Forums

Sega Master System / Mark III / Game Gear
SG-1000 / SC-3000 / SF-7000 / OMV
Home - Forums - Games - Scans - Maps - Cheats - Credits
Music - Videos - Development - Hacks - Translations - Homebrew

View topic - SMS PAR disassembly

Reply to topic
Author Message
  • Site Admin
  • Joined: 19 Oct 1999
  • Posts: 14690
  • Location: London
Reply with quote
SMS PAR disassembly
Post Posted: Sat Aug 18, 2012 7:30 pm
Last edited by Maxim on Sat Feb 27, 2021 10:06 pm; edited 1 time in total
Here's a full disassembly (with a bunch of question marks I didn't fully resolve yet) that compiles to match the (unreleased) PAR ROM dump. It doesn't explain the trickier parts of how the PAR works (e.g. when it patches RAM, how it hooks execution) but it does include all the trainer code. Comments and emulation welcome. I intend to write a document later.

Edit: see https://github.com/maxim-zhao/smsproactionreplay
par-disasm.zip (24.63 KB)

  View user's profile Send private message Visit poster's website
  • Joined: 05 Jun 2010
  • Posts: 757
  • Location: Pennsylvania, USA
Reply with quote
Post Posted: Mon Aug 20, 2012 5:18 am
Awesome! Can't wait to see what develops!
  View user's profile Send private message Visit poster's website
  • Site Admin
  • Joined: 19 Oct 1999
  • Posts: 14690
  • Location: London
Reply with quote
Post Posted: Thu Aug 23, 2012 7:51 pm
Update:
- extracted graphics to PNGs
- made RAM relocatable - set it to $c000 and it runs in any emulator (but doesn't actually work...)
- resolved some of the questions - mostly unused parts (and checking which dead code works and which doesn't)

To do:
- it writes seemingly uninitialised data to $2000 and $6000 to switch from PAR ROM to cart ROM?
- Why does it write to $0068?
- How does it execute the generated code?
- Why does the generated code jump to $0035?

It might be interesting to write some homebrew code to write to some of those places. It'd also be possible to replace the PAR ROM with an upgraded version (more efficient trainer by giving it more RAM, better graphics at least). Also, we need to dump the GG PAR :)
par-disasm.zip (27.94 KB)

  View user's profile Send private message Visit poster's website
  • Joined: 23 Jan 2011
  • Posts: 65
  • Location: The Land of Enchantment
Reply with quote
Post Posted: Sat Aug 25, 2012 1:14 am
Maxim wrote
- How does it execute the generated code?
- Why does the generated code jump to $0035?


IM1 automatically jumps to $38 on vblank. Most games put a jp <rom_vblank_handler> at that location. PAR has ALWAYS worked on all consoles by replacing an int handler with this code

int_entry:
push affected regs
do cheat codes
pop affected regs
jump to relocated int code

Then when it starts the game, it copies whatever is at the interrupt entry to someplace else, generates the cheat code handling which ends with a jump to where the old int entry got relocated to.

In this case, that jp <> at $38 is copied to $35, and generatecode then generates a push af; cheat codes; pop af; jp $35 at some location that's free for the new vblank handling, then puts a jump to that new code at $38.
  View user's profile Send private message
  • Site Admin
  • Joined: 19 Oct 1999
  • Posts: 14690
  • Location: London
Reply with quote
Post Posted: Sat Feb 27, 2021 10:06 pm
Further discussion is at https://www.smspower.org/forums/1166-ActionReplayGameGenie
  View user's profile Send private message Visit poster's website
Reply to topic



Back to the top of this page

Back to SMS Power!