Spectrum Analyser

Spectrum Analyser is a tool that is designed to help reverse engineer ZX Spectrum games & programs.

It is a combination of an emulator, debugger & interactive disassembler. Programs are loaded and run in the emulator and their state can be inspected using the tools provided.

These tools include:

  • Disassembler
  • Debugger
  • Graphics viewer
  • Frame trace
  • Memory diff
  • IO analyser

Other features include:

  • Interactive annotation: labels, functions & comments
  • Lua scripting – for custom viewers etc
  • Watch window
  • Format memory as Byte, Word, Char Map, Bitmap etc.
  • Breakpoints: break on code execution, memory access, NMI, IRQ, IN & OUT
  • Fully annotated Sinclair ROM
  • Self modifying code support
  • Automatic code detection
  • Automatic data detection
  • Poke support
  • Skoolkit import and export
  • Character graphic memory search tool
  • Z80 instruction informational tooltips
  • RZX support
  • 128k Spectrum compatible

How does it work?

The traditional way to reverse engineer software is to manually determine which areas of the computer memory are code or data. A disassembler can then be used to produce an assembly listing of the code memory bytes. One way to achieve this is to observe the code running through a debugger. This can be slow work – although some excellent tools exist to help with this process, such as IDA Pro or Ghidra. This process can be partially automated by using an execution trace file. This can help confirm which areas of memory are code if we know they have been executed.

Spectrum Analyser aims to automate as much of the manual process as possible. It has an emulator built in, which means it can automatically detect which memory locations are code when those locations are executed. The more you play the game, the more code it will uncover.

However, Spectrum Analyser is very much interactive. You are free to manually mark up areas of memory as code if you prefer – without needing to execute the code in question. You do not need to tell Spectrum Analyser where the code ends – only where it begins. It will use static code analysis to work out where the code terminates.

Starting Off

When you open a game for the first time Spectrum Analyser will start from a blank slate. In this state, all memory locations will be formatted as byte data. This is the default state of memory that hasn’t been executed.

This is the same memory after the program has been executed. Spectrum Analyser has set the memory to code and added labels for functions in addition to branch destination labels.

These labels can then be renamed when you figure out what the code is actually doing.

You can then add comments to the disassembly.

Screenshots

Here are some action shots of Spectrum Analyser. For best results you may need to download the images and view them full screen or open them in a separate tab.

Universal Hero
Auf Wiedersehen Monty
Starquake
Firelord
Saboteur

Acknowledgements

This program was built using the superb Chips emulator library by Andre Weissflog, the emulation in the analyser is done using this library: https://github.com/floooh/chips
For the UI, DearImGui is used (https://github.com/ocornut/imgui) which is without doubt one of the greatest pieces of open source software. Without it not only would the UI take much longer but working on it would also be exceedingly dull.

Spectrum Analyser contains a full disassembly of the Sinclair ROM. This was possible because of the skoolkit disassembly done by Richard Dymond. https://skoolkit.ca/disassemblies/rom/

Tutorial

Need help getting started using Spectrum Analyser, or just want to see how it works? Here is a tutorial. This doesn’t cover everything but it will get you started.

Documentation

There is some (incomplete) documentation here.

Status

Spectrum Analyser is currently in Alpha and is actively being worked on.

Contact

Feedback and bug reports are very welcome. Please send them to spectrumanalysertool@gmail.com

Download

Click here to download the latest Alpha version (Windows 10 and above).

[Last uploaded November 11th 2024.]

Changelog & Discussion

For details on what has changed between builds you can check out the thread at Spectrum Computing here.

Discord

Come join us on Discord!

https://discord.gg/VQ3m6W4ZRu

Source Code

You can download the source code here. It builds on Windows, Mac and Linux.

https://github.com/TheGoodDoktor/8BitAnalysers

Credits

Follow the developer on Twitter here. The owner of this website is not the developer.

Comments

32 responses to “Spectrum Analyser”

  1. Russ McNulty avatar
    Russ McNulty

    Looks great, very useful for POKE finding, however the speed seems to be locked at the monitor’s refresh rate, 120Hz in my case, and Speed Scale does do anything.

    This could be the ultimate hacker’s tool – I’ll be keeping an eye on it!

    Reply
    1. admin avatar
      admin

      Glad you like it! The frame timing issue you reported should be fixed now. Could you download the latest build (from the download link on this page) and see if it fixes it please?

      Reply
  2. Maximilien Noal avatar
    Maximilien Noal

    Wow, very impressive !

    Is there source code available, pretty please ?

    I could maybe import some of the features into a similar project for the x86 real mode PC platform.

    Reply
    1. admin avatar
      admin

      There is no public source code available at the moment. Possibly in the future.

      Reply
    2. admin avatar
      admin

      Source code is available now. It’s here: https://github.com/TheGoodDoktor/8BitAnalysers

      Reply
  3. MaLiK avatar
    MaLiK

    Do you plan to publish the source code?

    Reply
    1. admin avatar
      admin

      No immediate plans but it could happen in the future.

      Reply
    2. admin avatar
      admin

      Source code got released. It’s here: https://github.com/TheGoodDoktor/8BitAnalysers

      Reply
  4. Mike van der Lee avatar
    Mike van der Lee

    3 words: fan tas tic!
    I’m playing around with it and what I saw uptil now is that it would have saved me loads of time while creating hooks in game-engines that I did in the past.
    Really exciting. Bravo! 😀

    Reply
    1. admin avatar
      admin

      Thanks. Glad you like it!

      Reply
  5. Andrew Owen avatar
    Andrew Owen

    This could be game changing (pun intended) when it comes to adding native support for the esxDOS file system.

    Reply
  6. xiety avatar
    xiety

    The game is stuck on a HALT operation. What can I do to continue?

    Reply
    1. admin avatar
      admin

      Which game? Can you provide more information on exactly what happens?
      Bear in mind, when you open a game the CPU will not be running so you need to press the Continue button (F5).

      Reply
  7. Jon North avatar
    Jon North

    This is awesome! This would have been really bloody handy 40 years ago lol 🙂

    Reply
  8. David Thomas avatar
    David Thomas

    I spent years reversing The Great Escape in hard mode. This would have saved me so much time. Chase HQ next!

    Reply
    1. admin avatar
      admin

      Good work on reverse engineering The Great Escape. Hope the tool comes in handy with Chase HQ. 😉

      Reply
  9. Jose avatar
    Jose

    It’s great. Thanks!

    Reply
  10. Arlorean avatar
    Arlorean

    This is a great tool. I’m slowly working through the code for Rebelstar, the forerunner of the modern XCOM games:
    https://github.com/Arlorean/Rebelstar

    Reply
    1. admin avatar
      admin

      Awesome! Thanks for sharing. I’ll keep an eye on it. I’ve been looking at Laser Squad myself. Love those games.

      Reply
  11. Vag avatar
    Vag

    Hello,
    This program looks awesome!
    Unfortunately, I haven’t been able to run it, it gives this error:
    “Glfw Error 65542: WGL: The driver does not appear to support OpenGL”
    I have Windows 10 and a somewhat old computer.
    If I remember correctly, MAME shows something similar, but it has different options and it runs. Is there a way to run Spectrum Analyzer?

    Reply
    1. admin avatar
      admin

      Hi, sorry to hear you can’t run SA. Could you try to update your graphics driver please? We think this is a driver issue. Unfortunately, there is currently no fall-back behaviour for when OpenGL fails to initialise. Cheers

      Reply
  12. Bobby avatar
    Bobby

    Hi,
    I might have found an emulation fault?

    Download this file from WOS…
    https://worldofspectrum.org//pub/sinclair/games/b/BobbyBearing.tzx.zip
    …convert it into a .z80 file via Spectaculator v8.
    With the same .z80 file; in Spectaculator pressing 0 (zero) starts the game.
    Doing the same in the Spectrum Analyzer when the ‘Spectrum View’ is focused; causes the game to crash.

    Regards

    Reply
    1. admin avatar
      admin

      Bobby Bearing should work now.

      Reply
  13. edaw avatar
    edaw

    Would this work for the Zx81, have a game I’ve been trying to up the lives on for years

    Reply
    1. admin avatar
      admin

      Sorry, ZX81 support is not implemented.

      Reply
  14. amir natsheh avatar
    amir natsheh

    what about TRD to load file zx?

    Reply
    1. admin avatar
      admin

      TRD files are not supported, sorry.

      Reply
  15. Doobie doo avatar
    Doobie doo

    Are there any plans for a Commodore 64 / Commodore
    suite of computers analyser?

    Reply
    1. admin avatar
      admin

      C64 is being worked on, yes.

      Reply
  16. Ronnie Simpson avatar
    Ronnie Simpson

    Fab

    U

    Lous!

    Game changer and innovation nudge given the pending release of the new “The Spectrum”

    Reply
  17. Lexxie avatar
    Lexxie

    How often is a new release build published?

    I notice it’s been over 5 months since the last release.

    Is this project now dead? (hope not!)

    Reply
    1. admin avatar
      admin

      The project is not dead. I am just lazy. I did another build today. Have fun.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *