Music Ripping

From Wiki - GameHacking.org
Revision as of 04:26, 29 October 2014 by Dlevere (talk | contribs) (External links)
Jump to: navigation, search

This is just a basic set of quick-start info for getting into any given format that someone is willing to provide information for.

It's not meant to be comprehensive, but just informative enough to give you something to quickly refer to until you can easily recall the basic information for actually finding the addresses.

Debugger-specific information can normally be found on the Assembly Hacking page.

I use the following code set distinctions:
Sound Init (Basic register initialization. Often close to Song Init and/or Play address. Not all games use a distinctive Sound Init. Some run Play once or several times before running Song Init to achieve Sound Init)
Song Init (If you feed this address the right number in the right register, sounds or music are played by the Play routine)
Play (Executes the sound generation code, also good if you enter this by using sound registers and find RAM addresses related to sound to breakpoint for Song Init)

NES - NSF (Nintendo Sound Format)

I suggest FCEUXDSP: Assembly_Hacking#FCEU

$4000-$4009 = Sound Registers (Good for finding Play)
$4010-$4013 = DMC / DPCM (This is a tricky addon. References info from $C000-$FFFF, and FCEUXDSP won't catch it reading this data unless you break on writes to $4012 for the start position '0x40 * value + 0xC000' and/or $4013 for length '(0x10 * value) + 1')
$4015 = Channel Select (Good for finding Sound Init, sometimes Play)
$4017 = Frame Cycle/Interrupt (If this is written once, write it once in the NSF with the value written. If it's written once for every time play is run, do that in the NSF. Match in the NSF any setup used in the original game. Games sound a bit off if you don't, and you might not notice on your own)

Gameboy - GBS (Gameboy Sound Format)

I suggest BGB: Assembly_Hacking#BGB

$FF24 = Volume (Good for finding Sound Init, sometimes Play)
$FF25 = L/R (00 often means a failed init. Visible in BGB)
$FF26 = Channel On/Off (00 often means a failed init. Visible in BGB)

$FF13 = A good register to find Play with (Try $FF18/$FF1D/$FF22 if it doesn't break on $FF13)

$FF10-$FF23 Sound Register spread

PC Engine / Turbo-Grafx 16 - HES (Hudson Entertainment System)

I suggest Mednafen: Assembly_Hacking#Mednafen

Source for below

$0800 = Voice Select (Good for sound init)
$0801 = Main Volume (Probably also good for sound init)
$0802 - Frequency (low)
$0803 - Frequency (high)
$0804 - Channel on/dda/volume - voice-dependent register
$0805 - Pan volume ('balance') - voice-dependent register
$0806 - Wave data
$0807 = Note Frequency (Good for finding Play, which is itself good for finding Song Init by matching up to Sound RAM Addresses)
$0808 - LFO Frequency
$0809 - LFO Control

N64 - USF (Ultra 64 Sound Format)

I primarily suggest NEmu64: Assembly_Hacking#Nemu64

This is a considerably different bag of tricks to use.

I've written out a decent guide, and even put together some tool modifications to make the job easier. Check out usfbegin.txt for more in-depth info. The folder with this info is here

AM_RANGE(0x04500000, 0x045fffff) AM_READWRITE(n64_ai_reg_r, n64_ai_reg_w) // Audio Interface

04500004 = When you hit this, step out until you're in an infinite loop, and you should be in the Play thread. Mark it down as such, so you know not to disable it completely.

If you break on the opcode "ERET", then you can fairly easily build a list of threads to crash-test, until you've killed off all of them that won't kill the music.

Finding music inits is considerably tougher in N64 coding. I usually brute-force my way. Play through the Play routine to find RAM, use File2File methods, sometimes both... Not exactly a walk in the park, but it's the best I've found, and it's just for the Init code that this needs to be done. Sound Tests make this a lot easier, because the value has to get from the temporary one in RAM to the sound routine in some fashion, and the temporary one used in a sound test is considerably easier to find with File2File and track through code than the pure coding method is.

04040010 is written to for DList events. In Kirby64, it uses 00002B00 for this. This can help you remove graphics processing code. Note that not all writes to this are for graphics, and can crash the music if accesses are just outright removed.

External links