Toggle search
Toggle menu
34
12
25
1.5K
Virtual World R.E.
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

DOL (Gotcha Force)

More actions

← Gotcha Force

This article is about Gotcha Force DOL file format and ongoing researches on it. See DOL (File format) for DOL file format description.


This file format needs a lot of research.
Research on how functions works and how the dol works is nedded.


Memory map

The dol file is mapped in memory and the free available space remaining is next used to create the Arena containing Heaps. For instance we found Warehouse variables in the EU dol mapped in the interval [80593190:80598044[.

So patching the dol is hard because we have to find unused free space in the memory. The apploader reverse engineering shows that max dol mapping addresses in memory are:

  • 0x80700000 // production boards
  • 0x81200000 // development boards

In production we can override MetroTRK memory areas or even override apploader trailer before the bootrom/IPL area. Further investigations have to be done on the iso/GCM sys to see how debug memory is mapped in debug mode (apploader vars used in the apploader).

  • Is it possible to know where exactly MetroTRK is mapped?
  • Is there any other libs/datas unused in dol?

Note:

  • It's perfectly possible and tested to patch the apploader trailer and raise the trailer size with GCM/iso patch. It gives us 0x100000 bytes available.

The dol entry_point call the __init_registers procedure which will set the reserved following General Purpose Registers:

  • R1 (stack)
  • R2 (_SDA2_BASE_) - This is the read only _SDA2_.
  • R13 (_SDA_BASE_) - This is the read / write _SDA_.

Small Data Anchors are used with a signed short offset (-0x8000 à +0x7fff).

  • -0x8000(R13) = address of .sdata followed by .sbss
  • -0x8000(R2) = address of .sdata2 followed by .sbss2
  • R1 = often the .sbss2 end address + 0x10000

So often only a part of available SDA negative offsets are used for R2 and R13 using -0x8000 at start.

USA:

Entry point: 80003154 

|--------------------------------------------------|
| Section | Offset   | Address  | Length   | Used  |
|---------|----------|----------|----------|-------|
| text0   | 00000100 | 80003100 | 000024e0 | True  |
| text1   | 000025e0 | 800055e0 | 002aab80 | True  |
| text2   | 00000000 | 00000000 | 00000000 | False |
| text3   | 00000000 | 00000000 | 00000000 | False |
| text4   | 00000000 | 00000000 | 00000000 | False |
| text5   | 00000000 | 00000000 | 00000000 | False |
| text6   | 00000000 | 00000000 | 00000000 | False |
| data7   | 002ad160 | 802b0160 | 00000020 | True  |
| data8   | 002ad180 | 802b0180 | 00000020 | True  |
| data9   | 002ad1a0 | 802b01a0 | 0000acc0 | True  |
| data10  | 002b7e60 | 802bae60 | 000f42c0 | True  |
| data11  | 003ac120 | 804335a0 | 00002b20 | True  |
| data12  | 003aec40 | 80436a20 | 00006ae0 | True  |
| data13  | 00000000 | 00000000 | 00000000 | False |
| data14  | 00000000 | 00000000 | 00000000 | False |
| data15  | 00000000 | 00000000 | 00000000 | False |
| data16  | 00000000 | 00000000 | 00000000 | False |
| data17  | 00000000 | 00000000 | 00000000 | False |
|--------------------------------------------------|
  • bss: address:803af140 length:0008e3e8
  • R1 = 8044d528
  • R2 = 8043ea20
  • R13 = 8043b5a0
|----------------------------------------------|
| Section     | beg_addr | end_addr | length   |
|-------------|----------|----------|----------|
| system      | 80000000 | 80003100 | 00003100 |
| .text0      | 80003100 | 800055e0 | 000024e0 |
| .text1      | 800055e0 | 802b0160 | 002aab80 |
| .ctors      | 802b0160 | 802b0180 | 00000020 |
| .dtors      | 802b0180 | 802b01a0 | 00000020 |
| .rodata     | 802b01a0 | 802bae60 | 0000acc0 |
| .data       | 802bae60 | 803af120 | 000f42c0 |
| empty       | 803af120 | 803af140 | 00000020 |
| .bss        | 803af140 | 804335a0 | 00084460 |
| .sdata      | 804335a0 | 804360c0 | 00002b20 |
| .sbss       | 804360c0 | 80436a20 | 00000960 |
| .sdata2     | 80436a20 | 8043d500 | 00006ae0 |
| .sbss2      | 8043d500 | 8043d528 | 00000028 |
| stack       | 8043d528 | 8044d528 | 00010000 |
| empty       | 8044d528 | 8044d540 | 00000018 |
| ArenaLo     | 8044d540 |          |          |
| apploader   | 81200000 |        ? |        ? |
| Bootrom/IPL | 81300000 |        ? |        ? |
| ArenaHi     |          | 817fffa0 |          |
| FST         | 817fffa0 | 81800000 | 00500000 |
|----------------------------------------------|

EU:

Entry point: 80003154 

|--------------------------------------------------|
| Section | Offset   | Address  | Length   | Used  |
|---------|----------|----------|----------|-------|
| text0   | 00000100 | 80003100 | 000024e0 | True  |
| text1   | 000025e0 | 800055e0 | 002ac800 | True  |
| text2   | 00000000 | 00000000 | 00000000 | False |
| text3   | 00000000 | 00000000 | 00000000 | False |
| text4   | 00000000 | 00000000 | 00000000 | False |
| text5   | 00000000 | 00000000 | 00000000 | False |
| text6   | 00000000 | 00000000 | 00000000 | False |
| data7   | 002aede0 | 802b1de0 | 00000020 | True  |
| data8   | 002aee00 | 802b1e00 | 00000020 | True  |
| data9   | 002aee20 | 802b1e20 | 0000f060 | True  |
| data10  | 002bde80 | 802c0e80 | 000f5d40 | True  |
| data11  | 003b3bc0 | 8043cbe0 | 00002b20 | True  |
| data12  | 003b66e0 | 80440080 | 00006d20 | True  |
| data13  | 00000000 | 00000000 | 00000000 | False |
| data14  | 00000000 | 00000000 | 00000000 | False |
| data15  | 00000000 | 00000000 | 00000000 | False |
| data16  | 00000000 | 00000000 | 00000000 | False |
| data17  | 00000000 | 00000000 | 00000000 | False |
|--------------------------------------------------|
  • bss: address:803b6bc0 length:00090208
  • R1 = 80456dc8
  • R2 = 80448080
  • R13 = 80444be0
|----------------------------------------------|
| Section     | beg_addr | end_addr | length   |
|-------------|----------|----------|----------|
| system      | 80000000 | 80003100 | 00003100 |
| .text0      | 80003100 | 800055e0 | 000024e0 |
| .text1      | 800055e0 | 802b1de0 | 002ac800 |
| .ctors      | 802b1de0 | 802b1e00 | 00000020 |
| .dtors      | 802b1e00 | 802b1e20 | 00000020 |
| .rodata     | 802b1e20 | 802c0e80 | 0000f060 |
| .data       | 802c0e80 | 803b6bc0 | 000f5d40 |
| .bss        | 803b6bc0 | 8043cbe0 | 00086020 |
| .sdata      | 8043cbe0 | 8043f700 | 00002b20 |
| .sbss       | 8043f700 | 80440080 | 00000980 |
| .sdata2     | 80440080 | 80446da0 | 00006d20 |
| .sbss2      | 80446da0 | 80446dc8 | 00000028 |
| stack       | 80446dc8 | 80456dc8 | 00010000 |
| empty       | 80456dc8 | 80456de0 | 00000018 |
| ArenaLo     | 80456de0 |          |          |
| apploader   | 81200000 |        ? |        ? |
| Bootrom/IPL | 81300000 |        ? |        ? |
| ArenaHi     |          | 817fff40 |          |
| FST         | 817fff40 | 81800000 | 000000C0 |
|----------------------------------------------|

80593A00 -> 80598040 Wharehouse

JAP:

Entry point: 80003154 

|--------------------------------------------------|
| Section | Offset   | Address  | Length   | Used  |
|---------|----------|----------|----------|-------|
| text0   | 00000100 | 80003100 | 000024e0 | True  |
| text1   | 000025e0 | 800055e0 | 002aab20 | True  |
| text2   | 00000000 | 00000000 | 00000000 | False |
| text3   | 00000000 | 00000000 | 00000000 | False |
| text4   | 00000000 | 00000000 | 00000000 | False |
| text5   | 00000000 | 00000000 | 00000000 | False |
| text6   | 00000000 | 00000000 | 00000000 | False |
| data7   | 002ad100 | 802b0100 | 00000020 | True  |
| data8   | 002ad120 | 802b0120 | 00000020 | True  |
| data9   | 002ad140 | 802b0140 | 0000a2e0 | True  |
| data10  | 002b7420 | 802ba420 | 000f3e60 | True  |
| data11  | 003ab280 | 804326e0 | 00002b00 | True  |
| data12  | 003add80 | 80435b40 | 00006b60 | True  |
| data13  | 00000000 | 00000000 | 00000000 | False |
| data14  | 00000000 | 00000000 | 00000000 | False |
| data15  | 00000000 | 00000000 | 00000000 | False |
| data16  | 00000000 | 00000000 | 00000000 | False |
| data17  | 00000000 | 00000000 | 00000000 | False |
|--------------------------------------------------|
  • bss: address:803ae280 length:0008e448
  • R1 = 8044c6c8
  • R2 = 8043db40
  • R13 = 8043a6e0
|----------------------------------------------|
| Section     | beg_addr | end_addr | length   |
|-------------|----------|----------|----------|
| system      | 80000000 | 80003100 | 00003100 |
| .text0      | 80003100 | 800055e0 | 000024e0 |
| .text1      | 800055e0 | 802b0100 | 002aab20 |
| .ctors      | 802b0100 | 802b0120 | 00000020 |
| .dtors      | 802b0120 | 802b0140 | 00000020 |
| .rodata     | 802b0140 | 802ba420 | 0000a2e0 |
| .data       | 802ba420 | 803ae280 | 000f3e60 |
| .bss        | 803ae280 | 804326e0 | 00084460 |
| .sdata      | 804326e0 | 804351e0 | 00002b00 |
| .sbss       | 804351e0 | 80435b40 | 00000960 |
| .sdata2     | 80435b40 | 8043c6a0 | 00006b60 |
| .sbss2      | 8043c6a0 | 8043c6c8 | 00000028 |
| stack       | 8043c6c8 | 8044c6c8 | 00010000 |
| empty       | 8044c6c8 | 8044c6e0 | 00000018 |
| ArenaLo     | 8044c6e0 |          |          |
| apploader   | 81200000 |        ? |        ? |
| Bootrom/IPL | 81300000 |        ? |        ? |
| ArenaHi     |          | 817fffa0 |          |
| FST         | 817fffa0 | 81800000 | 00000060 |
|----------------------------------------------|

Symbol map

The symbol map allows to put names on procedures and data. It can be loaded into dolphin emulator in debug mode with the .map file format.

Symbol map USA: https://github.com/Virtual-World-RE/NeoGF/blob/main/data/GG4E-CSM-20220412.map

MetroTRK

MetroTRK can be activated by patching the bi2.bin DebugFlag and also by patching the following addresses to start the debugger in BBA (BroadBand Adapter?) mode:

  • USA: Put a breakpoint at 80003190 then set r3 to 1
  • EU: Put a breakpoint at 800031C0 then set r7 to 4

The apploader reverse engineering shows that there are debug vars in GCM/iso system files. gcmtool.py allow to patch them.

SDK & libs

All libs and SDK are staticly linked inside the dol.

We found these libs and SDK:

  • GCN SDK - Base dolphin SDK.
  • Sysdolphin base library: Hal SysDolphin (HSD) Graphic and physic engine - https://github.com/doldecomp/melee/tree/master/src/sysdolphin/baselib
  • MetroTRK: Target Resident Debugging Kernel for embedded systems. It's an embedded Kernel for debug.
  • Metrowerks CW Runtime library: CodeWarrior: Metrowerks Standard Library and C/C++ Runtime
  • And from ADXT/GC to CRI CFT/GC: It seems to be audio and video codecs.

H and C files

All 3 iso contain followings .h and .c symbols in the .data, .rodata, .sdata and .sdata2. The EU version contains also the symbol "objalloc.h". 

aobj.h
cobj.h
jobj.h
lobj.h
object.h

GCN_Mem_Alloc.c
aobj.c
bytecode.c
class.c
cobj.c
displayfunc.c
dobj.c
dvd.c
dvdfs.c
fobj.c
fog.c
hash.c
id.c
initialize.c
jobj.c
list.c
lobj.c
memory.c
mobj.c
mtx.c
objalloc.c
perf.c
pobj.c
robj.c
tev.c
texp.c
texpdag.c
tobj.c
tpl.c
util.c
vi.c
video.c
wobj.c

Strings USA

String list found in the dol and allowing to find libs / SDK: 

MetroTRK for GAMECUBE v2.0
Metrowerks CW runtime library
ADXT/GC Ver.8.57       Build:Feb 6 2003 18:03:46
SKG/GC Ver.0.61        Build:Feb 6 2003 18:03:49
ADXGC Ver.1.21         Build:Feb 6 2003 18:04:00
ADXGCSDK Ver.05Sep2002 Build:Feb 6 2003 18:04:01
ADXF/GC Ver.7.01       Build:Feb 6 2003 18:02:45
CVFS/GC Ver.2.33       Build:Feb 6 2003 18:02:35
GCCI Ver.1.09          Build:Feb 6 2003 18:02:33
LSC/GC Ver.2.10        Build:Feb 6 2003 18:02:32
SJ/GC Ver.6.10         Build:Feb 6 2003 18:02:53
SVM/GC Ver.1.51        Build:Feb 6 2003 18:02:51
MFCI/GC Ver.1.04       Build:Feb 6 2003 18:03:11
AXRNA Ver.1.02         Build:Feb 6 2003 18:03:43
CRI SUD/GC Ver.0.02    Build:Feb 6 2003 14:30:18
CRI SFX/GC Ver.1.22    Build:Feb 6 2003 14:30:16
CRI DCT/GC Ver.1.803   Build:Feb 6 2003 14:28:46
Append: MW2407 GC05Sep2002Patch1
CRI MPS/GC Ver.1.669   Build:Feb 6 2003 14:28:50
CRI MPV/GC Ver.1.840   Build:Feb 6 2003 14:28:53
Append: MW2407 GC05Sep2002Patch1
CRI SFD/GC Ver.1.842   Build:Feb 6 2003 14:29:53
Append: MW2407 GC05Sep2002Patch1
CRI SFH/GC Ver.1.12    Build:Feb 6 2003 14:30:00
MWSFD/GC Ver.2.62      Build:Feb 6 2003 14:28:42
Append: MW2407 GC05Sep2002Patch1
CRI CFT/GC Ver.1.24    Build:Feb 6 2003 14:28:33
<< Dolphin SDK – OS   release build: Apr 17 2003 12:33:06 (0x2301) >>
Dolphin OS Kernel built : %s %s Apr 17 2003 12:33:06
<< Dolphin SDK – EXI  release build: Apr 17 2003 12:33:17 (0x2301) >>
<< Dolphin SDK - SI   release build: Apr 17 2003 12:33:19 (0x2301) >>
<< Dolphin SDK - DVD  release build: Apr 22 2003 15:49:00 (0x2301) >>
<< Dolphin SDK - VI   release build: Apr 17 2003 12:33:22 (0x2301) >>
<< Dolphin SDK - PAD  release build: Apr 17 2003 12:33:44 (0x2301) >>
<< Dolphin SDK - AI   release build: Apr 17 2003 12:33:54 (0x2301) >>
<< Dolphin SDK - AR   release build: Apr 17 2003 12:33:55 (0x2301) >>
<< Dolphin SDK - ARQ  release build: Apr 17 2003 12:33:56 (0x2301) >>
<< Dolphin SDK - AX   release build: Apr 17 2003 12:33:57 (0x2301) >>
<< Dolphin SDK - DSP  release build: Apr 17 2003 12:34:16 (0x2301) >>
<< Dolphin SDK - CARD release build: Apr 17 2003 12:34:19 (0x2301) >>
<< Dolphin SDK - GX   release build: Apr 21 2003 14:55:46 (0x2301) >>
sysdolphin_base_library

Strings EU

String list found in the dol and allowing to find libs / SDK: 

Metrowerks Target Resident Kernel for PowerPC
MetroTRK for GAMECUBE v2.0
Metrowerks CW runtime library initializing default heap
ADXT/GC     Ver.8.57 Build:Feb       6 2003 18:03:46
SKG/GC      Ver.0.61 Build:Feb       6 2003 18:03:49
ADXGC       Ver.1.21 Build:Feb       6 2003 18:04:00
ADXGCSDK    Ver.05Sep2002 Build:Feb  6 2003 18:04:01
ADXF/GC     Ver.7.01 Build:Feb       6 2003 18:02:45
CVFS/GC     Ver.2.33 Build:Feb       6 2003 18:02:35
GCCI        Ver.1.09 Build:Feb       6 2003 18:02:33
LSC/GC      Ver.2.10 Build:Feb       6 2003 18:02:32
SJ/GC       Ver.6.10 Build:Feb       6 2003 18:02:53
SVM/GC      Ver.1.51 Build:Feb       6 2003 18:02:51
MFCI/GC     Ver.1.04 Build:Feb       6 2003 18:03:11
AXRNA       Ver.1.02 Build:Feb       6 2003 18:03:43
CRI SUD/GC  Ver.0.02 Build:Feb       6 2003 14:30:18
CRI SFX/GC  Ver.1.22 Build:Feb       6 2003 14:30:16
CRI DCT/GC  Ver.1.803 Build:Feb      6 2003 14:28:46
Append: MW2407 GC05Sep2002Patch1
CRI MPS/GC  Ver.1.669 Build:Feb      6 2003 14:28:50
CRI MPV/GC  Ver.1.840 Build:Feb      6 2003 14:28:53
Append: MW2407 GC05Sep2002Patch1
CRI SFD/GC  Ver.1.842 Build:Feb      6 2003 14:29:53
Append: MW2407 GC05Sep2002Patch1
CRI SFH/GC  Ver.1.12 Build:Feb       6 2003 14:30:00
MWSFD/GC    Ver.2.62 Build:Feb       6 2003 14:28:42
Append: MW2407 GC05Sep2002Patch1
CRI CFT/GC  Ver.1.24 Build:Feb        6 2003 14:28:33
<< Dolphin SDK - OS   release build: Apr 17 2003 12:33:06 (0x2301) >>
Dolphin OS Kernel built : Apr 17 2003 12:33:06
<< Dolphin SDK - EXI  release build: Apr 17 2003 12:33:17 (0x2301) >>
<< Dolphin SDK - SI   release build: Apr 17 2003 12:33:19 (0x2301) >>
<< Dolphin SDK - DVD  release build: Apr 22 2003 15:49:00 (0x2301) >>
<< Dolphin SDK - VI   release build: Apr 17 2003 12:33:22 (0x2301) >>
<< Dolphin SDK - PAD  release build: Apr 17 2003 12:33:44 (0x2301) >>
<< Dolphin SDK - AI   release build: Apr 17 2003 12:33:54 (0x2301) >>
<< Dolphin SDK - AR   release build: Apr 17 2003 12:33:55 (0x2301) >>
<< Dolphin SDK - ARQ  release build: Apr 17 2003 12:33:56 (0x2301) >>
<< Dolphin SDK - AX   release build: Apr 17 2003 12:33:57 (0x2301) >> 
<< Dolphin SDK - DSP  release build: Apr 17 2003 12:34:16 (0x2301) >>
DSPInit(): Build Date: Apr 17 2003 12:34:16
<< Dolphin SDK - CARD release build: Apr 17 2003 12:34:19 (0x2301) >>
<< Dolphin SDK - GX   release build: Apr 21 2003 14:55:46 (0x2301) >>  
sysdolphin_base_library
HSD_INIT_HEAP_MAX_NUM    is obsolete since 1.3.0.0.
HSD_INIT_AUDIO_HEAP_SIZE is obsolete since 1.3.0.0.

Strings JAP

String list found in the dol and allowing to find libs / SDK: 

Metrowerks Target Resident Kernel for PowerPC
MetroTRK for GAMECUBE v2.0
ADXT/GC Ver.8.57       Build:Feb  6 2003 18:03:46
SKG/GC Ver.0.61        Build:Feb  6 2003 18:03:49
ADXGC Ver.1.21         Build:Feb  6 2003 18:04:00
ADXGCSDK Ver.05Sep2002 Build:Feb  6 2003 18:04:01
ADXF/GC Ver.7.01       Build:Feb  6 2003 18:02:45
CVFS/GC Ver.2.33       Build:Feb  6 2003 18:02:35
GCCI Ver.1.09          Build:Feb  6 2003 18:02:33
LSC/GC Ver.2.10        Build:Feb  6 2003 18:02:32
SJ/GC Ver.6.10         Build:Feb  6 2003 18:02:53
SVM/GC Ver.1.51        Build:Feb  6 2003 18:02:51
MFCI/GC Ver.1.04       Build:Feb  6 2003 18:03:11
AXRNA Ver.1.02         Build:Feb  6 2003 18:03:43
CRI SUD/GC Ver.0.02    Build:Feb  6 2003 14:30:18
CRI SFX/GC Ver.1.22    Build:Feb  6 2003 14:30:16
CRI DCT/GC Ver.1.803   Build:Feb  6 2003 14:28:46
Append: MW2407 GC05Sep2002Patch1
CRI MPS/GC Ver.1.669   Build:Feb  6 2003 14:28:50
CRI MPV/GC Ver.1.840   Build:Feb  6 2003 14:28:53
Append: MW2407 GC05Sep2002Patch1
CRI SFD/GC Ver.1.842   Build:Feb  6 2003 14:29:53
Append: MW2407 GC05Sep2002Patch1
CRI SFH/GC Ver.1.12    Build:Feb  6 2003 14:30:00
MWSFD/GC Ver.2.62      Build:Feb  6 2003 14:28:42
Append: MW2407 GC05Sep2002Patch1
CRI CFT/GC Ver.1.24    Build:Feb  6 2003 14:28:33
<< Dolphin SDK - OS   release build: Apr 17 2003 12:33:06 (0x2301) >>
Dolphin OS Kernel built : Apr 17 2003 12:33:06
<< Dolphin SDK - EXI  release build: Apr 17 2003 12:33:17 (0x2301) >>
<< Dolphin SDK - SI   release build: Apr 17 2003 12:33:19 (0x2301) >>
<< Dolphin SDK - DVD  release build: Apr 22 2003 15:49:00 (0x2301) >>
<< Dolphin SDK - VI   release build: Apr 17 2003 12:33:22 (0x2301) >>
<< Dolphin SDK - PAD  release build: Apr 17 2003 12:33:44 (0x2301) >>
<< Dolphin SDK - AI   release build: Apr 17 2003 12:33:54 (0x2301) >>
<< Dolphin SDK - AR   release build: Apr 17 2003 12:33:55 (0x2301) >>
<< Dolphin SDK - ARQ  release build: Apr 17 2003 12:33:56 (0x2301) >>
<< Dolphin SDK - AX   release build: Apr 17 2003 12:33:57 (0x2301) >>
<< Dolphin SDK - DSP  release build: Apr 17 2003 12:34:16 (0x2301) >>
<< Dolphin SDK - CARD release build: Apr 17 2003 12:34:19 (0x2301) >>
<< Dolphin SDK - GX   release build: Apr 21 2003 14:55:46 (0x2301) >>
sysdolphin_base_library
Retrieved from "https://wiki.re.virtualworld.fr/index.php?title=DOL_(Gotcha_Force)&oldid=1507"