Breakpoints …

July 16th, 2009

Been a while that I haven’t posted on this blog.

I started the implementation of the breakpoints and step by step debugging. Breakpoints are done and the loop waiting for command is active. Currently I support 4 commands : dump registers, dump palette, dump vram and resume. So as you have guessed no “step by step” suppport yet.

During this first implementation I have corrected a few bugs in the “on the fly” rom patching, re-factored a few things that were badly coded or that where using inner BSnes feature (and thus not reproducible with the final hardware that we will have). Also, Icekiller helped me to design a command line client to interact with BSnes when debugging.

I’m currently making slower progress … many reasons for that. Time to time I have a loss of interest on my ‘hobby’ time, The train I used to take is on vacation currently, so I need to cumute…

I keep you updated when new nice features will be implemeted.

See ya, Lint

Commercial ROM ‘on the fly’ patching

June 24th, 2009

This morning on my train trip to work, I finally got the ‘on the fly’ patching of a commercial ROM. The Rom I’m using is the original Street Fighter II game. What I do is defining a breakpoint at 0×00812f and output a register dump with BSnes. Here are the 2 log files.

Internal BSnes log file :

devkit::power() : On
Patcher::power() On
Patcher::isBreakpoint() On
Patcher::isBreakpoint() PC Backup : 00812F
Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E
Patcher::isLifePatchingDone() New addr : 812F
Patcher::isBreakpoint() Reset lifePatchingDisableOnce
Patcher::isBreakpoint() On
Patcher::isBreakpoint() PC Backup : 00812F
Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E
Patcher::isLifePatchingDone() New addr : 812F
Patcher::isBreakpoint() Reset lifePatchingDisableOnce
Patcher::isBreakpoint() On
Patcher::isBreakpoint() PC Backup : 00812F
Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E
Patcher::isLifePatchingDone() New addr : 812F
Patcher::isBreakpoint() Reset lifePatchingDisableOnce
Patcher::isBreakpoint() On
Patcher::isBreakpoint() PC Backup : 00812F
Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E
Patcher::isLifePatchingDone() New addr : 812F
Patcher::isBreakpoint() Reset lifePatchingDisableOnc

External log outputting register Dump :

Debug Command : 0x01

*************************
*** Register Dump. ******
*************************
A : 0x0000
X : 0x0001
Y : 0x000E
Direct Page      : 0x0000
Data Bank        : 0x31
Processor Status : 0x07
*************************

Debug Command : 0x01

*************************
*** Register Dump. ******
*************************
A : 0x20C2
X : 0x3101
Y : 0x20C2
Direct Page      : 0x0000
Data Bank        : 0x31
Processor Status : 0x07
*************************

Debug Command : 0x01

*************************
*** Register Dump. ******
*************************
A : 0x101F
X : 0xB101
Y : 0x101F
Direct Page      : 0x0000
Data Bank        : 0x31
Processor Status : 0x07
*************************

Debug Command : 0x01

*************************
*** Register Dump. ******
*************************
A : 0x0416
X : 0x3101
Y : 0x2016
Direct Page      : 0x0000
Data Bank        : 0x31
Processor Status : 0x07
*************************

I stopped Bsnes at the main screen of Street Fighter II. That means that address 0×00812f is executed 4 times.

Next step is … ‘Step by Step’ debugging. I would like to get an interactive console to set/remove breakpoint, dump register with a command and execute next instruction. The problem is that I don’t know how to implement that within Bsnes. If someone got any ideas, just post a comment with them. I really would avoid to made a GUI with that inside Bsnes. The ideal solution would be to have an external program that can send data to Bsnes with instruction encoded in a binary format.

See ya, lint

Website discovery : usb reader for snes game carts

June 22nd, 2009

My good friend Icekiller just pasted me this link yesterday :

http://hackaday.com/2009/06/19/usb-reader-for-snes-game-carts/

A very nice project, the author have since open a dedicated website : http://www.snega2usb.com/wordpress/

See ya , lint

VRAM Dumping and ‘on the fly’ ROM patching

June 16th, 2009

I finished this morning the code to dump the whole VRAM. It’s been a few days that I was working on it. One of the issue that I got with it is that the NMI got triggered in the middle of the transfer and that it was fucking up the VRAM registers of the snes. So when I was comming back from the NMI the transfert wasn’t done properly anymore.

That’s why I implemented the ‘on the fly’ Rom patching functionnality. This allow me to redirec tthe NMI Handler to a place where the NMI does nothing while I’m transfering the VRAM. Here is a little log of what is happening when I patch the ROM.

debugDump launched.
NMI Handler ...
NMI Handler ...
ROM PATCH :: Set Offset 0 : 0xEA
ROM PATCH :: Set Offset 1 : 0xFF
ROM PATCH :: Set Offset 2 : 0x00
ROM PATCH :: Read ROM [0000FFEA] => 0xEA
ROM PATCH :: Write ROM [0000FFEA] => 0x04
ROM PATCH :: Set Offset 0 : 0xEB
ROM PATCH :: Set Offset 1 : 0xFF
ROM PATCH :: Set Offset 2 : 0x00
ROM PATCH :: Read ROM [0000FFEB] => 0x85
ROM PATCH :: Write ROM [0000FFEB] => 0x86
Patched NMI Handler ...
Patched NMI Handler ...
Patched NMI Handler ...
Patched NMI Handler ...
Patched NMI Handler ...

The code to make this happen in snes side is :

offset = (word) &emptyNMI;
oldNMI[0] = _1UP_ROMPatch((dword) 0x0000FFEA, (byte) offset);
oldNMI[1] = _1UP_ROMPatch((dword) 0x0000FFEB, (byte) (offset>>8));
byte _1UP_ROMPatch(dword offset, byte data) {
    byte oldValue;

    // Set address to patch
    *(byte*) REG(_1UP_ROM_PATCH_ADDR0) = (byte) offset;
    *(byte*) REG(_1UP_ROM_PATCH_ADDR1) = (byte) (offset>>8);
    *(byte*) REG(_1UP_ROM_PATCH_ADDR2) = (byte) (offset>>16);

    // Read actual value
    oldValue = *(byte*) REG(_1UP_ROM_PATCH_DATA);

    // Write new value
    *(byte*) REG(_1UP_ROM_PATCH_DATA) = (byte) data;

    return oldValue;
}

I still use a patched version of BSnes to emulate the future hardware that is dev by Scott.

Next stuff is OAM Dump (sprite tables) …

See ya, Lint

I would like to win a G2 HTC Magic

June 12th, 2009

You can help me getting that smartphone by clicking here :

http://www.androidparty.be/lint

Thanks in advance, ++ Lint

PS: Message for spam bots … please be welcome to follow this link :p

SDCardReader : file read and seek done.

June 8th, 2009

I just finished porting the functions to actually read a file and seek into it. Next step is to make a function that allow me to read the ROM information.

Scott seems to be ready to work again on the hardware part. I hope everything will be ok when going on the actual hardware.

See ya, Lint

SDCardReader POC is making progress

May 27th, 2009

I fixed minor bugs and optimized a bit the memory usage. I still have to implement the reading of actual file to parse the ROM header.

SDCardReader V02

SDCardReader V02

SDCardReader V02

SDCardReader V02

See ya, Lint

Root directory of the SD card image is read with a modified version of BSnes.

May 6th, 2009

Root dir listing from SD card image with modified BSnes

The new snes-sdk …

April 27th, 2009

Hi folks,

A few weeks ago Tomy from tototek.com gave me the link of a toolchain for the snes. Allow C and asm code. The whole stuff looks great but only seems to compile under Linux. It’s now been a few months that I have no access to a Linux workstation. So I wondered if any of you could compile this to run under windows ? Or if you have any advice…

Here is the link of the project : http://code.google.com/p/snes-sdk/, the source code is avaible trough a SVN repos.

See ya, lint

Twitter …

April 27th, 2009

I now have a twitter account :

http://twitter.com/Lint_

Enjoy, lint_