11 March 2016 - Forum Rules

Main Menu

Disassembly + Re-assembly of NES roms

Started by minion, July 19, 2020, 03:33:07 AM

Previous topic - Next topic


Hello all! I'm new to the community and have been dabbling in some disassembly of NES games as a learning tool. First, thanks to everyone who has shared their approaches with the community over the years.  I spent a couple days reading just about every result returned by Google and forum searches here and in the nesdev forums, but didn't find much (other than this thread where horst mentions using IDA, which I fear is out of the reach for most in the community).

I was sort of surprised at how difficult of a time I was having getting just a basic disassembly / reassembly process going. After looking through a few of the commonly suggested toolchains, I settled on ca65 as it seems mature and has reasonable integration points with mesen. Plus I think Disch's FF disassembly has a pretty nice organizational template to go off of with respect to structuring the code in 'banks', building a ld65 memory map config file and disassembly labeling info file. (Shoutout to Disch for sharing that, by the way.  That clearly took a huge amount of work and is a very cool contribution to the community!)

So, It looks like I'm going to need to bang out a few python scripts to get to the point where getting from rom w/ CDL file to reassemble-able source is a reliable, repeatable process.  All I'm looking to produce is a set of source files with auto-generated labels and asset blobs replicated as bytes/bins, to be used as a starting point for labeling and stepping through code in a debugger.  It looks like a bunch of people have cobbled together parts of this, but there's not much out there that isn't quite specific to the game they were hacking on at the time.

I just wanted to drop a post here to make sure I haven't missed anything out there that could save me some time before I dump a couple weeks into this.  Please reply and let me know if I did!  Cheers and beers.

(Appendix: Here are a few of the links I read through to gather info for this post)
one of the most interesting, although I'm not trying to get get too deep into "smart" disassembly, just baseline 'reasseble-able' code ->


While having something able to be reassembled from an automated or minor guided (as opposed to meticulously hand finished) disassembly is a nice thing to have is it really something so shocking to not have? Any time you get essentially random and mixed data, opcodes and padding you are going to have some fun decoding what is what, and that pretty much kicks the idea that you can disassemble and then reassemble that later in the head not entirely unlike how if you open something in a text editor that ignores most things lower than 20h and above 7Fh.
Most hacks, assuming they are not single instruction/in place tweaks of existing stuff, are usually also implemented as essentially a standalone subroutine as well branching/jumping off from the original and then returning to a choice place afterwards.
Anybody big enough and ugly enough to contemplate a full ROM disassembly for a project then probably being able to order it, presumably into banks (it is how the chips on the cart might be arranged, certainly were on older devices still but I will skip that as talk of interleaving is likely to see something thrown at me or someone start rocking in the corner, how the code will typically be viewed from an execution standpoint, jumping into another bank as a hacker is doable but the sort of thing typically reserved for a "no other alternatives" scenario and so on) and probably one more step to reflect the mapper it was (or maybe will be if someone is doing a mapper change while they are at it).

By all means try and you could probably get quite far with something a bit probabilistic and maybe have some runtime input from fceux or something that notes all executed locations (while the probability thing is likely to go pretty far into the "smart" world I would say a fceux log might be quite nice actually on most NES ROMs are fairly straight shot when all is said and done).


Your links suck, which are in the middle of the post.


This is an impressive effort that I hope you find enjoyable. It seems daunting, based on both the amount of background knowledge you'll need about NES hardware, and the amount of detective work involved in understanding any particular game. My anecdotal impression is that people tend to follow through on something this large when they have a clear goal, which is generally related to a specific, beloved game. For instance, there is someone on the forum who completely disassembled Toejam and Earl for the Sega Genesis on his own.

If you come up with something generalizable (i.e., a process or utility for a range of games), I'd love to see it. But that is an order of magnitude beyond disassembling a specific game.

I suspect that by the time you've spent months with a particular game, you'll be so familiar with the blocks of code and subroutine addresses that you won't need disassembly to recognize them.  8)

Good luck, and let us know what you find.