68000 asm

General Chit-Chat about MAME and other emulators.
pasky13
CheatFinder Private
Posts: 27
Joined: Wed Nov 08, 2006 8:31 am

68000 asm

Postby pasky13 » Tue May 03, 2011 1:35 pm

Hi is there anywhere like irc to get a hold others that know a lot about z68000? I'm trying to reverse engineer some items in some cps2, such as getting character "special/normal" move damage because the game seems "random", but I'm sure it grabs the values from a table in ROM and then does some sort of random value to add or subtract from the base number.

I'm not very familiar with 68000 in particular, I know a bit of x86 and could really use some helpful advice. Thanks.

In particular, I set a breakpoint at an address, it has a value that I am looking for in register 'D6', however, I cannot scroll up in the debugger to see how that value was put into D6. Setting breakpoints at addresses above the original breakpoint does not cause a break, so I'm guessing it was a branch from somewhere else, how do I trace back to when that D6 was written to?
Last edited by pasky13 on Wed May 04, 2011 12:13 pm, edited 1 time in total.

User avatar
Pugsy
CheatFinder General
CheatFinder General
Posts: 3166
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Contact:

Re: Z6800 asm

Postby Pugsy » Tue May 03, 2011 8:20 pm

Place the bp and then do this:-

trace cps2.txt,0,{tracelog "D6=%08X ",d6}

run the game till the breakpoint is hit (preferably not too long as the trace file will get massive), and then:-

trace off

peruse cps2.txt at your leisure (start from the bottom)
Pugsy

Servicing your cheating needs since 1985 ;-)

Grab the latest cheat collection:
MAME 0.187 XML cheat collection 7 JULY 2017) from http://www.mamecheat.co.uk or direct from:-
http://www.mediafire.com/file/0dvubha3b ... at0187.zip (ZIP Archive 1826 KB)

pasky13
CheatFinder Private
Posts: 27
Joined: Wed Nov 08, 2006 8:31 am

Re: Z6800 asm

Postby pasky13 » Tue May 03, 2011 10:21 pm

Thanks Pugsy!

I also wanted to ask is it possible to write to the decrypted CPU memory section with the current cheat engine? I did some searching and saw this feature was removed due to a memory rewrite in mame 102u (I think). I can't seem to find any commands or can confirm if it was ever re-added or implemented.

Currently if I want to change or poke an opcode, I attach cheat engine to MAME and search for the array of bytes of the ASM command I'd like to modify backwards and edit it in real time in cheat engine, but as you can imagine this is annoying working backwards (since 68000 is Big endian and cheat engines memory browser displays them in little endian)

Thanks again!

User avatar
Pugsy
CheatFinder General
CheatFinder General
Posts: 3166
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Contact:

Re: Z6800 asm

Postby Pugsy » Tue May 03, 2011 11:42 pm

AFAIK there's are no problems poking CPS2 ROM addresses, just use region o instead of m... eg. maincpu.ob@6ca5=60.

Currently if I want to change or poke an opcode, I attach cheat engine to MAME and search for the array of bytes of the ASM command I'd like to modify backwards and edit it in real time in cheat engine, but as you can imagine this is annoying working backwards (since 68000 is Big endian and cheat engines memory browser displays them in little endian)


I really don't understand what you are trying to do, the MAME debugger shows the memory in the correct order - big endian is a lot easier to work with anyway.
Pugsy

Servicing your cheating needs since 1985 ;-)

Grab the latest cheat collection:
MAME 0.187 XML cheat collection 7 JULY 2017) from http://www.mamecheat.co.uk or direct from:-
http://www.mediafire.com/file/0dvubha3b ... at0187.zip (ZIP Archive 1826 KB)

pasky13
CheatFinder Private
Posts: 27
Joined: Wed Nov 08, 2006 8:31 am

Re: Z6800 asm

Postby pasky13 » Wed May 04, 2011 4:00 am

Oh, I can see how I confused you, when I mentioned attaching Cheat Engine, I meant cheatengine.org.

Thanks for the help, poking via the debugger will definitely save a lot of time.

Is there anyway to view the decrypted cpu memory with the memory viewer inside of mame's debugger?

User avatar
Pugsy
CheatFinder General
CheatFinder General
Posts: 3166
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Contact:

Re: 68000 asm

Postby Pugsy » Wed May 04, 2011 7:17 pm

The Disassembly Window (CTRL+D) in the debugger will show the decrypted cpu memory by default.

To find cheats you should only need to use the built in MAME debugger with the various cheat searching capability.
Pugsy

Servicing your cheating needs since 1985 ;-)

Grab the latest cheat collection:
MAME 0.187 XML cheat collection 7 JULY 2017) from http://www.mamecheat.co.uk or direct from:-
http://www.mediafire.com/file/0dvubha3b ... at0187.zip (ZIP Archive 1826 KB)

pasky13
CheatFinder Private
Posts: 27
Joined: Wed Nov 08, 2006 8:31 am

Re: 68000 asm

Postby pasky13 » Mon May 16, 2011 9:07 pm

Is there any way to trace the cpu while keeping track of a flag? (In particular the Z flag).

User avatar
Pugsy
CheatFinder General
CheatFinder General
Posts: 3166
Joined: Fri Aug 17, 2001 12:59 am
Location: North Wales, UK.
Contact:

Re: 68000 asm

Postby Pugsy » Mon May 16, 2011 10:00 pm

As far as I'm aware there is no way to log the flags in the tracelog, the only things you can log are listed in the symbols list. To find everything you can log use the 'symlist' command in the debugger.

symlist – Displays the global symbol table.
symlist 0 – Displays the symbols specific to CPU #0.
Pugsy

Servicing your cheating needs since 1985 ;-)

Grab the latest cheat collection:
MAME 0.187 XML cheat collection 7 JULY 2017) from http://www.mamecheat.co.uk or direct from:-
http://www.mediafire.com/file/0dvubha3b ... at0187.zip (ZIP Archive 1826 KB)

pasky13
CheatFinder Private
Posts: 27
Joined: Wed Nov 08, 2006 8:31 am

Re: 68000 asm

Postby pasky13 » Tue May 17, 2011 12:07 am

Ahh, I have beq mystery I'm trying to resolve. If I'm correct, beq branches when the z flag is set, and I'm trying to determine when it gets set before that instruction.

EDIT:
Well, I ended up finding what I needed by following the instructions before the branch, what a pain :).