Mario Kart 64/Notes

From Data Crystal
< Mario Kart 64
Revision as of 14:50, 1 December 2013 by Snarfblam (talk | contribs) (Edited formatting for consistency)
Jump to navigation Jump to search

Chip tiny.png The following article is a Notes Page for Mario Kart 64.

A deposit of the now defunct 64.vg/w/.

Functions

Native functions

/* 0x800936B8 */
extern void mk64_draw_text ( int x, int y, char * s, float xscale, float yscale, int u );
 
/* 0x80057710 */
extern void mk64_debug_text_preface ( void );
 
/* 0x800577A4 */
extern void mk64_draw_debug_text ( int x, int y, char * );
 
/* 0x80098DF8 */
extern void mk64_draw_square ( void *, int up_x, int up_y, int low_x, int low_y, u8, u8, u8, u8 );
 
/* 0x800400D0 */
extern void mk64_mio0_decode ( void * input, void * output );

OS functions

0x800cbf70,osCreateThread
0x800cc0c0,osInitialize
0x800cc360,osStartThread
0x800cc4b0,osCreateViManager
0x800cc850,osViSetMode
0x800cc8c0,osViBlack
0x800cc930,osViSetSpecialFeatures
0x800ce8e0,osPfsNumFiles
0x800cea30,osPfsFileState
0x800ced20,osPfsFreeBlocks
0x800cee70,guRotateF
0x800cf004,guRotate
0x800cf060,guScaleF
0x800cf0b4,guScale
0x800cf100,guPerspectiveF
0x800cf330,guPerspective
0x800cf390,guLookAtF
0x800cf648,guLookAt
0x800cf6c0,guTranslateF
0x800cf708,guTranslate
0x800cf760,osSyncPrintf
0x800cf7c0,guMtxXFML
0x800cf820,guMtxCatL
0x800cf880,osPfsFindFile
0x800cfa40,osPfsDeleteFile
0x800cfd20,__osPfsReleasePages
0x800cff58,__osBlockSum
0x800d02d0,osPfsReadWriteFile
0x800d07d0,osPfsAllocateFile
0x800d0c54,__osPfsDeclearPage
0x800d0f80,osAiSetFrequency
0x800d10e0,osAiGetLength
0x800d10f0,osAiSetNextBuffer
0x800d11a0,osGetCount
0x800d1ab0,__osDisableInt
0x800d1ad0,__osRestoreInt
0x800d1af0,__osDequeueThread
0x800d1b30,__osSetSR
0x800d1b40,__osGetSR
0x800d1b50,__osSetFpcCsr
0x800d1b60,__osSiRawReadIo
0x800d1b60,__osSpRawReadIo
0x800d1bb0,__osSpRawWriteIo
0x800d1bb0,__osSiRawWriteIo
0x800d1c00,osWritebackDCache
0x800d1c80,osMapTLBRdb
0x800d1ce0,osPiRawReadIo
0x800d1d40,__osSetHWIntrRoutine
0x800d2610,__osTimerServicesInit
0x800d269c,__osTimerInterrupt
0x800d2814,__osSetTimerIntr
0x800d2888,__osInsertTimer
0x800d2a10,osGetThreadPri
0x800d2a30,__osViInit
0x800d2b90,__osViSwapContext
0x800d2fb0,osPiRawStartDma
0x800d3090,osEPiRawStartDma
0x800d3520,bcopy/_bcopy
0x800d3830,osVirtualToPhysical
0x800d38b0,__osSpSetStatus
0x800d38c0,__osSpSetPc
0x800d3900,__osSpRawStartDma
0x800d3990,__osSpDeviceBusy
0x800d39c0,osSetTimer
0x800d3aa0,__osSiRawStartDma
0x800d3c10,osJamMesg
0x800d3d60,osPiGetCmdQueue
0x800d3d90,__osSpGetStatus
0x800d3da0,guMtxF2L
0x800d3ea0,guMtxIdentF
0x800d3f28,guMtxIdent
0x800d3f58,guMtxL2F
0x800d4010,osEepromWrite
0x800d42cc,__osEepStatus
0x800d44f0,__osSumcalc
0x800d454c,__osIdCheckSum
0x800d45b4,__osRepairPackId
0x800d49cc,__osCheckPackId
0x800d4b64,__osGetId
0x800d4dc0,__osCheckId
0x800d4ebc,__osPfsRWInode
0x800d51dc,__osPfsSelectBank
0x800d5250,osPfsChecker
0x800d5914,corrupted_init
0x800d5ac8,corrupted
0x800d5cb0,__osContRamRead
0x800d6060,guNormalize
0x800d60f0,__sinf/fsin/sinf
0x800d62b0,__cosf/fcos/cosf
0x800d6420,_Printf
0x800d70e0,guMtxXFMF
0x800d7180,guMtxCatF
0x800d72f0,__osContRamWrite
0x800d76a0,osEepromRead
0x800d79a0,__osAiDeviceBusy
0x800d79d0,osSetIntMask
0x800d7a70,osDestroyThread
0x800d7b70,__osSiDeviceBusy
0x800d7c90,__osSetCompare
0x800d7ca0,__osResetGlobalIntMask
0x800d7d00,osEPiRawWriteIo
0x800d7d50,osYieldThread
0x800d7da0,__osProbeTLB
0x800d7e60,__osContAddressCrc
0x800d7f10,__osContDataCrc
0x800d7fe0,memcpy
0x800d800c,strlen
0x800d8034,strchr
0x800d8080,_Litob
0x800d8320,_Ldtob
0x800d8de0,lldiv
0x800d8ee0,ldiv
0x800ea5e0,osClockRate
0x800ea5e8,__osShutdown
0x800ea5ec,__OSGlobalIntMask
0x800ea5f0,osDiskExist
0x800ea620,osViModeNtscLpn1
0x800ea620,osViModeTable
0x800ea670,osViModeNtscLpf1
0x800ea710,osViModeNtscLaf1
0x800ea760,osViModeNtscLpn2
0x800ea7b0,osViModeNtscLpf2
0x800ea800,osViModeNtscLan2
0x800ea850,osViModeNtscLaf2
0x800ea8a0,osViModeNtscHpn1
0x800ea8f0,osViModeNtscHpf1
0x800ea940,osViModeNtscHan1
0x800ea990,osViModeNtscHaf1
0x800ea9e0,osViModeNtscHpn2
0x800eaa30,osViModeNtscHpf2
0x800eaa80,osViModePalLpn1
0x800eaad0,osViModePalLpf1
0x800eab70,osViModePalLaf1
0x800eabc0,osViModePalLpn2
0x800eac10,osViModePalLpf2
0x800eac60,osViModePalLan2
0x800eacb0,osViModePalLaf2
0x800ead00,osViModePalHpn1
0x800ead50,osViModePalHpf1
0x800eada0,osViModePalHan1
0x800eadf0,osViModePalHaf1
0x800eae40,osViModePalHpn2
0x800eae90,osViModePalHpf2
0x800eaee0,osViModeMpalLpn1
0x800eaf30,osViModeMpalLpf1
0x800eafd0,osViModeMpalLaf1
0x800eb020,osViModeMpalLpn2
0x800eb070,osViModeMpalLpf2
0x800eb0c0,osViModeMpalLan2
0x800eb110,osViModeMpalLaf2
0x800eb160,osViModeMpalHpn1
0x800eb1b0,osViModeMpalHpf1
0x800eb200,osViModeMpalHan1
0x800eb250,osViModeMpalHaf1
0x800eb2a0,osViModeMpalHpn2
0x800eb2f0,osViModeMpalHpf2
0x800f3c10,__osRcpImTable

Symbols

0x800046AC { osViExtendVStart }
  Auxiliary symbols for `osViExtendVStart`:
    0x80162D5C = __additional_scanline

0x80028F5C { osSyncPrintf, rmonPrintf }

0x8005994C { leoInitUnit_atten }
  Auxiliary symbols for `leoInitUnit_atten`:

0x8005C654 { alSynDelete }

0x800CE130 0x800D2B80 { __osViGetCurrentContext, __osViGetNextContext, osPiGetDeviceType, __osGetActiveQueue, __osGetCurrFaultedThread, leoChkUnit_atten }
  Auxiliary symbols for `__osViGetCurrentContext`:
    0x800EB3AC = __osViCurr
  Auxiliary symbols for `__osViGetNextContext`:
    0x800EB3AC = __osViNext
  Auxiliary symbols for `osPiGetDeviceType`:
    0x800EB3AC = osRomType
  Auxiliary symbols for `__osGetActiveQueue`:
    0x800EB3AC = __osActiveQueue
  Auxiliary symbols for `__osGetCurrFaultedThread`:
    0x800EB3AC = __osFaultedThread
  Auxiliary symbols for `leoChkUnit_atten`:

0x800D2A10 { osGetThreadPri }
  Auxiliary symbols for `osGetThreadPri`:
    0x800EB3B0 = __osRunningThread

Stack traces

Various

Text printing during map loading
#00 0x800936B8 SRC:0x800A05B4 ARG:{0x00000010,0x00000024,0x800EF868,0x00000008}
#01 0x8009F5E0 SRC:0x800A81E4 ARG:{0x8018DEB8,0x801431C8,0x06000000,0x0000013F}
#02 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
#03 0x800A8230 SRC:0x80094278 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
#04 0x800940EC SRC:0x80093AB4 ARG:{0x800F0000,0x00000000,0x0000F7FD,0x8014EF40}
#05 0x80093A5C SRC:0x802A5C84 ARG:{0x00000000,0x80150298,0x0000F7FD,0x8014EF40}
#06 0x802A59A4 SRC:0x80001608 ARG:{0x00000001,0x800DC668,0x00000001,0x80162600}
#07 0x8000142C SRC:0x80001F38 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
#08 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
Spinning Nintendo logo (guRotate)
Stack trace for thread 5 (0x801589D0):
#00 0x800CF0B4 SRC:0x800943C4 ARG:{0x00000002,0x3F800000,0x3F800000,0x40400000}
#01 0x800942D0 SRC:0x80094744 ARG:{0x00000002,0xF63C0000,0x00000004,0x8015A9B0}
#02 0x80094660 SRC:0x8009F6D4 ARG:{0x801263D0,0x000000FF,0x8019F7C8,0x00000006}
#03 0x8009F5E0 SRC:0x800A81E4 ARG:{0x49018008,0x000000FF,0x8019F7C8,0x00000006}
#04 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
#05 0x800A8230 SRC:0x80094BE8 ARG:{0x00000000,0x000000FF,0x8019F7C8,0x00000006}
#06 0x80094A64 SRC:0x80001F28 ARG:{0x80150000,0x80150298,0x00000000,0x00000048}
#07 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
"Cannot save race data for ghost"
(m64p) watch 80092C98
Now watching 0x80092C98.

(m64p) continue

Breakpoint triggered at 0x80092C98.
(m64p) bt
Stack trace for thread 5 (0x801589D0):
#00 0x80092C90 SRC:0x80093068 ARG:{0x800F0938,0x000000FF,0x8019F7A8,0x00000006}
    $sp:0x8015A898  size: 40b
#01 0x80093034 SRC:0x800A7118 ARG:{0x800F0938,0x000000FF,0x8019F7A8,0x00000006}
    $sp:0x8015A8C0  size: 72b
#02 0x800A70E8 SRC:0x800A07EC ARG:{0x8018DAA8,0x000000FF,0x8019F7A8,0x00000006}
    $sp:0x8015A908  size: 176b
#03 0x8009F5E0 SRC:0x800A81E4 ARG:{0x8018DAA8,0x000000FF,0x8019F7A8,0x00000006}
    $sp:0x8015A9B8  size: 56b
#04 0x800A7A4C SRC:0x800A8238 ARG:{0x00000000,0x000000FF,0x8019F7A8,0x00000006}
    $sp:0x8015A9F0  size: 24b
#05 0x800A8230 SRC:0x80094278 ARG:{0x00000000,0x000000FF,0x8019F7A8,0x00000006}
    $sp:0x8015AA08  size: 48b
#06 0x800940EC SRC:0x80093AB4 ARG:{0x00000000,0x00000000,0x00000000,0x8014EF40}
    $sp:0x8015AA38  size: 24b
#07 0x80093A5C SRC:0x802A5C84 ARG:{0x00000000,0x80150298,0x00000000,0x8014EF40}
    $sp:0x8015AA50  size: 192b
#08 0x802A59A4 SRC:0x80001608 ARG:{0x00000000,0x800DC668,0x00000001,0x80162600}
    $sp:0x8015AB10  size: 40b
#09 0x8000142C SRC:0x80001F38 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
    $sp:0x8015AB38  size: 24b
#10 0x80001ECC SRC:0x800028A4 ARG:{0x800DC4C0,0x800DC4C4,0x800DC4C8,0x00000000}
    $sp:0x8015AB50  size: ?




Extractor

A rudimentary extractor which picks out MIO0 blocks and infers their length via the compression format can be found here. You can also download the Windows binary


Filesystem

Mario Kart 64 doesn't have a single unified filesystem. A search for "MIO0\x00\x00\x10\x00" confirms this. Files are either loaded via distinct tables or through direct lui/addiu operations. This does not dismiss the possibility of being able to change the compression algorithm the ROM uses, however. A hash table could be employed with the original offsets of the file being used as the key. Thus, a DMA function could be intercepted and the proper file loaded regardless of new location.

(Source: MBR)

Player Data

Pointers to the 8 individual drivers are at 0x800DC4DC. Each driver structure appears to be 3544 bytes long.

struct mk64_player

    float unkn;
    u32 u1;
    u32 u2;
    u32 u3;
    u32 u4;
 
    float x, y, z;
    u16 u5;
    u16 rotation;
 
    float unkn;
 
    float x_accel, y_accel, z_accel;

Map Data

The code that processes the DMA and decompression of map files is dynamically loaded.

0x802AA918:  sll             t6,a0,2
0x802AA91C:  subu            t6,t6,a0
0x802AA920:  lui             t7,0x802c
0x802AA924:  addiu           t7,t7,-29312
0x802AA928:  sll             t6,t6,4
0x802AA92C:  addu            v0,t6,t7
0x802AA930:  addiu           $sp,$sp,-96
0x802AA934:  lui             v1,0x800e
0x802AA938:  lw              v1,-15092(v1)
0x802AA93C:  lw              t8,0(v0)
0x802AA940:  lw              t9,4(v0)
0x802AA944:  lw              t0,8(v0)
0x802AA948:  lw              t1,12(v0)
0x802AA94C:  lw              t2,40(v0)
0x802AA950:  lw              t3,24(v0)
0x802AA954:  lw              t4,32(v0)
0x802AA958:  lw              t5,28(v0)
0x802AA95C:  lw              t6,36(v0)
0x802AA960:  lhu             t7,44(v0)
0x802AA964:  li              $at,5
0x802AA968:  sw              $ra,20($sp)
0x802AA96C:  lw              a2,16(v0)
0x802AA970:  lw              a1,20(v0)
0x802AA974:  sw              t8,72($sp)
0x802AA978:  sw              t9,68($sp)
0x802AA97C:  sw              t0,64($sp)
0x802AA980:  sw              t1,60($sp)
0x802AA984:  sw              t2,48($sp)
0x802AA988:  sw              t3,44($sp)
0x802AA98C:  sw              t4,40($sp)
0x802AA990:  sw              t5,36($sp)
0x802AA994:  sw              t6,32($sp)
0x802AA998:  beq             v1,$at,0x802AA9AC
0x802AA99C:  sw              t7,28($sp)
0x802AA9A0:  li              $at,9
0x802AA9A4:  bne             v1,$at,0x802AA9BC
0x802AA9A8:  lui             t9,0x8028
0x802AA9AC:  lui             t8,0x8028
0x802AA9B0:  lui             $at,0x8016
0x802AA9B4:  b               0x802AA9C8
0x802AA9B8:  sw              t8,-2260($at)
0x802AA9BC:  ori             t9,t9,0xdf00
0x802AA9C0:  lui             $at,0x8016
0x802AA9C4:  sw              t9,-2260($at)
0x802AA9C8:  jal             0x802A7D70
0x802AA9CC:  or              a0,a2,$zero
0x802AA9D0:  li              a0,9
0x802AA9D4:  jal             0x802A7B94
0x802AA9D8:  or              a1,v0,$zero
0x802AA9DC:  lui             t0,0x800e
0x802AA9E0:  lw              t0,-15092(t0)
0x802AA9E4:  li              $at,5
0x802AA9E8:  lw              a0,72($sp)
0x802AA9EC:  beq             t0,$at,0x802AAA08
0x802AA9F0:  nop
0x802AA9F4:  jal             0x802AA88C         /* Map is decompressed further down the line here */
0x802AA9F8:  lw              a1,68($sp)
0x802AA9FC:  li              a0,6

Stack trace hereto:

(m64p) bt
Stack trace for thread 5 (0x801589D0):
#00 0x800400D0 SRC:0x802AA8E8 ARG:{0x802899C0,0x801CCF10,0x00000001,0x802BA360}
    $sp:0x8015AA90  size: 48b
#01 0x802AA88C SRC:0x802AA9F4 ARG:{0x0084E8E0,0x00852E20,0x00000001,0x802BA360}
    $sp:0x8015AAC0  size: 96b
#02 0x802AA918 SRC:0x80002AF4 ARG:{0x00000008,0x0002C470,0x00000001,0x802BA360}
    $sp:0x8015AB20  size: 24b
#03 0x80002A18 SRC:0x8000271C ARG:{0x8028DF00,0x0002C470,0x00000001,0x802BA360}
    $sp:0x8015AB38  size: 24b
#04 0x80002684 SRC:0x80002884 ARG:{0x00000001,0x00006D6E,0x00000000,0x00000000}
    $sp:0x8015AB50  size: ?

For the record, I loaded the first track of the first series.

Storage

The map data array begins at 0x802B8D80. The records are 48 bytes each. The structure appears to follow this format:

struct mk64_map_data_t
{
    unsigned rom_start;
    unsigned rom_end;
    ...
};

credits: MBR, spinout182, Vexiant