I love the PCE and figured I’d share some of the things I’ve been learning about it. So my next couple of posts will be about different things I’ve learned. For any PCE hacking I wholeheartedly recommend Mednafen. One thing I noticed that is not documented though is that if you hit L on the debug screen (hit ALT + D, ALT + 1) it’ll bring up a window where you can type in the file name you want to trace out to. Very useful feature as I find it easier to look at a trace then at a debug screen when first analyzing something. Anyways, on to the whole point of the post…
For our example, were looking at Tengai Makyou Ziria. For TMZ, it’ll load into one of the MPRs the bank location in RAM it wants to write to (in my case it was MPR5, I’m not sure if it matters, although it did load MPR6 with the next bank). You then call the subroutine at 0xE009. In your trace you can then look for reads from location 0x1808 or just search for the location in the MPR it’s writing too (in my case I looked for 0xA000).
One thing I’ll check into and look for is if you can specify how many blocks to load as it loads in 0x800 (2048) blocks. I’ll update this later when I find out…