API tools faq
paste
krimtonz

VC Crash on Weirdshot

krimtonz
Dec 15th, 2019
1,540
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.30 KB | None | 0 0
raw download clone embed print report
  1. Function 80079F48 (1.0) is link's drawing function.
  2. A0 = Global Context
  3. A1 = Ptr in link's object
  4. A2 = Ptr to link's animation ctx (link + 0x1F0)
  5.  
  6. This function will load the halfword (signed) at A2 + 0x84.
  7. During the weirdshot, the frame that loads links tunic color, this value is 0x94AD.
  8. The value is AND'd with 0xF, and 1 is subtracted from it (0x94AD & 0xF) - 1 = 0xC
  9. This value is used as an index to a table at 800F7AA8 which contains a list of addresses to set segment address 8 to.
  10.  
  11. This table contains 0xB entries, and right after it is the RGB of link's tunic colors.
  12. The value 0xRRGGBBXX is loaded Where G is the green component of the kokiri tunic color, B is the Blue component of the kokiri tunic color, and X is the Red component of the goron tunic color. This value is AND'd with 0x00FFFFFF to get the physical memory address for segment 8
  13.  
  14. Therefore the gbi command DB060020 00GGBBXX. By default this would be DB060020 00691B64
  15.  
  16. Later on when the display is processed this value is used to load a texture tile. When the memory size is 4MB this command will be ignored in emulators as 0x00691B64 is outside the RDRAM Size, when the memory size is 8MB the memory at 0x00691B64 will be treated as a texture.
  17.  
  18. When the green component is changed to greater than 0x7F this value will be ignored in emulators as anything above 0x801B64 would be outside of the RDRAM size.
  19.  
  20. VC Seems to completely ignore checking the RDRAM size before attempting to load the data. The address to load is added to the start of n64 rdram which is 0x80E74000 to get 0x81505B64. This is a valid address on the wii and the texture is loaded.
  21.  
  22. When the green component is 0x98 we do the same addition to get address 0x817F5B64 which is still a valid address.
  23. When the green component is 0x99 we get 0x81805B64 which is an INVALID address, the memory size of MEM1 is 24MB Which ends at 0x81800000, so we can see that 0x98 barely makes it, and 0x99 pushes that past the boundary, and this is what causes the crash.
  24.  
  25. TL;DR; Segment register 8 is set based on a table indexed by links animation + 0x84, the weirdshot indexes past this table to tunic colors. This value is ignored by emulators (and possibly n64) when the address is past dram size, VC does not ignore the dram limitation and will crash when the green component becomes 0x99+
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!