Okay somewhat off the rails here but I have only the vaguest idea how the FCEUX Debugger works and I have no knowledge of ASM,
Well there's your problem.
I went in and decided to try to find the the location in ROM for Link's default X coordinates at the start, Ive set a write breakpoint on the X position and I got two lines back, one seems to write 0 to X value from somewhere (don't need this) and the next writes 78 from somewhere
So here's what I did to find it....
- Start up LoZ. Create a new character (but don't actually start the game yet)
- Open up the debugger.
- We know Link's X position is stored at address $70 in RAM.... so set a write
breakpoint on address 0070. We want a write breakpoint because we want to know when the game is writing to (setting) that value.
- Actually start the game with the new character.
- Debugger snaps. Shows me this line of code:
05:B04A:85 70 STA $0070 = #$70
"STA" is "STore A". It means the game is writing whatever is in the 'A' register to that address. So here, it's writing A to address $70.
Debugger window shows me that A=78 (look just below all the "Run" etc push-buttons)
- To test to see if this is actually setting Link's starting position, change A to some other value.... like B0
- Click the "Run" button to resume emulation
- It worked! Link appears more to the right than he usually does. Debugger will snap again as the game starts, but it doesn't matter because we already found what we're looking for.
- Disable the breakpoint (edit it and remove the 'write' checkbox) -- or delete it. Click Run to resume emulation.
Now that we know where the game WRITES to 0070, we need to back-trace to find out where it got the value it's writing from.
- Get back to the game select screen. Add/re-enable the breakpoint
- Open up FCEUX's trace logger. Uncheck all of the "extra log options that work with the Code/Data Logger" -- those options will only just confuse a newbie.
- Click "Start Logging".
- Start the actual game to get the breakpoint to trip again
- Once the breakpoint trips, the tracelogger will fill with a bunch of code. This is the code that executed just BEFORE the breakpoint tripped. End of log looks like this:
A:00 X:DB Y:11 S:FA P:nvUbdIZc $B044:A9 08 LDA #$08
A:08 X:DB Y:11 S:FA P:nvUbdIzc $B046:85 98 STA $0098 = #$00
A:08 X:DB Y:11 S:FA P:nvUbdIzc $B048:A9 78 LDA #$78
Breakpoint 0 Hit at $B04A: $0070:EC-W--
We know that at the breakpoint, whatever is in 'A' gets written to $70. So now we go backwards through the code to see where a value gets loaded into 'A'
Sure enough, the previous instruction is "LDA" or "LoaD A". Specifically...
The '#' denotes "immediate" mode. This means that the game will not read from address $78 like normal... but instead will use the actual value
- Also looking at the tracelogger, we can see the address for this LDA instruction is $B048, and that it's a 2-byte instruction (A9 78). The A9 is the opcode (indicating LDA immediate) and the 78 is the value to load.remember:
Addresses are not ROM offsets. ROM gets loaded into memory a weird way. $B048 is not the offset you're looking for.
- Open up FCEUX's hex editor. Make sure you're in "RAM Offset" (misnamed) mode -- see the title bar. If not, go in View and select "NES Memory". NES Memory is what the NES will actually see at these addresses.
- Hit Ctrl+G, go to offset B048
- Sure enough, it'll jump you to an 'A9 78' .. the instruction we want to change. Though really, we only want to change that 78.
- Right-click on the 78 and select "Go Here in ROM file". The hex editor will change modes, putting you in ROM File view, but leaving you on the same 78 byte. This time, though, the numbers on the left are actually file offsets.
- We can see that the offset for this 78 byte is 0x17059
So test it out. Change offset 0x17059, and it should change Link's starting position!