A Story of Z80 Disassembly in the 21st Century
A little over a year ago, I wrote a clone of an ancient (1982) Sinclair ZX Spectrum maze game whilst I was away on holiday for the iPhone for fun. I also eventually did a Mac port (mostly for debugging) and then a Windows port ‘just because’.
I got most for the core functionality done part time in two weeks - and spent a bit of time between other projects over the next few months filling out random bits when I had the time. There are still a couple of bits to do at this stage - but it’s not far off playing very close to the original - in fact, you’d have difficulty telling them apart unless you knew where to look.
I did this without looking at the internals (e.g. by reverse engineering from the binary) so all the code is an untainted ‘copyright-clean’ engineered version. Obviously the graphics, instructions and maps probably have enough originality to still be copyright - other items may or may not - although they all look weaker to me.
One thing that always bugged me was the ‘monster’ movement. In my version I used a straight forward ‘head towards the player’ with a simple wall follower if it’s obvious that’s going to get the monster stuck behind a wall. This worked reasonably - although there were circumstances I wasn’t happy with. I had other ideas like better pathfinding and a flood-fill maze solver like Micromouse robots use.
However, I was always curious how the original code worked for the monster movement - especially as the whole game was just over 6KBytes including graphics and mazes. There are two ways of finding this out:
1. Look at behaviour and try to figure out the algorithms behind it,
2. Disassemble the program and figure out how it works.
The first option looked less easy and fun, and seemed like (since I’d been observing the game for a while) it might not yield the answer accurately.
So this holiday I got a out a tiny & simple Z80 disassembler that was posted online ages ago (and I modified for a different project a while ago), created a string viewer, a graphics viewer and hex viewer and started to convert the binary machine code and data to a human readable format.
Like many of these things, it always takes longer than you think. And maybe just looking at the behaviour would have been faster in hindsight - but I’m not convinced. But I’ve had fun and also started to remember how the Sinclair ZX Spectrum worked, looked up the memory map, system variables, character set, ROM disassembly, various Z80 instructions, etc.
Also the monster movement control code is deeply buried - so at this point I’ve basically converted almost the whole program into human readable assembler instructions with comments and human labels (both for data and code). Also I’ve converted text string data and identified other data as well.
I’ve got the monster movement code analysed (and may do a follow up post with details) - the only bit I haven’t quiet yet got to the demo mode player movement control routine.
It’s always informative looking at other peoples code. You learn things not only about how the program works, but what the design compromises were and even get to guess at how the design process worked.
UPDATE 27Jan2012: Annotated disassembly posted on my page about Gulpman.
I got most for the core functionality done part time in two weeks - and spent a bit of time between other projects over the next few months filling out random bits when I had the time. There are still a couple of bits to do at this stage - but it’s not far off playing very close to the original - in fact, you’d have difficulty telling them apart unless you knew where to look.
I did this without looking at the internals (e.g. by reverse engineering from the binary) so all the code is an untainted ‘copyright-clean’ engineered version. Obviously the graphics, instructions and maps probably have enough originality to still be copyright - other items may or may not - although they all look weaker to me.
One thing that always bugged me was the ‘monster’ movement. In my version I used a straight forward ‘head towards the player’ with a simple wall follower if it’s obvious that’s going to get the monster stuck behind a wall. This worked reasonably - although there were circumstances I wasn’t happy with. I had other ideas like better pathfinding and a flood-fill maze solver like Micromouse robots use.
However, I was always curious how the original code worked for the monster movement - especially as the whole game was just over 6KBytes including graphics and mazes. There are two ways of finding this out:
1. Look at behaviour and try to figure out the algorithms behind it,
2. Disassemble the program and figure out how it works.
The first option looked less easy and fun, and seemed like (since I’d been observing the game for a while) it might not yield the answer accurately.
So this holiday I got a out a tiny & simple Z80 disassembler that was posted online ages ago (and I modified for a different project a while ago), created a string viewer, a graphics viewer and hex viewer and started to convert the binary machine code and data to a human readable format.
Like many of these things, it always takes longer than you think. And maybe just looking at the behaviour would have been faster in hindsight - but I’m not convinced. But I’ve had fun and also started to remember how the Sinclair ZX Spectrum worked, looked up the memory map, system variables, character set, ROM disassembly, various Z80 instructions, etc.
Also the monster movement control code is deeply buried - so at this point I’ve basically converted almost the whole program into human readable assembler instructions with comments and human labels (both for data and code). Also I’ve converted text string data and identified other data as well.
I’ve got the monster movement code analysed (and may do a follow up post with details) - the only bit I haven’t quiet yet got to the demo mode player movement control routine.
It’s always informative looking at other peoples code. You learn things not only about how the program works, but what the design compromises were and even get to guess at how the design process worked.
UPDATE 27Jan2012: Annotated disassembly posted on my page about Gulpman.
posted by RobZed at 9:34 pm
5 Comments:
Can you share more about how you did it? I'm trying to do the same thing with an 1984 game...
Thanks,
D.
Hi, maybe I'll get some time over the weekend to write a blog post.
Let me know what level you are at ... have you disassembled the code - do you need help doing that? Viewed the strings and the graphics?
What machine is this for? Maybe I can be a bit more specific.
Hi!
Until now I just tried different emulators/debuggers to see from which ones I can get the most (zxsp, skoolkit, dz80). But then I realized I need to read more about the ZX Spectrum in order to understand how things work. And I started with some documentation and with a game tutorial.
So, I'm right at the beginning of my quest. The machine for which the game was created is the ZX Spectrum 48k and the game is Serpenti (http://www.worldofspectrum.org/infoseekid.cgi?id=0004403).
Thanks for your time,
D.
My first blog post about disassembling ZX Spectrum Games...
http://zedcode.blogspot.com/2014/03/how-to-disassemble-sinclair-zx-spectrum.html
Hi again!
Thank you for taking the time to write the disassembling series. I can't wait to see the next entries.
In the meanwhile I also did some progress, not with the disassembling, but with understanding some stuff. I managed to read Zaks' book (Programming the Z-80) and now things look much better ;)
Best regards,
D.
Post a Comment
<< Home