303
edits
Changes
Jump to navigation
Jump to search
Document other patches
Line 34:
Line 34:
TODO+
+
+
+
+{{stub}}
==Patches==
==Patches==
−For MIOS v10, there are two places where patches happen: 813011e8 (used as a callback to DVD commands) and 81301598 (used after calls to the BS2 state machine).
+For MIOS v10, there are two places where patches happen: 813011e8 (used as a callback to DVD commands) and 81301598 (used before closing the apploader).
===After-read patches===
===After-read patches===
Line 56:
Line 56:
</pre>
</pre>
* 0x800 bytes (512 instructions) from 81301ff0 to 80001940: 3 functions: FUN_80001940 which does graphics-related things, and FUN_800019c0 and FUN_80001dc4 which appear to look for and replace certain instruction patterns. The latter two functions match other functions which are called by MIOS directly. FUN_80001940 appears to be a template for __GXSetVAT, as three instructions have their lower halves replaced (80001940 = 81200000 (lwz r9, 0x0), 80001944 = 39400000 (li r10, 0x0), and 800019b8 = 98090000 (stb r0, 0x0(r9))) before being copied over another location in memory.
* 0x800 bytes (512 instructions) from 81301ff0 to 80001940: 3 functions: FUN_80001940 which does graphics-related things, and FUN_800019c0 and FUN_80001dc4 which appear to look for and replace certain instruction patterns. The latter two functions match other functions which are called by MIOS directly. FUN_80001940 appears to be a template for __GXSetVAT, as three instructions have their lower halves replaced (80001940 = 81200000 (lwz r9, 0x0), 80001944 = 39400000 (li r10, 0x0), and 800019b8 = 98090000 (stb r0, 0x0(r9))) before being copied over another location in memory.
−* 0x100 bytes (64 instructions) from 81302d50 to 80002200: a single function that is just an immediate blr, followed by the code for several different patching functions used by MIOS (copied by accident?). This function is modified by other code, so the buffer being 64 instructions is reasonable.
+* 0x100 bytes (64 instructions) from 81302d50 to 80002200: a single function that is just an immediate blr, followed by the code for several different patching functions used by MIOS (copied by accident?). This address is written by several different patches, but doesn't seem to do anything here.
This is followed by calls to two functions that dynamically look for data to patch in the read data (there is also logging for how long the calls to these functions take).
This is followed by calls to two functions that dynamically look for data to patch in the read data (there is also logging for how long the calls to these functions take).
Line 160:
Line 160:
=== Other patches ===
=== Other patches ===
−These patches are applied right before the apploader is closed. All of them create FUN_80002200 with overly large copies; it's not clear how that code is called though.{{check}}
+==== Pokémon Colosseum (Japan) ====
+Applies to GC6J; "Patch to GC6J" is logged. NOPs 80005ca4 by writing 0x60000000 to it. Also copies 0x100 bytes (when only 16 would be needed) from 81302cd8 to 80002200, making FUN_80002200 a function that NOPs 80005ca4.
+==== Pokémon Colosseum (USA) ====
+Applies to GC6E; "Patch to GC6E" is logged. NOPs 80005614, 80005c20, 80005d2c, 80005d50, 80036598, 80036688, and 80036740. Also copies 0x100 bytes (when only 44 would be needed) from 81302ce8 to 80002200, making FUN_80002200 a function that NOPs those same addresses.
+==== Pokémon Colosseum (Europe) ====
+Applies to GC6P; "Patch to GC6E" (sic) is logged. NOPs 80005614, 80005d1c, 80005e24, 80005e48, 800387e4, 800388d4, and 8003898c. Also copies 0x100 bytes (when only 44 would be needed) from 81302d14 to 80002200, making FUN_80002200 a function that NOPs those same addresses.
+==== Phantasy Star Online Episode I & II Plus ====
+Applies to GPOJ version 5; "Patch to GCOJ ver.5" (sic) is logged. Copies 0x100 bytes (when only 16 would be needed) from 81302d40 to 80002200, making FUN_80002200 a function that NOPs 8000f2cc. The patch itself does not NOP 8000f2cc.
−{{Navbox IOS}}
{{Navbox IOS}}