Static Disassembly Listings

Chat about everything you want: music, movies and life in general.
Post Reply
User avatar
@username@
Posts: 320
Joined: Tue Oct 22, 2013 6:59 pm
Location: Scotland

Static Disassembly Listings

Post by @username@ » Tue Feb 13, 2024 10:25 am

One of the biggest issues with a static disassembly listing is being able to distinguish executable code from data.

There are some bespoke utilities for ZX Spectrum, Spectrum Analyser and SkoolKit for example.

Here's a take on how to perform the runtime trace and disassembly for any Z80, 6502 or TMS9900 machine which is supported by Mame.

To create the runtime trace, load the game you want to understand into Mame using the debug switch. Now start a trace and play the game - the more you play the better the coverage.

Next is stripping this usually mammoth trace file down to something manageable. On windows, use sort /unique tracefile > sorted.txt

Now fire up Ghidra and load the game, setting the correct processor and memory location. Let Ghidra auto analyse - which doesn't find too much, due to no entrypoint etc.

Open the Scripting Manager window, create a new script and add a new python script, which will read and disassemble using the sorted.txt trace file.

Code: Select all

tracefile = open('D:\\mame0262\\sorted.txt','r')
tlines = tracefile.readlines()
tracefile.close()

count = 0

for line in tlines:
	count += 1
	cline = line.strip()
	if cline[4:5] == ':':
		maddress = '0x' + cline[0:4]
		print("Disassembling address " + maddress)
		disassemble(toAddr(maddress))
So far this approach has helped me understand better the ColecoVision and SG1000 sound engines by doing the hard work of disassembly for me.

Tools reference

Spectrum Analyser - https://colourclash.co.uk/spectrum-analyser/
SkoolKit - https://skoolkit.ca/
Ghidra - https://ghidra-sre.org/
Ghidra TMS9900 - https://github.com/gnulnulf/Ghidra-TMS9900
Mame - https://www.mamedev.org/
Post Reply