API tools faq
paste
atreyu187

Megadrive Rom Hacking: Ledgend of Wukong

atreyu187
Jul 23rd, 2013
312
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.31 KB | None | 0 0
raw download clone embed print report
  1. These are the conclusions from Eke-Eke when he got another dump from another guy by when he implemented support to Legend of Wukong into GenPlusGX:
  2.  
  3. "1) your dump is actually overdumped and should only be 2228224 bytes
  4. (range is $000000-$21FFFF, just as indicated in ROM header), the game
  5. uses a custom checksum routine that covers this area, which means the
  6. data you dumped is correct since the test passes in any emu.
  7.  
  8. 2) 8K of SRAM is mapped between $3C0001 and $3C3FFF (odd address only)
  9. and is tested on startup (the game writes data in this area and expect
  10. same data to be read)
  11.  
  12. 3) Bytes written to low ROM area (the game writes address $E01 but maybe
  13. other addresses work) goes to cartridge custom bank-switching hardware:
  14. - when bit 7 is set (0x80 for example), $200000-$21FFFF (last 128k ROM
  15. bank) is remapped to $000000- $01FFFF (first 128k ROM bank).
  16. - when bit 7 is cleared (0x00 for example), $200000-$21FFFF is mapped
  17. normally.
  18.  
  19. I've yet to figure a patched ROM that could work in any emulator and
  20. flashcarts as they are actually two things to fix:
  21.  
  22. (1) many emulators (like Kega I think) and flashcarts only support SRAM
  23. mapped at $200000-$20FFFF. I don't think this is fixable since it would
  24. require too many modifications to the code to change the SRAM access
  25. routines so the only solution would be to use flashcarts or emulators
  26. that properly use info from the ROM header and support SRAM mapped to
  27. any address (Regen apparently does since it does not give me a SRAM
  28. error with this ROM), will try Everdrive when I have the time
  29.  
  30. (2) once $E01 has been written to trigger bank-switching, all memory
  31. access, jump, etc... to $200000-$21FFFF should be patched to use
  32. $000000- $01FFFF instead. The problem is that it can be complicated to
  33. find all locations in code where absolute addresses need to be patched.
  34.  
  35. And here are the patches to the game work in any emulator:
  36.  
  37. 000414:4E71
  38. 000416:4E71 ; bypass SRAM check on startup (only needed for emulators, like Fusion, or flashcarts that do not support SRAM to be mapped in unusual region like $3c000-$3c3fff)
  39.  
  40. 20777A:4E71 ; bypass checksum routine
  41.  
  42. 007730:000F
  43. 0FE17E:0000
  44. 0FFF20:000F
  45. 0FFF2E:000F
  46. 01C5BC:0010
  47. 007596:0010
  48. 0FFF8C:0010 ; bypass ROM bank-switching (maybe there are more ?)"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!