If you'd like to support our preservation efforts (and this wasn't cheap), please consider donating or supporting us on Patreon. Thank you!
User:Andlabs/68000 ROM guide
This should go in Guides but I'm not sure where
Most, if not all, game systems that use the MC68000 as a main CPU run the game as a 68000 boot ROM, meaning you'll need to understand how a 68000 boot ROM is laid out. After the boot ROM, games will usually have a console-specific header that could also be interpreted (for instance, in the Neo-Geo's case, the four entry points to the game program are here).
All address ranges given are inclusive.
The 68000 Vector Table
The first $100 bytes of a ROM (at location $0) are split into 64 longword pointers to code. These are usually the target the CPU goes to in the case of an error.
$0 initial stack pointer $4 entry point $8 bus error handler $C address error handler ...........| ...........spurious exception handler ...........IRQ 0 handler; called when an IRQ level 0 is triggered $ ...$7F 1..7 $80 trap #0 handler; called when trap #0 is executed $84...$BC #1...#$F $C0...$FC reserved for future use
Genesis/32X/Pico ROM header
This ROM header, which starts at $100, is purely for documentation purposes (though game code does look here for the checksum and region information). Each field is padded with spaces (ASCII $20).
$100-$10F the console ID as a string; "SEGA MEGA DRIVE ", for instance.
The "SEGA" at the start is the only mandatory part of the header.
$110-$11F copyright information; it usually consists of the publisher code and either the build or release date
$120-$14F the game's domestic (Japanese) name, usually as a Shift-JIS string
$150-$17F the game's international name
Some games (e.g. Sonic the Hedgehog) split these two into tuples of three 16-byte strings
$180-$18D the game's type code, serial number, and version (usually)
$18E word the game's checksum
$190-$19F peripheral support, one character per peripheral
$1A0 long the ROM start address (0)
$1A4 long the ROM end address (the byte where it ends, so $FFFFF for a 1MB ROM)
$1A8 long the RAM start address ($FF0000)
$1AC long the RAM end address ($FFFFFF)
$1B0 long save RAM flags, or $20202020 (four ASCII spaces) if no save RAM
$1B4 long save RAM start, or $20202020 (four ASCII spaces) if no save RAM
$1B8 long save RAM end, or $20202020 (four ASCII spaces) if no save RAM
$1BC-$1C7 modem information (if the game uses the Mega Modem)
$1C8-$1EF "notes"? typically blank
$1F0-$1FF allowed regions; most games use a string of J, U, or E, but later games use an ASCII-encoded hex bitfield (so F -> 1111 -> all regions)
Only on exception is there anything really notable in this header (for instance, Super Hang-On).
Neo-Geo ROM header
This ROM header, which also starts at $100, is important, because it contains the four entry points that the Neo-Geo BIOS uses to jump into the game. In fact, the location at $4 will usually be the BIOS's own entry point, making it useless for reverse-engineering.
$100-$10x the string ...
