Skip to content

Function C1 6A08

Jump to bottom Edit New page
Clément Gallet edited this page Mar 23, 2015 · 1 revision
  • Execute a indirect JML opcode which fetches the 24-bit value of $C0:EB6A and jump to it
  • Ironically, this address is a perfectly valid ROM address ($C0:80E0)
  • However, this weird execution flow messes up the stack, and the game eventually executes an RTL opcode
  • The game travels through $f6b720 then to $641095 where it executes a very long transfer
$C1/6A08 FF D0 05 A9 SBC $A905D0,x
$C1/6A0C 06 4C       ASL $4C
$C1/6A0E DC 6A EB    JML [$EB6A][$C0:80E0]

c080e0 asl a                  A:003d X:003e Y:0c00 S:15e1 D:0000 DB:7e NvMxdIzc V: 90 H: 414
...
c00514 rts                    A:0000 X:0100 Y:0000 S:15e0 D:0000 DB:7e nvMxdIZC V:118 H:1024
c0c1af pla                    A:0000 X:0100 Y:0000 S:15e2 D:0000 DB:7e nvMxdIZC V:118 H:1064
c0c1b0 rtl                    A:0001 X:0100 Y:0000 S:15e3 D:0000 DB:7e nvMxdIzC V:118 H:1090
f6b720 and $82c0fd,x [82c1fd] A:0001 X:0100 Y:0000 S:15e6 D:0000 DB:7e nvMxdIzC V:118 H:1308
f6b724 phd                    A:0000 X:0100 Y:0000 S:15e6 D:0000 DB:7e nvMxdIZC V:118 H:1338
f6b725 sbc [$08],y   [000000] A:0000 X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIZC V:119 H:   2
f6b727 cmp $fe0120,x [fe0220] A:0000 X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIZC V:119 H:  46
f6b72b cmp $aff25d   [aff25d] A:0000 X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIzc V:119 H:  76
f6b72f bvc $b6c5     [f6b6c5] A:0000 X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIZC V:119 H: 106
f6b6c5 cmp [$87]     [000000] A:0000 X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIZC V:119 H: 124
f6b6c7 and $fc82c7,x [fc83c7] A:0000 X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIZC V:119 H: 168
f6b6cb adc $094cfe,x [094dfe] A:0000 X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIZC V:119 H: 198
f6b6cf ora $fb1f,x   [7efc1f] A:000a X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIzc V:119 H: 228
f6b6d2 asl $06       [000006] A:000a X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIzc V:119 H: 260
f6b6d4 bit $0a,x     [00010a] A:000a X:0100 Y:0000 S:15e4 D:0000 DB:7e nvMxdIZc V:119 H: 294
f6b6d6 plp                    A:000a X:0100 Y:0000 S:15e4 D:0000 DB:7e nVMxdIZc V:119 H: 320
f6b6d7 plp                    A:000a X:0100 Y:0000 S:15e5 D:0000 DB:7e nvmxdizc V:119 H: 346
f6b6d8 sei                    A:000a X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdizc V:119 H: 372
f6b6d9 sei                    A:000a X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 384
f6b6da rtl                    A:000a X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 396
641095 ora $f2,x     [0001f2] A:000a X:0100 Y:0000 S:15e9 D:0000 DB:7e nvmxdIzc V:119 H: 438
641097 ora #$1162             A:006a X:0100 Y:0000 S:15e9 D:0000 DB:7e nvmxdIzc V:119 H: 476
64109a phy                    A:116a X:0100 Y:0000 S:15e9 D:0000 DB:7e nvmxdIzc V:119 H: 500
64109b and $b4       [0000b4] A:116a X:0100 Y:0000 S:15e7 D:0000 DB:7e nvmxdIzc V:119 H: 530
64109d phk                    A:0002 X:0100 Y:0000 S:15e7 D:0000 DB:7e nvmxdIzc V:119 H: 602
64109e and $72b590   [72b590] A:0002 X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 624
6410a2 adc ($f4,s),y [7e0000] A:0002 X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 672
6410a4 ora [$e8],y   [0004a0] A:0002 X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 732
6410a6 txa                    A:e0e2 X:0100 Y:0000 S:15e6 D:0000 DB:7e NvmxdIzc V:119 H: 788
6410a7 bcs $10a2     [6410a2] A:0100 X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 802
6410a9 lda #$bb9a             A:0100 X:0100 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 818
6410ac ldx $67,y     [000067] A:bb9a X:0100 Y:0000 S:15e6 D:0000 DB:7e NvmxdIzc V:119 H: 842
6410ae mvp $32,$ee            A:bb9a X:5300 Y:0000 S:15e6 D:0000 DB:7e nvmxdIzc V:119 H: 880
6410ae mvp $32,$ee            A:bb99 X:52ff Y:ffff S:15e6 D:0000 DB:ee nvmxdIzc V:119 H: 928
...
Add a custom footer
Add a custom sidebar
Clone this wiki locally