Users browsing this thread: 1 Guest(s)
FF6 Advance Disassemblies

03-18-2017, 09:33 AM, (This post was last modified: 03-18-2017, 10:12 AM by Madsiur.)
#1
Posts: 2,907
Threads: 196
Thanks Received: 369
Thanks Given: 94
Joined: Oct 2011
Reputation: 47
Status
Tissue-aware
FF6 Advance Disassemblies
This is the fruit of an IDA pro auto-analysis and an hour of formatting and sorting with notepad++:

http://www.ff6hacking.com/FF6A_Disassembly.zip

There were 1638 functions disassembled in the (E) version and 1631 in the (U) version (with automatic ARM / Thumb switching). I can't tell if it's 100% of the code but IDA is supposed to take every code path possible in the ROM. The map file is a listing of the functions and ROM offsets used in the code to pull data, GFX, etc. If you find a function listed in the map that is not in the disassembly, it mean I deleted it by mistake with my line deleting / sorting process in notepad++ but I don't think there are any case of this, except ROM second half obvious garbage code. The disassembly probably still contain garbage, especially toward the end. There would probably be a better way to format all this in IDA Pro and I'll look into it. I'm not sure if I can display the instructions hex in the disassembly the same way does some disassemblers. I left the GBA I/O map at beginning for reference. If a I/O register is used in code, it should be labeled correctly.

I hope this will somewhat help GBA hacking and help sharing information among hackers (unless my disassembies are total garbage). If you ever figure out a piece of code, function, please report it, I could label it in IDA PRO, add comments, etc. Same with RAM, if you know RAM values, I could import a RAM map similar to the I/O map, making the code a lot more readable. I'll try to import a ROM map file in IDA to label the known offsets. If you're a good GBA coder and you see the disassembled code doesn't make any sense, please report it too. I know little ARM / Thumb but I'm projecting to use this document and IDA Pro to improve.

Edit: Added (U) disassembly and map.


[Image: xM84KsQ.png]
Quote  
[-] The following 3 users say Thank You to Madsiur for this post:
  • 13375K37CH3R (03-18-2017), B-Run (03-19-2017), PowerPanda (03-21-2017)

03-18-2017, 02:08 PM, (This post was last modified: 03-18-2017, 03:06 PM by 13375K37CH3R.)
#2
Posts: 20
Threads: 9
Thanks Received: 11
Thanks Given: 5
Joined: Dec 2015
Reputation: 4
Status
None
RE: FF6 Advance Disassemblies
Looks pretty cool! I notice it's missing a bunch of stuff, though. For example, I wanted to label the code at ROM:080A65F0(U)/ROM:080A7160(E) as being the Vanish trigger function, but that's not included in the disassembly.

None of the functions are labelled, also, so that'll be the next step. I think the best place to start is to examine the disassemblies in existing GBA patches to figure out those functions, and then after that we try cross-referencing with the SNES disassemblies to see where those functions are called and continue from there.

Still, good job! Let's add whatever we can to this!

Here's a list of identified functions, the patches that modify them, and their locations in the US and EU ROMs.


Code:
Function       | Patch            | US Location | EU Location
-------------------------------------------------------------
Airship takes  | Frozen Ocean Fix | 08045190    | 08045218
off            | (Novalia Spirit) |             |
-------------------------------------------------------------
Process mortal | Petrified Rebel  | 08078F74    | 080796C0
statuses       | (Novalia Spirit) |             |
-------------------------------------------------------------
Break Control  | Remote Control   | 080794A8    | 08079BF0
bonds          | (Novalia Spirit) |             |
-------------------------------------------------------------
Lance check    | Lance Bonus Fix  | 0807CDB4    | 0807D4F8
               | (Novalia Spirit) |             |
-------------------------------------------------------------
Purge          | Remote Control   | 0807F40C    | 0807FB50
battlefield    | (Novalia Spirit) |             |
-------------------------------------------------------------
Final battle   | Item Duplication | 0808D978    | 0808E404
party replace  | (Novalia Spirit) |             |
-------------------------------------------------------------
Set up Vanish  | Vanish/Runic     | 080A65F0    | 080A7160
animation      | (Leet Sketcher)  |             |
-------------------------------------------------------------
Process Float  | Allergic Dog     | 080FF04C    | 08100658
from equipment | (Novalia Spirit) |             |
I'll keep updating this list as I find more.
Quote  

03-18-2017, 02:46 PM,
#3
Posts: 2,907
Threads: 196
Thanks Received: 369
Thanks Given: 94
Joined: Oct 2011
Reputation: 47
Status
Tissue-aware
RE: FF6 Advance Disassemblies
(03-18-2017, 02:08 PM)13375K37CH3R Wrote: Looks pretty cool! I notice it's missing a bunch of stuff, though. For example, I wanted to label the code at ROM:080A65F0(U)/ROM:080A7160(E) as being the Vanish trigger function, but that's not included in the disassembly.

I may have deleted it by mistake or some code path(s) were omitted by IDA. I know the SNES IDA loader cannot deal with jump tables, so I'm not sure the state of this with the GBA loader. Thanks for the list and getting involved! I think missing IDA functions should be listed as well, so that way I can disassemble them manually. If you ever find some with no$GBA let me know.


[Image: xM84KsQ.png]
Quote  

03-19-2017, 10:44 AM,
#4
Posts: 2,907
Threads: 196
Thanks Received: 369
Thanks Given: 94
Joined: Oct 2011
Reputation: 47
Status
Tissue-aware
RE: FF6 Advance Disassemblies
There's indeed a lot of code that is omitted by IDA. As an example, a jump table of more than 100 functions was omitted (probably event commands). This is the same for every jump tables. So there is a lot to disassemble manually but I'm learning how to do it correctly. While I can't tell what the code does exactly, I think I can spot code that is not disassembled right. So far 95% of the code is Thumb instructions and I've got a bit more than 1 bank done, so around 15%-20%. I'll need a few more hours of work put in this before I release a cleaner and more complete version. I'm going to focus on the (E) ROM for now in order to speed up things and postpone doing the same for the (U) ROM until I got a +90% accurate disassembly.


[Image: xM84KsQ.png]
Quote  



Forum Jump:

Users browsing this thread: 1 Guest(s)

Theme by Madsiur2017Custom Graphics by JamesWhite