Language…
14 users online: ageVerrly, Blue Axl, Capeman, CONLUSH666, drkrdnk, FantasticFox, gabriel09213535, Luztruz, Oskise, playagmes169, SAMYR DUTRA ARAUJO, Triple P, ZAK64, Zavok - Guests: 96 - Bots: 188
Users: 62,939 (2,660 active)
Latest user: BlackOfc

What is this DISASM.EXE?

Forum IndexNon-SMW HackingMisc. ROM Hacking → What is this DISASM.EXE?

Link
The all.log disassembly of Super Mario World contains a reference to some program disasm.exe.

Code
C:\Mario\disasm>disasm.exe --sym3 all.fake --ram all.ram --sym all.sym --ptr all
.ptr --data all.data --accum all.flags --comment all.comment --sym2 all.trace ma
rio.smc


I searched the internet, but failed to find any information about this program. I instead found another program of the same name.



Programmer's Heaven has a 65816 SNES Disassembler v2.0 with C src

The zip seems containing two programs from 1994. They seem being Super NES assembler 65816.EXE by Jeremy Gordon, and Super NES disassembler DISASM.EXE by John Corey. These programs provide evidence that hackers beyond Nintendo were attempting the Super NES, only about three or four years after the release of Super Mario World (1990, 1991). The freeware license allows redistribution only without fee, and does not allow modification.

Evidence suggests that the DISASM.EXE of 1994 is a different program than the generator of all.log. The two programs have very different command-line options. The program of 1994 seems to have fewer features. I am uncertain if the two programs are unrelated, or if the generator of all.log was a hack of the program of 1994.

The zip from 1994 contains these files.

Code
$ file *
65816:      AmigaOS loadseg()ble executable/binary
65816.DOC:  ASCII Pascal program text
65816.EXE:  MS-DOS executable, LX for OS/2 (console) i80386, emx 0.8h
65816.TGZ:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), last m
odified: Wed Mar  9 03:32:06 1994
CHANGES:    ASCII English text
DISASM:     AmigaOS loadseg()ble executable/binary
DISASM.DOC: ASCII English text
DISASM.EXE: MS-DOS executable, LX for OS/2 (console) i80386, emx 0.8h
DISASM.TGZ: gzip compressed data, was "disasm.tar", from Unix, last modified: Th
u Mar 10 00:29:06 1994
EMX.DLL:    MS-DOS executable, LX for OS/2 (DLL) i80386
HDMADEMO.A: ASCII English text
README.1ST: ASCII English text


Each *.TGZ tarball contains some C source code, and a Makefile to compile the program for Unix. Here is the only disassembler for the Super NES with public source code of my awareness. DISASM.TGZ seems to be the source code of the disassembler. The source code is not free, because there is no permission to hack and share any improvements.

I have OpenBSD clone of Unix, but I did not compile the source code because I have not checked if the disassembler is spyware. I also cannot be certain that the source code matches the AmigaOS executable DISASM or the DOS executable DISASM.EXE. I might want to run DISASM.EXE inside the emulator QEMU running FreeDOS.

So does anyone here know anything about DISASM.EXE? The zip is available if anyone wants to study it.

Hacking Super Mario World since 28 February 2009
SMWDISC
(This is a double post, because my new text is long, and my token would expire if I edited my post.)

I installed a FreeDOS system in the QEMU emulator. This system can run the DISASM.EXE from the zip file.

Inside this system, disk C: has DOS, and disk D: has files that I copied from OpenBSD. Each disk holds 100 MB. Directory D:\ROMS contains DISASM.EXE, Super Mario World (SMW.SMC) and N-Warp Daisakusen (NWARP.SMC).


In screenshot, I look at disasm -help, then run command disasm -skip -hirom -c2 nwarp.smc > nwarp.s. This is slow. QEMU runs as fast as it can, the host processor is 0% idle. My emulated DOS system from 2009 might be faster than a real DOS system from 1994. I wait very many minutes, before the command finishes and DOS shows another D:\roms> prompt.

I also disassemble Super Mario World. The disassemblies, SMW.S and NWARP.S, occupy about 48 MB of the 100 MB disk. I try to use DOS to view the disassemblies with the EDIT command.


In screenshot, I try to open SMW.S, but the file is too large for the EDIT command. I can use the MORE command, which would display a file but would only scroll down (until I press 'q' to quit). I instead copy the disassemblies to OpenBSD.

The disassembly of Super Mario World starts well. The format is almost like all.log. The comments boast some knowledge of the Super NES registers from 1994.

Code
; Disassembled by:
; 65816 SNES Disassembler   v2.0a (C)opyright 1994  by John Corey
; Begin: $008000  End: $ffffff
; Hirom: No   Quiet: No   Comments: 2  DCB: No   Symbols: No   65816: No 
008000 78            SEI      
008001 9c 00 42      STZ $4200     	; NMI, V/H Count, and Joypad Enable
          ;a0bc000d a = NMI  b = V-Count  c = H-Count  d = Joypad
008004 9c 0c 42      STZ $420c     	; H-DMA Channel Enable
          ;abcdefgh  a = Channel 7 .. h = Channel 0: 0 = Enable  1 = Disable
008007 9c 0b 42      STZ $420b     	; Regular DMA Channel Enable
          ;abcdefgh  a = Channel 7 .. h = Channel 0: 0 = Enable  1 = Disable
00800a 9c 40 21      STZ $2140     	; APU I/O Port
00800d 9c 41 21      STZ $2141     	; APU I/O Port
008010 9c 42 21      STZ $2142     	; APU I/O Port
008013 9c 43 21      STZ $2143     	; APU I/O Port
008016 a9 80         LDA #$80     
008018 8d 00 21      STA $2100     	; Screen Display Register
          ;a0000bbbb a: 0=screen on, 1=screen off  b = brightness
00801b 18            CLC      
00801c fb            XCE      
...


There are some problems. The disassembler handles all data as 65816 machine code. (The "65816: No" comment only means that the disassembly does not use the format of the 65816.EXE assembler.) Super Mario World contains some bytes other than machine code. The disassembler produces nonsense when it tries to disassemble these bytes.

Code
...
018681 b5 63         LDA $63,X     
018683 b5 63         LDA $63,X     
018685 b5 36         LDA $36,X     
018687 b5 73         LDA $73,X     
018689 c7 91         CMP [$91]     
01868b ae de 87      LDX $87de     	; 
01868e 4a            LSR      
01868f d7 4a         CMP [$4a],Y     
018691 d7 19         CMP [$19],Y     
018693 d7 19         CMP [$19],Y     
018695 d7 19         CMP [$19],Y     
...


These repeated LDAs and CMPs are not machine code. Some of the other nonsense is less obvious.

The disassembly also contains some actual mistakes. I noticed that first column contains some wrong addresses. For example, the reader cannot follow a jump to its destination.

Code
...
00986c 22 8c 80 01   JSL $01808c     
...
018084 a9 13         LDA #$13     
018086 99 cc 17      STA $17cc,Y     
018089 60            RTS      
01808a 8b            PHB      
01808b 4b            PHK      
01808c ab            PLB      
01808d ad 8f 14      LDA $148f     	; 
018090 8d 70 14      STA $1470     	; 
...


If I would believe the disassembly, then the JSL $010808c would call a subroutine that starts with PLB but skips PHB and PHK. I prefer to believe that the subroutine starts with the PHB, and that the address of the PHB is $01808c, not $01808a.

The disassembly of N-Warp Daisakusen starts badly, because I gave the wrong options to disasm. This game uses the 'hirom' memory map, and I correctly gave -hirom, but I did not change the beginning address from $008000. (The correct beginning address might be $400000, or the mirror at $c00000.) I also and wrongly gave -skip to skip the SMC header, but my ROM image is headerless.

Code
; Disassembled by:
; 65816 SNES Disassembler   v2.0a (C)opyright 1994  by John Corey
; Begin: $008000  End: $ffffff
; Hirom: Yes  Quiet: No   Comments: 2  DCB: No   Symbols: No   65816: No 
008000 f6 f8         INC $f8,X     
008002 fa            PLX      
008003 fc 39 c6      JSR ($c639,X)     
008006 f3 00         SBC ($00,S),Y     
008008 c0 00         CPY #$00     
00800a e0 00         CPX #$00     
00800c c0 00         CPY #$00     
00800e 00            BRK      
00800f 00            BRK      
008010 00            BRK      
008011 00            BRK      
...


This is not the beginning of the ROM image; this data is actually from offset 0x8200. The actual address of the $f6 byte is $c08200, not $008000.

Code
...
00fda0 78            SEI      
00fda1 18            CLC      
00fda2 fb            XCE      
00fda3 4b            PHK      
00fda4 ab            PLB      
00fda5 c2 30         REP #$30     	; Index (16 bit) Accum (16 bit)
00fda7 e2 20         SEP #$20     	; Accum (8 bit)
00fda9 9c 00 42      STZ $4200     	; NMI, V/H Count, and Joypad Enable
          ;a0bc000d a = NMI  b = V-Count  c = H-Count  d = Joypad
00fdac a9 01         LDA #$01     
00fdae 8d 0d 42      STA $420d     	; Cycle Speed Designation
          ;0000000a a: 0 = 2.68 MHz, 1 = 3.58 MHz
00fdb1 5c aa 4f c0   JMP $c04faa     
...


This is the reset handler of N-Warp Daisakusen, from offset 0xffa1. The actual address of the SEI instruction is $c0ffa1 (mirrored at $00ffa1), not $00fda0.

Hacking Super Mario World since 28 February 2009
SMWDISC
I'm 99% sure that' mikeyk's own disassembler, he mentioned working on it before on board2 I think.

besides, the -ram, -comment etc. cmd line switches is absent from disasm.exe you downloaded according to the OP
You're trying to disassemble N-Warp Daisakusen with a tool made in 1994?
Very cute. :>

Yeah, this thread is old, but here's something that may be relevant to you, anyway:
I've released the sourcecode to N-Warp Daisakusen some time ago.
You can get it at my website.

Forum IndexNon-SMW HackingMisc. ROM Hacking → What is this DISASM.EXE?

Link