for most code: ram - rom = 0x80245000 devl/dumpmips/dumpmips /chr32/home/jay/Super\ Mario\ 64\ \(English\).swab.v64 0 0x1000000 0x80245000 | less for loading code: ram - rom = 0x80283280 devl/dumpmips/dumpmips /chr32/home/jay/Super\ Mario\ 64\ \(English\).swab.v64 0 0x1000000 0x80283280 | less 0x80283280 - 0x80245000 = 0x3E280 RAM addresses 0x80000200 32 bit 0x801c1000 ???data loaded from MIO0 file 0x80202000 char[0xe00] stack for thread id#3 ?? 0x80202e00 char[0x2000] stack for thread id#4 0x80204e00 char[0x2000] stack for thread id#5 0x80207900 char[0x400] matrix stack 0x80207d00 ??? a GBI construction buffer 0x80227000 char[0x1f000] RSP => RDP fifo buffer 0x802461dc function called from thread id#3 loop (msg type default) 0x802461ec function 0x802461fc function called from thread id#3 0x802462e0 function called from thread id#3 0x80246338 function osCreateThread wrapper 0x8024639c function called from thread id#3 loop (msg type 104) 0x802463ec function 0x8024651c function calls osSpTaskLoad and osSpTaskStartGo 0x8024659c function 0x802465ec function called from thread id#3 loop (msg type 103) (elsewhere??) 0x80246648 function 0x8024669c function called from thread id#3 loop (msg type 102) 0x802467fc function called from thread id#3 loop (msg type 100) 0x8024694c function called from thread id#3 loop (msg type 101) 0x802469b8 function entry for thread id#3 (starts threads id#4 and id#5) has inf loop 0x80246c10 function 0x80246cf0 function entry for thread id#1 (this function starts thread id#3) 0x80246e70 function inits a bunch of RDP stuff 0x802471a4 function 0x80247284 function 0x802473c8 function 0x802474b8 function 0x80247b3c function init an OSTask pointed to by 0x8033b068 0x80247ccc function calls five functions: 0x80277ff0() 0x80246e70() 0x802471a4() 0x80247284() 0x802473c8() 0x80247d14 function graphics related -- writes final GBI cmds and calls 0x80247b3c() 0x80247f08 function inits *(0x8033b074), sets RSP segment 1 and some other stuff 0x80247fdc function also inits *(0x8033b074) and sets RSP segment 1 0x80248090 function calls osViSwapBuffer and seems to increment frame counters 0x80248af0 function entry for thread id#5 inf loop prints "BUF" debug output 0x80248c40 function sets 0x8032d600 to zero 0x80249500 function entry for thread id#4 0x80253720 function displays ang/spd/sta debug info 0x80277ee0 function uint32_t set_segment_base(int segment, void *base) 0x80277f20 function void * get_segment_base(int segment) 0x80277f50 function void * segmented_to_virtual(uint32_t segaddr) 0x80277ff0 function generates GBI commands to load segment table to RSP 0x80278504 function 0x802787d8 function void * 0x802787d8(int seg, uint32 start, uint32 end) loads a MIO0 file into heap 0x802788b4 function void * 0x802788b4(int seg, uint32 start, uint32 end) loads a MIO0 file directly to 0x801c1000 0x80278974 function called from thread id#3 0x80278f2c function ??? 1 param 0x8027b3b4 function ??? no params 0x8027e3e0 function graphics timing or profiling related 0x8027e520 function 0x8027e5cc function 0x8027f4e0 function uncompress(void *src, void *dst) MIO0 decompression function 0x802d62d8 function printf like function used for OSD by debug function 0x80253720 0x803226b0 function osCreateThread 0x80322800 function osRecvMesg 0x80322940 function _VirtualToPhysicalTask 0x80322a5c function osSpTaskLoad 0x80322bbc function osSpTaskStartGo 0x80322c20 function osSendMesg 0x80322df0 function osStartThread 0x80322f70 function 0x803232d0 function 0x80323340 function 0x803233b0 function 0x80323570 function 0x803236f0 function 0x803237d0 function osInitialize 0x80323a00 function osViSwapBuffer 0x80323a50 function sqrtf 0x80323a60 function 0x80323bcc function 0x803243b0 function 0x80324460 function osPiStartDma 0x80324910 function bcopy 0x80325070 function osGetTime 0x80325d20 function osWritebackDCache 0x80325db0 function osAiSetNextBuffer 0x803274d0 function __osDisableInt 0x803274f0 function __osRestoreInt 0x80327c80 function __osEnqueueAndYield 0x80327d10 function __osEnqueueThread 0x80327d58 function __osPopThread 0x80327d68 function __osDispatchThread 0x80327eb0 function osVirtualToPhysical 0x80327f30 function __osSpSetStatus 0x80327f40 function __osSpSetPc 0x80327f80 function __osSpRawStartDma 0x80328010 function __osSpDeviceBusy 0x80328590 function a thread entry point (ref 0x803236a4) 0x803288f0 function 0x80328960 function 0x8032b260 rspbootTextStart 0x8032b330 gspFast3D???TextStart 0x8032d560 ?* 0x8032d564 ?* 0x8032d568 OSTask* pointer to an OSTask (set by 0x8024651c() to equal *(0x8032d56c) or *(0x8032d570)) 0x8032d56c OSTask* pointer to an OSTask 0x8032d570 OSTask* pointer to an OSTask 0x8032d598 byte debug flag 0x8032d5dc unsigned short 0x8032d936 32 bit ptr points to a structure that may point to Mario's info at offset 0x68 0x8032ddc8 32 bit ptr area_struct[] 0x8032ddcc 32 bit ptr area_struct seem to point to the current area 0x803359a8 __osRunQueue 0x803359b0 __osRunningThread 0x80335b80 0x80339ac0 gspFast3D???DataStart 0x8033a730 OSThread thread id#1 structure 0x8033a8e0 OSThread thread id#3 structure 0x8033aa90 OSThread thread id#5 structure 0x8033ac40 OSThread thread id#4 structure 0x8033ae08 OSMesgQueue 0x8033af48 OSMesgQueue used for PI DMA 0x8033af5c void * used to hold the recived PI DMA message 0x8033b026 OSMesgQueue video related 0x8033b068 OSTask* 0x8033b06c u64 * GBI end pointer?? 0x8033b074 u64 * pointer to RSP input GBI commands??? 0x8033b400 32 bit phys ptr array segment table 0x80364c20 OSTask(physical) temp physical OSTask used by _VirtualToPhysicalTask 0x8037a9a8 function probably atan2() 0x8037e0b4 function 0x8037e2c4 function level command 0x00 0x8037e388 function level command 0x01 0x8037e404 function level command 0x02 0x8037e47c function level command 0x03 0x8037e4fc function level command 0x04 0x8037e580 function level command 0x05 0x8037e5b8 function level command 0x06 0x8037e620 function level command 0x07 0x8037e648 function (stub) 0x8037e650 function level command 0x08 0x8037e6cc function (stub) 0x8037e6d4 function level command 0x09 0x8037e780 function level command 0x0a 0x9037e7f0 function (stub) 0x8037e7f8 function level command 0x0b 0x8037e878 function level command 0x0c 0x8037e8e8 function level command 0x0d 0x8037e988 function level command 0x0e 0x8037ea18 function level command 0x0f 0x8037ea70 function level command 0x10 0x8037ea98 function level command 0x11 0x8037eb04 function level command 0x12 0x8037eb98 function level command 0x13 0x8037ebd4 function level command 0x14 0x8037ec14 function level command 0x15 0x8037ec54 function level command 0x16 0x8037eca4 function level command 0x17 0x8037ecf8 function level command 0x18 0x8037ed48 function level command 0x19 0x8037edf8 function level command 0x1a 0x8037ee48 function level command 0x1b 0x8037eea8 function level command 0x1c 0x8037ef00 function level command 0x1d 0x8037ef70 function level command 0x1e 0x8037f010 function level command 0x1f 0x8037f130 function level command 0x20 -- clear current area 0x8037f164 function level command 0x21 0x8037f214 function level command 0x22 0x8037f2a4 function level command 0x23 0x8037f36c function level command 0x25 0x8037f45c function level command 0x24 0x8037f790 function level command 0x28 0x8037f67c function level command 0x26 0x8037f994 function level command 0x27 0x803805c8 function level command loading loop and ??? 0x80382590 function initalizes an arrry of 256 0x18(24)-byte structs by setting 3 fields to zero seems to be called with 0x8038be98 as sole param 0x803825d0 function just calls 0x80382590(0x8038be98) 0x8038b8ac 16 bits signed current area for level loading 0x8038b8b0 32 bits ??? stack pointer for calling other level lists(was:used by commands 0x06, 0x07, 0x08, 0x09, 0x0b, 0x0d) 0x8038b8b8 32 bit pointer array pointers to level command functions 0x8038be20 16 bits signed ??? 0x8038be28 32 bit pointer level loading working pointer 0x8038be98 struct size:0x18(24) [256] initalized by function 0x80382590 Level Commands 0x31 setting the second value to 0x06 makes the level slippery 0xff mario makes metal sounds when walking Level command function table 8038b8b8: 8037e2c4 /* 00 */ 8038b8bc: 8037e388 8038b8c0: 8037e404 8038b8c4: 8037e47c 8038b8c8: 8037e4fc /* 04 */ 8038b8cc: 8037e580 8038b8d0: 8037e5b8 8038b8d4: 8037e620 8038b8d8: 8037e650 /* 08 */ 8038b8dc: 8037e6d4 8038b8e0: 8037e780 8038b8e4: 8037e7f8 8038b8e8: 8037e878 /* 0c */ 8038b8ec: 8037e8e8 8038b8f0: 8037e988 8038b8f4: 8037ea18 8038b8f8: 8037ea70 /* 10 */ 8038b8fc: 8037ea98 8038b900: 8037eb04 8038b904: 8037eb98 8038b908: 8037ebd4 /* 14 */ 8038b90c: 8037ec14 8038b910: 8037ec54 8038b914: 8037eca4 8038b918: 8037ecf8 /* 18 */ 8038b91c: 8037ed48 8038b920: 8037edf8 8038b924: 8037ee48 8038b928: 8037eea8 /* 1c */ 8038b92c: 8037ef00 8038b930: 8037ef70 8038b934: 8037f010 8038b938: 8037f130 /* 20 */ 8038b93c: 8037f164 8038b940: 8037f214 8038b944: 8037f2a4 8038b948: 8037f45c /* 24 */ 8038b94c: 8037f36c 8038b950: 8037f67c 8038b954: 8037f994 8038b958: 8037f790 /* 28 */ 8038b95c: 80380014 8038b960: 8038007c 8038b964: 803800bc 8038b968: 80380160 /* 2c */ 8038b96c: 803801a0 8038b970: 8037fe94 8038b974: 8037ff14 8038b978: 80380274 /* 30 */ 8038b97c: 8037f920 8038b980: 8038024c 8038b984: 803801e0 8038b988: 8037fde4 /* 34 */ 8038b98c: 8037fe2c 8038b990: 80380300 8038b994: 8038039c 8038b998: 803803ec /* 38 */ 8038b99c: 8037ff94 8038b9a0: 8037fb18 8038b9a4: 8037fc38 8038b9a8: 80380434 /* 3c */ Geometry layout command table 8038b810: 8037cd60 /* 00 */ 8038b814: 8037ce24 8038b818: 8037cee8 Call 8038b81c: 8037cf70 Return 8038b820: 8037cfc0 /* 04 */ 8038b824: 8037d018 8038b828: 8037d050 8038b82c: 8037d0d0 8038b830: 8037d1d0 /* 08 */ 8038b834: 8037d328 8038b838: 8037d3a4 8038b83c: 8037d48c 8038b840: 8037d500 /* 0c */ 8038b844: 8037d55c 8038b848: 8037d5d4 8038b84c: 8037d640 8038b850: 8037d6f0 /* 10 */ 8038b854: 8037d8d4 8038b858: 8037d998 8038b85c: 8037db74 8038b860: 8037dc10 /* 14 */ 8038b864: 8037dcd4 ???/refer to GBI commands 8038b868: 8037dd4c 8038b86c: 8037dddc 8038b870: 8037de34 /* 18 */ ??? has RAM address 8038b874: 8037de94 8038b878: 8037def8 8038b87c: 8037df1c 8038b880: 8037dfd4 /* 1c */ 8038b884: 8037da5c 8038b888: 8037db50 8038b88c: 8037d4dc 8038b890: 8037e058 /* 20 */