Yoshi's Island Sprite State jumps

1. ec0 / ec4 jump
2. $701E8D
3.  
4. ----------------------
5. sprite state jumps:
6. ----------------------
7. Everything is in bank 03
8. RAM jumps have been tabbed and converted to a more obvious adress
9.  
10. $01 700D61
11. -
12.  
13. $02 9A6E
14. - normal state
15.  
16. $03 700D9B
17. - ?
18.  
19. $04 9A6E
20. - normal state
21.  
22. $05 469B
23. -unmapped?
24. -will BRK BRK until it hits $600x ?
25.  
26. $06 A247
27. - normal state
28.  
29. $07 C7A3
30. - will eventually jump into 7E00AD
31. -
32.  
33. $08 9AC8
34. - normal state
35.  
36. $09 7E1C9B
37. - ?
38.  
39. $0A A11D
40. - normal state
41.  
42. $0B 8CA2
43. - will RTL immediately
44.  
45. $0C 9F8D
46. - normal state
47.  
48. $0D 84A0
49. - junk
50.  
51. $0E A085
52. - normal state
53.  
54. $0F 8FA1
55. - junk
56.  
57. $10 9A90
58. - normal state
59.  
60. $11 7E0A9B
61. - ?
62.  
63. $12 A00B
64. - normal state
65.  
66. $13 700BA1
67. - OAM low table mirror. 4-byte entries with format
68. - xxxxxxxx yyyyyyyy tttttttt yxppccct
69. - (x = X coordinate, y = Y coordinate, t = tile number, c = palette 0-7, p = priority, x&y = flip)
70.  
71. $14 4B6C
72. - unmapped?
73. - will prob eventually hit $600x
74.  
75. $15 AB4C
76. - Will RTS (corrupt stack) and do a bunch of bullshit
77.  
78. $16 A9AC
79. - Will do a bunch of bs until it RTL but corrupts stack with a PLX
80.  
81. $17 7E10AA
82. - mostly 00 and static ?
83.  
84. $18 7E0011
85. - ASM scratch values
86.  
87. $19 9D01
88. - jumps into middle of spritestate $08 - will RTL
89.  
90. $1A 7E009E
91. - Empty, will eventually reach some ASM in RAM
92. - see 00:8140
93.  
94. $1B 700F01
95. - Sprite state
96. - Will be overwritten by tongue glitch
97.  
98. $1C BD70
99. - will corrupt stack with PLB but will RTL
100. -
101.  
102. $1D 7000BE
103. - Yoshi's Current animation frame (2-bytes)
104. - cant manipulate very well
105.  
106. $1E 701361
107. -24 2-word pairs:
108. -Word 1: Sprite ID ($000 - $1F4)
109. -Word 2: Pointer to first entry within OAM buffer
110.  
111. $1F 7E0A74
112. - ?
113.  
114. $20 701D0B
115. - Sprites X and Y values
116. - Starts at sprite #11 X-screen and goes down (#10 #09)
117. - Issue: every other byte is limited to 00-0F
118.  
119. $21 70007E
120. - ?
121.  
122. $22 701361
123. - 24 2-word pairs:
124. - Word 1: Sprite ID ($000 - $1F4)
125. - Word 2: Pointer to first entry within OAM buffer
126.  
127. $23 C274
128. - junk
129.  
130. $24 7E10C3
131. -?
132.  
133. $25 A811
134. - Corrupts stack
135.  
136. $26 B9A9
137. - jumps into continue main_egg and RTLs fine
138.  
139. $27 7E00BA
140. - Empty, will eventually reach some ASM in RAM
141. - see 00:8140
142.  
143. $28 8001
144. - junk
145. -
146.  
147. $29 8581
148. - Hangs on WAI
149. -
150.  
151. $2A 7E0086
152. - some camera bs
153. - often 6B that'll RLT instantly
154.  
155. $2B B901
156. - Jumps into continue main_egg and seem to pop off your eggs and make them baby mario?
157. - will RTL eventually
158. - will do nothing if not at F00
159.  
160. $2C 7E02BA
161. - ?
162.  
163. $2D 8003
164. - junk
165.  
166. $2E 8581
167. - Will hang on WAI
168. -
169.  
170. $2F 7E0286
171. -?
172. -
173.  
174. $30 E203
175. - will hang on a GSU call
176. -
177.  
178. $31 7E10E3
179. -?
180. -
181.  
182. $32 A811
183. - Corrupts stack
184.  
185. $33 5AA9
186. -will BRK BRK until it hits 600x ?
187.  
188. $34 AB5B
189. - corrupt stack
190.  
191. $35 DCAC
192. - junk
193. -
194.  
195. $36 7000DD
196. -?
197.  
198. $37 701961
199. -sprite table - very static?
200.  
201. $38 BD7A
202. - corrupts stack with PLB
203.  
204. $39 7000BE
205. -Yoshi's current animation frame
206.  
207. $3A 701361
208. -24 2-word pairs:
209. -Word 1: Sprite ID ($000 - $1F4)
210. -Word 2: Pointer to first entry within OAM buffer
211.  
212. $3B 7E0A74
213. -?
214.  
215. $3C 701D0B
216. - looking good
217. -Sprites X and Y values
218. -starts at sprite #11 X-screen and goes down (#10 #09)
219.  
220. $3D 70007E
221. -?
222. -mostly static stuff
223.  
224. $3E 701361
225. -24 2-word pairs:
226. -Word 1: Sprite ID ($000 - $1F4)
227. -Word 2: Pointer to first entry within OAM buffer
228.  
229. $3F C274
230. - Junk
231.  
232. $40 7E10C3
233. -
234.  
235. $41 DA11
236. - junk
237.  
238. $42 AADB
239. - junk
240. -
241.  
242. $43 BFAB
243. - corrupt stack
244. -
245.  
246. $44 2EC0
247. - will eventually hit (GSU) registers at $3000?
248. -
249.  
250. $45 852F
251. - junk
252. -
253.  
254. $46 7E0386
255. -?
256.  
257. $47 8504
258. - jumps into $0000
259. - JMP ($0F91,x)
260.  
261. $48 7E0086
262. -?
263. -
264.  
265. $49 BF01
266. - flips the N flag?
267. - still emulates whole frame?
268. - will work for credits warp
269. - crashes after though
270.  
271. $4A 30C0
272. - registers
273.  
274. $4B 8531
275. - JUNK
276.  
277. $4C 7E0386
278. - ?
279.  
280. $4D 8504
281. - jumps into $0000
282. - JMP ($0F91,x)
283.  
284. $4E 7E0286
285. - ?
286.  
287. $4F FA03
288. - j u n k
289. -
290.  
291. $50 E2FB
292. - corrupts stack, jumps into 0399
293.  
294. $51 7E10E3
295. - ?
296.  
297. $52 A811
298. - junk
299.  
300. $53 5AA9
301. - will hit $600x eventually
302.  
303. $54 AB5B
304. - corrupt stack
305.  
306. $55 DCAC
307. - junk
308. -
309.  
310. $56 7000DD
311. - ?
312.  
313. $57 701961
314. sprite table - very static?
315.  
316. $58 7E007A
317. - ?
318.  
319.  
320. $59 FF01
321. - will SBC $FFFFFF,x until it hits $0001
322.  
323. $5A 7E0100
324. - ?
325.  
326. $5B 7E0101
327. - ?
328.  
329. $5C FE02
330. - eventually hits $0003
331.  
332. $5D FFFF
333. - eventually hits $0003
334.  
335. $5E 7E0300
336. - ?
337.  
338. $5F 7E0003
339. - ?
340.  
341. $60 7E0C01
342. - ?
343.  
344. $61 7E000D
345. - ?
346.  
347. $62 F401
348. - RTS and corrupts stack
349.  
350. $63 FFF5
351. - eventually hits 03/0001
352.  
353. $64 7E0100
354. - ?
355.  
356. $65 7E0001
357. - ?
358.  
359. $66 7E0001
360. - ?
361.  
362. $67 7E0001
363. - ?
364.  
365. $68 FC01
366. - lol no
367.  
368. $69 FFFD
369. - blabla loops around
370.  
371. $6A FD00
372. - junk
373.  
374. $6B FFFD
375. - ?
376.  
377. $6C FB00
378. - ?
379.  
380. $6D FFFB
381. - ?
382.  
383. $6E FB00
384. - ?
385.  
386. $6F FFFB
387. - ?
388.  
389. $70 2300
390. - will hit $3000 GSU registers
391.  
392. $71 9023
393. - RTL immediately
394.  
395. $72 9A91
396. - RTS immedately
397.  
398. $73 7E039B
399. - ?
400.  
401. $74 BD04
402. - corrupts stack before RTL
403.  
404. $75 40BE
405. - registers
406.  
407. $76 701041
408. -sprite table, meh?
409.  
410. $77 2971
411. - will hit $3000 GSU registers
412.  
413. $78 F32A
414. - will change mario's X velocity and then RTL
415.  
416. $79 FFF4
417. - hits $0000
418.  
419. $7A 9E00
420. - j u n k
421.  
422. $7B 409E
423. - registers
424.  
425.  
426. $7C 701041
427. -sprite table, meh
428.  
429. $7D 4B71
430. - registers
431.  
432. $7E AB4C
433. - j u n k
434.  
435. $7F ADAC
436. - RTL but corrupts stack
437.  
438. $80 B0AE
439. - corrupts stack
440.  
441. $81 7001B1
442. - ?
443.  
444. $82 7E0D62
445. - ?
446.  
447. $83 550E
448. - hits $6000
449.  
450. $84 7E0B56
451. - ?
452.  
453. $85 7E0D0C
454. - ?
455.  
456. $86 980E
457. - stuck at GSU
458.  
459. $87 7E0399
460. - ?
461.  
462. $88 F004
463. - corrupts stack
464.  
465. $89 7E01F1
466. - ?
467.  
468. $8A 700B02
469. - ?
470.  
471. $8B A06C
472. - RTLs
473.  
474. $8C 7E00A1
475. - ?
476.  
477. $8D AD01
478. - Zzz
479.  
480. $8E 7004AE
481. - ?
482.  
483. $8F 700165
484. - ?
485.  
486. $90 F062
487. - corrupts stack
488.  
489. $91 7E13F1
490. - ?
491.  
492. $92 7E1014
493. - ?
494.  
495. $93 7E0211
496. - ?
497.  
498. $94 A003
499. - RTL
500.  
501. $95 7E02A1
502. - ?
503.  
504. $96 7E1803
505. - ?
506.  
507. $97 701919
508. - sprite table
509. - but what?
510.  
511. $98 B47A
512. - Will do a bunch of stuff and then RTLs normally
513. - Will make sprites fail to spawn
514.  
515. $99 9AB5
516. - RTLs normally
517.  
518. $9A 8D9B
519. - RTL immediately
520.  
521. $9B 70048E
522. - ?
523.  
524. $9C 700165
525. - ?
526.  
527. $9D 5962
528. - Will enter somewhere in $600x
529.  
530. $9E B45A
531. - corrupts stack
532.  
533. $9F 9AB5
534. - RTLs normally
535.  
536. $A0 309B
537. - registers and stuff
538.  
539. $A1 7E0331
540. - ?
541.  
542. $A2 9C04
543. - Zeroes out tongue (cancel tongue glitch)
544. - RTLs after
545.  
546. $A3 70049D
547. - ?
548.  
549. $A4 700165
550. - ?
551.  
552. $A5 A062
553. - RTLs but corrupts X (70) for infinite loop
554.  
555. $A6 7E00A1
556. - ?
557.  
558. $A7 AD01
559. - Zzzz
560.  
561. $A8 7006AE
562. - ?
563.  
564. $A9 700167
565. - ?
566.  
567. $AA F062
568. - Corrupts stack
569.  
570. $AB 7E13F1
571. - ?
572.  
573. $AC 7E1014
574. - ?
575.  
576. $AD 7E0211
577. - ?
578.  
579. $AE A003
580. - RTLs
581.  
582. $AF 7E02A1
583. - ?
584.  
585. $B0 7E1803
586. - ?
587.  
588. $B1 701919
589. -sprite table
590.  
591. $B2 B47A
592. - Will do a bunch of stuff and then RTLs normally
593. - Will make sprites fail to spawn
594.  
595. $B3 9AB5
596. - RTLs normally
597.  
598. $B4 8D9B
599. - RTL immediately
600.  
601. $B5 70068E
602. -?
603.  
604. $B6 700167
605. -?
606.  
607. $B7 5962
608. - Will hit $600x
609.  
610. $B8 B45A
611. - corrupts stack
612.  
613. $B9 9AB5
614. - RTLs normally
615.  
616. $BA 309B
617. - register bullshit
618.  
619. $BB 7E0331
620. - ?
621.  
622. $BC 9C04
623. - Zeroes out tongue (cancel tongue glitch)
624. - RTLs after
625.  
626. $BD 70069D
627. - ?
628.  
629. $BE 700167
630. - ?
631.  
632. $BF AD62
633. - sets some sprite data and RLTs
634.  
635. $C0 5AAE
636. - Will hit $600x
637.  
638. $C1 70015B
639. - jumps into Yoshi's Y-position and later what you've tongued
640. -
641.  
642. $C2 7E1862
643. - ?
644.  
645. $C3 700D19
646. - ?
647.  
648. $C4 70046E
649. - ?
650.  
651. $C5 700165
652. - ?
653.  
654. $C6 3862
655. - register bs
656.  
657. $C7 E939
658. - main_inflating_balloon routine: does a bunch of stuff
659. - will RTL eventually
660.  
661. $C8 7E08EA
662. - ?
663.  
664. $C9 7E0009
665. - ?
666.  
667. $CA 9D01
668. - jumps into middle of spritestate 08 - will RTL
669.  
670. $CB E29E
671. - RTS corrupts stack
672.  
673. $CC 7010E3
674. -24 4-byte entries:
675. -Sprite X coordinates, format:
676. -$00ssppcc : ss = subpixels, pp = pixels within screen, cc = screen
677.  
678. $CD AD71
679. - RTLs
680.  
681. $CE 5CAE
682. - will reach $600x
683.  
684. $CF 70015D
685. - ?
686.  
687. $D0 7E1862
688. - ?
689.  
690. $D1 700D19
691. - ?
692.  
693. $D2 70066E
694. - ?
695.  
696. $D3 700167
697. - ?
698.  
699. $D4 3862
700. - register bs
701.  
702. $D5 E939
703. - main_inflating_balloon: does a bunch of stuff
704. - will RTL eventually
705.  
706. $D6 7008EA
707. - ?
708.  
709. $D7 700009
710. - ?
711.  
712. $D8 9D01
713. - jumps into middle of spritestate 08 - will RTL
714.  
715. $D9 829E
716. - junk
717.  
718. $DA 701183
719. -24 4-byte entries:
720. -Sprite Y coordinates, format:
721. -$00ssppcc : ss = subpixels, pp = pixels within screen, cc = screen
722.  
723. $DB AD72
724. - immediate RTL
725.  
726. $DC 52AE
727. - will reach $600x
728.  
729. $DD 700153
730. - ?
731.  
732. $DE 7E0D62
733. - ?
734.  
735. $DF 540E
736. - will reach $600x
737.  
738. $E0 700155
739. - ?
740.  
741. $E1 F062
742. - corrupts stack and jumps into $0001
743.  
744. $E2 7E01F1
745. - ?
746.  
747. $E3 700B02
748. - ?
749.  
750.  
751. $E4 E26C
752. - corrupts stack
753.  
754. $E5 20E3
755. - register bs
756.  
757. $E6 A921
758. - RTS stack corrupts
759.  
760. $E7 FFAA
761. - loops around to $0002
762.  
763. $E8 9E00
764. - corrupts stuff?, really big subroutine
765.  
766. $E9 A29E
767. - clears carry and RTLs
768.  
769.  
770. $EA 7014A3
771. - sprite table - meh
772.  
773. $EB AD75
774. - Corrupts stack and jumps to 03:0399
775.  
776. $EC 7008AE
777. - ?
778.  
779. $ED 700169
780. - ?
781.  
782. $EE D062
783. - Does a bunch of stuff and RTL
784. - pushes yoshi to left
785. - Might crash if $12 [$00:7972] is > 03
786.  
787. $EF 7E03D1
788. -item memory
789.  
790. $F0 4C04
791. - register bs
792.  
793. $F1 A74D
794. - corrupts with PLA before RTL
795.  
796. $F2 9DA8
797. - JSR $57AD and ????
798. -
799.  
800. $F3 C29E
801. - corrupts with PLA before RTL
802.  
803. $F4 20C3
804. - register bs
805.  
806. $F5 AD21
807. -stack corrupt? gets to 0399
808.  
809.  
810. $F6 7002AE
811. - ?
812.  
813. $F7 700163
814. - ?
815.  
816. $F8 D062
817. - Does a bunch of stuff and RTL
818. - pushes yoshi to left
819. - Might crash if $12 [$00:7972] is > 03
820.  
821. $F9 7E03D1
822. -Item memory
823.  
824. $FA 4C04
825. - register bs
826.  
827. $FB BC4D
828. - does some stuff and RTLs fine
829.  
830. $FC 9BBD
831. - does some stuff and RTL
832. - might fail if Carry flag is clear?
833.  
834. $FD BD9C
835. - corrupts stack prob back to 03/0399
836.  
837.  
838. $FE 7000BE
839. -?
840.  
841. $FF 701361
842. -24 2-word pairs:
843. -Word 1: Sprite ID ($000 - $1F4)
844. -Word 2: Pointer to first entry within OAM buffer