Disassemble 65c816 ASM - Old Tutorials - SMW Central
18 users online:  AmperSam,  Anorakun, Bonobi, CalHal, DanMario24YT, Dark Prince, DasFueller, Enan63, Gamet2004, h.carrell, Heitor Porfirio, orka-bln,  patcdr, pinguwahoo, playagmes169, Rykon-V73, The_Uber_Camper, triana - Guests: 114 - Bots: 295
Users: 65,387 (2,203 active)
Latest user: britishgaloppa

Disassemble 65c816 ASM

Forum IndexSMW HackingSMW Hacking HelpTutorialsOld Tutorials → Disassemble 65c816 ASM

Link
Hey so here's a tut on disassembling IPS and BIN files to ASM code.

First in the documents download HEX2ASM.
Also download Translhextion.

.BIN file disassembling:

First open the .bin file you want to disassemble in Translhextion.

Before we start here's some things you need to know. Things you're loading to or jumping to or whatever will appear in reverse order in translhextion.

If I had LDA $1234

Since LDA $xxxx is "AD" according to hex2asm, then...

LDA #$1234 (What you see in you .asm file)

Is the exact same as the hex numbers

db $AD,$34,$12

That's a small example on how you would go about translating things.

For example let's say our translated .bin file looks like this...

Code_000000: LDA $1F30
Code_000004: STA $50
Code_000006: LDX #$50
Code_000008: LDY #$60
Code_000010: STZ $1234,x
Code_000013: RTL
Code_000014: LDY $01
Code_000016: TYA

The .bin file would look like this...

AD 30 1F
85 50
A2 50
A0 60
9E 34 12
6B
A4 01
98

So how do we translate it? You only need to look at this numbers in the .bin file and translate them through hex2asm. But it's more likely to be set up like this or something similar.

AD 30 1F 85 50
A2 50 A0 60 9E
34 12 6B A4 01
98

I would start with the first byte (obviously) and see what that hex number really is. In this case, it's an LDA $xxxx. So now in notepad I'd type down

LDA $

And since I know it's going to be a 4 digit number that's being loaded I see 30 and 1F as $1F30 backwards so I type down.

LDA $1F30

And you basically repeat this till all of the ASM is disassembled.

Edit: To explain this further and why numbers are "stored backwards" like this:

These numbers are in little endian format. Meaning the least significant byte is stored/written first.

If you don't know what "most significant" means, it means left-most. It can be used to describe bits and other things too. It's often abbreviated as the MSB. The least significant byte would be on the left.

So with $1F30, the MSB is 0x1F and the LSB is 0x30.

And in little endian, the LSB is first so it would be translated as

30 1F

If you have more than two bytes, such as JSL $123456, it will appear in the .bin like this:

22 56 34 12

22 would be the hex translation of a JSL.


Now to disassemble an IPS patch it's very similar.

Open it up in Translhextion.

First of all, an IPS is formatted differently from BIN files. Here's how it goes...

First 5 bytes: The word "PATCH" written in hex values.

Next 3 bytes: A 3 byte PC address, which you will need to convert to an SNES Lorom offset.

Next 2 bytes: The size of change. (For example, 0025 bytes or 745F bytes.)

Next bytes: Let's say the last two bytes indicated 0005 changed bytes. Then the next 5 bytes are all ASM code that you would disassemble just like a BIN file.

Next bytes: So after those 5 bytes there was still more bytes? That means the cycle restarts. You're at another 3 byte PC address that you need to convert to an SNES Lorom offset, another 2 bytes of the size of change, and xxxx bytes for the ASM code.

EOF: When you see the 3 bytes "45 4F 46" And notice an EOF, that means End of File (and isn't written in the ASM code you're translating.) and you're done.

Also note, when you find the SNES Lorom offset from the PC address, in notepad you just type in...

ORG $ (SNES address here)

Here's a little diagram someone made for me.

Hex code seen in Translhextion:
50 41 54 43 48 : 00 02 50 : 00 01 :
01 : 00 02 52 : 00 01 : AD :
45 4F 46

Translation:
P A T C H : [PC 000250] : [0001 BYTES OF CODE CHANGED] :
[THE CODE] : [PC 000252] : [0001 BYTES OF CODE] : [THE CODE] :
E O F

Or...

50 41 54 43 48 : P A T C H
00 02 50 : [PC 000250] ; Translate this to an SNES address and put an org $ infront of it.
00 01 : [0001 BYTES OF CODE CHANGED]
01 : [THE CODE]
00 02 52 : [PC 000252] ; Translate this to an SNES address and put an org $ infront of it.
00 01 : [0001 BYTES OF CODE CHANGED]
AD : [THE CODE]
45 4F 46 : E O F

So that's an example of a disassembled .ips patch that makes simple hex edits.


How to use DisPel

DisPel is a 65c816 Assembly Disassembler

All you have to do is put this in a .bat file and double click it.

dispel -o OUTPUTFILENAME.asm ROMNAME.smc
@pause

To specify what area in SNES lorom offset hex,

-r 108000-109000

108000 is the start and 109000 is the end in this case.
I own a community of TF2 servers!

ASMT - A new revolutionary ASM system, aka 65c816 ASseMbly Thing
SMWCP - SMW Central Presents a Product- tion long name

frog

http://esolangs.org/wiki/MarioLANG
1. Dude, just wait until the tutorial is complete, save it in a txt or something.
2. It's spelled "disassemble".
World Community Grid: Thread | Team
 
Originally posted by Fakescaper
First in the documents download HEX2ASM.
Also download Translhextion.

Oh god. You aren't going to do this manually when there are perfectly good disassembling programs to be used, are you?
My YouTube channel
Get the official ASMT resource pack here!

One problem with using disassembling programs to do it is that they probably won't interpret tables correctly (at least that's what I've heard).
Then again, just about the only thing an SMW hacker would ever need to disassemble are the old Blocktool .bin blocks, the majority of which doesn't seem like they should contain any tables.
My YouTube channel
Get the official ASMT resource pack here!

I've tried that disassemble thing and it didn't work to well at all. I figured out how to get it to export to a .txt but it was still didn't make sense to me at all because it was a long list of BRK #$00. Most likely what Iceguy described.

Also it's up now. I'll have to add some stuff like how labels work and such sometime.
I own a community of TF2 servers!

ASMT - A new revolutionary ASM system, aka 65c816 ASseMbly Thing
SMWCP - SMW Central Presents a Product- tion long name

frog

http://esolangs.org/wiki/MarioLANG
Originally posted by Iceguy
One problem with using disassembling programs to do it is that they probably won't interpret tables correctly (at least that's what I've heard).

Yeah, to the best of my knowledge, a disassembler has no way of even recognizing a table when it see's one. If you just think about how the program works it really makes sense. It reads the HEX code, then checks that against a reference table which will give it
A) The opcode
B) The number of bytes
How would the program realize from this that something like "AD 34 12" wasn't LDA $1234, but was rather just a table of those particular values? Actually, the computer can't even recognize that as a table. If you were to run through that it would still load $1234 into the accumulator. It's only a "table" because the computer doesn't run through it, it is only read from. The only way I can think of even coming close to having the disassembler program finding tables would be to keep a reference of anywhere that a value is loaded from ROM, then that could be a table. Of course, that would not give you the end of the table so all you could really do with that is print "probable table" at that area in the disassembly. All in all it is still a good thing to be able to disassemble things by hand.

Originally posted by Fakescaper
it was a long list of BRK #$00.
That's free space. The HEX equivalent of BRK is 00, and BRK is a two byte command, therefore a disassembler will read "00 00 00 00 00 00" as "BRK #$00 BRK #$00 BRK #$00" because, honestly, computers are stupid. They can't tell that that is just a bunch of zero's (AKA free space) like you or I can, all it can do is repeat things.
Originally posted by HuFlungDu
Yeah, to the best of my knowledge, a disassembler has no way of even recognizing a table when it see's one.

Well, this tutorial doesn't give any way to recognize tables either. It doesn't even mention them.
My YouTube channel
Get the official ASMT resource pack here!

Hey I'm not the best at making tutorials I'm still going to add that.
I own a community of TF2 servers!

ASMT - A new revolutionary ASM system, aka 65c816 ASseMbly Thing
SMWCP - SMW Central Presents a Product- tion long name

frog

http://esolangs.org/wiki/MarioLANG
Also, may I suggest you also explain about disassembling branching/jumping commands, which use labels? They may seem confusing to one who's just starting to disassemble.
Yea that too, but I'm still trying to figure out JMP, BRL, and there was some other thing...

Say.. how many bytes do said opcodes take? I kow JMP $1234 will be one less byte than JMP $123456 but I'm not sure about BRL's at all. (I know BRA Label really gets translated to something like BRA $FF and such.)
I own a community of TF2 servers!

ASMT - A new revolutionary ASM system, aka 65c816 ASseMbly Thing
SMWCP - SMW Central Presents a Product- tion long name

frog

http://esolangs.org/wiki/MarioLANG
BRL is a 3 byte command, while the rest of the branches are 2 byte commands. BRL turns into something like "BRL $FFFF"
So even if you did something weird like this...

LDA #$06
BRL That
STZ $06
That:
INC $32

It'd be written as something like BRL $0002
??
I own a community of TF2 servers!

ASMT - A new revolutionary ASM system, aka 65c816 ASseMbly Thing
SMWCP - SMW Central Presents a Product- tion long name

frog

http://esolangs.org/wiki/MarioLANG
yeah, but I'm not sure it would work correctly...
Update with how to use DisPel
I own a community of TF2 servers!

ASMT - A new revolutionary ASM system, aka 65c816 ASseMbly Thing
SMWCP - SMW Central Presents a Product- tion long name

frog

http://esolangs.org/wiki/MarioLANG

Forum IndexSMW HackingSMW Hacking HelpTutorialsOld Tutorials → Disassemble 65c816 ASM

Link