Changes

Jump to navigation Jump to search
0x80003164
{| styleclass="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;wikitable"|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | '''! Start Address'''| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | '''! End Address'''! Physical Address! Size! Description| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | '''Size'''0x80000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" 0x817FFFFF| '''Description'''0x00000000| 24 MB|- style="background-color: #ddd;"MEM1 Memory (Cached)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x800000000xC0000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0xC17FFFFF| 0x817FFFFF0x00000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 24 MB| style="border: 1px solid #ccc; padding: 0.2em; backgroundMEM1 Memory (Uncached)|-color: #dde;" | 0x90000000| 0x93FFFFFF| 0x10000000| 64 MB| MEM1 MEM2 Memory (Cached)|-| 0xD0000000| 0xD3FFFFFF|- style="background-color: #ddd;"0x10000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 64 MB| 0xC0000000MEM2 Memory (Uncached)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0xCD000000| 0xC17FFFFF0xCD008000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x0D000000| 24 MB| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" [[Hardware/Hollywood_Registers| MEM1 Memory Hollywood Registers]] (Uncachedshared with Starlet)|}
|- style="background-color: #dddThe GameCube has one 24MB bank of 1T SRAM that is used for all code and data, spread across two external chips;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x90000000| style="border: 1px solid #ccc; padding: 0there is also a chip containing 16MB of ARAM, which could be used for storing data.2em; background-color: #dde;" | 0x93FFFFFF| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 64 MB| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | MEM2 Memory (Cached)
|The Wii moves all 24MB of 1T- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0SRAM (referred to as MEM1) inside the Hollywood package, and adds an additional 64MB of GDDR3 RAM (MEM2).2em; background During normal operation, IOS reserves the upper 12-color: #dde16MB of MEM2 for its own use;" | 0xD0000000| style="border: 1px solid #ccc; padding: 0the rest can freely be used for code or data by running PPC code.2em; background-color: #dde;" | 0xD3FFFFFF| style="border: 1px solid #ccc; padding: 0 MEM1 is slightly faster than MEM2.2em; background-color: #dde;" | 64 MB| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | MEM2 Memory (Uncached)
|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0xCD000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0xCD008000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Hardware Registers|} The IOS Heap range is usually 0x933E0000-0x93400000 it is , as shown in registers 0x80003130(Start), 0x800031300x80003134(End). Pointers in this area are often passed back and forth between IOS and code running on Broadway. The top of MEM2 memory is allocated to Starlet. You can IOS, and protected from access this memory by disabling memory protection via hardware some registers in [[Starlet]]. (See [[Starlet Register List]]. TODO).
'''Broadway / IOS Global Memory Locations'''
{| styleclass="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;wikitable"|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background! Address! Size! (Typical) Value! Description|-color: #ddd;" | '''Address'''0x80000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" 4| 0x52535045| Game Code 'RSPE''Size'''(Wii Sports)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 0x80000004| '''Value'''2| 0x3031 (01)| Maker code| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | '''Description'''0x80000006| 1| 0| Disc Number (multidisc games)|- style="background| 0x80000007| 1| ?| Disc Version|-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background0x80000008| 1| ?| Disc Streaming flag|-color: #dde;" | 0x80000009| 1| 0x80000000?| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 6Disc Streaming buffer size| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x525350453031| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x80000018| 4| 0x5D1C9EA3| Game Code 'RSPE01' Disc layout magic (Wii Sports)|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x8000001C| 4| 0x800000180xC2339F3D| Disc layout magic (GC)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80000020| 4| style="border: 1px solid #ccc; padding: 00x0D15EA5E| Nintendo Standard Boot Code.2em; background|-color: #dde;" | 0x80000024| 4| 0x5D1C9EA30x00000001| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Wii Game IDVersion (set by [[apploader]])|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x80000028| 4| 0x800000200x01800000| Memory Size (Physical) 24MB| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x8000002C| 4| style="border: 1px solid #ccc; padding: 0.2em; background0x00000023| Production Board Model|-color: #dde;" | 0x80000030| 4| 0x0D15EA5E0x00000000| Arena Low| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Nintendo Standard Boot Code.0x80000034|- style="background-color: #ddd;"4| 0x817FEC60| Arena High| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80000038| 0x800000244| 0x817FEC60| Start of FST (varies in all games)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x8000003C| 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x00001394| 0x00000001Maximum FST Size (varies in all games)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" -| Unknown0x80000044|- style="background-color: #ddd;"4| ?| Exception Mask Address| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80000060| 0x800000280x24| style="border[http: 1px solid #ccc; padding: 0//hitmen.c02.at/files/yagcd/yagcd/chap4.2em; background-color: html#dde;" | 4sec4.2.1.3 Debugger Hook]| style="border: 1px solid #ccc; padding: 0Hook is PPC assembler used by Debugger. If nothing is written to 0x60, SDK titles will write the 0x20 bytes of instructions automatically.2em; background|-color: #dde;" | 0x800000D8| 4| 0x01800000?| style="border: 1px solid #ccc; padding: 0Current OSContext instance.2em; background|-color: #dde;" | Memory Size (Physical) 24MB0x800000DC|- style="background-color: #ddd;"4| style="border: 1px solid #ccc; padding: 0?| OSThread pointer, previously created thread.2em; background|-color: #dde;" | 0x800000E0| 4| 0x8000002C?| style="border: 1px solid #ccc; padding: 0OSThread pointer, most recently created thread.2em; background|-color: #dde;" | 0x800000E4| 4| style="border: 1px solid #ccc; padding: 0?| Current thread pointer.2em; background|-color: #dde;" | 0x000000230x800000EC| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 4| Production Board Model0x81800000| Dev Debugger Monitor Address (If present)|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background0x800000F0| 4| 0x01800000| Simulated Memory Size|-color: #dde;" | 0x800000F4| 0x800000304| style="border: 1px solid #ccc; padding: 00x817FDF80| Pointer to data read from partition's bi2.2em; backgroundbin, set by apploader|-color: #dde;" | 0x800000F8| 4| style="border: 1px solid #ccc; padding: 0.2em; 0x0E7BE2C0| Console Bus Speed|-| 0x800000FC| 4| 0x2B73A840| Console CPU Speed|- style="background-color: #ddefdd;" | 0x000000000x80001800| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x1800| Arena Low| Unused Exception Vector area often used for loader stubs and reloaders as this area is never cleared or used.|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 00x80003040| 4| ?| __OSInterrupt table.2em; background|-color: #dde;" | 0x800030C8| 0x800000344| style="border: 1px solid #ccc; padding: 0?| Related to Nintendo's dynamic linking system (REL). Pointer to the first loaded REL file.2em; background|-color: #dde;" | 0x800030CC| 4| style="border: 1px solid #ccc; padding: 0?| Related to Nintendo's dynamic linking system (REL). Pointer to the last loaded REL file.2em; background|-color: #dde;" | 0x800030D0| 4| 0x817FEC600| style="border: 1px solid #ccc; padding: Pointer to a REL module name table, or 0.2em; background Added to the name offset in each REL file.|-color: #dde;" | 0x800030D8| Arena High8|- style="background-color: #ddd;"0x005498F053407000| style="border: 1px solid #ccc; padding: 0System time, measured as time since January 1st 2000 in units of 1/40500000th of a second.2em; background|-color: #dde;" | 0x800030E4| 2| 0x80000038?| __OSPADButton. Apploader puts button state of GCN port 4 at game start here for Gamecube NR disc support| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x800030E6| 2| 4?| DVD Device Code Address| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x800030E8| 4| ?| 0x817FEC60Debug Flags Address| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Start of FST (varies in all games)0x800030F0|- style="background-color: #ddd;"4| 0x00000000| DOL Execute Parameters| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003100| 0x8000003C4| ?| Physical MEM1 size| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003104| 4| style="border: 1px solid #ccc; padding: 0.2em; background?| Simulated MEM1 size|-color: #dde;" | 0x80003110| 4| 0x00001394?| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Maximum FST Size (varies in all gamesHeap pointer (end of usable memory by the game)|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background0x80003118| 4| ?| Physical MEM2 size|-color: #dde;" | 0x8000311C| 0x800000604| ?| Simulated MEM2 size| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003130| 0x248| 0x933E0000, 0x93400000| IOS Heap Range| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003138| Copyright code4| 0x00000011| Hollywood Version| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Hook is PPC assembler used by Debugger0x80003140|- style="background-color: #ddd;"4| 0x00090204| styleIOS version (090204 ="border: 1px solid #ccc; padding: 0IOS9, v2.2em; background4)|-color: #dde;" | 0x80003144| 0x800000EC4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 40x00062507| styleIOS Build Date (62507 = 06/25/07 ="border: 1px solid #ccc; padding: 0.2em; backgroundJune 25, 2007)|-color: #dde;" | 0x80003158| 0x818000004| 0x0000FF16| GDDR Vendor Code| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Dev Debugger Monitor Address (If present)0x8000315C|- style="background-color: #ddd;"4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x800000F00xdeadbeef| style="border: 1px solid #ccc; padding: 0During the boot process, 0x315c is first set to 0xdeadbeef by IOS in the boot_ppc syscall. The value is later partly overwritten by SDK titles.2em; background|-color: #dde;" | 0x8000315D| 41| 0?| "Enable legacy DI" mode (0x80 = yes)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x8000315E| 2| 0x018000000x0113| style="border: 1px solid #ccc; padding: 0Devkit boot program version", written to by the system menu. The value carries over to disc games. 0x0113 appears to mean v1.13, which is the latest version of the boot program (found in System Menu 4.3).2em; background|-color: #dde;" | 0x80003160| 4| Simulated Memory Size0x00000000|Init semaphore (1- style="background-color: #ddd;"2 main() waits for this to clear)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003164| 4| 0x800000F40x00000000| style="border: 1px solid #ccc; paddingGC (MIOS) mode flag, set to 1 by [[boot2]] when [[MIOS]] triggers a shutdown; the System Menu reads this and turns off the console if it is set to 1 and [[: 0/title/00000001/00000002/data/state.dat|state.2em; background-color: #dde;dat]] is set appropriately, with the message "Shutdown system from GC!" .| 4-| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x80003180| 4| 0x000000000x52535045| style="border: 1px solid #ccc; padding: 0Game ID 'RSPE' Wii Sports ID. If these 4 bytes don't match the ID at 80000000, WC24 mode in games is disabled.2em; background|-color: #dde;" | 0x80003184| BI21|- style="background-color: #ddd;"0x80| style="border: 1px solid #ccc; padding: 0Application type. 0x80 for disc games, 0x81 for channels.2em; background-color: #dde;" | 0x800000F8| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 40x80003186| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 1| 0x0E7BE2C00x00| style="border: 1px solid #ccc; padding: 0Application type 2. Appears to be set to the when a game loads a channel (e.g. Mario Kart Wii loading the region select menu will result in this being 0x80 from the disc and the main application type being 0x81, or the Wii Fit channel transitioning to the Wii Fit disc will result in this being 0x81 and the main type being 0x80).2em; background-color: #dde;" | Console Bus Speed|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x80003188| 0x800000FC4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x00351011| 4Minimum IOS version (2 bytes for the major version, 2 bytes for the title version)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x8000318C| 4| 0x2B73A8400x00000000| Title Booted from NAND (Launch Code)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003190| Console CPU Speed4| 0x00000000| Title Booted from NAND (Return Code)|- style="background-color: #dee;"| style="border: 1px solid #ccc; padding: 0x80003194| 4| 0x00000000| While reading a disc, the system menu reads the first partition table (0x20 bytes from 0x00040020) and stores a pointer to the data partition entry. When launching the disc game, it copies the partition type to 0x3194. The partition type for data partitions is 0, so typically this location always has 0.2em; background|-color: #fdd;" | 0x80003198| 0x800018004| style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | 0x1800data partition offset| style="border: 1px solid #ccc; padding: 0While reading a disc, the system menu reads the first partition table (0x20 bytes from 0x00040020) and stores a pointer to the data partition entry. When launching the disc game, it copies the partition offset to 0x3198.2em; background|-color: #fdd;" | 0x8000319C| 1| style="border: 1px solid #ccc0x80| Set by the apploader to 0x80 for single-layer discs and 0x81 for dual-layer discs (determined by whether 0x7ed40000 is the value at offset 0x30 in the partition's bi2.bin; padding: it seems that that value is 0for single-layer discs).2em; background-color Early titles' apploaders do not set it at all, leaving the value as 0. This controls the [[: /dev/di#fdd;" 0x8D_DVDLowUnencryptedRead| Unused Exception Vector area often used out-of-bounds Error #001 read]] for titles that do make such a read: they try to read at 0x7ed40000 for loader stubs dual-layer discs and reloaders as this area is never cleared or used0x460a0000 for single-layer discs.|- style="background-color: #dddfdd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" 0x80003400| 0x800030F00x100| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x00000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | DOL Execute Parameters|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003130| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 8| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x933E0000, 0x93400000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | IOS Heap Range|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003138| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x00000011| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Hollywood Version|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003140| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 8| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x00090204,0x00062507| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | IOS version|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003158| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x0000FF16| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | GDDR Vendor Code|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003180| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x52535045| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Game ID 'RSPE' Wii Sports ID. If these 4 bytes don't match the ID at 80000000, offline mode in games is disabled.|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003184| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Unknown Flag (Set by Apploader)|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x8000318C| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x00000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Title Booted from NAND (Launch Code)|- style="background-color: #ddd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x80003190| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 4| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | 0x00000000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #dde;" | Title Booted from NAND (Return Code)|- style="background-color: #dee;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | 0x80003400| style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | 0x100| style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | NAND boot vector (Broadway initialization code from nandloader, entry point for NAND applications)
|- style="background-color: #eed;"
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #eed;" | 0x80003F00| style="border: 1px solid #ccc; padding: 0.2em; background-color: #eed;" | 0x132c100 (~19.2MB)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #eed;" | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #eed;" | Standard application executable area|- style="background-color: #deefdd;"| style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | 0x81330000| style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | 0x4d0000 (~4.8MB)| style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #fdd;" | Loader executable area
|}
Applications By convention, applications should use the 0x80003F00 - 0x81330000 area for executable code and data loaded as part of their ELF/DOL, while loaders should use from 0x81330000 onwards. Applications can use the loader area and MEM2 as data work space once they are running, but they should restrict the sections contained in the DOL or ELF to the executable area only, since MEM2 is reserved as work area for the loader at that time. To preserve "return to loader" functionality, applications should never use the 0x80001800-0x80003000 area. [[Category:Official hardware]]
282

edits

Navigation menu