Mario Kart 64/Notes

From Data Crystal
< Mario Kart 64
Revision as of 00:02, 1 December 2013 by Einstein95 (talk | contribs) (Created page with "A deposit of the now defunct 64.vg/w/. ==Functions== ===Native functions=== →‎0x800936B8: extern void mk64_draw_text ( int x, int y, char * s, float xscale, float yscale, ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

A deposit of the now defunct 64.vg/w/.

Functions

Native functions

/* 0x800936B8 */ extern void mk64_draw_text ( int x, int y, char * s, float xscale, float yscale, int u );

/* 0x80057710 */ extern void mk64_debug_text_preface ( void );

/* 0x800577A4 */ extern void mk64_draw_debug_text ( int x, int y, char * );

/* 0x80098DF8 */ extern void mk64_draw_square ( void *, int up_x, int up_y, int low_x, int low_y, u8, u8, u8, u8 );

/* 0x800400D0 */ extern void mk64_mio0_decode ( void * input, void * output );

OS functions

0x800cbf70,osCreateThread

0x800cc0c0,osInitialize

0x800cc360,osStartThread

0x800cc4b0,osCreateViManager

0x800cc850,osViSetMode

0x800cc8c0,osViBlack

0x800cc930,osViSetSpecialFeatures

0x800ce8e0,osPfsNumFiles

0x800cea30,osPfsFileState

0x800ced20,osPfsFreeBlocks

0x800cee70,guRotateF

0x800cf004,guRotate

0x800cf060,guScaleF

0x800cf0b4,guScale

0x800cf100,guPerspectiveF

0x800cf330,guPerspective

0x800cf390,guLookAtF

0x800cf648,guLookAt

0x800cf6c0,guTranslateF

0x800cf708,guTranslate

0x800cf760,osSyncPrintf

0x800cf7c0,guMtxXFML

0x800cf820,guMtxCatL

0x800cf880,osPfsFindFile

0x800cfa40,osPfsDeleteFile

0x800cfd20,__osPfsReleasePages

0x800cff58,__osBlockSum

0x800d02d0,osPfsReadWriteFile

0x800d07d0,osPfsAllocateFile

0x800d0c54,__osPfsDeclearPage

0x800d0f80,osAiSetFrequency

0x800d10e0,osAiGetLength

0x800d10f0,osAiSetNextBuffer

0x800d11a0,osGetCount

0x800d1ab0,__osDisableInt

0x800d1ad0,__osRestoreInt

0x800d1af0,__osDequeueThread

0x800d1b30,__osSetSR

0x800d1b40,__osGetSR

0x800d1b50,__osSetFpcCsr

0x800d1b60,__osSiRawReadIo

0x800d1b60,__osSpRawReadIo

0x800d1bb0,__osSpRawWriteIo

0x800d1bb0,__osSiRawWriteIo

0x800d1c00,osWritebackDCache

0x800d1c80,osMapTLBRdb

0x800d1ce0,osPiRawReadIo

0x800d1d40,__osSetHWIntrRoutine

0x800d2610,__osTimerServicesInit

0x800d269c,__osTimerInterrupt

0x800d2814,__osSetTimerIntr

0x800d2888,__osInsertTimer

0x800d2a10,osGetThreadPri

0x800d2a30,__osViInit

0x800d2b90,__osViSwapContext

0x800d2fb0,osPiRawStartDma

0x800d3090,osEPiRawStartDma

0x800d3520,bcopy/_bcopy

0x800d3830,osVirtualToPhysical

0x800d38b0,__osSpSetStatus

0x800d38c0,__osSpSetPc

0x800d3900,__osSpRawStartDma

0x800d3990,__osSpDeviceBusy

0x800d39c0,osSetTimer

0x800d3aa0,__osSiRawStartDma

0x800d3c10,osJamMesg

0x800d3d60,osPiGetCmdQueue

0x800d3d90,__osSpGetStatus

0x800d3da0,guMtxF2L

0x800d3ea0,guMtxIdentF

0x800d3f28,guMtxIdent

0x800d3f58,guMtxL2F

0x800d4010,osEepromWrite

0x800d42cc,__osEepStatus

0x800d44f0,__osSumcalc

0x800d454c,__osIdCheckSum

0x800d45b4,__osRepairPackId

0x800d49cc,__osCheckPackId

0x800d4b64,__osGetId

0x800d4dc0,__osCheckId

0x800d4ebc,__osPfsRWInode

0x800d51dc,__osPfsSelectBank

0x800d5250,osPfsChecker

0x800d5914,corrupted_init

0x800d5ac8,corrupted

0x800d5cb0,__osContRamRead

0x800d6060,guNormalize

0x800d60f0,__sinf/fsin/sinf

0x800d62b0,__cosf/fcos/cosf

0x800d6420,_Printf

0x800d70e0,guMtxXFMF

0x800d7180,guMtxCatF

0x800d72f0,__osContRamWrite

0x800d76a0,osEepromRead

0x800d79a0,__osAiDeviceBusy

0x800d79d0,osSetIntMask

0x800d7a70,osDestroyThread

0x800d7b70,__osSiDeviceBusy

0x800d7c90,__osSetCompare

0x800d7ca0,__osResetGlobalIntMask

0x800d7d00,osEPiRawWriteIo

0x800d7d50,osYieldThread

0x800d7da0,__osProbeTLB

0x800d7e60,__osContAddressCrc

0x800d7f10,__osContDataCrc

0x800d7fe0,memcpy

0x800d800c,strlen

0x800d8034,strchr

0x800d8080,_Litob

0x800d8320,_Ldtob

0x800d8de0,lldiv

0x800d8ee0,ldiv

0x800ea5e0,osClockRate

0x800ea5e8,__osShutdown

0x800ea5ec,__OSGlobalIntMask

0x800ea5f0,osDiskExist

0x800ea620,osViModeNtscLpn1

0x800ea620,osViModeTable

0x800ea670,osViModeNtscLpf1

0x800ea710,osViModeNtscLaf1

0x800ea760,osViModeNtscLpn2

0x800ea7b0,osViModeNtscLpf2

0x800ea800,osViModeNtscLan2

0x800ea850,osViModeNtscLaf2

0x800ea8a0,osViModeNtscHpn1

0x800ea8f0,osViModeNtscHpf1

0x800ea940,osViModeNtscHan1

0x800ea990,osViModeNtscHaf1

0x800ea9e0,osViModeNtscHpn2

0x800eaa30,osViModeNtscHpf2

0x800eaa80,osViModePalLpn1

0x800eaad0,osViModePalLpf1

0x800eab70,osViModePalLaf1

0x800eabc0,osViModePalLpn2

0x800eac10,osViModePalLpf2

0x800eac60,osViModePalLan2

0x800eacb0,osViModePalLaf2

0x800ead00,osViModePalHpn1

0x800ead50,osViModePalHpf1

0x800eada0,osViModePalHan1

0x800eadf0,osViModePalHaf1

0x800eae40,osViModePalHpn2

0x800eae90,osViModePalHpf2

0x800eaee0,osViModeMpalLpn1

0x800eaf30,osViModeMpalLpf1

0x800eafd0,osViModeMpalLaf1

0x800eb020,osViModeMpalLpn2

0x800eb070,osViModeMpalLpf2

0x800eb0c0,osViModeMpalLan2

0x800eb110,osViModeMpalLaf2

0x800eb160,osViModeMpalHpn1

0x800eb1b0,osViModeMpalHpf1

0x800eb200,osViModeMpalHan1

0x800eb250,osViModeMpalHaf1

0x800eb2a0,osViModeMpalHpn2

0x800eb2f0,osViModeMpalHpf2

0x800f3c10,__osRcpImTable

Symbols

0x800046AC { osViExtendVStart }

 Auxiliary symbols for `osViExtendVStart`:
   0x80162D5C = __additional_scanline

0x80028F5C { osSyncPrintf, rmonPrintf }

0x8005994C { leoInitUnit_atten }

 Auxiliary symbols for `leoInitUnit_atten`:

0x8005C654 { alSynDelete }

0x800CE130 0x800D2B80 { __osViGetCurrentContext, __osViGetNextContext, osPiGetDeviceType, __osGetActiveQueue, __osGetCurrFaultedThread, leoChkUnit_atten }

 Auxiliary symbols for `__osViGetCurrentContext`:
   0x800EB3AC = __osViCurr
 Auxiliary symbols for `__osViGetNextContext`:
   0x800EB3AC = __osViNext
 Auxiliary symbols for `osPiGetDeviceType`:
   0x800EB3AC = osRomType
 Auxiliary symbols for `__osGetActiveQueue`:
   0x800EB3AC = __osActiveQueue
 Auxiliary symbols for `__osGetCurrFaultedThread`:
   0x800EB3AC = __osFaultedThread
 Auxiliary symbols for `leoChkUnit_atten`:

0x800D2A10 { osGetThreadPri }

 Auxiliary symbols for `osGetThreadPri`:
   0x800EB3B0 = __osRunningThread

Stack traces

Various

Text printing during map loading

  1. 00 0x800936B8 SRC:0x800A05B4 ARG:{0x00000010,0x00000024,0x800EF868,0x00000008}
  2. 01 0x8009F5E0 SRC:0x800A81E4 ARG:{0x8018DEB8,0x801431C8,0x06000000,0x0000013F}
  3. 02 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
  4. 03 0x800A8230 SRC:0x80094278 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
  5. 04 0x800940EC SRC:0x80093AB4 ARG:{0x800F0000,0x00000000,0x0000F7FD,0x8014EF40}
  6. 05 0x80093A5C SRC:0x802A5C84 ARG:{0x00000000,0x80150298,0x0000F7FD,0x8014EF40}
  7. 06 0x802A59A4 SRC:0x80001608 ARG:{0x00000001,0x800DC668,0x00000001,0x80162600}
  8. 07 0x8000142C SRC:0x80001F38 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
  9. 08 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}

Spinning Nintendo logo (guRotate) Stack trace for thread 5 (0x801589D0):

  1. 00 0x800CF0B4 SRC:0x800943C4 ARG:{0x00000002,0x3F800000,0x3F800000,0x40400000}
  2. 01 0x800942D0 SRC:0x80094744 ARG:{0x00000002,0xF63C0000,0x00000004,0x8015A9B0}
  3. 02 0x80094660 SRC:0x8009F6D4 ARG:{0x801263D0,0x000000FF,0x8019F7C8,0x00000006}
  4. 03 0x8009F5E0 SRC:0x800A81E4 ARG:{0x49018008,0x000000FF,0x8019F7C8,0x00000006}
  5. 04 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
  6. 05 0x800A8230 SRC:0x80094BE8 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
  7. 06 0x80094A64 SRC:0x80001F28 ARG:{0x80150000,0x80150298,0x00000000,0x00000048}
  8. 07 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}

"Cannot save race data for ghost" (m64p) watch 80092C98 Now watching 0x80092C98.

(m64p) continue

Breakpoint triggered at 0x80092C98. (m64p) bt Stack trace for thread 5 (0x801589D0):

  1. 00 0x80092C90 SRC:0x80093068 ARG:{0x800F0938,0x000000FF,0x8019F7A8,0x00000006}
   $sp:0x8015A898  size: 40b
  1. 01 0x80093034 SRC:0x800A7118 ARG:{0x800F0938,0x000000FF,0x8019F7A8,0x00000006}
   $sp:0x8015A8C0  size: 72b
  1. 02 0x800A70E8 SRC:0x800A07EC ARG:{0x8018DAA8,0x000000FF,0x8019F7A8,0x00000006}
   $sp:0x8015A908  size: 176b
  1. 03 0x8009F5E0 SRC:0x800A81E4 ARG:{0x8018DAA8,0x000000FF,0x8019F7A8,0x00000006}
   $sp:0x8015A9B8  size: 56b
  1. 04 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7A8,0x00000006}
   $sp:0x8015A9F0  size: 24b
  1. 05 0x800A8230 SRC:0x80094278 ARG:{0x00000000,0x000000FF,0x8019F7A8,0x00000006}
   $sp:0x8015AA08  size: 48b
  1. 06 0x800940EC SRC:0x80093AB4 ARG:{0x00000000,0x00000000,0x00000000,0x8014EF40}
   $sp:0x8015AA38  size: 24b
  1. 07 0x80093A5C SRC:0x802A5C84 ARG:{0x00000000,0x80150298,0x00000000,0x8014EF40}
   $sp:0x8015AA50  size: 192b
  1. 08 0x802A59A4 SRC:0x80001608 ARG:{0x00000000,0x800DC668,0x00000001,0x80162600}
   $sp:0x8015AB10  size: 40b
  1. 09 0x8000142C SRC:0x80001F38 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
   $sp:0x8015AB38  size: 24b
  1. 10 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
   $sp:0x8015AB50  size: ?




Extractor

A rudimentary extractor which picks out MIO0 blocks and infers their length via the compression format can be found here. You can also download the Windows binary


Filesystem

Mario Kart 64 doesn't have a single unified filesystem. A search for "MIO0\x00\x00\x10\x00" confirms this. Files are either loaded via distinct tables or through direct lui/addiu operations. This does not dismiss the possibility of being able to change the compression algorithm the ROM uses, however. A hash table could be employed with the original offsets of the file being used as the key. Thus, a DMA function could be intercepted and the proper file loaded regardless of new location.

(Source: MBR)

Player Data

Pointers to the 8 individual drivers are at 0x800DC4DC. Each driver structure appears to be 3544 bytes long. struct mk64_player

   float unkn;
   u32 u1;
   u32 u2;
   u32 u3;
   u32 u4;

   float x, y, z;
   u16 u5;
   u16 rotation;

   float unkn;

   float x_accel, y_accel, z_accel;

Map Data

The code that processes the DMA and decompression of map files is dynamically loaded. 0x802AA918: sll t6,a0,2

0x802AA91C: subu t6,t6,a0

0x802AA920: lui t7,0x802c

0x802AA924: addiu t7,t7,-29312

0x802AA928: sll t6,t6,4

0x802AA92C: addu v0,t6,t7

0x802AA930: addiu $sp,$sp,-96

0x802AA934: lui v1,0x800e

0x802AA938: lw v1,-15092(v1)

0x802AA93C: lw t8,0(v0)

0x802AA940: lw t9,4(v0)

0x802AA944: lw t0,8(v0)

0x802AA948: lw t1,12(v0)

0x802AA94C: lw t2,40(v0)

0x802AA950: lw t3,24(v0)

0x802AA954: lw t4,32(v0)

0x802AA958: lw t5,28(v0)

0x802AA95C: lw t6,36(v0)

0x802AA960: lhu t7,44(v0)

0x802AA964: li $at,5

0x802AA968: sw $ra,20($sp)

0x802AA96C: lw a2,16(v0)

0x802AA970: lw a1,20(v0)

0x802AA974: sw t8,72($sp)

0x802AA978: sw t9,68($sp)

0x802AA97C: sw t0,64($sp)

0x802AA980: sw t1,60($sp)

0x802AA984: sw t2,48($sp)

0x802AA988: sw t3,44($sp)

0x802AA98C: sw t4,40($sp)

0x802AA990: sw t5,36($sp)

0x802AA994: sw t6,32($sp)

0x802AA998: beq v1,$at,0x802AA9AC

0x802AA99C: sw t7,28($sp)

0x802AA9A0: li $at,9

0x802AA9A4: bne v1,$at,0x802AA9BC

0x802AA9A8: lui t9,0x8028

0x802AA9AC: lui t8,0x8028

0x802AA9B0: lui $at,0x8016

0x802AA9B4: b 0x802AA9C8

0x802AA9B8: sw t8,-2260($at)

0x802AA9BC: ori t9,t9,0xdf00

0x802AA9C0: lui $at,0x8016

0x802AA9C4: sw t9,-2260($at)

0x802AA9C8: jal 0x802A7D70

0x802AA9CC: or a0,a2,$zero

0x802AA9D0: li a0,9

0x802AA9D4: jal 0x802A7B94

0x802AA9D8: or a1,v0,$zero

0x802AA9DC: lui t0,0x800e

0x802AA9E0: lw t0,-15092(t0)

0x802AA9E4: li $at,5

0x802AA9E8: lw a0,72($sp)

0x802AA9EC: beq t0,$at,0x802AAA08

0x802AA9F0: nop

0x802AA9F4: jal 0x802AA88C /* Map is decompressed further down the line here */

0x802AA9F8: lw a1,68($sp)

0x802AA9FC: li a0,6

Stack trace hereto: (m64p) bt Stack trace for thread 5 (0x801589D0):

  1. 00 0x800400D0 SRC:0x802AA8E8 ARG:{0x802899C0,0x801CCF10,0x00000001,0x802BA360}
   $sp:0x8015AA90  size: 48b
  1. 01 0x802AA88C SRC:0x802AA9F4 ARG:{0x0084E8E0,0x00852E20,0x00000001,0x802BA360}
   $sp:0x8015AAC0  size: 96b
  1. 02 0x802AA918 SRC:0x80002AF4 ARG:{0x00000008,0x0002C470,0x00000001,0x802BA360}
   $sp:0x8015AB20  size: 24b
  1. 03 0x80002A18 SRC:0x8000271C ARG:{0x8028DF00,0x0002C470,0x00000001,0x802BA360}
   $sp:0x8015AB38  size: 24b
  1. 04 0x80002684 SRC:0x80002884 ARG:{0x00000001,0x00006D6E,0x00000000,0x00000000}
   $sp:0x8015AB50  size: ?

For the record, I loaded the first track of the first series.

Storage

The map data array begins at 0x802B8D80. The records are 48 bytes each. The structure appears to follow this format:

struct mk64_map_data_t
{
    unsigned rom_start;
    unsigned rom_end;
    ...
};

credits: MBR, spinout182, Vexiant