Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Save Context SRM - short explanation
- An "overlay" is a relocatable code file. This means it can be loaded at any address of the heap. (More accurately, any address that is a multiple of 0x10.) When an overlay is loaded, its code is modified dynamically to replace any "placeholder" RAM addresses that appear with "real" addresses.
- Almost every actor has a corresponding overlay. The fish overlay contains the following code:
- lui $at, %hi(var_80A5CBC0)
- sw $zero, %lo(var_80A5CBC0)($at)
- lui $at, %hi(var_80A5CBC4)
- swc1 $f0, %lo(var_80A5CBC4)($at)
- lui $at, %hi(var_80A5CBC8)
- swc1 $f0, %lo(var_80A5CBC8)($at)
- jr $ra
- nop
- The addresses var_80A5CBC0, var_80A5CBC4, var_80A5CBC8 are placeholder addresses. Their true meaning is: "0x1D50/0x1D54/0x1D58 after the start of the overlay" (respectively). So, for example, if the fish overlay loads at 801F8F30, then this code will immediately be translated into:
- lui $at, %hi(801FAC80)
- sw $zero, %lo(801FAC80)($at)
- lui $at, %hi(801FAC84)
- swc1 $f0, %lo(801FAC84)($at)
- lui $at, %hi(801FAC88)
- swc1 $f0, %lo(801FAC88)($at)
- jr $ra
- nop
- Also, %hi() and %lo() are a standard way to write out MIPS code for human readability, but don't actually exist - the true form of the above code is:
- lui $at, 0x8020
- sw $zero, 0xAC80($at)
- lui $at, 0x8020
- swc1 $f0, 0xAC84($at)
- lui $at, 0x8020
- swc1 $f0, 0xAC88($at)
- jr $ra
- nop
- So, to recap: by allocating a fish overlay at a precisely chosen address on the heap, we can make the code above exist on the heap. By varying where we allocate the fish, 0xAC80/0xAC84/0xAC88 can also be any other value that is a multiple of 0x10 away, for example, they can be 0xBAF0/0xBAF4/0xBAF8 respectively.
- So what can we do with this information?
- Todo finish writeup
Add Comment
Please, Sign In to add comment