I stopped C developing because as I knew how to do some things in C but there was always one problem that annoyed me a lot, I stopped developing on the Neo in C and instead switched to 68k assembly language. But, here's my problem: my program works perfectly fine with an original MVS BIOS, but when I try it with an AES BIOS or an Unibios, then I just get a black screen and MAME debug option shows that it does some stuff then loop over this:
C116D0 | cmpm.w (a0)+, (a1)+
C116D2 | bne $C116DA
C116D4 | cmpa.l a1, a2
C116D6 | bne $c116d0
If someone has a clue on what happens here (@blastar ?) it would help me a lot.
hmm, I don't know the problem (yet)... a loop in the BIOS itself that checks something... and that infinitely. maybe it's some kind of validity/work check that fails because of a strange memory configuration?
you're certainly using your own entry in the XML file?
I don't know a thing about 68k assembly and even less on NeoGeo but maybe it's a uninitialized variable that causes some trouble?
"If you see strict DRM and copy protection that threatens the preservation of history, fight it: copy the work, keep it safe, and eventually share it so it never disappears. [...] no one living 500 years from now will judge your infringing deeds harshly when they can load up an ancient program and see it for themselves."
Benj Edwards - Why History Needs Software Piracy
- - -
Achat ou échange: topic de mes recherches
/ Meilleur smiley = #helico#
Thanks for the link! Lots of useful info and I didn't know about it
Assuming a0 and a1, two address registers, are pointing to two memory sections,
the code seems to try to compare the content and the address location....
C116D0 | cmpm.w (a0)+, (a1)+ ... compare the word (cmpm.w) pointed by a0 and a1, set flags and post increment a0 and a1
C116D2 | bne $C116DA ... branch if not equal to instruction at $C116DA ... what ever follow
C116D4 | cmpa.l a1, a2 ... if equal the compare both addresses (address are long i.e. .l), set the flags
C116D6 | bne $c116d0 .... if not equal them loop back to $c116D0 to further compare the loop
C116DA | ... what ever follow here
So it seems this loop is trying to compare the content of two data section pointed by a0 and a1, and also their address location.
Could this piece of code be used by some sort of verification for security, usually one compare the address content but here
there is also some comparison for address location too ...
Hope this helps
Brahim :: Singapore
I'm not great with asm yet, but we don't know what a1 and a2 are pointed to do we? I think we can assume that a1 is pointing to a different place than a2 and that this code is looking for comparison.
It is fair to say that a1 is the cart and a2 is the system. A security verification makes sense.
Can you comment out these lines to see what happens?
I also read the tutorial from MarkeyJester. You might write a program in C and then rewrite some of the functions in asm. That's what I have been doing. I rewrote my collision detection code in asm and learned a lot from it.
2019-02-26 at 07:41amEdited by VasiliyFamiliya On the 2019-03-11 at 02:48am
Here is a code executing after first joypad interaction string I found in KoF '94 disassembly. Well, please check, did I understood all in the commented strings correctly.
0330B8: 1039 0010 FD96 move.b $10fd96.l, D0 ; P1_CURRENT value moving to D0
0330BE: 0240 000F andi.w #$f, D0 ; D0 first 4 bits (active joystick directions) check
0330C2: D040 add.w D0, D0 ; *2 because word-reads/writes (long too!) must be even!!!
0330C4: 41FA 002C lea ($2c,PC) ; ($330f2), A0
0330C8: 4E71 nop
0330CA: 3230 0000 move.w (A0,D0.w), D1 ; read a word (2 bytes, because of this D0*2), word-reads/writes must be even!!!
0330CE: 6B20 bmi $330f0 ; end of suroutine if result of [$330f2]+D0 moving to D1 is negative
0330D0: 203C 0002 0000 move.l #$20000, D0
0330D6: 4EB9 0000 27EC jsr $27ec.l ; jump to $27ec subroutine (this subroutine code will be quoted separately)
0330DC: 2944 0050 move.l D4, ($50,A4)
0330E0: 2945 0058 move.l D5, ($58,A4)
0330E4: 4844 swap D4
0330E6: 4845 swap D5
0330E8: D96C 0024 add.w D4, ($24,A4)
0330EC: DB6C 0026 add.w D5, ($26,A4)
0330F0: 4E75 rts
0027EC: 2800 move.l D0, D4 ; move #$20000 to D4
0027EE: 3A01 move.w D1, D5 ; move [$330f2]+((P1_CURRENT value&#$f)*2) to D5
0027F0: 6100 0010 bsr $2802 ; goto $2802 subroutine
0027F4: C144 exg D0, D4
0027F6: 1205 move.b D5, D1
0027F8: 6100 000C bsr $2806 ; repeat an analogic actions without of addition of #$40 to D1 at the begin
0027FC: C145 exg D0, D5
0027FE: 4485 neg.l D5
002800: 4E75 rts
002802: 0601 0040 addi.b #$40, D1 ;([$330f2]+((P1_CURRENT value&#$f)*2))+#$40
002806: 0281 0000 00FF andi.l #$ff, D1
00280C: 4A01 tst.b D1
00280E: 6A02 bpl $2812 ;if (([$330f2]+((P1_CURRENT value&#$f)*2))+#$40)&#$ff is positive then goto $2812 subroutine
002810: 4480 neg.l D0 ;else D0=#$-20000
002812: D241 add.w D1, D1
002814: 41F9 00C0 4000 lea $c04000.l, A0
00281A: 3230 1000 move.w (A0,D1.w), D1 ;((([$330f2]+((P1_CURRENT value&#$f)*2))+#$40)&#$ff)+$c04000
00281E: 0C41 0001 cmpi.w #$1, D1
002822: 6704 beq $2828 ;end the subroutine if ((([$330f2]+((P1_CURRENT value&#$f)*2))+#$40)&#$ff)+$c04000=1
002824: 6000 0004 bra $282a ;else goto $282a subroutine
002828: 4E75 rts
00282A: 4A80 tst.l D0 ; is D0 = 0 ?
00282C: 40C3 move SR, D3 ; save statusregister.w (also CCR) to D3
00282E: 6722 beq $2852 ; if D0 = 0 then goto $2852
002830: 6A02 bpl $2834 ; if D0 > 0 then goto $2834
002832: 4480 neg.l D0 ; else D0 = D0 * -1
002834: 3400 move.w D0, D2 ; d0.w to d2.w (lower)
002836: 4840 swap D0 ; swap d0 lower <> higher
002838: C4C1 mulu.w D1, D2 ; d2 = d2 * d1
00283A: 0682 0000 8000 addi.l #$8000, D2 ; mask highest bit
002840: 4242 clr.w D2 ; clear lower
002842: 4842 swap D2 ; swap higher <> lower
002844: C0C1 mulu.w D1, D0 ; d0 = d1 * d0
002846: D082 add.l D2, D0 ; d0 = d0 + D2
002848: 44C3 move D3, CCR ; restore statusregister.b from D3 to CCR
00284A: 6A02 bpl $284e ; if D0 > 0 then end the subroutine ahead of time
00284C: 4480 neg.l D0 ; else d0 * -1
00284E: 4E75 rts
002852: 7000 moveq #$0, D0
002854: 4E75 rts
This subroutine seriously embarrased me. As you see in the previous post, it's executing if D0=0. Why to zeroize D0 again then, and multiply 0 by -1 after?
2019-03-08 at 03:22pmEdited by Zerosquare On the 2019-03-08 at 06:02pm
This is not a subroutine, since it is called by "beq". It's just an early exit that returns zero if D0 is zero.
The function looks like a typical 32 bit x 32 bit multiplication routine, so it makes sense (zero multiplied by anything is always zero).
« Tout homme porte sur l'épaule gauche un singe et, sur l'épaule droite, un perroquet. » — Jean Cocteau
« Moi je cherche plus de logique non plus. C'est surement pour cela que j'apprécie les Ataris, ils sont aussi logiques que moi ! » — GT Turbo
Now, what do you think, what concrete in-game processes might be hidden behind all the code I quoted? What it responsible for?
2019-03-10 at 02:29pmEdited by VasiliyFamiliya On the 2019-03-11 at 02:43am
0331C8: 1039 0010 FD96 move.b $10fd96.l, D0 ; P1_CURRENT value moving to D0
0331CE: 0240 000F andi.w #$f, D0 ; D0 first 4 bits (active joystick directions) check
0331D2: 41FA 0020 lea ($20,PC) ; ($331f4), A0
0331D6: 4E71 nop
0331D8: 7200 moveq #$0, D1 ; D1=0
0331DA: 1230 0000 move.b (A0,D0.w), D1 ; D1=[$331f4]+D0 (why to zeroize D1 before it?)
0331DE: 6B00 0012 bmi $331f2 ; end of suroutine if result of [$331f4]+D0 moving to D1 is negative
0331E2: D241 add.w D1, D1
0331E4: D241 add.w D1, D1 ; else ([$331f4]+D0)*4 (why so strange way to do it has been selected?)
0331E6: 41FA 001C lea ($1c,PC) ; ($33204), A0
0331EA: 4E71 nop
0331EC: 2070 1000 movea.l (A0,D1.w), A0 ; A0=[$33204]+(([$331f4]+D0)*4)
0331F0: 4E90 jsr (A0) ; goto [$33204]+(([$331f4]+(P1_CURRENT value&#$f))*4) address
0331F2: 4E75 rts
What is lenght of opcode by 04B1D6 address? I need to know it to count the ($22,PC) address in the 04B1D6 command.
How should I to understand this string?
04B1FA: 3031 3233 move.w INVALID 31, D0
And isn't it a time to puzzle out finally, what concrete in-game processes are hiding behind all these computations and endless numbers interchange between registers and/or memory, before I get confused in my comments by bell, book and candle? Just look to 04B1B4 string, and you'll see how impossibly long and complicated the expressions became!
No idea, never had a deep look into this game.
But what's about pieces of code by 04BA6E, 04BDBA, 04CD6E, 04D28A, 04DB40 and 04E1D6 addresses?