NSF ripper Guide Level 9
Level 0   Level 1   Level 2   Level 3   Level 4  

Level 5   Level 6   Level 7   Level 8   Level 9

Level 10   Level 11   Level 12   Level 13   Level 14

Level 15   Level 16   Level 17   Level 18   Level 19

Level 20

LEVEL 9 Cony World Heroes 2

World Heroes 2 is a pirate game and uses a method that requires you to build an init routine for the NSF. You can chose 2 methods to build the routine. However I've chosen an indirect jump routine to make things really simple. Go ahead and dump ram and then disassemble the bank. Also debug the code for the play address. The play address is $80F5 and right above this code is $80CB. This is a bootstrap code and is part of the init. You can try it in the header and it won't play. You will notice that this bootstrap will be called everytime a tune plays so you will have to search for it. You can do it the long way or the short way. The long way is playing the entire game and debug the code, however you might not get all the tunes this way. I have a method that's quick and easy. Load the disassembly in notepad or whatever text program you use with a search function and search for $80CB. You will find many matches in the $Cxxx area of PRG and you will writes these down as you go. This first match you get is at $C14D, however you want to load the X and Y registers as well so you write down $C149 as your first address. 


$C149> A2 DB: LDX #$db ;

$C14B> A0 8C: LDY #$8c ;

$C14D> 20 CB80: JSR $80CB ;

$C150> 60: RTS




$C241> A2 94: LDX #$94 ;

$C243> A0 87: LDY #$87 ;

$C245> 20 CB80: JSR $80CB ;

$C248> 60: RTS




$C4F7> A2 C3: LDX #$c3 ;

$C4F9> A0 8D: LDY #$8d ;

$C4FB> 20 CB80: JSR $80CB ;

$C4FE> 60: RTS

These are just 3 matches you get when you search in the disassembly and you have a lot more to find so go ahead and look for them. Once you're done doing this then you have to make an init routine. This is going to be your indirect routine. 


C000   0A        ASL   A

C001   AA        TAX

C002   BD 10C0   LDA   C010,X

C005   85        STA   00

C007   E8        INX

C008   BD 10C0   LDA   C010,X

C00B   85        STA   01

C00D   6C 0000   JMP   (0000)

.db 49,C1,41,C2,F7,C4,ETC

You have to figure out 2 memory address that you are going to use for the JMP indirect and the ones that I used are $00 and $01. I used a memory viewer to make sure the addresses was not used by the sound driver. It's ok if you use addresses used by anything else as they won't be used in the NSF. Remember those addresses you wrote down. Well, these are going to be your data that is pointed to by the above code. You flip the address bytes and you add them at the end of the code just like you would for arranging the tunes except that you have 2 bytes instead of one. If you understand level 8 then this should hit you like a tun of bricks.