don't click here

Learn about exceptions, Blank Period...

Discussion in 'Engineering & Reverse Engineering' started by Fiz, Mar 5, 2004.

  1. Fiz

    Fiz

    FACKIN' BIG PENIS Oldbie
    1,985
    0
    16
    PENIS
    NOTE: Some of the things in the CODE Box will be repeated a few times, because these were parts of a few seperate documents I made. So don't bitch at me about it.

    ---

    If you open a Sonic ROM (it can be any Sonic game), you will see a lot of "00000200" in the ROM headers. Those are exceptions. If something occurs that isn't supposed to happen, one of these exceptions are called. It can be an illegal instruction, an address error, or a 1111 emulation error. The exceptions are like sub routines, but they are interrupting whatever was running when the exception occured, so you need to kill the exceptions with a "RTE" instead of a "RTS" RTE stands for ReTurn from Exception.

    Code (Text):
    1. Open a Sonic 1 ROM:
    2.  
    3. RTE (ReTurn from Exception) = ?4E 73
    4.  
    5. Go to offset 0 (the beginning of the ROM)
    6. You will find these values: 00 FF FE 00
    7.  
    8. At offset 4 (the starting address in a genesis ROM), you will find the values: 00 00 02 06
    9.  
    10. This is the first exception pointer.
    11. It's probably that exception that shows the "ILLEGAL INSTRUCTION" text when something goes wrong.
    12.  
    13. The exception starts at offset 206.
    14. If you want to kill that exception code, you put a RTE at that offset.
    15.  
    16. There are a lot of these exceptions. ?You can see how it continues with a new exception pointer at offset 8: 00 00 03 D6
    17. The exceptions end at offset FF.
    18. The last exception you'll find points at the default exception handler at offset 200 (You can see this at offset FC : 00 00 02 00)
    19.  
    20. Now there are two important exceptions in the header. The HBlank and the VBlank interrupt.
    21.  
    22. HBLANK = HORIZONTAL BLANK
    23. VBLANK = VERTICAL BLANK
    24.  
    25. The HBlank occurs every time one scanline has been drawn on the screen. The VBlank occurs when all the scanlines have been drawn.
    26.  
    27. You will find the pointer to the HBlank interrupt at offset 70.
    28. The value will be: 00 00 11 26
    29.  
    30. So every scanline, the code which is currently executed will be interrupted, and a call to the HBlank will occur automatically.
    31.  
    32. So if you want to kill the water effect, you can just put a RTE "4E 73" at offset 1126.
    33.  
    34. You will find the VBlank interrupt pointer at offset 78.
    35. The values will be: 00 00 0B 10
    36.  
    37. The VBlank copies every sprite, palette to the screen during the gameplay. It also plays the music.
    38.  
    39. If you decide to RTE the VBlank, put a RTE at offset B10... BUT nothing will be shown on the screen. It will just be black.
    40.  
    41. ABOUT BLANK PERIOD:
    42. The blank period is when the Electron beam has drawn the screen and needs to retrace. It's a small period where you can copy data and move sprites without affecting the display.
    43.  
    44. A Vertical Blank interrupt is called when a whole screen has been drawn and the Electron beam has to retrace all the way back to its starting point. You can make the game to run in 60 Hz by waiting for a VBlank to occur.
    45.  
    46. The Horizontal Blank occurs when one scan line has been drawn and the beam needs go back to the start of the next scan line. You can see this as when you press enter to make a line feed when you write a document, the cursor needs to go down and back so that you can start to write on the next line. The HBlank is used for effects like switching the pallete at a special scan line to make a water surface in the Sonic games, or to scroll one pixel during every HBlank to make the background look like it's been drawn in 3D.
    47.  
    48. The HBlank and VBlank are interrupts. They will interrupt whatever code that was executed, and therefore they must be exited with a RTE so that the game can continue to be executed from where it was interrupted.
    So now you know:
    These two exceptions called the Horizontal and Vertical Blank are critical for the game. Without them, nothing will be drawn on the screen.

    And you need to use the RTE instruction to kill the exception handlers.

    The RTE will stop the exception, and go back to where the code was interrupted before the exception was called.

    To call an exception...the CHK and TRAPV commands force an exception

    I hope this helps anyone.

    Oh, and if something in here is wrong, tell me immediatly. Thanks.

    EDIT 1:
    Fixed grammatical errors pointed out by Icy Guy.
    Fixed part about if calling an exception is possible as pointed out by Quick Man.
    Added part about how offset 4 if the starting address in a genesis ROM, as pointed out by Gerbil.
     
  2. Quickman

    Quickman

    be attitude for gains Tech Member
    5,595
    18
    18
    :x
    omg porjcet
    That's the stack pointer loaded to address register 7. Just so you know.

    Actually it's exactly the opposite; that's normal gameplay.

    The CHK and TRAPV commands force an exception ("CHK COMMAND" and "TRAPV COMMAND" respectively).
     
  3. ICEknight

    ICEknight

    Researcher Researcher
    Wow, that's very informative!

    You should make a site with all your finds, it would help a lot of people learn how these things work.

    EDIT: I guess one of those exceptions is what makes you go to the secret level select in Sonic 3D, right?
     
  4. Fiz

    Fiz

    FACKIN' BIG PENIS Oldbie
    1,985
    0
    16
    PENIS
    Thanks.

    Heh. Someday, maybe.

    Yes. Instead of giving you the ILLEGAL INSTRUCTION text, it gives you "You found the secret level select screen!" screen. Or at least that is what I understand. I don't know jack about S3D.
     
  5. Quickman

    Quickman

    be attitude for gains Tech Member
    5,595
    18
    18
    :x
    omg porjcet
    Quite correct. If we look at the S3D vector table...

    Code (Text):
    1. FFFF0400
    2. 00000200
    3. 00000928
    4. 00000928
    5. 00000928
    6. 00000928
    7. 00000928
    8. 00000928
    9. 00000928
    10. 00000928
    11. 00000928
    12. 00000928
    13. 00000928
    14. 00000928
    15. 00000928
    16. 00000928
    17. 00000928
    18. 00000928
    19. 00000928
    20. 00000928
    21. 00000928
    22. 00000928
    23. 00000928
    24. 00000928
    25. 00000928
    26. 00000928
    27. 000054E0
    28. 00000928
    29. FFFF04E8
    30. 00000928
    31. 0000546E
    32. 00000928
    33. 00000928
    34. 00000928
    35. 00000928
    36. 00000928
    37. 00000928
    38. 00000928
    39. 00000928
    40. 00000928
    41. 00000928
    42. 00000928
    43. 00000928
    44. 00000928
    45. 00000928
    46. 00000928
    47. 00000928
    48. 00000928
    49. 00000928
    50. 00000928
    51. 00000928
    52. 00000928
    53. 00000928
    54. 00000928
    55. 00000928
    56. 00000928
    57. 00000928
    58. 00000928
    59. 00000928
    60. 00000928
    61. 00000928
    62. 00000928
    63. 00000928
    64. 00000928
    The vector table is just a great big huge list of pointers. The first is the stack pointer loaded into address register 7 upon bootup. I don't know what every single pointer does, but the important ones are the ones at the end. Those are the exceptions (ILLEGAL INSTRUCTION, BUS ERROR, CHK INSTRUCTION, TRAPV INSTRUCTION etc.). In Sonic 2 they point to $200 (hang). However, in Sonic 3D they point to $928 which happens to be the "Congratulations you have found the secret level select".
     
  6. Mustapha

    Mustapha

    A+ Oldbie
    974
    29
    28
    A+
    A PLUS
    Question, how would I go making exceptions load the level select in Sonic 2?
     
  7. LOst

    LOst

    Tech Member
    4,891
    8
    18
    I know I know!

    But I forgot. I did that for perfect chaos once
     
  8. Hayate

    Hayate

    Tech Member
    !!!!!!!!!!

    What pointer makes the game reset?
     
  9. Quickman

    Quickman

    be attitude for gains Tech Member
    5,595
    18
    18
    :x
    omg porjcet
    I guess $206.
     
  10. Hayate

    Hayate

    Tech Member
    *goes to load up S2OP in VC++ to see if that makes a difference to the ol' CPZ bug*

    [edit]
    Hmm. It still hangs, even though I've changed all the $200 pointers to $206. Either that isn't the reset code or something is explicitly telling it to hang.
     
  11. LOst

    LOst

    Tech Member
    4,891
    8
    18
    What bug?