News: 11 March 2016 - Forum Rules
Current Moderators - DarkSol, KingMike, MathOnNapkins, Azkadellia, Danke

Author Topic: Help understanding tracing in Snes9x Geiger  (Read 1398 times)

dnsmatch

  • Newbie
  • *
  • Posts: 4
    • View Profile
Help understanding tracing in Snes9x Geiger
« on: July 02, 2020, 08:43:48 am »
Hi!
I am learning how to read the trace log for snes9x gieger 10r2. I am messing with Venom Spiderman - Seperation Anxiety and I am just looking to see how one of the enemies starting hitpoints value is being loaded. I found RAM address of an enemy's hit points at max value. So I set a break point (example 7E0AD3. It is 18 in decimal and 12 in hex.)
So I ran trace, then breakpoint appeared as enemy approached, turned off the trace. Went down to bottom of the log and see this:

$82/D5C4 AD 61 1B    LDA $1B61  [$80:1B61]   A:0004 X:0A96 Y:CE8C
$82/D5C7 18          CLC                     A:0070 X:0A96 Y:CE8C 
$82/D5C8 69 9B C1    ADC #$C19B              A:0070 X:0A96 Y:CE8C
$82/D5CB A8          TAY                     A:C20B X:0A96 Y:CE8C
$82/D5CC B7 2D       LDA [$2D],y[$84:C20B]   A:C20B X:0A96 Y:C20B
$82/D5CE 18          CLC                     A:D2E8 X:0A96 Y:C20B
$82/D5CF 69 00 00    ADC #$0000              A:D2E8 X:0A96 Y:C20B
$82/D5D2 A8          TAY                     A:D2E8 X:0A96 Y:C20B
$82/D5D3 B7 27       LDA [$27],y[$83:D2E8]   A:D2E8 X:0A96 Y:D2E8
$82/D5D5 95 3D       STA $3D,x  [$00:0AD3]   A:0012 X:0A96 Y:D2E8

So it appears that the enemy's hit points are being stored in $27, correct me if I am wrong. And if it is correct, how do I find the address $27, so I can edit the value of the enemy hit points?

RedScorpion

  • Full Member
  • ***
  • Posts: 108
    • View Profile
    • Snes-Projects
Re: Help understanding tracing in Snes9x Geiger
« Reply #1 on: July 02, 2020, 10:20:49 am »
First off all you have to check what happen before he stores the 12 in the ram.

82/D5C4 AD 61 1B    LDA $1B61  [$80:1B61]   A:0004 X:0A96 Y:CE8C        -> Load position to find the value in the rom
$82/D5C7 18          CLC                     A:0070 X:0A96 Y:CE8C       -> Clear carry, okay what ever he is clearung
$82/D5C8 69 9B C1    ADC #$C19B              A:0070 X:0A96 Y:CE8C       -> ADC add C19B to the value of A:0070 (hex) open calc, set to programmer and enter hex 70+ hex C19B
$82/D5CB A8          TAY                     A:C20B X:0A96 Y:CE8C       -> Result A:0070 + C19B will transfer from A: to Y:
$82/D5CC B7 2D       LDA [$2D],y[$84:C20B]   A:C20B X:0A96 Y:C20B       -> Load from Register 2D + Y / 84:XXXX - XXXX is C20B or a value from another enemy
$82/D5CE 18          CLC                     A:D2E8 X:0A96 Y:C20B       -> Clear carry again
$82/D5CF 69 00 00    ADC #$0000              A:D2E8 X:0A96 Y:C20B       -> ADC add again 0000 - dont know why, it makes nothing with the value
$82/D5D2 A8          TAY                     A:D2E8 X:0A96 Y:C20B       -> Again Transfer A to Y
$82/D5D3 B7 27       LDA [$27],y[$83:D2E8]   A:D2E8 X:0A96 Y:D2E8       -> Load from Register 27 + Y / 83XXXX
$82/D5D5 95 3D       STA $3D,x  [$00:0AD3]   A:0012 X:0A96 Y:D2E8       -> Start Lundar Adress, Load the Rom and bellow enter 83D2E8 / you get the PC Adress / If you open the rom in a hex editor and goes to these adress you will find 12

$82/D5D5 95 3D       STA $3D,x  [$00:0AD3]   A:0012 X:0A96 Y:D2E8  -> Stores these value to Ram 00:0AD3 = 7E:0AD3

If you want change the 12, go to hex edit to these position and change it in the rom. You can also test it, when you open the "show hex" in Geiger. If you do that, please use the SNES adresse like 83D2E8- you will find a 12 (hex)

okay?

thanks

red

dnsmatch

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Help understanding tracing in Snes9x Geiger
« Reply #2 on: July 02, 2020, 06:19:51 pm »
Thanks for response! This  makes sense now. The only issue is whne i change it in hex editor on that address, it only works for the single spawned enemy already, so instead I ended up jumping over damage routine and branched it straight to death routine hence one hit kill, even on bosses.

Thanks for clarifying my question, just what i needed to know!!!!!

Raeven0

  • Jr. Member
  • **
  • Posts: 33
    • View Profile
Re: Help understanding tracing in Snes9x Geiger
« Reply #3 on: July 02, 2020, 07:37:48 pm »
So it appears that the enemy's hit points are being stored in $27, correct me if I am wrong. And if it is correct, how do I find the address $27, so I can edit the value of the enemy hit points?

Geiger's debugger/tracer, by default, doesn't print all of the information that is needed in a trace. I have no idea why. In the Debug Console there should be a checkbox called "Squelch" -- uncheck it and run your trace again.

I can infer enough of the missing information. The question is really about addressing modes, and you're seeing the "[direct],y" mode. The square brackets [] read a 24-bit address at the indicated location, and the ,y means that the value of the Y register is added to the address. LDA grabs the value at the calculated address. The indicated location $27 is an 8-bit value, so it represents the address $27 + D (but to see the value of D you have to unsquelch the trace output) in bank $00.

So $27 doesn't contain HP, nor a pointer to HP. It contains a pointer to a data sheet of some kind. The debugger says that LDA [$27],y with Y=$d2e8 grabs the data at $83d2e8, so I guess at addresses D+$27/$28/$29 you'll see $00,$00,$83 = $830000 which is not really what you want. The HP value is probably what's stored at $83d2e8.

Finding that in the ROM file is a little weird because Separation Anxiety uses a "lorom"-type PCB. Looking at the top 9 bits of $83d2e8 (1000 0011 1), clear the high bit and shift right once (0000 0001 1). The result is $01d2e8 and should be where in the file you can find the value $12,$00 = $0012 for that enemy's HP.

KingMike

  • Forum Moderator
  • Hero Member
  • *****
  • Posts: 7015
  • *sigh* A changed avatar. Big deal.
    • View Profile
Re: Help understanding tracing in Snes9x Geiger
« Reply #4 on: July 03, 2020, 09:56:46 am »
First off all you have to check what happen before he stores the 12 in the ram.

82/D5C4 AD 61 1B    LDA $1B61  [$80:1B61]   A:0004 X:0A96 Y:CE8C        -> Load position to find the value in the rom
$82/D5C7 18          CLC                     A:0070 X:0A96 Y:CE8C       -> Clear carry, okay what ever he is clearung
$82/D5C8 69 9B C1    ADC #$C19B              A:0070 X:0A96 Y:CE8C       -> ADC add C19B to the value of A:0070 (hex) open calc, set to programmer and enter hex 70+ hex C19B
$82/D5CB A8          TAY                     A:C20B X:0A96 Y:CE8C       -> Result A:0070 + C19B will transfer from A: to Y:
$82/D5CC B7 2D       LDA [$2D],y[$84:C20B]   A:C20B X:0A96 Y:C20B       -> Load from Register 2D + Y / 84:XXXX - XXXX is C20B or a value from another enemy
$82/D5CE 18          CLC                     A:D2E8 X:0A96 Y:C20B       -> Clear carry again
$82/D5CF 69 00 00    ADC #$0000              A:D2E8 X:0A96 Y:C20B       -> ADC add again 0000 - dont know why, it makes nothing with the value
$82/D5D2 A8          TAY                     A:D2E8 X:0A96 Y:C20B       -> Again Transfer A to Y
$82/D5D3 B7 27       LDA [$27],y[$83:D2E8]   A:D2E8 X:0A96 Y:D2E8       -> Load from Register 27 + Y / 83XXXX
$82/D5D5 95 3D       STA $3D,x  [$00:0AD3]   A:0012 X:0A96 Y:D2E8       -> Start Lundar Adress, Load the Rom and bellow enter 83D2E8 / you get the PC Adress / If you open the rom in a hex editor and goes to these adress you will find 12

$82/D5D5 95 3D       STA $3D,x  [$00:0AD3]   A:0012 X:0A96 Y:D2E8  -> Stores these value to Ram 00:0AD3 = 7E:0AD3

Sorry but these comments are so unhelpful. It doesn't sound like you understand 65816 and SNES memory mapping very well.
Especially "Clear carry, okay what ever he is" :P
Code: [Select]
LDA $1B61   ;read
CLC
ADC #$C19B
TAY         ;these statements read the value from $1B61 and add $C19B to be used as a pointer.
LDA [$2D],Y ;this is called Indirect Addressing Long. It reads a 3-byte pointer from Direct Page (don't have time to explain it now) address $2D (short answer is: Essentially is (the bank in register DB):(the address in register D + 0x2D) ) and adds Y. In other words, it reads index Y from the table at (whatever address is stored at $2D, so in this current situation the result address is $84:C20B)
CLC
ADC #$0000   ;I actually don't know why it bothers adds 0 (normally to consider addition overflow) when it just cleared the C
TAY          ;so now this will be an index to another table
LDA [$27],Y  ;using the address in $27 as a base. Again, the result in this particular instance is $83:D2E8
"My watch says 30 chickens" Google, 2018

RedScorpion

  • Full Member
  • ***
  • Posts: 108
    • View Profile
    • Snes-Projects
Re: Help understanding tracing in Snes9x Geiger
« Reply #5 on: July 06, 2020, 02:34:34 am »
Sometimes its more helpful to explain it with some easy explantion instead of high known asm knowledge... But okay, explain it again!

Thanks

red