Issue with memory mapping (paper mario) about n64loaderwv HOT 15 CLOSED

well if you lookup the n64 rom header structure, after the first 8 bytes is the loading address of the rom, you could try to edit that, otherwise I have to look at this closer myself tomorrow. the wiki says something about the CIC chip altering the loading address, maybe find out more about that

greetz

from n64loaderwv.

I can't help much myself unfortunately as I don't know much about the hardware enough to troubleshoot this and every docs I try to read are either extremely unclear or very confusing (some are even contradictory), but I will try to edit the load address.

from n64loaderwv.

from the link I send you:

"CIC and entry point manipulation
False entry point lookout
As noted above about CIC chips being able to change the RAM entry point as a security measure, and a simple one at that. The 6103 chip adds 0x100000 to the entry location and 6106 adds 0x200000. Below are the individual methods for compensating for the RAM's entry point if the CIC does in fact relocate the entry address (The following is STRICTLY for CIC-NUS and may be different for other regions):

6101 Doesn't relocate
6102 Doesn't relocate
6103 Subtract 0x100000 (0x80100400 to 0x80000400)
6105 Doesn't relocate
6106 Subtract 0x200000 (0x80200400 to 0x80000400)"

aka try to substract 0x100000 or 0x200000 from the loading address and see if it fits then

from n64loaderwv.

another idea is this, I could add code to detect CIC chip and offset by making an md5 fingerprint of the bootcode which is custom to each CIC chip. could you make one of yours? here is a more detailed explanation: https://www.retroreversing.com/n64bootcode

greetz

from n64loaderwv.

the load address was 80125C00 so the only one that would have made sense was 80025C00 and that doesn't work because I still get nonsense

from n64loaderwv.

have you checked how its loaded in ida?

from n64loaderwv.

https://i.imgur.com/H1rH0ke.png
so I loaded it with 80025C00 load address and it looks all fine, whats the problem?

from n64loaderwv.

I do not own ida so I can't check that.

Your rom main looks different than what I have, I will take some screenshots tomorrow, but it's definitely not like this, it's if I recall, 2 store instructions and a return, which didn't make much sense.

from n64loaderwv.

well maybe post a link where you got your rom from, so I can try later with ghidra

from n64loaderwv.

oh and according to this http://micro-64.com/database/gamecic.shtml paper mario has the 6103 cic chip and substracting 0x100000 seems to be correct here

from n64loaderwv.

so, I checked in ghidra and its ok: https://i.imgur.com/r3D6cYd.png notice following:
ida:
la $t0, byte_8009A5B0

ghidra:
lui t0, 0x800A
addi t0, t0, -0x5A50

because its mips32, every opcode is 32 bit in size, so if you want to load a 32 bit value, you need at least 2 opcodes, ghidra shows you the real instructions, ida (sorry I didnt blend in the bytes, but can see at the offset to the next opcode, 0x8 bytes) shows you the combine instruction, if you calc out what ghidra does, you get the same result

1. t0 = 0x800A0000
2. t0 -= 0x5A50 -> t0=8009A5B0

so unless you still have issues, I think we can close this ticket.

greetz

from n64loaderwv.

sry, ghidra screenshot was old version, now again with current release, still works: https://i.imgur.com/9UImFYP.png

from n64loaderwv.

I'll try again and let you know soon (later today).

Btw, please do not suggest to post rom links when I can just give the md5/sha, which is fine to share.

from n64loaderwv.

Ok, it DOES seem to be better, but then I get to this function and it starts to not make sense:

These are supposed to be instructions, but ghidra doesn't get them, even though the sleigh is correct...I am confused, I guess you can close this issue, but yeah I don't know what's going on anymore :(

from n64loaderwv.

a) wait for analysis to finish
b) I found like 21000 functions, most looked ok
c) I just guessed the processor, you are free to try others in the code or add the opcodes microcode (dunno how to do that)

from n64loaderwv.