Hi.
So... im kinda new to the whole hacking etc etc
I want to learn how to use the debugger in FCEUX properly.
To understand the optcodes and how to trace addresses.
Please do help
Linsk to tuts etc...
What are you trying to do though? There's no debugging for the sake of debugging, you need an objective. You might be trying to make a cheat code, find some problem in a homebrew game or new ASM hack, or change the way an existing game works.
Usually regular breakpoints and Data breakpoints are enough to solve whatever I'm trying to do. If I don't know the address of a variable, the cheat finder helps too.
I want to track this down but and i want to learn how to do it i dont want to rely on editors etc...
Lets say this addres 036C in NES RAM how do i track it down in the ROM file ????
Still no clear answer of what you're trying to do.
Are you trying to find out the first time the game puts a value into that address?
Are you trying to find out the location of that instruction in the ROM file?
What are you trying to do?
Well the game is Captain Tsubasa 2 and if i change that addres to lets say 17 the shot will be different. Hm... yes the location in the rom yes... lets try that
Okay... look at those i want to understand what they mean... like PHP what exactly does push processor status mean ?!
is the some tut with a proper explanation and some examples ?
! I understand some of them without looking for 6502 Reference but i dont understand what exactly it means get it ?
0E:81A0:08 PHP - Push Processor Status
0E:81A1:0A ASL - Arithmetic Shift Left
0E:81A2:6D 3B 04 ADC $043B = #$00 - Add with Carry
0E:81A5:6D 4E 04 ADC $044E = #$00 - Add with Carry
0E:81A8:A8 TAY - Transfer Accumulator to Y
0E:81A9:28 PLP - Pull Processor Status
0E:81AA:D0 0F BNE $81BB - Branch if Not Equal
0E:81AC:AD 3C 04 LDA $043C = #$03 - Load Accumulator
0E:81AF:29 7F AND #$7F - Logical AND
0E:81B1:C9 03 CMP #$03 - Compare
0E:81B3:90 06 BCC $81BB - Branch if Carry Clear
Topic moved to Newbie Help Centre.
Then you need to read on 6502 programming.
lrda wrote:
Lets say this addres 036C in NES RAM how do i track it down in the ROM file ????
You can't track RAM address in ROM.But you can track instructions quite simple. The "lda $043C" instruction is at $81AC.
Open Hex editor and get to that address.Now use Right Mouse Button, Select "Go here in ROM file".Adress will change to the in ROM file address.
About understanding-I agree with 3gengames.
lrda wrote:
Lets say this addres 036C in NES RAM how do i track it down in the ROM file ????
Change your breakpoint to a write breakpoint, and the debugger will stop at every point in the ROM where the code writes to that location. You can see the bank and address number (which can be translated to a location in the ROM) at the far left of the disassembly.
Thank god that there are ppl like you guys whom actually bother to help a newb.
THANK YOU !!
Denine wrote:
lrda wrote:
Lets say this addres 036C in NES RAM how do i track it down in the ROM file ????
You can't track RAM address in ROM.But you can track instructions quite simple. The "lda $043C" instruction is at $81AC.
Open Hex editor and get to that address.Now use Right Mouse Button, Select "Go here in ROM file".Adress will change to the in ROM file address.
About understanding-I agree with 3gengames.
Um... how exactly did u figure it was at 81AC ?!
tepples wrote:
lrda wrote:
Lets say this addres 036C in NES RAM how do i track it down in the ROM file ????
Change your breakpoint to a write breakpoint, and the debugger will stop at every point in the ROM where the code writes to that location. You can see the bank and address number (which can be translated to a location in the ROM) at the far left of the disassembly.
Im sorry but... what exactly is a "bank" ?!
Can you explain it in a word or point me to a tutorial so i can read it ?
Well, I'd suggest you learn something about computer logic before you get all confused with the mass amount of stuff we're probably going to let you in on. Bank is just a section of NES ROM space split up in a nutshell.
And look to the very left of the debugger info. It'll say a number in hex between 8000-FFFF. That's the ROM. The leftmost is where in the memory map it is. Although the lower bank of 8000-FFFF (8000-BFFF) is usually swapped out for data, more code, etc.
God damn it... and here i thought i had learned something...
Okay okay where do i learn about the banks etc.. ?!!
lrda wrote:
Um... how exactly did u figure it was at 81AC ?!
Look at the highlighted instruction, then look to the left.
Quote:
Im sorry but... what exactly is a "bank" ?!
It's a place where you put your money.
But seriously,
it's like turning the pages in the ROM. The NES CPU can't see all the ROM at once, and it needs to go back and forth between parts of the ROM. It does that by writing a value back to the ROM. You can't really write to ROM (that's why it's
read-only memory), but if the CPU tries to do that, a "mapper" chip on the cartridge will see the write and treat it as a command to turn the page.
PROTIP: Read a few
Wikipedia articles about information science, and things will become easier to understand.
Try
Nerdy Nights tutorials.
At least 4 first lessons, they cover most important things, but reading all of tutorials won't hurt you.
Let me try to explain a bit about banks too...
Each CPU has a limit of how much memory it can see/work with. The NES CPU can see 64KB, so everything needed to make a game work has to fit in that space: RAM, ROM and registers (registers are special memory locations used to "talk" to the various parts of the system). The NES divides that space in a way that only 32KB is dedicated to the ROM.
The first few NES games did fit into that space, but once games started becoming more complex, 32KB of ROM became too little. The problem is that even though you can easily make the carts larger, the CPU can never "see" more memory than it was designed to. The trick to solve this problem is to make different parts of a larger memory chip visible in the small 32KB window.
NES carts started to break down the 32KB space into slots (some carts use only 1 slot which is the whole 32KB, others use 2 16KB slots, and even 4 8KB slots), and they are able to make different chunks (i.e. banks) of the ROM visible into those slots as the program runs.
This is how games can be infinitely large while the CPU can see no more 64KB of memory.
Haha... its actually a bit funny that you guys care to help me so much =D
Anyway thanks to all of ya ima read those Nerdy Nights tuts hopefully i will understand some more and hack the fck out of that game.
Um... can i ask
0E:8E0C:B1 48 LDA ($48),Y @ $934F = #$12
0E:8E0E:4C 11 8E JMP $8E11
0E:8E11:AE 30 04 LDX $0430 = #$00
0E:8E14:9D 31 04 STA $0431,X @ $0431 = #$03
0E:8E17:EE 30 04 INC $0430 = #$00
da hell is that 0E ?! ye i kno its 15 in dec >.>
I *think* it's the bank index... not sure though, have to check.
EDIT: Looks like it's the index of the 16KB bank the currently mapped data comes from. What's weird is that even when the chunk size is not 16KB it still counts in units of 16KB. Maybe because the iNES header counts banks using that size.
I'm familiar with FCEUX, and yes, it doesn't matter which mapper game has.Debugger will always use 0x4000 (16kb) ROM Pages size.
So, 0E is actually Bank number.It is troublesome when hacking games that use MMC3(or any other that can swap $A000) because you don't really know which part of 16kb was swapped in.
Earlier, I said how to find out address for instruction.
Denine wrote:
I'm familiar with FCEUX, and yes, it doesn't matter which mapper game has.Debugger will always use 0x4000 (16kb) ROM Pages size.
So, 0E is actually Bank number.It is troublesome when hacking games that use MMC3(or any other that can swap $A000) because you don't really know which part of 16kb was swapped in.
Earlier, I said how to find out address for instruction.
This is why I use 8KB banks internally in NESICIDE, so 0E means 8KB bank 14. I also use the address format:
bb:oooo(vvvv)
where bb is the 8KB bank index,
oooo is the offset into the 8KB bank, and
vvvv is the address put on the bus by the 6502.
As far as I know, NSF is the only 'mapper' that switches at less than 8KB size.
Yo guys can i just ask you what does
The Index Register X/Y - exactly mean ?
Im asking because english is not my first language and im having some trouble.
It's mainly used as counters, and you can add to a memory value with it to used. It's hard to explain, just look for some example code online.
3gengames wrote:
It's mainly used as counters, and you can add to a memory value with it to used. It's hard to explain, just look for some example code online.
Hm... thanks so thus far i think im over thinking things... for some reason i think that in order to add an extra skill to a person i need some Sick "haxz0r" skills m :\ tell me im wrong ?!
It's debatable whether the term "Index Register" is even English or not. It's pure programming jargon at this point.
Checked Wikipedia, most languages simply leave the word "Register" alone. Even Japanese, where it becomes "Rejisuta".
guys i need some help
check this video out ->
http://www.youtube.com/watch?v=aYSwQD12Zes&feature=related
Now... check out the shot at 1:25 (when he kicks the ball)
Now check out the shot at 2:00 (when he kicks the ball)
You can see the difference.
Normally every shot is like the one at 1:25 ( when the ball is being kicked ofc) so my question IS HOW did he do it ?
*Stupid guess* *not sure what's he talking about*
Lets say the address $038000 to $038FFF all the values are FF...
That means its empty and you can write code there yes?
If im correct does he write his code there and when the game wants the code fore the shot he makes it jump to his code?
I haven't read much of the stuff u gave me... sorry its boring only learning without some proper examples...
one more question is this kind of hacking (on the clip) just simple value mod or some sick skillz?