Disclaimer:
This was done by hand analysis, objdump and a lot of time and patience.
I do not guarantee that everything is 100% accurate.
(I make 20L+ of LV vectors in my day job, coding is a hobby/interest)
Hopefully this can spur discussion and maybe crack the saturn with a modified IP.BIN that has 0x8000 - f00 space to work with.
This is related to the "mpr" bios file and the "bios100jp.asm" from srg320
With the bios files there are calls to the CDB functions. (most memory locations will be from the mpr file)
For Functions 0x50 Get Buffer Size to 0x48 Reset Selector
The way I found these out was 0x4b74 appears to be the memory location for clearing out the command registers (CR 0-3)
Next for most functions e3 ## is the signature for the command to be called.
So for example at 0x33fc this should be the Get Buffer Size function.
At 0x3410 there is the assembly e3 50 = mov #80, r3.
While 80 has been moved into r3, this is in hex so 0x50 is the real function number.
Next there is usually an assembly 22 30 = mov.b r3, @r2, I believe this is putting the function number into (CR1) before the function call
Next there is usually a 0x4b86 or 0x4b8a this is to send the command with r7 = 0 for 0x4b86 and r7 = 1 for 0x4b8a.
(Not sure the importance or r7 = 1 or 0)
For Functions 0x90 MPEG Get Status to 0xE2 Get MPEG ROM (0xE0 Authenticate Device, and 0xE1 Is Device Authenticated included)
This pattern is mainly similar (there are some exceptions but trying not to deviate) until the MPEG functions.
There is still the call to 0x4b74 for clearing out the CR.
Instead there is an assembly 93 ## = mov.w 0x####,r3 ! 0x##.
This moves a value into r3 from a later address in the file.
For example 0x4654 is MPEG Get Status.
0x465c is the call to 0x4b74 or CR clear
0x4664 is the 93 1b = 0x469e, r3 ! 0x90.
The send command is different (still working on these out)
Here is the list of functions, where the are in "mpr" bios and the corresponding location in bios100jp.asm
Sorry for misalignment this came from a notepad++ file
(so I am hand spacing to correct alignment since I suck at html/web forum entry)
mpr boot CDB_command CDB# bios100jp
33fc: Get Buffer Size 0x50 003560
3458: Get Sector Number 0x51 L0035BA:
34a8: Calculate Actual Size 0x52 00360C
34f4: Get Actual Size 0x53 003656
3578: Get Sector Info 0x54 0036C6
3600: Execute FAD Search 0x55 00374C
3654: Get FAD Search Result 0x56 003792
36bc: set sector length 0x60 0037F4
36fc: get sector data 0x61 003830
3754: Delete Sector Data 0x62 003884
37a0: Get/Del Sector Data 0x63 L0038CE:
37f8: Put Sector Data 0x64 003924
3838: Copy Sector Data 0x65 003960
389c: Move Sector Data 0x66 0039C4
38f4: Get Copy Error 0x67 L003A1C:
3940: Change Directory 0x70 003A64
397c: Read Directory 0x71 003A9C
39c4: Get File System Scope 0x72 003AE0
3a26: Get File Info 0x73 003B3A
3a94: Read File 0x74 003B8C
3aec: Abort File 0x75 L003BEE:
3b24: Get CD Status 0x00 L002CB8:
3b9c: Get Last Buf Dest or ff 0x32 or 0xff L002D1C:
3c54: Get Hardware Info 0x01 L002DD0:
3ca4: Get TOC 0x02 L002E22:
3cfc: Get Session Info 0x03 L002E88:
3d50: Initialize CD System 0x04 L002ECE:
3dfc: Open Tray 0x05 002F7C
3e7c: End Transfer 0x06 L002FFC:
3edc: Set CD Dev Con 0x30 L00318C:
3f0e: Get CD Dev Con 0x31 0031BC
3f58: Get Last Buf Dest 0x32 003204
3f9c: Play Disc 0x10 L003050:
405a: Seek Disc 0x11 003120
4094: Scan Disk 0x12 003158
4310: Set Filter 0x40 003250
4360: Get Filter Range 0x41 003290
43d0: Set Filter SubH Cond 0x42 0032F0
4440: Get Filter SubH Cond 0x43 003350
44b2: Set Filter Mode 0x44 0033C8
4500: Get Filter Mode 0x45 00340C
4550: Set Filter Con 0x46 00345C
45b0: Get Filter Con 0x47 0034B4
4608: Reset Selector 0x48 L00351C:
4654: "MPEG Get Status" 0x90 L004048
46b0: "MPEG Get Interrupt" 0x91 004098
46f2: "MPEG Set Interrupt Mask" 0x92 0040DA
4738: "MPEG Init" 0x93 L004120:
476a: "MPEG Set Mode" 0x94 004152
47d4: "MPEG Play" 0x95 0041BC
4838: "MPEG Set Decoding Method" 0x96 004220
4884: "MPEG Out Decoding Sync" 0x97 00426C
48c4: "MPEG Get Timecode" 0x98 0042AC
4954: "MPEG Get PTS" 0x99 004348
4998: "Authenticate Device" 0xE0 L003E74:
49f4: "Is Device Authenticated" 0xE1 L003EBC:
4a54: "Get MPEG ROM" 0XE2 003F28
MDG
This was done by hand analysis, objdump and a lot of time and patience.
I do not guarantee that everything is 100% accurate.
(I make 20L+ of LV vectors in my day job, coding is a hobby/interest)
Hopefully this can spur discussion and maybe crack the saturn with a modified IP.BIN that has 0x8000 - f00 space to work with.
This is related to the "mpr" bios file and the "bios100jp.asm" from srg320
With the bios files there are calls to the CDB functions. (most memory locations will be from the mpr file)
For Functions 0x50 Get Buffer Size to 0x48 Reset Selector
The way I found these out was 0x4b74 appears to be the memory location for clearing out the command registers (CR 0-3)
Next for most functions e3 ## is the signature for the command to be called.
So for example at 0x33fc this should be the Get Buffer Size function.
At 0x3410 there is the assembly e3 50 = mov #80, r3.
While 80 has been moved into r3, this is in hex so 0x50 is the real function number.
Next there is usually an assembly 22 30 = mov.b r3, @r2, I believe this is putting the function number into (CR1) before the function call
Next there is usually a 0x4b86 or 0x4b8a this is to send the command with r7 = 0 for 0x4b86 and r7 = 1 for 0x4b8a.
(Not sure the importance or r7 = 1 or 0)
For Functions 0x90 MPEG Get Status to 0xE2 Get MPEG ROM (0xE0 Authenticate Device, and 0xE1 Is Device Authenticated included)
This pattern is mainly similar (there are some exceptions but trying not to deviate) until the MPEG functions.
There is still the call to 0x4b74 for clearing out the CR.
Instead there is an assembly 93 ## = mov.w 0x####,r3 ! 0x##.
This moves a value into r3 from a later address in the file.
For example 0x4654 is MPEG Get Status.
0x465c is the call to 0x4b74 or CR clear
0x4664 is the 93 1b = 0x469e, r3 ! 0x90.
The send command is different (still working on these out)
Here is the list of functions, where the are in "mpr" bios and the corresponding location in bios100jp.asm
Sorry for misalignment this came from a notepad++ file
(so I am hand spacing to correct alignment since I suck at html/web forum entry)
mpr boot CDB_command CDB# bios100jp
33fc: Get Buffer Size 0x50 003560
3458: Get Sector Number 0x51 L0035BA:
34a8: Calculate Actual Size 0x52 00360C
34f4: Get Actual Size 0x53 003656
3578: Get Sector Info 0x54 0036C6
3600: Execute FAD Search 0x55 00374C
3654: Get FAD Search Result 0x56 003792
36bc: set sector length 0x60 0037F4
36fc: get sector data 0x61 003830
3754: Delete Sector Data 0x62 003884
37a0: Get/Del Sector Data 0x63 L0038CE:
37f8: Put Sector Data 0x64 003924
3838: Copy Sector Data 0x65 003960
389c: Move Sector Data 0x66 0039C4
38f4: Get Copy Error 0x67 L003A1C:
3940: Change Directory 0x70 003A64
397c: Read Directory 0x71 003A9C
39c4: Get File System Scope 0x72 003AE0
3a26: Get File Info 0x73 003B3A
3a94: Read File 0x74 003B8C
3aec: Abort File 0x75 L003BEE:
3b24: Get CD Status 0x00 L002CB8:
3b9c: Get Last Buf Dest or ff 0x32 or 0xff L002D1C:
3c54: Get Hardware Info 0x01 L002DD0:
3ca4: Get TOC 0x02 L002E22:
3cfc: Get Session Info 0x03 L002E88:
3d50: Initialize CD System 0x04 L002ECE:
3dfc: Open Tray 0x05 002F7C
3e7c: End Transfer 0x06 L002FFC:
3edc: Set CD Dev Con 0x30 L00318C:
3f0e: Get CD Dev Con 0x31 0031BC
3f58: Get Last Buf Dest 0x32 003204
3f9c: Play Disc 0x10 L003050:
405a: Seek Disc 0x11 003120
4094: Scan Disk 0x12 003158
4310: Set Filter 0x40 003250
4360: Get Filter Range 0x41 003290
43d0: Set Filter SubH Cond 0x42 0032F0
4440: Get Filter SubH Cond 0x43 003350
44b2: Set Filter Mode 0x44 0033C8
4500: Get Filter Mode 0x45 00340C
4550: Set Filter Con 0x46 00345C
45b0: Get Filter Con 0x47 0034B4
4608: Reset Selector 0x48 L00351C:
4654: "MPEG Get Status" 0x90 L004048
46b0: "MPEG Get Interrupt" 0x91 004098
46f2: "MPEG Set Interrupt Mask" 0x92 0040DA
4738: "MPEG Init" 0x93 L004120:
476a: "MPEG Set Mode" 0x94 004152
47d4: "MPEG Play" 0x95 0041BC
4838: "MPEG Set Decoding Method" 0x96 004220
4884: "MPEG Out Decoding Sync" 0x97 00426C
48c4: "MPEG Get Timecode" 0x98 0042AC
4954: "MPEG Get PTS" 0x99 004348
4998: "Authenticate Device" 0xE0 L003E74:
49f4: "Is Device Authenticated" 0xE1 L003EBC:
4a54: "Get MPEG ROM" 0XE2 003F28
MDG
