Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

DOL (File format): Difference between revisions

 
(66 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Gotcha Force | ← Gotcha Force]]
[[Gotcha Force | ← Gotcha Force]]


''Cet article est pour le format de fichier DOL. Voir [[DOL (Gotcha Force)]] pour les recherches en cours sur les dol Gotcha Force.''
''This article is for the DOL file format. See [[DOL (Gotcha Force)]] for current research on Gotcha Force DOL.''


<div style="text-align: center;">
{{Research | 2| Researches on headers / bodies structures are partially achieved. }}
<div style="color: rgb(241, 196, 15);">Cette section est en cours de rédaction.</div>
<div style="color: rgb(241, 196, 15); text-align: center;">Des recherches sont encore nécessaires et certains paragraphes peuvent être faux.</div>
</div>


Les fichiers '''DOL''' (pour le nom de code de la gamecube '''dol'''phin) sont des des fichiers que l'on retrouve dans les [[GCM (Format de fichier)|iso/GCM]] GameCube ou Wii. Les observations se concentrent ici sur les dol GameCube. Initialement, le dol est un fichier au format ELF compilé à partir de sources en C et du SDK gamecube. L'ensemble des libs sont linkées en statique. Ensuite le fichier ELF est convertit en dol.  
'''DOL''' files (from the GameCube codename '''dol'''phin) are files found in [[GCM (File format)|iso/GCM]] GameCube and Wii files. The observations below concern only GameCube dol. Before being a dol the file was in ELF file format compiled from C sources with the GameCube SDK. All libs are staticly linked but in some dols we found some kind of external code loaded in the REL format.


== Configuration dans le BootInfo2 (BI2) ==
== Boot Info 2 (BI2) dol configuration ==


Il est conseillé de garder un dol d'une taille max de 4Mo pour la rapidité de chargement du jeu. Cette restriction est activée dans le BI2 par défaut et peut être désactivée. On peut retrouver des fichier au format .rel qui contiennent du code pouvant être relocate en dynamique et chargé par la lib OS (OSSetBootDol) du SDK. En développement, on peut mapper les sections jusqu'à l'offset 0x80700000. Si on dépasse cette limite, l'apploader générera une erreur.
For performance optimizations it is advisable to keep a max loaded length of 4Mb. This restriction is enabled by default with the DolLimit setting set to 4Mb in the BI2. This limit is often disabled by developers. Code in .rel can be dynamically relocated and loaded by SDK OS lib (OSSetBootDol).
* In development boards we can map sections in virtual memory up to 0x81200000.
* In production boards we can map sections in virtual memory up to 0x80700000.
After this limits the apploader will raise an error.


== Format ==
== Format ==
 
The dol is an [[GCM (File format)|iso/GCM]] GameCube system file and is placed independently of the mini DVD user space (FST). The dol offset is stored in the boot.bin:0x420 at the beginning of the GCM/iso.
Le fichier dol est un fichier système de la GameCube et il se place directement dans l'[[GCM (Format de fichier)|iso/GCM]] indépendamment du système de fichiers (FST). Son offset dans l'iso est stocké à l'offset 0x420 de l'iso.


=== Header ===
=== Header ===


Le [http://wiki.tockdom.com/wiki/DOL_(File_Format) header] fait 0x100 octets. Il décrit comment le fichier doit être chargé en mémoire et où aller quand on l'exécute.
The dol [http://wiki.tockdom.com/wiki/DOL_(File_Format) header] has a length of 0x100 bytes which describe how the dol must be loaded in virtual memory and how to prepare this memory.


{| class="wikitable"
{| class="wikitable"
!colspan="3"| Header du fichier
!colspan="3"| Dol header
|-
|-
! Offset !! Taille !! Description
! Offset !! Length !! Description
|-
|-
| 0x000 || style="width:10%;" | 4 × 18 || Offsets des sections - indique où commence la section par rapport au début du dol. 0 pour une section non utilisée.
| 0x000 || style="width:10%;" | 4 × 18 || Sections offsets - It tells where the section data begins relative from the dol start. 0 for unused section.
|-
|-
| 0x048 || 4 × 18 || Adresses virtuelles des sections - indique où chaque section doit être copiée par le loader en adressage virtuel. 0 pour une section non utilisée.
| 0x048 || 4 × 18 || Sections virtual addresses - It tells where we load section data in virtual memory. 0 for unused section.
|-
|-
| 0x090 || 4 × 18 || Taille des sections en octets. 0 pour une section non utilisée.
| 0x090 || 4 × 18 || Sections lengths in bytes. 0 for unused section.
|-
|-
| 0x0d8 || 4 || Adresse virtuelle du bss - le début de la zone des variables non initialisées (.bss), initialisé à 0.
| 0x0d8 || 4 || bss virtual address - Where bss start in virtual memory. bss areas are 0 initialized.
|-
|-
| 0x0dc || 4 || Taille du bss en octets.
| 0x0dc || 4 || bss length in bytes.
|-
|-
| 0x0e0 || 4 || Entry point - indique l'adresse virtuelle de la fonction principale à exécuter après avoir chargé le dol en mémoire. Cette fonction ne doit pas se terminer.
| 0x0e0 || 4 || Entry point - Virtual address where we start executing when the dol has been loaded. This function shouldn't terminate.
|-
|-
| 0x0e4 || 0x1c || Padding.
| 0x0e4 || 0x1c || Padding.
|-
|-
| 0x100 || colspan="2"| Fin du header. Début des données des sections.
| 0x100 || colspan="2"| Header end. Start of section data.
|}
|}


Les 7 première sections sont des sections .text qui contiennent du bytecode exécutable. On peut y retrouver des routines capturant des interruptions ainsi que du padding.
The first 7 sections are .text section containing executable code. We can find interrupts handlers or padding in it.


Les 11 sections suivantes sont des sections .data qui contiennent des données initialisées.
The 11 next sections are for .data containing initialized data.


L’intervalle du .bss peut contenir des intervalles .text ou .data. Le .bss est alors automatiquement splitté lors de sa création pour ne pas écraser les sections déjà existantes.
The .bss interval can contain .data or .text sections in it. If this is the case then the .bss is splited to not override existing sections and only out parts are kept.


Les sections doivent être alignée sur 32 octets. L'[https://www.gc-forever.com/wiki/index.php?title=Apploader apploader] aligne la taille sur les 32 octets supérieurs.
All sections have to be aligned to 32 bytes. The [https://www.gc-forever.com/wiki/index.php?title=Apploader apploader] align all section length to upper 32 bytes


=== Organisation de la mémoire ===
=== Memory organization ===
[https://www.gc-forever.com/yagcd/chap4.html#sec4 Yet Another GameCube Documentation / YAGCD] propose une très bonne documentation sur le fonctionnement matériel de la GameCube.
[https://www.gc-forever.com/yagcd/chap4.html#sec4 Yet Another GameCube Documentation / YAGCD] provide a very good documentation on memory organization.


==== Organisation globale de la mémoire ====
==== Memory global organization ====


L'organisation globale de la mémoire décrit comment l'adressage utilisé dans le dol permet d'accéder aux différents composants matériels de la GameCube. Ceci est très intéressant notamment pour les accès aux différents bus / interfaces.
The global memory organization describes how addressing used in the dol allow to access the different GameCube hardware components. This is really interesting and help to understand how to access busses / interfaces.


{| class="wikitable"
{| class="wikitable"
! colspan=4 | Mapping mémoire
! colspan=4 | Memory mapping
|-
|-
! Début !! Fin !! Taille !! Description
! Begin !! End !! Length !! Description
|-
|-
| 0x00000000 || 0x017fffff || 24MB || Adresses physique de la RAM
| 0x00000000 || 0x017fffff || 24MB || Physical address of the RAM
|-
|-
| 0x80000000 || 0x817fffff || 24MB || Adresses logiques (Virtuelles) de la RAM, mises en cache
| 0x80000000 || 0x817fffff || 24MB || Logical address of the RAM, cached
|-
|-
| 0xC0000000 || 0xC17fffff || 24MB || Adresses logiques (Virtuelles) de la RAM, sans cache
| 0xC0000000 || 0xC17fffff || 24MB || Logical address of the RAM, not cached
|-
|-
| 0xc8000000 || || 2MB || Embedded Framebuffer (EFB)
| 0xc8000000 || || 2MB || Embedded Framebuffer (EFB)
Line 98: Line 97:
| 0xe0000000 || 0xe0003fff || 16k || L2 Cache
| 0xe0000000 || 0xe0003fff || 16k || L2 Cache
|-
|-
| 0xfff00000 || || 1MB || IPL (mappé ici lors du boot)
| 0xfff00000 || || 1MB || IPL (mapped here at boot up)
|}
|}


La taille des registres matériels semble être renseignée dans [https://github.com/Cuyler36/Ghidra-GameCube-Loader/blob/master/src/main/java/gamecubeloader/common/SystemMemorySections.java un module Ghidra] permettant de loader les fichiers dol.
Hardware registers length and composition is detailed [https://www.gc-forever.com/yagcd/chap5.html#sec5 here].


==== Mémoire du programme (dol) ====
==== User program area (dol) ====
L'espace où le dol peut être chargé se situe dans les 24MB de la RAM en adressage virtuel mis en cache, des adresses 0x80003100 à 0x80700000 en matériel de production, ou 0x81200000 pour le matériel de développement.
As seen above the dol is mapped in the 24MB of RAM in virtual cached address space from 0x80003100 to 0x80700000 in production boards, and 0x81200000 in development boards.


Les 0x3100 premiers octets contiennent des informations système ("Dolphin OS Globals") notamment les routines appelées lors des interruptions spécifique à powerpc. On y retrouvera aussi tout un tas d'information sur l'iso ou encore l'offset de la FST etc.
The first 0x3100 bytes contain system information [https://www.gc-forever.com/yagcd/chap4.html#sec4.2.1 ("Dolphin OS Globals")] with global variables and also interrupts handlers specific to powerpc architecture. Those informations are interesting when creating a dol loader resolving cross references inside the code.


{| class="wikitable"
{| class="wikitable"
! colspan=4 | Mapping mémoire
! colspan=4 | Memory map
|-
|-
! Adresse !! Description
! Address !! Description
|-
|-
| 0x80003100 || Début du mapping des sections .text (généralement)
| 0x80003100 || Start of mapped sections .text (usually)
|-
|-
| 0x80003140 || Entry point (early SDK v1.0 applications)
| 0x80003140 || Entry point (early SDK v1.0 applications)
|-
|-
| ? || Stack - à la suite de la dernière section avec une taille par défaut de 0x10000 octets
| ? || Stack - After the last section with a default length of 0x10000 bytes
|-
|-
| ? || ArenaLo - Bas de la mémoire tas (Heap) - initialisé par l'OS (SDK) à la suite de la pile
| ? || ArenaLo - Bottom of the Area initialized by the OS (SDK) after the Stack
|-
|-
| 0x81200000 || Adresse de chargement de l'Apploader
| 0x81200000 || Load Address of the Apploader
|-
|-
| 0x81300000 || Adresse de chargement du Bootrom/IPL
| 0x81300000 || Load Address of Bootrom/IPL
|-
|-
| ? || ArenaHi - Haut de la mémoire tas (Heap) - initialisé par l'OS (SDK) collé à la FST
| ? || ArenaHi - Top of the Area initialized by the OS (SDK) stuck to the FST
|-
|-
| ? || FST - Taille variable - collée à la fin de l'adressage virtuel
| ? || FST - Variable length - Stuck to the end of virtual cached memory space.
|-
|-
| 0x81800000 || Fin de l'adressage virtuel
| 0x81800000 || End of the virtual cached memory space (24MB)
|}
|}


Il est tout d'abord intéressant de noter que la mémoire tas contient l'apploader et la bootrom/IPL. Elle est allouée via l'api du SDK.
The Area contains the apploader and the bootrom/IPL. This area is allocated by the SDK api and is used to create and destroy Heaps in it.


Le dol peut être mappé de 0x80003100 à 0x80700000 en production, ce qui laisse 7.3 Mo pour le programme.
The dol can be mapped from 0x80003100 to 0x80700000 in production boards leaving 7.3 MB for the program.


La FST est chargée en fonction de son positionnement par rapport au dol dans l'[[GCM (Format de fichier)|iso/GCM]]:
The FST is loaded in virtual memory depending to its position from the dol in the [[GCM (File format)|GCM/iso]]:
* dol_offset_FST < dol_offset_iso -> virtual_address_FST > dol_address_FST
* FST_offset(iso) < dol_offset(iso) -> FST_virtual_address > dol_virtual_address
* dol_offset_FST > dol_offset_iso -> virtual_address_FST < dol_address_FST
* FST_offset(iso) > dol_offset(iso) -> FST_virtual_address < dol_virtual_address


==== Sections ====
==== Sections ====


On remarquera le comportement important de 4 registres spécialisés :
The PowerPc Embedded Application Binary Interface (EABI) describes 4 special registers:
* R1 pointe sur la pile. On soustraira l'espace nécessaire pour chaque frame de fonctions. Les fonctions terminales (n'appelant pas de fonctions) n'auront pas forcément besoin de frame.
* R1 is the stack pointer. We subtract the space needed from it when entering in a function (Stack Frame). Terminal functions (those which don't call any functions) don't always need a frame.
* R2 pointe sur le __SDA2_BASE__ Small Data Anchor en lecture seule. On trouvera les sections .sdata2 (constantes initialisées) ou .sbss2 (constantes non initialisées).
* R2 is the read only Small Data Anchor __SDA2_BASE__ addressed with a signed short offset. It corresponds to the .sdata2 (initialized constants) or .sbss2 (uninitialized constants).
* R13 pointe sur le __SDA_BASE__ Small Data Anchor en lecture / écriture. On trouvera le .sdata (variables initialisées) ou .sbss (non initialisées.)
* R13 is the Read / Write Small Data Anchor __SDA_BASE__ also addressed with a signed short offset. It corresponds to the .sdata (initialized variables) or .sbss (uninitialized variables).
* R0 lors qu'il est utilisé avec un offset ne tient pas compte de sa valeur. Il permet d'adresser les 0x8000 premiers octets de l'espace d'adresse ou les 0x7fff derniers octets de l'espace d'adresses. (signed short)
* R0 when used with an offset don't care about its value. It allows to address 0x8000 first bytes of memory space and 0x7fff last bytes (signed short).


Les SDA sont adressé avec un offset signed short (-0x8000 +0x7FFF). Lors de l'arrivée sur l'entrypoint, R1 R2 et R13 pointent sur l'espace de la Bootrom/IPL. La première fonction __init_registers leur donne alors une valeur dans l'espace d'adressage du dol recoupant souvent les sections .data et .bss initialement mappées dans le dol.
As said above SDA are used with a signed short offset (-0x8000 +0x7FFF). When we reach the entry_point then R1 R2 and R13 are pointing in the Bootrom/IPL. The first function __init_registers initialize them for executing the dol and we can see that it's set to the beginning of some .data and .bss sections.


On retrouvera souvent les sections data dans cet ordre du fait de leur origine en format ELF32 :
We found this section originally build in the ELF32 file format:
* .ctors
* .ctors
* .dtors
* .dtors
Line 156: Line 155:
* .data
* .data
* .bss
* .bss
* .sdata (on vérifiera avec -0x8000(R13)  
* .sdata (should correspond to -0x8000(R13)  
* .sbss
* .sbss
* .sdata2 (on vérifiera avec -0x8000(R2)
* .sdata2 (should correspond to -0x8000(R2)
* .sbss2
* .sbss2
* Suivi par la fin de la stack (0x10000 octets par défaut)
* Followed by the stack (by default 0x10000 bytes length)
* Suivi par ArenaLo, le début de la mémoire tas généré par l'OS du SDK
* Followed by ArenaLo initialized by the SDK
* Apploader chargé en 81200000
* Apploader loaded at address 81200000
* Bootrom/IPL chargé en 81300000
* Bootrom/IPL loaded at address 81300000
* ArenaHi collé à la FST
* ArenaHi stuck to the FST
* FST collé à la fin de la mémoire (81800000)
* FST stuck to the end of memory (81800000)


On remarquera deux API du SDK OS gérant la mémoire tas : OSAllocFromArenaHi & OSAllocFromArenaLo.
The SDK offers two functions for handling Arena: OSAllocFromArenaHi & OSAllocFromArenaLo. But the main program initializes a number of Heaps in it and Create / Destroy them as it needs.


== DI - DVD Interface ==
== DI - DVD Interface ==
Le driver qui permet d'accéder au DVD utilise la puce [https://wiibrew.org/wiki/Hardware/Disc_Drive#Hardware MN102] documentée sur [https://www.gc-forever.com/yagcd/chap5.html#sec5.7 yagcd]. On trouvera les sources d'un plugin [http://hitmen.c02.at/html/gc_releases.html MN102 IDA Pro] sur le site de la team Hitmen.
The driver handling DVD accesses uses the chip [https://wiibrew.org/wiki/Hardware/Disc_Drive#Hardware MN102] documented on [https://www.gc-forever.com/yagcd/chap5.html#sec5.7 yagcd]. The Hitmen team has programmed a plugin for it: [http://hitmen.c02.at/html/gc_releases.html MN102 IDA Pro].


Documentation sur la [http://hitmen.c02.at/files/docs/gc/Ingenieria-Inversa-Understanding_WII_Gamecube_Optical_Disks.html lecture du disque].
Some more documentation on [http://hitmen.c02.at/files/docs/gc/Ingenieria-Inversa-Understanding_WII_Gamecube_Optical_Disks.html disc reads].


== EXI - External Interface ==
== EXI - External Interface ==
Les [https://github.com/dolphin-emu/dolphin/blob/master/Source/Core/Core/HW/EXI/EXI_Device.h sources de Dolphin Emulator] montrent l'usage de EXI. On y retrouve MemoryCard, MaskROM, AD16, Microphone, Ethernet, AGP, EthernetXLink, EthernetTapServer.
[https://github.com/dolphin-emu/dolphin/blob/master/Source/Core/Core/HW/EXI/EXI_Device.h Dolphin Emulator sources] show how EXI is used: MemoryCard, MaskROM, AD16, Microphone, Ethernet, AGP, EthernetXLink, EthernetTapServer.


== SI - Serial Interface ==
== SI - Serial Interface ==
Les [https://github.com/dolphin-emu/dolphin/blob/master/Source/Core/Core/HW/SI/SI_Device.h sources de Dolphin Emulator] donnent des indices sur l'usage du registre hardaware SI. On y retrouve la connexion des périphériques GBA (Game Boy Advance), CONTROLLER, KEYBOARD, STEERING, TARUKONGA. L'interface SI utilise le protocole [https://n64brew.dev/wiki/Joybus_Protocol Joybus].
[https://github.com/dolphin-emu/dolphin/blob/master/Source/Core/Core/HW/SI/SI_Device.h Dolphin Emulator sources] show devices using SI. We found these devices: GBA (Game Boy Advance), CONTROLLER, KEYBOARD, STEERING, TARUKONGA. The Serial Interface uses the [https://n64brew.dev/wiki/Joybus_Protocol Joybus] protocol.


== Logiciels ==
== Softwares ==


Ces logiciels ci-dessous permettent de manipuler les fichiers dol :
These softwares can handle dol files:
* [https://github.com/Virtual-World-RE/NeoGF/tree/main/doltool doltool.py], proposé par Virtual World RE.
* [https://github.com/Virtual-World-RE/NeoGF/tree/main/doltool doltool.py] - Virtual World RE.
* [https://github.com/sup39/GeckoLoader GeckoLoader], proposé par JoshuaMKW, sup32.
* [https://github.com/sup39/GeckoLoader GeckoLoader], - JoshuaMKW, sup32.


[[Catégorie:Format de fichier]]
[[Category:File format]]
[[Catégorie:Gotcha Force]]

Latest revision as of 13:07, 7 October 2023

← Gotcha Force

This article is for the DOL file format. See DOL (Gotcha Force) for current research on Gotcha Force DOL.


This file format needs more research.
Researches on headers / bodies structures are partially achieved.


DOL files (from the GameCube codename dolphin) are files found in iso/GCM GameCube and Wii files. The observations below concern only GameCube dol. Before being a dol the file was in ELF file format compiled from C sources with the GameCube SDK. All libs are staticly linked but in some dols we found some kind of external code loaded in the REL format.

Boot Info 2 (BI2) dol configuration

For performance optimizations it is advisable to keep a max loaded length of 4Mb. This restriction is enabled by default with the DolLimit setting set to 4Mb in the BI2. This limit is often disabled by developers. Code in .rel can be dynamically relocated and loaded by SDK OS lib (OSSetBootDol).

  • In development boards we can map sections in virtual memory up to 0x81200000.
  • In production boards we can map sections in virtual memory up to 0x80700000.

After this limits the apploader will raise an error.

Format

The dol is an iso/GCM GameCube system file and is placed independently of the mini DVD user space (FST). The dol offset is stored in the boot.bin:0x420 at the beginning of the GCM/iso.

Header

The dol header has a length of 0x100 bytes which describe how the dol must be loaded in virtual memory and how to prepare this memory.

Dol header
Offset Length Description
0x000 4 × 18 Sections offsets - It tells where the section data begins relative from the dol start. 0 for unused section.
0x048 4 × 18 Sections virtual addresses - It tells where we load section data in virtual memory. 0 for unused section.
0x090 4 × 18 Sections lengths in bytes. 0 for unused section.
0x0d8 4 bss virtual address - Where bss start in virtual memory. bss areas are 0 initialized.
0x0dc 4 bss length in bytes.
0x0e0 4 Entry point - Virtual address where we start executing when the dol has been loaded. This function shouldn't terminate.
0x0e4 0x1c Padding.
0x100 Header end. Start of section data.

The first 7 sections are .text section containing executable code. We can find interrupts handlers or padding in it.

The 11 next sections are for .data containing initialized data.

The .bss interval can contain .data or .text sections in it. If this is the case then the .bss is splited to not override existing sections and only out parts are kept.

All sections have to be aligned to 32 bytes. The apploader align all section length to upper 32 bytes

Memory organization

Yet Another GameCube Documentation / YAGCD provide a very good documentation on memory organization.

Memory global organization

The global memory organization describes how addressing used in the dol allow to access the different GameCube hardware components. This is really interesting and help to understand how to access busses / interfaces.

Memory mapping
Begin End Length Description
0x00000000 0x017fffff 24MB Physical address of the RAM
0x80000000 0x817fffff 24MB Logical address of the RAM, cached
0xC0000000 0xC17fffff 24MB Logical address of the RAM, not cached
0xc8000000 2MB Embedded Framebuffer (EFB)
0xCC000000 Hardware registers
0xCC000000 CP - Command Processor
0xCC001000 PE - Pixel Engine
0xCC002000 VI - Video Interface
0xCC003000 PI - Processor Interface (Interrupt Interface)
0xCC004000 MI - Memory Interface
0xCC005000 AI - Audio Interface
0xCC006000 DI - DVD Interface
0xCC006400 SI - Serial Interface
0xCC006800 EXI - External Interface
0xCC006C00 Streaming Interface
0xCC008000 GX FIFO (Graphic display lists)
0xe0000000 0xe0003fff 16k L2 Cache
0xfff00000 1MB IPL (mapped here at boot up)

Hardware registers length and composition is detailed here.

User program area (dol)

As seen above the dol is mapped in the 24MB of RAM in virtual cached address space from 0x80003100 to 0x80700000 in production boards, and 0x81200000 in development boards.

The first 0x3100 bytes contain system information ("Dolphin OS Globals") with global variables and also interrupts handlers specific to powerpc architecture. Those informations are interesting when creating a dol loader resolving cross references inside the code.

Memory map
Address Description
0x80003100 Start of mapped sections .text (usually)
0x80003140 Entry point (early SDK v1.0 applications)
? Stack - After the last section with a default length of 0x10000 bytes
? ArenaLo - Bottom of the Area initialized by the OS (SDK) after the Stack
0x81200000 Load Address of the Apploader
0x81300000 Load Address of Bootrom/IPL
? ArenaHi - Top of the Area initialized by the OS (SDK) stuck to the FST
? FST - Variable length - Stuck to the end of virtual cached memory space.
0x81800000 End of the virtual cached memory space (24MB)

The Area contains the apploader and the bootrom/IPL. This area is allocated by the SDK api and is used to create and destroy Heaps in it.

The dol can be mapped from 0x80003100 to 0x80700000 in production boards leaving 7.3 MB for the program.

The FST is loaded in virtual memory depending to its position from the dol in the GCM/iso:

  • FST_offset(iso) < dol_offset(iso) -> FST_virtual_address > dol_virtual_address
  • FST_offset(iso) > dol_offset(iso) -> FST_virtual_address < dol_virtual_address

Sections

The PowerPc Embedded Application Binary Interface (EABI) describes 4 special registers:

  • R1 is the stack pointer. We subtract the space needed from it when entering in a function (Stack Frame). Terminal functions (those which don't call any functions) don't always need a frame.
  • R2 is the read only Small Data Anchor __SDA2_BASE__ addressed with a signed short offset. It corresponds to the .sdata2 (initialized constants) or .sbss2 (uninitialized constants).
  • R13 is the Read / Write Small Data Anchor __SDA_BASE__ also addressed with a signed short offset. It corresponds to the .sdata (initialized variables) or .sbss (uninitialized variables).
  • R0 when used with an offset don't care about its value. It allows to address 0x8000 first bytes of memory space and 0x7fff last bytes (signed short).

As said above SDA are used with a signed short offset (-0x8000 +0x7FFF). When we reach the entry_point then R1 R2 and R13 are pointing in the Bootrom/IPL. The first function __init_registers initialize them for executing the dol and we can see that it's set to the beginning of some .data and .bss sections.

We found this section originally build in the ELF32 file format:

  • .ctors
  • .dtors
  • .rodata
  • .data
  • .bss
  • .sdata (should correspond to -0x8000(R13)
  • .sbss
  • .sdata2 (should correspond to -0x8000(R2)
  • .sbss2
  • Followed by the stack (by default 0x10000 bytes length)
  • Followed by ArenaLo initialized by the SDK
  • Apploader loaded at address 81200000
  • Bootrom/IPL loaded at address 81300000
  • ArenaHi stuck to the FST
  • FST stuck to the end of memory (81800000)

The SDK offers two functions for handling Arena: OSAllocFromArenaHi & OSAllocFromArenaLo. But the main program initializes a number of Heaps in it and Create / Destroy them as it needs.

DI - DVD Interface

The driver handling DVD accesses uses the chip MN102 documented on yagcd. The Hitmen team has programmed a plugin for it: MN102 IDA Pro.

Some more documentation on disc reads.

EXI - External Interface

Dolphin Emulator sources show how EXI is used: MemoryCard, MaskROM, AD16, Microphone, Ethernet, AGP, EthernetXLink, EthernetTapServer.

SI - Serial Interface

Dolphin Emulator sources show devices using SI. We found these devices: GBA (Game Boy Advance), CONTROLLER, KEYBOARD, STEERING, TARUKONGA. The Serial Interface uses the Joybus protocol.

Softwares

These softwares can handle dol files: