Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 0x11936A8, 0x151B0 bin LBA 0x400: sound tables
- 0x126B3C8 bin LBA 0x432: sound samples
- 0x1518FA8
- 0x18D0268 ram.mfs
- 0x3D7A028 copy of fonts from IPL
- For Nemu NOP 80032188!
- 0x1527890 for IPL music; 0x2BE480
- +_+ addresses and functions
- 8001FA00 0x206E8 Thread: LeoWrk
- 80020250 0x20F38 A2=size of A1 LBAs starting at LBA A0
- 800203A0 V0=p->IPL EPI handle @80154A30, creating if necessary
- 800278A0 0x28588 send or jam (A2) msg A1 to queue A0
- 80027D40 0x28A28 read or wait (A2) to write msg f/ queue A0 to A1
- 80028624 getting an inf. loop here due to stack corruption
- while not call 8002E0A0(): # True if SP Status and SP Busy clear
- pass
- call 80032180(0x125) # SP Status = A0
- 80028670
- 80029E10 create thread
- 8002A3D0 0x2B0B8 cache A2 bytes at A1 before hardware write
- 8002B850 0x2C538
- @0x2C5EC creates the E/PI thread
- 800732C0 = (1, 801568C0, [800B3458], 80157A70, 801564C8, 8002BDD0, 8002E710) (flag, thread, req, callback, busy, f(PI), f(EPI))
- 8002B9C0 0x2C6A8 Thread: E/PI
- 8002BDD0 0x2CAB8 PI for boot device
- (check this one!)
- 8002DDB0 0x2EA98 send EPI read or write (A2) request A1 using EPI handle A0
- accepts: A0=p->EPI handle, A1=p->req, A2=mode (0:EPI read, 1:EPI write)
- 8002DFC0 0x2ECA8 create queue A0 with A2 msgs at A1
- 8002DFF0 0x2ECD8 cache A2 bytes at A1 before hardware read
- 8002FB00 0x307E8 V0=0 if not @800732C0 else p->E/PI request queue
- 8002FCA0 0x30988 write word A2 to A1 using EPI handle A0
- 80154A30 p->EPI IPL handle
- 80154AB0 p->EPI ASIC handle
- +_+ changes
- alternate:
- 0x20788 8001FAA0 LeoWrk: remove ASIC Status and error detection, plus set default values
- 3C058000 LUI A1,8000
- ...
- 0xE398
- 8CA501A0 LW A1,01A0 (A1)
- 3C06A002 LUI A2,A002
- 1000000A BEQ R0,R0,+10
- ACC5FAE0 SW A1,FAE0 (A2)
- original:
- 0x20788 8001FAA0 LeoWrk: remove ASIC Status and error detection, plus set default values
- 3C050100 LUI A1,0100 ;default ASIC Status value
- ...
- 0x20798
- 3C068015 LUI A2,8015
- 1000000B BEQ R0,R0,+11
- ACC54B30 SW A1,4B30 (A2)
- 00000000
- 00000000
- 00000000
- 00000000
- 00000000
- 00000000
- 00000000
- 00000000
- 00000000
- ...
- 0x20988 alter a branch over eliminated code
- 10200036 BEQ AT,R0,+0x36
- ...
- 0x209DC 8001FCF4 0x88 of zeroes!
- 0x20A64 8001FD7C
- 0C007F9F JAL 8001FE7C ;directly read disk header to 800C86E0
- 00000000 NOP
- change some pointers! 8001FCF4 -> 8001FD7C
- 0x74938, 0x7493C, 0x74940, 0x74944, 0x7494C, 0x74950, 0x74958
- 0x20B64 8001FE7C rewritten: directly read disk header from ROM, return 0
- 27BDFFE8 ADDIU SP,SP,FFE8
- 3C058015 LUI A1,8015
- AFBF0014 SW RA,0014 (SP)
- 8CA249B0 LW V0,49B0 (A1)
- 24041000 ADDIU A0,R0,1000
- 24A562E0 ADDIU A1,A1,62E0
- 240600E8 ADDIU A2,R0,00E8
- 0C0081F4 JAL 800207D0 ;read A2 bytes from offset A0 to rdram A1
- A4400004 SH R0,0004 (V0)
- 8FBF0014 LW RA,0014 (SP)
- 00001025 OR V0,R0,R0
- 03E00008 JR RA
- 27BD0018 ADDIU SP,SP,0018
- 0x180 zeroes
- 0x20DA4 800200BC rewritten: process disk read or write (A1) request at 801549B0 using base LBA 0
- 00002825 OR A1,R0,R0
- 0x20DA8 800200C0 rewritten: process disk read or write (A1) request at 801549B0 using base LBA A0
- 27BDFFE0 ADDIU SP,SP,FFE0
- AFBF001C SW RA,001C (SP)
- AFB00018 SW S0,0018 (SP)
- 3C108015 LUI S0,8015
- 8E0649B0 LW A2,49B0 (S0) ;A1=p->leocmd
- A2054A0A SB A1,4A0A (S0) ;80154A08[2] = mode
- 8CCA0014 LW T2,0014 (A2) ;T2=p->target
- 8CC2000C LW V0,000C (A2) ;V0=lba
- 8CC50010 LW A1,0010 (A2) ;A1=num
- 00822021 ADDU A0,A0,V0 ;A0=actual LBA
- 00854021 ADDU T0,A0,A1
- 2D0110DD SLTIU AT,T0,10DD ;True if valid
- 14200004 BNE AT,R0,tobytes
- 260B4968 ADDIU T3,S0,4968
- 24090220 ADDIU T1,R0,0220
- 1000001D BEQ R0,R0,return
- A4C90004 SH T1,0004 (A2)
- A4C00004 SH R0,0004 (A2)
- AE0449C0 SW A0,49C0 (S0)
- AE0B4A0C SW T3,4A0C (S0) ;80154A08[4:8] = p->thread to notify
- AE0A4A10 SW T2,4A10 (S0) ;80154A08[8:12] = p->rdram
- 0C008095 JAL 80020254 ;A2=size of A1 LBAs starting at LBA A0
- 26064A18 ADDIU A2,S0,4A18 ;80154A08[16:20] = size
- 8E0549C0 LW A1,49C0 (S0)
- 00002025 OR A0,R0,R0
- 0C008095 JAL 80020254 ;A2=size of A1 LBAs starting at LBA A0
- 26064A14 ADDIU A2,S0,4A14 ;80154A08[12:16] = hardware offset
- 92014A0A LBU AT,4A0A (S0) ;mode
- 8E044A10 LW A0,4A10 (S0) ;p->target
- 14200003 BNE AT,R0,+3
- 8E054A18 LW A1,4A18 (S0) ;size
- 0C00B7FC JAL 8002DFF0 ;cache A2 bytes at A1 before hardware read
- 27FF0008 ADDIU RA,RA,0008
- 0C00A8F4 JAL 8002A3D0 ;cache A2 bytes at A1 before hardware write
- 00000000 NOP
- 24020004 ADDIU V0,R0,0004
- 26044AB0 ADDIU A0,S0,4AB0
- 26054A08 ADDIU A1,S0,4A08
- 92064A0A LBU A2,4A0A (S0)
- 0C00B76C JAL 8002DDB0 ;send EPI read or write (A2) request A1 using EPI handle A0
- AC820014 SW V0,0014 (A0) ;epi+20 = 2: cart request
- 26044968 ADDIU A0,S0,4968
- 00002825 OR A1,R0,R0
- 0C009F50 JAL 80027D40 ;wait to write msg f/ queue
- 24060001 ADDIU A2,R0,0001
- 8FBF001C LW RA,001C (SP)
- 8FB00018 LW S0,0018 (SP)
- 03E00008 JR RA
- 27BD0020 ADDIU SP,SP,0020
- 0x20F38 80020250 alt. entry: size of A1 LBAs starting at LBA 0x18
- 24840018 ADDIU A0,A0,0018 ;last step
- ...
- 0x20F74
- 10000038 BEQ R0,R0,+0x38
- ...
- 0x20F84 change the order, then move third op to start of function
- 12200031 BEQ AT,V0,+0x31
- 24020001 ADDIU V0,R0,0001
- 0x210CC 800203E4 IPL->cartROM
- 3C18B3CD LUI T8,B148 B3CDA028
- 3C048015
- 3718A028 `ORI T8,T8,7890 ;inserted, -0xA0000
- A20F0004
- AE18000C
- A2000009
- AE000010
- 24849444
- 0C005AD8
- 24050060
- 3C07A460 LUI A3,A460
- 34E30010 ORI V1,A3,0010
- 8C620000
- `3C07A460 moved!
- ...
- 0x2115C 80020474 read the EPI settings from beginning of cartrom
- 3C01A000 LUI AT,A000
- 8C2E0308 LW T6,0308 (AT)
- 0x211E8 80020500 rewrite: send disk inquiry
- 3C028015 LUI V0,8015
- 8C4849B0 LW T0,49B0 (V0)
- 240C0001 ADDIU T4,R0,0001
- AD00000C SW R0,000C (T0)
- A10C000D SB T4,000D (T0)
- A10C000E SB T4,000E (T0)
- 03E00008 JR RA
- A1000004 SB R0,0004 (T0)
- 0x212AC 800205C4 modify ASIC EPI handle at creation
- 24020040 ADDIU V0,R0,0040
- 24030007 ADDIU V1,R0,0007
- 3C0EAFF9 LUI T6,AFF9
- 240F0003 ADDIU T7,R0,0003
- 24181201 ADDIU T8,R0,1201
- 25CED828 ADDIU T6,T6,D828 ;ASIC correction AFF8D828
- 3C048015 <untouched>
- A6020004 SH V0,0004 (S0) ;800B94B0[4:] = 0040 07 03 1201 ---- AFF8D828
- AE0E000C SW T6,000C (S0)
- A6180008 SH T8,0008 (S0)
- A2030006 SB V1,0006 (S0)
- A20F0007 SB T7,0007 (S0)
- 0x21398 800206B0 rewritten: read disk ID directly from cart header
- 27BDFFE8 ADDIU SP,SP,FFE8
- 3C058015 LUI A1,8015
- AFBF0014 SW RA,0014 (SP)
- 8CA549B0 LW A1,49B0 (A1)
- A4A00004 SH R0,0004 (A1)
- 24040018 ADDIU A0,R0,0018
- 24060020 ADDIU A2,R0,0020
- 0C0081F4 JAL 800207D0 ;read A2 bytes from offset A0 to rdram A1
- 8CA5000C LW A1,000C (A1)
- 8FBF0014 LW RA,0014 (SP)
- 08008453 J 8002114C ; unset disk changed flag in leo status flags
- 27BD0018 ADDIU SP,SP,0018
- 0x214B8 800207D0 inserted: read A2 bytes from A0 to rdram A1
- 27BDFFE8 ADDIU SP,SP,FFE8
- AFBF0014 SW RA,0014 (SP)
- 3C038015 LUI V1,8015
- AC664A18 SW A2,4A18 (V1)
- 24624968 ADDIU V0,V1,4968
- 3C01000B LUI AT,000B
- AC644A14 SW A0,4A14 (V1)
- AC654A10 SW A1,4A10 (V1)
- AC624A0C SW V0,4A0C (V1)
- 00A02025 OR A0,A1,R0
- 00C02825 OR A1,A2,R0
- 0C00B7FC JAL 8002DFF0 ;cache A2 bytes at A1 before hardware read
- AC614A08 SW AT,4A08 (V1)
- 0C00BEC0 JAL 8002FB00 ;V0=0 if not @800732C0 else p->E/PI request queue [@800732C8]
- 00000000 NOP
- 3C058015 LUI A1,8015
- 00402025 OR A0,V0,R0
- 00003025 OR A2,R0,R0
- 0C009E28 JAL 800278A0 ;send msg A1 to queue A0
- 24A54A08 ADDIU A1,A1,4A08
- 3C048015 LUI A0,8015
- 24060001 ADDIU A2,R0,0001
- 00002825 OR A1,R0,R0
- 0C009F50 JAL 80027D40 ;wait to write msg f/ queue
- 24844968 ADDIU A0,A0,4968
- 8FBF0014 LW RA,0014 (SP)
- 03E00008 JR RA
- 27BD0018 ADDIU SP,SP,0018
- 0x21528 80020840 eliminate 7 lines here to falsify reading ASIC Status
- alternate:
- 3C01B3E1 LUI AT,B3E1
- 3C0FA002 LUI T7,A002
- 3C0E8015 `LUI T6,8015
- 8C213270 LW AT,3270 (AT) ;AT = gameID
- 8DE2FAE0 LW V0,FAE0 (T7) ;V0 = cur. gameID
- 3C030100 `LUI V1,0100
- 54410002 BNEL V0,AT,+2
- ADC04B30 SW R0,4B30 (T6)
- ADC34B30 SW V1,4B30 (T6)
- ADE1FAE0 SW AT,FAE0 (T7)
- 8DCE4B30
- 0x21DA8 800210C0 leo reset -> unconditonal return
- 0x23B88 80022EA0 disk start/stop
- 3C018015 LUI AT,8015
- 8C2149B0 LW AT,49B0 (AT)
- 03E00008 JR RA
- A4200004 SH R0,0004 (AT)
- 0x23C78 80022F90 IPL verification test function
- 0x23CF4 change base to ROM, change test to data at 0x1010
- 3C19B000 LUI T9,B000
- ....
- 0x23D18
- 3C016C78 LUI AT,6C78
- 34218490 ORI AT,AT,8490
- 0x23D48 80023060 disk select
- 3C018015 LUI AT,8015
- 8C2149B0 LW AT,49B0 (AT)
- 03E00008 JR RA
- A4200004 SH R0,0004 (AT)
- 0x24148 80023460 disk rezero
- 3C028015 LUI V0,8015
- 8C4E49B0 LW T6,49B0 (V0)
- A44049C2 SH R0,49B2 (V0)
- A04049C7 SB R0,49B7 (V0)
- A04049C8 SB R0,49B8 (V0)
- 03E00008 JR RA
- A1C00004 SB R0,0004 (T6)
- 0x24828 80023B40 rewritten: read time from drive
- 3C038015 LUI V1,8015
- 3C048000 LUI A0,8000
- 8C6F49B0 LW T7,49B0 (V1)
- 908B01B1 LBU T3,01B1 (A0)
- 908201B2 LBU V0,01B2 (A0)
- 909801B3 LBU T8,01B3 (A0)
- A1E2000E SB V0,000E (T7)
- 908801B4 LBU T0,01B4 (A0)
- A1F8000F SB T8,000F (T7)
- 908A01B5 LBU T2,01B5 (A0)
- A1E80010 SB T0,0010 (T7)
- 908C01B6 LBU T4,01B6 (A0)
- A1EA0011 SB T2,0011 (T7)
- 908E01B7 LBU T6,01B7 (A0)
- A1EC0012 SB T4,0012 (T7)
- A1EE0013 SB T6,0013 (T7)
- A1E00004 SB R0,0004 (T7)
- 03E00008 JR RA
- A1EB000D SB T3,000D (T7)
- 0x27CC8 80026FE0 process disk write request
- 24040018 ADDIU A0,R0,0018
- 08008030 J 800200C0
- 24050001 ADDIU A1,R0,0001
- 0x283A8 800276C0 seek to LBA on disk
- 3C018015 LUI AT,8015
- 8C2149B0 LW AT,49B0 (AT)
- 03E00008 JR RA
- A4200004 SH R0,0004 (AT)
- 0x2CAB8 8002BDD0 PI for boot device
- @0x2CB20 8002BE38 probably correct OP to add instead of OR
- 03284821 ADDU T1,T9,T0
- @0x2F230 8002E548 EPI hardware LW
- 01475821
- @0x31C80 80030F98 EPI hardware SW
- 01475821
- 0x2F3F8 8002E710 EPI for handle A0
- @0x2F56C 8002E884 probably correct OP to add instead of OR
- 016C6821 ADDU T5,T6,T4
- +_+ IPL music samples
- 0x3C790
- 1461001E BNE V1,AT,+return # if not 3 return 0
- 3C01013E LUI AT,013E
- 24217890 ADDIU AT,AT,7890 # 0x1527890 - 0x140000
- 00273821 ADDU A3,AT,A3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
