The KATANA SDK application:
Код:
Syscalls state: 0x8c000000 - 0x8c000100
Syscalls code: 0x8c000100 - 0x8c004000
Reserved: 0x8c004000 - 0x8c008000 (16Kb)
IP.BIN: 0x8c008000 - 0x8c010000 (32Kb)
- Bootstrap 1: 0x8c008300
- Bootstrap 2: 0x8c00b800
- Stack: 0x8c00e400 - 0x8c00f400 (4Kb, but can be more and at 0x8d000000)
- VBR: 0x8c00f400 - 0x8c010000 (3Kb)
Application: 0x8c010000 - 0x8cxxxxxx
The WinCE SDK application:
Код:
Syscalls state: 0x8c000000 - 0x8c000100
Syscalls code: 0x8c000100 - 0x8c004000
Reserved: 0x8c004000 - 0x8c008000 (16Kb)
IP.BIN: 0x8c008000 - 0x8c010000 (32Kb)
- Bootstrap 1: 0x8c008300
- Bootstrap 2: 0x8c00b800
- Unused: 0x8c00e400 - 0x8c010000
Application: 0x8c010000 - 0x8cxxxxxx
Stack: 0x00xxxxxx (MMU mapped)
VBR: 0x8c0120f0 or 0x8c012110 (depends on the version)
The KallistiOS application:
Код:
Syscalls state: 0x8c000000 - 0x8c000100
Syscalls code: 0x8c000100 - 0x8c004000
Reserved: 0x8c004000 - 0x8c008000 (16Kb)
IP.BIN: 0x8c008000 - 0x8c010000 (32Kb)
- Bootstrap 1: 0x8c008300
- Bootstrap 2: 0x8c00b800
- Unused: 0x8c00e400 - 0x8c010000
Application: 0x8c010000 - 0x8cxxxxxx
Stack: 0x8cxxxxxx
VBR: 0x8cxxxxxx
In IP.BIN, stack and VBR sections cleared to zeros, so the applications setup VBR code by self. But maybe this is not the case everywhere.
All applications use multiple stacks, because it's multithreaded applications. In this description I mean *kernel stack*.
BTW, Visual Concept games uses another VBR address with different entry code, so loader with IRQ handling injection (full loader, not "se") doesn't support it yet.
Also some games that uses MMU for protection, can use different VBR. I think it should be the same, just need more reverse-engineering to add support for IRQ handling injection.
Some games like Shenmue 1/2 or Atomiswave ports write some data to 0x8c004000 memory, so we should place the loaders at high memory.
Поиск
Пользователи
Календарь
Справка
![[Изображение: barbers.png]](http://www.dc-swat.ru/swat/barbers.png)
