If you appreciate the work done within the wiki, please consider supporting The Cutting Room Floor on Patreon. Thanks for all your support!

Notes:Kororinpa: Marble Mania

From The Cutting Room Floor
Jump to navigation Jump to search

This page contains notes for the game Kororinpa: Marble Mania.

Gecko code explanation

This code patches bootDll.rel to load something other than titleDLL. The relevant address can be found by looking in bootDll.rel for the value 0x16; it's the first one (for instance it shows up at 80000570). The game logs the following on startup (enable OSREPORT EXI in Dolphin's log config): 

objdll>LinkOK 80400f00 80498440
objdll> dll/bootdll.rel prolog start

Add 0x100 to 0x80400f00 (giving 80401000), and then add 0x570, to finally get an address of 80401570. 

20401570 38600016   Check if 80401570 is 38600016 (li r3,0x16)
00401573 00000010   If so patch the last byte to instead load 0x10
e2000001 00000000   End if statement so the next code works

The alternative patches main.dol to load something other than bootdll. To do this, look for the string "dll/GameDLL.rel", find the pointer to it, and then find the code in the main function that uses that pointer; there should be a function call with 8 as a parameter. The instruction that loads the 8 is to be replaced. 

20006bec 38c00008   Check if 80006bec is 38c00008 (li r6,0x8) - less important since main.dol loads in a fixed location
00006bef 00000010   If so patch the last byte to instead load 0x10
e2000001 00000000   End if statement so the next code works

The code to modify selmenuDll has two parts. One is a call to VIWaitForRetrace during the middle of REL loading so that the gecko code handler has time to run and things behave consistently. The other is a patch to the data to use the list of filenames instead of the list. The table of names is located at 800008b4 initially (a pointer to the string GAME), though it ends up at 80401918; we replace it with pointers to the main list of files (with an offset of 4 added to each one to remove the dll/ prefix for readability). The original table is too small, so it needs to be located; 80402100 is free space for this. 

0403b8b0 60000000   NOP out comparison
0403b8b4 60000000   NOP argument preparation
0403b8b8 60000000   NOP argument preparation
0403b8bc 4805dd71   Replace call to OSReport with call to VIWaitForRetrace

2040120c 38841918   Check if 8040120c is 38841918 (addi r4,r4,0x1918); note that REL files are patched as they are relocated so the original addi r4,r4,0x8b4 is changed before we mess with it.
0240120e 00002100   Patch 8040120c to addi r4,r4,0x2100
02401282 00002100   Patch 80401280 to addi r4,r4,0x2100
02401332 00002100   Patch 80401330 to addi r24,r24,0x2100
024014c2 00002100   Patch 804014c0 to addi r3,r3,0x2100
024015ae 00002100   Patch 804015ac to addi r5,r5,0x2100

06402100 000000c8   Start of a 0xc8-byte write to 80402100
80215f34 00000000   First string is at 80215f34, and loads index 0000
80215f44 00010000   Next string is at 80215f44, and loads index 0001
80215f5c 00020000   Next string is at 80215f5c, and loads index 0002
80215f74 00030000   Etc.
80215f8c 00040000
80215fa4 00050000
80215fb8 00060000
80215fcc 00070000
80215fe4 00080000
80215ff4 00090000
80216008 000a0000
8021601c 000b0000
80216034 000c0000
80216048 000d0000
8021605c 000e0000
80216070 000f0000
80216084 00100000
80216098 00110000
802160ac 00120000
802160c0 00130000
802160d4 00140000
802160e8 00150000
802160fc 00160000
80216110 00170000
80401910 ffff0000   The ffff terminates the list.  80401910 points to an empty string; I chose the value that was already used for this but it could be anything really
e2000001 00000000   Endif.
(Source: Original TCRF research)
Retrieved from "https://tcrf.net/index.php?title=Notes:Kororinpa:_Marble_Mania&oldid=1037829"