MAME debugger question

If you are having problems finding or using cheats for an Emulator (particularly MAME/MESS) or have found a trick that you wish to share this is the place to do it. But please read the Cheat FAQ first.
Post Reply
scott_tunstall
Posts: 14
Joined: Sun Feb 28, 2016 5:24 pm

MAME debugger question

Post by scott_tunstall »

A cheat I'm working on requires a patch to a ROM address at $4A02.

In the MAME debugger, if I type:

maincpu.mb@4A02 = 39

nothing happens.

but if I type:

maincpu.mb@14A02 = 39


then an RTS is inserted correctly and the patch is made.

I'm using MAME 0.171, Feb 2016.

The question I have is, how do you know what number to insert after the @ symbol, before the hex address?? Seems to be guesswork.
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Re: MAME debugger question

Post by Pugsy »

Well the problem is that robotron pages it's ROM, so the ROM map is effectively bigger than 16 bits....

First of all by poking maincpu.mb you are poking the ':maincpu' Region not the ':maincpu' program space memory - just open up a memory window in the debugger (CTRL+M) and change the M6809 ':maincpu' to Region ':maincpu' and you will see there is a difference.

Generally the last 12 bits of the address will stay the same, finding the maincpu.mb poke is the preferable method as you are poking a single address regardless of which page is in memory at the time and it's easy to turn off. However it's not the only way, for instances when you can't find the .m address because of paging or encryption you can use either .r or .o instead to poke directly to that memory location.

Eg both these will poke 4a02:

maincpu.rb@4A02 = 39
maincpu.ob@4A02 = 39


The problem is by using it on paged memory you run the risk of poking paged memory that shares the same address and turning it off you might poke the paged memory instead of the proper address...the first one you can overcome by have a conditional poke but turning it off can be tricky.

My general rule of thumb would be that if it's got a 16 bit address bus it's best to avoid .r or .o.
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
scott_tunstall
Posts: 14
Joined: Sun Feb 28, 2016 5:24 pm

Re: MAME debugger question

Post by scott_tunstall »

Hi Pugsy, thanks for your advice.

Am confused now (doesn't take much) :D

I did see on Sean Riddle's site (http://seanriddle.com/willhard.html) that you can set reads to be from ROM or RAM though: "Memory address $C900 is used for a few miscellaneous things: bit 0 selects RAM or ROM in the memory space $0000-$8FFF." - I'm aware of that, as I've done some freaky screen memcpy disassembly stuff. (The building of the Williams "W" character on the attract screen, for example)

But I don't understand why if I'm writing to ROM, within a 64K address space - and 6809E CPU is 16 bit address bus - I'd use maincpu.mb@14A02 = 39 :-? How does MAME know that if a 1 is inserted, to write to ROM instead?

What is rb and ob an acronym for? For rb I'd guess ROM, but o?

Pugsy, could you point me to some MAME debugger docs that might explain to an idiot like me what syntax to use? My brain hurts :D
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Re: MAME debugger question

Post by Pugsy »

In the case of the williams driver the ROM total maybe under 64K but it is paged in with RAM which takes the default memory space 0000-CFFF (9000-CFFF is always RAM) and the ROM at d000-ffff is there all the time, but the ROM can be banked in to 0000-8FFF from maincpu region 10000-18FFF when needed. For paging it's actually one of the more straightforward examples.

0000-8FFF RAM (default) or ROM
9000-CFFF RAM
D000-FFFF ROM

From williams.cpp in the MAME source (looking at the source is often handy for stuff like this):-

Code: Select all

ROM_START( robotron )
	ROM_REGION( 0x19000, "maincpu", 0 )
	ROM_LOAD( "robotron.sba", 0x0d000, 0x1000, CRC(13797024) SHA1(d426a50e75dabe936de643c83a548da5e399331c) )
	ROM_LOAD( "robotron.sbb", 0x0e000, 0x1000, CRC(7e3c1b87) SHA1(f8c6cbe3688f256f41a121255fc08f575f6a4b4f) )
	ROM_LOAD( "robotron.sbc", 0x0f000, 0x1000, CRC(645d543e) SHA1(fad7cea868ebf17347c4bc5193d647bbd8f9517b) )
	ROM_LOAD( "robotron.sb1", 0x10000, 0x1000, CRC(66c7d3ef) SHA1(f6d60e26c209c1df2cc01ac07ad5559daa1b7118) )
	ROM_LOAD( "robotron.sb2", 0x11000, 0x1000, CRC(5bc6c614) SHA1(4d6e82bc29f49100f7751ccfc6a9ff35695b84b3) )
	ROM_LOAD( "robotron.sb3", 0x12000, 0x1000, CRC(e99a82be) SHA1(06a8c8dd0b4726eb7f0bb0e89c8533931d75fc1c) )
	ROM_LOAD( "robotron.sb4", 0x13000, 0x1000, CRC(afb1c561) SHA1(aaf89c19fd8f4e8750717169eb1af476aef38a5e) )
	ROM_LOAD( "robotron.sb5", 0x14000, 0x1000, CRC(62691e77) SHA1(79b4680ce19bd28882ae823f0e7b293af17cbb91) )
	ROM_LOAD( "robotron.sb6", 0x15000, 0x1000, CRC(bd2c853d) SHA1(f76ec5432a7939b33a27be1c6855e2dbe6d9fdc8) )
	ROM_LOAD( "robotron.sb7", 0x16000, 0x1000, CRC(49ac400c) SHA1(06eae5138254723819a5e93cfd9e9f3285fcddf5) )
	ROM_LOAD( "robotron.sb8", 0x17000, 0x1000, CRC(3a96e88c) SHA1(7ae38a609ed9a6f62ca003cab719740ed7651b7c) )
	ROM_LOAD( "robotron.sb9", 0x18000, 0x1000, CRC(b124367b) SHA1(fd9d75b866f0ebbb723f84889337e6814496a103) )
The cheat write is built up like so:

[cputag.][space]size@address=value


cputag = eg maincpu,cpu1
size = b(yte):1 byte, w(ord):2 bytes, d(oubleword):4 bytes, q(uadword):8 bytes
space = p(rogram), m(emory), o(pcode), r(am)
address = self explanatory
value = self explanatory

p = program address space of CPU (default - only writes to RAM)
m = basically the same as above but it will write to ROM
o = opcode address space of CPU (R/W access to decrypted opcodes)
r = direct RAM space of CPU (always allows writes, even for ROM)


To sum up when you write maincpu.mb@14A02 = 39, you are actually writing to rom bank 5 which contains the rom robotron.sb5 which gets banked into 4000-4FFF when the ROM is switched on.


FYI, syndromtr has produced a nice professional pdf which I think you should find an interesting read - http://cheat.retrogames.com/download/holycheat!.zip .
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Post Reply