Need help - ASM program not working - Page 3

60

Le 16/12/2019 à 03:29

I have some sudden problem - at the latest time I stopped my research at $68b string, where "jp $6545 ($A545 actually, given that switchable ROM bank №2 is selected)" command is located. But if you will look at the strings starting by $A545, you'll see that it's unclear is it a real code or just data section.

61

Le 11/01/2020 à 08:11

After long waiting and thinking I finally decided to research the SLUS_208.92 file from Xenosaga Ep. II game.

.text:00120000  #
.text:00120000  # +-------------------------------------------------------------------------+
.text:00120000  # |   This file has been generated by The Interactive Disassembler (IDA)    |
.text:00120000  # |           Copyright (c) 2017 Hex-Rays, <support@hex-rays.com>           |
.text:00120000  # |                      License info: 48-3FBD-7F04-2C                      |
.text:00120000  # |                      Jiang Ying, Personal license                       |
.text:00120000  # +-------------------------------------------------------------------------+
.text:00120000  #
.text:00120000  # Input SHA256 : 1F978E64C837F9B5F0DCAEE4BBE3FC28B45368FDAC47404EECF2249DCBF7462E
.text:00120000  # Input MD5    : 4A10E6D6548BDFDE3E2BD77E12169227
.text:00120000  # Input CRC32  : B8DF67FA
.text:00120000
.text:00120000  # File Name   : E:\SLUS_208.92
.text:00120000  # Format      : ELF for MIPS (Executable)
.text:00120000  # Imagebase   : 120000
.text:00120000  #
.text:00120000  # Options     : --opsex
.text:00120000  # Options     : --mips3
.text:00120000  # Options     : --eabi64
.text:00120000  # Options     : PS2
.text:00120000  #
.text:00120000
.text:00120000  # Processor       : r5900l
.text:00120000  # Target assembler: GNU assembler
.text:00120000  # Byte sex        : Little endian
.text:00120000
.text:00120000 .set noreorder
.text:00120000 .set noat
.text:00120000
.text:00120000
.text:00120000  # ===========================================================================
.text:00120000
.text:00120000  # Segment type: Pure code
.text:00120000                 .text
.text:00120000                 .word 0, 0
.text:00120008
.text:00120008  # =============== S U B R O U T I N E =======================================
.text:00120008
.text:00120008
.text:00120008                 .globl start
.text:00120008 start:
.text:00120008                 lui     $v0, 0x6A ; V0=#$6A0000
.text:0012000C                 lui     $v1, 0x9D ; V1=#$9D0000
.text:00120010                 la      $v0, byte_69E180 ; V0=[$69E180]
.text:00120014                 li      $v1, 0x9D5D70 ; V1=#$9D5D70
.text:00120018
.text:00120018 loc_120018:                              # CODE XREF: start+24↓j
.text:00120018                 sq      $zero, 0($v0) ; [$69E180] value=0
.text:0012001C                 nop
.text:00120020                 sltu    $at, $v0, $v1 ; #$69E180<#$9D5D70, so AT=1
.text:00120024                 nop
.text:00120028                 nop
.text:0012002C                 bnez    $at, loc_120018 ; if AT!=0 then skip back to the start of subroutine
.text:00120030                 addiu   $v0, 0x10 ; V0=[$69E190]
.text:00120034                 lui     $a0, 0x6A ; A0=#$6A0000
.text:00120038                 lui     $a1, 0x10 ; A1=#$100000
.text:0012003C                 lui     $a2, 2 ; A2=#$20000
.text:00120040                 lui     $a3, 0x6A ; A3=#$6A0000
.text:00120044                 lui     $t0, 0x12 ; T0=#$120000
.text:00120048                 la      $a0, unk_6A2DF0 ; A0=[$6A2DF0]
.text:0012004C                 li      $a1, 0x100000 ; A1=#$100000
.text:00120050                 li      $a2, 0x20000 ; A2=#$20000
.text:00120054                 la      $a3, dword_69E400 ; A3=[$69E400]
.text:00120058                 la      $t0, loc_1200C0 ; T0=[$1200C0]
.text:0012005C                 move    $gp, $a0 ; GP=#$6A2DF0
.text:00120060                 li      $v1, 0x3C ; V1=#$3C
.text:00120064                 syscall 0 ; RFU000_FullReset
.text:00120068                 move    $sp, $v0 ; SP=[$69E190]
.text:0012006C                 lui     $a0, 0x9D ; A0=#$9D0000
.text:00120070                 lui     $a1, 1 ; A1 value=#$10000
.text:00120074                 li      $a0, 0x9D5D70 ; A0=#$9D5D70
.text:00120078                 li      $a1, 0x10000 ; A1=#$10000
.text:0012007C                 li      $v1, 0x3D ; V1=#$3D
.text:00120080                 syscall 0 ; RFU000_FullReset
.text:00120084                 jal     sub_1294E8
.text:00120088                 nop
.text:0012008C                 jal     sub_1207A0
.text:00120090                 move    $a0, $zero
.text:00120094                 ei
.text:00120098                 la      $v0, dword_69E400
.text:001200A0                 lw      $a0, (dword_69E400 - 0x69E400)($v0)
.text:001200A4                 jal     sub_1947B8
.text:001200A8                 addiu   $a1, $v0, (unk_69E404 - 0x69E400)
.text:001200AC                 j       sub_1298D0
.text:001200B0                 move    $a0, $v0
.text:001200B0  # End of function start

.sbss:0069E180 byte_69E180:    .space 1                 # DATA XREF: start+8↑o
.sbss:0069E180                                          # sub_1D9318+108↑w ...
.sbss:0069E181                 .align 2

.bss:006A2DF0 unk_6A2DF0:     .space 1                 # DATA XREF: start+40↑o
.bss:006A2DF0                                          # sub_1212F8+50↑o ...
.bss:006A2DF1                 .space 1
<".space 1" directive will be repeated at every string further till 6A305B address.>
.bss:006A305B                 .space 1

.bss:0069E400 dword_69E400:   .space 4                 # DATA XREF: start+4C↑o
.bss:0069E400                                          # start+90↑o ...

.text:001294E8
.text:001294E8  # =============== S U B R O U T I N E =======================================
.text:001294E8
.text:001294E8
.text:001294E8 sub_1294E8:                              # CODE XREF: start+7C↑p
.text:001294E8
.text:001294E8 var_10          = -0x10
.text:001294E8
.text:001294E8                 addiu   $sp, -0x10 ; SP=[$69E180]
.text:001294EC                 sd      $ra, 0x10+var_10($sp) ; [($10+var_10)+$69E180] value=[($10-$10)+$69E180] value=[0+$69E180] value=[$69E180] value=(#$120084*#$100000000)+<what register are next after $ra?> value
.text:001294F0                 jal     sub_1292C0
.text:001294F4                 nop
.text:001294F8                 jal     sub_1293D8
.text:001294FC                 nop
.text:00129500                 jal     sub_1299B0
.text:00129504                 nop
.text:00129508                 jal     sub_1212F8
.text:0012950C                 nop
.text:00129510                 jal     sub_1295F8
.text:00129514                 nop
.text:00129518                 ld      $ra, 0x10+var_10($sp)
.text:0012951C                 j       sub_128B28
.text:00129520                 addiu   $sp, 0x10
.text:00129520  # End of function sub_1294E8
.text:00129520
.text:00129520  # ---------------------------------------------------------------------------

-0000000000000010  # D/A/*   : change type (data/ascii/array)
-0000000000000010  # N       : rename
-0000000000000010  # U       : undefine
-0000000000000010  # Use data definition commands to create local variables and function arguments.
-0000000000000010  # Two special fields " r" and " s" represent return address and saved registers.
-0000000000000010  # Frame size: 10; Saved regs: 0; Purge: 0
-0000000000000010  #
-0000000000000010
-0000000000000010 var_10:         .dword ?
-0000000000000008
-0000000000000008  # end of stack variables

.text:001292C0  # =============== S U B R O U T I N E =======================================
.text:001292C0
.text:001292C0
.text:001292C0 sub_1292C0:                              # CODE XREF: sub_1294E8+8↓p
.text:001292C0
.text:001292C0 var_4C          = -0x4C
.text:001292C0 var_48          = -0x48
.text:001292C0 var_30          = -0x30
.text:001292C0 var_2C          = -0x2C
.text:001292C0 var_28          = -0x28
.text:001292C0 var_10          = -0x10
.text:001292C0
.text:001292C0                 addiu   $sp, -0x50 ; SP=[$69E130]
.text:001292C4                 li      $v0, 1 ; V0=1
.text:001292C8                 sd      $ra, 0x50+var_10($sp) ; [($50+var_10)+$69E130] value=[($50-$10)+$69E130] value=[$40+$69E130] value=[$69E170] value=(#$1294F4*#$100000000)+<what register are next after $ra?> value
.text:001292CC                 move    $a0, $sp ; A0=[$69E130] value
.text:001292D0                 sw      $v0, 0x50+var_28($sp) ; [($50+var_28)+$69E130] value=[($50-$28)+$69E130] value=[$28+$69E130] value=[$69E158] value=1
.text:001292D4                 sw      $v0, 0x50+var_4C($sp) ; [($50+var_4C)+$69E130] value=[($50-$4C)+$69E130] value=[$4+$69E130] value=[$69E134] value=1
.text:001292D8                 sw      $v0, 0x50+var_48($sp) ; [($50+var_48)+$69E130] value=[($50-$48)+$69E130] value=[$8+$69E130] value=[$69E138] value=1
.text:001292DC                 jal     sub_120520
.text:001292E0                 sw      $v0, 0x50+var_2C($sp) ; [($50+var_2C)+$69E130] value=[($50-$2C)+$69E130] value=[$24+$69E130] value=[$69E154] value=1
.text:001292E4                 lui     $v1, 0x64 ; V1=$#640000
.text:001292E8                 addiu   $a0, $sp, 0x50+var_30 ; A0=[$69E130+($50+var_30)]=[$69E130+($50-$30)]=[$69E130+$20]=[$69E150]
.text:001292EC                 jal     sub_120520
.text:001292F0                 sw      $v0, dword_646FF8 ; [$646FF8] value=1
.text:001292F4                 lui     $v1, 0x64 ; V1=$#640000
.text:001292F8                 ld      $ra, 0x50+var_10($sp) ; RA=[($50+var_10)+$69E130]=[($50-$10)+$69E130]=[$40+$69E130]=[$69E170]
.text:001292FC                 sw      $v0, dword_646FFC ; [$646FFC] value=1
.text:00129300                 jr      $ra ; goto $69E170 subroutine
.text:00129304                 addiu   $sp, 0x50
.text:00129304  # End of function sub_1292C0

.text:00120520
.text:00120520  # =============== S U B R O U T I N E =======================================
.text:00120520
.text:00120520
.text:00120520 sub_120520:                              # CODE XREF: sub_1212F8+28↓p
.text:00120520                                          # .text:001232D0↓p ...
.text:00120520                 li      $v1, 0x40 ; V1=$40
.text:00120524                 syscall 0 ; RFU000_FullReset
.text:00120528                 jr      $ra ; return to 1292E0
.text:0012052C                 nop
.text:0012052C  # End of function sub_120520
.text:0012052C

.sdata:0069E170 dword_69E170:   .word 0                  # DATA XREF: sub_1A4428-68F48↑r
.sdata:0069E170                                          # sub_1A4428-68F2C↑r ...
.sdata:0069E174 dword_69E174:   .word 0                  # DATA XREF: sub_13A938+38↑r
.sdata:0069E174                                          # sub_13A938+6C↑r ...
.sdata:0069E178                 .word sub_13B850
.sdata:0069E178
LOAD:0069E17C  # ===========================================================================

.text:0013B850
.text:0013B850  # =============== S U B R O U T I N E =======================================
.text:0013B850
.text:0013B850
.text:0013B850 sub_13B850:                              # DATA XREF: .sdata:0069E178↓o
.text:0013B850                 lw      $a3, dword_69E144 ; A3=[$69E144] value
.text:0013B854                 move    $t0, $zero ; T0=0
.text:0013B858                 lw      $a2, 0($a0) ; A2=[$(A0) value] value
.text:0013B85C                 beqz    $a2, loc_13B884 ; if [$(A0) value] value=0 then skip to $13B884
.text:0013B860                 move    $a1, $a3 ; else A1=[$69E144] value
.text:0013B864                 nop
.text:0013B868
.text:0013B868 loc_13B868:                              # CODE XREF: sub_13B850+2C↓j
.text:0013B868                 lw      $v1, 0($a1) ; V1=[[$69E144] value] value
.text:0013B86C                 addiu   $a1, 4 ; A1=[$69E144] value+4
.text:0013B870                 addiu   $t0, 4 ; T0=4
.text:0013B874                 sltu    $v0, $t0, $a2 ; if [$(A0) value] value>4 then V0=1, else V0=0
.text:0013B878                 sw      $v1, 0($a0) ; [$(A0) value] value=[[$69E144] value] value
.text:0013B87C                 bnez    $v0, loc_13B868 ; if old [$(A0) value] value>4 then skip 4 steps back
.text:0013B880                 addiu   $a0, 4 ; else A0+4
.text:0013B884
.text:0013B884 loc_13B884:                              # CODE XREF: sub_13B850+C↑j
.text:0013B884                 addu    $a3, $a2 ; A3=[$69E144] value+[$(A0) value] value
.text:0013B888                 jr      $ra
.text:0013B88C                 sw      $a3, dword_69E144 ; [$69E144] value=old [$69E144] value+[$(A0) value] value
.text:0013B88C  # End of function sub_13B850
.text:0013B88C

62

Le 26/01/2020 à 10:42

.text:001293D8  # =============== S U B R O U T I N E =======================================
.text:001293D8
.text:001293D8
.text:001293D8 sub_1293D8:                              # CODE XREF: sub_1294E8+10↓p
.text:001293D8
.text:001293D8 var_80          = -0x80
.text:001293D8 var_70          = -0x70
.text:001293D8 var_60          = -0x60
.text:001293D8 var_50          = -0x50
.text:001293D8 var_40          = -0x40
.text:001293D8 var_30          = -0x30
.text:001293D8 var_20          = -0x20
.text:001293D8 var_10          = -0x10
.text:001293D8
.text:001293D8                 addiu   $sp, -0x80
.text:001293DC                 lui     $v0, 0x64 ; V0=#$640000
.text:001293E0                 sd      $s5, 0x80+var_30($sp) ; [$($80+var_30)+SP value] value=[($80-$30)+$SP value] value=[$50+SP value] value=(S5 value*#$10000)+S6 value
.text:001293E4                 sd      $s4, 0x80+var_40($sp) ; [$($80+var_40)+SP value] value=[($80-$40)+$SP value] value=[$40+SP value] value=(S4 value*#$10000)+S5 value
.text:001293E8                 lui     $s5, 0x13 ; S5=#$130000
.text:001293EC                 sd      $s3, 0x80+var_50($sp) ; [$($80+var_50)+SP value] value=[($80-$50)+$SP value] value=[$30+SP value] value=(S3 value*#$10000)+S4 value
.text:001293F0                 lui     $s4, 0x13 ; S4=#$130000
.text:001293F4                 sd      $s2, 0x80+var_60($sp) ; [$($80+var_60)+SP value] value=[($80-$60)+$SP value] value=[$20+SP value] value=(S2 value*#$10000)+S3 value
.text:001293F8                 sd      $s1, 0x80+var_70($sp) ; [$($80+var_70)+SP value] value=[($80-$70)+$SP value] value=[$10+SP value] value=(S1 value*#$10000)+S2 value
.text:001293FC                 sd      $s0, 0x80+var_80($sp) ; [$($80+var_80)+SP value] value=[($80-$80)+$SP value] value=[0+SP value] value=[SP value] value=(S0 value*#$10000)+S1 value
.text:00129400                 sd      $ra, 0x80+var_10($sp) ; [$($80+var_10)+SP value] value=[($80-$10)+$SP value] value=[$70+SP value] value=(#$1294FC*#$100000000)+<what register are next after $ra?> value
.text:00129404                 addiu   $s0, $v0, (dword_646FE8 - 0x640000) ; S0=#$640000+(dword_646FE8 - #$640000)=dword_646FE8=#$83
.text:00129408                 sd      $s6, 0x80+var_20($sp) ; [$($80+var_20)+SP value] value=[($80-$20)+$SP value] value=[$60+SP value] value=(S6 value*#$10000)+S7 value
.text:0012940C                 lw      $a0, dword_646FE8 ; A0=#$83
.text:00129410                 jal     sub_1294D8
.text:00129414                 lw      $a1, (off_646FEC - 0x646FE8)($s0)
.text:00129418                 lw      $a1, (off_646FF4 - 0x646FE8)($s0)
.text:0012941C                 jal     sub_1294D8
.text:00129420                 lw      $a0, (dword_646FF0 - 0x646FE8)($s0)
.text:00129424                 lui     $a0, 0x8000
.text:00129428                 lui     $a1, 0x8008
.text:0012942C                 jal     sub_129390
.text:00129430                 addiu   $a2, $s5, (sub_129350 - 0x130000)
.text:00129434                 move    $s3, $v0
.text:00129438                 lui     $a0, 0x8000
.text:0012943C                 lui     $a1, 0x8008
.text:00129440                 jal     sub_129390
.text:00129444                 addiu   $a2, $s4, (sub_129318 - 0x130000)
.text:00129448                 addiu   $s1, $s3, -0x20C
.text:0012944C                 move    $s2, $v0
.text:00129450                 addiu   $s0, $s2, -0x168
.text:00129454                 beq     $s1, $s0, loc_1294A8
.text:00129458                 lui     $s6, 0x64
.text:0012945C                 sltu    $v0, $s1, $s0
.text:00129460
.text:00129460 loc_129460:                              # CODE XREF: sub_1293D8:loc_129498↓j
.text:00129460                 beqz    $v0, loc_129480
.text:00129464                 addiu   $a0, $s3, 4
.text:00129468                 lui     $a1, 0x8008
.text:0012946C                 jal     sub_129390
.text:00129470                 addiu   $a2, $s5, -0x6CB0
.text:00129474                 move    $s3, $v0
.text:00129478                 b       loc_129498
.text:0012947C                 addiu   $s1, $s3, -0x20C
.text:00129480  # ---------------------------------------------------------------------------
.text:00129480
.text:00129480 loc_129480:                              # CODE XREF: sub_1293D8:loc_129460↑j
.text:00129480                 addiu   $a0, $s2, 4
.text:00129484                 lui     $a1, 0x8008
.text:00129488                 jal     sub_129390
.text:0012948C                 addiu   $a2, $s4, -0x6CE8
.text:00129490                 move    $s2, $v0
.text:00129494                 addiu   $s0, $s2, -0x168
.text:00129498
.text:00129498 loc_129498:                              # CODE XREF: sub_1293D8+A0↑j
.text:00129498                 bne     $s1, $s0, loc_129460
.text:0012949C                 sltu    $v0, $s1, $s0
.text:001294A0                 b       loc_1294AC
.text:001294A4                 sw      $s1, 0x6FE0($s6)
.text:001294A8  # ---------------------------------------------------------------------------
.text:001294A8
.text:001294A8 loc_1294A8:                              # CODE XREF: sub_1293D8+7C↑j
.text:001294A8                 sw      $s1, (dword_646FE0 - 0x640000)($s6)
.text:001294AC
.text:001294AC loc_1294AC:                              # CODE XREF: sub_1293D8+C8↑j
.text:001294AC                 ld      $ra, 0x80+var_10($sp)
.text:001294B0                 ld      $s6, 0x80+var_20($sp)
.text:001294B4                 ld      $s5, 0x80+var_30($sp)
.text:001294B8                 ld      $s4, 0x80+var_40($sp)
.text:001294BC                 ld      $s3, 0x80+var_50($sp)
.text:001294C0                 ld      $s2, 0x80+var_60($sp)
.text:001294C4                 ld      $s1, 0x80+var_70($sp)
.text:001294C8                 ld      $s0, 0x80+var_80($sp)
.text:001294CC                 jr      $ra
.text:001294D0                 addiu   $sp, 0x80
.text:001294D0  # End of function sub_1293D8
.text:001294D0
.text:001294D0  # ---------------------------------------------------------------------------

.data:00646FE8 dword_646FE8:   .word 0x83               # DATA XREF: sub_1293D8+2C↑o
.data:00646FE8                                          # sub_1293D8+34↑r

.text:001294D8
.text:001294D8  # =============== S U B R O U T I N E =======================================
.text:001294D8
.text:001294D8
.text:001294D8 sub_1294D8:                              # CODE XREF: sub_1293D8+38↑p
.text:001294D8                                          # sub_1293D8+44↑p
.text:001294D8                 li      $v1, 0x74 ; V1=#$74
.text:001294DC                 syscall 0 ; RFU000_FullReset
.text:001294E0                 jr      $ra ; return to $129414
.text:001294E4                 nop
.text:001294E4  # End of function sub_1294D8
.text:001294E4