Shimapong, dont'be shy... (de-assembly for ROMHACK!)

If you are having problems finding or using cheats for an Emulator (particularly MAME/MESS) or have found a trick that you wish to share this is the place to do it. But please read the Cheat FAQ first.
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

Shimapong, dont'be shy... (de-assembly for ROMHACK!)

Post by Kriptokapi »

ShimaPong surely knows howto deassembly the memory.
What deasm you use? I have IDAPRO and OLLYDBG.
How can I use them?
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

You have to recompile MAME yourself and make a debug build. Other disassemblers are of little use - you need a disassembler/debugger for each CPU hence you use the MAME debugger - which when you get used to it is VERY powerful.
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
User avatar
ianpatt
Posts: 336
Joined: Sat Sep 22, 2001 1:00 am
Location: San Francisco, CA

Post by ianpatt »

IDA pro (the legit Professional version at least) has support for tons of different CPUs; it can be very useful for this sort of thing as a companion to the MAME debugger.
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

Well I never knew that. But, what sort of power does it have for such things and how well does it work with MAME and other emulators is it just a disassembler or could it be used as a debugger with breakpoints,watchpoints, regpoints & traces and has it got any useful extras? It would be great to have a really powerful debugger for use with other emulators..../me salivates at the possibilities.
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
User avatar
ianpatt
Posts: 336
Joined: Sat Sep 22, 2001 1:00 am
Location: San Francisco, CA

Post by ianpatt »

It's a very powerful disassembler with good analysis tools, but out of the box it's only a debugger for x86. I'm not sure how extendable the debugger is; if it's general-case enough someone could probably write a debugger client for MAME that could talk with IDA via a plugin or the remote debugger interface.

I just use it for the annotated disassembly and switch back and forth between it and the MAME debugger.
ShimaPong
Posts: 1063
Joined: Wed May 21, 2003 4:19 pm
Location: Japan

Post by ShimaPong »

Kriptokapi wrote:What deasm you use?
I'm using new MAME debugger only. If you have other "favorite" debugger, you should use it. Sorry, I can't assist in this case. Although I think it's the best choice for a beginner to start with MAME debugger.

But it's important problem that tracing or understanding a program code rather than how to use a debugger. I have taught myself to catch up. Fortunetly, I have found several databases for an opcode per CPU on Japanese web sight. (And a game-magazine inclueded a cheat code, how to hacking etc.)
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

MAMEplus!106u1 - recompiled?????????

Post by Kriptokapi »

It's REALLY necessary to recompile? Please, tell me it's untrue!!!
I have MAMEplus!106u1, I tried to activate debugger, nothing happens... How should I adjust?
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

Yes I'm afraid it is necessary to recompile, if you have an ATHLON cpu I can send you my athlon optimised debug build.
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

okay!!!!

Post by Kriptokapi »

Send it!
Send it!
Send it!
Send it!
Send it!
Send it!
Send it!
Thanks! You are wonderful!
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

I think it maybe a bit big for your email inbox (around 9.5 megs).
Here's the commandline version of the MAME 0.106 optimised debug build for the Athlon CPU...let me know when you have it so I can delete it.


http://www.zen87661.zen.co.uk/mame0106debugbuild.zip



Use MAME -debug -cheat gamename on the commandline to run it
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

Post by Kriptokapi »

Thanks for the post, it works perfectly! But I think this file must be included in the main downloads, together with your cheat files.
In fact, NO INTERNET SITE host a debug mame release
00
V
/\

and so this file is VERY useful! Or else, please write a guide: howto recompile mame easily. I tried, but the compiler (not quite user friendly :( )requests a lot of .o files, not included in the source!
vv
V
/\
LOADS OF thanks anyway.
_______________________________
Someone can tell me why this cheat doesn't work?

:ddragon:20A20000:5C3E:00CC0000:FFFFFFFF:not working

I putted a watchpoint and I notice that this address stays unchanged :evil: regardless of this code.
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

Kriptokapi wrote:Thanks for the post, it works perfectly! But I think this file must be included in the main downloads, together with your cheat files.
In fact, NO INTERNET SITE host a debug mame release
Yes well debug builds are really only meant to help the mamedevs, and as they are programming the drivers they obviously have no problems compiling the debug build themselves. With the exception of cheat finding by a few cheat finders there is little call for debug builds as they will just confuse most people and they are marginally slower than non-debug builds I believe - though as never use anything but a debug build I can't personally confirm that.
and so this file is VERY useful! Or else, please write a guide: howto recompile mame easily. I tried, but the compiler (not quite user friendly :( )requests a lot of .o files, not included in the source!
It is very easy - the .o (object) files are made from the source via the make command.

Look at the Easy way - http://www.mamedev.org/tools/ , and download the two files it mentions and extract them as instructed. Grab the MAME source and extract into a subdir in the mingw path. Then make a .bat file to set the mingw/bin into your path - so a new mingw.bat file with this in it:-

Code: Select all

SET PATH=R:\prg\Mingw\bin
Obviously change the hd and dir to suit where you've put mingw. Open the /bin folder and copy the mingw32-make.exe and rename the copy make.exe.

Now in the mingw folder run mingw.bat and then change to the source folder and type make and wait. Don't forget to edit the makefile first though so that it will make you a debug build (and other stuff if you desire)....then just wait for it to compile takes anywhere from 15 mins to an hour.
Someone can tell me why this cheat doesn't work?

:ddragon:20A20000:5C3E:00CC0000:FFFFFFFF:not working

I putted a watchpoint and I notice that this address stays unchanged :evil: regardless of this code.
It's paged memory....try something like:-

:ddragon:20A20000:15C3E:00CC0000:FFFFFFFF:not working
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

Post by Kriptokapi »

Okay Pugsy!!!!! You was wonderful as ever! Loads of thanks, but my curiosity is like wind, she never stops!!!
How can I distinguish "RAM", "paged memory", "ROM" regions, and why 99.9% of the ROMHACK cheats *require* "region"?
(Don't tell me "watch the indexes in the cheats\options\..." 'cause it's too much generic, I can't be satisfied.)
I think i'll post soon a little "guide" for ROM hacks with basical instr, and related codes- (in M6800 djnz=... and so on) 'cause the MAME decompiler is useless if ya want an AS-sembler.
I must understand this, or I'll never become a decent cheatfinder! :wink: :wink:

\\\ SUGGESTIONS FOR MAMEDEVS ///

I think mamedevs must add an option in the cfg file like
DEFAULT_CHEAT_INTERFACE = default/advanced
and also PLEASE IMPROVE SOON THE DISASSEMBLER!!!!!!!!!!!!!!
If it can't assemble (and it neither perform a code analysis), please add a command that puts dumped instructions list in a txt file, or the ROM hacking soon becomes a :cry: frustrating experience!!!!!!:cry:
Why this da__ed deassembler refuse to put a bp during execution?
Save me from desperation, i'm only a poor okapi! :lol:

Suggestion ends. Hi

(ps I'll try to compile my MAME, one day...)
User avatar
Pugsy
Posts: 3638
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Has thanked: 1 time
Been thanked: 12 times
Contact:

Post by Pugsy »

Kriptokapi wrote:How can I distinguish "RAM", "paged memory", "ROM" regions, and why 99.9% of the ROMHACK cheats *require* "region"?
(Don't tell me "watch the indexes in the cheats\options\..." 'cause it's too much generic, I can't be satisfied.)
A good rule of thumb is if you changing program code it will be a ROM cheat (either unpaged or paged) with the exception of cassette loaded games (and perhaps games using disks). You can look at the mame source for some information about a game's memory map but often if a ROM cheat doesn't appear to be working it's often quicker just to put a watchpoint on the address and cycle through the options and if that doesn't work try just adding a 1 infront of the address which work for a high percentage of games. Also remember some games use an encrypted CPU which mean that changing the opcode may not have effect even if the watchpoint says it does - so you will have to try and get the same effect by changing the operand instead.
I think i'll post soon a little "guide" for ROM hacks with basical instr, and related codes- (in M6800 djnz=... and so on) 'cause the MAME decompiler is useless if ya want an AS-sembler.
I must understand this, or I'll never become a decent cheatfinder! :wink: :wink:
It's true that the debugger can't assemble but you can use the DASM command to dump out a disassembly of the code to a file, you can then use a text editor to search the value needed for the opcode you want. I do this for CPUs I'm not very good with - for 6502 and 68000 I generally remember the opcodes anyway.
\\\ SUGGESTIONS FOR MAMEDEVS ///

I think mamedevs must add an option in the cfg file like
DEFAULT_CHEAT_INTERFACE = default/advanced
It's already there, I think you need to check out the :_command: option - look at the cheat file for how it works (it's near the top)

and also PLEASE IMPROVE SOON THE DISASSEMBLER!!!!!!!!!!!!!!
If it can't assemble (and it neither perform a code analysis), please add a command that puts dumped instructions list in a txt file, or the ROM hacking soon becomes a :cry: frustrating experience!!!!!!:cry:
You can pretty much do most ROM hacking using BP, WPSET, DASM and most importantly TRACE.
Why this da__ed deassembler refuse to put a bp during execution?
Save me from desperation, i'm only a poor okapi! :lol:


BP works fine here, make sure you've set the BP on the right CPU - see HELP BPSET. You can use OBSERVE or IGNORE to toggle which CPUs you which to look at in the debugger
Pugsy

Servicing your cheating needs since 1985 8)

Grab the latest cheat collection:
MAME 0.259 XML cheat collection (6 OCTOBER 2023) from http://www.mamecheat.co.uk or direct from:-
https://mega.nz/file/q4dHGZ6K#i-EUiqIjH ... KMz7hnbTfw (ZIP Archive 3.76MB)
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

Thanks again...

Post by Kriptokapi »

Okay, okay, i'll soon ckeck it out.
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

Post by Kriptokapi »

Double Dragon - A bit of already DEASM code (DoubleDragon)

Here is an interesting ROM region for experiments.
  • ;Main Program (?) start
    4015: 7E 56 F5 JMP $56F5
    4018: 7E 57 F6 JMP $57F6
    401B: 7E 51 9C JMP $519C
    401E: 7E 43 13 JMP $4313
    4021: 7E 4A F7 JMP $4AF7
    4024: 7E 4B 7B JMP $4B7B ;Idle code? - Use this line for skip the other actions
    4027: 7E 4C 0E JMP $4C0E
    402A: 7E 4D 90 JMP $4D90
    402D: 7E 50 61 JMP $5061
    4030: 7E 5E DE JMP $5EDE
    4033: 7E 54 FF JMP $54FF
    4036: 7E 5E 91 JMP $5E91
    4039: 7E 5B 90 JMP $5B90
    403C: 7E 51 3E JMP $513E
    403F: 7E 51 2B JMP $512B
    4042: 7E 44 66 JMP $4466
    4045: 7E 4F 7E JMP $4F7E
    4048: 7E 4F FD JMP $4FFD
    404B: 7E 4E 4B JMP $4E4B
    404E: 7E 53 0A JMP $530A
    4051: 7E 52 9F JMP $529F
    4054: 7E 51 71 JMP $5171
    4057: 7E 5E 55 JMP $5E55
    405A: 7E 5F 90 JMP $5F90
    405D: 7E 60 FB JMP $60FB
    4060: 7E 61 69 JMP $6169
    4063: 7E 50 A7 JMP $50A7
    4066: 7E 50 A7 JMP $50A7
    4069: 7E 50 A7 JMP $50A7
    406C: 7E 42 0B JMP $420B
    406F: 7E 61 BA JMP $61BA
    4072: 7E 61 D4 JMP $61D4
    4075: 7E 5B FD JMP $5BFD ;Action for enemy AI? - Replace with 61D5 -> No enemy displayed (buggy)
    4078: 7E 5C 32 JMP $5C32 ;Action for losing weapons.
    407B: 7E 61 D5 JMP $61D5 ;Death/Disappear ?
    407E: 7E 63 76 JMP $6376
    4081: 7E 63 DD JMP $63DD
    4084: 7E 64 11 JMP $6411
    4087: 7E 62 46 JMP $6246
    408A: 7E 64 86 JMP $6486
    408D: 7E 62 81 JMP $6281
    4090: 7E 63 0D JMP $630D
    4093: 7E 64 AA JMP $64AA
    4096: 7E 64 AA JMP $64AA
    4099: 7E 42 79 JMP $4279
    409C: 7E 65 01 JMP $6501
    409F: 7E 65 26 JMP $6526
    40A2: 7E 42 D1 JMP $42D1
    40A5: 7E 64 AA JMP $64AA
    40A8: 7E 64 AB JMP $64AB
    40AB: 7E 64 CD JMP $64CD
    40AE: 7E 5D DC JMP $5DDC
    40B1: 7E 72 9C JMP $729C
    40B4: 7E 72 9D JMP $729D
    40B7: 7E 6D 63 JMP $6D63
    40BA: 7E 6D D2 JMP $6DD2
    40BD: 7E 6E 59 JMP $6E59
    40C0: 7E 43 C3 JMP $43C3
    40C3: 7E 73 5E JMP $735E
    40C6: 7E 75 39 JMP $7539
    40C9: 7E 75 5F JMP $755F
    40CC: 7E 75 9C JMP $759C
    40CF: 7E 66 CC JMP $66CC
    40D2: 7E 77 57 JMP $7757
    40D5: 7E 76 74 JMP $7674
    40D8: 7E 76 2F JMP $762F
    40DB: 7E 75 A9 JMP $75A9
    40DE: 7E 75 EC JMP $75EC
    40E1: 7E 76 B2 JMP $76B2
    40E4: 7E 76 FE JMP $76FE
    ;Main Program (?) ends
If you wanna look close to DDragon code, you can modify the codes:
Remember that code for NOP is 12 (3 times nop = 121212 -> will be exec the next instruction.)
Let's try! And if someone can find the description for ALL the actions, he is nearly
a genie ;) .

Code: Select all

;Format for the ROMhack is:
;??-> 15-E4 !!!!-> A subprog. entry point.
;:ddragn2u:20A20000:140??:007E!!!!:FFFFFFFF:RomHack (If you find sthg interesting, post it.)
ShimaPong
Posts: 1063
Joined: Wed May 21, 2003 4:19 pm
Location: Japan

Post by ShimaPong »

I can't understand what you do.
ShimaPong
Posts: 1063
Joined: Wed May 21, 2003 4:19 pm
Location: Japan

Post by ShimaPong »

> My Double Dragon cheat was an ATTEMPT to stop the restless mechanism PICK-WEAPONS,LOSE-WEAPONS,PICK-WEAPONS,...
> and i wanted to stop the modification of the addresses that contain the references to weapons.
> Too bad my ROMhack is buggy, it cause (when it works!) also the enemies to not lose the weapon. Usually game crashes whenever someone thows an object.

> The main addresses for that purposes was listed in my thread DDRAGON, SOME NEW HACKS.
> I can't find any good code for the whip, only for baseball stick.

I think the routine about a weapon is the same between players and enemies. In this case, try to search a flag for a player or an enemy and added the check routine newly.
Kriptokapi
DISABLED ACCOUNT
Posts: 135
Joined: Sat May 06, 2006 9:03 am
Location: Italy (Sardinia, OR / CA)

I-AM-BOTHERED-OF-THIS-DA**ED-GAME!

Post by Kriptokapi »

I already tried all combinations, I'm so sick and tired!!! :(
I'll go no further with this game, I am only a debutant.
I found good ROMhacks for Gauntlet, check that out, but DDragon is too demanding for me.
Only a true hacker can found that codes, I'm not a serious hacker. Forgive me if you can!
ShimaPong
Posts: 1063
Joined: Wed May 21, 2003 4:19 pm
Location: Japan

Post by ShimaPong »

Kriptokapi wrote:I already tried all combinations, I'm so sick and tired!!!
I can't establish his try because he doesn't explain it so that I say that he NEVER finishes trying all combinations.
Post Reply