11 March 2016 - Forum Rules

Main Menu

newbie snes debugging question

Started by AhmedXyz, October 23, 2017, 01:25:41 PM

Previous topic - Next topic



I've been ROM hacking in the past for fun and have used the MAME debugger and wla-dx assembler together successfully in Master System, NES and Genesis ROM hacking.
I just recently tried to tackle SNES hacking the same way, starting with Super Mario World (of course). The problem I quickly encountered was that watchpoints do not seem to work reliably. I can set wp:s for some RAM addresses (16-bit addresses ranging from $00 to $1fff) and find routines reading from or writing to them, but for others I had less success.
For example, bytes at $1f17 and $1f19 correspond to Marios map position and they are updated when moving across the map. I set wp:s on these addresses to find routines that update these values, to no avail. Even though RAM clearly changes when moving Mario, the debugger does not break execution. This happens for some other RAM addresses as well. I assume that this is due to some quirk with how the SNES work that I am unfamiliar with. Could someone clue me in as to what happens here, and what I am doing wrong?



Unfortunately I don't think SNES emulators are good about taking mirroring into account with breakpoints (or at least Geiger's, which I have the most experience with).

I'm guessing by using only a 16-bit address, it is assuming $00:0000 to $00:1FFF. That is actually just the first 8KB of RAM ($7E:0000-7F:FFFF). Especially in a LoROM game like SMW, that first 8KB can be accessed from almost any bank. (the other 120KB must be specifically accessed from banks 7E/7F) (the current Data Bank is the DB register)
Meaning that if you set a breakpoint on 001000, it will only break on access to 00:1000, and not 01:1000 (even though it's functionally the same thing), for example.
"My watch says 30 chickens" Google, 2018


That must be it! I just assumed that the game would always access the same ram mirror for the first two pages of ram unless explicitly targeting some other mirror with 24-bit addressing.

So you mean that whatever value is in DB determines what mirror is accessed?
How do you work around this when debugging?