Static Disassembly Listings
Posted: Tue Feb 13, 2024 10:25 am
One of the biggest issues with a static disassembly listing is being able to distinguish executable code from data.
There are some bespoke utilities for ZX Spectrum, Spectrum Analyser and SkoolKit for example.
Here's a take on how to perform the runtime trace and disassembly for any Z80, 6502 or TMS9900 machine which is supported by Mame.
To create the runtime trace, load the game you want to understand into Mame using the debug switch. Now start a trace and play the game - the more you play the better the coverage.
Next is stripping this usually mammoth trace file down to something manageable. On windows, use sort /unique tracefile > sorted.txt
Now fire up Ghidra and load the game, setting the correct processor and memory location. Let Ghidra auto analyse - which doesn't find too much, due to no entrypoint etc.
Open the Scripting Manager window, create a new script and add a new python script, which will read and disassemble using the sorted.txt trace file.
So far this approach has helped me understand better the ColecoVision and SG1000 sound engines by doing the hard work of disassembly for me.
Tools reference
Spectrum Analyser - https://colourclash.co.uk/spectrum-analyser/
SkoolKit - https://skoolkit.ca/
Ghidra - https://ghidra-sre.org/
Ghidra TMS9900 - https://github.com/gnulnulf/Ghidra-TMS9900
Mame - https://www.mamedev.org/
There are some bespoke utilities for ZX Spectrum, Spectrum Analyser and SkoolKit for example.
Here's a take on how to perform the runtime trace and disassembly for any Z80, 6502 or TMS9900 machine which is supported by Mame.
To create the runtime trace, load the game you want to understand into Mame using the debug switch. Now start a trace and play the game - the more you play the better the coverage.
Next is stripping this usually mammoth trace file down to something manageable. On windows, use sort /unique tracefile > sorted.txt
Now fire up Ghidra and load the game, setting the correct processor and memory location. Let Ghidra auto analyse - which doesn't find too much, due to no entrypoint etc.
Open the Scripting Manager window, create a new script and add a new python script, which will read and disassemble using the sorted.txt trace file.
Code: Select all
tracefile = open('D:\\mame0262\\sorted.txt','r')
tlines = tracefile.readlines()
tracefile.close()
count = 0
for line in tlines:
count += 1
cline = line.strip()
if cline[4:5] == ':':
maddress = '0x' + cline[0:4]
print("Disassembling address " + maddress)
disassemble(toAddr(maddress))
Tools reference
Spectrum Analyser - https://colourclash.co.uk/spectrum-analyser/
SkoolKit - https://skoolkit.ca/
Ghidra - https://ghidra-sre.org/
Ghidra TMS9900 - https://github.com/gnulnulf/Ghidra-TMS9900
Mame - https://www.mamedev.org/