This page is a mirror of Tepples' nesdev forum mirror (URL TBD).
Last updated on Oct-18-2019 Download

Newbie article about 6502 debugging and rom hacking

Newbie article about 6502 debugging and rom hacking
by on (#146505)
Hi,

Recently I've been playing some WhompEm and wondeered what would happened if I could beat the bosses with the very weapons I get from them. I figured it couldn't be too hard to hack it in, just find a memory location where the weapons are stored.

I had no prior experience to NES development. I did play a bit with UZebox in the past, and have a basic knowledge of ASM and the NES architecture, but nothing vast. So I first tried with Nintendulator and couldn't find a tool for memory inspection, but found one in FCEUX. After a bit of fiddling I found a way.

I have to say that debugging retail NES games is a _lot_ of fun, and 6502 instruction set is really simple. I'm thinking about my next game to challenge. I've already played with Felix The Cat and almost made it so I can have all the weapons ingame regardless of the level type.

Anyway, I've written an article about basics of NES memory inspection and 6502 disassebly on my blog: http://retro-hack.blogspot.com/2015/04/ ... games.html

It's nothing special, and might have some technical errors (please point them out if you read it) but I figured it might make a nice read or even help another newbie a bit. I didn't go into too many details as I was pretty tired by the end. But I think it's not a waste of time, even though I haven't discovered anything new.
Re: Newbie article about 6502 debugging and rom hacking
by on (#146516)
I think it was quite a nice article for beginners. I didn't spot any major errors in it. The one thing I noticed is that you said that addressing zeropage is twice as fast as addressing other pages. That's not necessarily true, or at least ambiguous. It depends on what we measure. E.g. "LDA zp" is 3 cycles, "LDA abs" is 4 cycles. But then again, if you measure how many cycles it takes for the CPU to fetch the memory address, that would be 1 for zero page and 2 for absolute addressing. So, YMMV.

I think most people would agree that FCEUX is better for ROM hacking than Nintendulator. Nintendulator has more precise emulation, but not so many useful tools. There's no RAM Search functionality; it's not even possible to edit memory in the hex editor!

Rather than look for a $FF value in memory (which can be error prone), it would be better to replace the entire AND instruction with its immediate version, i.e. "AND #$FF".
Re: Newbie article about 6502 debugging and rom hacking
by on (#146521)
I'm always happy when people learn to use a debugger. :)
Re: Newbie article about 6502 debugging and rom hacking
by on (#146590)
thefox wrote:
Rather than look for a $FF value in memory (which can be error prone), it would be better to replace the entire AND instruction with its immediate version, i.e. "AND #$FF".


Yeah that makes sense. And you are right about the zero page - it's not that instruction that uses a zero-page parameter takes half the time to execute but the addressing itself it twice the fast. Immediate versions of instructions are always faster than memory ones.

Thanks for the feedback!

rainwarrior wrote:
I'm always happy when people learn to use a debugger. :)


Debugger is one of the best tools known to a man ;)