In the sgl 1.0 documentation there is a snippet of code about being able to open the tray without turning on the multiplayer.
The code has been modified to not rts but branch afterwards. It also disables and enables interrupts.
Its SH2 assembly .S so needs to be compiled.
mov #-16,r0 ! Disable interrupts
extu.b r0,r0
ldc r0,sr
nop
mov.l @(010,PC),r4 ! Load GDB to 60ffc00 which was SGL1 stack pointer
nop
ldc r4,gbr
bra Trayoff
.long 0x060ffc00
Trayoff:
tst r4,r4
movt r0
mov.l @(020,PC),r2 ! 0x25890008 <IMM_CD_Status>, changed to 020 for PC offset
mov #0,r1
mov.b r0,@(180,gbr)
mov.w r1,@r2 ! removed rts since no longer a function, set 0 to CD_Status
nop
bra Enable_itr ! bra added labels
nop
nop
and r8,r5 ! The last 2 is not code but 0x25890008 address for the mov @(020, PC), r2
clrt
Enable_itr: ! Enable interrupts
mov #0,r0
ldc r0,sr
I have been able to add this to a modified IP.BIN file.
It works on Mednafen, Yabause, and with Pseudosaturn on real hardware.
With Pseudosaturn I can load a file open the tray and it will not go to multiplayer.
I can put in another CD since the first file is currently just TEST.BIN (pharaoh head), close and no problem.
In the future if a loader is made for first CD it might be a way to load another CD.
The problem is on real hardware this code runs after the 4th security check (TOC).
1) SEGA SEGASATURN at start of IP BIN
2) SEC1.BIN file (from Psy-Q)
3) SEC2.BIN file (from Psy-Q)
4) TOC check
Other than cartridge space 0x2200000, is there any other way to run code before TOC?
Could Audio/Mode2 or other weird mixed mode CD's work?
On a side note this Photo-operator CD does the same thing where after loading you can freely open the CD tray without invoking multiplayer.
Currently working on changing SEC2.BIN file for the last branch to jump back to 0x70 in IP.BIN (game name), which gives 0x70-DF space for code (potentially).
Thanks for your assistance.
The code has been modified to not rts but branch afterwards. It also disables and enables interrupts.
Its SH2 assembly .S so needs to be compiled.
mov #-16,r0 ! Disable interrupts
extu.b r0,r0
ldc r0,sr
nop
mov.l @(010,PC),r4 ! Load GDB to 60ffc00 which was SGL1 stack pointer
nop
ldc r4,gbr
bra Trayoff
.long 0x060ffc00
Trayoff:
tst r4,r4
movt r0
mov.l @(020,PC),r2 ! 0x25890008 <IMM_CD_Status>, changed to 020 for PC offset
mov #0,r1
mov.b r0,@(180,gbr)
mov.w r1,@r2 ! removed rts since no longer a function, set 0 to CD_Status
nop
bra Enable_itr ! bra added labels
nop
nop
and r8,r5 ! The last 2 is not code but 0x25890008 address for the mov @(020, PC), r2
clrt
Enable_itr: ! Enable interrupts
mov #0,r0
ldc r0,sr
I have been able to add this to a modified IP.BIN file.
It works on Mednafen, Yabause, and with Pseudosaturn on real hardware.
With Pseudosaturn I can load a file open the tray and it will not go to multiplayer.
I can put in another CD since the first file is currently just TEST.BIN (pharaoh head), close and no problem.
In the future if a loader is made for first CD it might be a way to load another CD.
The problem is on real hardware this code runs after the 4th security check (TOC).
1) SEGA SEGASATURN at start of IP BIN
2) SEC1.BIN file (from Psy-Q)
3) SEC2.BIN file (from Psy-Q)
4) TOC check
Other than cartridge space 0x2200000, is there any other way to run code before TOC?
Could Audio/Mode2 or other weird mixed mode CD's work?
On a side note this Photo-operator CD does the same thing where after loading you can freely open the CD tray without invoking multiplayer.
Currently working on changing SEC2.BIN file for the last branch to jump back to 0x70 in IP.BIN (game name), which gives 0x70-DF space for code (potentially).
Thanks for your assistance.
