improve "IP" decompilation

burn.sh

@@ -0,0 +1,2 @@
+cdrecord -speed=8 -v dev=/dev/sr0 -dao -multi taudio01.wav
+cdrecord -eject -overburn -speed=8 -v dev=/dev/sr0 -tao -xa tdata02.iso

common.mk

@@ -21,16 +21,16 @@ IP_OBJ = \
 	systemid.o \
 	toc.o \
 	sg/sg_sec.o \
-	sg/sg_arejp.o \
+	sg_arejp.o \
-	sg/sg_areus.o \
+	sg_areus.o \
-	sg/sg_areec.o \
+	sg_areec.o \
-	sg/sg_are00.o \
+	sg_are00.o \
-	sg/sg_are01.o \
+	sg_are01.o \
-	sg/sg_are02.o \
+	sg_are02.o \
-	sg/sg_are03.o \
+	sg_are03.o \
-	sg/sg_are04.o \
+	sg_are04.o \
-	sg/sg_ini.o \
+	sg_ini.o \
-	sg/aip.o
+	aip.o
 
 %.o: %.obj
 	$(OBJCOPY) -g \

ip.lds

@@ -42,11 +42,13 @@ SECTIONS
   .text.sg_ini :
   {
     KEEP(*(.text.*sg_ini))
+    . = ORIGIN(sg_ini) + LENGTH(sg_ini);
   } > sg_ini
 
   .text.aip :
   {
     KEEP(*(.text.*aip))
+    . = ORIGIN(aip) + LENGTH(aip);
   } > aip
 
   /DISCARD/ :
@@ -56,4 +58,6 @@ SECTIONS
     *(.bss)
     *(.comment)
   }
+
+  INCLUDE "debug.lds"
 }

sg_are00.s

@@ -0,0 +1,5 @@
+	.section	.text.sg_are00
+	bra	_sg_are00_next
+	nop
+	.ascii 	"                            "
+_sg_are00_next:

sg_are01.s

@@ -0,0 +1,5 @@
+	.section	.text.sg_are01
+	bra	_sg_are01_next
+	nop
+	.ascii 	"                            "
+_sg_are01_next:

sg_are02.s

@@ -0,0 +1,5 @@
+	.section	.text.sg_are02
+	bra	_sg_are02_next
+	nop
+	.ascii 	"                            "
+_sg_are02_next:

sg_are03.s

@@ -0,0 +1,5 @@
+	.section	.text.sg_are03
+	bra	_sg_are03_next
+	nop
+	.ascii 	"                            "
+_sg_are03_next:

sg_are04.s

@@ -0,0 +1,5 @@
+	.section	.text.sg_are04
+	bra	_sg_are04_next
+	nop
+	.ascii 	"                            "
+_sg_are04_next:

sg_areec.s

@@ -0,0 +1,5 @@
+	.section 	.text.sg_areec
+	bra	_sg_areec_next
+	nop
+	.ascii 	"For EUROPE.                 "
+_sg_areec_next:

sg_arejp.s

@@ -0,0 +1,5 @@
+	.section 	.text.sg_arejp
+	bra	_sg_arejp_next
+	nop
+	.ascii 	"For JAPAN,TAIWAN,PHILIPINES."
+_sg_arejp_next:

sg_areus.s

@@ -0,0 +1,5 @@
+	.section 	.text.sg_areus
+	bra	_sg_areus_next
+	nop
+	.ascii	"For USA and CANADA.         "
+_sg_areus_next:

sg_ini.s

@@ -2,7 +2,7 @@
 	.global _text_sg_ini_start
 
 _text_sg_ini_start:
-	mov.l	label_18,r0	/* 8d000000 → beginning of system ram, image area */
+	mov.l	label_18,r0	/* 8d000000 → end of system ram */
 	mov	r0,r15
 	nop
 	nop
@@ -23,26 +23,36 @@ label_20:
 	.fill	0x2000,1,0x00
 
 label_2020:
+	/* function that processes the list of addresses/values at label_2284 */
 	mov.l	label_204c,r0	/* 8c00d940 → label_2140 */
 	mov	#0,r1
 	jsr	@r0
 	nop
+
+	/* ???? possibly jump to boot menu? */
 	mov.l	label_2050,r0	/* 8c00d900 → label_2100 */
 	jsr	@r0
 	nop
+
+	/* possibly jump to boot menu? */
 	mov.l	label_2054,r0	/* 8c00d888 → label_2088 */
 	jsr	@r0
 	nop
+
+	/* check for Windows CE? */
 	mov.l	label_2058,r0	/* 8c00dae0 → label_22e0 */
 	jsr	@r0
 	nop
+
 	mov.l	label_205c,r0	/* 8c00db40 → label_2340 */
 	jsr	@r0
 	nop
+
 	nop
 	mov.l	label_2060,r0	/* 8c00d86c → label_206c */
 	jmp	@r0
 	nop
+
 	nop
 	nop
 
@@ -80,7 +90,7 @@ label_2084:
 label_2088:
 	sts.l	pr,@-r15
 	mov.l	label_20a4,r0	/* 8c000048 */
-	mov.l	@r0,r0
+	mov.l	@r0,r0		/* r0 ← 1 */
 	cmp/eq	#6,r0
 	bt	label_209e
 	cmp/eq	#7,r0
@@ -98,6 +108,7 @@ label_20a4:
 label_20a8:
 	.long	0x8c00d8ac
 
+	/* jump back to boot menu? */
 label_20ac:
 	mov.l	label_20b4,r0	/* 8c0000e0 */
 	mov.l	@r0,r0
@@ -108,61 +119,68 @@ label_20b4:
 
 label_20b8:
 	exts.b	r4,r0
-	mov	#57,r1
+	mov	#57,r1		/* ascii '9' */
 	cmp/gt	r1,r0
 	bf	label_20c2
 	add	#-7,r0
 label_20c2:
 	rts
 	add	#-48,r0
+
+	/* called from label_2100 and label_22e0 */
 label_20c6:
 	xor	r2,r2
 	sts.l	pr,@-r15
-	mov.b	@r4,r4
+	mov.b	@r4,r4		/* r4 ← (0x8c00803e) = 0x30 */
-	mov	r4,r0
+	mov	r4,r0		/* r0 ← 0x30 */
-	cmp/eq	#32,r0
+	cmp/eq	#0x20,r0	/* check for ascii space in 'Compatible peripherals' of systemid */
-	bt	label_20e0
+	bt	label_20e0	/* if it is space, return 0 */
-	bsr	label_20b8
+	bsr	label_20b8	/* ascii 0-9 to integer */
 	nop
 	mov	#1,r1
-	tst	r1,r0
+	tst	r1,r0		/* check for ascii '1' / "uses Windows CE" */
-	bt.s	label_20e0
+	bt.s	label_20e0	/* if not "uses Windows CE", take branch to label_20e0 */
 	xor	r2,r2
 	mov	#1,r2
 label_20e0:
 	lds.l	@r15+,pr
 	rts
-	mov	r2,r0
+	mov	r2,r0		/* return 1 if Windows CE, 0 if not */
 	.word 0xffff
 label_20e8:
 	mov.l	label_20fc,r1	! 8c008024
-	mov.l	label_20f8,r3	! 4c494d20
+	mov.l	label_20f8,r3	/* ascii ' MIL' ; 0x4c494d20 */
-	mov.l	@r1,r2
+	mov.l	@r1,r2		/* r2 ← 0x2d444720 ' GD-' */
 	cmp/eq	r3,r2
 	movt	r0
 	rts
 	nop
 	nop
 label_20f8:
-	.long 	0x4c494d20
+	.ascii	" MIL"	/* 4c494d20 */
 label_20fc:
 	.long	0x8c008024
+
+	/* called from label_2020 */
 label_2100:
 	sts.l	pr,@-r15
 	mov.l	label_212c,r3	/* 8c00d8c6 → label_20c6 */
-	mov.l	label_213c,r4	! 8c008000
+	mov.l	label_213c,r4	/* 8c008000 */
 	jsr	@r3
-	add	#62,r4
+	add	#0x3e,r4	/* r4 ← 0x8c00803e */
-	tst	r0,r0
+	tst	r0,r0		/* check return value != 0 */
 	bf	label_2126
+
+	/* check for ' MIL' CD */
 	mov.l	label_2130,r3	/* 8c00d8e8 → label_20e8 */
 	jsr	@r3
 	nop
-	tst	r0,r0
+	tst	r0,r0		/* check return value != 0 */
 	bf	label_2126
+
 	mov.l	label_2138,r3	! 8c010000
 	mov.w	@r3,r0
-	cmp/eq	#34,r0
+	cmp/eq	#34,r0		/* check for 'stc vbr,r0' ?? */
 	bf	label_2126
 	mov.l	label_2134,r1	/* 8c00d8ac → label_20ac */
 	jmp	@r1
@@ -182,22 +200,25 @@ label_2138:
 label_213c:
 	.long	0x8c008000
 
+	/* function that processes the list of addresses/values at label_2284 */
 label_2140:
 	mov.l	r2,@-r15
 	mov.l	r3,@-r15
 	mov.l	r4,@-r15
 	mov.l	r5,@-r15
 	sts.l	pr,@-r15
-	mova	label_2284,r0
+	mova	label_2284,r0	/* 0x8c00da84 */
-	mov.w	@(r0,r1),r1
+	mov.w	@(r0,r1),r1	/* 0x2 */
-	add	r1,r0
+	add	r1,r0		/* 0x8c00da86 */
 label_2150:
 	add	#3,r0
 	shlr2	r0
-	shll2	r0
+	shll2	r0		/* #1 r0 ← 0x8c00da88
-	mov.w	@r0+,r4
+				   #2 r0 ← 0x8c00da90 */
-	tst	r4,r4
+	mov.w	@r0+,r4		/* #1 r0 ← 0x8c00da8a ; r4 ← 2
-	bf	label_2172
+				   #2 r4 ← 1 */
+	tst	r4,r4		/* r4 & r4 != 0 → T unset */
+	bf	label_2172	/* branch taken */
 	mov.w	@r0+,r4
 	tst	r4,r4
 	bf.s	label_2150
@@ -210,20 +231,22 @@ label_2150:
 	rts
 	sett
 label_2172:
-	mov.w	@r0+,r3
+	mov.w	@r0+,r3		/* #1 0x8c00da8a ; r0 ← 0x8c00da8c ; r3 ← 0x6
-	mov.l	label_2278,r1	! ffff8000
+				   #2 0x8c00da92 ; r0 ← 0x8c00da94 ; r3 ← 0x18
-	and	r3,r1
+				*/
-	tst	r1,r1
+	mov.l	label_2278,r1	/* ffff8000 */
-	bt	label_2180
+	and	r3,r1		/* r1 ← 0 */
+	tst	r1,r1		/* r1 & r1 == 0 → T set */
+	bt	label_2180	/* branch taken */
 	xor	r1,r3
 	bf	label_2182
 label_2180:
-	mov.l	@r0+,r2
+	mov.l	@r0+,r2		/* 0x8c00da8c ; r2 ← 0xff000038 */
 label_2182:
-	mov.l	label_227c,r1	! 6000
+	mov.l	label_227c,r1	/* r1 ← 6000 */
-	and	r3,r1
+	and	r3,r1		/* r1 ← 0 */
-	tst	r1,r1
+	tst	r1,r1		/* T set */
-	bt	label_21a0
+	bt	label_21a0	/* branch taken */
 	xor	r1,r3
 	add	#12,r3
 	mov.l	@r0+,r1
@@ -236,27 +259,43 @@ label_2194:
 	add	#4,r2
 	bra	label_2150
 	mov	r5,r0
+	/* branch from label_2182 */
 label_21a0:
-	bsrf	r3
+	bsrf	r3		/* #1 0x06 ; PC ← 0x8c00d9aa (label_21aa)
-	dt	r4
+				   #2 0x18 ; PC ← 0x8c00d9bc (label_2abc)
-	bf.s	label_21a0
+				   #3 0x0c ; PC ← 0x8c00d9b0 (label_21b0)
-	add	#4,r2
+	                        */
-	bt	label_2150
+	dt	r4		/* #1 r4 ← 1 ; T unset
+				   #2 r4 ← 0 ; T set
+				   #3 r4 ← 3 ; T unset
+	                        */
+	bf.s	label_21a0 	/* #1 branch taken ; #2 branch not taken */
+	add	#4,r2		/* 0xff000038 ; r2 ← 0xff00003c */
+	bt	label_2150	/* branch taken */
+label_21aa:
 	mov	#0,r1
 	rts
 	mov.l	r1,@r2
+label_21b0:
 	mov	#0,r1
 	rts
 	mov.w	r1,@r2
 	mov	#0,r1
 	rts
 	mov.b	r1,@r2
-	mov.l	@r0+,r1
+label_21bc:
+	mov.l	@r0+,r1		/* 0x8c00da98 ; r1 ← 0x12c0 */
 	rts
-	mov.l	r1,@r2
+	mov.l	r1,@r2		/* 0xffa0002c ; CHCR2 ← 0x000012c0
+				DM: fixed
+				SM: incremented
+				RS: external request, single address mode
+				*/
+label_21c2:
 	mov.w	@r0+,r1
 	rts
 	mov.l	r1,@r2
+
 	mov.l	@r0+,r1
 	rts
 	mov.b	r1,@r2
@@ -357,50 +396,90 @@ label_2278:
 label_227c:
 	.long	0x00006000
 
-	/* unreachable? */
+	.long	0xa05f8040 /* unused; VO_BORDER_COL */
-	.word 0x8040
-	.word 0xa05f
 label_2284:
 	.word 0x0002
-	.word 0x0009
+label_2286:
+	.word 0x0009	 /* unused garbage data? */
+
+label_2288:
 	.word 0x0002
-	.word 0x0006
+label_228a:
-	.word 0x0038
+	.word 0x0006	/* r3 */
-	.word 0xff00
+label_228c:
+	.long 0xff000038
+
+label_2290:
 	.word 0x0001
-	.word 0x0018
+label_2292:
-	.word 0x002c
+	.word 0x0018	/* r3 */
-	.word 0xffa0
+label_2294:
-	.word 0x12c0
+	.long 0xffa0002c /* CHCR2 ← 0x000012c0 */
-	.word 0x0000
+label_2298:
+	.long 0x000012c0
+
+label_229c:
 	.word 0x0004
+label_229e:
 	.word 0x000c
-	.word 0x0000
+label_22a0:
-	.word 0xffd0
+	.long 0xffd00000 /* ICR ← 0
-	.word 0x0001
+	                    IPRA ← 0
-	.word 0x0018
+	                    IPRB ← 0
-	.word 0x0024
+	                    IPRC ← 0
-	.word 0xff00
+	                 */
-	.word 0x0020
+label_22a4:
-	.word 0x0000
+	.word 0x0001     /* r4 */
-	.word 0x0002
+label_22a6:
-	.word 0x001e
+	.word 0x0018     /* r3 → bsrf label_21bc */
-	.word 0x7490
+label_22a8:
-	.word 0xa05f
+	.long 0xff000024 /* r2
+			    ?? ← 0x00000020 */
+label_22ac:
+	.long 0x00000020 /* r1 */
+
+label_22b0:
+	.word 0x0002	 /* r4 */
+label_22b2:
+	.word 0x001e	 /* r3 → bsrf label_21c2 */
+label_22b4:
+	.long 0xa05f7490 /* r2
+			    SB_G1CRC ← 0x0222
+			    SB_G1CWC ← 0x0222
+	                  */
+label_22b8:
 	.word 0x0222
+label_22ba:
 	.word 0x0222
-	.word 0x0002
+
-	.word 0x001e
+label_22bc:
-	.word 0x74a0
+	.word 0x0002	 /* r4 */
-	.word 0xa05f
+label_22be:
+	.word 0x001e	 /* r3 → bsrf label_21c2 */
+label_22c0:
+	.long 0xa05f74a0 /* r2
+			    SB_G1GDRC ← 0x2001
+			    SB_G1GDWC ← 0x2001
+	*/
+label_22c4:
 	.word 0x2001
+label_22c6:
 	.word 0x2001
-	.word 0x0002
+
-	.word 0x001e
+label_22c8:
-	.word 0x7890
+	.word 0x0002	/* r4 */
-	.word 0xa05f
+label_22ca:
+	.word 0x001e	/* r3 → bsrf label_21c2 */
+label_22cc:
+	.long 0xa05f7890 /* SB_G2DSTO ← 0x001b
+			    SB_G2TRTO ← 0x0271
+			*/
+label_22d0:
 	.word 0x001b
+label_22d2:
 	.word 0x0271
+
+label_22d4:
 	.word 0x0000
 	.word 0x0000
 	nop
@@ -408,14 +487,16 @@ label_2284:
 	nop
 	nop
 
+	/* called from label_2020 */
 label_22e0:
 	sts.l	pr,@-r15
-	mov.l	label_2330,r4	! 8c008000
+	/* check systemid for "uses Windows CE" */
-	mov.l	label_2328,r3	! 8c00d8c6
+	mov.l	label_2330,r4	/* 8c008000 systemid */
+	mov.l	label_2328,r3	/* 8c00d8c6 label_20c6 */
 	jsr	@r3
-	add	#62,r4
+	add	#0x3e,r4
-	tst	r0,r0
+	tst	r0,r0		/* r0 (1 if Windows CE) */
-	bt	label_2320
+	bt	label_2320	/* if not Windows CE, return */
 	mov.l	label_2334,r1	! 8ce01010
 	mov.l	@r1,r0
 	tst	r0,r0
@@ -467,10 +548,11 @@ label_2340:
 	add	#-20,r15
 	mov	r15,r3
 	mov	r15,r5
-	mov.l	r3,@(16,r15)
+	mov.l	r3,@(16,r15)	/* copy stack pointer to stack */
 	add	#16,r5
 	bsr	label_23e0
 	mov	#30,r4
+
 	mov	r0,r4
 	tst	r4,r4
 	bt	label_2384
@@ -554,7 +636,7 @@ label_23e0:
 	mov	#0,r6
 	mov	#0,r7
 	mov.l	label_2404,r0	! 8c0000bc
-	mov.l	@r0,r0
+	mov.l	@r0,r0		/* r0 ← 0x8c001000 */
 label_23e8:
 	jmp	@r0
 	nop
@@ -562,14 +644,14 @@ label_23ec:
 	mov	#0,r6
 	mov	#1,r7
 	mov.l	label_2404,r0	! 8c0000bc
-	mov.l	@r0,r0
+	mov.l	@r0,r0		/* r0 ← 0x8c001000 */
 	jmp	@r0
 	nop
 label_23f8:
 	mov	#0,r6
 	mov	#2,r7
 	mov.l	label_2404,r0	! 8c0000bc
-	mov.l	@r0,r0
+	mov.l	@r0,r0		/* r0 ← 0x8c001000 */
 	jmp	@r0
 	nop
 label_2404:

systemid.s

@@ -34,11 +34,11 @@
 
 	.section .text.systemid
 
-	.ascii "SEGA SEGAKATANA " /* H/W identifier */
+	.ascii "SEGA SEGAKATANA " /* 0x00 H/W identifier */
-	.ascii "SEGA ENTERPRISES" /* H/W Vendor ID */
+	.ascii "SEGA ENTERPRISES" /* 0x10 H/W Vendor ID */
-	.ascii "39F1 "            /* Media ID */
+	.ascii "39F1 "            /* 0x20 Media ID */
 	.ascii      "GD-ROM1/1  " /* Media information */
-	.ascii "JUE     "         /* Compatible Area Symbol */
+	.ascii "JUE     "         /* 0x30 Compatible Area Symbol */
 	.ascii         "C000810 " /* Compatible peripherals */
 	.ascii "HDR-0900  "       /* Product number */
 	.ascii           "V0.000" /* Version number */