Hello,

I'm an absolute beginner with ASM hacking and I have a question: a hacker who made a very good hack of a snes rom did leave some notes. I have to understand these codes now to edit his hack. Unfortunately he disappeared and I don't know how to translate these adresses into hex, so that I can search the data with a hex editor. Can somebody help me please?

The note he left is:

; Write out sprite tile (attr)

$C5:E06E C2 30 REP #$30 A:C040 X:000C Y:0000 D:0600 DB:00 S:1FF4 P:envMXdiZc HC:708 VC:020 00
$C5:E070 B7 17 LDA [$17],y[$CE:2907] A:C040 X:000C Y:0000 D:0600 DB:00 S:1FF4 P:envmxdiZc HC:730 VC:020 00
$C5:E072 10 03 BPL $03 [$E077] A:000A X:000C Y:0000 D:0600 DB:00 S:1FF4 P:envmxdizc HC:786 VC:020 00
$C5:E077 AE 86 05 LDX $0586 [$00:0586] A:000A X:000C Y:0000 D:0600 DB:00 S:1FF4 P:envmxdizc HC:808 VC:020 00
$C5:E07A 9D 02 1C STA $1C02,x[$00:1D02] A:000A X:0100 Y:0000 D:0600 DB:00 S:1FF4 P:envmxdizc HC:848 VC:020 00
$C5:E07D A9 00 00 LDA #$0000 A:000A X:0100 Y:0000 D:0600 DB:00 S:1FF4 P:envmxdizc HC:888 VC:020 00
$C5:E080 E2 20 SEP #$20 A:0000 X:0100 Y:0000 D:0600 DB:00 S:1FF4 P:envmxdiZc HC:912 VC:020 00

Note: DP keeps fluctuating (target is DP=$0800)

[C5:DFD3] W16 = BBC9 [000817]
[C5:DFD8] W16 = CEBB [000818]

$C5:DFCF B7 6E LDA [$6E],y[$CE:BC12] A:0018 X:0018 Y:0019 D:0800 DB:00 S:1FF1 P:envmxdizc HC:1052 VC:069 00
$C5:DFD1 85 17 STA $17 [$00:0817] A:BBC9 X:0018 Y:0019 D:0800 DB:00 S:1FF1 P:eNvmxdizc HC:1108 VC:069 00
$C5:DFD3 C8 INY A:BBC9 X:0018 Y:0019 D:0800 DB:00 S:1FF1 P:eNvmxdizc HC:1140 VC:069 00
$C5:DFD4 B7 6E LDA [$6E],y[$CE:BC13] A:BBC9 X:0018 Y:001A D:0800 DB:00 S:1FF1 P:envmxdizc HC:1154 VC:069 00
$C5:DFD6 85 18 STA $18 [$00:0818] A:CEBB X:0018 Y:001A D:0800 DB:00 S:1FF1 P:eNvmxdizc HC:1210 VC:069 00
$C5:DFD8 C8 INY A:CEBB X:0018 Y:001A D:0800 DB:00 S:1FF1 P:eNvmxdizc HC:1242 VC:069 00
$C5:DFD9 C8 INY A:CEBB X:0018 Y:001B D:0800 DB:00 S:1FF1 P:envmxdizc HC:1256 VC:069 00
$C5:DFDA E2 20 SEP #$20 A:CEBB X:0018 Y:001C D:0800 DB:00 S:1FF1 P:envmxdizc HC:1270 VC:069 00
$C5:DFDC A5 19 LDA $19 [$00:0819] A:CEBB X:0018 Y:001C D:0800 DB:00 S:1FF1 P:envMxdizc HC:1292 VC:069 00
$C5:DFDE 1A INC A A:CECE X:0018 Y:001C D:0800 DB:00 S:1FF1 P:eNvMxdizc HC:1316 VC:069 00
$C5:DFDF D0 0C BNE $0C [$DFED] A:CECF X:0018 Y:001C D:0800 DB:00 S:1FF1 P:eNvMxdizc HC:1330 VC:069 00

Replace CE:BBC1-BBE0
with CE:BBE1-BC00

Is there a program available which translates the rom into these adresses (and back to hex)? I tried several assembler and snes tools.
<P ID="signature"></P>

First, you want to get http://fusoya.panicus.org/la/index.htmlLunar Address.</a> Then get http://www.freewebs.com/darkflight_devil/acmlm/65816ref.hlpthis help file.</a>

That first thing will let you convert the SNES addresses like, "C2:0923," into PC addresses like you'd use in a hex editor. The help file has a list of opcodes and addressing modes that the 658c16 uses, very helpful.

I personally find doing ASM, plain, in hex, it's easier and simpler; though you'll probably want an assembler tool to start off with, at least. Try http://www.programmersheaven.com/download/1135/Zipfilelist.aspxTRASM</a>. If you like that one, you may want to try out http://jathys.zophar.net/files/trasm_frontend.exeJathys's frontend for it.</a>

You may also want a dis-assembler (These intrepret hex into ASM, put in the address where you want it to start, and where you want it to finish.); for simplicity, go for the one included in http://geigercount.net/crypt/snes9x1.43.ep9r8.7zGeiger's SNES9x debugger</a>, for functionality, use Math on Napkins's dissassembler; good luck finding that one... ^_^

As for actually using the knowledge or tools here, you should ask more specific things...
<P ID="signature">http://users.adelphia.net/~InsomniaDMX/My crappy little site.</a></P><P ID="edit"><FONT class="small">Edited by Insomnia DMX on 02/12/07 04:14 PM.</FONT></P>

Thanks for your reply :)

Ok, I got hex values with Lunar adress, all other programs I couldn't run with windows (I have to try with Dosbox tomorrow).

But could you explain me the result from Lunar Adress please?
For example if I insert
$C5:DFDA I get the PC result $22:DFDA
or if I insert
CE:BBC1 I'll get $27:3BC1

I could find the hex codes in the rom but I'm not sure, because there were several matches and I don't know which one are the correct ones. Can you read the note a bit? It replaces a buggy monster in a game (but unfortunately with the wrong one as I know now).

PS: nice site, not crappy (reminds on the first computer games ;)

<P ID="signature"></P>

> Ok, I got hex values with Lunar adress, all other programs
> I couldn't run with windows (I have to try with Dosbox
> tomorrow).

You shouldn't need dosbox for anything, the purpose for Jathys's frontend for TRASM is to avoid all the complications of command line stuff (, and let you pick and choose different files to compile at once or whatever).

Also, you MUST get your terms right so people will understand you. Hex, or hexadecimal is just a number system, specifically a base 16 number system. ASM, or assembly is machine code, this is the, "LDA $09A2" (This is what you'd see in a dissassembler) or, "ADA209 (this is what you'd see in a hex editor)."

The first byte there is your opcode, the "AD," that means LDA (let's disregard addressing modes for a moment) the next two are your address, "09A2." Notice that I flipped the last two bytes in the hex editor version, that's because SNES uses http://www.cs.umass.edu/~verts/cs32/endian.htmlbig (I may have mixed them up) endian byte order.</a>

> But could you explain me the result from Lunar Adress
> please?
> For example if I insert
> $C5:DFDA I get the PC result $22:DFDA
> or if I insert
> CE:BBC1 I'll get $27:3BC1

All it does is change your SNES address to a PC one, ignore the "$'s" and ":'s" in what the program outputs. Put the PC address in a hex editor's "goto" box and you'll find your cursor right where you want it.

A number with a "$" before it is an address; a number with a "#$" is a value, you must distinguish between the two when you talk about them.

Let's pick apart this SNES Address:

$C5:DFDA
The "$" means it's an address.
The first byte, "C5" is the bank for this address.
The ":" seperates the bank number from the address.
The next two bytes (the 16-bit word) "DFDA" is your address or pointer.

You should tell us exactly what you're working on, I'm curious.

> PS: nice site, not crappy (reminds on the first computer games ;)

Thanks. That's 'kinda' what I was going for with the layout. I should get around to updating my signature, to accomidate my ego... ^_^ You should read the http://users.adelphia.net/~insomniadmx/docs/romhacktutorial.rtfASM tutorial thing</a> I have on my site. "DON'T" use it as your only resource though, I probably screwed something up, most probably on terminology; I might've even screwed up on the content, I'm not 100% sure about everything. The purpose of the thing was to write a such tutorial in layman's english, from my experience, and more importantly, kill time in my "Macwomedia Dweamweaver" class...
<P ID="signature">http://users.adelphia.net/~InsomniaDMX/My crappy little site.</a></P>

Many thanks for your help! I have to try and figure it out unhurried ^_^´ ...Rom hacking is a completely new world :) But I absolutely want to learn a piece and your tutorial is great and simply written ;)

The reason I ask is because I'm co-webmaster of the <a href=http://www.bszelda.zeldalegends.net>BS-Zelda Homepage</a>.
There are 2 BS Zelda games, BS Zelda Map 1 and Ancient Stone Tablets. Until now we heard only rumors that there was also a Map 2... and amazingly, three weeks ago a dump of Map 2 was found in Japan. Map 2 is compareable to the 2nd Quest of the normal LoZ, NES. With this game as reference we now know what the buggy Ghoma in Dungeon 8 must have been.

In the past 2 "hacker legends" helped us to make the game playable, the first one was Roto who hacked the game in an awesome manner, he added a triforce related week change, sound, title screen and many other things. The 2nd one was Dreamer_Nom who added a menu to choose characters and made some more hacks, like replacing that buggy Ghoma with Aquamentus (we didn't know it better that time).

Unfortunately it seems to be our destiny that great hackers appear, making a hell of a job for us and were never seen again :(
Along with his ips Dreamer_Nom left those notes I posted including what he did (<a href=http://www.bszelda.zeldalegends.net/patches/complete_fix.zip>full notes</a>).
Map 2 is quite similar to Map1 (you can even load zsnes savestates from Map 1 into it), and also most patches work for it (but unfortunately not <a href=http://www.bszelda.zeldalegends.net/patches/bszldcom.zip>Roto's</a>).
I'm not a hacker but I was therefore thinking that I may simply copy the hex from Map 2 and paste it into the Map 1 if I only find the correct alignment... that's in any case my plan and why I need to understand these notes...

<P ID="signature"></P>