:50 pm »
I discovered a few unused debug menus in the US release of MegaMan 8 (SLUS_004.53).

MAINMENU


FLAGCHANGE


WORKVIEW


VABVIEW


POWERUP


PARTS


SOUND TEST


The variables in the Flag Change menu can be modified (ON/OFF), but have no apparent effect. I suppose that a debugging unit must be used for real advantage, here.

The Work View menu contains many different pages that display various statistics, but unfortunately, none of the variables can be modified.

The VAB View menu simply allows to test any sound effect the game uses.

The Powerup and Parts menus simply alter what items are in the inventory, though, some will reset to 0 after reaching a 'Continue Point' or loading a new level.

The Sound Test menu is separate from the Main Menu, but both sound effects and music can be tested. It's supposed to display various font and statistics, but will require a little bit of work to reestablish.

5
ROM Hacking Discussion / RockMan 8 Prototype 1 - Level builder
« on: October 11, 2013, 07:26:31 pm »
Another day, another unused debug function discovered through asm hacking. :D





This feature cannot be activated via GameShark/Action Replay, unfortunately.

6
Programming / Metroid Zero Mission - SRAM Checksum
« on: October 05, 2013, 10:46:48 pm »
I'm sorry if this is the wrong section for such a topic.

I'm currently developing a SRAM modifier/creator (c/c++ with GUI) for various Metroid titles.

So far, I have completely mapped and documented all of Super Metroid and Metroid Zero Mission's SRAM, and I eventually plan to add support for Metroid Fusion, as well. Support for Super Metroid is 100% complete (with proper checksum calculation and placement).

...but...

I've ran into a problem with Zero Mission.

Without a proper algorithm to calculate a new checksum for Zero Mission's SRAM, completing support for it will be useless. Same deal for Fusion. Furthermore, my ARM7TDMI dis/assembly skills aren't too excellent, yet.

Can someone help with this matter, please?

EDIT:

SRAM is stored at 0x02038000 and loaded+checked at boot.

7
Personal Projects / Syphon Filter Utility [PSone]
« on: July 09, 2013, 12:30:19 pm »
Per request, I made a small utility to extract the contents of FOG and HOG archive files; repack/creation support is sure to follow.

This application is only tested with files from the original PSone version of Syphon Filter.

'Drag-and-Drop' is supported for both FOG and HOG file-types (while the app is running), in addition to standard gui/menu options. This app does not support command lines (cmd.exe, batch, etc).

Download

8
ROM Hacking Discussion / Overblood - Welcome to Debug Mode
« on: June 28, 2013, 09:18:02 am »
I apologize in advance if this is the wrong section, etc.

Brief intro: My name is Mark, and I'm best known for resident evil stuff.


...so, I got bored an unlocked a debug menu in the PSone game, Overblood. There are two way to enable it; either through use of a cheat device (GameShark, Action Replay), or manually editing the PSone executable (SLUS_004.64).

For you tech-junkies, sub_800240C0 is the function that activates the menu.

// Method 1: GameShark/AR
800240E4 0000
800240EC 0000
80024118 0000
80024138 0000
8002418C 0000
800241D0 0000
800241D8 0000
80024204 0000

// Method 2: goto these offsets and nop (0x00) the following 4 bytes. When finished, simply import the exe back into your iso using CDmage, etc.
0x000148E4
0x000148EC
0x00014918
0x00014938
0x0001498C
0x000149D0
0x000149D8
0x00014A04

Hold R2 and press circle to activate the debug menu.

Hold R2 and press square to display various debug statistics.

Pause the game (start button) and press R2 to frame-advance.

// Debug Menu controls
X   Enter
O   Exit
Code: [Select]
<< DEBUG MENU >>
   ROOM CHANGE // Room Jump
   RUN MACRO // unknown; returns to debug menu
   GROUND CHANGE
   SAVE // Save Game (crash)
   LOAD // Load Game (crash)
   MOVIE // *.STR movie playback
   BGM TEST // *.XA music playback
   VOICE TEST // *.XA dialogue playback
   EFFECT TEST // *.SEQ sound effect playback
   ACTOR ONOFF
   CAMERA CHECK1 // Adjust static camera view (preset)
   CAMERA CHECK2 // Adjust static camera view (preset)
   VISUAL // *.TIM view (320x240 images)
   FLOOR CHANGE
   ACTION // *.TOD animation test
   ITEM GET // Set item inventory
   BATTLE // 1st-person gun fight

...and the proof is in the pudding:







Pages: [1]