KungFuFurby
commented
3 years ago I could expand the scope of this, actually. I noticed that $F0-$FF are not actually editable with the memory editor in SPC700 RAM. All of them are writable in SPC700 ASM, though not all of them actually do anything when written to, and the CPUIO registers ($F4-$F7) are latch-based, meaning the SPC700 side can have a completely different value read (sent from the SNES) than what the SNES-side reads (sent from the SPC700).
Due to the latch-based nature of $F4-$F7, I came up with an impromptu solution by making a really small 65816 program (no actual ASM, just raw opcodes). Then I made sure the song does not immediately start on loading by pausing execution beforehand, and then I copied the program to memory location $000000 on the S-CPU bus (which overwrites the STP opcode), then I executed it. It does overwrite $F4-$F7 as loaded from the SPC file itself, but it otherwise worked quite nicely for me, and as a bonus, I get to see what the SPC700 is outputting.
Here's what I created:
78 18 FB A2 04 B5 13 9D 3F 21 BD 3F 21 95 17 CA
D0 F3 80 EF 00 00 00 00 00 00 00 00
bsnes-plus's debugger has a Properties window, where the S-SMP tab allows for viewing timer speeds. It possible to edit the value of a timer, to override what the game or SPC file has set, to help reverse-engineer how SPC engine timing systems work?
Unrelated, but fullsnes says that $00f1 has bits to control which timers are enabled, but bsnes-plus only exposes "IPLROM Enable". Can that be added as well?