Difference between revisions of "NAND Boot Program"

Revision as of 03:04, 6 August 2022

The NAND Boot Program is a DOL that is the boot content of every Broadway title (except the System Menu). It is linked with Revolution OS, though a separate copy from the game itself. It is responsible for loading the main content from index 1 of a title; newer versions are able to apply an LZ11 decompression.

Similar to the System Menu, the NAND Boot Program is governed by its own BS2 with far fewer states.

SDK libraries

These libraries were taken from the version in Mii Channel v6.

Name	Build timestamp
OS	Aug 8 2007 02:06:24 (0x4199_60831)
EXI	Aug 8 2007 01:59:22 (0x4199_60831)
SI	Aug 8 2007 02:07:10 (0x4199_60831)
VI	Aug 8 2007 02:07:17 (0x4199_60831)
DVD	Aug 8 2007 01:59:13 (0x4199_60831)
NAND	Aug 8 2007 02:08:58 (0x4199_60831)
SC	Aug 8 2007 02:09:03 (0x4199_60831)
PAD	Aug 8 2007 02:07:08 (0x4199_60831)

ESP

Error messages for ES_InitLib, ES_GetTitleId, ESP_OpenContentFile, ESP_ReadContentFile, ESP_CloseContentFile, and ESP_CloseLib can be found in BS2Tick. It is not clear what ESP is; the lists of function names in SEL files list all of these functions as ES functions, so it is possible that this was simply a typo, hence the inconsistency in ES_InitLib and ESP_CloseLib.

RVA

There is a logic used to determine whether the current device is "RVA" or not; this is done by checking if /title/00000001/00000002/data/RVA.txt exists. It is not known what RVA actually is.

Internet Channel patches

Versions 1.21 and above perform a "MEM1 patch" and a "MEM2 patch" on the Internet Channel. The details of this patch are currently not known.

Version history

v1.4

Replaced DEVELOPMENT MODE in the heading string with %s, possibly indicating that this was meant to be the first version released
Main binary is now uncompressed (using LZ11) before booting

v1.21

Replaced the version in the heading string with %s (with the version stored elsewhere)

v1.1

Found in many public channels. Differences from v1.0 are unknown.

v1.0

First release. Probably a beta version, since the only known appearance is in Forecast Channel dummy and News Channel dummy v0.

@@ Line 1: / Line 1: @@
-The '''NAND Boot Program''' is a [[DOL]] that is the boot content of every [[Broadway]] title (except the [[System Menu]]). It is linked with [[Revolution OS]], though a separate copy from the game itself.
+The '''NAND Boot Program''' is a [[DOL]] that is the boot content of every [[Broadway]] title (except the [[System Menu]]). It is linked with [[Revolution OS]], though a separate copy from the game itself. It is responsible for loading the main content from index 1 of a [[title]]; newer versions are able to apply an LZ11 decompression.
 Similar to the System Menu, the NAND Boot Program is governed by its own [[/BS2|BS2]] with far fewer states.
-A list of known functions can be found [https://docs.google.com/spreadsheets/d/1siu7GbmYs7-V6ktgdA6wdadeY6D_1S21UIzjnmCCRsA/edit#gid=0 here].
-== Known global variables ==
-This list contains both globals from Revolution OS and the NAND Boot Program, as it has not been determined which variables belong to which part of the DOL. r13 is the base pointer that all global variables (not constants) are stored relative to; it is initialized to 0x813735a0. They are stored at a negative offset, and the absolute value of the offset will be used for naming. For example, glob_7ec8 means -0x7ec8(r13).
-* glob_7944 holds the total number of [[IOS]] IPC messages enqueued
-* glob_7948 holds the number of pending IPC messages
-* glob_7988 holds the status of the [[NAND (SDK)|NAND]] library. 0 means the library has not been initialized, 1 means it is currently being initialized, 2 means it is fully initialized.
-* glob_798c holds the current state for the asynchronous function that adds entries to [[:/shared2/test2/nanderr.log]]. It starts at 1, immediately increments to 2, and counts up to 9.
-* glob_7990 holds a callback for the nanderr.log logging function that is called in the event of an error when writing nanderr.log itself.
-* glob_7c40 is the lower 32 bits of the IOS heap range
-* glob_7c50 is a counter that is incremented by <code>OSDisableScheduler</code>, and decremented by <code>OSEnableScheduler</code>. <code>__OSReschedule</code> only reschedules if this counter is negative or zero.
-* glob_7c54 and glob_7c58 are the ends of some linked list. This linked list has a function pointer, an unknown value, and then a next pointer, and finally a prev pointer.
-* glob_7c60 is the pointer to the syscall table
-* glob_7c90 is an allocation stack that grows downward as a result of calling <code>allocDownStack</code>; it is decreased every time memory is allocated using that function.
-* glob_7cb8 holds 0x80000000, probably as a base address to add offsets to.
-* glob_7cdc is a boolean that stores whether OSInit has been called.
-* glob_7ce8 holds whether the apploader/NAND Boot Program is for RVL or not. It is set to 1.
-* glob_7cec is a heap ID used by the NAND SDK library
-* glob_7d08 is the pointer to the bi2.bin buffer
-* glob_7d10 is the active title ID
-* glob_7d20 is the current BS2 state
-* glob_7d54 is the heap ID used by communication with IOS
-* glob_7d58 is the current number of [[IPC (SDK)|IPC]] acknowledgements expected.
-* glob_7d60-glob_7d59 form the string "[[:/dev/es]]". It is not known why it is stored in the r13 area instead of as a normal global.
-* glob_7d68 is the current ES handle
-* glob_7e90 is a lock acquired by the nanderr.log code before logging an entry.
-* glob_7ec8 seems to control whether [[error 001]] shows; 1 means error 001 should be shown by the NAND Boot Program, anything else means don't show the error. It can be set to 1 by the function that is LAB_8134a6e8 in the Mii Channel v6 SDK.
-* glob_7ee8 is 0 while the bi2.bin data is being processed by OSInit, 1 afterward
-* glob_7f68 is the upper 32 bits of the IOS heap range
-* glob_7f90 is an allocation stack that grows upward; memory is allocated using <code>allocUpStack</code>.
 == SDK libraries ==