Debugger

Debug ››
Parent Previous Next

Debugger



Introduction


The debugger is a tool for inspecting and manipulating machine instructions and their execution. The debugger window has several components:



Execution and CPU State


Execution is controlled by a series of buttons at the top-middle of the window. These allow you to break (pause) execution and inspect the current state of the NES.


When an NES ROM is opened, it will be normally be running. Most of the debugger window does not update while the game is running. To begin debugging you may click one of the buttons that will break (pause) execution, such as "Step Into", or add a breakpoint.



The Pause hotkey will break execution or resume it. The Frame Advance hotkey will run the emulator for one frame then break.


When execution is paused, the disassembly view will begin with the memory at the current program counter location (PC) at the top of the window. You can scroll the disassembly up or down to observe the code. Then you can click "Seek PC" to return to the program counter at any time.


You can also use "Seek To" button that will navigate to the specified address. Either type a hexadecimal address to the text field or simply left-click on any address in the Disassembly window.

When entering the address, these convenient strings may be used instead of the hexadecimal memory address:


NES special addresses:


FDS special addresses:


NSF special addresses:



While execution is broken, the program counter (PC) can be edited, as well as the three registers A/X/Y, and the status flags. Normally they should be left as-is, but changing them at runtime can be useful for more advanced debugging.


The contents of memory starting at the stack pointer (somewhere in the range $0100-01FF) is displayed in the Stack frame below the A/X/Y registers.


The current PPU memory address, sprite memory address, scanline, and rendering pixel are displayed below the stack and status flags.


Examples of Scanline number: -1 it means Prerender time, 240 is Idle scanline, 0-239 are visible scanlines, 241-260/310 are VBlank scanlines.


To the right from PPU section there's Cycles counter and Instructions counter that keep counting while the game is running. You can use the information for keeping statistics, for code profiling or writing PPU-synchronized code (e.g. raster effects). You can also make the debugger break automatically based on the counters values. The "Reset counters" button resets both counters to 0.



Disassembly


This large frame takes up the left side of the debugger window. It displays the current contents of memory accessible by the CPU with an automatic disassembly of that data into assembly instructions. The following memory ranges may contain useful data for inspection:



Memory contents are displayed in this form:


0F:C0A8:24 1F     BIT $001F = #$80

bb:mmmm:dd dd dd  iiiiiiiiiiiii...



When debugging an NSF program, the bank designation will be a 4k NSF bank instead of the 16k iNES bank.


A single instruction may be one to three bytes, and will all appear on the line before the assembly code description of that instruction. An instruction with "= #$xx" at the end indicates the value currently in memory at the address referenced by the instruction.


Hovering the mouse over the disassembly will display at the bottom of the window more detailed information about the location of this code in the iNES file.


There is an empty column to the left of the memory view. Left clicking on this column will open the Inline Assembler, which allows you to patch the ROM at runtime. Right clicking on this column will open the Hex Editor, which allows you to directly edit the ROM. Middle-clicking on this column will bring up the Game Genie Encoder at that address, so you can easily make Game Genie codes.



Breakpoints


Breakpoints will break execution when chosen conditions are met. To create a breakpoint, click the Add button in the BreakPoints frame in the upper right corner of the debugger.


Each breakpoint has an address range to watch (use only the left address field if you wish to watch a single byte address). When entering the address of a breakpoint, you can also use convenient strings (such as IRQ) instead of hexadecimal memory addresses.


Check one or more of the options to watch for Read, Write, or Execute at an address. Note that fetching of code from an address will not break as a Read; use the Execute box for this. Breakpoints can be given a name that will appear in the breakpoint window. The condition field can be used to break only on particular conditions; see "Conditional Breakpoints" below.


Double click on a breakpoint in the BreakPoints list to quickly disable or enable it. So you don't have to delete breakpoints to stop them from causing the debugger to halt the game.


A special kind of breakpoints with the Forbid option will prevent any breakpoints from occurring within the specified memory address range. This can be enabled and disabled like other breakpoints.


A quicker way to add PC breakpoints is to double click on any address in the Disassembly when you want to set the breakpoint to that address. Example: when you need to quickly advance emulation to a given line of code, double-click on the address part of the line, and the "Add Execute breakpoint here" dialog will appear, click "OK" and then hit "Run", Debugger will break at this line of code.


There is also an option to "Break on Bad Opcode" which will halt execution if a bad instruction opcode is reached.


Finally, you can make the debugger break after certain number of instructions or CPU cycles.


More advanced conditions and automation may be achieved through Lua script breakpoints. See the Lua reference for more information.


Breakpoints are listed in the following form:


aaaa: EmRWXF : nnnn

aaaa-aaaa: EmRWXF : nnnn




Conditional Breakpoints


Breakpoints may also have a conditional statement that causes them to execute only if that statement evaluates to true. The conditional breakpoint grammar has this form:



The parser is very strict. All numbers are hexadecimal. Always prefix a number with # for an immediate value, or $ for a memory address. If a memory address needs to be calculated use $[] with the calculation inside the brackets.


Registers A/X/Y are 8-bit unsigned values. Register P is the 16-bit program counter.


Flags evaluate to 1 if set, 0 if clear.


Connecting operators || or && combine boolean terms. Parentheses dictate order of operations.


Example conditions:


Break if register A is less than value at memory address $0005:

A < $0005


Break if the program counter is 8123:

P == #8123


Break if the value at the indirect address on zeropage $10 is not equal to FF:

#FF != $[$10+($11*#100)]


Break if flag N is clear or A is not equal to 00:

(N==#0 || A!=#0)



Bookmarks


A list of bookmark addresses can be kept in the Address Bookmarks frame to make memory navigation easier. Simply type a hexadecimal address (or a convenient string, such as "NMI") and click "Add" to add it to your bookmarks. Alternatively, just click on any address in the Disassembly window, and the address will appear in the Bookmark Add field, so you don't have to type it.

Next time you wish to go to this address just double click on the bookmark.

You can also name bookmarks.

When you exit the emulator, bookmarks are saved in a .deb file. Next time you return to debugging the list of bookmarks will be automatically loaded from the file.



Inline Assembler


Open the inline assembler by left-clicking in the empty column to the left of the memory view.


The starting memory address is displayed in the PC field at the top of the inline assembler window. Type a line of assembly to add in the empty field just below this, and hit enter. The assembled code of your patch will appear below as you enter each line.


Click Apply to apply your patch to the ROM in memory. Click Undo to remove the last assembled line. After applying a patch, clicking Save will allow you to save this patch directly to the ROM file.



Symbolic Debugging


This feature makes it possible to rename addresses in the disassembly window (e.g. $C022) to easily understandable names (e.g. AddHealthpoints). You can also add comments to lines in the disassembly window. You can enable symbolic debugging by clicking the checkbox "Symbolic debug".


To use this feature, create "name list files" in any text editor like Notepad (Filename should be like this: *.(bank).nl / *.ram.nl, Example: NES Test Cart (PD).nes.0.nl, NES Test Cart (PD).nes.ram.nl) which contain names and comments you wish to display in the disassembly window. These files are simple ASCII text files.


Example of contents of a NL file:


$C000#NewName1#Comment1

$C002##Comment2

$C004#NewName2#

$C006#NewName3#MultilineComment-Part1

\MultilineComment-Part2

\MultilineComment-Part3

$C008/10#NewName4#


Every line contains two # characters which separate the three parts of one line: The first part (starting with a $ character) is the address to be renamed. Optionally you can add a "/number" part which marks the offsets as a beginning of an array of the given size (the size must be specified in hex form). The second (optional) part is the new name of that address. Whenever the line of that address is shown in the disassembly window an extra line saying "Name: NewName" is shown above it.  Instructions referencing this address, for example JSR $C000 are also changed to JSR NewName1 (in that example).  The third (optional) part is the comment that's also added above the disassembly line the comment refers to. It works exactly like the additional name line, only the prefix of that line is different. Comment lines start with "Comment: " rather than with "Name: ".  Multi-lines comments are possible. Lines starting with a \ character are just appended to the comment of the preceding line. Multi-line comments are also shown in multiple lines in the disassembly window.


In the example above, the first line contains all three parts. Using this NL file all references to the address $C000 are replaced with NewName1 and whenever line $C000 is shown in the disassembly window an additional comment is also visible right above the actual disassembled line. The second example line defines only a comment while the third line defines only a name. Following that there's a multi-line comment definition for address $C006. The last line defines an array called NewName4 of size 0x10 (= 16) bytes starting at offset $C008.


NL files must follow a specific naming convention to account for bank swapping. Each bank needs its own NL file with a hexadecimal bank number. RAM can also be given its own NL file. For instance, an NES file named "mygame.nes" that has 4 banks would have these NL files:


mygame.nes

mygame.nes.ram.nl

mygame.nes.0.nl

mygame.nes.1.nl

mygame.nes.2.nl

mygame.nes.3.nl


All NL files must be in the same directory as the ROM file itself.


In the *.ram.nl file you can name and comment RAM addresses instead of ROM addresses. In this case, you might use a line such as:


$00A5#Mic Test OK#00=Not Passed, 01=Passed


To reload the NL files of the currently active ROM file press the "Reload Symbols" button.


When the "Symbolic debug" option is enabled, both the Debugger and Hex Editor will display symbolic names instead of specified addresses, so the debugging process becomes much easier.



Other


If the ".DEB files" checkbox in the lower right corner of the debugger window is checked, the emulator will automatically save debug settings such as breakpoints and bookmarks in a .deb file alongside the NES ROM, and load these settings next time you open the ROM.


There is a "Rom Patcher" button that may be used to apply a small patch to a ROM.


The "ROM offsets" option will display ROM offsets instead of CPU addresses in the Disassembly window.


The "Restore Original Window Size" button will restore the original size of the debugger window if you resized it manually.


The "Auto-open" checkbox causes the debugger window to open automatically whenever an NES ROM is opened.





Created with the Personal Edition of HelpNDoc: Full-featured EBook editor