                                 Super Mario 64
                             general notes/memory map

Note: some information is from mario_resource_by_nagra.zip
********************************************************************************
for most code: (low text)
ram - rom = 0x80245000
ram = 0x80245000 + rom
rom = ram - 0x80245000
devl/dumpmips/dumpmips Drop/N64\ Roms\ -\ Super\ Mario\ 64/Super\ Mario\ 64\ \(English\).swab.v64 0 0x1000000 0x80245000 | less
span in rom appears to be at least from 0x0011dc to 0x0e6330 (nagra says 0x001000 to 0x100fff (0x80246000 to 0x80340fff))

for loading code: (high text)
ram - rom = 0x80283280
ram = 0x80283280 + rom
rom = ram - 0x80283280
devl/dumpmips/dumpmips Drop/N64\ Roms\ -\ Super\ Mario\ 64/Super\ Mario\ 64\ \(English\).swab.v64 0 0x1000000 0x80283280 | less
span in rom appears to be at least from 0x0f7728 to 0x0ff350 (nagra says 0x0f5580 to 0x108a10 (0x80378800 to 0x8038bc90))

0x80283280 - 0x80245000 = 0x3E280


RAM addresses
0x80000200    32 bit

0x8005c000    char[0x165000]             memory pool
0x801c1000    ???data                    loaded from MIO0 file

0x80202000    char[0xe00]                  stack for thread id#3 ??
0x80202e00    char[0x2000]                 stack for thread id#4
0x80204e00    char[0x2000]                 stack for thread id#5
0x80207900    char[0x400]                  RSP matrix stack
0x80207d00    ???                         a GBI construction buffer

0x80227000    char[0x1f000]                RSP => RDP fifo buffer

0x802461dc    function                      called from thread id#3 loop (msg type default)
0x802461ec    function
0x802461fc    function                      called from thread id#3
0x802462e0    function                      called from thread id#3
0x80246338    function                     osCreateThread wrapper
0x8024639c    function                      called from thread id#3 loop (msg type 104)
0x802463ec    function
0x8024651c    function                     calls osSpTaskLoad and osSpTaskStartGo
0x8024659c    function
0x802465ec    function                      called from thread id#3 loop (msg type 103) (elsewhere??)
0x80246648    function
0x8024669c    function                      called from thread id#3 loop (msg type 102)
0x802467fc    function                      called from thread id#3 loop (msg type 100)
0x8024694c    function                      called from thread id#3 loop (msg type 101) DP full sync
0x802469b8    function                     entry for thread id#3  (starts threads id#4 and id#5) has inf loop
0x80246c10    function
0x80246cf0    function                     entry for thread id#1  (this function starts thread id#3)
0x80246e70    function                    inits a bunch of RDP stuff
0x802471a4    function                   
0x80247284    function                   
0x802473c8    function                   
0x802474b8    function 
0x80247b3c    function                      init an OSTask pointed to by 0x8033b068
0x80247ccc    function                   calls five functions:  0x80277ff0() 0x80246e70()  0x802471a4() 0x80247284() 0x802473c8()
0x80247d14    function                   graphics related -- writes final GBI cmds and calls 0x80247b3c()
0x80247f08    function                     inits *(0x8033b074), sets RSP segment 1 and some other stuff
0x80247fdc    function                     also inits *(0x8033b074) and sets RSP segment 1
0x80248090    function                     calls osViSwapBuffer and seems to increment frame counters
0x80248af0    function                     entry for thread id#5  inf loop  prints "BUF" debug output
0x80248c40    function                     sets 0x8032d600 to zero
0x80249500    function                     entry for thread id#4

0x80253720    function                     displays ang/spd/sta debug info

0x802771bc    function                   Mario blink related
0x80277ee0    function                   uint32_t set_segment_base(int segment, void *base)
0x80277f20    function                   void * get_segment_base(int segment)
0x80277f50    function                   void * segmented_to_virtual(uint32_t segaddr)
0x80277ff0    function                   generates GBI commands to load segment table to RSP
0x80278504    function
0x802787d8    function                   void * 0x802787d8(int seg, uint32 start, uint32 end) loads a MIO0 file into heap
0x802788b4    function                   void * 0x802788b4(int seg, uint32 start, uint32 end) loads a MIO0 file directly to 0x801c1000
0x80278974    function                      called from thread id#3
0x80278ab8    function                   void * simple_allocate(struct allocation_stack *as, int size_request) 
0x80278f2c    function                   a memory allocation function ?
0x8027a9c8    function                   struct struct_warplink * find_warplink(unsigned char id)
0x8027b3b4    function                   ??? no params
0x8027b6c0    function                   writes a bunch of commands to the root GBI buffer   mostly matrix and subDL calls
0x8027ba00    function                   inits to zero what appears to be a set of render mode buckets and calls 0x8027dea8() and 0x8027b6c0()
0x8027dea8    function                   process(dispatch) in memory geometry layout commands
0x8027e3e0    function                   graphics timing or profiling related -- called with various small integers in different parts of the thread #5 loop
0x8027e520    function
0x8027e5cc    function
0x8027f4e0    function                   uncompress(void *src, void *dst) MIO0 decompression function

0x8029db48    function                   yoshi blink related   called from layout

0x802c9f04    function                   init_object_behavior

0x802d62d8    function                     printf like function used for OSD by debug function 0x80253720

0x803223b0    function                    osSetTime
0x803225a0    function                    osCreateMesgQueue
0x803225d0    function                    osSetEventMsg
0x80322640    function                    osViSetEventMsg
0x803226b0    function                   osCreateThread
0x80322800    function                   osRecvMesg
0x80322940    function                   _VirtualToPhysicalTask
0x80322a5c    function                   osSpTaskLoad
0x80322bbc    function                   osSpTaskStartGo
0x80322c20    function                   osSendMesg
0x80322df0    function                   osStartThread
0x80322f70    function                    osCreateViManager
0x803232d0    function                    osViSetMode
0x80323340    function                    osViBlack
0x803233b0    function                    osViSetSpecialFeatures
0x80323570    function                    osCreatePiManager
0x803236f0    function                    osSetThreadPri
0x803237d0    function                   osInitialize
0x80323a00    function                   osViSwapBuffer
0x80323a50    function                   sqrtf
0x80323a60    function                    osContStartReadData
0x80323bcc    function                    osContInit
0x803243b0    function                    osInvalDCache
0x80324460    function                   osPiStartDma
0x80324570    function                   blkclr
0x80324910    function                   bcopy
0x80325070    function                   osGetTime
0x80325d20    function                   osWritebackDCache
0x80325db0    function                   osAiSetNextBuffer
0x803274d0    function                   __osDisableInt
0x803274f0    function                   __osRestoreInt
0x80327c80    function                   __osEnqueueAndYield
0x80327d10    function                   __osEnqueueThread
0x80327d58    function                   __osPopThread
0x80327d68    function                   __osDispatchThread
0x80327eb0    function                   osVirtualToPhysical
0x80327f30    function                   __osSpSetStatus
0x80327f40    function                   __osSpSetPc
0x80327f80    function                   __osSpRawStartDma
0x80328010    function                   __osSpDeviceBusy
0x80328590    function                    __osDevMgrMain     a thread entry point (ref 0x803236a4)
0x803288f0    function                   __osSiGetAccess
0x80328960    function                   __osSiRawStartDma
0x8032b260                               rspbootTextStart
0x8032b330                               gspFast3D???TextStart
0x8032d560    ?*
0x8032d564    ?*
0x8032d568    OSTask*                      pointer to an OSTask (set by 0x8024651c() to equal *(0x8032d56c) or *(0x8032d570))
0x8032d56c    OSTask*                      pointer to an OSTask
0x8032d570    OSTask*                      pointer to an OSTask
0x8032d598    byte                         debug flag
0x8032d5dc    unsigned short
0x8032d93c    32 bit ptr                 points to a structure that may point to Mario's info at offset 0x68
0x8032ddc4    32 bit ptr to array        points to an array of pointers to loaded geometry layouts
0x8032ddc8    32 bit ptr area_struct[]
0x8032ddcc    32 bit ptr area_struct     seem to point to the current area
0x8032ddf8    short                       current level number
0x8032de70    u32 [2][8]                 seems to be a table of cycle 1 render modes
0x8032deb0    u32 [2][8]                 seems to be a table of cycle 2 render modes
0x8032def4    struct dlist_node *        pointer to current render bucket node
0x8032fec0    char [11]                  indices to use with the array pointed to by *(0x803610e8) contents are {11,9,10,0,5,4,2,6,8,12,-1} with the -1 being an end delimiter

0x803359a8                               __osRunQueue
0x803359b0                               __osRunningThread
0x80335b80
0x80336f9c                               jump table for switch statement in 0x8027dea8() cmd 0x0103 - 0x012e
0x8033704c                               jump table for switch statement in 0x8027dea8() cmd 0x0002 - 0x0029
0x80337e00    float
0x80337e04    float
0x80337e08    float
0x80337e0c    float
0x80339ac0                               gspFast3D???DataStart
0x8033a730    OSThread                     thread id#1 structure
0x8033a8e0    OSThread                     thread id#3 structure
0x8033aa90    OSThread                     thread id#5 structure
0x8033ac40    OSThread                     thread id#4 structure
0x8033ae08    OSMesgQueue
0x8033af48    OSMesgQueue                  used for PI DMA
0x8033af5c    void *                       used to hold the recived PI DMA message
0x8033b026    OSMesgQueue                 video related
0x8033b068    OSTask*
0x8033b06c    u64 *                        GBI end pointer??
0x8033b074    u64 *                        pointer to RSP input GBI commands???              
0x8033b400    32 bit phys ptr array      segment table
0x8033bae0    short                       CPU matrix stack index
0x8033bae8    Mtx                         CPU matrix stack
0x8033c2e8    32 bit array                array (stack?) of matrix related pointers
0x8033c3e8    32 bit array                stack of matrix related pointers

0x803610e8    ?*                          important object behavior related pointer seems to point to an array of 0x68 byte structs with head pointers to lists of object state structures 
0x80361170    int                        index of the next element of the array pointed to by 0x8038ee9c to use
0x80364c20    OSTask(physical)             temp physical OSTask used by _VirtualToPhysicalTask

0x8037893c    function                   short * copy_short_triple(short *d, short *s)  copy 3 16bit values from array s to d
0x8037897c    function                   short * set_short_triple(short *d, short x, short y, short z)
0x8037a9a8    function                   probably atan2()
0x8037cbc0    function                   short * copy_short_triple2(short *d, short *s)  copy 3 16bit values from array s to d and return ptr after src
0x8037cd60    function                   GeoLayout command 0x00
0x8037ce24    function                   GeoLayout command 0x01
0x8037cee8    function                   GeoLayout command 0x02
0x8037cf70    function                   GeoLayout command 0x03
0x8037cfc0    function                   GeoLayout command 0x04
0x8037d010    function                   (stub)
0x8037d018    function                   GeoLayout command 0x05
0x8037d048    function                   (stub)
0x8037d050    function                   GeoLayout command 0x06
0x8037d0d0    function                   GeoLayout command 0x07
0x8037d1d0    function                   GeoLayout command 0x08
0x8037d328    function                   GeoLayout command 0x09
0x8037d3a4    function                   GeoLayout command 0x0a
0x8037d48c    function                   GeoLayout command 0x0b
0x8037d4dc    function                   GeoLayout command 0x1f
0x8037d4f8    function                   (stub)
0x8037d500    function                   GeoLayout command 0x0c
0x8037d55c    function                   GeoLayout command 0x0d
0x8037d5d4    function                   GeoLayout command 0x0e
0x8037d640    function                   GeoLayout command 0x0f
0x8037d6f0    function                   GeoLayout command 0x10
0x8037d8d4    function                   GeoLayout command 0x11
0x8037d998    function                   GeoLayout command 0x12
0x8037da5c    function                   GeoLayout command 0x1d
0x8037db50    function                   GeoLayout command 0x1e
0x8037db6c    function                   (stub)
0x8037db74    function                   GeoLayout command 0x13
0x8037dc10    function                   GeoLayout command 0x14
0x8037dcd4    function                   GeoLayout command 0x15
0x8037dd4c    function                   GeoLayout command 0x16
0x8037dddc    function                   GeoLayout command 0x17
0x8037de34    function                   GeoLayout command 0x18
0x8037de94    function                   GeoLayout command 0x19
0x8037def8    function                   GeoLayout command 0x1a
0x8037df14    function                   (stub)
0x8037df1c    function                   GeoLayout command 0x1b
0x8037dfd4    function                   GeoLayout command 0x1c
0x8037e058    function                   GeoLayout command 0x20
0x8037e0b4    function                   
0x8037e2c4    function                   level command 0x00
0x8037e388    function                   level command 0x01
0x8037e404    function                   level command 0x02
0x8037e47c    function                   level command 0x03
0x8037e4fc    function                   level command 0x04
0x8037e580    function                   level command 0x05
0x8037e5b8    function                   level command 0x06
0x8037e620    function                   level command 0x07
0x8037e648    function                   (stub)
0x8037e650    function                   level command 0x08
0x8037e6cc    function                   (stub)
0x8037e6d4    function                   level command 0x09
0x8037e780    function                   level command 0x0a
0x9037e7f0    function                   (stub)
0x8037e7f8    function                   level command 0x0b
0x8037e878    function                   level command 0x0c
0x8037e8e8    function                   level command 0x0d
0x8037e988    function                   level command 0x0e
0x8037ea18    function                   level command 0x0f
0x8037ea70    function                   level command 0x10
0x8037ea98    function                   level command 0x11
0x8037eb04    function                   level command 0x12
0x8037eb98    function                   level command 0x13
0x8037ebd4    function                   level command 0x14
0x8037ec14    function                   level command 0x15
0x8037ec54    function                   level command 0x16
0x8037eca4    function                   level command 0x17
0x8037ecf8    function                   level command 0x18
0x8037ed48    function                   level command 0x19
0x8037edf8    function                   level command 0x1a
0x8037ee48    function                   level command 0x1b
0x8037eea8    function                   level command 0x1c
0x8037ef00    function                   level command 0x1d
0x8037ef70    function                   level command 0x1e
0x8037f010    function                   level command 0x1f
0x8037f130    function                   level command 0x20 -- clear current area
0x8037f164    function                   level command 0x21
0x8037f214    function                   level command 0x22
0x8037f2a4    function                   level command 0x23
0x8037f36c    function                   level command 0x25
0x8037f45c    function                   level command 0x24
0x8037f790    function                   level command 0x28
0x8037f67c    function                   level command 0x26
0x8037f994    function                   level command 0x27

0x803805c8    function                   level command loading loop and ???
0x80382590    function                   initalizes an arrry of 256 0x18(24)-byte structs by setting 3 fields to zero seems to be called with 0x8038be98 as sole param
0x803825d0    function                   just calls 0x80382590(0x8038be98)
0x80382f84    function                   returns 1 for solidity triangle commands that require an extra 2 bytes; 0 otherwise
0x80383068    function                   processes triangle solidity commands
0x803833b8    function                   toplevel solidity command processing
0x80384678    function                   behavior function dispatcher
0x8038b8ac    16 bits signed             current area for level loading
0x8038b8b0    32 bits ???                stack pointer for calling other level lists(was:used by commands 0x06, 0x07, 0x08, 0x09, 0x0b, 0x0d)
0x8038b8b4    32 bit pointer             saved stack pointer for returning through multiple stack levels
0x8038b8b8    32 bit pointer array       pointers to level command functions
0x8038bd80    pointer                    GeoLayout working ptr
0x8038be20    16 bits signed             ???
0x8038be24    32 bits signed             set by level script command 0x13
0x8038be28    32 bit pointer             level loading(script) current pointer
0x8038be98    struct size:0x18(24) [256] initalized by function 0x80382590
0x8038a800
0x8038ee9c    pointer to an array of 0x30 byte runtime solidity triangle records
0x8038f800


Level Commands
0x31   setting the second value to 0x06 makes the level slippery
                                   0xff mario makes metal sounds when walking
                                   
Level command function table
8038b8b8: 8037e2c4 /* 00 */
8038b8bc: 8037e388
8038b8c0: 8037e404
8038b8c4: 8037e47c
8038b8c8: 8037e4fc /* 04 */
8038b8cc: 8037e580
8038b8d0: 8037e5b8
8038b8d4: 8037e620
8038b8d8: 8037e650 /* 08 */
8038b8dc: 8037e6d4
8038b8e0: 8037e780
8038b8e4: 8037e7f8
8038b8e8: 8037e878 /* 0c */
8038b8ec: 8037e8e8
8038b8f0: 8037e988
8038b8f4: 8037ea18
8038b8f8: 8037ea70 /* 10 */
8038b8fc: 8037ea98
8038b900: 8037eb04
8038b904: 8037eb98
8038b908: 8037ebd4 /* 14 */
8038b90c: 8037ec14
8038b910: 8037ec54
8038b914: 8037eca4
8038b918: 8037ecf8 /* 18 */
8038b91c: 8037ed48
8038b920: 8037edf8
8038b924: 8037ee48
8038b928: 8037eea8 /* 1c */
8038b92c: 8037ef00
8038b930: 8037ef70
8038b934: 8037f010
8038b938: 8037f130 /* 20 */
8038b93c: 8037f164
8038b940: 8037f214
8038b944: 8037f2a4
8038b948: 8037f45c /* 24 */
8038b94c: 8037f36c
8038b950: 8037f67c
8038b954: 8037f994
8038b958: 8037f790 /* 28 */
8038b95c: 80380014
8038b960: 8038007c
8038b964: 803800bc
8038b968: 80380160 /* 2c */
8038b96c: 803801a0
8038b970: 8037fe94
8038b974: 8037ff14
8038b978: 80380274 /* 30 */
8038b97c: 8037f920
8038b980: 8038024c
8038b984: 803801e0
8038b988: 8037fde4 /* 34 */
8038b98c: 8037fe2c
8038b990: 80380300
8038b994: 8038039c
8038b998: 803803ec /* 38 */
8038b99c: 8037ff94
8038b9a0: 8037fb18
8038b9a4: 8037fc38
8038b9a8: 80380434 /* 3c */


Geometry layout command table
8038b810: 8037cd60 /* 00 */  (0x0c bytes)
8038b814: 8037ce24
8038b818: 8037cee8           Call
8038b81c: 8037cf70           Return
8038b820: 8037cfc0 /* 04 */
8038b824: 8037d018
8038b828: 8037d050
8038b82c: 8037d0d0
8038b830: 8037d1d0 /* 08 */
8038b834: 8037d328
8038b838: 8037d3a4
8038b83c: 8037d48c
8038b840: 8037d500 /* 0c */
8038b844: 8037d55c /* 0d */  (0x08 bytes)
8038b848: 8037d5d4 /* 0e */  (0x08 bytes?)
8038b84c: 8037d640           (0x14 bytes)
8038b850: 8037d6f0 /* 10 */
8038b854: 8037d8d4
8038b858: 8037d998 /* 12 */  (0x0c/0x08 bytes)
8038b85c: 8037db74 /* 13 */  (0x0c bytes)
8038b860: 8037dc10 /* 14 */
8038b864: 8037dcd4 /* 15 */  (0x08 bytes) ???/refer to GBI commands
8038b868: 8037dd4c /* 16 */  (0x08 bytes)
8038b86c: 8037dddc /* 17 */  (0x04 bytes)
8038b870: 8037de34 /* 18 */  (0x08 bytes) ??? has RAM address
8038b874: 8037de94 /* 19 */  (0x08 bytes)
8038b878: 8037def8 /* 1a */  (0x08 bytes) no op
8038b87c: 8037df1c /* 1b */  (0x04 bytes)
8038b880: 8037dfd4 /* 1c */  (0x0c bytes)
8038b884: 8037da5c /* 1d */  (0x0c/0x08 bytes)
8038b888: 8037db50 /* 1e */  (0x08 bytes) no op
8038b88c: 8037d4dc /* 1f */  (0x10 bytes) no op
8038b890: 8037e058 /* 20 */  (0x04 bytes)


Behavior command function table
8038b9b0: 803854cc /* 0x00 */
8038b9b4: 8038425c
8038b9b8: 803841b8
8038b9bc: 80384224 
8038b9c0: 8038438c /* 0x04 - jump */
8038b9c4: 80384450
8038b9c8: 803844c0  
8038b9cc: 80384554
8038b9d0: 803845e8 /* 0x08 - save location on stack */
8038b9d4: 80384634 /* 0x09 - jump to location on top of stack w/o popping and yield*/
8038b9d8: 80384188
8038b9dc: 803841a0
8038b9e0: 80384678 /* 0x0c - just calls a function */
8038b9e4: 80384c5c
8038b9e8: 803846d0
8038b9ec: 80384cf0 /* 0x0f */
8038b9f0: 8038475c /* 0x10 */
8038b9f4: 80384d70
8038b9f8: 80384e04
8038b9fc: 803849f8
8038ba00: 80384854 /* 0x14 */
8038ba04: 80384928
8038ba08: 80384ab4
8038ba0c: 80384b90
8038ba10: 8038503c /* 0x18 */
8038ba14: 803850cc
8038ba18: 80385084
8038ba1c: 80383f24
8038ba20: 80383f94 /* 0x1c - subobject*/
8038ba24: 80384164
8038ba28: 80384f8c /* 0x1e - something to do with the y position */
8038ba2c: 80385114
8038ba30: 803851d0 /* 0x20 */
8038ba34: 80383ee4 /* 0x21 */
8038ba38: 80383e5c
8038ba3c: 8038528c /* 0x23 */
8038ba40: 8038546c /* 0x24 */
8038ba44: 803842e4
8038ba48: 803843e0
8038ba4c: 80384e9c /* 0x27 - sets value (used for init pose) */
8038ba50: 80384f08 /* 0x28 */
8038ba54: 803840b4
8038ba58: 803856a0 /* 0x2a */
8038ba5c: 803853ac
8038ba60: 8038401c /* 0x2c */
8038ba64: 80385700 /* 0x2d */
8038ba68: 8038531c
8038ba6c: 8038575c
8038ba70: 8038586c /* 0x30 */
8038ba74: 803857a0
8038ba78: 803857e4
8038ba7c: 80385a60 /* 0x33 */
8038ba80: 80385b4c /* 0x34 */
8038ba84: 80383ea0
8038ba88: 803847d4
8038ba8c: 80385af0
