don't click here

Water, Water Everywhere, Part III

Discussion in 'Engineering & Reverse Engineering' started by Quickman, Mar 8, 2004.

Thread Status:
Not open for further replies.
  1. Quickman

    Quickman

    be attitude for gains Tech Member
    5,595
    18
    18
    :x
    omg porjcet
    Here's how water works in Sonic 2.

    It's a widely established fact that the Hblank interrupt code is what codes for both water and splitscreen, and this is why the two can't coexist. However, exactly how this is done has remained a mystery.

    I'm here to debunk that mystery.

    Here's the code pointed to at $70, in the middle of the vector table. The vector table is just a big list of pointers which are called on various occasions. The pointer at $70 is the pointer which is called at every blank period for the Hblank.

    I split the code into sections for ease of viewing.

    Code (Text):
    1. 0x00000F54: 0x4A78 0xF644                       TST.W    0xF644
    2. 0x00000F58: 0x6700 0x00A4                       BEQ      *+0xA6 [0xFFE]
    3. 0x00000F5C: 0x4A78 0xFFD8                       TST.W    0xFFD8
    4. 0x00000F60: 0x6700 0x009E                       BEQ      *+0xA0 [0x1000]
    Code (Text):
    1. 0x00000F64: 0x31FC 0x0000 0xF644                MOVE.W   #0x0,0xF644
    2. 0x00000F6A: 0x2F0D                              MOVE.L   A5,-(A7)
    3. 0x00000F6C: 0x2F00                              MOVE.L   D0,-(A7)
    4. 0x00000F6E: 0x3039 0x00C0 0x0004                MOVE.W   0xC00004,D0
    5. 0x00000F74: 0x0240 0x0004                       ANDI.W   #0x4,D0
    6. 0x00000F78: 0x67F4                              BEQ.S    *-0xA [0xF6E]
    7. 0x00000F7A: 0x3038 0xF60C                       MOVE.W   0xF60C,D0
    8. 0x00000F7E: 0x0200 0x00BF                       ANDI.B   #0xBF,D0
    9. 0x00000F82: 0x33C0 0x00C0 0x0004                MOVE.W   D0,0xC00004
    10. 0x00000F88: 0x33FC 0x8228 0x00C0 0x0004         MOVE.W   #0x8228,0xC00004
    11. 0x00000F90: 0x23FC 0x4000 0x0010 0x00C0 0x0004  MOVE.L   #0x40000010,0xC00004
    12. 0x00000F9A: 0x23F8 0xEEEC 0x00C0 0x0000         MOVE.L   0xEEEC,0xC00000
    13. 0x00000FA2: 0x33FC 0x0100 0x00A1 0x1100         MOVE.W   #0x100,0xA11100
    14. 0x00000FAA: 0x0839 0x0000 0x00A1 0x1100         BTST     #0x0,0xA11100
    15. 0x00000FB2: 0x66F6                              BNE.S    *-0x8 [0xFAA]
    16. 0x00000FB4: 0x4BF9 0x00C0 0x0004                LEA      0xC00004,A5
    17. 0x00000FBA: 0x2ABC 0x9401 0x9340                MOVE.L   #0x94019340,(A5)
    18. 0x00000FC0: 0x2ABC 0x96EE 0x9580                MOVE.L   #0x96EE9580,(A5)
    19. 0x00000FC6: 0x3ABC 0x977F                       MOVE.W   #0x977F,(A5)
    20. 0x00000FCA: 0x3ABC 0x7800                       MOVE.W   #0x7800,(A5)
    21. 0x00000FCE: 0x31FC 0x0083 0xF640                MOVE.W   #0x83,0xF640
    22. 0x00000FD4: 0x3AB8 0xF640                       MOVE.W   0xF640,(A5)
    23. 0x00000FD8: 0x33FC 0x0000 0x00A1 0x1100         MOVE.W   #0x0,0xA11100
    24. 0x00000FE0: 0x3039 0x00C0 0x0004                MOVE.W   0xC00004,D0
    25. 0x00000FE6: 0x0240 0x0004                       ANDI.W   #0x4,D0
    26. 0x00000FEA: 0x67F4                              BEQ.S    *-0xA [0xFE0]
    27. 0x00000FEC: 0x3038 0xF60C                       MOVE.W   0xF60C,D0
    28. 0x00000FF0: 0x0000 0x0040                       ORI.B    #0x40,D0
    29. 0x00000FF4: 0x33C0 0x00C0 0x0004                MOVE.W   D0,0xC00004
    30. 0x00000FFA: 0x201F                              MOVE.L   (A7)+,D0
    31. 0x00000FFC: 0x2A5F                              MOVEA.L  (A7)+,A5
    32. 0x00000FFE: 0x4E73                              RTE
    Code (Text):
    1. 0x00001000: 0x46FC 0x2700                       MOVE     #0x2700,SR
    2. 0x00001004: 0x31FC 0x0000 0xF644                MOVE.W   #0x0,0xF644
    3. 0x0000100A: 0x48E7 0x00C0                       MOVEM.L  A0-A1,-(A7)
    4. 0x0000100E: 0x43F9 0x00C0 0x0000                LEA      0xC00000,A1
    5. 0x00001014: 0x41F8 0xF080                       LEA      0xF080,A0
    6. 0x00001018: 0x237C 0xC000 0x0000 0x0004         MOVE.L   #0xC0000000,(0x4,A1)
    7. 0x00001020: 0x2298                              MOVE.L   (A0)+,(A1)
    8. 0x00001022: 0x2298                              MOVE.L   (A0)+,(A1)
    9. 0x00001024: 0x2298                              MOVE.L   (A0)+,(A1)
    10. 0x00001026: 0x2298                              MOVE.L   (A0)+,(A1)
    11. 0x00001028: 0x2298                              MOVE.L   (A0)+,(A1)
    12. 0x0000102A: 0x2298                              MOVE.L   (A0)+,(A1)
    13. 0x0000102C: 0x2298                              MOVE.L   (A0)+,(A1)
    14. 0x0000102E: 0x2298                              MOVE.L   (A0)+,(A1)
    15. 0x00001030: 0x2298                              MOVE.L   (A0)+,(A1)
    16. 0x00001032: 0x2298                              MOVE.L   (A0)+,(A1)
    17. 0x00001034: 0x2298                              MOVE.L   (A0)+,(A1)
    18. 0x00001036: 0x2298                              MOVE.L   (A0)+,(A1)
    19. 0x00001038: 0x2298                              MOVE.L   (A0)+,(A1)
    20. 0x0000103A: 0x2298                              MOVE.L   (A0)+,(A1)
    21. 0x0000103C: 0x2298                              MOVE.L   (A0)+,(A1)
    22. 0x0000103E: 0x2298                              MOVE.L   (A0)+,(A1)
    23. 0x00001040: 0x2298                              MOVE.L   (A0)+,(A1)
    24. 0x00001042: 0x2298                              MOVE.L   (A0)+,(A1)
    25. 0x00001044: 0x2298                              MOVE.L   (A0)+,(A1)
    26. 0x00001046: 0x2298                              MOVE.L   (A0)+,(A1)
    27. 0x00001048: 0x2298                              MOVE.L   (A0)+,(A1)
    28. 0x0000104A: 0x2298                              MOVE.L   (A0)+,(A1)
    29. 0x0000104C: 0x2298                              MOVE.L   (A0)+,(A1)
    30. 0x0000104E: 0x2298                              MOVE.L   (A0)+,(A1)
    31. 0x00001050: 0x2298                              MOVE.L   (A0)+,(A1)
    32. 0x00001052: 0x2298                              MOVE.L   (A0)+,(A1)
    33. 0x00001054: 0x2298                              MOVE.L   (A0)+,(A1)
    34. 0x00001056: 0x2298                              MOVE.L   (A0)+,(A1)
    35. 0x00001058: 0x2298                              MOVE.L   (A0)+,(A1)
    36. 0x0000105A: 0x2298                              MOVE.L   (A0)+,(A1)
    37. 0x0000105C: 0x2298                              MOVE.L   (A0)+,(A1)
    38. 0x0000105E: 0x2298                              MOVE.L   (A0)+,(A1)
    39. 0x00001060: 0x337C 0x8ADF 0x0004                MOVE.W   #0x8ADF,(0x4,A1)
    40. 0x00001066: 0x4CDF 0x0300                       MOVEM.L  (A7)+,A0-A1
    41. 0x0000106A: 0x4A38 0xF64F                       TST.B    0xF64F
    42. 0x0000106E: 0x6602                              BNE.S    *+0x4 [0x1072]
    43. 0x00001070: 0x4E73                              RTE
    44. 0x00001072: 0x4238 0xF64F                       CLR.B    0xF64F
    45. 0x00001076: 0x48E7 0xFFFE                       MOVEM.L  D0-D7/A0-A6,-(A7)
    46. 0x0000107A: 0x6100 0xF76A                       BSR      *-0x894 [0x7E6]
    47. 0x0000107E: 0x4CDF 0x7FFF                       MOVEM.L  (A7)+,D0-D7/A0-A6
    48. 0x00001082: 0x4E73                              RTE
    The first section tests two words in the 68k RAM. These words tell the game whether or not water or splitscreen are to be loaded, and are set by the Vblank interrupt code. The second section of code loads splitscreen and the third loads water. You'll notice towards the end of the water code a subroutine call to $7E6. That leads to a maze of pointers, and its purpose is not yet known, though when it was disabled certain changes were noticed in ARZ (see attached image).

    Credit for this goes to LOst. Thanks, LOst!
     
  2. RoboticParanoia

    RoboticParanoia

    Yes, these are flower men. Oldbie
    235
    0
    0
    A Brisk Walk Through Time/Getigo Engine
    Good job, Cutman and Mr. LOSt. You two should be Tech mem...oh wait, nevermind.
     
  3. drx

    drx

    mfw Researcher
    2,254
    350
    63
    :rolleyes:
  4. Quickman

    Quickman

    be attitude for gains Tech Member
    5,595
    18
    18
    :x
    omg porjcet
    Yes, I was well aware of these things. However that tutorial edits what the code above utilises.
     
  5. ICEknight

    ICEknight

    Researcher Researcher
    [​IMG]

    That looks like the buggy emulation that happens in Genecyst.
     
  6. LOst

    LOst

    Tech Member
    4,891
    8
    18
    Bacause Genecyst didn't manage the HBlank pretty well.

    Easy to tell why the split screen doesn't work in Genecyst.
     
  7. Icy Guy

    Icy Guy

    Hedgehog. Sonic the Hedgehog. Member
    776
    0
    0
    California
    GoldenEye 007 level hack
    For the record, that picture was taken in Gens, by yours truly.
     
Thread Status:
Not open for further replies.