Commercial ROM ‘on the fly’ patching
Wednesday, June 24th, 2009This morning on my train trip to work, I finally got the ‘on the fly’ patching of a commercial ROM. The Rom I’m using is the original Street Fighter II game. What I do is defining a breakpoint at 0x00812f and output a register dump with BSnes. Here are the 2 log files.
Internal BSnes log file :
devkit::power() : On Patcher::power() On Patcher::isBreakpoint() On Patcher::isBreakpoint() PC Backup : 00812F Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E Patcher::isLifePatchingDone() New addr : 812F Patcher::isBreakpoint() Reset lifePatchingDisableOnce Patcher::isBreakpoint() On Patcher::isBreakpoint() PC Backup : 00812F Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E Patcher::isLifePatchingDone() New addr : 812F Patcher::isBreakpoint() Reset lifePatchingDisableOnce Patcher::isBreakpoint() On Patcher::isBreakpoint() PC Backup : 00812F Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E Patcher::isLifePatchingDone() New addr : 812F Patcher::isBreakpoint() Reset lifePatchingDisableOnce Patcher::isBreakpoint() On Patcher::isBreakpoint() PC Backup : 00812F Patcher::isLifePatchingDone() addr : 81BE baseAddr : 812F size : 008E Patcher::isLifePatchingDone() New addr : 812F Patcher::isBreakpoint() Reset lifePatchingDisableOnc
External log outputting register Dump :
Debug Command : 0x01 ************************* *** Register Dump. ****** ************************* A : 0x0000 X : 0x0001 Y : 0x000E Direct Page : 0x0000 Data Bank : 0x31 Processor Status : 0x07 ************************* Debug Command : 0x01 ************************* *** Register Dump. ****** ************************* A : 0x20C2 X : 0x3101 Y : 0x20C2 Direct Page : 0x0000 Data Bank : 0x31 Processor Status : 0x07 ************************* Debug Command : 0x01 ************************* *** Register Dump. ****** ************************* A : 0x101F X : 0xB101 Y : 0x101F Direct Page : 0x0000 Data Bank : 0x31 Processor Status : 0x07 ************************* Debug Command : 0x01 ************************* *** Register Dump. ****** ************************* A : 0x0416 X : 0x3101 Y : 0x2016 Direct Page : 0x0000 Data Bank : 0x31 Processor Status : 0x07 *************************
I stopped Bsnes at the main screen of Street Fighter II. That means that address 0x00812f is executed 4 times.
Next step is … ‘Step by Step’ debugging. I would like to get an interactive console to set/remove breakpoint, dump register with a command and execute next instruction. The problem is that I don’t know how to implement that within Bsnes. If someone got any ideas, just post a comment with them. I really would avoid to made a GUI with that inside Bsnes. The ideal solution would be to have an external program that can send data to Bsnes with instruction encoded in a binary format.
See ya, lint