News: 11 March 2016 - Forum Rules

Author Topic: Displaying "N64 boot logo" in OoT Debug ROM  (Read 1720 times)

voxinot

  • Newbie
  • *
  • Posts: 1
    • View Profile
    • Encryption 64
Displaying "N64 boot logo" in OoT Debug ROM
« on: December 03, 2015, 08:17:24 pm »
I'm going to create my own N64 boot logo and place it in the debug rom. This thread will be a recording of my progress. Probably interesting shit to follow.

The goal here is to only use the tools available in Nemu64 to prove anyone can do this with no special tools. I used developer documents for supplemental information that are publicly available.

Feel free to post anything related.

http://n64devkit.square7.ch/pro-man/pro06/06-10.htm

Important bit: Load 1 MB of game from ROM to RDRAM at physical address 0x00000400

So after spending 9 quality hours stepping through the boot sequence of the game, here's what I discovered:

  • The 1MB of boot code loads the game engine.
  • The game engine then begins reading files to load in a sequence. The game engine/DMA access function loads pieces of files at 0x2000 per fetch.
  • The first file the game engine loads is ovl_title, which contains the N64 logo intro we've been looking for.
  • Now we spend another 3 days stepping through the logo code, seeing what functions do the drawing, animating, and so on.[/ii]
Now we need to determine what ovl_title actually does.

6 hours later:



This is the very first time anyone has seen the rotating N64 logo with its respective debug text. Look familiar? Majora's Mask's debug ROM has the same screen.

Code run before game.c hook:
80100DCC - The instruction that turns on the title screen debug text. It has to be set to 0x0002, not 0x0001. Makes me think this is for more verbosity. I wonder if this has an effect on other parts of the game.

Inside game.c:
80400B68 - This is where the game init begins. At the very end, the game init sets up variables to be used by ovl_title, and then passes control to it.
    80400C50 - The instruction that sets the opacity of the rectangle covering our logo.

Inside ovl_title:
80400AA8 - Function to set 'on' flag
    80400418 - The instruction that sets a flag to 0x0001. If it remains 0x0000 it will continue to play.
80400AB0 - Function to draw the N64 logo and texture text

Gameshark code that should activate it:
81100DCE 0002
81400C52 0000
8140041A 0000

It doesn't though! I guess gameshark only writes at certain times, and is not in time to overwrite these areas in RAM. [Someone confirm please]

Closing
Someone should do a binary diff between the debug rom's ovl_title and 1.0's - as of now, there is no obvious way to naturally activate this screen.

I also haven't found the reference to the N64 logo mesh in the code. We know where it is thanks to the mapped out file system, but would rather be able to find it without it. It definitely isn't far from the cluster of functions we found in ovl_title.

Cross-post: http://pb.ajf.me/index.php?topic=45.0
i am vexiant