Twili

Edited topic post with a real emulator now instead of a delay slot test.

1. Find a display list in the ROM with some vertex data. 2. Identify which command is loading that vertex data and get the last 3 bytes of the pointer from it. 3. Subtract the ROM offset of the data from that. 4. ??? 5. PC. Also once you get the PC, subtract it from that pointer. Then subtract the result from the ROM offset of the data to get the start of the file and you can use it with the decompiler. This only works if the file has machine code in it and the pointer starts with 0x80. That doesn't work, actually. I'd have to show how to do it if you paste data.

Version 2 can be downloaded here: https://www.the-gcn.com/files/file/76-n64-function-decompiler/ Improvements: +More MIPS opcodes supported. +NOW DETECTS LOOPS AND PRINTS THEM AS WHILE-LOOPS. +Now detects every RDP GBI command. *The hardwired ones and programmable ones exclusive to F3DEX_GBI_2. DMA GBI commands unsupported because their low range is too ambiguous with other values.* I've completely mapped out the source code file strings left in OoT debug's "code" file now: (as function offsets for the decompiler, as before) 09a4 z_en_a_keep.c 20d0 z_en_item00.c 4100 z_eff_blure.c 775c z_eff_shield_particle.c 81a0 z_eff_spark.c 93d0 z_eff_ss_dead.c a450 z_effect_soft_sprite.c b120 z_effect_soft_sprite_old_init.c dc50 flg_set.c e248 z_DLF.c e3a0 z_actor.c 18400 z_cheap_proc.c 1b920 z_bgcheck.c 3ad38 z_camera.c 3e44c z_collision_check.c 46860 z_debug.c 471d0 z_debug_display.c 4bddc z_demo.c 4c684 z_draw.c 4ed60 z_elf_message.c 4f918 z_fcurve_data_skelanime.c 5028c z_horse.c 515b8 z_jpeg.c 52000 z_kanfont.c 52e28 z_kankyo.c 5c0bc z_lifemeter.c 5d09c z_lights.c 5e430 z_map_mark.c 5eb44 z_moji.c 5f9f0 z_onepointdemo.c 63c54 z_map_exp.c 67c0c z_parameter.c 72610 z_player_lib.c 754d0 z_prenmi.c 76510 z_rcp.c 78c54 z_room.c 7a7a4 z_sample.c 7ada0 z_scene.c 7c6f0 z_scene_table.c 83a40 z_skelanime.c 88b2c z_skin.c 897dc z_skin_awb.c 8ce74 z_sram.c 8d398 z_view.c 8f1d0 z_vimode.c 901f4 z_vismono.c 923b8 z_vr_box.c 941d0 z_vr_box_draw.c 94a50 z_fbdemo.c 9b978 db_camera.c 9ee30 z_kaleido_manager.c 9f1f0 z_kaleido_scope_call.c 9f630 z_play.c a40c8 PreRender.c a788c game.c a8850 gamealloc.c a8dcc graph.c a9fc0 main.c aa5ac padmgr.c ab440 sched.c acae0 speed_meter.c ad540 sys_cfb.c b39b0 sys_matrix.c b63c0 irqmgr.c df1b0 loadfragment2.c df260 mtxuty-cvt.c ecb08 z_message_PAL.c ef53c z_message.c f3b50 z_construct.c Here's how z_lights.c looks now: Program counter? 0x1ce60 Function offset? 0x5d09c 0005d09c: $sp=0xFFFFFF98; 0005d0a0: stack[(-104)+24]=$s1; 0005d0a4: $s1=0x00000000; /* $a0|$r0 */ 0005d0a8: stack[(-104)+28]=$ra; 0005d0ac: stack[(-104)+20]=$s0; 0005d0b0: /* */ 0005d0b4: $s0=0x00000000; /* $a1|$r0 */ 0005d0b8: $a2=0x8013C8A0; /* 0011FA40 in your file */ 0005d0bc: $a0=0xFFFFFFE4; 0005d0c0: 0005d0c4: $a3=0x00000153; 0005d0c0: function_0c6ac4(); /* 000A9C64 in your file */ 0005d0c8: $v1=mem[$s0+0x02c0]; 0005d0cc: $a0=0xDB020000; /* G_MOVEWORD */ 0005d0d0: $a1=0x00000018; 0005d0d4: $t6=0x00000008; 0005d0d8: mem[$s0+0x02c0]=$t6; 0005d0dc: mem[$v1+0x0000]=$a0; 0005d0e0: (unsigned char)$t7=mem[$s1+0x0000]; 0005d0e4: $a3=0x00000000; /* $r0|$r0 */ 0005d0e8: $t0=0xDC080000; /* G_MOVEMEM */ 0005d0ec: $lo = $t7 * $a1; 0005d0f0: $t8=$lo; 0005d0f4: mem[$v1+0x0004]=$t8; 0005d0f8: $v1=mem[$s0+0x02d0]; 0005d0fc: $t9=0x00000008; 0005d100: mem[$s0+0x02d0]=$t9; 0005d104: mem[$v1+0x0000]=$a0; 0005d108: (unsigned char)$t1=mem[$s1+0x0000]; 0005d10c: $a0=0x00000010; 0005d110: $lo = $t1 * $a1; 0005d114: $a1=0x00000018; 0005d118: $t2=$lo; 0005d11c: mem[$v1+0x0004]=$t2; 0005d120: (unsigned char)$t3=mem[$s1+0x0000]; 0005d124: if($t3<=0) { 0005d128: $a1=0x00000000; /* $a3<<2 */ 0005d124: goto 0005d198; } 0005d12c: $v1=mem[$s0+0x02c0]; 0005d130: while($at!=$r0) { $a1=0x00000018; 0005d134: $a3=0x00000001; 0005d138: $t4=0x00000008; 0005d13c: mem[$s0+0x02c0]=$t4; 0005d140: $v0=0x00000000; /* $v1|$r0 */ 0005d144: 0005d148: $t5=0xE0000003; /* $a1>>3 (fill empty bits) */ 0005d144: if($a1>=0) { goto 0005d154; } 0005d14c: $at=0x0000001F; 0005d150: $t5=0xE0000003; /* $at>>3 (fill empty bits) */ 0005d154: $t6=0x00000003; 0005d158: $t7=0x00000300; 0005d15c: /* */ 0005d160: $a2=0xDC08030A; /* G_MOVEMEM */ 0005d164: mem[$v0+0x0000]=$a2; 0005d168: mem[$v0+0x0004]=$a0; 0005d16c: $v1=mem[$s0+0x02d0]; 0005d170: $t8=0x00000008; 0005d174: mem[$s0+0x02d0]=$t8; 0005d178: mem[$v1+0x0004]=$a0; 0005d17c: mem[$v1+0x0000]=$a2; 0005d180: (unsigned char)$t9=mem[$s1+0x0000]; 0005d184: $a0=0x00000020; 0005d188: if($a3<$t9) { $at=1; } else { $at=0; } 0005d18c: 0005d190: $v1=mem[$s0+0x02c0]; 0005d18c: 0005d194: } $a1=0x00000004; 0005d198: $a1=0x00000003; /* $a1-$a3 */ 0005d19c: $a1=0x00000018; 0005d1a0: $v1=mem[$s0+0x02c0]; 0005d1a4: $a1=0x00000048; 0005d1a8: $t0=0xDC080000; /* G_MOVEMEM */ 0005d1ac: $t1=0x00000008; 0005d1b0: mem[$s0+0x02c0]=$t1; 0005d1b4: $v0=0x00000000; /* $v1|$r0 */ 0005d1b8: 0005d1bc: $t2=0xE0000009; /* $a1>>3 (fill empty bits) */ 0005d1b8: if($a1>=0) { goto 0005d1c8; } 0005d1c0: $at=0x0000004F; 0005d1c4: $t2=0xE0000009; /* $at>>3 (fill empty bits) */ 0005d1c8: $t3=0x00000009; 0005d1cc: $t4=0x00000900; 0005d1d0: /* */ 0005d1d4: $a2=0xDC08090A; /* G_MOVEMEM */ 0005d1d8: $a0=0x00000008; 0005d1dc: mem[$v0+0x0004]=$a0; 0005d1e0: mem[$v0+0x0000]=$a2; 0005d1e4: $v1=mem[$s0+0x02d0]; 0005d1e8: $a1=0x00000000; /* $s0|$r0 */ 0005d1ec: $a3=0x00000160; 0005d1f0: $t5=0x00000008; 0005d1f4: mem[$s0+0x02d0]=$t5; 0005d1f8: mem[$v1+0x0000]=$a2; 0005d1fc: /* */ 0005d200: mem[$v1+0x0004]=$a0; 0005d204: $a0=0xFFFFFFE4; 0005d208: 0005d20c: $a2=0x8013C8B0; /* 0011FA50 in your file */ 0005d208: function_0c6b54(); /* 000A9CF4 in your file */ 0005d210: $ra=stack[(-104)+28]; 0005d214: $s0=stack[(-104)+20]; 0005d218: $s1=stack[(-104)+24]; 0005d21c: Press any key to continue . . . See the while loop?

File Name: N64 Function Decompiler File Submitter: Twili File Submitted: 21 Jan 2017 File Category: Community Downloads Decompiler for individual functions within a file extracted from an N64 ROM. https://www.the-gcn.com/files/file/76-%7B%3F%7D/ Click here to download this file

UPDATE IN THE LATEST POST. Download decompile.zip by clicking on the blue Download button here: http://www.sendspace.com/file/ld9lho Features: +Currently supports 18 MIPS opcodes. +Supports F3DEX GBI 2 RDP command detection. This tool will interpret MIPS opcodes and print C-like syntax to the console window. Results may be inaccurate until there's full opcode support. It will also print comments. "^_^" means that something is unnecessary to print because it sets the high 16 bits of a pointer that's shown whole further down. Usage: 1. Click and drag a file into decompile.exe. The engine file for OoT debug (code) is included for testing purposes. ***IT MUST BE AN EXTRACTED FILE THAT YOU KNOW THE PROGRAM COUNTER FOR. NOT A WHOLE ROM.** 2. It will ask for a program counter. For the included file, type 1ce60 and hit Enter. 3. It will ask for a function offset. Type one and hit Enter. There will be future updates to this tool. Source code is included.

Initial release of the decompiler coming in a couple hours.

Off the top of my head, I'm banned from GameFAQs, GBAtemp and its IRC channel, IGN, and banned from posting to the gallery on Imgur. I'm Z-lined from BadnikNET, and banned from these other channels on these networks: #3dsdev on EFnet #n64dev on EFnet #citra on Freenode #.blank on Rizon I walked out on #dolphin-emu on Freenode when I learned two admins are Social Justice Warriors that have a problem with screenshots of Zero Suit Samus' butt in Smash 4. I wouldn't have it any other way. All of those places betrayed me or held me back. My primary Internet home is here now: https://myanimelist.net/profile/IpreferEcchi I'm getting back into reverse engineering and am working on an individual function decompiler for N64 ROMs that works as well as how much context I'm baking into it.

This new Sheikah symbol is from the E3 site. This is the Hylian Alphabet for this game, which is incomplete right now because the only text we have to work with is: http://e3.nintendo.com/assets/img/zelda/hr.svg It says "T-H-E-L-E-G-E-N-D-O-F-Z-E-L-D-A-T-H-E-L-E-G-E-N-D-O" (THE LEGEND OF ZELDA THE LEGEND O). The E3 demos will likely have secret messages to decipher, so this is a good starting point.

The name is inspired by xdaniel's libbadRDP. All it does so far (from command line) is get past the bootstrap for Super Mario 64 (J) [!]. badn64.h: https://pastebin.com/xBwTzH9d badn64.c: https://pastebin.com/prn1DCvM 32175 a4000170: jumped inside function (a4000778) 32206 a40007ec: jumped inside function (a4000880) 32215 a40008a0: jumped inside function (a400090c) 32220 a4000918: jumped inside function (a4000a40) 32252 a4000920: returned from function 32917 a40008a8: returned from function 32934 a40008e8: jumped inside function (a4000980) 32947 a40009b8: jumped inside function (a4000a40) 32983 a40009c0: returned from function 32985 a40009c0: jumped inside function (a4000ad0) 33024 a40009c8: returned from function 33026 a40009c8: jumped inside function (a4000ad0) 33065 a40009d0: returned from function 33083 a40008f0: returned from function 33088 a40007f4: returned from function 33094 a40007ec: jumped inside function (a4000880) 33103 a40008a0: jumped inside function (a400090c) 33108 a4000918: jumped inside function (a4000a40) 33140 a4000920: returned from function 33805 a40008a8: returned from function 33822 a40008e8: jumped inside function (a4000980) 33835 a40009b8: jumped inside function (a4000a40) 33871 a40009c0: returned from function 33873 a40009c0: jumped inside function (a4000ad0) 33912 a40009c8: returned from function 33914 a40009c8: jumped inside function (a4000ad0) 33953 a40009d0: returned from function 33971 a40008f0: returned from function 33976 a40007f4: returned from function 33982 a40007ec: jumped inside function (a4000880) 33991 a40008a0: jumped inside function (a400090c) 33996 a4000918: jumped inside function (a4000a40) 34028 a4000920: returned from function 34693 a40008a8: returned from function 34710 a40008e8: jumped inside function (a4000980) 34723 a40009b8: jumped inside function (a4000a40) 34759 a40009c0: returned from function 34761 a40009c0: jumped inside function (a4000ad0) 34800 a40009c8: returned from function 34802 a40009c8: jumped inside function (a4000ad0) 34841 a40009d0: returned from function 34859 a40008f0: returned from function 34864 a40007f4: returned from function 34870 a40007ec: jumped inside function (a4000880) 34879 a40008a0: jumped inside function (a400090c) 34884 a4000918: jumped inside function (a4000a40) 34916 a4000920: returned from function 35581 a40008a8: returned from function 35598 a40008e8: jumped inside function (a4000980) 35611 a40009b8: jumped inside function (a4000a40) 35647 a40009c0: returned from function 35649 a40009c0: jumped inside function (a4000ad0) 35688 a40009c8: returned from function 35690 a40009c8: jumped inside function (a4000ad0) 35729 a40009d0: returned from function 35747 a40008f0: returned from function 35752 a40007f4: returned from function 35759 a4000808: jumped inside function (a4000a40) 35795 a4000810: returned from function 35823 a4000178: returned from function 35842 a40002ec: jumped inside function (a4000a40) 35878 a40002f4: returned from function 5782558 r0: 00000000 at: a4600000 v0: 000b5080 v1: 00000000 a0: 000b5080 a1: 0e4c728e a2: 0534d9ac a3: 4eaa3d0e t0: a4002000 t1: 80246000 t2: f8cb7f9e t3: b0000000 t4: b9e50493 t5: 00000020 t6: f6870d10 t7: c8aff19b s0: 00000400 s1: a3f08000 s2: 00000000 s3: 00000000 s4: 00000001 s5: 00000000 s6: 0000003f s7: 00000000 t8: cd9078b7 t9: 8368dffa k0: a4300000 k1: 00000001 gp: 00000008 sp: a4001ff0 fp: a4001f90 ra: a40002f4 pc: 80246000 Press any key to continue . . .

http://solarviews.com/huge/vss/VSS00171.jpg

Regarding the authenticity of the image itself, reverse image searching doesn't return anything, and it doesn't look like an edit job of the Mother 3 blue disks.

Yeah: http://www.reddit.com/r/gaming/comments/3e3pyt/i_received_2_n64_development_disks_one_titled_%E8%A3%8F/

Sources and quotes: http://imgur.com/gallery/9oBOUjA I received 2 N64 Development Disks - One Titled è£ - URA http://forum.pj64-emu.com/showthread.php?t=5195 <Seru-kun> "The game loads up to a title screen like I've never seen (Distorted colors, no music, strange looking Link, no Epona) and says copyright 1997. Upon start it comes to a debug BUT the disk just spins and an error comes up!" Now we wait for the ROM to tear apart...