Toggle search
Toggle menu
34
12
25
1.5K
Virtual World R.E.
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

DOL (Gotcha Force)

More actions

← Gotcha Force

This article is about Gotcha Force DOL file format and ongoing researchs on it. See DOL (File format) for DOL file format description.

Cette section est en cours de rédaction.
Des recherches sont encore nécessaires et certains paragraphes peuvent être faux.

Mapping mémoire

Le dol est mappé en mémoire mais ensuite on retrouve des espaces non mappés initialement utilisés par le jeu. On y trouvera par exemple l'ensemble des variables servant à la Warehouse dans le dol EU, dans l'intervalle [80593190:80598044[.

Le patching du dol devient alors délicat, car il ne faudrait pas ajouter du contenu dans un espace utilisé. Le reverse de l'apploader montre que l'adresse max du dol se situe en:

  • 0x80700000 // production boards
  • 0x81200000 // development boards

Il est intéressant de noter qu'en production, il est possible d'écraser l'espace alloué à MetroTRK. Il faut alors investiguer les fichiers sys de l'iso/GCM pour voir comment est mappé la mémoire pour le debug (variables utilisées dans l'apploader).

  • Peut on déterminer l'adressage utilisé par MetroTRK ?
  • Existe-t-il d'autres libs ou codes qui ne sont pas utilisés par le dol ?

Question:

  • Les sections ont elles des droits d'accès R/W/X ?
  • Peut on patch l'apploader (trailer size + padding à la fin? ça représente quelle taille ?

L'entrypoint appelle la fonction __init_registers qui va donner leurs valeurs à :

  • R1 (stack)
  • R2 (__SDA2_BASE__) - il s'agit du __SDA2__ en lecture seule
  • R13 (__SDA_BASE__) - il s'agit du SDA en lecture écriture

Les sda sont utilisés avec un offset signed short (-0x8000 à +0x7fff).

  • -0x8000(R13) = adresse précise de .sdata suivie du .sbss
  • -0x8000(R2) = adresse précise de .sdata2 suivie du .sbss2
  • R1 = souvent adresse de fin du .sbss2 + 0x10000

De la sorte il semble que seul "une partie" des offsets négatifs de R2 et R13 soient utilisés pour adresser des données en alignant le début du SDA sur l'offset négatif le plus grand.

USA

Entry point: 80003154 

|--------------------------------------------------|
| Section | Offset   | Address  | Length   | Used  |
|---------|----------|----------|----------|-------|
| text0   | 00000100 | 80003100 | 000024e0 | True  |
| text1   | 000025e0 | 800055e0 | 002aab80 | True  |
| text2   | 00000000 | 00000000 | 00000000 | False |
| text3   | 00000000 | 00000000 | 00000000 | False |
| text4   | 00000000 | 00000000 | 00000000 | False |
| text5   | 00000000 | 00000000 | 00000000 | False |
| text6   | 00000000 | 00000000 | 00000000 | False |
| data7   | 002ad160 | 802b0160 | 00000020 | True  |
| data8   | 002ad180 | 802b0180 | 00000020 | True  |
| data9   | 002ad1a0 | 802b01a0 | 0000acc0 | True  |
| data10  | 002b7e60 | 802bae60 | 000f42c0 | True  |
| data11  | 003ac120 | 804335a0 | 00002b20 | True  |
| data12  | 003aec40 | 80436a20 | 00006ae0 | True  |
| data13  | 00000000 | 00000000 | 00000000 | False |
| data14  | 00000000 | 00000000 | 00000000 | False |
| data15  | 00000000 | 00000000 | 00000000 | False |
| data16  | 00000000 | 00000000 | 00000000 | False |
| data17  | 00000000 | 00000000 | 00000000 | False |
|--------------------------------------------------|
  • bss: address:803af140 length:0008e3e8
  • R1 = 8044d528
  • R2 = 8043ea20
  • R13 = 8043b5a0
|----------------------------------------------|
| Section     | beg_addr | end_addr | length   |
|-------------|----------|----------|----------|
| system      | 80000000 | 80003100 | 00003100 |
| .text0      | 80003100 | 800055e0 | 000024e0 |
| .text1      | 800055e0 | 802b0160 | 002aab80 |
| .ctors      | 802b0160 | 802b0180 | 00000020 |
| .dtors      | 802b0180 | 802b01a0 | 00000020 |
| .rodata     | 802b01a0 | 802bae60 | 0000acc0 |
| .data       | 802bae60 | 803af120 | 000f42c0 |
| empty       | 803af120 | 803af140 | 00000020 |
| .bss        | 803af140 | 804335a0 | 00084460 |
| .sdata      | 804335a0 | 804360c0 | 00002b20 |
| .sbss       | 804360c0 | 80436a20 | 00000960 |
| .sdata2     | 80436a20 | 8043d500 | 00006ae0 |
| .sbss2      | 8043d500 | 8043d528 | 00000028 |
| stack       | 8043d528 | 8044d528 | 00010000 |
| empty       | 8044d528 | 8044d540 | 00000018 |
| ArenaLo     | 8044d540 |          |          |
| apploader   | 81200000 |        ? |        ? |
| Bootrom/IPL | 81300000 |        ? |        ? |
| ArenaHi     |          | 817fffa0 |          |
| FST         | 817fffa0 | 81800000 | 00500000 |
|----------------------------------------------|

EU

Entry point: 80003154 

|--------------------------------------------------|
| Section | Offset   | Address  | Length   | Used  |
|---------|----------|----------|----------|-------|
| text0   | 00000100 | 80003100 | 000024e0 | True  |
| text1   | 000025e0 | 800055e0 | 002ac800 | True  |
| text2   | 00000000 | 00000000 | 00000000 | False |
| text3   | 00000000 | 00000000 | 00000000 | False |
| text4   | 00000000 | 00000000 | 00000000 | False |
| text5   | 00000000 | 00000000 | 00000000 | False |
| text6   | 00000000 | 00000000 | 00000000 | False |
| data7   | 002aede0 | 802b1de0 | 00000020 | True  |
| data8   | 002aee00 | 802b1e00 | 00000020 | True  |
| data9   | 002aee20 | 802b1e20 | 0000f060 | True  |
| data10  | 002bde80 | 802c0e80 | 000f5d40 | True  |
| data11  | 003b3bc0 | 8043cbe0 | 00002b20 | True  |
| data12  | 003b66e0 | 80440080 | 00006d20 | True  |
| data13  | 00000000 | 00000000 | 00000000 | False |
| data14  | 00000000 | 00000000 | 00000000 | False |
| data15  | 00000000 | 00000000 | 00000000 | False |
| data16  | 00000000 | 00000000 | 00000000 | False |
| data17  | 00000000 | 00000000 | 00000000 | False |
|--------------------------------------------------|
  • bss: address:803b6bc0 length:00090208
  • R1 = 80456dc8
  • R2 = 80448080
  • R13 = 80444be0
|----------------------------------------------|
| Section     | beg_addr | end_addr | length   |
|-------------|----------|----------|----------|
| system      | 80000000 | 80003100 | 00003100 |
| .text0      | 80003100 | 800055e0 | 000024e0 |
| .text1      | 800055e0 | 802b1de0 | 002ac800 |
| .ctors      | 802b1de0 | 802b1e00 | 00000020 |
| .dtors      | 802b1e00 | 802b1e20 | 00000020 |
| .rodata     | 802b1e20 | 802c0e80 | 0000f060 |
| .data       | 802c0e80 | 803b6bc0 | 000f5d40 |
| .bss        | 803b6bc0 | 8043cbe0 | 00086020 |
| .sdata      | 8043cbe0 | 8043f700 | 00002b20 |
| .sbss       | 8043f700 | 80440080 | 00000980 |
| .sdata2     | 80440080 | 80446da0 | 00006d20 |
| .sbss2      | 80446da0 | 80446dc8 | 00000028 |
| stack       | 80446dc8 | 80456dc8 | 00010000 |
| empty       | 80456dc8 | 80456de0 | 00000018 |
| ArenaLo     | 80456de0 |          |          |
| apploader   | 81200000 |        ? |        ? |
| Bootrom/IPL | 81300000 |        ? |        ? |
| ArenaHi     |          | 817fff40 |          |
| FST         | 817fff40 | 81800000 | 000000C0 |
|----------------------------------------------|

80593A00 -> 80598040 Wharehouse

JAP

Entry point: 80003154 

|--------------------------------------------------|
| Section | Offset   | Address  | Length   | Used  |
|---------|----------|----------|----------|-------|
| text0   | 00000100 | 80003100 | 000024e0 | True  |
| text1   | 000025e0 | 800055e0 | 002aab20 | True  |
| text2   | 00000000 | 00000000 | 00000000 | False |
| text3   | 00000000 | 00000000 | 00000000 | False |
| text4   | 00000000 | 00000000 | 00000000 | False |
| text5   | 00000000 | 00000000 | 00000000 | False |
| text6   | 00000000 | 00000000 | 00000000 | False |
| data7   | 002ad100 | 802b0100 | 00000020 | True  |
| data8   | 002ad120 | 802b0120 | 00000020 | True  |
| data9   | 002ad140 | 802b0140 | 0000a2e0 | True  |
| data10  | 002b7420 | 802ba420 | 000f3e60 | True  |
| data11  | 003ab280 | 804326e0 | 00002b00 | True  |
| data12  | 003add80 | 80435b40 | 00006b60 | True  |
| data13  | 00000000 | 00000000 | 00000000 | False |
| data14  | 00000000 | 00000000 | 00000000 | False |
| data15  | 00000000 | 00000000 | 00000000 | False |
| data16  | 00000000 | 00000000 | 00000000 | False |
| data17  | 00000000 | 00000000 | 00000000 | False |
|--------------------------------------------------|
  • bss: address:803ae280 length:0008e448
  • R1 = 8044c6c8
  • R2 = 8043db40
  • R13 = 8043a6e0
|----------------------------------------------|
| Section     | beg_addr | end_addr | length   |
|-------------|----------|----------|----------|
| system      | 80000000 | 80003100 | 00003100 |
| .text0      | 80003100 | 800055e0 | 000024e0 |
| .text1      | 800055e0 | 802b0100 | 002aab20 |
| .ctors      | 802b0100 | 802b0120 | 00000020 |
| .dtors      | 802b0120 | 802b0140 | 00000020 |
| .rodata     | 802b0140 | 802ba420 | 0000a2e0 |
| .data       | 802ba420 | 803ae280 | 000f3e60 |
| .bss        | 803ae280 | 804326e0 | 00084460 |
| .sdata      | 804326e0 | 804351e0 | 00002b00 |
| .sbss       | 804351e0 | 80435b40 | 00000960 |
| .sdata2     | 80435b40 | 8043c6a0 | 00006b60 |
| .sbss2      | 8043c6a0 | 8043c6c8 | 00000028 |
| stack       | 8043c6c8 | 8044c6c8 | 00000018 |
| empty       | 8044c6c8 | 8044c6e0 | 00010000 |
| ArenaLo     | 8044c6e0 |          |          |
| apploader   | 81200000 |        ? |        ? |
| Bootrom/IPL | 81300000 |        ? |        ? |
| ArenaHi     |          | 817fffa0 |          |
| FST         | 817fffa0 | 81800000 | 00000060 |
|----------------------------------------------|

Symbol map

La symbol map permet de mettre des noms sur les fonctions. Elle peut être charge dans dolphin emulateur en mode débug.

Symbol map USA : https://github.com/Virtual-World-RE/NeoGF/blob/main/data/GG4E-CSM-20220412.map

MetroTRK

Pour lancer le jeu en mode débug sur BBA (BroadBand Adapter ?) :

  • USA : Mettre un breakpoint en 80003190 puis mettre r3 à 1
  • EU : Mettre un breakpoint en 800031C0 puis mettre r7 à 4

Le reverse de l'apploader montre qu'il existe des variables de debug dans les fichiers système de l'iso/GCM. Il serait intéressant de tester le patch de ces variables afin de voir si MetroTRK se lance automatiquement. gcmtool.py sera mis à jour à ces fins.

SDK & libs

All libs and SDK are staticly linked inside the dol.

We found this libs and SDK:

  • GCN SDK - Base dolphin SDK.
  • Sysdolphin base library: Hal SysDolphin (HSD) Graphic and physic engine - https://github.com/doldecomp/melee/tree/master/src/sysdolphin/baselib
  • MetroTRK: Target Resident Debugging Kernel for embedded systems. It's an embedded Kernel for debug.
  • Metrowerks CW Runtime library: CodeWarrior: Metrowerks Standard Library and C/C++ Runtime
  • And from ADXT/GC to CRI CFT/GC: It seems to be audio and video codecs.

H and C files

All 3 iso contains following .h and .c symbols in the .data, .rodata, .sdata and .sdata2. The EU version contains also the symbol "objalloc.h". 

aobj.h
cobj.h
jobj.h
lobj.h
object.h

GCN_Mem_Alloc.c
aobj.c
bytecode.c
class.c
cobj.c
displayfunc.c
dobj.c
dvd.c
dvdfs.c
fobj.c
fog.c
hash.c
id.c
initialize.c
jobj.c
list.c
lobj.c
memory.c
mobj.c
mtx.c
objalloc.c
perf.c
pobj.c
robj.c
tev.c
texp.c
texpdag.c
tobj.c
tpl.c
util.c
vi.c
video.c
wobj.c

Strings USA

Strings list found in the dol and allowing to find libs / SDK: 

MetroTRK for GAMECUBE v2.0
Metrowerks CW runtime library
ADXT/GC Ver.8.57       Build:Feb 6 2003 18:03:46
SKG/GC Ver.0.61        Build:Feb 6 2003 18:03:49
ADXGC Ver.1.21         Build:Feb 6 2003 18:04:00
ADXGCSDK Ver.05Sep2002 Build:Feb 6 2003 18:04:01
ADXF/GC Ver.7.01       Build:Feb 6 2003 18:02:45
CVFS/GC Ver.2.33       Build:Feb 6 2003 18:02:35
GCCI Ver.1.09          Build:Feb 6 2003 18:02:33
LSC/GC Ver.2.10        Build:Feb 6 2003 18:02:32
SJ/GC Ver.6.10         Build:Feb 6 2003 18:02:53
SVM/GC Ver.1.51        Build:Feb 6 2003 18:02:51
MFCI/GC Ver.1.04       Build:Feb 6 2003 18:03:11
AXRNA Ver.1.02         Build:Feb 6 2003 18:03:43
CRI SUD/GC Ver.0.02    Build:Feb 6 2003 14:30:18
CRI SFX/GC Ver.1.22    Build:Feb 6 2003 14:30:16
CRI DCT/GC Ver.1.803   Build:Feb 6 2003 14:28:46
Append: MW2407 GC05Sep2002Patch1
CRI MPS/GC Ver.1.669   Build:Feb 6 2003 14:28:50
CRI MPV/GC Ver.1.840   Build:Feb 6 2003 14:28:53
Append: MW2407 GC05Sep2002Patch1
CRI SFD/GC Ver.1.842   Build:Feb 6 2003 14:29:53
Append: MW2407 GC05Sep2002Patch1
CRI SFH/GC Ver.1.12    Build:Feb 6 2003 14:30:00
MWSFD/GC Ver.2.62      Build:Feb 6 2003 14:28:42
Append: MW2407 GC05Sep2002Patch1
CRI CFT/GC Ver.1.24    Build:Feb 6 2003 14:28:33
<< Dolphin SDK – OS   release build: Apr 17 2003 12:33:06 (0x2301) >>
Dolphin OS Kernel built : %s %s Apr 17 2003 12:33:06
<< Dolphin SDK – EXI  release build: Apr 17 2003 12:33:17 (0x2301) >>
<< Dolphin SDK - SI   release build: Apr 17 2003 12:33:19 (0x2301) >>
<< Dolphin SDK - DVD  release build: Apr 22 2003 15:49:00 (0x2301) >>
<< Dolphin SDK - VI   release build: Apr 17 2003 12:33:22 (0x2301) >>
<< Dolphin SDK - PAD  release build: Apr 17 2003 12:33:44 (0x2301) >>
<< Dolphin SDK - AI   release build: Apr 17 2003 12:33:54 (0x2301) >>
<< Dolphin SDK - AR   release build: Apr 17 2003 12:33:55 (0x2301) >>
<< Dolphin SDK - ARQ  release build: Apr 17 2003 12:33:56 (0x2301) >>
<< Dolphin SDK - AX   release build: Apr 17 2003 12:33:57 (0x2301) >>
<< Dolphin SDK - DSP  release build: Apr 17 2003 12:34:16 (0x2301) >>
<< Dolphin SDK - CARD release build: Apr 17 2003 12:34:19 (0x2301) >>
<< Dolphin SDK - GX   release build: Apr 21 2003 14:55:46 (0x2301) >>
sysdolphin_base_library

Strings EU

Strings list found in the dol and allowing to find libs / SDK: 

Metrowerks Target Resident Kernel for PowerPC
MetroTRK for GAMECUBE v2.0
Metrowerks CW runtime library initializing default heap
ADXT/GC     Ver.8.57 Build:Feb       6 2003 18:03:46
SKG/GC      Ver.0.61 Build:Feb       6 2003 18:03:49
ADXGC       Ver.1.21 Build:Feb       6 2003 18:04:00
ADXGCSDK    Ver.05Sep2002 Build:Feb  6 2003 18:04:01
ADXF/GC     Ver.7.01 Build:Feb       6 2003 18:02:45
CVFS/GC     Ver.2.33 Build:Feb       6 2003 18:02:35
GCCI        Ver.1.09 Build:Feb       6 2003 18:02:33
LSC/GC      Ver.2.10 Build:Feb       6 2003 18:02:32
SJ/GC       Ver.6.10 Build:Feb       6 2003 18:02:53
SVM/GC      Ver.1.51 Build:Feb       6 2003 18:02:51
MFCI/GC     Ver.1.04 Build:Feb       6 2003 18:03:11
AXRNA       Ver.1.02 Build:Feb       6 2003 18:03:43
CRI SUD/GC  Ver.0.02 Build:Feb       6 2003 14:30:18
CRI SFX/GC  Ver.1.22 Build:Feb       6 2003 14:30:16
CRI DCT/GC  Ver.1.803 Build:Feb      6 2003 14:28:46
Append: MW2407 GC05Sep2002Patch1
CRI MPS/GC  Ver.1.669 Build:Feb      6 2003 14:28:50
CRI MPV/GC  Ver.1.840 Build:Feb      6 2003 14:28:53
Append: MW2407 GC05Sep2002Patch1
CRI SFD/GC  Ver.1.842 Build:Feb      6 2003 14:29:53
Append: MW2407 GC05Sep2002Patch1
CRI SFH/GC  Ver.1.12 Build:Feb       6 2003 14:30:00
MWSFD/GC    Ver.2.62 Build:Feb       6 2003 14:28:42
Append: MW2407 GC05Sep2002Patch1
CRI CFT/GC  Ver.1.24 Build:Feb        6 2003 14:28:33
<< Dolphin SDK - OS   release build: Apr 17 2003 12:33:06 (0x2301) >>
Dolphin OS Kernel built : Apr 17 2003 12:33:06
<< Dolphin SDK - EXI  release build: Apr 17 2003 12:33:17 (0x2301) >>
<< Dolphin SDK - SI   release build: Apr 17 2003 12:33:19 (0x2301) >>
<< Dolphin SDK - DVD  release build: Apr 22 2003 15:49:00 (0x2301) >>
<< Dolphin SDK - VI   release build: Apr 17 2003 12:33:22 (0x2301) >>
<< Dolphin SDK - PAD  release build: Apr 17 2003 12:33:44 (0x2301) >>
<< Dolphin SDK - AI   release build: Apr 17 2003 12:33:54 (0x2301) >>
<< Dolphin SDK - AR   release build: Apr 17 2003 12:33:55 (0x2301) >>
<< Dolphin SDK - ARQ  release build: Apr 17 2003 12:33:56 (0x2301) >>
<< Dolphin SDK - AX   release build: Apr 17 2003 12:33:57 (0x2301) >> 
<< Dolphin SDK - DSP  release build: Apr 17 2003 12:34:16 (0x2301) >>
DSPInit(): Build Date: Apr 17 2003 12:34:16
<< Dolphin SDK - CARD release build: Apr 17 2003 12:34:19 (0x2301) >>
<< Dolphin SDK - GX   release build: Apr 21 2003 14:55:46 (0x2301) >>  
sysdolphin_base_library
HSD_INIT_HEAP_MAX_NUM    is obsolete since 1.3.0.0.
HSD_INIT_AUDIO_HEAP_SIZE is obsolete since 1.3.0.0.

Strings JAP

Strings list found in the dol and allowing to find libs / SDK: 

Metrowerks Target Resident Kernel for PowerPC
MetroTRK for GAMECUBE v2.0
ADXT/GC Ver.8.57       Build:Feb  6 2003 18:03:46
SKG/GC Ver.0.61        Build:Feb  6 2003 18:03:49
ADXGC Ver.1.21         Build:Feb  6 2003 18:04:00
ADXGCSDK Ver.05Sep2002 Build:Feb  6 2003 18:04:01
ADXF/GC Ver.7.01       Build:Feb  6 2003 18:02:45
CVFS/GC Ver.2.33       Build:Feb  6 2003 18:02:35
GCCI Ver.1.09          Build:Feb  6 2003 18:02:33
LSC/GC Ver.2.10        Build:Feb  6 2003 18:02:32
SJ/GC Ver.6.10         Build:Feb  6 2003 18:02:53
SVM/GC Ver.1.51        Build:Feb  6 2003 18:02:51
MFCI/GC Ver.1.04       Build:Feb  6 2003 18:03:11
AXRNA Ver.1.02         Build:Feb  6 2003 18:03:43
CRI SUD/GC Ver.0.02    Build:Feb  6 2003 14:30:18
CRI SFX/GC Ver.1.22    Build:Feb  6 2003 14:30:16
CRI DCT/GC Ver.1.803   Build:Feb  6 2003 14:28:46
Append: MW2407 GC05Sep2002Patch1
CRI MPS/GC Ver.1.669   Build:Feb  6 2003 14:28:50
CRI MPV/GC Ver.1.840   Build:Feb  6 2003 14:28:53
Append: MW2407 GC05Sep2002Patch1
CRI SFD/GC Ver.1.842   Build:Feb  6 2003 14:29:53
Append: MW2407 GC05Sep2002Patch1
CRI SFH/GC Ver.1.12    Build:Feb  6 2003 14:30:00
MWSFD/GC Ver.2.62      Build:Feb  6 2003 14:28:42
Append: MW2407 GC05Sep2002Patch1
CRI CFT/GC Ver.1.24    Build:Feb  6 2003 14:28:33
<< Dolphin SDK - OS   release build: Apr 17 2003 12:33:06 (0x2301) >>
Dolphin OS Kernel built : Apr 17 2003 12:33:06
<< Dolphin SDK - EXI  release build: Apr 17 2003 12:33:17 (0x2301) >>
<< Dolphin SDK - SI   release build: Apr 17 2003 12:33:19 (0x2301) >>
<< Dolphin SDK - DVD  release build: Apr 22 2003 15:49:00 (0x2301) >>
<< Dolphin SDK - VI   release build: Apr 17 2003 12:33:22 (0x2301) >>
<< Dolphin SDK - PAD  release build: Apr 17 2003 12:33:44 (0x2301) >>
<< Dolphin SDK - AI   release build: Apr 17 2003 12:33:54 (0x2301) >>
<< Dolphin SDK - AR   release build: Apr 17 2003 12:33:55 (0x2301) >>
<< Dolphin SDK - ARQ  release build: Apr 17 2003 12:33:56 (0x2301) >>
<< Dolphin SDK - AX   release build: Apr 17 2003 12:33:57 (0x2301) >>
<< Dolphin SDK - DSP  release build: Apr 17 2003 12:34:16 (0x2301) >>
<< Dolphin SDK - CARD release build: Apr 17 2003 12:34:19 (0x2301) >>
<< Dolphin SDK - GX   release build: Apr 21 2003 14:55:46 (0x2301) >>
sysdolphin_base_library
Retrieved from "https://wiki.re.virtualworld.fr/index.php?title=DOL_(Gotcha_Force)&oldid=1136"