Is it possible to Decipher file structure from mips?

[avok23]

I was trying to find an efficient way to learn file formats from ps2 games together with manually deciphering the file format through Hex editor to atleast verify what is going on.
I tried using DVD reads together with debug info (EE Cache) but it did not bring the clarity i was hoping for. Not only was it dead slow I actually thought the debugger would dump out Sequences of instructions.

I am actually new to this. I only found out about MIPS last night and i have gotten all the information i could gather on it (15 hours of Videos and tutorials from sony and other colleges).

While i am glad i have the knowledge i am suddenly terrified i might be wasting my time. Staring at elf/slus/sles files in ps2dis is pretty terrifying. (Why is there no scroll bar? )

I am on my 4th can of monster and i am still going to do this but if anyone one can save me from wasting my time i'll be eternaly grateful.

[avok23]

I also have a strange question

Code:

beq        zero, zero, $00115570

why would you ever need to check if zero is zero? It throws me off.

[Saiki]

what if zero isn't zero? then there's a large error somewhere. it's always wise to check and make sure everything is what it should be

[nosisab Ken Keleh]

Well, an identifier will always be equal to itself... the real question to the OP is: are you sure to be disassembling a code area instead a data area?

[avok23]

I am assuming the code area is always towards the bottom. The files are huge and i just figured out how to dump it to a text file.

This looks like code to me. but if there is a more sane way to differentiate please share

Code:

kgm_map_anim:                    #
    sw        a0, $0058(sp)        # 00110d40:afa40058    
    lw        a1, $0050(sp)        # 00110d44:8fa50050    
__00110d48:                    #
    blez        a1, $001109a4        # 00110d48:18a0ff16    ^ __001109a4
    daddu        s0, a1, zero        # 00110d4c:00a0802d    
__00110d50:                    #
    lw        a0, $0048(sp)        # 00110d50:8fa40048    
    addiu        a2, zero, $0020        # 00110d54:24060020    a2=$00000020
    lw        a1, $005c(sp)        # 00110d58:8fa5005c    
    lw        v1, $0044(sp)        # 00110d5c:8fa30044    
    jalr        v1            # 00110d60:0060f809    
    addiu        s0, s0, $ffff        # 00110d64:2610ffff    
    lw        a0, $0058(sp)        # 00110d68:8fa40058    
    addu        a0, a0, v0        # 00110d6c:00822021    
    bne        s0, zero, $00110d50    # 00110d70:1600fff7    ^ __00110d50
    sw        a0, $0058(sp)        # 00110d74:afa40058    
    beq        zero, zero, $001110b4    # 00110d78:100000ce    v __001110b4
    lbu        a1, $0000(s6)        # 00110d7c:92c50000    
__00110d80:                    #
    andi        v0, s5, $0004        # 00110d80:32a20004    
    beq        v0, zero, $00110f64    # 00110d84:10400077    v __00110f64
    addiu        v0, zero, $0030        # 00110d88:24020030    v0=$00000030
    bne        a3, v0, $00110e48    # 00110d8c:14e2002e    v __00110e48
    lw        a1, $0050(sp)        # 00110d90:8fa50050    
    lw        a1, $0054(sp)        # 00110d94:8fa50054    
    beq        a1, zero, $00110df4    # 00110d98:10a00016    v __00110df4
    daddu        s0, zero, zero        # 00110d9c:0000802d    
    addiu        s3, sp, $0020        # 00110da0:27b30020    
    sltu        s4, s2, s1        # 00110da4:0251a02b    
__00110da8:                    #
    addu        v0, s3, s0        # 00110da8:02701021    
    lw        a0, $0048(sp)        # 00110dac:8fa40048    
    lb        a2, $0000(v0)        # 00110db0:80460000    
    addiu        s0, s0, $0001        # 00110db4:26100001    s0=$00000001
    lw        a1, $005c(sp)        # 00110db8:8fa5005c    
    lw        v1, $0044(sp)        # 00110dbc:8fa30044    
    sq        a3, $0060(sp)        # 00110dc0:7fa70060    
    jalr        v1            # 00110dc4:0060f809    
    sq        t0, $0070(sp)        # 00110dc8:7fa80070    
    lw        a0, $0058(sp)        # 00110dcc:8fa40058    
    lw        a1, $0054(sp)        # 00110dd0:8fa50054    
    addu        a0, a0, v0        # 00110dd4:00822021    
kgm_map_anim_ctrl:                #
    lq        a3, $0060(sp)        # 00110dd8:7ba70060    
    sw        a0, $0058(sp)        # 00110ddc:afa40058    
    slt        v0, s0, a1        # 00110de0:0205102a    
    bne        v0, zero, $00110da8    # 00110de4:1440fff0    ^ __00110da8
    lq        t0, $0070(sp)        # 00110de8:7ba80070    
    beq        zero, zero, $00110dfc    # 00110dec:10000003    v __00110dfc
    lw        v0, $0050(sp)        # 00110df0:8fa20050    
__00110df4:                    #
    sltu        s4, s2, s1        # 00110df4:0251a02b    
    lw        v0, $0050(sp)        # 00110df8:8fa20050    
__00110dfc:                    #
    blez        v0, $00110ef4        # 00110dfc:1840003d    v __00110ef4
    nop                    # 00110e00:00000000    
    daddu        s0, v0, zero        # 00110e04:0040802d    
kgm_map_gnd:                    #
    lw        a0, $0048(sp)        # 00110e08:8fa40048    
    daddu        a2, a3, zero        # 00110e0c:00e0302d    
    lw        a1, $005c(sp)        # 00110e10:8fa5005c    
    addiu        s0, s0, $ffff        # 00110e14:2610ffff    
    lw        v1, $0044(sp)        # 00110e18:8fa30044    
    sq        a3, $0060(sp)        # 00110e1c:7fa70060    
    jalr        v1            # 00110e20:0060f809    
    sq        t0, $0070(sp)        # 00110e24:7fa80070    
    lw        a0, $0058(sp)        # 00110e28:8fa40058    
    lq        a3, $0060(sp)        # 00110e2c:7ba70060    
    addu        a0, a0, v0        # 00110e30:00822021    
    lq        t0, $0070(sp)        # 00110e34:7ba80070    
    bne        s0, zero, $00110e08    # 00110e38:1600fff3    ^ kgm_map_gnd
    sw        a0, $0058(sp)        # 00110e3c:afa40058    
    beq        zero, zero, $00110ef4    # 00110e40:1000002c    v __00110ef4
    nop                    # 00110e44:00000000

[avok23]

I should probably have a strategy.
I know the name of the object that contains all the data

Code:

"DATA/FID.BIN":                    #
    .byte        $44            # 002b3f30    68  'D'
    .byte        $41            # 002b3f31    65  'A'
    .byte        $54            # 002b3f32    84  'T'
    .byte        $41            # 002b3f33    65  'A'
    .byte        $2f            # 002b3f34    47  '/'
    .byte        $46            # 002b3f35    70  'F'
    .byte        $49            # 002b3f36    73  'I'
    .byte        $44            # 002b3f37    68  'D'
    .byte        $2e            # 002b3f38    46  '.'
    .byte        $42            # 002b3f39    66  'B'
    .byte        $49            # 002b3f3a    73  'I'
    .byte        $4e            # 002b3f3b    78  'N'
    nop                    # 002b3f3c:00000000

luckily ps2dis generates some comments
so i try to find every instance of $3f30 like:

Code:

addiu        a1, a1, $3f30        # 00193b9c:24a53f30    a1="DATA/FID.BIN"

Then i check the neighbouring instructions to see what it is doing and if i can understand it.

i have also checked for labels with the word "load" in them.

I had started by looking for something like

Code:

li   $v0, 13       # system call for open file
la   $a0, fin      # input file name
...
....
syscall            # open a file

I wish i could just dump it all in Spim and step through it

I am new to this and this is probably a dumb question is there a way to simulate the extra EE instruction sets that pc programs like Spim are missing even if it has tto be ridiculously slow.

[gregory]

The open is not done on the EE side. The command is send to IOP with a RPC mecanism. There is a sif-rpc-tracer branch not perfect but it might be easier to see the RPC transaction (they used sif0/sif1 dma). By the way, even on IOP it doesn't use any syscall.

On the file format, there are 2 possibilities.
1/ file format is self-contained, all informations to decode the file is contained on the file. There is somethings like an header that describe the content of the file and where to get the data.
2/ file format is raw binary. Game got some pointer with the location of the data. Either there is would some value in the data segment. Either it is directly hardcoded in mips like

Code:

lui r1 upper
addiu r1 lower
addu r2 r1 # to compute relative address based on the loaded part.

Edit: enable bios log in iop (last menu)

[avok23]

Thank you very much sir. I dont know why i never thought of IO.
But i wont even pretend to understand that. "Bios Log in IOP"? Never seen such an option
The "IOP Console" option doesnt show much of anything.
Some files have headers others dont. Japanese also slightly throws me off at times. ( Why would there ever be an integer value larger than the file size in a file? With the data making no sense as an int uint, float or short?)

Never heard of RPC

So I guess I am meant to look into "IOPRP300.IMG" or "SIO2MAN.IRX"? (I thought these were just like general libraries with instructions that can be called from the main SLPM/slus/sles etc)
PS if my above guess is true how would i recognize such a function call?

I guess i still know nothing Off to study some more

[avok23]

Just in case any fellow noobs are interested in this journey I will post all the crap i found along the way

*** Removed copyrighted materials ***

http://www.philvaz.com/games/PS2IOP.pdf <-- This is the IOP stuff i am supposed to read i guess.

Out of curiousity i wonder if anyone one here did a Comp Sci course.
We did alot of c, c++ and java and only 1 week of assembly in 4 years.

[Scootaloo]

Not sure if you realize this, or not, but all the PDF's appear to be blank. Unless those are empty placeholders you're going to fill...

I kinda got bored of emulation, but I do more lurking than anything else now. I'll keep an eye on this thread .