Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

Sega Saturn hacking docs (part 8)

SegaSaturn's profile picture
@SegaSaturn
Published in 
SegaSaturn
 · 4 years ago
Sega Saturn hacking docs (part 8)
Pin it

Dirty way of finding ASM routines


(Last Updated December 25, 2002)


List of updates
-December 25, 2002 - First release


Introduction
First of all, as with all my hacking docs this is a WIP (Work-in-progress). I'm sure there will be info that will be inaccurate. But that's what you people reading this are for (so you can help me fix my mistakes ;), right?

Please, if you want to copy portions (whole or in part) of this document, please, at least email me and ask. Linking is fine, just mention where the original doc was found.

Getting Started
You'll need a working Commlink/action replay setup to follow along. You should already have a good understanding of SH2 asm, memory locations, tile formats, text formats and pointers before continuing. If you feel somewhat confident, read this anyways since you may understand enough to understand what I’m talking about.

Requirements

  • a PC
  • An emulator capable of running the game you’re screwing around with, with memory editing capabilities OR a Commlink/Action Replay/Saturn setup
  • You should already know where the font/text, etc. is loaded in memory

Simple is Fast
It's funny how people (myself included) forget that simple approaches can sometimes reap huge rewards. This is especially true with Saturn hacking.

The basic idea behind my method is based on the following facts:

1) In SH2, values and pointers to values for a function are stored directly after the function.

2) Base pointers to wram, vram, and sound ram are always sh2 addresses.

3) Pointers to anything non-wram will always be cached-though addresses. So they will always look like this: 0x2???????

4) All games like to align data to at least the closest 0x1000th. I don't think this is a system limitation, but more because it’s easier to work with.

Make sure you’ve already spent the time finding the data (in memory) that the routine is reading/write to. For fonts, consider looking for where it’s loaded in wram and vram. It’s always a good idea to write these addresses down for future reference and not just for finding asm routines. Lastly, make –lots- and –lots- of notes! You’d be amazed at how easily one can forget about [insert name of function here] after a brief couple week break from hacking.

The Method
First of all, start the game running in Commlink mode (if using a real Saturn). Then go to a point in the game where you know the routine is being used (e.g. For font/text, go to an area where dialogue, etc. is being displayed).

Now search area 0x06000000-0x06100000 for the address (or addresses) you wrote down. If no matches were found, try the lower wram (0x00200000-0x00300000) as well. If you find a match, first make sure it’s aligned to an address divisible by 4. If it passes that test, check to see if there are any wram pointers before or after (e.g. 0x06000000-0x06100000). If it passes both those test, next try modifying the address. I find the best way of doing it (without getting crashes) is by adding 4. Or if you’re dealing with font pointers, add a value that’s half the size of the tile (E.g. For 4BPP 16x16 tiles, add 0x40 or 64).

Check to see if anything visibly has changed. For text you may have to flip through to the next scene of text before you find anything. If nothing has changed, change the address to its original value, and continue searching. When something finally changes, make note of the bytes before and after the pointer (because you’re going to have to figure out which program file it’s from) and write down the SH2 address you found it at.

Decoding what you found
Now figure out which file that data came from. Doc #7 “Finding Data” should explain this in more detail. Once you’ve found the file, find the exact start of the file in saturn memory and write down the address. Use this address as the origin when you use something like sh2d to disassemble it.

Now go to the memory address you wrote down earlier (where you found your pointer) in your disassembled file. Check to make sure it matches up properly with what you found. If it does, look at the code above and that should be your routine.

Special Notes
Text routines for jap games tend to follow the same format. They’ll usually look something like this: 

 
mov.w @rX, rY    ; rX would hold the address of the current character 
extu.w rY, rY    ; truncate to word-size 
shll2  rY        ; This can change depending on the tile format 
shll2  rY        ; 
add    rY, rZ    ; rZ would be the font address


Yes, this is generalizing quite a bit as there’s more done than this. But, it helps you find what you’re looking for.

Graphic drawing routines can be a little more difficult to find unfortunately. For instance, the Langrisser series (among a few others) generate a type of shadow around the character, convert it to 4BPP and copy it to vdp2 memory. Some games draw font as sprites (vwf games tend to do this) and others just convert the font to 8x8 tiles and generate an appropriate tile map.

Questions
If there's an important topic I may have missed feel free to email and ask.

Special Thanks
-The Saturn fans that keep the system alive
-Artemio Urbina for his hacking help
-SkankinMonkey for being ereet
-Sega for making one of my all-time favourite systems.

Cyber Warrior X
cwx@softhome.net

Source: http://www.cyberwarriorx.com

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
24 Nov 2024
Hi, I noticed a few problems with your website. Is this a good place to send them them? Have an awesome day, Martin
eZine's profile picture
eZine lover (@eZine)
22 Nov 2024
It was brought to my attention that there’s a mistake as this article appears to be empty. Unfortunately, it’s not a mistake. The first i ...
eZine's profile picture
eZine lover (@eZine)
22 Nov 2024
Thanks for the comment. I'm glad to know that my archiving work is useful to someone! You can find more ezines by checking out my profi ...
guest's profile picture
@guest
21 Nov 2024
I can't believe you archived it! Chronicles of Chaos was my favorite online magazine back in the day.
lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
21 Nov 2024
Thank you very much for your comment. I haven’t read the book by Hakan Öniz and didn’t know the Shardana could have traveled so far as to re ...
guest's profile picture
@guest
20 Nov 2024
Shardana or Sheridan are the sea peoples who arrive in Eire or Ireland and also move into Scotland
Adelaide's profile picture
@Adelaide
20 Nov 2024
È buono
guest's profile picture
@guest
20 Nov 2024
TODAY IT-S FREEZING. UNFORTUNATELY I NEED TO GO TO THE OFFICE! WHAT ABOUT YOU?
guest's profile picture
@guest
19 Nov 2024
reading Birmingham I thought that it was the city in UK :D
guest's profile picture
@guest
19 Nov 2024
are they made all year or typical of a special occasion?
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT