Spectrum Analyser

Spectrum Analyser is a tool that is designed to help reverse engineer ZX Spectrum games & programs.

It is a combination of an emulator, debugger & interactive disassembler. Programs are loaded and run in the emulator and their state can be inspected using the tools provided.

These tools include:

Disassembler
Debugger
Graphics viewer
Frame trace
Memory diff
IO analyser

Other features include:

Interactive annotation: labels, functions & comments
Watch window
Format memory as Byte, Word, Char Map, Bitmap etc.
Breakpoints: break on code execution, memory access, NMI, IRQ, IN & OUT
Fully annotated Sinclair ROM
Self modifying code support
Automatic code detection
Automatic data detection
Poke support
Skoolkit import and export
Character graphic memory search tool
Z80 instruction informational tooltips
RZX support
128k Spectrum compatible

How does it work?

The traditional way to reverse engineer software is to manually determine which areas of the computer memory are code or data. A disassembler can then be used to produce an assembly listing of the code memory bytes. One way to achieve this is to observe the code running through a debugger. This can be slow work – although some excellent tools exist to help with this process, such as IDA Pro or Ghidra. This process can be partially automated by using an execution trace file. This can help confirm which areas of memory are code if we know they have been executed.

Spectrum Analyser aims to automate as much of the manual process as possible. It has an emulator built in, which means it can automatically detect which memory locations are code when those locations are executed. The more you play the game, the more code it will uncover.

However, Spectrum Analyser is very much interactive. You are free to manually mark up areas of memory as code if you prefer – without needing to execute the code in question. You do not need to tell Spectrum Analyser where the code ends – only where it begins. It will use static code analysis to work out where the code terminates.

Starting Off

When you open a game for the first time Spectrum Analyser will start from a blank slate. In this state, all memory locations will be formatted as byte data. This is the default state of memory that hasn’t been executed.

This is the same memory after the program has been executed. Spectrum Analyser has set the memory to code and added labels for functions in addition to branch destination labels.

These labels can then be renamed when you figure out what the code is actually doing.

You can then add comments to the disassembly.

Screenshots

Here are some action shots of Spectrum Analyser. For best results you may need to download the images and view them full screen or open them in a seperate tab.

Acknowledgements

This program was built using the superb Chips emulator library by Andre Weissflog, the emulation in the analyser is done using this library: https://github.com/floooh/chips
For the UI, DearImGui is used (https://github.com/ocornut/imgui) which is without doubt one of the greatest pieces of open source software. Without it not only would the UI take much longer but working on it would also be exceedingly dull.

Spectrum Analyser contains a full disassembly of the Sinclair ROM. This was possible because of the skoolkit disassembly done by Richard Dymond. https://skoolkit.ca/disassemblies/rom/

Tutorial

Need help getting started using Spectrum Analyser, or just want to see how it works? Here is a tutorial. This doesn’t cover everything but it will get you started.

Documentation

There is some (incomplete) documentation here.

Status

Spectrum Analyser is currently in Alpha and is actively being worked on.

Contact

Feedback and bug reports are very welcome. Please send them to spectrumanalysertool@gmail.com

Download

Click here to download the latest Alpha version (Windows 10 and above).

[Last uploaded Feb 9th 2024.]

Changelog & Discussion

For details on what has changed between builds you can check out the thread at Spectrum Computing here.

Discord

Come join us on Discord!

https://discord.gg/VQ3m6W4ZRu

Source Code

You can download the source code here. It builds on Windows, Mac and Linux.

https://github.com/TheGoodDoktor/8BitAnalysers

Credits

Follow the developer on Twitter here. The owner of this website is not the developer.

Comments

21 responses to “Spectrum Analyser”

Russ McNulty

January 7, 2023

Looks great, very useful for POKE finding, however the speed seems to be locked at the monitor’s refresh rate, 120Hz in my case, and Speed Scale does do anything.

This could be the ultimate hacker’s tool – I’ll be keeping an eye on it!

Reply
1. admin
  
  January 7, 2023
  
  Glad you like it! The frame timing issue you reported should be fixed now. Could you download the latest build (from the download link on this page) and see if it fixes it please?
  
  Reply
Maximilien Noal

January 11, 2023

Wow, very impressive !

Is there source code available, pretty please ?

I could maybe import some of the features into a similar project for the x86 real mode PC platform.

Reply
1. admin
  
  January 24, 2023
  
  There is no public source code available at the moment. Possibly in the future.
  
  Reply
2. admin
  
  February 7, 2023
  
  Source code is available now. It’s here: https://github.com/TheGoodDoktor/8BitAnalysers
  
  Reply
MaLiK

January 11, 2023

Do you plan to publish the source code?

Reply
1. admin
  
  January 24, 2023
  
  No immediate plans but it could happen in the future.
  
  Reply
2. admin
  
  February 7, 2023
  
  Source code got released. It’s here: https://github.com/TheGoodDoktor/8BitAnalysers
  
  Reply
Mike van der Lee

January 14, 2023

3 words: fan tas tic!
I’m playing around with it and what I saw uptil now is that it would have saved me loads of time while creating hooks in game-engines that I did in the past.
Really exciting. Bravo! 😀

Reply
1. admin
  
  January 24, 2023
  
  Thanks. Glad you like it!
  
  Reply
Andrew Owen

January 15, 2023

This could be game changing (pun intended) when it comes to adding native support for the esxDOS file system.

Reply
xiety

February 13, 2023

The game is stuck on a HALT operation. What can I do to continue?

Reply
1. admin
  
  February 20, 2023
  
  Which game? Can you provide more information on exactly what happens?
  Bear in mind, when you open a game the CPU will not be running so you need to press the Continue button (F5).
  
  Reply
Jon North

March 8, 2023

This is awesome! This would have been really bloody handy 40 years ago lol 🙂

Reply
David Thomas

March 15, 2023

I spent years reversing The Great Escape in hard mode. This would have saved me so much time. Chase HQ next!

Reply
1. admin
  
  March 20, 2023
  
  Good work on reverse engineering The Great Escape. Hope the tool comes in handy with Chase HQ. 😉
  
  Reply
Jose

May 20, 2023

It’s great. Thanks!

Reply
Arlorean

October 16, 2023

This is a great tool. I’m slowly working through the code for Rebelstar, the forerunner of the modern XCOM games:
https://github.com/Arlorean/Rebelstar

Reply
1. admin
  
  October 16, 2023
  
  Awesome! Thanks for sharing. I’ll keep an eye on it. I’ve been looking at Laser Squad myself. Love those games.
  
  Reply
Vag

November 23, 2023

Hello,
This program looks awesome!
Unfortunately, I haven’t been able to run it, it gives this error:
“Glfw Error 65542: WGL: The driver does not appear to support OpenGL”
I have Windows 10 and a somewhat old computer.
If I remember correctly, MAME shows something similar, but it has different options and it runs. Is there a way to run Spectrum Analyzer?

Reply
1. admin
  
  November 28, 2023
  
  Hi, sorry to hear you can’t run SA. Could you try to update your graphics driver please? We think this is a driver issue. Unfortunately, there is currently no fall-back behaviour for when OpenGL fails to initialise. Cheers
  
  Reply