PDA

View Full Version : ASM Hackers...


Darthatron
November 20th, 2010, 06:29 AM
What method do you all use in order to locate images/tilemaps written to the VRAM in the ROM? I've tried everything I can think of, and each time it's just lead to rage-quits (but not really)... So... Help?

I attempted setting a break point on any writes to the VRAM, but it didn't work.

Discuss?

colcolstyles
November 21st, 2010, 12:10 AM
Moving this to R&D...

I have a general method that I use which works most of the time. I've considered writing a tutorial detailing it but ah, there's never enough free time. Anyway, first I open the ROM with VBA-H and use its logging capability to track calls of DMA3 and SWI and then search through the results for the address I'm looking for. The good thing about this is that it also catches the decompression of any data which comes in handy for a lot of graphics in particular. If I don't see the address in the log file, then I fire up VBA-SDL-H and put a breakpoint on the address of the image/tilemap in the VRAM. This allows me to see exactly what's going on when the game writes to the VRAM. If the game breaks on a SWI call, then I can check the registers (r0 usually has the source) to find where the data is located in the ROM. If the game breaks on something like "str r0, [r7, #0x00]" and r7 contains an I/O Register address ('0x0400:0XXX'), then it's probably utilizing one of the DMAs. And if it's just a "str/b/h" or "stmia" instruction, then you'll have to decompile some routines to trace where the data is being read from, which, admittedly, can be a very tedious process.

Also, some of the time (I see this more with compressed data), the game copies the image into the WRAM and from there copies it to the VRAM. I'm assuming this has something to do with with buses and all that technical, hardware stuff that I don't understand.

Darthatron
November 21st, 2010, 07:49 AM
I'm shocked that I never thought of that... That's a very good way of doing it, kudos. :) I just followed your method and found exactly what I was looking for. :D

Anyone else have different ways, for future reference??

Full Metal
November 24th, 2010, 12:19 PM
[uncompressed only]
1.finf gfx memory [use oam/tile/sprite viewer]
2. dump a few bytes and search w/ hexeditor.
:]

ZodiacDaGreat
November 24th, 2010, 11:13 PM
Add onto Full Metal's way. But can also work for Compressed ;) Look for the address using the viewers, dump like approximate size and then compressed it with a tool and then search XD

Darthatron
November 27th, 2010, 07:42 PM
Add onto Full Metal's way. But can also work for Compressed ;) Look for the address using the viewers, dump like approximate size and then compressed it with a tool and then search XD

Yeah, that's what I used to do. xD I just always assumed there was a better way.

Prof. 9
November 28th, 2010, 12:36 AM
I set address=byte breakpoints and backtrace until I get a source address that's in the ROM. If the data is copied using DMA you can just peek at the DMA I/O ports and see what the source address is. Normal break-on-write breakpoints often don't work on VRAM because it's filled either through DMA or Cpu(Fast)Set.