Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Zeldix :: MSU-1 Hacking :: MSU-1 Development :: Finished
Page 1 of 4
Page 1 of 4 • 1, 2, 3, 4
Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Hi everyone!
Does anyone know Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto?
I played that game a lot when I was young, and it had an awesome and catchy soundtrack.
I loved it!
Unfortunately, it looks like there's no MSU-1 version of that game.
Well, I was a bit bored today, so I redid the Main Theme (title screen) in CD quality!
Here's a picture I did (in 2015):
And here's the music!
Let me know what you think:
Main Theme (Original SPC)
Main Theme (CD Quality)
...As a Bonus, I also did the Map Theme:
Map (Original SPC)
Map (CD Quality)
...Edit: wow, another one! "Rocky's Message":
Rocky's Message (Original SPC)
Rocky's Message (CD Quality)
Does anyone know Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto?
I played that game a lot when I was young, and it had an awesome and catchy soundtrack.
I loved it!
Unfortunately, it looks like there's no MSU-1 version of that game.
Well, I was a bit bored today, so I redid the Main Theme (title screen) in CD quality!
Here's a picture I did (in 2015):
And here's the music!
Let me know what you think:
Main Theme (Original SPC)
Main Theme (CD Quality)
...As a Bonus, I also did the Map Theme:
Map (Original SPC)
Map (CD Quality)
...Edit: wow, another one! "Rocky's Message":
Rocky's Message (Original SPC)
Rocky's Message (CD Quality)
Last edited by JustinBailey on Fri 6 Aug 2021 - 6:04; edited 2 times in total
JustinBailey- Rope
- Since : 2021-08-05
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Unfortunately, the msu hackers we had on this forum are all mainly retired
Conn- Since : 2013-06-30
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Nice works, I enjoy play this game with my GF, I hope there will come a MSU version by some cool dude.
Looking forward to the switch remake version release.
Looking forward to the switch remake version release.
pentarou- Bee
- Since : 2020-12-26
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
And as stated in that thread, that is that modder's first mod. Most of the MSU mods that are released at this time were done by modders that have retired and/or moved on from MSU modding. While a few are still around, they don't really hammer out 2-3 MSU mods a week like some of the previous modders would (Hi Conn! ).Brutapode89 wrote:Conn wrote:Unfortunately, the msu hackers we had on this forum are all mainly retired
Why? Shin Megami Tensei is already in progress.
What the MSU community really needs atm is a few more people to pick up the skills to create MSU mods. Until we get there we're not going to see much in the way of new MSU mods. We can always hope the modder of the SMT mod sticks around the community to do some more mods, once he's done with that project.
edale- Since : 2017-10-03
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
edale wrote:And as stated in that thread, that is that modder's first mod. Most of the MSU mods that are released at this time were done by modders that have retired and/or moved on from MSU modding. While a few are still around, they don't really hammer out 2-3 MSU mods a week like some of the previous modders would (Hi Conn! ).Brutapode89 wrote:Conn wrote:Unfortunately, the msu hackers we had on this forum are all mainly retired
Why? Shin Megami Tensei is already in progress.
What the MSU community really needs atm is a few more people to pick up the skills to create MSU mods. Until we get there we're not going to see much in the way of new MSU mods. We can always hope the modder of the SMT mod sticks around the community to do some more mods, once he's done with that project.
I have vague plans to work on MSU patches for the other SNES SMT games (at least if... and II), but beyond that I'm not sure. I don't see myself ever hammering out 2 or 3 mods a week though, I just don't have the time for so much debugging and testing.
bsinky- Since : 2021-08-10
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
No one's expecting you to put out 2-3 mods a week, lol.bsinky wrote:I have vague plans to work on MSU patches for the other SNES SMT games (at least if... and II), but beyond that I'm not sure. I don't see myself ever hammering out 2 or 3 mods a week though, I just don't have the time for so much debugging and testing.
As for testing and such, you can easily outsource that. Release an in-progress patch once you've got the basic MSU functionality working, then let the playtesters in the community (aka, anyone who's interested in that particular game, lol) find the problem areas, then they can provide save files, so you can jump right to the problem area to debug.
You can even outsource the track mapping, if you've got a playtester who knows what they're doing (just put a watch on whatever RAM value the MSU code is using for the track number, see what number it reports, and compare to what's supposed to play there... or listen if the MSU code has a per-track SPC fallback).
And finally, you can outsource the track selection, looping, and conversion.
There's several users on this site, myself included, who lack the skills to do MSU mods, but are willing and more than capable of doing pretty much every other part of the MSU process.
The MSU projects I worked on typically had the coder just do the basic coding to get the MSU working; then I'd go in and get the tracks mapped out, locate suitable music for each track (including getting permission from the composer/artist who made whatever remasters I used to use their music for the mod), convert the music (including any needed editing to get things working properly, such as making sure the audio lines up in scripted events), playtest the game, and then report any bugs I find related to the MSU patch. Then playtesting again after the bugs are fixed, and reporting any new bugs. Rinse/repeat until the game was playable beginning to end with no major bugs, before publishing the patch in the MSU hacks database and moving on to the next project. I'm reasonably sure the MSU coders themselves didn't play the games beginning to end once in the entire process for most of them.
While I'm mostly retired from doing all that, I'm still willing to do the looping and conversion for the audio (and help on song selection) on any MSU projects you want to work on, and may help with playtesting if it's a game I'm interested in.
edale- Since : 2017-10-03
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Thanks! In the meantime, I converted and reorchestrated 12 out of 24 tracks!pentarou wrote:Nice works, I enjoy play this game with my GF, I hope there will come a MSU version by some cool dude.
Yay, I'm halfway!
JustinBailey- Rope
- Since : 2021-08-05
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
JustinBailey wrote:Thanks! In the meantime, I converted and reorchestrated 12 out of 24 tracks!pentarou wrote:Nice works, I enjoy play this game with my GF, I hope there will come a MSU version by some cool dude.
Yay, I'm halfway!
Keep up the good working.
https://www.natsumeatari.co.jp/kuromanto/
i hope this game will release soon, the remake soundtracks are really nice, must buy!
pentarou- Bee
- Since : 2020-12-26
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Damn, you are right, they are remaking Pocky & Rocky!pentarou wrote:https://www.natsumeatari.co.jp/kuromanto/
i hope this game will release soon, the remake soundtracks are really nice, must buy!
I didn't know! What a funny timing
I think the new soundtrack sounds too much MIDI, and too bad that the SFX are the same as the SNES game (they are very aggressive to the ears in my opinion).
But damn, Pocky & Rocky with new animation and in 16/9, awesome!
JustinBailey- Rope
- Since : 2021-08-05
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
I've recently started work on this game, but please don't get your hopes up. I'm new to ASM and new in general to rom hacking.
I've been following along with an old video of creating a hack that was posted by DarkShock and trying to apply what I'm learning to this game.
I think I've hit a bit of a wall with my current skills though, so I'm asking for some advice.
Any tips on how to figure out where to go from here would be greatly appreciated..
I've found that if you breakpoint 088054 and change the y register from 4 to 8 during a music transition, it'll play a different track than intended. i can't seem to predict the track it will play or even figure out why exactly this change is working.. but it's progress.. so what's my next move?
Either tracing this y register change forward through how it changes the track load or maybe tracing it backwards to see what's setting it? Or maybe I'm on a wild goose chase with this one.. who knows
I've been following along with an old video of creating a hack that was posted by DarkShock and trying to apply what I'm learning to this game.
I think I've hit a bit of a wall with my current skills though, so I'm asking for some advice.
Any tips on how to figure out where to go from here would be greatly appreciated..
I've found that if you breakpoint 088054 and change the y register from 4 to 8 during a music transition, it'll play a different track than intended. i can't seem to predict the track it will play or even figure out why exactly this change is working.. but it's progress.. so what's my next move?
Either tracing this y register change forward through how it changes the track load or maybe tracing it backwards to see what's setting it? Or maybe I'm on a wild goose chase with this one.. who knows
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
I spent a bit of time doing it to all the tracks in the sound test just to see if there was a pattern but it doesnt look like it. It does seem promising that I can send data to the SPC and have it not play music and not crash the game though
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
From a bit more experimentation in the rom, I think I've determined that this game loads the songs for the level at the same time as the level and then switches between them by writing the track number in the data bank at certain points.
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
It is cool to hear you are making progress Cubear, and welcome to the community. I wish you luck in figuring this stuff out and wish i can help but i am no good at asm coding.
JUD6MENT- Since : 2018-04-19
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Thanks. It feels like I'm building up to a very beginner level skill (better than previously "no skill".)
I also haven't had to actually try to put together any ASM code yet, I'm still in the "break stuff and write it down" stages after all!
What I need to figure out now is how to determine where it's telling the game what to pre-load for the level? I think.
That way when it comes time to make the MSU1 play something I can know which songs are loaded currently and which of those are playing, which I'll need to play the correct track via MSU1.. I think.
I also haven't had to actually try to put together any ASM code yet, I'm still in the "break stuff and write it down" stages after all!
What I need to figure out now is how to determine where it's telling the game what to pre-load for the level? I think.
That way when it comes time to make the MSU1 play something I can know which songs are loaded currently and which of those are playing, which I'll need to play the correct track via MSU1.. I think.
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Forgive me for using this thread as a dumping ground for what's going on. I hope someday my experiences could help somebody else in my shoes: completely lost but not afraid to fail until I don't.
Looking around in the sound processor's memory during sound test, I can see that the music packs are already linked before they get called into playing in the sound test. and the tracks from my y8 chart earlier in the thread are all part of the same "pack" of music tracks so track 2 and track 8 are both part of the same data pack sent to the sound processor.
in case anybody is following after me, it's at $2400 in APU memory, you can tell by looking at 11bd in the SMP debugger.
To me, despite this not being what I was looking for at all, it does still help somewhat because it means I can probably do most of my testing within Sound Test now that I know it loads the songs in the same way that the levels do.. tomorrow's focus will be trying to load the wrong track within a set, then trying to load the wrong set in general, then trying to load the wrong set in-game.. I'm so close to actually needing to hack, I really hope I can figure out how it's calling which set of tracks to load.
Looking around in the sound processor's memory during sound test, I can see that the music packs are already linked before they get called into playing in the sound test. and the tracks from my y8 chart earlier in the thread are all part of the same "pack" of music tracks so track 2 and track 8 are both part of the same data pack sent to the sound processor.
in case anybody is following after me, it's at $2400 in APU memory, you can tell by looking at 11bd in the SMP debugger.
To me, despite this not being what I was looking for at all, it does still help somewhat because it means I can probably do most of my testing within Sound Test now that I know it loads the songs in the same way that the levels do.. tomorrow's focus will be trying to load the wrong track within a set, then trying to load the wrong set in general, then trying to load the wrong set in-game.. I'm so close to actually needing to hack, I really hope I can figure out how it's calling which set of tracks to load.
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
As a fellow MSU-1 hacking novice, I wish you the best of luck!
I debugged this game a little bit in the past while working on the only MSU-1 hack I've done so far, but the way it handled its music was significantly different from the game I was working on, so I gave up.
I don't know if it helps, but in my debugging notes I'd noted that $10-$12 in CPU memory seems to hold a 3-byte music pointer of some sort, and it gets read during a subroutine that seems to load music data using
However, I was unable to get different music to load and play by changing the values of $10-$12, so there seems to be more to it than that.
I debugged this game a little bit in the past while working on the only MSU-1 hack I've done so far, but the way it handled its music was significantly different from the game I was working on, so I gave up.
I don't know if it helps, but in my debugging notes I'd noted that $10-$12 in CPU memory seems to hold a 3-byte music pointer of some sort, and it gets read during a subroutine that seems to load music data using
- Code:
lda [$10], Y
However, I was unable to get different music to load and play by changing the values of $10-$12, so there seems to be more to it than that.
bsinky- Since : 2021-08-10
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Thank you for your support!
It appears this game has like a different "cd" per level, sort of.
When entering a boss during a level, it writes the value of 3 to the accumulator and then passes that off to $2140 to tell the SPU to change tracks. This passoff happens at 00d25c.
By changing the accumulator at that breakpoint you can change the "track" on the "CD" that's loaded, but you can't get the song data from other levels playing.
Somewhere else will be the code to tell it which "CD" to load, likely just before it begins to load the music data to audio memory. what's nice is a value of 0 passed to 2140 at this point mutes the music, so assuming
0=silence
1= stage intro
2= stage theme
3= boss theme
I think data layout in the hack will probably be like
check databank, check track, play song x(MSU) depending on those two values. Doesn't sound too hard. I won't even really need the hex codes for the songs by using this method, and will easily be able to silence the music by writing 0 in place of the intended number whenever it gets called.
It appears this game has like a different "cd" per level, sort of.
When entering a boss during a level, it writes the value of 3 to the accumulator and then passes that off to $2140 to tell the SPU to change tracks. This passoff happens at 00d25c.
By changing the accumulator at that breakpoint you can change the "track" on the "CD" that's loaded, but you can't get the song data from other levels playing.
Somewhere else will be the code to tell it which "CD" to load, likely just before it begins to load the music data to audio memory. what's nice is a value of 0 passed to 2140 at this point mutes the music, so assuming
0=silence
1= stage intro
2= stage theme
3= boss theme
I think data layout in the hack will probably be like
check databank, check track, play song x(MSU) depending on those two values. Doesn't sound too hard. I won't even really need the hex codes for the songs by using this method, and will easily be able to silence the music by writing 0 in place of the intended number whenever it gets called.
Last edited by Cubear on Wed 24 Nov 2021 - 19:41; edited 1 time in total
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Looking further into 00d25c has produced some results.
It doesn't get called on the sound test menu, but it does get called at many track changes in the game itself. (title screen, character select, intro movie, and so forth)
Interestingly, not at the "stage start" after the map screen, which does change from track 1 to track 2. must be a different place where this is set
Edit: The 2 value is passed on by the instruction at 00cd4a after the map screen, changing this to 3 does make the boss music play for the entire stage.
level 2's midpoint boss calls track 3 for his intro and then track 5 for his actual boss music. track 5 is called via 05e037 it seems and then is reverted to stage music at 0481e7.. It's looking like I'm going to need to hijack lots of different points in this game to get MSU1 working now.
probably each level has its own addresses that it uses for the same function, so the level code just calls the music track change directly?
It doesn't get called on the sound test menu, but it does get called at many track changes in the game itself. (title screen, character select, intro movie, and so forth)
Interestingly, not at the "stage start" after the map screen, which does change from track 1 to track 2. must be a different place where this is set
Edit: The 2 value is passed on by the instruction at 00cd4a after the map screen, changing this to 3 does make the boss music play for the entire stage.
level 2's midpoint boss calls track 3 for his intro and then track 5 for his actual boss music. track 5 is called via 05e037 it seems and then is reverted to stage music at 0481e7.. It's looking like I'm going to need to hijack lots of different points in this game to get MSU1 working now.
probably each level has its own addresses that it uses for the same function, so the level code just calls the music track change directly?
Last edited by Cubear on Wed 24 Nov 2021 - 19:41; edited 1 time in total
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
I've found the address for the "track selector" in sound test now, at $02e156
it just uses the 8-bit accumulator to determine track, so like 3203, it sends the 03 in order to change from the field music to the boss music to play song7 in sound test vs song1.
I spent some time doing a playthrough of the game (with cheats, this game is just nasty hard) and think I managed to find all of the track selection addresses, which should come in handy at a later date. I'll need to catalogue each use of each address at some point. I really should have done this at the same time but I got wrapped up in the gameplay. oops!
I'm doing some investigation onto the ram addresses brought to my attention by bsinky and they do appear to be the same between different tracks on the same databank, so they're linked just like I've noticed in the entire rest of the game... I'll probably have to abuse this somehow in order to play the wrong databank.. maybe just checking for changes to those addresses in order to wind up at the root of the data bank selection code?
it just uses the 8-bit accumulator to determine track, so like 3203, it sends the 03 in order to change from the field music to the boss music to play song7 in sound test vs song1.
I spent some time doing a playthrough of the game (with cheats, this game is just nasty hard) and think I managed to find all of the track selection addresses, which should come in handy at a later date. I'll need to catalogue each use of each address at some point. I really should have done this at the same time but I got wrapped up in the gameplay. oops!
I'm doing some investigation onto the ram addresses brought to my attention by bsinky and they do appear to be the same between different tracks on the same databank, so they're linked just like I've noticed in the entire rest of the game... I'll probably have to abuse this somehow in order to play the wrong databank.. maybe just checking for changes to those addresses in order to wind up at the root of the data bank selection code?
Last edited by Cubear on Wed 24 Nov 2021 - 19:41; edited 1 time in total
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Maybe I'm thinking about this too hard..
If those ram addresses indicate the databank to be loaded, couldn't I just read this data and the track data and know what song is intended to play? I'll have to do some testing outside of sound test just to make sure this is a correct assumption
If those ram addresses indicate the databank to be loaded, couldn't I just read this data and the track data and know what song is intended to play? I'll have to do some testing outside of sound test just to make sure this is a correct assumption
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
My thoughts for hack layout at this stage:
Read $10 during execution of 08 8017
Write this to an unused location as $10 is rather busy and might have these values at other times that the track is not being switched
Using this data we can tell which song bank is currently loaded and use that to play the correct tracks at the correct times.
Song banks are, in hexadecimal on $10
Title Screen = 81
Character select, introduction cutscene, ending cutscene = 41
level 1 = 05
Second, third, fourth, fifth, sixth cutscenes= AB
Level 2 = 32
Level 3 = 1E
Level 4 = 59
Level 5 = 34
Level 6 = CD
Level 7 = D3
Ending cutscene2, Credits, thanks for playing = A2
Luckily enough, these map to the databanks the songs are in with no overlap between different banks. This data seems consistent through multiple methods in-game of loading the data banks as well.
Next trick is going to be practicing muting the music through the entire game. As a proof of concept and to determine any transitions that I missed. Setting the track number to 0 at all transitions I can find and seeing if the game crashes.
Another task to be done will be making a track list for each data bank and mapping that to the track numbers from the official OST or something just for easy reference.
After that, I suppose it will be time for a proof of concept hack that just does the title screen before moving on to putting in the much greater amount of effort of doing it to the entire game
Read $10 during execution of 08 8017
Write this to an unused location as $10 is rather busy and might have these values at other times that the track is not being switched
Using this data we can tell which song bank is currently loaded and use that to play the correct tracks at the correct times.
Song banks are, in hexadecimal on $10
Title Screen = 81
Character select, introduction cutscene, ending cutscene = 41
level 1 = 05
Second, third, fourth, fifth, sixth cutscenes= AB
Level 2 = 32
Level 3 = 1E
Level 4 = 59
Level 5 = 34
Level 6 = CD
Level 7 = D3
Ending cutscene2, Credits, thanks for playing = A2
Luckily enough, these map to the databanks the songs are in with no overlap between different banks. This data seems consistent through multiple methods in-game of loading the data banks as well.
Next trick is going to be practicing muting the music through the entire game. As a proof of concept and to determine any transitions that I missed. Setting the track number to 0 at all transitions I can find and seeing if the game crashes.
Another task to be done will be making a track list for each data bank and mapping that to the track numbers from the official OST or something just for easy reference.
After that, I suppose it will be time for a proof of concept hack that just does the title screen before moving on to putting in the much greater amount of effort of doing it to the entire game
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Well, maybe this helps you.
The play track command is here
I'm not sure whether you can use even the value in A here to determine the track to play
The first level music is muted here (hardcoded):
In the music menu, this is at
The play track command is here
- Code:
$00/D257 A9 01 00 LDA #$0001 A:0000
$00/D25A E2 20 SEP #$20 A:0001
$00/D25C 8D 40 21 STA $2140 [$00:2140] A:0001
$00/D25F C2 F8 REP #$F8 A:0001
$00/D261 60 RTS A:0001
I'm not sure whether you can use even the value in A here to determine the track to play
$00/D25C 9C 40 21 STZ $2140 [$00:2140] A:0003
$00/D25C 9C 40 21 STZ $2140 [$00:2140] A:0001
$00/D25C 9C 40 21 STZ $2140 [$00:2140] A:0002
$00/D25C 9C 40 21 STZ $2140 [$00:2140] A:0004
$00/D25C 9C 40 21 STZ $2140 [$00:2140] A:0001
The first level music is muted here (hardcoded):
- Code:
$00/CD48 A9 02 LDA #$02 A:0000
$00/CD4A 8D 40 21 STA $2140 [$00:2140]
In the music menu, this is at
- Code:
$02/E156 8D 40 21 STA $2140 [$02:2140] A:5902
Conn- Since : 2013-06-30
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
I feel like I've just been noticed by a superstar!
You can in fact change the accumulator value to select tracks!
I was using 00d25c, editing Accumulator to 0 in order to mute tracks and it worked for an entire playthrough of the game with no crashes... but there were other addresses that are also hardcoded to play tracks at certain times.
00cd4a seems to be run to play track 2 after the map screen has ended and the stage is beginning
00e532 is used to move to the boss battle music at the start of a boss fight
At other times 0481e7 was used to change tracks
same with 068420
I think that's all the addresses that I encountered during a playthrough, I did find 02e156 for playing around in sound test as well.
The game was pretty prone to crashing when playing a track that was outside the number of loaded tracks, so I'd like to mute by changing track to 0 for the entire game.
Right now, though, I have been fighting with hijacking addresses in the rom without crashing or glitches
Even when I just break out and run the normal code and nothing else before jumping back, I get weird graphical artifacting like so.
Is this just a matter of finding a different place to hijack?
also, being new to ASM hacking, is there a reason to use xkas over asar? Or is there some other tool in a similar vein for applying .asm to a rom that's easier to use for hacking purposes?
You can in fact change the accumulator value to select tracks!
I was using 00d25c, editing Accumulator to 0 in order to mute tracks and it worked for an entire playthrough of the game with no crashes... but there were other addresses that are also hardcoded to play tracks at certain times.
00cd4a seems to be run to play track 2 after the map screen has ended and the stage is beginning
00e532 is used to move to the boss battle music at the start of a boss fight
At other times 0481e7 was used to change tracks
same with 068420
I think that's all the addresses that I encountered during a playthrough, I did find 02e156 for playing around in sound test as well.
The game was pretty prone to crashing when playing a track that was outside the number of loaded tracks, so I'd like to mute by changing track to 0 for the entire game.
Right now, though, I have been fighting with hijacking addresses in the rom without crashing or glitches
Even when I just break out and run the normal code and nothing else before jumping back, I get weird graphical artifacting like so.
Is this just a matter of finding a different place to hijack?
also, being new to ASM hacking, is there a reason to use xkas over asar? Or is there some other tool in a similar vein for applying .asm to a rom that's easier to use for hacking purposes?
Re: Pocky & Rocky / Kiki Kaikai: Nazo no Kuro Manto
Hijacking needs some care.
For example you want to hijack here:
$00/CD48 A9 02 8d 40 21.
If you jsr in the same bank you make
A9 02 20 xx yy since it needs 3 bytes and the sta $2140 is 3 bytes as well.
If you need to make a jsl you need all 5 bytes since the jsl is 4 bytes: 22 xx yy zz ea where the ea are nop opcodes so no code fragments are left over leading to glitches.
In the free place you hijacked to you must repeat the overwritten code in case it is needed like
ZZ:yyxx A9 02 8d 49 21, and then your new code ending with a 6b (RTL) or in case of a jsr with a 60 (rts).
Bugs can occur, if you have code fragments in the hook area not nopped out or didn't repeat native code.
Sometimes it gets really worse, if some other code branches here:
Like a9 03 80 02 a9 02 8d 40 21
Lda 03, branch 2 bytes, lda 02, sta 2140. So here sometimes 02, sometimes 03 is stored to 2140.
If you now hook like a9 03 80 02 22 xx yy zz
The code a9 03 branches to yy zz where the part of your Hook address is written and yy executed as opcode, it crashes in 99% the game. Here you need to be careful.
Then you also must take care of processor status and stacks. Usually make after the hook a php (processor status to stack), then a stack copy of all registers you manipulate a,x,y and a sep #30 so you are in 8 bit mode unless you need 16 bit mode and after manipulation get it back from stack and continue, so
Repeat Overwritten code at the beginning or after your code block if the values get used later - or leave away. That's case dependent.
Then:
Php
Pha
PHX ; not needed if you only manipulate a
Phy; not needed if you only manipulate a and x
Sep #$30
....your new code
Ply
Plx
Pla
Plp
Rtl
For example you want to hijack here:
$00/CD48 A9 02 8d 40 21.
If you jsr in the same bank you make
A9 02 20 xx yy since it needs 3 bytes and the sta $2140 is 3 bytes as well.
If you need to make a jsl you need all 5 bytes since the jsl is 4 bytes: 22 xx yy zz ea where the ea are nop opcodes so no code fragments are left over leading to glitches.
In the free place you hijacked to you must repeat the overwritten code in case it is needed like
ZZ:yyxx A9 02 8d 49 21, and then your new code ending with a 6b (RTL) or in case of a jsr with a 60 (rts).
Bugs can occur, if you have code fragments in the hook area not nopped out or didn't repeat native code.
Sometimes it gets really worse, if some other code branches here:
Like a9 03 80 02 a9 02 8d 40 21
Lda 03, branch 2 bytes, lda 02, sta 2140. So here sometimes 02, sometimes 03 is stored to 2140.
If you now hook like a9 03 80 02 22 xx yy zz
The code a9 03 branches to yy zz where the part of your Hook address is written and yy executed as opcode, it crashes in 99% the game. Here you need to be careful.
Then you also must take care of processor status and stacks. Usually make after the hook a php (processor status to stack), then a stack copy of all registers you manipulate a,x,y and a sep #30 so you are in 8 bit mode unless you need 16 bit mode and after manipulation get it back from stack and continue, so
Repeat Overwritten code at the beginning or after your code block if the values get used later - or leave away. That's case dependent.
Then:
Php
Pha
PHX ; not needed if you only manipulate a
Phy; not needed if you only manipulate a and x
Sep #$30
....your new code
Ply
Plx
Pla
Plp
Rtl
Last edited by Conn on Wed 24 Nov 2021 - 20:02; edited 3 times in total
Conn- Since : 2013-06-30
Page 1 of 4 • 1, 2, 3, 4
Zeldix :: MSU-1 Hacking :: MSU-1 Development :: Finished
Page 1 of 4
Permissions in this forum:
You cannot reply to topics in this forum