Super Monkey Ball Decompilation Help!

All your homebrew software needs & discussion
Post Reply
Yoshimaster96
Posts: 17
Joined: Fri Jan 09, 2015 3:09 pm

Super Monkey Ball Decompilation Help!

Post by Yoshimaster96 » Sun Jul 24, 2016 8:46 pm

My end goal is to decompile Super Monkey Ball, but I'm stuck on the boot code. Can anyone lend a hand?

Code: Select all

80003100:	48 00 00 f1 	bl      0x800031f0
80003104:	48 00 01 c9 	bl      0x800032cc
80003108:	38 00 ff ff 	li      r0,-1
8000310c:	94 21 ff f8 	stwu    r1,-8(r1)
80003110:	90 01 00 04 	stw     r0,4(r1)
80003114:	90 01 00 00 	stw     r0,0(r1)
80003118:	48 00 00 f5 	bl      0x8000320c
8000311c:	38 00 00 00 	li      r0,0
80003120:	3c c0 80 00 	lis     r6,-32768
80003124:	38 c6 00 44 	addi    r6,r6,68
80003128:	90 06 00 00 	stw     r0,0(r6)
8000312c:	3c c0 80 00 	lis     r6,-32768
80003130:	38 c6 00 f4 	addi    r6,r6,244
80003134:	80 c6 00 00 	lwz     r6,0(r6)
80003138:	28 06 00 00 	cmplwi  r6,0
8000313c:	41 82 00 30 	beq     0x8000316c
80003140:	80 e6 00 0c 	lwz     r7,12(r6)
80003144:	38 a0 00 00 	li      r5,0
80003148:	28 07 00 02 	cmplwi  r7,2
8000314c:	41 82 00 10 	beq     0x8000315c
80003150:	28 07 00 03 	cmplwi  r7,3
80003154:	40 82 00 18 	bne     0x8000316c
80003158:	38 a0 00 01 	li      r5,1
8000315c:	3c c0 80 11 	lis     r6,-32751
80003160:	38 c6 d7 a8 	addi    r6,r6,-10328
80003164:	7c c8 03 a6 	mtlr    r6
80003168:	4e 80 00 21 	blrl
8000316c:	3c c0 80 00 	lis     r6,-32768
80003170:	38 c6 00 f4 	addi    r6,r6,244
80003174:	80 a6 00 00 	lwz     r5,0(r6)
80003178:	28 05 00 00 	cmplwi  r5,0
8000317c:	41 a2 00 50 	beq     0x800031cc
80003180:	80 c5 00 08 	lwz     r6,8(r5)
80003184:	28 06 00 00 	cmplwi  r6,0
80003188:	41 a2 00 44 	beq     0x800031cc
8000318c:	7c c5 32 14 	add     r6,r5,r6
80003190:	81 c6 00 00 	lwz     r14,0(r6)
80003194:	28 0e 00 00 	cmplwi  r14,0
80003198:	41 82 00 34 	beq     0x800031cc
8000319c:	39 e6 00 04 	addi    r15,r6,4
800031a0:	7d c9 03 a6 	mtctr   r14
800031a4:	38 c6 00 04 	addi    r6,r6,4
800031a8:	80 e6 00 00 	lwz     r7,0(r6)
800031ac:	7c e7 2a 14 	add     r7,r7,r5
800031b0:	90 e6 00 00 	stw     r7,0(r6)
800031b4:	42 00 ff f0 	bdnz    0x800031a4
800031b8:	3c a0 80 00 	lis     r5,-32768
800031bc:	38 a5 00 34 	addi    r5,r5,52
800031c0:	55 e7 00 34 	rlwinm  r7,r15,0,0,26
800031c4:	90 e5 00 00 	stw     r7,0(r5)
800031c8:	48 00 00 0c 	b       0x800031d4
800031cc:	39 c0 00 00 	li      r14,0
800031d0:	39 e0 00 00 	li      r15,0
800031d4:	48 0c 6e b1 	bl      0x800ca084
800031d8:	48 0b e5 fd 	bl      0x800c17d4
800031dc:	48 0c 6e 15 	bl      0x800c9ff0
800031e0:	7d c3 73 78 	mr      r3,r14
800031e4:	7d e4 7b 78 	mr      r4,r15
800031e8:	48 00 33 b9 	bl      0x800065a0
800031ec:	48 10 0a 5c 	b       0x80103c48

...

800031f0:	3c 20 80 30 	lis     r1,-32720
800031f4:	60 21 6c 80 	ori     r1,r1,27776
800031f8:	3c 40 80 2f 	lis     r2,-32721
800031fc:	60 42 a8 00 	ori     r2,r2,43008
80003200:	3d a0 80 2f 	lis     r13,-32721
80003204:	61 ad 81 e0 	ori     r13,r13,33248
80003208:	4e 80 00 20 	blr

...
IDK why the first subroutine simply sets register values and returns.
tueidj
Posts: 564
Joined: Fri May 03, 2013 6:57 am

Re: Super Monkey Ball Decompilation Help!

Post by tueidj » Mon Jul 25, 2016 3:16 am

R1 is the stack pointer, R2 points to const small data and R13 points to variable small data.
Yoshimaster96
Posts: 17
Joined: Fri Jan 09, 2015 3:09 pm

Re: Super Monkey Ball Decompilation Help!

Post by Yoshimaster96 » Mon Jul 25, 2016 2:19 pm

tueidj wrote:R1 is the stack pointer, R2 points to const small data and R13 points to variable small data.
I guess I'm just wondering why it's a subroutine at all, instead of just instructions in the main function.
Saxorus
Posts: 8
Joined: Sun Dec 27, 2015 8:13 pm

Re: Super Monkey Ball Decompilation Help!

Post by Saxorus » Tue Jul 26, 2016 12:27 am

Super Monkey Ball! This is one of my absolute favorite games for the cube, and the engine has always intrigued me. Just be warned, reverse engineering something like this is a massive undertaking. I'm currently working on the Pokemon Ruby decompilation, https://github.com/pret/pokeruby, and even something as small as a GBA game is hundreds of thousands of lines of asm code when disassembled.

The Gamecube boot process is more complex than just jumping to to the main() function. Basically, there's this program which we call Apploader at the beginning of the disc (offset 0x2440 of the disc), which returns three functions, which the firmware calls to load the game's main executable (usually called boot.dol, but can be anything). You can find more info here. http://hitmen.c02.at/files/yagcd/yagcd/ ... ml#sec18.2 That site has an incredible amout of information.

I have very little knowledge of PowerPC, but that looks like some crt0 startup code that initializes the special registers like stack pointer, global pointer, etc. This kind of stuff is always hand-written in assembly. As to why they made it a separate function, I guess they were trying to be modular and not put everything into one function. If you look at devkitPro's startup code, it has a similar procedure. https://github.com/devkitPro/libogc/blo ... rt0.S#L104
Saxorus
Posts: 8
Joined: Sun Dec 27, 2015 8:13 pm

Re: Super Monkey Ball Decompilation Help!

Post by Saxorus » Sun Jul 31, 2016 3:23 am

How is this going for you?
Post Reply