Mario_Bros_Crash.txt

1. Out of bounds write : 0xe55ec000
2. Out of bounds write : 0xe55ec001
3. Out of bounds write : 0xe55ec002
4. Out of bounds write : 0xe55ec003
5. Out of bounds write : 0xe55ec004
6. Out of bounds write : 0xe55ec005
7. Out of bounds write : 0xe55ec006
8. Out of bounds write : 0xe55ec007
9. Out of bounds write : 0xe55ec008
10. Out of bounds write : 0xe55ec009
11. Out of bounds write : 0xe55ec00a
12. Out of bounds write : 0xe55ec00b
13. Out of bounds write : 0xe55ec00c
14. Out of bounds write : 0xe55ec00d
15. Out of bounds write : 0xe55ec00e
16. Out of bounds write : 0xe55ec00f
17. Out of bounds write : 0xe55ec010
18. Out of bounds write : 0xe55ec011
19. Out of bounds write : 0xe55ec012
20. Out of bounds write : 0xe55ec013
21. Out of bounds write : 0xe55ec014
22. Out of bounds write : 0xe55ec015
23. Out of bounds write : 0xe55ec016
24. Out of bounds write : 0xe55ec017
25. CPU::Executing THUMB_15 : 0xc3dd
26.  
27. R0 : 0x03002748 -- R4 : 0xe55ec002 -- R8 : 0x00000000 -- R12 : 0x0000031e
28. R1 : 0x00000000 -- R5 : 0x00000000 -- R9 : 0x00000000 -- R13 : 0x03007d88
29. R2 : 0x000000d0 -- R6 : 0xe55ec002 -- R10 : 0x00000000 -- R14 : 0x08010ca5
30. R3 : 0xe55ec01a -- R7 : 0xe55ec002 -- R11 : 0x00000000 -- R15 : 0x030025b0
31. CPSR : 0x4000003f (.Z.. ..T)
32.  
33. ** Writes to 0xe55ec002, uses R3 as base I think. Real GBA would not write anything, but the problem here is that it should be writing to used memory space, not used
34. ** When is R3 set to 0xe55ec002?
35.  
36.  
37. ===========================================================================
38. CPU::Executing THUMB_15 : 0xc8da
39. R0 : 0x0000007c -- R4 : 0xe55ec002 -- R8 : 0x00000000 -- R12 : 0x0000031e
40. R1 : 0xe55ec002 -- R5 : 0x00000000 -- R9 : 0x00000000 -- R13 : 0x03007d88
41. R2 : 0x000000d0 -- R6 : 0xe55ec002 -- R10 : 0x00000000 -- R14 : 0x08010ca5
42. R3 : 0xe55ec002 -- R7 : 0xe55ec002 -- R11 : 0x00000000 -- R15 : 0x030025a6
43. CPSR : 0x0000003f (.... ..T)
44. ===========================================================================
45.  
46.  
47. -> Set here.
48. ** Better question, when is ANY register set to 0xe55ec002?
49.  
50.  
51. ===========================================================================
52. CPU::Executing THUMB_9 : 0x6b71
53. R0 : 0x00000000 -- R4 : 0x0000000f -- R8 : 0x00000000 -- R12 : 0x00000008
54. R1 : 0xe55ec002 -- R5 : 0x080f4020 -- R9 : 0x00000000 -- R13 : 0x03007d98
55. R2 : 0x00000000 -- R6 : 0x00000000 -- R10 : 0x00000000 -- R14 : 0x080b53ef
56. R3 : 0x00000000 -- R7 : 0x03007db4 -- R11 : 0x00000000 -- R15 : 0x080b59fa
57. CPSR : 0x4000003f (.Z.. ..T)
58. ===========================================================================
59.  
60.  
61. -> Set here. Happens pretty early.
62. ** What do other emulators say?
63.  
64. -> VBAM says it should be that value though
65. ** Okay, so the issue really is with whenever R3 is initially set to 0xe55ec002.
66. ** What does no$gba say about that instruction?
67.  
68. -> The instruction is totally wrong. It should not be 0xC3DD, but 0xDD00, then 0xE0C3.
69. ** Something is wrong with the DMAs (specifically DMA3). It may have to do with the fact that the addresses are not properly aligned? Crap, DMAs don't do mem_checks either :(