> > > Debugger Window Frame #3: Top-right frame right of Instruction calls area > > > > They represent the "Instruction calls" (aka opcode and operand) as bytes, a Z80 16 > > bit jump opcode is represented by C3 and with an operand of $BEEF we have JP $BEEF > > which we be represented by C3 EF BE (lo/hi byte order on the operand). > > > > > [Cheats Question] > > > I would have posted these on Pugsy's forum but new accounts cannot be created > right > > > now: > > > > It's back on for a few days at least (spambot registrations...) > > > > > > > Question 1: how does "FFDAE840" relate to "00B5D08"? I can set a breakpoint at > > > "FFDAE840" and the debugger stops and the cheat works. However, I don't > understand > > > how instruction "FFDAE840" relates to "00B5D08". Is "00B5D08" a rom address > (since > > > this is a ROM cheat)? > > > > The simple formula for this is: > > FF800000 + ( 00B5D08 * 8 ) = FFDAE840 > > That works for all ROM addresses > > Note that this formula only applies to Midway hardware using the TMS34010 CPU. The > relation between ROM addresses and CPU addresses is different between CPU types and > hardware, and the TMS34010 is particularly weird as it addresses individual bits > rather than bytes--that's where the "times 8" comes from. > > Look at the ADDRESS_MAP macro in the source code for the MAME driver of the game > you're debugging to see where ROM, RAM and input ports are. > > If you're completely new to debugging using MAME, I strongly advise that you start > with a game that uses a Z80 or 68000 as the main CPU (and preferably one without > encryption or bankswitching, so not CPS2 or NeoGeo. CPS1 is OK.) Machine code for > these CPUs is relatively easy to read and there is a ton of documentation since both > CPUs were used in popular home computers.
Thanks AWJ.
I did see somewhere (MAME cheats forum I think) that Midway machines had a tendency to be a pain in the ass. For some reason I always tend to find my way to the hard road . Always good learning experiences, though.
|