Puyo Puyo Tsu/Debugging and Reverse Engineering Tools

From Puyo Nexus Wiki
Jump to: navigation, search

Emulation and debugging tools

To analyze any Genesis / System C-2 game, one will need emulators that include powerful debugging tools. Such tools must allow you to stop the CPU at any desired moment (at a specific instruction with breakpoints), or watch what occurs in memory (with watchpoints).

MAME was chosen as the emulator of choice for the System C-2 version, and MESS for the Genesis version. They are both from the MAMEdev team, and include the best debugger available on the platform (which works exactly the same on both). MESS is basically the console version of MAME.

Download: mamedev.org/release.html (external link filtered by anti-spam).

To run MESS with debugging tools, create a shortcut to messpp.exe or mess64.exe with the following parameters: 

"C:\...\messpp.exe" genesis -cart "Puyo Puyo 2 (REV 00) (J).bin" -video gdi -debug -resolution 320x240 -keepaspect

Note: the ROM file will have to be located in the same directory as the MESS .exe.

To run MAME with debugging tools, create a shortcut to mame.exe or mame64.exe with the following parameters: 

"C:\...\mame.exe" puyopuy2 -video gdi -debug -resolution 320x240 -keepaspect

Note the ROM directory "puyopuy2" or the "puyopuy2.zip" archive will have to be located in the "roms/" folder.

Reverse engineering tools

IDA Pro was use for most of the reverse engineering efforts. It is a somewhat expensive commercial software that is able to disassemble Motorola 68000 bytecode. An old freeware version is available at hex-rays.com (external link filtered by anti-spam) but might not support all the required features.

However, IDA Pro's disassembly is not accurate in the case of Genesis ROMs, and some instruction operands are not properly decoded (mainly address offsets). Using the emulator can help spotting errors and figuring those out.

Anyway, this tool displays a pretty graph overview of the program code and paths : arrows will visualize loops, alternatives and successive code blocks. This is convenient to annotate and comment your findings, rename functions and variables, so that the code looks like something readable.

However, it can't give you an accurate depiction of what CPU registers hold at a specific point during the game execution: you have to use the emulator to get the actual values or help you understand where they come from.

Retrieved from "https://puyonexus.com/mediawiki/index.php?title=Puyo_Puyo_Tsu/Debugging_and_Reverse_Engineering_Tools&oldid=5912"