The current URL is datacrystal.tcrf.net.
Mario Kart 64/Notes: Difference between revisions
(Edited formatting for consistency) |
mNo edit summary |
||
Line 382: | Line 382: | ||
credits: MBR, spinout182, Vexiant | credits: MBR, spinout182, Vexiant | ||
{{Internal Data|game=Mario Kart 64}} |
Revision as of 03:06, 6 November 2015
The following article is a Notes Page for Mario Kart 64.
A deposit of the now defunct 64.vg/w/.
Functions
Native functions
/* 0x800936B8 */ extern void mk64_draw_text ( int x, int y, char * s, float xscale, float yscale, int u ); /* 0x80057710 */ extern void mk64_debug_text_preface ( void ); /* 0x800577A4 */ extern void mk64_draw_debug_text ( int x, int y, char * ); /* 0x80098DF8 */ extern void mk64_draw_square ( void *, int up_x, int up_y, int low_x, int low_y, u8, u8, u8, u8 ); /* 0x800400D0 */ extern void mk64_mio0_decode ( void * input, void * output );
OS functions
0x800cbf70,osCreateThread 0x800cc0c0,osInitialize 0x800cc360,osStartThread 0x800cc4b0,osCreateViManager 0x800cc850,osViSetMode 0x800cc8c0,osViBlack 0x800cc930,osViSetSpecialFeatures 0x800ce8e0,osPfsNumFiles 0x800cea30,osPfsFileState 0x800ced20,osPfsFreeBlocks 0x800cee70,guRotateF 0x800cf004,guRotate 0x800cf060,guScaleF 0x800cf0b4,guScale 0x800cf100,guPerspectiveF 0x800cf330,guPerspective 0x800cf390,guLookAtF 0x800cf648,guLookAt 0x800cf6c0,guTranslateF 0x800cf708,guTranslate 0x800cf760,osSyncPrintf 0x800cf7c0,guMtxXFML 0x800cf820,guMtxCatL 0x800cf880,osPfsFindFile 0x800cfa40,osPfsDeleteFile 0x800cfd20,__osPfsReleasePages 0x800cff58,__osBlockSum 0x800d02d0,osPfsReadWriteFile 0x800d07d0,osPfsAllocateFile 0x800d0c54,__osPfsDeclearPage 0x800d0f80,osAiSetFrequency 0x800d10e0,osAiGetLength 0x800d10f0,osAiSetNextBuffer 0x800d11a0,osGetCount 0x800d1ab0,__osDisableInt 0x800d1ad0,__osRestoreInt 0x800d1af0,__osDequeueThread 0x800d1b30,__osSetSR 0x800d1b40,__osGetSR 0x800d1b50,__osSetFpcCsr 0x800d1b60,__osSiRawReadIo 0x800d1b60,__osSpRawReadIo 0x800d1bb0,__osSpRawWriteIo 0x800d1bb0,__osSiRawWriteIo 0x800d1c00,osWritebackDCache 0x800d1c80,osMapTLBRdb 0x800d1ce0,osPiRawReadIo 0x800d1d40,__osSetHWIntrRoutine 0x800d2610,__osTimerServicesInit 0x800d269c,__osTimerInterrupt 0x800d2814,__osSetTimerIntr 0x800d2888,__osInsertTimer 0x800d2a10,osGetThreadPri 0x800d2a30,__osViInit 0x800d2b90,__osViSwapContext 0x800d2fb0,osPiRawStartDma 0x800d3090,osEPiRawStartDma 0x800d3520,bcopy/_bcopy 0x800d3830,osVirtualToPhysical 0x800d38b0,__osSpSetStatus 0x800d38c0,__osSpSetPc 0x800d3900,__osSpRawStartDma 0x800d3990,__osSpDeviceBusy 0x800d39c0,osSetTimer 0x800d3aa0,__osSiRawStartDma 0x800d3c10,osJamMesg 0x800d3d60,osPiGetCmdQueue 0x800d3d90,__osSpGetStatus 0x800d3da0,guMtxF2L 0x800d3ea0,guMtxIdentF 0x800d3f28,guMtxIdent 0x800d3f58,guMtxL2F 0x800d4010,osEepromWrite 0x800d42cc,__osEepStatus 0x800d44f0,__osSumcalc 0x800d454c,__osIdCheckSum 0x800d45b4,__osRepairPackId 0x800d49cc,__osCheckPackId 0x800d4b64,__osGetId 0x800d4dc0,__osCheckId 0x800d4ebc,__osPfsRWInode 0x800d51dc,__osPfsSelectBank 0x800d5250,osPfsChecker 0x800d5914,corrupted_init 0x800d5ac8,corrupted 0x800d5cb0,__osContRamRead 0x800d6060,guNormalize 0x800d60f0,__sinf/fsin/sinf 0x800d62b0,__cosf/fcos/cosf 0x800d6420,_Printf 0x800d70e0,guMtxXFMF 0x800d7180,guMtxCatF 0x800d72f0,__osContRamWrite 0x800d76a0,osEepromRead 0x800d79a0,__osAiDeviceBusy 0x800d79d0,osSetIntMask 0x800d7a70,osDestroyThread 0x800d7b70,__osSiDeviceBusy 0x800d7c90,__osSetCompare 0x800d7ca0,__osResetGlobalIntMask 0x800d7d00,osEPiRawWriteIo 0x800d7d50,osYieldThread 0x800d7da0,__osProbeTLB 0x800d7e60,__osContAddressCrc 0x800d7f10,__osContDataCrc 0x800d7fe0,memcpy 0x800d800c,strlen 0x800d8034,strchr 0x800d8080,_Litob 0x800d8320,_Ldtob 0x800d8de0,lldiv 0x800d8ee0,ldiv 0x800ea5e0,osClockRate 0x800ea5e8,__osShutdown 0x800ea5ec,__OSGlobalIntMask 0x800ea5f0,osDiskExist 0x800ea620,osViModeNtscLpn1 0x800ea620,osViModeTable 0x800ea670,osViModeNtscLpf1 0x800ea710,osViModeNtscLaf1 0x800ea760,osViModeNtscLpn2 0x800ea7b0,osViModeNtscLpf2 0x800ea800,osViModeNtscLan2 0x800ea850,osViModeNtscLaf2 0x800ea8a0,osViModeNtscHpn1 0x800ea8f0,osViModeNtscHpf1 0x800ea940,osViModeNtscHan1 0x800ea990,osViModeNtscHaf1 0x800ea9e0,osViModeNtscHpn2 0x800eaa30,osViModeNtscHpf2 0x800eaa80,osViModePalLpn1 0x800eaad0,osViModePalLpf1 0x800eab70,osViModePalLaf1 0x800eabc0,osViModePalLpn2 0x800eac10,osViModePalLpf2 0x800eac60,osViModePalLan2 0x800eacb0,osViModePalLaf2 0x800ead00,osViModePalHpn1 0x800ead50,osViModePalHpf1 0x800eada0,osViModePalHan1 0x800eadf0,osViModePalHaf1 0x800eae40,osViModePalHpn2 0x800eae90,osViModePalHpf2 0x800eaee0,osViModeMpalLpn1 0x800eaf30,osViModeMpalLpf1 0x800eafd0,osViModeMpalLaf1 0x800eb020,osViModeMpalLpn2 0x800eb070,osViModeMpalLpf2 0x800eb0c0,osViModeMpalLan2 0x800eb110,osViModeMpalLaf2 0x800eb160,osViModeMpalHpn1 0x800eb1b0,osViModeMpalHpf1 0x800eb200,osViModeMpalHan1 0x800eb250,osViModeMpalHaf1 0x800eb2a0,osViModeMpalHpn2 0x800eb2f0,osViModeMpalHpf2 0x800f3c10,__osRcpImTable
Symbols
0x800046AC { osViExtendVStart } Auxiliary symbols for `osViExtendVStart`: 0x80162D5C = __additional_scanline 0x80028F5C { osSyncPrintf, rmonPrintf } 0x8005994C { leoInitUnit_atten } Auxiliary symbols for `leoInitUnit_atten`: 0x8005C654 { alSynDelete } 0x800CE130 0x800D2B80 { __osViGetCurrentContext, __osViGetNextContext, osPiGetDeviceType, __osGetActiveQueue, __osGetCurrFaultedThread, leoChkUnit_atten } Auxiliary symbols for `__osViGetCurrentContext`: 0x800EB3AC = __osViCurr Auxiliary symbols for `__osViGetNextContext`: 0x800EB3AC = __osViNext Auxiliary symbols for `osPiGetDeviceType`: 0x800EB3AC = osRomType Auxiliary symbols for `__osGetActiveQueue`: 0x800EB3AC = __osActiveQueue Auxiliary symbols for `__osGetCurrFaultedThread`: 0x800EB3AC = __osFaultedThread Auxiliary symbols for `leoChkUnit_atten`: 0x800D2A10 { osGetThreadPri } Auxiliary symbols for `osGetThreadPri`: 0x800EB3B0 = __osRunningThread
Stack traces
Various
Text printing during map loading #00 0x800936B8 SRC:0x800A05B4 ARG:{0x00000010,0x00000024,0x800EF868,0x00000008} #01 0x8009F5E0 SRC:0x800A81E4 ARG:{0x8018DEB8,0x801431C8,0x06000000,0x0000013F} #02 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006} #03 0x800A8230 SRC:0x80094278 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006} #04 0x800940EC SRC:0x80093AB4 ARG:{0x800F0000,0x00000000,0x0000F7FD,0x8014EF40} #05 0x80093A5C SRC:0x802A5C84 ARG:{0x00000000,0x80150298,0x0000F7FD,0x8014EF40} #06 0x802A59A4 SRC:0x80001608 ARG:{0x00000001,0x800DC668,0x00000001,0x80162600} #07 0x8000142C SRC:0x80001F38 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000} #08 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000} Spinning Nintendo logo (guRotate) Stack trace for thread 5 (0x801589D0): #00 0x800CF0B4 SRC:0x800943C4 ARG:{0x00000002,0x3F800000,0x3F800000,0x40400000} #01 0x800942D0 SRC:0x80094744 ARG:{0x00000002,0xF63C0000,0x00000004,0x8015A9B0} #02 0x80094660 SRC:0x8009F6D4 ARG:{0x801263D0,0x000000FF,0x8019F7C8,0x00000006} #03 0x8009F5E0 SRC:0x800A81E4 ARG:{0x49018008,0x000000FF,0x8019F7C8,0x00000006} #04 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006} #05 0x800A8230 SRC:0x80094BE8 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006} #06 0x80094A64 SRC:0x80001F28 ARG:{0x80150000,0x80150298,0x00000000,0x00000048} #07 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000} "Cannot save race data for ghost" (m64p) watch 80092C98 Now watching 0x80092C98. (m64p) continue Breakpoint triggered at 0x80092C98. (m64p) bt Stack trace for thread 5 (0x801589D0): #00 0x80092C90 SRC:0x80093068 ARG:{0x800F0938,0x000000FF,0x8019F7A8,0x00000006} $sp:0x8015A898 size: 40b #01 0x80093034 SRC:0x800A7118 ARG:{0x800F0938,0x000000FF,0x8019F7A8,0x00000006} $sp:0x8015A8C0 size: 72b #02 0x800A70E8 SRC:0x800A07EC ARG:{0x8018DAA8,0x000000FF,0x8019F7A8,0x00000006} $sp:0x8015A908 size: 176b #03 0x8009F5E0 SRC:0x800A81E4 ARG:{0x8018DAA8,0x000000FF,0x8019F7A8,0x00000006} $sp:0x8015A9B8 size: 56b #04 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7A8,0x00000006} $sp:0x8015A9F0 size: 24b #05 0x800A8230 SRC:0x80094278 ARG:{0x00000000,0x000000FF,0x8019F7A8,0x00000006} $sp:0x8015AA08 size: 48b #06 0x800940EC SRC:0x80093AB4 ARG:{0x00000000,0x00000000,0x00000000,0x8014EF40} $sp:0x8015AA38 size: 24b #07 0x80093A5C SRC:0x802A5C84 ARG:{0x00000000,0x80150298,0x00000000,0x8014EF40} $sp:0x8015AA50 size: 192b #08 0x802A59A4 SRC:0x80001608 ARG:{0x00000000,0x800DC668,0x00000001,0x80162600} $sp:0x8015AB10 size: 40b #09 0x8000142C SRC:0x80001F38 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000} $sp:0x8015AB38 size: 24b #10 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000} $sp:0x8015AB50 size: ?
Extractor
A rudimentary extractor which picks out MIO0 blocks and infers their length via the compression format can be found here. You can also download the Windows binary
Filesystem
Mario Kart 64 doesn't have a single unified filesystem. A search for "MIO0\x00\x00\x10\x00" confirms this. Files are either loaded via distinct tables or through direct lui/addiu operations. This does not dismiss the possibility of being able to change the compression algorithm the ROM uses, however. A hash table could be employed with the original offsets of the file being used as the key. Thus, a DMA function could be intercepted and the proper file loaded regardless of new location.
Player Data
Pointers to the 8 individual drivers are at 0x800DC4DC. Each driver structure appears to be 3544 bytes long.
struct mk64_player float unkn; u32 u1; u32 u2; u32 u3; u32 u4; float x, y, z; u16 u5; u16 rotation; float unkn; float x_accel, y_accel, z_accel;
Map Data
The code that processes the DMA and decompression of map files is dynamically loaded.
0x802AA918: sll t6,a0,2 0x802AA91C: subu t6,t6,a0 0x802AA920: lui t7,0x802c 0x802AA924: addiu t7,t7,-29312 0x802AA928: sll t6,t6,4 0x802AA92C: addu v0,t6,t7 0x802AA930: addiu $sp,$sp,-96 0x802AA934: lui v1,0x800e 0x802AA938: lw v1,-15092(v1) 0x802AA93C: lw t8,0(v0) 0x802AA940: lw t9,4(v0) 0x802AA944: lw t0,8(v0) 0x802AA948: lw t1,12(v0) 0x802AA94C: lw t2,40(v0) 0x802AA950: lw t3,24(v0) 0x802AA954: lw t4,32(v0) 0x802AA958: lw t5,28(v0) 0x802AA95C: lw t6,36(v0) 0x802AA960: lhu t7,44(v0) 0x802AA964: li $at,5 0x802AA968: sw $ra,20($sp) 0x802AA96C: lw a2,16(v0) 0x802AA970: lw a1,20(v0) 0x802AA974: sw t8,72($sp) 0x802AA978: sw t9,68($sp) 0x802AA97C: sw t0,64($sp) 0x802AA980: sw t1,60($sp) 0x802AA984: sw t2,48($sp) 0x802AA988: sw t3,44($sp) 0x802AA98C: sw t4,40($sp) 0x802AA990: sw t5,36($sp) 0x802AA994: sw t6,32($sp) 0x802AA998: beq v1,$at,0x802AA9AC 0x802AA99C: sw t7,28($sp) 0x802AA9A0: li $at,9 0x802AA9A4: bne v1,$at,0x802AA9BC 0x802AA9A8: lui t9,0x8028 0x802AA9AC: lui t8,0x8028 0x802AA9B0: lui $at,0x8016 0x802AA9B4: b 0x802AA9C8 0x802AA9B8: sw t8,-2260($at) 0x802AA9BC: ori t9,t9,0xdf00 0x802AA9C0: lui $at,0x8016 0x802AA9C4: sw t9,-2260($at) 0x802AA9C8: jal 0x802A7D70 0x802AA9CC: or a0,a2,$zero 0x802AA9D0: li a0,9 0x802AA9D4: jal 0x802A7B94 0x802AA9D8: or a1,v0,$zero 0x802AA9DC: lui t0,0x800e 0x802AA9E0: lw t0,-15092(t0) 0x802AA9E4: li $at,5 0x802AA9E8: lw a0,72($sp) 0x802AA9EC: beq t0,$at,0x802AAA08 0x802AA9F0: nop 0x802AA9F4: jal 0x802AA88C /* Map is decompressed further down the line here */ 0x802AA9F8: lw a1,68($sp) 0x802AA9FC: li a0,6
Stack trace hereto:
(m64p) bt Stack trace for thread 5 (0x801589D0): #00 0x800400D0 SRC:0x802AA8E8 ARG:{0x802899C0,0x801CCF10,0x00000001,0x802BA360} $sp:0x8015AA90 size: 48b #01 0x802AA88C SRC:0x802AA9F4 ARG:{0x0084E8E0,0x00852E20,0x00000001,0x802BA360} $sp:0x8015AAC0 size: 96b #02 0x802AA918 SRC:0x80002AF4 ARG:{0x00000008,0x0002C470,0x00000001,0x802BA360} $sp:0x8015AB20 size: 24b #03 0x80002A18 SRC:0x8000271C ARG:{0x8028DF00,0x0002C470,0x00000001,0x802BA360} $sp:0x8015AB38 size: 24b #04 0x80002684 SRC:0x80002884 ARG:{0x00000001,0x00006D6E,0x00000000,0x00000000} $sp:0x8015AB50 size: ?
For the record, I loaded the first track of the first series.
Storage
The map data array begins at 0x802B8D80. The records are 48 bytes each. The structure appears to follow this format:
struct mk64_map_data_t { unsigned rom_start; unsigned rom_end; ... };
credits: MBR, spinout182, Vexiant
Internal Data for Mario Kart 64
| |
---|---|