This page is a mirror of Tepples' nesdev forum mirror (URL TBD).
Last updated on Oct-18-2019 Download

Disassembling NES ROM, What Disassembler to Use?

Disassembling NES ROM, What Disassembler to Use?
by on (#170840)
Greetings all, I've recently finished translating/hacking the Japanese prototype of Monster Party and I'm looking to the make the prototype more like the US release and I want to be as thorough as possible. To that end, I believe what I want to do is disassemble the ROM, but I have no experience with this type of thing and I'm looking for advice.

Is there a gold standard for NES disassemblers? I imagine there's more than one out there, but all are probably not equal.

Anyway, that's my main concern, but feel free to impart any more wisdom that might help me.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170841)
The cc65 package includes da65, which lets you make a config file for the bank switching (a similar concept to ld65's linker config) and plug in labels for addresses whose meaning you have already discovered, so that you can discover more. When using da65, you iterate over these steps:
  1. Run da65.
  2. Figure out what some of the code does.
  3. Define labels for the parts of the game's ROM map and RAM map that you have puzzled out, and add them to the config file.
  4. Repeat with the new labels until you document the whole thing.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170843)
Bisqwit's clever-disasm is hard to beat. It's a tracing disassembler that will automatically follow cross-bank calls, among other things.

It will get thrown by deliberately obfuscated code, but it correctly automatically analyzes jump tables, and its description language is easy to use.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170844)
There is no standard, gold, silver, or lead.

Sadly there is no disassemblers section on the wiki, so it's very difficult to give you a list of all the 6502 disassemblers available (I'll start working on that as we speak). There are several, but none are "magical" in the sense of "magically figure everything out for me!"

The 6502 disassemblers I've used in recent days are da65 (part of the cc65 suite -- this is an advanced suite and you will probably find yourself spending a lot of time just learning how to use this suite, esp. if you plan on reassembling the disassembled results), dasm (by Matt Dillon), and disasm6 (by Frantik here on the forum; this is an executable version of a PHP script). You'll need to get familiar with the .NES file format (16-byte header) since the former two disassemblers do not understand the file format/will try to disassemble the header.

You're going to almost certainly need to get familiar with emulators that have debuggers (ex. FCEUX, Nintendulator, etc.) as well, in case there's something you need to sift through in real-time (likelihood of this is high). You'll probably spend more time in this than in an actual disassembly.

Do you have familiarity with 6502 at all (re: "...what I want to do is disassemble the ROM, but I have no experience with this type of thing...")? If not, start there.

Do you have familiarity with NES registers and the PPU (particularly nametables, pattern table, attribute table, and palette)? If not, start there too.

Many romhackers end up finding someone (usually on romhacking.net's forum) that is already familiar with these and opts to help out with the project.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170846)
I've used Frantiks tool, and while I like it, it annoys me a bit that it assumes every 'unofficial opcode' is code, and not data (which is the case about 100% of the time). And it's not great for ROMs bigger than NROM sized.

Can anyone provide sample output from any of these tools, because it would be time consuming to test them all.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170847)
It would be just as time consuming to provide sample output that covers every single disassembly "test scenario". :-)

I've added a Disassemblers section so people can have at it.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170848)
How about sample output from da65, then?
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170849)
I'm quite experienced with NES hacking, 6502 etc. I have a fairly deep knowledge base of the NES hardware as it pertains to translating a game and I pride myself on being able to reverse engineer parts of the game I'm translating and making it bow to my will. I do consider myself more of an ASM hacker than programmer though. I have no traditional/formal background in programming and am mostly self-taught as it pertains to programming. Which means I know a few ASM languages and can use a debugger fairly well.

I do use an assembler for all my new routines, but that's not the same as using a disassembler. So here I am.

Anyhow, RHDN is where I come from and I've tried asking for someone to assist with this project, but no bites. I doubt anyone will join me in my quest because if you have a specific vision/project in mind, you're the only person who can do it. Asking for guidance and general help is never out of the question though. I generally post here for more specific NES stuff.

When I get the time, I'll play around with a few of these programs and see what's up.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170858)
dougeff wrote:
How about sample output from da65, then?

I made an example of da65 a while back when I was using it to disassemble Startropics' music code, if that helps: http://forums.nesdev.com/viewtopic.php?t=12040&p=136677


One really helpful step is to record a "code data log" with FCEUX. You turn on logging, play as much of the game as you can, and it stores information about what parts of the ROM are code vs data. This is very useful information that you can feed to your disassembler to improve its output.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170862)
lidnariq wrote:
Bisqwit's clever-disasm is hard to beat. It's a tracing disassembler that will automatically follow cross-bank calls, among other things.

Thanks for the mention. I released now a new version 1.1.8.1 which adds more example INI files for clever-disasm, and a format documentation file; things most of which have already been in the (public) Git repository for a long time.

Example disassembly:
Simon's Quest http://bisqwit.iki.fi/src/clever-disasm-example/cv2u.lst with a detailed ini file: http://bisqwit.iki.fi/src/clever-disasm-example/cv2u.ini
Battle of Olympus http://bisqwit.iki.fi/src/clever-disasm-example/olympus.lst with default settings (no ini file)
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170866)
Thanks.
Re: Disassembling NES ROM, What Disassembler to Use?
by on (#170913)
The gold standard disassembler is IDA. The interactive workflow and scripting engine makes disassembly a pleasure, at least in comparison to anything else I have used.

Admittedly the ~500€ price-tag is a bit steep for hobby projects though. Still, considering what some people waste on motor vehicles..