HELP! Newbie in ROM Hacking
Moderator: BigEvilCorporation
-
TmEE co.(TM)
- Very interested
- Posts: 2452
- Joined: Tue Dec 05, 2006 1:37 pm
- Location: Estonia, Rapla City
- Contact:
DMA is used to move data quickly to VRAM, and the data it moves must be uncompressed.... so, you set up a DMA spy that looks where is data being sent to VRAM, and those locations contain uncompressed tile data :3
Mida sa loed ? Nagunii aru ei saa 
http://www.tmeeco.eu
Files of all broken links and images of mine are found here : http://www.tmeeco.eu/FileDen
http://www.tmeeco.eu
Files of all broken links and images of mine are found here : http://www.tmeeco.eu/FileDen
-
greatveemon
- Interested
- Posts: 10
- Joined: Tue Jan 18, 2011 1:45 pm
In my opinion, there are 2 things you should focus on before even trying to hack a ROM:
1) learn how the megadrive VDP works, how tiles and sprites are stored in memory (not ROM), how data are generally copied from ROM to video RAM, etc. This will help you understand what is happening with the game you are trying to hack. You can find some tutorials here and here. Reading the reference technical doc (genvdp.txt) is also very useful.
2) learn 68k assembly and how it applies to Mega Drive. This step is a little bit tricky if you don't have any programming knowledge. The 68000 programmer manualwill teach you what each instructions (which you are seeing from the disassembler output) is doing though. But you need to know what is related to memory addresses you are looking at and for this reason, understanding the Mega Drive hardware (first step) is necessary. There is some note herethat you might find interesting about general MD programming.
In any cases, there is no easy or fast way to do what you want to do, and the time you will need to learn depends on your current skill and knowledge. Don't expect any of the existing tools to do the job for you, they are all game engine-specific so unless you want to hack a Sonic game, you are pretty much alone on this.
Once you are confident with all those technical stuff, you can launch an emulator with a debugger and start looking for tiles, where they are stored in VRAM and how they are copied/generated by the main program (instructions location in ROM): Regen is ok but the debugger is sometime buggy to me while GensKmod doesn't have the breakpoint stuff but is more reliable and has other useful features like spying transfer from ROM to Video RAM (aka DMA Spy).
In parallel, use a dissassembler to output the original code assembly from the binary ROM image and find how the program is working with data you want to modify. To know which instruction to look at, you could either search all access to a specific memory location or directly go to the instruction address given by the emulator debugger, if any. Once find, you need to analyse the code to figure how data is copied/modified/decompressed/etc and how you could hack into this by modifying code or data in the ROM. IDA is very good for that and there is a plugin on this website that make it more specific to MD programs, but it's not free. There are a lot of free 68k disassembler taht can do the job as well but they don't have the nice IDA interface which make them a little bit trickier to analyse & reverse the code flow.
Always keep in mind that this part requires very good understanding of 68k instructions and address modes but also of Mega Drive programming (VDP ctrl & data ports access especially but also data formats in VRAM) so the first step is always read & learn....
edit: fixed link
1) learn how the megadrive VDP works, how tiles and sprites are stored in memory (not ROM), how data are generally copied from ROM to video RAM, etc. This will help you understand what is happening with the game you are trying to hack. You can find some tutorials here and here. Reading the reference technical doc (genvdp.txt) is also very useful.
2) learn 68k assembly and how it applies to Mega Drive. This step is a little bit tricky if you don't have any programming knowledge. The 68000 programmer manualwill teach you what each instructions (which you are seeing from the disassembler output) is doing though. But you need to know what is related to memory addresses you are looking at and for this reason, understanding the Mega Drive hardware (first step) is necessary. There is some note herethat you might find interesting about general MD programming.
In any cases, there is no easy or fast way to do what you want to do, and the time you will need to learn depends on your current skill and knowledge. Don't expect any of the existing tools to do the job for you, they are all game engine-specific so unless you want to hack a Sonic game, you are pretty much alone on this.
Once you are confident with all those technical stuff, you can launch an emulator with a debugger and start looking for tiles, where they are stored in VRAM and how they are copied/generated by the main program (instructions location in ROM): Regen is ok but the debugger is sometime buggy to me while GensKmod doesn't have the breakpoint stuff but is more reliable and has other useful features like spying transfer from ROM to Video RAM (aka DMA Spy).
In parallel, use a dissassembler to output the original code assembly from the binary ROM image and find how the program is working with data you want to modify. To know which instruction to look at, you could either search all access to a specific memory location or directly go to the instruction address given by the emulator debugger, if any. Once find, you need to analyse the code to figure how data is copied/modified/decompressed/etc and how you could hack into this by modifying code or data in the ROM. IDA is very good for that and there is a plugin on this website that make it more specific to MD programs, but it's not free. There are a lot of free 68k disassembler taht can do the job as well but they don't have the nice IDA interface which make them a little bit trickier to analyse & reverse the code flow.
Always keep in mind that this part requires very good understanding of 68k instructions and address modes but also of Mega Drive programming (VDP ctrl & data ports access especially but also data formats in VRAM) so the first step is always read & learn....
edit: fixed link
Last edited by Eke on Fri Jan 21, 2011 1:39 pm, edited 1 time in total.
-
greatveemon
- Interested
- Posts: 10
- Joined: Tue Jan 18, 2011 1:45 pm
. the 68000 programmer manual doesn't work.