|
68000 cpu debug
#283080 - 04/18/12 10:31 AM
|
|
|
This is my first post on this forum and I want to say Hi to everyone :-)
Before this new thread, I searched on the net a series of articles such as 68000 architecture, 68000 instruction set list, etc. but I didn't find yet a solution to my issue
My scope is to disassemble a game that runs in a 68K cpu (for example I chosen sf2ce). I read the cps1.c source code and I saw that the cpu code is present in the .23, .22, .21 binary files. Well, I tried to reverse the code with Ida-pro debugger. As you certainly know ida-pro is a good debugger but it doesn't have magical powers :-), so it is not able to find automatically the entry-point. This is my first big issue: "how can i find the entry point and than start to analyze the disassembly?"
On the net I found a forum and a site that speak about ida-reverse-68000 games, such as here hxxp://dodonpachi.daifukkat.su/ddpa/ or here hxxp://sonicresearch.org/forums/index.php?showtopic=2095 but (specially in the forum) nobody have answered well to the question (only LOL expression and joke sentences ).
Thanks a lot in advance for the help Have a nice day Alberto.
|
|
|
AWJ |
|
|
|
Reged: 03/08/05
|
Posts: 936
|
Loc: Ottawa, Ontario
|
|
Send PM
|
|
|
Re: 68000 cpu debug
[Re: Alberto82]
#283086 - 04/18/12 12:34 PM
|
|
|
Program ROMs for 68000-based arcade boards are usually interleaved, i.e. all the low/odd bytes are in one ROM (or series of ROMs) and all the high/even bytes are in a different ROM or ROMs. And if they aren't interleaved they're almost always byteswapped. In both cases, the easiest way to transform the ROMs into the form the CPU sees them is to use MAME itself. Pull up the MAME debugger and "dump" the address space region that the ROMs cover. This will give you a single binary file containing the entire 68000 program and data in native byte order, that you should be able to disassemble with IDA.
|
|
|
R. Belmont |
Cuckoo for IGAvania
|
|
|
Reged: 09/21/03
|
Posts: 9716
|
Loc: ECV-197 The Orville
|
|
Send PM
|
|
|
Re: 68000 cpu debug
[Re: AWJ]
#283213 - 04/19/12 04:15 PM
|
|
|
> Pull up the MAME debugger and "dump" the address > space region that the ROMs cover. This will give you a single binary file containing > the entire 68000 program and data in native byte order, that you should be able to > disassemble with IDA.
And once you've done that, 680x0 ROMs typically start at address 0 and the initial entry point address is stored big-endian at address 4. In IDA, load the ROM at 0, go to address 4, and press 'd' (create data) twice to show the address.
|
|
|
AWJ |
|
|
|
Reged: 03/08/05
|
Posts: 936
|
Loc: Ottawa, Ontario
|
|
Send PM
|
|
|
Re: 68000 cpu debug
[Re: R. Belmont]
#283223 - 04/19/12 06:09 PM
|
|
|
He'll also probably need to identify the interrupt vectors that are actually used (on CPS1 it's just VBlank) and trace from each of them.
|
|
|