At one day i want disasm nes game "Monsters in my pocket". But majority of disasm programs
work with only one PRG banks. Therefore i cannot look onto follow banks. I'm will be bound
to write my own disasm. Beside i'm can't found good nes assembler. All of him work with
only one banks. Therefore i will be bound add inline assembler in my disasm.
But now here only disasm. Asm work in intel section and have some fault. I'need some time for
fix it.

So...

Cmos6502.xls it is (in general) Slow Disassembler with fully open source, 
support alternative Intel code, and support
Chr banks disassembler, like tile molester or tile layer pro.
For disasm you need .cdl file. It's cannot without it. My goal in accuracy, and i'm don't want
foreseen in disasemble process. You can .cdl file from nes emulator\debuger FCEUX 2.2.2 and younger.
Inside menu DEBUG->CODE DATA LOGGER. For instance you must load you nes game in FCEUX 2.2.2,
go into CODE DATA LOGGER and begin play. You must win it game for make more full map of it's
game. After playing you must go in CODE DATA LOGGER, push STOP button and push SAVE AS button.
And you will get .cdl file. In wich contain information about location Code and Data inside .nes
file. (May be there be info about type of data: music, graphic, controlling but now i'm recognize
only code and data).
 To start disasseble in cmos6502.xls you can resave it excel file into cmos6502.xlsm or cmos6502.xlsb
for use above 1000 000 rows in one excel sheet. Original .xls file support only 65536 rows in sheets.
If disassemble reach for 65000 row disassemble process create one more sheet(PRG-ROM or CHR-ROM).
In .xlsb file you need reach 1043000 row and then create another sheet etc.
I'm create disasm in .xls for good compatiblity with most windows versions. 


Choise your options for disasm: like
-Registercomment and Mappercomment - it opt. comment every bit in registers. Nes reg i'm write comletely
                                     but not map. registers it's just around of 25-30%.

-Tilecomment - let you see data represent as tile from all CHR tables. For now i can look inside
               30 that tables. It columns limit of .xls file.
               You can use it options for find secret scripture or hyerogliph string. unlikely it
               can help you see stage structure, because stage, in general, have compressing of
               tiles block. usualy one byte represent 5 or 6 tyles.

Codehighlighting - do you guess what is it?

Chrdecode - decode all chr banks of current nes file. For it you need not .cdl file.

Prgdecode - decode all prg banks of current file. For it you NEED cdl file, else disasm can decode
            only header of file, and chr banks if it's was selected.

(Ctrl+Brksensivity - It option make awfully slowest disasm process, but let you paused disasm and
                    look on decoded rows.)

Collectdublicateddataifmin - let collect same data in one group like intel style db 100 dup (00h).
                             It's have some advantages when you add clear PRG-bank.
                             At right you choice minimal byte quantity in with it options will work.
                             for instce: prg have bytes: DB A8h,DB A8h,DB A8h,DB A8h,DB A8h. If you
                             choice minimal 6 or > bytes to collect, then it's byte order leave intact,
                             if you choice 5 or < bytes then it bytes convert in pseudocommand
                             db 5 dup (A8h). It option increase disasm rate.



Most of its options decrease disasm rate especially "Tilecomment" and "Codehighlighting".

For first time use "prgdecode","chrdecode","Collectdublicateddataifmin" with low value.

After make your settings push DISASM button. Load .nes file (unzip if you need), load .cdl file.
And wait for end.




Refresh button let you redisasm your file use knowed names of .nes and .cdl files.


In PRG Sheet.
4Eh | PRG:0:803E | 8D 02 40  |  141002064 |  _803E:  | STA $4002    |  OUT BYTE PTR[4002], A
^     ^   ^  ^     ^  ^  ^      ^  ^  ^        ^           ^                  ^
|     |   |  |     |  |  |      |  |  |        |           |                  |
|     |   |  |     |  |  |      |  |  |        |           |                  |
|     |   |  |     |  |  |      |  |  |        |           |                  |
|     |   |  |     |  |  |      |  |  |        |           |           Intel instruction
|     |   |  |     |  |  |      |  |  |        |  Nintendo istruction
|     |   |  |     |  |  |      |  |  |      label
|     |   |  |     |  |  |      |  |  | (Sign _ mean name)
|     |   |  |     |  |  |      |  |  |
|     |   |  |     |  |  | machine code(dec) 
|     |   |  |     |  |  |
|     |   |  | machine code(hex)   
|     |   |  |
|     |   |address in bank
|     |   |
|     |number of bank
|     |
|  type of bank
|
address in nes file


Next 232 columns use for tile comment and in usual conditions they collapsed.
Next 1 column use for your comment and automatic comment.
You not need set sign ; before your comments there.
In this columns set automatic comments "mappercomment" and "managecomment" indicate
every bit condition of current register.

Button at begin of cell need to delete automatic comment, then follow text string sketch register
purprose.
Then follows controlling elements - lists and checkboxes with label talk about condition
current bit. Checkboxes use for one bit, list for group of bit. If you try click on it's
you will see - it's label can change. And argument of intel and nintendo commands can change too.
It's make work with registers a few comfort. Disasm can recognize only immediate loading of register
like

mov a,01101111b
out byte ptr[2000],a

but not

mov a,01101111b
out byte ptr[2000+x],a; Which register?

and not

mov a,01101111b
call d005;there procedure need argumend contain in A register, but register not evident from here.


To recognize it i could go inside all branches of prg banks. May be it's real on 1 or 2 mappers
with absolutely simple structure. But some mappers have difficult swithing prg banks, some
mappers have additional mapper space from $5000 to $8000 in prg ram.


Follow 8 column represent condition of every bit of automatic comment. Later it need to collect
value of register byte. It's serve information.

Follow 8 column contain names of elements of automatic comment. It's info need for deleting
checkboxes and lists include in automatic comments.It's serve information.






In intel code present some extra commands, like YOOP - it' command loop use register Y.




Cla - it's mean clear auxiliary carry flag(intel)     or Clear decimal flag(nintendo notation)
This command absent in intel8086(though it flag is present), but in nmos6502 is present.




LDA ($FC), Y such addressation mode is absent in intel. Usually it do in two steps:

add y,byte ptr[fc]
mov a,byte ptr[y]

but it's not same because Y register was changed.
	
therefore i'm create some pseudointel addressing mode:
MOV A, BYTE PTR[Y+[FC]]





LDA ($FC, X) such addressation mode is absent in intel too. Usually it do in two steps:

add x,byte ptr[FC]
mov a, byte ptr[x]

but it's not same because X register was changed.

therefore i'm create some pseudointel addressing mode:
mov A, BYTE PTR[[X+ARG2]]



If we say about nintendo - there absent much of intel command. like

OUT - it command is analog STA, STX, STY just more apparently and simple,
      because nintendo registers it's I\O ports in intel notations. 

IN - Similar to before mentioned.



Loop $8234 - such command absent in nintendo, I'm bound exchange it two commands:

DEX; BNE $8234



Yoop $8234 -  intel have no such command and nintendo too. But in nintendo this rows
              occur very frequent.
DEY; BNE $8234    i'e cycle use register Y. In intel for cycling use CX register, another
                  registers use for cycling rarely.



In nintendo, commands Sub and add divide onto 2 commands:
CLC; ADC $F6    = ADD byte ptr[f6]
SEC; SBC $F6    = Sub byte ptr[f6]
Because need set condition of carry flag beforehand. In intel it's settings work automatically.


Shift commands in nintendo work one time, for many shifts you must write it commands many
times. Exemple:
ASL
ASL
ASL
ASL
ASl

in intel it work for one time by writing:
SHL A,5

then
ASL;ASL;ASL;ASL;ASL = SHL A,5



Sign ; in cmos6502 connote delimiter, not comment beginner.
You can write many commands in one row use ;
For instance
ldx #10;ASl;sta #$2008;dex;bne $A000
it's permited in intel rows too.



Some flags in nintendo work another then in intel
ClI - in nintendo means clear interruption forbidden flags 
cli - in intel means clear interuption permission flag
then
cli(nintendo)=STI(intel)
and
sei(nintendo)=cli(intel)


in addition...

some jumps\branches instructions absent in nintendo.
intel jg
intel ja
intel jbe
intel jle

i'm plan change every of it two commands at assembly, for disassemmbly it's ambiguous.
Now i want provide you some corresponding jump\branches commands:

bcs     jae(jc)
bcc     jb(jnc)
beq     je(jz)
bne     jne(jnz)
bpl     jge
bmi     jl(js)
bvs     jo
bvc     jno


CHR-ROM Sheets
Every chr banks contain two table,table contain 256 tiles,every tile contain 64 pixels.
In nes file(in general) every pixel code by two bits, located at distance 8 bytes(64bits) 
from each other.
Corresponding of bits value give us color:
00
01
10
11
inasmuch as have four variants corresponding of bits, we have 4 kind of colors. But colors not
constant. Red may be green, may be brown etc. It depend from game settings(in detail it depend
from data in palette registers(sprite and background) inside video processor(ppu)).


If you click to any pixel in every table, you will see:

bit2 of 83A3h(F9) & 83ABh(FE)/chr:0:0:39h
^         ^   ^      ^     ^   ^  ^ ^ ^
|         |   |      |     |   |  | |tile number
|         |   |      |     |   |  | |
|         |   |      |     |   |  |table number
|         |   |      |     |   |  |
|         |   |      |     |   | bank number
|         |   |      |     |   |
|         |   |      |     |type of bank
|         |   |      |     |
|         |   |      | value of this byte
|         |   |      |
|         |   |address byte of second bit 
|         |   |in file.     
|         |   |
|         | value of this byte
|         |
|  address byte of first bit
|  in file.
|
order of first bit
and second bit in
it's own bytes

At very top of CHR-ROM sheet you see four colored qudrangles. You can fill it from
excel pallete. It's purprose for change disasm colors represent on CHR-ROM sheets.
After this action you can push REFRESH CHR-ROM button for acquire changes. And all chr-rom
sheets colored with new colors.

Button Expand tile arranger purprosed for expand some clean field 30x32 tiles in size,
like size of nintedo pal screen. You could copy groups of tiles here, and repaint it,
use excel filling, and original tile(located in some tables) change immediately.
But it still not worked. I have no time.

At rightmost columns you see many numerics. It's chr-rom bytes in decimal representing,
it need for assembly all disassembling data back into .nes file. But it still no worked.

In disasm process excell can create many sheets PRG-ROM and many sheets CHR-ROM.
As i aforementioned it's depend from excel file resolution .xls, .xlsb or .xlsm
When you run disasm some file again. It's sheets will be delete. You can
delete PRG-ROM and CHR-ROM sheets manually, besides very first PRG-ROM sheet,
because it contain button disasm and refresh. If you delete it too, you must run
vba macro: "PRG-DECODE" to start disasm.

Sheets Lists and codepages you must not delete. May be just Lists, becase here locate
info about registers.
Sheet codepages is reserved for many codepages. Sometimes nintendo game contain
two or many codepages. They must save on it sheet for more accuracy disassembling,
and assembly text strings with selected codepage.

Because cmos6502 is fully open source you can debug my code. Go to Macro menu and
select: change "PRG-DECODE" macro. And then press F8 to step commands by commands.
At workbook module locate uncompleted macro to inline assembler (just for intel now).

I'm plan to add new commands in intel like xchg,mul,div and extend addresations mode to
registers X and Y. Therefore intel section will be similar to high programming, like C or Pascal.
If you have comments give it in site



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


version 0.6(18.05.2019)


For half year i just write intel inline assembler. It's very poor, but better then nothing.

available commands:


add
adc
sub
sbb
inc
dec

or
xor
not
and
neg


shl
shr
rol
ror

loop(yoop)
many conditional jumps
jmp
call
ret,iret
int 8(user interrupt)

cmp
test

mov
in
out
xchg

nop

push
pop
pushf
popf


flags set\clear (CLC,STC,CLI,STI,CLOF,CLAF,STAF)
DB
DW


for more info about it you must write any command(without operands) with query sign like:

mov?
add?
xchg?

and you can see first window contain help about this command and then you can see second window contain all exist addressing
regimen of this command.

In second window you will see scripture like: 

mov y, byte ptr[arg2]


in this case "arg2" mean one byte. For example: 5Fh , 00010111b , 15
And every single connotation (arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9) mean 1byte.
Every double connotation(arg1arg2, arg5arg1 and others) mean two bytes like: fa04h, 0100011101101111b, 65530
If first symbol in your numeric is letter like fff6h, you need not add zero before like 0fff6h in masm or tasm.
So fff6h it is right variant.


DB and DW pseudocommands

this commands need to Define Byte or Define Word.
usually it have 3 mode: 

db A7h
db 150 dup(4Eh)
db "hello word!"

Third mode no working yet, because no wrote codepage recognition procedure. If you write some text, you must build him
byte for byte. So...

DB command have 2 mode:

db A7h
db 150 dup(4Eh)


DW command have 3 mode:

dw A7h
dw 1156h
db 150 dup(4E56h)


You can use 3 numeric system here - decimal,hexadecimal,binary. Also you can use negative decimal numeric here.
Note: first operand(150) in command   db 150 dup(4E56h)   must be decimal numeric  


db 150 dup(4E56h)
    ^       ^
    dec     dec,hex,bin

  


Some variants:


db -10
db 5
db A7h
db 150 dup(00011111b)
dw 75 dup(1111000011110000b)
dw -315

etc

Also you can use this numeric modes inside other commands like: 
mov a, -100
add a, -52
mov a,11110000b

etc













new elements:

button on/off - if you push ctrl+brk keys dissasembling proccess will stop. And excel screen update will no work.
You can push on/off button to switch on screen update. And if you want switch off inline assembler
You can push on/off button to switch off it.

flag "fill with NOP next command" and "fill with NOP at end of bank". It option purprose for inline assembler,
when you exchange some command to your command posterior commands must change to NOP. quantity of bytes of
your command - quantity bytes of old command = quantity of exchange to NOP next commands.
If my explains inaprehensible remember how inline assembler fill with NOP next command in OLLYDEBUG.
"fill with NOP at end of bank"-it option no working yet.
 

button ctrl+brk sensivity was deleted because it make some confusion.
But you can push ctrl+brk on your keyboard for watching on disasembling process.




Have some problem for now: 
Posterior commands have not correct filling with NOP commands, when you exchange some original command to your command.
(this problem fixed at 6.06.19)

I'm forgot some things:

1) All arguments inside brackets must be hexadecimal value without letter 'h' at end.
examp:

mov a,byte ptr[1054]      instead      mov a,byte ptr[1054h] 

It's system use in many ibm pc debuggers, where address write like hex numeric without 'h'.

2) Labels is no permited for now. If you use jumping command, calling, looping e.t.c, you
   must write bank address

example:

JE 80CE

LOOP 800A


3)In chr-rom sheets push ctrl+mouseScrollUP/down for change scale of sheet.

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
version 0.9

-add inline nes assembler


Annotation:
Nes inline assembler is 90% completed for now(31.12.2019), have some bugs yet.
Therefore cmos6502ver09.zip contain 2 exel files:version08.xls(stable) and version09.xls(unstable)

inline nes assembler in version09 support commands:
brk
ora
kil
slo
nop
asl
php
anc
bpl
clc
jsr
and
rla
bit
rol
plp
bmi
sec
rti
eor
sre
lsr
pha
alr
jmp
bvc
cli
rts
adc
rra
ror
pla
arr
bvs
sei
sta
sax
sty
stx
dey
txa
xaa
bcc
sha
tya
txs
tas
shy
shx
ldy
lda
ldx
lax
tay
tax
bcs
clv
tsx
las
cpy
cmp
dcp
dec
iny
dex
axs
bne
cld
cpx
sbc
isc
inc
inx
beq
sed
.db
.dw

Many of this commands support on original nes CPU, but not in
emulator(sha,shy,dcp,isc etc). More part of new command is 
multiple command. For instance: DCP A,$24 = dec A; cmp a,$24


bugs: 
-help in inline NES is work only for addressation regimen,
 not for really help(i'm have not time).
-Deleting consequent command in inl NES asm is not work
-became some bugs in intel inline assembler(with adding letter 'b','h' etc at end of operand

version09 is raw version

p.s you can undarstand how new nes command work by intel column,
    that show it command in detail.

p.p.s /? work both nes and intel columns





new features in version 1.00:
On PRG-ROM list added "Assemble" button. It need to compile your
modified code into .nes file.

On PRG-ROM list and CHR-ROM list added "Set a String to Codepage" button.
Generally it need to recognise text phrases in disassemble process.
I.e. it require two pass of dissasemble. At first time (after first
disassemble) you ought open list "CHR-ROM", press
"Set a String to Codepage" button. You will see some window in which
collecting a hex code when you clicking mouse on some Tile(quadrangle).
You need name every string and send it to list "Codepages" by pressing
"Send to Codepages" button on a window.
   You can acquire particular letters or numerics or another symbol. In this
case you can switch to "Alphabet" radiobutton, which number your symbol
automatically(you can choose name of symbol by pressing "Back" or "Next" button).
But it way more difficult to take an hyeroglyph. Much easy select "other"
radiobutton and name your string of bytes how you want.
   You can use "Set a String to Codepage" to:
    - acquire particular letters;
    - acquire particular complex letters(like four,six,etc parts hyeroglyph);
    - acquire phrases(you can find it in game or use ""MapperComment option);
    - acquire big pictures(like title screen of game. You need know appearance
      order to this tiles);
    - acquire some parts of game stage(like bricks in mario, tanks etc);
    - acquire music, joystic button combination, some parts of code;
      (for it you need select "PRG-ROM" list and clicking mouse on some row);
After collect some bytes you need send them to "Codepages" list. On "Codepages"
list you can see all taked byte strings. At very high of table you see fields
"Names","Disasm","Data". 
   "Names" column contain your name of byte string. It
Name will turn to text string after next disassemble. For instance name "1 Player"
turn to DB "1 Player" . 
   "Disasm" - it mark about need disassemble it string or not
after next disassemble. Any symbol in this column means it string must be disassemble.
You controlling of this mark by pressing not lettered checkbox near the 
Name of string screen.
   "Data" - it bytes that contain in your string.
   Buttons: "Save codepage", "Delete all", "Add codepage" still not working.

   When you collect all phrase you need disasm your .nes file again by pressing
"Disasm" button or "Refresh".

UNFORTUNATELY it feature still not working at inline assembler. If you
type: DB "SNUFFCOLOUR" you cannot turn it to byte string "53 4E 46 46 43 4F 4C 4F 55 52".



You can download chinese keybord from https://poutko.ru/Archiv/Install-ChTT.exe
or  https://poutko.ru/Archiv/ChiTT.zip
