Fast3D Microcodes
#1
I've been busy the past couple of days going through some N64 roms and extracting the Fast3D microcode from them, and now I'm here to share them with you all. I'm also sharing a couple basic tools that I wrote to dump some of the microcodes, and disassemble the .bin files into readable assembly code.

Download
.zip   N64 graphics microcode dumps (Nov 17th 2018).zip (Size: 183.25 KB / Downloads: 37)

List of games and their microcodes that I have so far


How do I use these .bin files with an OSTask structure?

It is straight forward. The .code.bin file is the microcode that gets pointed to by t.ucode, while the .data.bin file is the data that gets pointed to by t.ucode_data. I've also included the boot microcode from every game in their respective folders in the microcode dump. I'm not sure if they are actually needed or not, but if you do need them they are pointed to by t.ucode_boot.



Dumping Fast3D microcodes from N64 games

The way that I got most of these microcodes is by using shygoo's Javascript API in the latest version Project64 (You will have to compile Project64 from the github repo). It is not perfect, but it should be able to get you at-least some Fast3D microcodes from most of the N64 games. Some of microcodes are harder to get than others. For example: I had to dump all 11 of Conker's Fast3D microcodes manually, since only 2 of them are loaded into RAM.

.zip   DumpMicrocode.js.zip (Size: 4.75 KB / Downloads: 18)

This script will look for microcode signatures or RSP overlay tables in RAM to find the location of the data section of all the Fast3D microcodes in the ROM. Once I find the data section, I can then look for an OSTask structure. The OSTask structure will tell me where the main code lies within memory. Once you find the location of one fast3d microcode, then you can easily find the rest. This is because, for most N64 games, the Fast3D microcodes are contiguous in memory. For example: if you find the first microcode at address 0x80010000 and the size of the microcode is 0x1408 bytes, then you can expect the next Fast3D microcode to be at the address 0x80011410 (Both the microcode and data have to be 16-byte aligned for some reason).

To calculate the size of the microcode, you will need to find the overlay table entries in the .data section of the Fast3D microcode. For the Fast3D / F3DEX microcodes, the overlay table is simply at the beginning of the data section and are all contiguous (Usually has 5 entries). F3DEX2 works differently, and has the overlay entries near the bottom of the data section. They can be in different places depending on the exact microcode. Do note that the entries are 4-byte aligned.

[Image: MQXRzd0.png]

[Image: I6KYIC9.png]

The overlay table is used to dynamically overwrite code in IMEM, which means that most of the fast3d microcodes are actually bigger than 4KB. Each entry in the overlay table is 8 bytes long. The first 4 bytes tell you the source offset from the start of the microcode section in RDRAM. The following 2 bytes tell you the size of the section (minus 1). The last two bytes tells you the destination offset in IMEM where the code will be copied to.

To get the size of the microcode from the overlay entries you just simply calculate RDRAM_Offset + Size + 1 for each entry, and the largest value out of all the entries will be your total microcode size. For example, the total size for the SM64 microcode is: 0x000013A0 + 0x0067 + 1 = 0x1408.



Disassembling the microcode into RSP assembly

I'm sure there are plenty of free and open source MIPS R4300 disassemblers out there, but I wanted to write my own to get a better understanding of the vector registers and opcodes. 

You will need to look at the overlay table entries in the .data section to be able to correctly view the RSP assembly, otherwise the branch opcodes will not be correct. You need to set "RAM address" as the IMEM destination offset (prefixed with 0400), and set "Length" as the size + 1. Once the code has been disassembled, you can just simply select all the text with Ctrl-A and then copy-paste the assembly code into your favorite text editor.

Download: https://github.com/DavidSM64/David-s-N64...r/releases
Source: https://github.com/DavidSM64/David-s-N64...sassembler

[Image: 34F108t.png]
aglab2, brushtool, and Trenavix liked this post
Reply




Users browsing this thread: 1 Guest(s)