News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: using SNES9x to find new routines? (SMW related)  (Read 2097 times)

benjaminshinobi

  • Jr. Member
  • **
  • Posts: 51
    • View Profile
    • benjaminsantiago.com
using SNES9x to find new routines? (SMW related)
« on: December 02, 2013, 09:59:13 am »
Hey so I've come across tutorials like this one for using SNES9x Debugger: http://smwc.hostzi.com/SMWiki/wiki/Tutorial_Hacking_a_Routine-2.html

Which makes sense to me, but I'm trying to figure out where things would be located within the ROM in order to create a new patch/alter the game.

What I'd like to do is change SMW so that it will start by going to a level directly, instead of loading the title screen/selecting a save file etc. I've had some success messing with the "game mode" as a "game genie"/cheat (http://www.smwiki.net/wiki/RAM_Address/$7E:0100), and it seems that 2D996 is the "main level loading routine" I'm just not sure how to figure out how to manipulate that code?

Just looking for pointers in the right direction/possibly any similar patches that might shed light on this.

FAST6191

  • Hero Member
  • *****
  • Posts: 2538
    • View Profile
Re: using SNES9x to find new routines? (SMW related)
« Reply #1 on: December 03, 2013, 08:00:25 am »
Hopefully someone that truly knows the SNES will come along but for the time being I will try for a high level picture. Generally there is no one way as this sort of thing can be coded any number of ways, you tend to hope the devs coded an actual loader type setup (as they appear to have here) rather than lurching from instruction to instruction (though in some cases where levels differ radically, say like Earthworm Jim*, this may be somewhat more necessary) or hardcoding values into places (though a reference table is a nice thing to have from time to time).

From what you have said the value acts as a reference rather than a simple indicator. Some routines then probably get called to both set it and load things accordingly. Whether this comes at the end of the previous section (touch the flagpole then run the end of level and increase level counter by 1....). 0C seems to be the load overworld state/command and the level one is 11 (I guess there is a value set elsewhere to load a given level).
The debugging tutorials should have taught you the concept of tracing where you tell it to put a break on read/write on a given area of memory. It will then break when said area is read of written and tell you the instruction that did it. Your job would then be to find the instruction that sets the "Load Nintendo Presents" (00) and then change it so it instead injects the load level value, it may or may not be easier to wait for the first change after that when it loads 01 into it if the 00 comes as part of a big memory copy or something). There is an alternative which works OK in cases of infinite health/ammo/time but I would not do it here where you just find some routine that runs a lot and add a write 00 to the $7E:0100 series of instructions rather than fiddling with the exact thing that changes the value.

Title screens are sometimes more than credits though and may mask some loading or other activity so be careful there.

*I have yet to look at Earthworm Jim but as a thought exercise consider how radically different some of the levels are and how that might play out with a bad coder.

puzzledude

  • Sr. Member
  • ****
  • Posts: 308
    • View Profile
Re: using SNES9x to find new routines? (SMW related)
« Reply #2 on: December 03, 2013, 11:54:28 am »
Hey so I've come across tutorials like this one for using SNES9x Debugger: http://smwc.hostzi.com/SMWiki/wiki/Tutorial_Hacking_a_Routine-2.html

Which makes sense to me, but I'm trying to figure out where things would be located within the ROM in order to create a new patch/alter the game.

As you can see in the tutorial, it is saying about JSL. This is the command which will jump to the new code, using a pointer.

What you are trying to do, is actually ASM. This is why you need the Snes9x debugger, to trace the code. I'm not an Asm person myself, but I've seen experts doing it so often, so I know exactly what's happening.

The first thing is the tracing. Once the game is at a certain spot, you need to trace it and make a log file, which will tell you where the code is being loaded, usually as A9 byte in hex or the initial lda.

You need to replace that with a jsl jump (i.e. pointer to any empty location). This is where you can write a new asm code. Probably the biggest problem of them all, since you will need to know the Ram of the game in detail, as well as learn the opcodes.

Similar to this
lda $19       ;
cmp #$02      ;If Mario is Super
BCS           ;then
STZ $19       ;set Mario to normal ($00)
lda #$29      ;this is the instruction we removed to put the JSL
rtl           ;return

PS
You want to skip the title screen and the global map. This is not recommended, since there's to much stuff loading, to be able to skip it just like that, since the levels load individually from the overworld. Plus without selecting a slot first, you will have SRAM issues, for it will not know in which slot to save.

But it is doable, by replacing the command which loads Nintendo presents, by load overworld on slot 1 instead. However only people with Asm skills can do this. It is probably doable without the new code, since you need to jump to overworld early (which is loaded by default after the title screen).

benjaminshinobi

  • Jr. Member
  • **
  • Posts: 51
    • View Profile
    • benjaminsantiago.com
Re: using SNES9x to find new routines? (SMW related)
« Reply #3 on: December 03, 2013, 12:50:17 pm »
Hey thanks puzzledude + FAST6191

Quote
Plus without selecting a slot first, you will have SRAM issues,
That's actually not an issue, since the hack I'm doing is super small https://vimeo.com/7889874 (I've made the hack already, I'd just like to remove the title screen / file select /overworld for displaying in a gallery setting, which was the original setting, I went to art school).

And my attempts at putting it on a cart, it seems like it is not saving for whatever reason. I just ordered a PowerPak for SNES, so I should be able to figure out if it is something with how I hacked the game or something with how I rewired the cart for the EPROM chip.

Quote
There is an alternative which works OK in cases of infinite health/ammo/time but I would not do it here where you just find some routine that runs a lot and add a write 00 to the $7E:0100 series of instructions rather than fiddling with the exact thing that changes the value.

I actually did something similar to this in SNES9x with the "Game Genie"/Cheat system as mentioned before, I created a cheat where it would just arbitrarily set the game mode and level, which is how I found myself here. Seems like whatever "prepares"/loads the level, needs a set of palette and tile info as well as music to load it properly (when I try to switch it when the game first starts, it just loads garbage).

Assuming I can't get insight into how the routine works, I'd basically just need to step through the routine and deduce it's functionality from there.

Quote
you tend to hope the devs coded an actual loader type setup

I think I was assuming there was already info about this somewhere because of Lunar Magic. I will try SMW Central and report back my findings, I haven't had the best responses from there (ie any responses) which is why I am here.