Save Context SRM - short explanation

1. Save Context SRM - short explanation
2.  
3. An "overlay" is a relocatable code file. This means it can be loaded at any address of the heap. (More accurately, any address that is a multiple of 0x10.) When an overlay is loaded, its code is modified dynamically to replace any "placeholder" RAM addresses that appear with "real" addresses.
4.  
5. Almost every actor has a corresponding overlay. The fish overlay contains the following code:
6.  
7. lui $at, %hi(var_80A5CBC0)
8. sw $zero, %lo(var_80A5CBC0)($at)
9. lui $at, %hi(var_80A5CBC4)
10. swc1 $f0, %lo(var_80A5CBC4)($at)
11. lui $at, %hi(var_80A5CBC8)
12. swc1 $f0, %lo(var_80A5CBC8)($at)
13. jr $ra
14. nop
15.  
16. The addresses var_80A5CBC0, var_80A5CBC4, var_80A5CBC8 are placeholder addresses. Their true meaning is: "0x1D50/0x1D54/0x1D58 after the start of the overlay" (respectively). So, for example, if the fish overlay loads at 801F8F30, then this code will immediately be translated into:
17.  
18. lui $at, %hi(801FAC80)
19. sw $zero, %lo(801FAC80)($at)
20. lui $at, %hi(801FAC84)
21. swc1 $f0, %lo(801FAC84)($at)
22. lui $at, %hi(801FAC88)
23. swc1 $f0, %lo(801FAC88)($at)
24. jr $ra
25. nop
26.  
27. Also, %hi() and %lo() are a standard way to write out MIPS code for human readability, but don't actually exist - the true form of the above code is:
28.  
29. lui $at, 0x8020
30. sw $zero, 0xAC80($at)
31. lui $at, 0x8020
32. swc1 $f0, 0xAC84($at)
33. lui $at, 0x8020
34. swc1 $f0, 0xAC88($at)
35. jr $ra
36. nop
37.  
38. So, to recap: by allocating a fish overlay at a precisely chosen address on the heap, we can make the code above exist on the heap. By varying where we allocate the fish, 0xAC80/0xAC84/0xAC88 can also be any other value that is a multiple of 0x10 away, for example, they can be 0xBAF0/0xBAF4/0xBAF8 respectively.
39.  
40. So what can we do with this information?
41.  
42. Todo finish writeup