Reference: Read & Debug Part 2 - Cart Boot

Please start with Part 1 on the PIF I'm going to make some assumptions about what was learned there. Especially regarding setting and using breakpoints as well as how the code addresses may jump around due to optimizations.

bpset A4000040 // Cart Startup Code

bpset A4000060 // Coming back to this code?

bpset A4000410 // Big jump at the start of the code.

bpset 80000000 // Peripheral Interface Function

Start Stepping:

A400 0040 - A400 0048

Clear Coprocessor registers to zero Cause, Count, Compare

A400 004C - A400 005C

Read RDRAM RI_SELECT_REG if NON zero branch to initialization routine 0xA400 0410

A400 0060 - A400 040C

????

A400 0420 - A400 0424

Clear Coprocessor registers to zero TagLo, TagHi

A400 0410 - A400 0434

Setup some Cache Store Tag in the range 8000 0000 - 8000 3FE0

32 Bytes at a time.

Finish Store Tag the Cache in the range 8000 0000 - 8000 3FE0

A400 0438 - A400 0454

Invalidate the Cache in the range 8000 0000 - 8000 1FF0

16 Bytes at a time

A400 0458 - A400 04AC

Move Data 696 Bytes :

A400 04C0 -> A000 0000

A400 04C4 -> A000 0004

A400 04C8 -> A000 0008

...

A400 0774 -> A000 02B4

A400 04B0 - A400 04BC

Execute Subroutine @ 8000 0000

8000 0000 - 8000 0050

Focused on the Peripheral Interface (Cartridge)

8000 0000 - 8000 0004

Get the Cart Game Start Location 8000 1000

8000 0008 - 8000 0018

Set the PI DRAM Address to Physical Address 0000 1000 (Yes 0000)

8000 001C - 8000 002C

Loop until PI IO Busy Status is Zero

8000 0030 - 8000 0040

Set the PI Cartridge Address to Physical Address 1000 1000

8000 0044 - 8000 0050

Set the PI Write Length to 0x000F FFFF aka 1 MB

8000 0054 - 8000 00C0

nop's to let the Cartridge 1 MB copy complete.

This space is also interesting because the MIPS manuals say the Exception Handler should be at 8000 0080 which is in the middle of this space?

8000 00C4 - 8000 00D4

Check PI DMA Register - Loop until zero (Loop includes nop's)

8000 00D8 - 8000 00EC

Setup a big multiply 5D588B65 * 3F = 16 F8CA 4DD8

8000 00F0 - 8000 00FC

Save a couple of registers to the Stack

8000 0100 - 8000 02A0

8000 02A4 - 8000 02AC

Jump Register 8000 1000

8000 0494 - 8000 049C

MAME hangs on this line for libn64 (12/14/2017 work in progress)

COUNT = 1B8 5B0C