Language…
15 users online: CroNo, DanMario24YT, Dennsen86, Hammerer, Inflagrandy, KaptainAhab,  MarioFanGamer,  MarkAlarm, mikeeeeee83, oliver1, playagmes169,  Segment1Zone2, signature_steve, Sweetdude, TheXander - Guests: 315 - Bots: 391
Users: 64,795 (2,371 active)
Latest user: mathew

[OBSOLETE] Disassembling SMAS (SMASH DIZ! Project)

Link Thread Closed
Recently I came up with a new ROM Hacking project. This project basically includes disassembling SMAS' whole ROM, so we can reveal the ASM stuff in it. A nickname for this project is "SMASH DIZ!". I dunno what it is good for though.

I've heard that SMW got disassembled with an alternate disassembler. However, since I know I will never ever find it, I decided to start up this projec withou itt.

The disassembly standards is pretty simple. Everything must be all.log styled. Labels everywhere and so on.

'Crew list':
Disassemblers:
· Ersanio (Leader) - Banks $00-$0F. Commenting $20-$3F's ASM data.
· Roy - The rest.

Assistant:
· SWR - Various, valuable Information

Developer:
· Alcaro - Developing the "smashdiz.exe" tool

Kicked:
BlueRabbit: Inactivity due to real-life stuff. I'd like to see him return.

We do not accept members anymore. And lastly, here is the SMAS ROM map (in construction): http://snn.pac.am/SMASRomMap.html (OUTDATED)
Good luck on this. I attempted a little bit on this before, But did not really work a lot. Especially when finding pointers with Geiger's SNES9x debugger. I tried finding the games and tried to load only one game. It failed for me.

I did learn a little more ASM from this though.
I started to disassemble the first bank. The format of the disassembly must be as following (if you used the debugger):

*tab**tab*-opcode paremeters-*tab**tab*(another tab if you have code without paremeters);$SNES Address *opcode in machine code* ; comment

Here is an example:

Code
		SEI      		;$00/8000 78 ;Set interrupt flag
		STZ $4200		;$00/8001 9C 00 42 ;Disable interrupts
		STZ $420C		;$00/8004 9C 0C 42 ;Disable HDMA
		STZ $420B		;$00/8007 9C 0B 42 ;Disable DMA
		STZ $2140		;$00/800A 9C 40 21 ;\
		STZ $2141		;$00/800D 9C 41 21 ; |Disable sound regs 
		STZ $2142		;$00/8010 9C 42 21 ; | 
		STZ $2143		;$00/8013 9C 43 21 ;/
		LDA #$80 		;$00/8016 A9 80    ;\Forced blanking
		STA $2100		;$00/8018 8D 00 21 ;/   
		CLC			;$00/801B 18 ;\Enter native mode
		XCE			;$00/801C FB ;/


EDIT: No, you don't need to use LDA.w, LDA.b, JSR.l stuff. The ASM file we are going to make won't be assemble-able anyways.
This project sounds like fun. PM me with a good starting point and we'll see what i can come up with, yeah?


Feel free to PM me if you have any questions.

News: Since SMWC's IRC moved back to badnik again, there is an additional IRC channel. IRC server: irc.badnik.net
Channel: #smasdis
Password is the same as the centralchat one.

Also some notes: When writing branches (using the debugger of course), write them like this:

Code
		BNE $C6			;[$8037] $00/806F D0 C6   


You see the [$8037]? It shows the location of where it branches to. And about tables...

Code
TABLE_0080A6:	db $C0,$D8,$9B,$CE,$40,$A5,$C5


About JSR/JSL and jumping:

Code
		JMP SUB_0093C7		;$00/8034 4C C7 93   
...
...
SUB_0093C7:	JSR SUB_0083B9		;$00/93C7 20 B9 83


EDIT: Fixed a spelling error due to a grammer nazi. Oh snap, another typo.
There are really only two other people on this planet who know anything about the SMAS world afaik. That would be me and Insectduel. I am very familiar with the SMB1 ASM and have a large portion of its memory map. I'm not much for disassembling due to other projects with the game I'm doing, but I'd be glad to assist in others ways. Just PM me for my AIM name if you're interested. I really prefer AIM over IRC, but if you can't use AIM for some awful reason, then just give me the IRC pass I guess. =/
-SWR
----------

Interested in MushROMs? View its progress, source code, and make contributions here.

It's quite awesome to have you on the project team since you know stuff about SMAS.

If you are going to join, please tell me if you will disassemble, or will be an assistant.
I'm not really familiar with SMAS ASM, but I assume it is not much different from SMW ASM, aside from a few commands that might not be used in SMW, maybe.

I'd like to join then.
--------> Don't follow "Find Roy's Dignity", my hack. Because it's pretty outdated. <--------
All disassemblers PM me for up to date RAM addresses regarding SMB1, misc. data, or just random help. If you have AIM or MSN, that would be grand.
----------

Interested in MushROMs? View its progress, source code, and make contributions here.

Just for the sake of information, I collected some RAM addresses some months ago (aka not up-to-date).
Grab them here

Also, I think I found some... interesting routine. It is related to the SPC-700. Keep an eye out on $1F8000 when you are disassembling.

EDIT: $1FC000 too.
EDIT2: $0C8000 too...
My blog. I could post stuff now and then

My Assembly for the SNES tutorial (it's actually finished now!)
I looked through banks 18-1F in yy-chr, and found...graphics, graphics, and more graphics. No ASM codes at all.
Graphics man, check there (the graphics is at least mainly from SMB2).
Ersan, don't give these banks to anyone.

Well, there is some empty space there, but that doesn't count, right?
Also, at PC 0D6A00 (in a headered ROM), there's some suspicious-looking stuff, but that doesn't look at all like that'd be ASM. Too repeative (24 10 24 10 24 10 24 10 24 10 24 10 24 10 24 10 etc), too few A9's, 8D's, etc.
It's propably related to VRAM.

Edit: Oops, I made a mistake. Bank 1F does contain ASM suspicious data. I'll try to disassemble that.
Edit: Oops, that's SPC data. I'll let someone else disassemble that if neccesary.
<blm> zsnes users are the flatearthers of emulation
I did a check on how much space went into graphics data in the ROM about a year ago and arrived at 0x115000 bytes out of the 0x200000 bytes in the ROM. This means that (including empty space) there are, at most, only 30 banks to disassemble. In contrast to the original 64, I have just cut our work in half and then some. You're all welcome.
$01:8000-
$02:BFFF:GFX for the opening of the game. The rest of the second bank is mostly empty space and what appears to be static data. I'm not positive, but I would advise immediate inspection of the rest of the code and what it does.
$06:8000-
$07:BFFF:SMB1 GFX including objects, sprites and animated tiles
$08:8000-
$0A:FFFF:Layer 2 BG GFX and player GFX.
$0C:8000-
$0C:FFFF-This is a very odd bank. It sports a quarter of empty space, some SMB3 GFX, and some 3BPP GFX.
$10:8000-
$10:FFFF:A GFX bank for any differences between the SMB1 game and the SMB:TLL game (like poison mushroom).
$16:8000-
$1E:FFFF:SMB2 GFX and some empty space here and there. There's something odd at $1A:E800. It's not GFX, but it has a visual pattern where you know it's not code. It could use inspection though.
$2B:8000-
$2C:FFFF:Okay, this one was hard to figure out, but it's the box arts for the games on the select screen.
$2D:8000-
$3A:FFFF:The world of SMB3 GFX. It boasts a few other odd things though. Nothing looks like vital data however.
$3D:8000-
$3F:FFFF:A few final GFX for the SMB3 game.
Altogether, that totals for over half the space in the ROM. You may want to reevaluate the division of labor among the game Floating Munchsanio. If you could get ten people, they'd only have to do three banks of pure code. That's a pretty hearty deal!
----------

Interested in MushROMs? View its progress, source code, and make contributions here.

Hmm, thats some valuable information you got there SWR. Thanks. Do you also have stuff like SPC information, or do we have to find it out ourselves?

(You can also just call me Ersanio :P)

EDIT: SPC Stuff I found:

Code
		LDA #$00		;$00/8B17 A9 00	;\
		STA $00			;$00/8B19 85 00	; |SPC-700
		LDA #$80		;$00/8B1B A9 80	; \ SMB1/SMBTLL Music Location
		STA $01			;$00/8B1D 85 01	;  \
		LDA #$1F		;$00/8B1F A9 1F	;   \ Music Data is located at
		STA $02			;$00/8B21 85 02	;    ----\
		JSR $8BAC		;$00/8B23 20 AC 8B	; | $1F8000
		RTS			;$00/8B26 60	;--------/

		LDA #$00		;$00/8B27 A9 00	;\
		STA $00			;$00/8B29 85 00	; |SPC-700
		LDA #$C0		;$00/8B2B A9 C0	; \ SMB2 Music Location
		STA $01			;$00/8B2D 85 01	;  \ 
		LDA #$1F		;$00/8B2F A9 1F	;   \ Music Data is located at
		STA $02			;$00/8B31 85 02	;    ----\ 
		JSR $8BAC		;$00/8B33 20 AC 8B	; | $1FC000
		RTS			;$00/8B36 60	;--------/

		LDA #$00		;$00/8B37 A9 00	;\
		STA $00			;$00/8B39 85 00	; |SPC-700
		LDA #$80		;$00/8B3B A9 80	; \ SMB3 Music Location
		STA $01			;$00/8B3D 85 01	;  \
		LDA #$0C		;$00/8B3F A9 0C	;   \ Music Data is located at
		STA $02			;$00/8B41 85 02	;    ----\ 
		JSR $8BAC		;$00/8B43 20 AC 8B	; | $0C8000
		RTS			;$00/8B46 60	;--------/


For example, when you change C0 at LDA #$C0 (SMB2 music data) to 80, it will play SMB1 music. This is just wicked.
...I thought I said that banks 19-1F are only GFX/SPC and shouldn't be disassembled? So why does the list of disassemblers suggest that I'm disassembling these banks? ...Propably so you won't give them to someone else.
Well, as promised over IRC, I've made a tool to convert the debugger's data to the format of your smasdissasembly.asm. Link PM'd to you. Upload it to your own site if you want the rest of the team to have access to it.
Also,
Originally posted by Floating Munchsanio
Also some notes: When writing branches (using the debugger of course), write them lime this:
[/grammarnazi]
Also, why don't that sound code contain a STZ and a 16-bit LDA/STA instead?
<blm> zsnes users are the flatearthers of emulation
Originally posted by Alcaro
...I thought I said that banks 19-1F are only GFX/SPC and shouldn't be disassembled? So why does the list of disassemblers suggest that I'm disassembling these banks? ...Propably so you won't give them to someone else.

Probably forgot about it. Tell me which banks you want to disassemble (which are not claimed yet)

Originally posted by Alcaro
Originally posted by Floating Munchsanio
Also some notes: When writing branches (using the debugger of course), write them lime this:
[/grammarnazi]

pfff. Typo #(who cares) I made this month now.

Originally posted by Alcaro
Also, why don't that sound code contain a STZ and a 16-bit LDA/STA instead?

The programmers were probably lazy or something.
My blog. I could post stuff now and then

My Assembly for the SNES tutorial (it's actually finished now!)
The programmers probably set it out something like this in order to make the code more readable. If anything this is the least lazy way to do it because you can move the location of the file without hassle.

Code
LDA #SMB1Music
STA $00
LDA #SMB1Music>>8
STA $01
LDA #SMB1Music>>16
STA $02
JSR UploadMusic
RTS

...

SMB1Music:
incbin "music.bin"


They could have used 16bit load/store, but I wouldn't have bothered since speed isn't 100% important here.
If it's okay, I'll take some assistant position.
I tried to disassemble a little to see how it feels, but I think the best thing I can do to support your project is to keep developing that tool.
<blm> zsnes users are the flatearthers of emulation
I just wanted to point out that my progress is 2950 lines of code, and that I found something interesting:

Code
TABLE_00A017:
	.db $00,$02,$04,$06,$20,$22,$24,$26 ;It seems like this has a 16x16 GFX pattern.
	.db $08,$0A,$0C,$0E,$28,$2A,$2C,$2E ;Yep, this is the Nintendo presents tilemap.
	.db $40,$42,$44,$46 ;


Someone should start to code a ROM map for us :( *shot*

Edit: Expect bank 1 being finished within this week since my progress is over 9000 6045 lines now.
You know what would be nice? If you also made a version for Motorola68000 (The one the Genesis uses). That way we would have a port of SMW for the Genesis!

Still, I'm in awe. Super Mario All-Stars is a favourite SNES game of mine.
aka amphobius
Woah...
If I knew this kind of stuff a little bit better I would help, because that would be awesome!
Link Thread Closed