[evilhamwizard]

I sort of mentioned this in the "Supreme Topic of Other Knowledge" topic (and this might be old for the most hard core hackers), but I don't think I mentioned the symbol list in the ELF files of the Sonic CD port for the GEMS collection. But, there are:

Here's an snippet:

CODE

0004:00000000       action
0004:00000080       speedset_0
0004:0000015C       speedset2
0004:00000238       actionsub
0004:000003E0       frameout
0004:00000420       patset
0004:000006A4       spatset
0004:00000944       flagwkclr
0004:000009A0       actsetchk
0004:000009DC       actsetinit
0004:00000BDC       actset
0004:00001044       tm_setchk
0004:0000114C       actnoset
0004:00001368       actwkchk
0004:000013C8       actwkchk2
0004:00001420       frameout_s
0004:00001454       frameout_s00
0004:00001608       frameout_s0
0004:00001734       dai_k
0004:000017BC       dai_k_init
0004:00001824       dai_k_move
0004:00001A1C       k_move
0004:00001AE8       jumpchk_d

This was found in R11A.ELF, generated from the Gamecube port of ZONE 1 ACT 1. Both ports use ELF files as executables for each level and act, but there is another use for having this. For example, let's look at the 'action' subroutine in IDA:

CODE

.text:813080C0 # =============== S U B R O U T I N E =======================================
.text:813080C0
.text:813080C0
.text:813080C0 .globl action
.text:813080C0 action: # CODE XREF: game+23Cp
.text:813080C0 # DATA XREF: .debug:off_68o ...
.text:813080C0
.text:813080C0 .set var_8, -8
.text:813080C0 .set var_4, -4
.text:813080C0 .set arg_4, 4
.text:813080C0
.text:813080C0 stwu %sp, -0x10(%sp) # Store Word with Update
.text:813080C4 mflr %r0 # Move from link register
.text:813080C8 stw %r0, 0x10+arg_4(%sp) # Store Word
.text:813080CC stw %r31, 0x10+var_4(%sp) # Store Word
.text:813080D0 stw %r30, 0x10+var_8(%sp) # Store Word
.text:813080D4 lis %r3, ((actwk-0x7ECA)@h) # Load Immediate Shifted
.text:813080D8 addi %r31, %r3, ((actwk-0x3D3C)@l) # Add Immediate
.text:813080DC li %r30, 0 # Load Immediate
.text:813080E0 b loc_81308120 # Branch
.text:813080E4 # ---------------------------------------------------------------------------
.text:813080E4
.text:813080E4 loc_813080E4: # CODE XREF: action+64j
.text:813080E4 lbz %r0, ((ite0e+0x58+0x7A78)@l)(%r31) # Load Byte and Zero
.text:813080E8 cmplwi %r0, 0 # Compare Logical Word Immediate
.text:813080EC beq loc_81308118 # Branch if equal
.text:813080F0 mr %r3, %r31 # Move Register
.text:813080F4 lbz %r4, ((ite0e+0x58+0x7A78)@l)(%r31) # Load Byte and Zero
.text:813080F8 subi %r0, %r4, 1 # Subtract Immediate
.text:813080FC slwi %r5, %r0, 2 # Shift Left Immediate
.text:81308100 lis %r4, ((act_tbl-0x7ECB)@h) # Load Immediate Shifted
.text:81308104 addi %r0, %r4, ((act_tbl+0x4270)@l) # Add Immediate
.text:81308108 add %r4, %r0, %r5 # Add
.text:8130810C lwz %r12, 0(%r4) # Load Word and Zero
.text:81308110 mtctr %r12 # Move to count register
.text:81308114 bctrl # Branch unconditionally
.text:81308118
.text:81308118 loc_81308118: # CODE XREF: action+2Cj
.text:81308118 addi %r30, %r30, 1 # Add Immediate
.text:8130811C addi %r31, %r31, 0x44 # Add Immediate
.text:81308120
.text:81308120 loc_81308120: # CODE XREF: action+20j
.text:81308120 cmpwi %r30, 0x80 # Compare Word Immediate
.text:81308124 blt loc_813080E4 # Branch if less than
.text:81308128 lwz %r31, 0x10+var_4(%sp) # Load Word and Zero
.text:8130812C lwz %r30, 0x10+var_8(%sp) # Load Word and Zero
.text:81308130 lwz %r0, 0x10+arg_4(%sp) # Load Word and Zero
.text:81308134 mtlr %r0 # Move to link register
.text:81308138 addi %sp, %sp, 0x10 # Add Immediate
.text:8130813C blr # Branch unconditionally
.text:8130813C # End of function action

Yep, this is the subroutine written in PPC assembly language. We can actually do the same thing with the PS2 port of SCD in IDA, for example, here's the same subroutine in the PS2 port:

CODE

main:01000030 # ---------------------------------------------------------------------------
main:01000034 .align 4
main:01000040
main:01000040 .globl action
main:01000040 action: # CODE XREF: game+218p
main:01000040 addiu $sp, -0x30 # Add Immediate Unsigned
main:01000044 sd $ra, 0x20($sp) # Store Doubleword
main:01000044 # ---------------------------------------------------------------------------
main:01000048 .word 0x7FB10010, 0x7FB00000
main:01000050 .half 0x1044774 >> 16
main:01000052 .half 0x3C10
main:01000054 .half 0x4670
main:01000056 .half 0x2610
main:01000058 # ---------------------------------------------------------------------------
main:01000058 daddu $s1, $0, $0 # Doubleword Add Unsigned
main:0100005C b loc_10000A4 # Branch Always
main:01000060 nop
main:01000064 # ---------------------------------------------------------------------------
main:01000064
main:01000064 loc_1000064: # CODE XREF: main:010000A8j
main:01000064 lbu $v1, 0($s0) # Load Byte Unsigned
main:01000068 beqz $v1, loc_100009C # Branch on Zero
main:0100006C nop
main:01000070 daddu $a0, $s0, $0 # Doubleword Add Unsigned
main:01000074 lbu $v0, 0($s0) # Load Byte Unsigned
main:01000078 andi $v0, 0xFF # AND Immediate
main:0100007C addiu $v0, 0xFFFF # Add Immediate Unsigned
main:01000080 sll $v1, $v0, 2 # Shift Left Logical
main:01000084 la $v0, (clst1_1a0-0x100) # Load Address
main:0100008C addu $v0, $v1 # Add Unsigned
main:01000090 lw $v0, 0($v0) # Load Word
main:01000094 jalr $v0 # Jump And Link Register
main:01000098 nop
main:0100009C
main:0100009C loc_100009C: # CODE XREF: main:01000068j
main:0100009C addiu $s1, 1 # Add Immediate Unsigned
main:010000A0 addiu $s0, 0x44 # Add Immediate Unsigned
main:010000A4
main:010000A4 loc_10000A4: # CODE XREF: main:0100005Cj
main:010000A4 slti $v1, $s1, 0x80 # Set on Less Than Immediate
main:010000A8 bnez $v1, loc_1000064 # Branch on Not Zero
main:010000AC nop
main:010000B0 ld $ra, 0x20($sp) # Load Doubleword

This is from the PS2 version in MIPSL assembly.

And here's a generated list of the symbols used for the PS2 version of R11A.ELF:

http://pastie.org/631199

As you can see, many of these are familiar. That's because some are the same symbols used in the Sonic 2NA symbol list (which in a way is probably part of the Sonic 1 symbol list as well). While it's obvious as to why, I think it's worth mentioning. But it goes to show you that at least when they were porting the game to the PC - they had the courtesy to retain the same labels while porting the game.

Sorry if there are any inaccuracies in this topic, but I'm new to this. :p

This post has been edited by evilhamwizard: 25 September 2009 - 09:03 PM

[Hivebrain]

Old topic, but thanks to your label list I was able to find a name for this badnik:

http://info.sonicretro.org/Kamemusi

Any chance you could do the rest of the zones? (I only need one list per zone to find the missing enemy names.)

[evilhamwizard]

Sure!

Here:

Collision Chaos
Tidal Tempest
Quartz Quadrant
Wacky Workbench
Stardust Speedway
Metallic Madness
Special Stage

Let me know if you find anything else interesting in those lists.

btw, on a side note: the CM_ files are compressed in SZDD. Very easy to decompress with CompreXX. All these seem to be are the graphics for zones and some other stuff.

This post has been edited by evilhamwizard: 27 April 2010 - 05:59 PM

[Hivebrain]

I've renamed all but three of the badniks, which either use non-obvious names or are missing from the label lists:

http://info.sonicretro.org/Template:SCDEnemies

Maybe someone else could have a look, in case I missed them.

[ICEknight]

I've noticed a "scarab" and a "pat_scarab" in Metallic Madness labels. Perhaps those refer to the dung beetle?


EDIT: Also, the Mecha-Bu seems to be referred to as "kabuto" in there. Perhaps that info should be reflected in the wiki as well?

This post has been edited by ICEknight: 02 May 2010 - 09:35 AM

[ColinC10]

I stuck a bunch of possible English names into Google Translate and then searched the label list for the resulting Japanese translations. I seem to have hit a match for CC Badnik 1 with "Ga" , which apparently means "moth". Anybody like to confirm this?

Unfortunately I didn't have as much luck with "Bakudan" (bomb) for MM Badnik 2...

[ICEknight]

Could this be the bomb?

CODE

#
00000001:0000000000015D50       bakuha
#
00000001:0000000000015DE0       baku_init
#
00000001:0000000000015ED0       baku_move
#
00000001:0000000000015F10       baku_die

Or this?

CODE

#
00000001:0000000000031070       baku_chg0
#
00000001:0000000000031078       baku_chg1
#
00000001:0000000000031080       bakuchg
#
00000001:0000000000031090       bak00
#
00000001:0000000000031110       bak01
#
00000001:0000000000031190       bak02
#
00000001:0000000000031210       bak03
#
00000001:0000000000031290       bak04
#
00000001:0000000000031310       bak05
#
00000001:0000000000031390       bak06
#
00000001:0000000000031410       bakupat
#

This post has been edited by ICEknight: 04 May 2010 - 04:51 AM

[ColinC10]

I noticed those too, but "bakuha" means "explosion". The same labels appear in the source code for all of the levels, meaning it's probably a generic explosion object. I'm not sure how an explosion can "move" or "die", though - perhaps they meant "animate" and "delete".

[Hivebrain]

Metallic Madness

Is the bomb enemy in all 3 acts and every time period? The code might not be present if it's not used in this particular level.

[qiuu]

I don't know how the GEMS collection version of Sonic CD is structured (indeed, I don't even know what exactly it is), but I can say that in the MegaCD version, the code for the big bomb is contained in all timezones for the MMZ2 .mmds, while it isn't contained in any .mmd for MMZ1 or MMZ3. (Likely of no use, but its internal object ID there is 0x23.)
Are there symbol tables only one for each zone, or one for each former .mmd?

I noticed a note in the wiki that "kabasira" is a slight misspelling of "kabashira"; however technically it's just a matter of how you romanize the original Japanese name. There's the syllable that is commonly romanized as 'shi', which in the code however is romanized as 'si'. It's the same with Kemushi etc.

(On a totally unrelated note: I'll still continue to call 'Dango' a Rollbug. :P)

This post has been edited by qiuu: 05 May 2010 - 03:35 PM

[evilhamwizard]

Oh yeah, I knew I was going to regret not saying where these are coming from. :P

Like the originals, every zone and act and time is separated in their own executables. I got all the symbols from the first act (present?) of each zone. So yeah...

But let me know what I exactly you need from which act/zone/time and I'll try to get it.

[qiuu]

I think R82A (or any other of the R82, that is Metallic Madness 2, any timezone) should be sufficient to find the name for that last badnik, the bomb.

R83C (Metallic Madness 3 Good Future) would be of personal interest to me, to see how closely the labels can be assigned to the labels I have in my disassembly of the MegaCD version, or if things have been restructured somehow.

[evilhamwizard]

I think R82A (or any other of the R82, that is Metallic Madness 2, any timezone) should be sufficient to find the name for that last badnik, the bomb.

R83C (Metallic Madness 3 Good Future) would be of personal interest to me, to see how closely the labels can be assigned to the labels I have in my disassembly of the MegaCD version, or if things have been restructured somehow.

Here you go!

R82A
R83C

[Hivebrain]

R82A

Bigbom. That was easy enough to spot.

[McAleeCh]

Also of interest is that the light-bulb badnik, currently listed on the wiki as "Hotaru7" from its' label in Stardust Speedway, is labelled "Hotaru8" in Metallic Madness 3. Does this badnik act differently between the different zones or something? (I don't know my Sonic CD well enough, I'll confess). If so, I think it's safe to assume the intended badnik name is "Hotaru", with the 7 or 8 designating which Zone's version of the badnik is being used (since Stardust Speedway and Metallic Madness are Round 7 and 8 respectively).

EDIT: Noticed the wiki page confirmed that the Badnik has different behaviour depending on which Round it was in. Attempted to add the above info to the "Hotaru" page; however, messed things up a bit and created a new page called "Hotaru" rather than moving the existing one. = / Not being a wiki sysop, can't delete the page I created. Have updated the existing "Hotaru7" page with the info for now; any chance someone with the correct privelages could delete it and move "Hotaru7" to "Hotaru" instead?

Am really really sorry about this - this is why I don't usually attempt to edit the wiki. = (

EDIT2: Big thanks to Frozen Nitrogen for fixing my goof. = ) Will be more careful in future.

This post has been edited by McAleeCh: 06 May 2010 - 05:52 AM