OpenMSX has "Step into", "Step over", "Step out" and "Run to" commands. It would be nice to have a skip command too. This would allow you to just skip the current instruction.
Also, it would be very good to have skippoints. Those would act much like breakpoints, but instead of {debug break} it would issue an skip command, to skip that instruction.
The usefulness of this feature is: When I'm trying to find a certain routine inside a game, I use the "know down method". This is, I NOP over all the suspected CALLs that could lead to the routine being searched.
But currently this is done by hexediting the file, booting the emulator, testing, closing the emulator, going back to the hexeditor, replacing the wrong guesses, NOPing new ones and so on. A very time-consuming process. If I could just mark the suspected CALLs to not be executed, this process would be incomparably faster.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've looked at some other debuggers. Most don't have a 'skip' command. Instead they offer a 'set execution position' command. This is much like the 'run to' command, but it just sets the PC register, it doesn't actually execute the code. (Both 'run to' and 'set exec pos' are available in the context menu, when you right-click on an instruction).
So 'set exec pos' is more general than 'skip'. But 'skip' is easier to use when you prefer to control the debugger with the keyboard only.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You're right, but there are two possible use cases for the skip instruction feature:
1) The case you mentioned: Quick skip of a instruction by using the keyboard. Very handy for fast debugging, if used in association with the already existing keyboard shortcuts.
2) Reverse engineering by knock-down. In this case, you want to let the game run freely (F9 key on the debugger), but without with some routines (mainly CALLs) you marked to be skipped. The user in this case would act like this:
2.1) Find the piece some area of the code he suspects that has the routine he is searching for
2.2) Mark all the possible routines for auto-skipping (just like we mark them for breakpoints currently)
2.3) Continue the execution of the program, which will now run with those routines disabled
2.4) See if the expected behavior (scrolling a background, for example) is disabled
2.5) If not, repeat the process on another set of routines.
2.6) If yes, select only half of the routines to narrow the possibilities and repeat the process until you find the exact routine
Currently the use-case (2) can only be achieved either by hexediting the program externally or by issuing a lot of debug write commands directly on openMSX console. Both are slow and nonproductive compared to the mark-for-autoskip scenario.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think this automatic skipping of instructions is a very specific feature (I've never heard of other debuggers with a feature like this). But it's exactly for these very specific use-cases that we added a scripting language into openMSX, so you can implement stuff like this yourself.
I just implemented a 'skip_instruction' Tcl proc (only 2 lines long) (committed in revision 9356). With this proc you can now do things like:
debug set_bp 0x93 {} skip_instruction
This example will skip the WRTPSG BIOS call (instead it will execute RDPSG). So this disables sound in games that use the BIOS to write to the PSG registers ;-)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Also, it would be very good to have skippoints. Those would act much like breakpoints, but instead of {debug break} it would issue an skip command, to skip that instruction.
The usefulness of this feature is: When I'm trying to find a certain routine inside a game, I use the "know down method". This is, I NOP over all the suspected CALLs that could lead to the routine being searched.
But currently this is done by hexediting the file, booting the emulator, testing, closing the emulator, going back to the hexeditor, replacing the wrong guesses, NOPing new ones and so on. A very time-consuming process. If I could just mark the suspected CALLs to not be executed, this process would be incomparably faster.
Typo: Where it reads "know down method", it should be read "knock down method"
I've looked at some other debuggers. Most don't have a 'skip' command. Instead they offer a 'set execution position' command. This is much like the 'run to' command, but it just sets the PC register, it doesn't actually execute the code. (Both 'run to' and 'set exec pos' are available in the context menu, when you right-click on an instruction).
So 'set exec pos' is more general than 'skip'. But 'skip' is easier to use when you prefer to control the debugger with the keyboard only.
You're right, but there are two possible use cases for the skip instruction feature:
1) The case you mentioned: Quick skip of a instruction by using the keyboard. Very handy for fast debugging, if used in association with the already existing keyboard shortcuts.
2) Reverse engineering by knock-down. In this case, you want to let the game run freely (F9 key on the debugger), but without with some routines (mainly CALLs) you marked to be skipped. The user in this case would act like this:
2.1) Find the piece some area of the code he suspects that has the routine he is searching for
2.2) Mark all the possible routines for auto-skipping (just like we mark them for breakpoints currently)
2.3) Continue the execution of the program, which will now run with those routines disabled
2.4) See if the expected behavior (scrolling a background, for example) is disabled
2.5) If not, repeat the process on another set of routines.
2.6) If yes, select only half of the routines to narrow the possibilities and repeat the process until you find the exact routine
Currently the use-case (2) can only be achieved either by hexediting the program externally or by issuing a lot of debug write commands directly on openMSX console. Both are slow and nonproductive compared to the mark-for-autoskip scenario.
I think this automatic skipping of instructions is a very specific feature (I've never heard of other debuggers with a feature like this). But it's exactly for these very specific use-cases that we added a scripting language into openMSX, so you can implement stuff like this yourself.
I just implemented a 'skip_instruction' Tcl proc (only 2 lines long) (committed in revision 9356). With this proc you can now do things like:
debug set_bp 0x93 {} skip_instruction
This example will skip the WRTPSG BIOS call (instead it will execute RDPSG). So this disables sound in games that use the BIOS to write to the PSG registers ;-)
Thanks Wouter!
I assure you this script will be used a lot. (as soon as I can get a revision-9356 binary...)
You don't need a new binary, just an updated version of the script
<openmsx>/share/scripts/disasm.tcl
You can get it for example here:
http://openmsx.svn.sourceforge.net/viewvc/openmsx/openmsx/trunk/share/scripts/disasm.tcl?revision=9356
Or if you use SVN, just do an update, no need to recompile.
Thanks!! I'm using it right now! :)
This was already fixed a few months ago, but we forgot to close the report. I'm closing it now.