Sega Master System / Mark III / Game Gear|
SG-1000 / SC-3000 / SF-7000 / OMV
Home - Forums - Games - Scans - Maps - Cheats - Credits
Music - Videos - Development - Hacks - Translations - Homebrew
SMS PAR disassemblyPosted: Sat Aug 18, 2012 7:30 pm
Last edited by Maxim on Sat Feb 27, 2021 10:06 pm; edited 1 time in total
Here's a full disassembly (with a bunch of question marks I didn't fully resolve yet) that compiles to match the (unreleased) PAR ROM dump. It doesn't explain the trickier parts of how the PAR works (e.g. when it patches RAM, how it hooks execution) but it does include all the trainer code. Comments and emulation welcome. I intend to write a document later.
Edit: see https://github.com/maxim-zhao/smsproactionreplay
||Posted: Mon Aug 20, 2012 5:18 am|
|Awesome! Can't wait to see what develops!|
||Posted: Thu Aug 23, 2012 7:51 pm|
- extracted graphics to PNGs
- made RAM relocatable - set it to $c000 and it runs in any emulator (but doesn't actually work...)
- resolved some of the questions - mostly unused parts (and checking which dead code works and which doesn't)
- it writes seemingly uninitialised data to $2000 and $6000 to switch from PAR ROM to cart ROM?
- Why does it write to $0068?
- How does it execute the generated code?
- Why does the generated code jump to $0035?
It might be interesting to write some homebrew code to write to some of those places. It'd also be possible to replace the PAR ROM with an upgraded version (more efficient trainer by giving it more RAM, better graphics at least). Also, we need to dump the GG PAR :)
||Posted: Sat Aug 25, 2012 1:14 am|
IM1 automatically jumps to $38 on vblank. Most games put a jp <rom_vblank_handler> at that location. PAR has ALWAYS worked on all consoles by replacing an int handler with this code
push affected regs
do cheat codes
pop affected regs
jump to relocated int code
Then when it starts the game, it copies whatever is at the interrupt entry to someplace else, generates the cheat code handling which ends with a jump to where the old int entry got relocated to.
In this case, that jp <> at $38 is copied to $35, and generatecode then generates a push af; cheat codes; pop af; jp $35 at some location that's free for the new vblank handling, then puts a jump to that new code at $38.
||Posted: Sat Feb 27, 2021 10:06 pm|
|Further discussion is at https://www.smspower.org/forums/1166-ActionReplayGameGenie|