Skip to content

Tooling for reverse engineering

Jump to bottom Edit New page
Pierre de La Morinerie edited this page Jul 5, 2020 · 3 revisions

BGB

BGB is a really nice GameBoy emulator, with a powerful debugger. It can set breakpoints on code and on memory access, and help you track the execution of the code.

BGB is originally written for Windows, but it works also well on macOS and Linux using Wine.

Here is how to use BGB for reverse-engineering the game:

  1. Compile the game (make all).

    It produces game.gbc (a compiled rom identical to the original) and more importantly game.sym, the debug symbols.

  2. Open game.gbc in the BGB emulator.

  3. Open the debugger, and jump to the 0000:0150 address. You'll see a function named Start. Notice how BGB knows the name of this function from the debug symbols.

  4. You can now trace the execution of the code, set breakpoints, watchers, edit the memory, etc.

awake (for reading the code)

Awake is a static GameBoy assembly explorer, specially tuned for exploring ZeldaGB and ZeldaDX. It allows to identify functions, loops, and to jump easily from functions to function. It makes much easier to follow the flow of the code and data during the game.

The tool was initially developed by @devdri. @kemenaran is currently writing some improvement to this tools, so that it can read debug symbols (otherwise no functions are labelled), and label functions from within the explorer.

mgbdis

mgbdis is a powerful Game Boy disassembler. It produces high-quality and compilable disassembly.

This tool can't infer which locations are data, but is still produces a very good starting point for disassembling a new bank.

See tools/generate-disassembly.sh for how LADX configures and uses mgbdis.

Add a custom footer
Add a custom sidebar
Clone this wiki locally