Any interest in a CPC reverse engineering tool?

[crabfists]

I'm working on porting Spectrum Analyser to the cpc. It's a combination of interactive disassembler, emulator and debugger. It's designed to make the job of reverse engineering games easier and is quite fun to use. I didn't write the original tool. I'm just doing the cpc port.

The cpc version is still in the early days but hopefully I can share something in the future. I didn't have much knowledge of the cpc hardware when I started a few weeks ago so it's been fun to learn how the machine works. I had a cpc as a kid though, so I have an adequate amount of nostalgia that always helps drive a project.

I've mostly figured the screen out, although some demos do things with the crtc that my logic doesn't deal with. For example, anything that sets the raster lines per character (R9) to 1.

One of the features of the tool is, you can click on any character on the screen and it will be able to tell you which code wrote to that memory address. It makes finding the graphics routines very easy.

There is also a graphics view that helps you find graphics. This is not fully working yet.

In the built in disassembler you can rename routines, add comments etc.

There are loads more features. Check out the link above for more details. There is a Youtube video showing the Spectrum Analyser in action, which is great for getting an idea of what it can do.

Would there be any interest from users here?

Here are some screenshots of the progress of the cpc port.

You cannot view this attachment.

You cannot view this attachment.

[andycadley]

Yeah, been thinking something like this could be cool for the CPC but rarely have the time. The things that SkoolKit can do for reverse engineering Speccy games is pretty interesting too.

[SyX]

Would there be any interest from users here?

Yes!

I have been following the thread in spectrum computing and I like what I saw.

Until now I was using a mix of emulators, disassemblers, a patched skoolkit and a few of my own tools. Then I am always,open to a much more integrated solution.

In case that you have any doubt about the CPC hardware, only ask.

[Animalgril987]

I am also interested 

[Richard_Lloyd]

A big YES from me!

[roudoudou]

you may use Winape Session replay to make an almost full walkpath in the game, then you are pretty sure the emulator will execute all he has to do
by tagging memory address of executed opcodes, you will have all code zone (data is everything else)

[robcfg]

Definitely!

I like that it can be compiled on Windows, Mac and Linux, thank you very much!

ImGui does bring some serious benefits to the table even at the expense of making all the apps done using it look the same.

I'm trying to compile the C64 analyser on my Mac, but I'm encountering some problems. The ZX Spectrum one went without a hitch!

So yes, I think it would be wonderful to have a CPC one! (On a side note, it would be awesome to have Atari 8-Bit and Dragon computers too, but that is just a wish   )

Keep up the good work!

[GUNHED]

It would be great to have such kind of tool(s) on the real CPC. 

[SyX]

you may use Winape Session replay to make an almost full walkpath in the game, then you are pretty sure the emulator will execute all he has to do
by tagging memory address of executed opcodes, you will have all code zone (data is everything else)

In speccy is very common that, because they have defined ONE standard for recording sessions (.rzx). Then a few emulators support the generation of execution logs or memory logs that can identify code from data (and mark self-modify code too) using those RZX files.

They even have a public repository with RZXs for every important zx game, and those RZXs are used for filling ONE youtube channel with zx longplays. And that doesn't invalidate that other people can create their owns longplays in their own channels, but there is central repository and there will be always one repositry for it.

In CPC, it looks impossible that we can agreed in basic things like that. Things that can help to the platform and the community to give one voice when something important is needed.

But well, maybe I am really wrong and all CPC emulators will support the session record format (.snr) for converting it in a real standard in the CPC; then maybe, then, a few CPC emulators will generate those execution logs that they could be used with tools like this or other disassemblers.

[crabfists]

Yeah, been thinking something like this could be cool for the CPC but rarely have the time. The things that SkoolKit can do for reverse engineering Speccy games is pretty interesting too.

I don't have time either!   Agree, Skoolkit is amazing. Would be nice to have a CPC equivalent. 

Spectrum Analyser exports Skoolkit files, which is handy, because then you can do things like convert into html for browsing disassemblies online, and also easily assemble back into a working tap/sna file.

[crabfists]

Would there be any interest from users here?

Yes!

I have been following the thread in spectrum computing and I like what I saw.

Until now I was using a mix of emulators, disassemblers, a patched skoolkit and a few of my own tools. Then I am always,open to a much more integrated solution.

In case that you have any doubt about the CPC hardware, only ask.

An all-in-one tool that can replace (or complement) other tools is the idea, yes. As I said in the first post, I am not the creator of the Spectrum Analyser. The credit to that goes to an old friend of mine. He did 99% of the work and came up with the original idea. The code is platform agnostic so I'm just adapting the framework to support the CPC. Sharing the same Z80 CPU is obviously an advantage.

Thanks for the offer of help with CPC hardware questions. I will let you know

[crabfists]

you may use Winape Session replay to make an almost full walkpath in the game, then you are pretty sure the emulator will execute all he has to do
by tagging memory address of executed opcodes, you will have all code zone (data is everything else)

Interesting idea. The CPC Analyser tool does mark memory addresses as code when it executes them, but you would need to play the whole game in the tool to find all of the code. We could import Winape session replay files I to the tool but that would probably only really be worth doing if there existed publically available previously created replay files of full walkthroughs of games?

[crabfists]

Definitely!

I like that it can be compiled on Windows, Mac and Linux, thank you very much!

ImGui does bring some serious benefits to the table even at the expense of making all the apps done using it look the same.

I'm trying to compile the C64 analyser on my Mac, but I'm encountering some problems. The ZX Spectrum one went without a hitch!

So yes, I think it would be wonderful to have a CPC one! (On a side note, it would be awesome to have Atari 8-Bit and Dragon computers too, but that is just a wish  )

Keep up the good work!

I can't take credit for the cross platform code. The main developer did all that. 

ImGui does have its limitations but in general it's amazing. The tool wouldn't be as complete as it is without it.

Send me a PM regarding the c64 version not building, or put a bug on the GitHub page.

Agree, other platforms would be awesome. I'd love to see PC Engine or NES personally. Currently it's using the platforms supported by the CHIPS emulator framework. None of the platforms mentioned above are supported unfortunately, so they would be quite a bit more work.

[WacKEDmaN]

this is looking cool... reminds me alot of tiny8bit with UI... just with some extras (oh i see you mention CHIPS framework!)
https://floooh.github.io/tiny8bit/cpc-ui.html

[andycadley]

you may use Winape Session replay to make an almost full walkpath in the game, then you are pretty sure the emulator will execute all he has to do
by tagging memory address of executed opcodes, you will have all code zone (data is everything else)

Interesting idea. The CPC Analyser tool does mark memory addresses as code when it executes them, but you would need to play the whole game in the tool to find all of the code. We could import Winape session replay files I to the tool but that would probably only really be worth doing if there existed publically available previously created replay files of full walkthroughs of games?

I guess it depends on how well documented WinAPE's session recordings are (and how portable?) If it was something that could be usable across multiple emulators (as RZX file kind of are) then I don't think crowd sourcing a collection of play throughs would be that hard. Playing games is definitely the easy bit. 

[zhulien]

Does this tool show the covery of memory accesses? i.e. reset the covery graph, run some option, and see what bits of memory were covered?  Might not be the most useful thing for eg. a game that really might only have a simple gameloop and some complicated rendering code, but it definitely makes sense for some serious software, e.g. choose a menu option in Discology and see what code was executed and what memory was read.

[robcfg]

Agree, other platforms would be awesome. I'd love to see PC Engine or NES personally. Currently it's using the platforms supported by the CHIPS emulator framework. None of the platforms mentioned above are supported unfortunately, so they would be quite a bit more work.

That's some project to contribute too, as your analyser tools are way too useful to not try to add more platforms.

Send me a PM regarding the c64 version not building, or put a bug on the GitHub page.

Coming soon!

[lmimmfn]

This would be great, the main obstacle currently is distinguishing between executable code and data which should easily be got from an emulator and PC memory visits.

I would love this.

[robcfg]

Send me a PM regarding the c64 version not building, or put a bug on the GitHub page.

Done! https://github.com/TheGoodDoktor/8BitAnalysers/issues/5

[crabfists]

Sorry for the lack of updates. Progress has been continuing - albeit slowly. I'm hoping to put an alpha build up soon. Functionality will be limited to CPC 464 machine support, because the bank switching of 128k mode was adding complexity I don't want to deal with at the moment.

I merged in the latest code from Spectrum Analyser which means we get the new Event Viewer, which already looks useful. It will record various events such as keyboard reads, crtc register usage, screen writes etc. It can provide extra context like which keys were read or which crtc register was written/selected/read.

You cannot view this attachment.

[SpDizzy]

Thanks so much for giving updates on development of this wonderfull tool, looks very promising! Really looking forward for that alpha build

[zhulien]

Definitely. One thing I would like to see too is a code /data coverage monitor. E.g. if you run a function,  it tracks which memory executed code, but also tracks separately memory that stack operations went to as well as memory read/writes.  This allows for a better guess and also fantastic debugging too as to whst is happening. E.g. clear tracking, enable tracking, disable tracking, load and save tracking data for repeated analysis.  Choose tracking blocks to be disassembled as either code or data.  If you also monitor I/O then you can also track memory bank usage.

We should be able to annotate address ranges with the tracking data, separate clear annotation functions than tracking.

[dragon]

Laser squad sound good candidate to test It .

[crabfists]

Laser squad sound good candidate to test It .

Oooh, yes. That is on my list too.  

[dragon]

Laser squad sound good candidate to test It .

Oooh, yes. That is on my list too.

I think i little forward. I have dissasmbly the level parts from years ago. But in a notepad. but i left the Game part anyway  i have created even a pair of levels ported from russian guys.