AWJ |
|
|
|
Reged: 03/08/05
|
Posts: 936
|
Loc: Ottawa, Ontario
|
|
Send PM
|
|
Re: MAME0148 Debugger & Cheats Question
07/11/13 10:30 PM
|
|
|
> > Debugger Window Frame #3: Top-right frame right of Instruction calls area > > They represent the "Instruction calls" (aka opcode and operand) as bytes, a Z80 16 > bit jump opcode is represented by C3 and with an operand of $BEEF we have JP $BEEF > which we be represented by C3 EF BE (lo/hi byte order on the operand). > > > [Cheats Question] > > I would have posted these on Pugsy's forum but new accounts cannot be created right > > now: > > It's back on for a few days at least (spambot registrations...) > > > > Question 1: how does "FFDAE840" relate to "00B5D08"? I can set a breakpoint at > > "FFDAE840" and the debugger stops and the cheat works. However, I don't understand > > how instruction "FFDAE840" relates to "00B5D08". Is "00B5D08" a rom address (since > > this is a ROM cheat)? > > The simple formula for this is: > FF800000 + ( 00B5D08 * 8 ) = FFDAE840 > That works for all ROM addresses
Note that this formula only applies to Midway hardware using the TMS34010 CPU. The relation between ROM addresses and CPU addresses is different between CPU types and hardware, and the TMS34010 is particularly weird as it addresses individual bits rather than bytes--that's where the "times 8" comes from.
Look at the ADDRESS_MAP macro in the source code for the MAME driver of the game you're debugging to see where ROM, RAM and input ports are.
If you're completely new to debugging using MAME, I strongly advise that you start with a game that uses a Z80 or 68000 as the main CPU (and preferably one without encryption or bankswitching, so not CPS2 or NeoGeo. CPS1 is OK.) Machine code for these CPUs is relatively easy to read and there is a ton of documentation since both CPUs were used in popular home computers.
|
|