N64 Pointer Referencing

[BGNG]

Let's pretend I'm dealing with the North American version of F-Zero X and let's also pretend that I'm looking for a program pointer somewhere in the ROM that points to offset 2AD1E0.

Let's pretend also that the offset in question is the start of the track data and is not mentioned in the ROM as bytes. While there is one instance of 002AD1E0, nothing happens when it's changed.

802AD1E0 doesn't even show up, E0D12A doesn't find anything useful, etc.

So, um... Help? Any opcodes or what-not I could be searching for instead?

 

[cooliscool]

802AD1E0 is never in RAM either. You sure you know exactly what you're looking for?

 

[BGNG]

Yup. I can manipulate the data at that address to create my own courses, but I'd like to be able to change the location of said data.

 

[cooliscool]

Hmm, odd. Any N64 game I've hacked has had pointers clearly referenced..

 

[BGNG]

I'll keep that in mind if I ever hack another N64 game. But for now, the problem at hand remains unsolved.

 

[BGNG]

A VERY peculiar bit of information.

In the North American ROM at offset 000DFC28, there is data displaying the value 80119550. That is the pointer to the first byte of course description text (i.e., the "FIGURE EIGHT" of Mute City 1). The only thing is, the actual ROM offset where that text is located is 000DFCB0.

When changed, it works exactly as if 80119550 truely WAS 000DFCB0. This works for all 24 courses, as this is a pointer table.

But how the heck is this possible? How can the value 80119550 actually represent 000DFCB0?

 

[cooliscool]

80119550 is the address in RAM where the data from 000DFCB0 in ROM is loaded. You'll very rarely ever see an address in RAM point to actual ROM offsets.

Opcode is probably JAL - Jump And Link.

edit: actually, it's SWC1 - Store Word from Floating-Point (COP1). 80119554 is JAL.

 

[smcd]

The pointer "how is this possible" stuff sounds sort of like when meddling in Win32 PE files - RVA and VA, relative virtual address and virtual address where the data is mapped in memory. It's some confusing stuff at times

 

[BGNG]

I thought for SURE that 80119554 was in cartridge ROM space. Oh well. I'll take a quick look around in nEmu's memory viewer and see what matches up.

 

[BGNG]

Well, RAM searches saved the day. I found three of the four pointer tables I was looking for just by plugging in a value.

The fourth will probabably have to be found with a custom-build program that searches ROM for relative value changes. But other than that, thanks for the help.