Memory Map
Jump to navigation
Jump to search
A memory map is essentially a table of associations between addresses in a binary executable and descriptions of the data and/or code they locate.
Crash 1
Currently incomplete.
Data
| Address | Description | Size |
|---|---|---|
| TEXT segment data | ||
| 0x10000 | "\S%X\\S%07X.NSD" - NSD filename format string (uppercase) | 16 x 1 byte |
| 0x10010 | "%s%ss%07x.nsd" - NSD filename format string (lowercase) | 16 x 1 byte |
| 0x10020 | "c:/src/willie/target/" - original codebase target directory string | 24 x 1 byte |
| 0x10038 | "streams/" - streams directory string | 12 x 1 byte |
| 0x10044 | "\S%X\\S%07X.NSF" - NSF filename format string (uppercase) | 16 x 1 byte |
| 0x10054 | "%s%ss%07x.nsf" - NSF filename format string (lowercase) | 16 x 1 byte |
| 0x10064 | "Inited and Allocated %d pages\n" - paging initialization confirmation debug string | 20 x 1 byte |
| 0x10084 | jumptables - see Code section | 144 x 4 bytes |
| 0x102C0 | unknown number sequence | 24 x 1 byte |
| 0x102D8 | more jumptables - see Code section | 56 x 4 bytes |
| 0x103B8 | "----stack pop\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x103C8 | "----stack push\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x103D8 | "-----ireg ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x103E8 | "-----null ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x103F8 | "-----sp-double ref\n" - GOOL interpreter debug string | 20 x 1 byte |
| 0x1040C | "-----stack ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x1041C | "-----var ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x1042C | "-----frac ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x1043C | "-----int ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x1044C | "-----pool ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x1045C | "-----reg ref\n" - GOOL interpreter debug string | 16 x 1 byte |
| 0x1046C | "*************** gop %d\n" - GOOL interpreter debug string | 24 x 1 byte |
| 0x10484 | "******************** return return %d\n" - GOOL interpreter debug string | 40 x 1 byte |
| 0x104AC | "********************running pop\n" - GOOL interpreter debug string | 36 x 1 byte |
| 0x104D0 | "******************** state return %d\n" - GOOL interpreter debug string | 40 x 1 byte |
| 0x104F8 | more jumptables - see Code section | 600 x 4 bytes |
| 0x10E58 | "Damaged slot" - memory card string | 16 x 1 byte |
| 0x10E68 | "PART %d OF %d" - memory card string | 16 x 1 byte |
| 0x10E78 | "%s%s%02d%06d" - memory card string | 16 x 1 byte |
| 0x10E88 | "BASCUS-94900" - memory card string | 16 x 1 byte |
| 0x10E98 | "file descriptor is %d\n" - memory card string | 24 x 1 byte |
| 0x10EB0 | "Crash (%d%%)" - memory card string | 16 x 1 byte |
| 0x10EC0 | more jumptables - see Code section | 21 x 4 bytes |
| 0x10F14 | "0123456789ABCDEF" - int to uppercase hex string conversion array | 20 x 1 byte |
| 0x10F28 | "0123456789abcdef" - int to lowercase hex string conversion array | 20 x 1 byte |
| 0x10F3C | more jumptables - see Code section | 45 x 4 bytes |
| 0x10FF0 | GPU and CD-ROM debug strings | 1404 bytes |
| 0x1156C | more jumptables - see Code section | 5 x 4 bytes |
| 0x11580 | more CD-ROM and SPU debug strings | 296 bytes |
| 0x116A8 | more jumptables -see Code section | 32 x 4 bytes |
| 0x11728 | SEP sequence debug strings | 60 bytes |
| CODE begins at 0x11764, ends at 0x514DC | ||
| 0x514DC | subsystem tables | 21 x 28 bytes |
| 0x51728 | character table for EID decoding | 64 x 1 byte |
| 0x51768 | zero vector | 3 x 4 bytes |
| 0x51774 | texture regions map | 600 x 4 x 2 bytes |
| 0x52A34 | pre-computed list of (x,y) byte pairs sorted by euclidean distance (for wall detection) | 152 x 2 x 1 byte |
| 0x52B64 | structures describing player angle and displacement for each controller direction | 16 x 3 x 4 bytes |
| 0x52C24 | structures describing player velocity for each state (on ground, in air, etc.) | 8 x 4 x 4 bytes |
| 0x52CA4 | used by GOOL VECB | 4 x 4 bytes |
| 0x52CB4 | percentages used to scale a monochromatic color for GOOL VECB subop. 1 | 12 x 4 bytes |
| 0x52CE4 | ? | 16 x 1 byte |
| 0x52CF4 | circle bitmap (used for wall detection) | 128 bytes (32x32 bits) |
| 0x52D74 | ? (referenced by sub_8002EC68 TBD) | 84 x 4 bytes |
| 0x52EC4 | array 1 (unknown) | 14 x 4 bytes |
| 0x52EFC | array 2 (unknown) | 10 x 4 bytes |
| 0x52F24 | array 3 (unknown) | 11 x 4 bytes |
| 0x52F50 | array 4 (unknown) | 11 x 4 bytes |
| 0x52F88 | array 5 (unknown) | 19 x 4 bytes |
| 0x52FD4 | array 6 (unknown) | 32 x 4 bytes |
| 0x53054 | array of 6 pointers to the above arrays(referenced by sub_8002EC68 TBD) | 6 x 4 bytes |
| 0x5306C | sin/cosine table | 1042 x 2 bytes |
| 0x53890 | reserved for various library (gpu and etc?) routines | 4876 bytes |
| *0x54A20 | pointer for generating the current drawing primitive packet | 4 bytes |
| 0x54B9C | square root table | 192 x 2 bytes |
| 0x54D1C | atan2 table | 2052 bytes |
| 0x55520 | reserved for CD-ROM (and SPU?) routines | 3804 bytes |
| global variables | ||
| 0x563FC: gp[0] | ? | 4 bytes |
| 0x56400: gp[0x4] | ? | 4 bytes |
| ... | 7 x 4 bytes | |
| 0x56420: gp[0x24] | frame buffer destination X | 2 bytes |
| 0x56422: gp[0x26] | frame buffer destination Y | 2 bytes |
| 0x56424: gp[0x28] | frame buffer destination W (inited in binary with 0x100) | 2 bytes |
| 0x56426: gp[0x2A] | frame buffer destination H (inited in binary with 0x80) | 2 bytes |
| 0x56428: gp[0x2C] | quit game flag (will break game loop) | 4 bytes |
| ... | 5 x 4 bytes | |
| 0x56440: gp[0x44] | depth cuing matrix used by sub_80019F90 | 32 bytes |
| 0x56460: gp[0x64] | ??used by sub_2EC68 | 4 bytes |
| 0x56464: gp[0x68] | ??used by sub_2EC68 | 4 bytes |
| 0x56468: gp[0x6C] | ??used by sub_2EC68 | 4 bytes |
| 0x5646C: gp[0x70] | ??used by sub_2EC68 | 4 bytes |
| 0x56470: gp[0x74] | ??used by sub_2EC68 | 4 bytes |
| 0x56474: gp[0x78] | ??used by sub_2EBB4, also sub_19DE0 (wgeo transform routine variant) | 4 bytes |
| 0x56478: gp[0x7C] | ??used by sub_2EBB4, also sub_19DE0 (wgeo transform routine variant) | 4 bytes |
| 0x5647C: gp[0x80] | ??copied to stack and unused during path routine; inited with 0x80000000 | 4 bytes |
| 0x56480: gp[0x84] | GOOL interpreter double buffer for const refs, pointer to scratch[0x40] | 4 bytes |
| 0x56484: gp[0x88] | index of active const buffer for gp[0x84] | 4 bytes |
| 0x56488: gp[0x8C] | GOOL interpreter double buffer for const refs (alt), pointer to scratch[0x40] | 4 bytes |
| 0x5648C: gp[0x90] | index of active const buffer for gp[0x8C] | 4 bytes |
| 0x56490: gp[0x94] | ? see LDAT postinit/253a0 | 4 bytes |
| 0x56494: gp[0x98] | ? see LDAT postinit/253a0 | 4 bytes |
| 0x56498: gp[0x9C] | "0b_pZ\0" string used by demo routine (extends to gp[0xA0]) | 8 x 1 byte |
| 0x564A0: gp[0xA4] | ? flag that prevents resetting the spawn lists when the level is restarted | 4 bytes |
| 0x564A4: gp[0xA8] | amount of camera z trans due to 'lookback' (i.e. moving forward or backward) | 4 bytes |
| 0x564A8: gp[0xAC] | amount of camera z trans due to 'camzoom' of the nearest forward or backward camera path | 4 bytes |
| 0x564AC: gp[0xB0] | flag for camera 'lookback'
0 = camera is zoomed in (as player moves forward) 1 = camera is zoomed out (as player moves backward) |
4 bytes |
| 0x564B0: gp[0xB4] | flag for camera pan x
0 = camera is panned left (as player moves left) 1 = camera is panned right (as player moves right) |
4 bytes |
| 0x564B4: gp[0xB8] | amount of camera y trans due to 'camzoom' of the nearest upward or downward camera path | 4 bytes |
| 0x564B8: gp[0xBC] | amount of camera x trans due to 'panx' (i.e. player moving left or right) | 4 bytes |
| 0x564BC: gp[0xC0] | ground offset (additional y distance from bottom of player, factored in determining its collision with solid underlying supportive octree nodes) | 4 bytes |
| ... | 2 x 4 bytes | |
| 0x564C8:
gp[0xCC] |
? used by sub_8002EC68 | 4 bytes |
| 0x564CC:
gp[0xD0] |
? used by sub_8002EC68 | 4 bytes |
| 0x564D0
gp[0xD4] |
"lt1rA" (audio entry EID?) string used by sub_8002EC68 | 8 x 1 byte |
| 0x564D8:
gp[0xDC] |
? | 4 bytes |
| 0x564DC: gp[0xE0] | random seed (inited to 1) | 4 bytes |
| 0x564E0: gp[0xE4] | "CD001" string used by filesystem read routine (sub_8002F8C4) | 4 bytes |
| 0x564E8
gp[0xEC] |
"." string used by filesystem read routine? | 4 x 1 byte |
| 0x564EC
gp[0xF0] |
".." string used by filesystem read routine? | 8 x 1 byte |
| 0x564E8
gp[0xF8] |
?? | 4 bytes |
| ... | 2 x 4 bytes | |
| 0x56500: gp[0x104] | ? see mdat initb (inited with 1) | 4 bytes |
| 0x56504: gp[0x108] | "0b_pz" string (EID string for game over screen/zone) | 8 x 1 byte |
| 0x5650C: gp[0x110] | "0c_pz" string (EID string for main menu screen/zone) | 8 x 1 byte |
| 0x56514: gp[0x118] | "0d_pz" string (EID string for Naughty Dog screen/zone) | 8 x 1 byte |
| 0x5651C: gp[0x120] | "0e_pz" string (EID string for options/password/load game menu/zone) | 8 x 1 byte |
| 0x56524: gp[0x128] | "0f_pz" string (EID string for 6th zone in map model) | 8 x 1 byte |
| 0x5652C: gp[0x130] | "1e_pz" string (EID string for first island (before end) zone in map model) | 8 x 1 byte |
| 0x56534: gp[0x138] | "1a_pz" string (EID string for first island (at end/native fortress) zone in map model) | 8 x 1 byte |
| 0x5653C: gp[0x140] | "2b_pz" string (EID string for second island zone in map model) | 8 x 1 byte |
| 0x56544: gp[0x148] | "3a_pz" string (EID string for third island zone in map model) | 8 x 1 byte |
| 0x5654C: gp[0x150] | "0a_pz" string (EID string for Entertainment America & Universal Interactive Screens/zone) | 8 x 1 byte |
| 0x56554: gp[0x158] | "%cMapP" EID string to grab the entries in sequence used for palette fading | 8 x 1 byte |
| 0x5655C: gp[0x160] | "0MapP" EID string used to grab the first palette entry in sequence for a palette fade | 8 x 1 byte |
| 0x56568:
gp[0x16C] |
? inited with 1 | 4 bytes |
| 0x5656C:
gp[0x170] |
? inited with -1 | 4 bytes |
| 0x56570:
gp[0x174] |
? inited with -1 | 4 bytes |
| 0x56574:
gp[0x178] |
"bu00:" string used by memory card routines | 8 x 1 byte |
| 0x5657C:
gp[0x180] |
"%s%s" string used by memory card routines | 8 x 1 byte |
| 0x56584:
gp[0x188] |
"*" string used by memory card routines | 4 x 1 byte |
| 0x56588
gp[0x18C] |
"EMPTY" string used by memory card routines | 8 x 1 byte |
| 0x56590
gp[0x194] |
"~inv!" string used by memory card routines | 8 x 1 byte |
| 0x56598
gp[0x19C] |
_AllocRestBlockTop | 8 bytes |
| 0x565A0
gp[0x1A4] |
_AllocMaxBlockSize | 8 bytes |
| 0x565A8
gp[0x1AC] |
max_heap | 8 bytes |
| 0x565B0
gp[0x1B4] |
AllocAreaFlag | 8 bytes |
| ... | 3 x 4 bytes | |
| 0x565C0: gp[0x1C4] | camera speed/most recent change in camera path progress | 4 bytes |
| ... | 6 x 4 bytes | |
| 0x565DC: gp[0x1E0] | small slope flag? | 4 bytes |
| .... | 34 x 4 bytes | |
| 0x56664: gp[0x268] | ? used by GOOL MSC | 4 bytes |
| .. | 4 x 4 bytes | |
| 0x56678: gp[0x27C] | ? see MDAT postinit | 4 bytes |
| ... | 13 x 4 bytes | |
| 0x566AC: gp[0x2B0] | wall cache: points to scratch[0x180] | 4 bytes |
| 0X566B0: gp[0x2B4] | EID of Crash GOOL executable entry | 4 bytes |
| 0x566B4: gp[0x2B8] | Crash object | 4 bytes |
| 0x566B8: gp[0x2BC] | SLST decoded buffer temp (used for swap) | 4 bytes |
| 0x566BC: gp[0x2C0] | SLST decoded back buffer (swapped with front buf, gp[0x304]) | 4 bytes |
| ... | 4 bytes | |
| 0x566C4: gp[0x2C8] | event descriptor for '(software) memory card: end of i/o' | 4 bytes |
| 0x566C8: gp[0x2CC] | event descriptor for '(software) memory card: error happened' | 4 bytes |
| 0x566CC: gp[0x2D0] | event descriptor for '(software) memory card: timeout' | 4 bytes |
| 0x566D0: gp[0x2D4] | event descriptor for '(software) memory card: new device' | 4 bytes |
| ... | 3 x 4 bytes | |
| 0x566E0: gp[0x2E4] | points to memory allocated by MDAT; structure used by the title sequence | 4 bytes |
| 0x566E4: gp[0x2E8] | ? zeroed at LDAT postinit | 4 bytes |
| 0x566E8: gp[0x2EC] | ? zeroed at LDAT postinit | 4 bytes |
| 0x566EC: gp[0x2F0] | event descriptor for '(hardware) memory card: end of i/o' | 4 bytes |
| 0x566F0: gp[0x2F4] | event descriptor for '(hardware) memory card: error happened' | 4 bytes |
| 0x566F4: gp[0x2F8] | wall map: points to scratch[0x100] | 4 bytes |
| 0x566F8: gp[0x2FC] | event descriptor for '(hardware) memory card: timeout' | 4 bytes |
| 0x566FC: gp[0x300] | event descriptor for '(hardware) memory card: new device' | 4 bytes |
| 0x56700: gp[0x304] | SLST decoded front buffer (swapped with back buf, gp[0x2C0]) | 4 bytes |
| 0x56704: gp[0x308] | some demo mode object? | 4 bytes |
| 0x56708: gp[0x30C] | ? | 4 bytes |
| 0x5670C: gp[0x310] | points to scratch[0x380], circle bitmap is copied from 0x52CF4 to here during BINF init routine | 4 bytes |
| 0x56710 | current level ID | 4 bytes |
| 0x56714 | next level ID (for changing levels) | 4 bytes |
| ... | 236 bytes | |
| DATA segment | ||
| 0x56800 | ? | 4 bytes |
| 0x56804 | structures describing SPU hardware voices | 24 x 68 bytes |
| 0x56E64 | more unknown SPU stuff | 472 bytes |
| 0x5703C | reserved by memory card routines | 24 bytes |
| 0x57054 | reserved by controller routines | 324 bytes |
| 0x57198 | reserved by CD-ROM routines | 180 bytes |
| 0x5724C | reserved by SPU routines | 20 bytes |
| 0x5726C | audio matrix? | 10 x 2 bytes |
| 0x57280 | ? initially 0; | 4 bytes |
| 0x57284 | ? initially 0; | 4 bytes |
| 0x57288 | ? initially 0; | 4 bytes |
| 0x5728C | 8 wavebank entry EIDs (last 5 are inited to null EID by hardware init routine) | 8 x 4 bytes |
| 0x572AC | reserved by SPU routines | 1296 bytes |
| 0x577BC | reserved by malloc | 8 bytes |
| ***for hword matrices only first 9 hwords used, last 7 are padding for align to 32 bytes | ||
| 0x577C4 | viewpoint rotation matrix (including translation by viewpoint translation vector) | 16 x 2 bytes |
| 0x577E4 | viewpoint rotation matrix negated and scaled 5/8s for Y, negated for Z | 16 x 2 bytes |
| 0x57804 | copy of 0x577E4 - 0x57804 | 16 x 2 bytes |
| 0x57824 | unknown matrix | 16 x 2 bytes |
| 0x57844 | 0x57824 scaled 5/8 in the y and negated in the z OR a copy of 0x577E4 in certain case | ? |
| 0x5785C | z rotation matrix for a small angle, approximately 11 degrees OR weirdly rotated version of 577E4 in certain case | ? |
| 0x57864 | camera x [initial value 0] | 4 bytes |
| 0x57868 | camera y [initial value 0] | 4 bytes |
| 0x5786C | camera z [initial value 0x1F400] | 4 bytes |
| 0x57870 | camera x rotation angle [initial value 0] | 4 bytes |
| 0x57874 | camera y rotation angle [initial value 0] | 4 bytes |
| 0x57878 | camera z rotation angle [initial value 0] | 4 bytes |
| 0x5787C | camera x scale? [initial value 0x1000] | 4 bytes |
| 0x57880 | camera y scale? [initial value 0x1000] | 4 bytes |
| 0x57884 | camera z scale? [initial value 0x1000] | 4 bytes |
| 0x57888 | camera x @ last time zone flags bit 13 not set [initial value 0] | 4 bytes |
| 0x5788C | camera y @ last time zone flags bit 13 not set [initial value 0xE1000] | 4 bytes |
| 0x57890 | camera z @ last time zone flags bit 13 not set [initial value 0x5DC000] | 4 bytes |
| ... | 24 bytes | |
| 0x578AC | ? intially 0, cleared by projection routine | 4 bytes |
| 0x578B0 | ? initially 0 | 2 bytes |
| 0x578B2 | ? initially 0 | 2 bytes |
| 0x578B4 | ? initially 0x1000 | 2 bytes |
| ... | 12 bytes | |
| 0x578C4 | ? initially 0 | 4 bytes |
| 0x578C8 | ? initially 0 | 4 bytes |
| 0x578CC | ? initially 0 | 4 bytes |
| 0x578D0 | projection distance (from viewer's eye) | 4 bytes |
| 0x578D4 | starts hword matrix... initially 0x200 | 2 bytes |
| 0x578D6 | initially 0x200 | 2 bytes |
| 0x578D8 | initially 0x200 | 2 bytes |
| 0x578DA | initially 0x200 | 2 bytes |
| 0x578DC | initially 0x200 | 2 bytes |
| 0x578DE | initially 0x200 | 2 bytes |
| 0x578E0 | initially 0x200 | 2 bytes |
| 0x578E2 | initially 0x200 | 2 bytes |
| 0x578E4 | initially 0x200 | 2 bytes |
| ... | 48 bytes | |
| 0x57914 | current zone (entry) | 4 bytes |
| 0x57918 | previous zone header (zone item) | 4 bytes |
| 0x5791C | current camera path (zone item) | 4 bytes |
| 0x57920 | current camera path progress | 4 bytes |
| ... | 12 bytes | |
| 0x57930 | set to 0x57938 when zone flags bit 13 not set, else cleared | 4 bytes |
| 0x57934 | camera x rotation after most recent adjustment/level update | 4 bytes |
| 0x57938 | camera y rotation after most recent adjustment/level update | 4 bytes |
| 0x5793C | camera z rotation after most recent adjustment/level update | 4 bytes |
| 0x57940 | camera x rotation before most recent adjustment/level update | 4 bytes |
| 0x57944 | camera y rotation before most recent adjustment/level update | 4 bytes |
| 0x57948 | camera z rotation before most recent adjustment/level update | 4 bytes |
| 0x5794C | sin(*(0x57930))/16; | 4 bytes |
| 0x57950 | ? | 4 bytes |
| 0x57954 | cos(*(0x57930))/16; | 4 bytes |
| ... | 8 bytes | |
| 0x57960 | (active buffer?) | 4 bytes |
| ... | 4 bytes | |
| 0x57968 | 4 byte string? cleared at loadLevel (demo mode sub uses this?) | 8 x 1 byte |
| 0x57970 | set to *(0x34520) at loadLevel | 4 bytes |
| 0x57974 | zone checkpoint state: player trans X | 4 bytes |
| 0x57978 | zone checkpoint state: player trans Y | 4 bytes |
| 0x5797C | zone checkpoint state: player trans Z | 4 bytes |
| 0x57980 | zone checkpoint state: player rotation Y? (rewritten with 0) | 4 bytes |
| 0x57984 | zone checkpoint state: player rotation X? (rewritten with 0) | 4 bytes |
| 0x57988 | zone checkpoint state: player rotation Z? (rewritten with 0) | 4 bytes |
| 0x5798C | zone checkpoint state: player scale X | 4 bytes |
| 0x57990 | zone checkpoint state: player scale Y | 4 bytes |
| 0x57994 | zone checkpoint state: player scale Z | 4 bytes |
| 0x57998 | zone checkpoint state: current zone EID | 4 bytes |
| 0x5799C | zone checkpoint state: current camera path | 4 bytes |
| 0x579A0 | zone checkpoint state: current camera path progress | 4 bytes |
| 0x579A4 | zone checkpoint state: either level ID or MDAT/LDAT EID? (saved as 0x5c53c[4]) | 4 bytes |
| 0x579A8 | zone checkpoint state: flag | 4 bytes |
| 0x579AC | zone checkpoint state: copy of spawn flags list | 304 x 2 bytes |
| 0x57E6C | zone checkpoint state: boxes broken count | 4 bytes |
| 0x57E70 | reserved for SPU routines | 212 bytes |
| 0x57F40 | 8 x wavebank page structures | 8 x 44 bytes |
| 0x580A0 | 16 x texture page structures | 16 x 44 bytes |
| 0x58360 | reserved for SPU routines | 160 bytes |
| 0x58400 | buffer count (2) | 4 bytes |
| 0x58404 | buffer onscreen pointer | 4 bytes |
| 0x58408 | buffer offscreen pointer | 4 bytes |
| 0x5840C | buffer onscreen (mirror?) pointer | 4 bytes |
| 0x58410 - 0x5A497 | buffer onscreen | 136 bytes |
| 0x5A498 - 0x5C51F | buffer offscreen | 136 bytes |
| 0x5C520 | reserved for SPU routines | 8 bytes |
| paging system structure | ||
| 0x5C528 | paging inited flag | 4 bytes |
| 0x5C52C | level ID (copied to 0x56710) | 4 bytes |
| 0x5C530 | pointer to entry hash table bucket pointer array | 4 bytes |
| 0x5C534 | pointer to entry hash table | 4 bytes |
| 0x5C538 | pointer to (loading screen information from NSD?) | 4 bytes |
| 0x5C53C | pointer to NSD level header | 4 bytes |
| 0x5C540 | pointer to NSD (structure) | 4 bytes |
| 0x5C544 | ? | 4 bytes |
| 0x5C548 | current sector to read from disc | 4 bytes |
| 0x5C54C | flag: 0 | 4 bytes |
| 0x5C550 | physical page count | 4 bytes |
| 0x5C554 | physical page structures | 22 x 44 bytes |
| 0x5C91C | virtual page count | 4 bytes |
| 0x5C920 | virtual page structures | 38 x 44 bytes |
| 0x5CFA8 | pages allocated | 4 bytes |
| 0x5CFAC | page structure of the destination page for the chunk currently being paged | 4 bytes |
| 0x5CFB0 | pointer to a list of items? | 4 bytes |
| 0x5CFB4 | most recent page structure set at case 8, and cleared at case 9 | 4 bytes |
| 0x5CFB8 | CID of the chunk that is currently being paged | 4 bytes |
| 0x5CFBC | CID->page stucture map (pointer) | 4 bytes |
| 0x5CFC0 | CID of most recently compressed chunk? | 4 bytes |
| 0x5CFC4 | reserved for SPU routines | 40 bytes |
| 0x5CFEC | surface collision/octree query data | 4176 or 0x1050 bytes |
| 0x5E03C | filesystem map | 64 x 3 x 4 bytes |
| 0x5E344 | spuVmMaxVoice | 4 bytes |
| 0x5E348 | spawned level object list | 256 x 2 bytes |
| 0x5E548 | reserved for SPU routines | 6672 bytes |
| 0x5FF58 | spawn list | 304 x 4 bytes |
| 0x60418 | reserved for MIDI/SPU routines | 2456 bytes |
| 0x60DB0 | pointer to player object space(points to space allocated for playerobject) | 4 bytes |
| 0x60DB4 | pointer to object space (points to space allocated for 96 objects) | 4 bytes |
| 0x60DB8 | object list A handle | 8 bytes |
| 0x60DC0 | object list B handle | 8 bytes |
| 0x60DC8 | object list C handle | 8 bytes |
| 0x60DD0 | object list D handle | 8 bytes |
| 0x60DD8 | object list E handle | 8 bytes |
| 0x60DE0 | object list F handle | 8 bytes |
| 0x60DE8 | object list G handle | 8 bytes |
| 0x60DF0 | object list H handle | 8 bytes |
| 0x60DF8 | free object list handle | 8 bytes |
| 0x60E00 | most recently updated object | 4 bytes |
| 0x60E04 | global game counter | 4 bytes |
| 0x60E08-0x61887 | object space map | 96 x 28 bytes |
| 0x61888 | object space map entry count | 4 bytes |
| At 0x6188C starts global variables for GOOL objects | ||
| 0x6188C [0x00] | initialized with level ID in left 3 bytes (by OPAT) | 4 bytes |
| 0x61890 [0x01] | ...? | 4 bytes |
| 0x61894 [0x02] | screen Y offset base? | 4 bytes |
| 0x61898 [0x03] | ...used by the other drawing modes | 4 bytes |
| 0x6189C [0x04] | copied to global render/animate flags (bit 3 & 4 set right before title screen fade in) (see mdat postinit) | 4 bytes |
| 0x618A0 [0x05] | ? (level reload count?) | 4 bytes |
| 0x618A4 [0x06] | instance of DispC state 1 | 4 bytes |
| 0x618A8 [0x07] | instance of DispC state 0 | 4 bytes |
| 0x618AC [0x08] | instance of DispC state 0x27, set for ripper roo (level) | 4 bytes |
| 0x618B0 [0x09] | global render/animate flags | 4 bytes |
| 0x618B4 [0x0A] | ? modified by sub_8002BAB4, called at beginning of sub_8002B2BC (handles Crash 'woah' death sequence) | 4 bytes |
| 0x618B8 [0x0B] | ? global central Z of illumination for object brightness? | 4 bytes |
| 0x618BC [0x0C] | instance of DispC state 4 (pause menu) | 4 bytes |
| 0x618C0 [0x0D] | used by FruiC, incremented (fruit to HUD collection path interpolation factor?) | 4 bytes |
| 0x618C4 [0x0E] | instance of DispC state 5 | 4 bytes |
| 0x618C8 [0x0F] | mirror of 0x57930; used by aku, and fruit for some y positioning | 4 bytes |
| 0x618CC [0x10] | aku aku stores pointer to itself here (17A14) | 4 bytes |
| 0x618D0 [0x11] | ? set to 0x100 by camera routine for cam mode 0, (5, 6 level); set to 6 by DispC | 4 bytes |
| 0x618D4 [0x12] | title mode buffer? set by DispC | 4 bytes |
| 0x618D8 [0x13] | ? | 4 bytes |
| 0x618DC [0x14] | game progress (0x63 initial progress before start game), (0x1F full completion, i.e. 31+1 | 4 bytes |
| 0x618E0 [0x15] | ? | 4 bytes |
| 0x618E4 [0x16] | ? | 4 bytes |
| 0x618E8 [0x17] | ? | 4 bytes |
| 0x618EC [0x18] | init 0; incremented by FruiC (fruit or live counter?) | 4 bytes |
| 0x618F0 [0x19] | init 0 | 4 bytes |
| 0x618F4 [0x1A] | init 0 | 4 bytes |
| 0x618F8 [0x1B] | init 0 | 4 bytes |
| 0x618FC [0x1C] | init 0 | 4 bytes |
| 0x61900 [0x1D] | init 0 | 4 bytes |
| 0x61904 [0x1E] | set to zone flags when loading a new zone | 4 bytes |
| 0x61908 [0x1F] | loaded from mem card routine... used by? | 4 bytes |
| 0x6190C [0x20] | loaded from mem card routine... used by? | 4 bytes |
| 0x61910 [0x21] | loaded from mem card routine... used by? | 4 bytes |
| 0x61914 [0x22] | loaded from mem card routine... used by? | 4 bytes |
| 0x61918 [0x23] | loaded from mem card routine... used by? | 4 bytes |
| 0x6191C [0x24] | pointer to tnt explosion object (if event spawns it) | 4 bytes |
| 0x61920 [0x25] | camera x (0x57864) mirror | 4 bytes |
| 0x61924 [0x26] | camera y (0x57868) mirror | 4 bytes |
| 0x61928 [0x27] | camera z (0x5786C) mirror | 4 bytes |
| 0x6192C [0x28] | camera rot y (0x57870) mirror | 4 bytes |
| 0x61930 [0x29] | camera rot x (0x57874) mirror | 4 bytes |
| 0x61934 [0x2A] | camera rot z (0x57878) mirror | 4 bytes |
| 0x61938 [0x2B] | previous game loop iteration execution time minus VSync time (checked by aku aku, also GemsC and WarpC) | 4 bytes |
| 0x6193C [0x2C] | screen x offset (used as arg in call to SetGeomOffset) initially 0, cleared by projection init routine | 4 bytes |
| 0x61940 [0x2D] | screen y offset (used as arg in call to SetGeomOffset, after adding initial y offset value at 0x2 << 8) initially 0 | 4 bytes |
| 0x61944 [0x2E] | set by memory card data load routines, checked by BoxsC, or FruiC, along with game progress at 0x14 | 4 bytes |
| 0x61948 [0x2F] | maximum initial Z position for entities spawned during title sequences | 4 bytes |
| ... | 4 bytes | |
| 0x61950 [0x31] | cleared when an event is sent to a TNT explosion fragment object | 4 bytes |
| ... | 4 x 4 bytes | |
| 0x61964 [0x36] | ? aku aku sets this to 0; also sets to point to itself in certain conditions | 4 bytes |
| ... | 5 x 4 bytes | |
| 0x6197C [0x3C] | bonus round identifier (set by DispC) | 4 bytes |
| .... | 4 bytes | |
| 0x61984 [0x3E] | box count/number of boxes broken | 4 bytes |
| 0x61988 [0x3F] | read by GemsC (gems collected?) | 4 bytes |
| .... | 4 bytes | |
| 0x61990 [0x41] | timestamp of most recent gem render? | 4 bytes |
| ... | 4 bytes | |
| 0x61998 [0x43] | cleared when a new zone is loaded | 4 bytes |
| 0x6199C [0x44] | debug flag (set in prototype?) | 4 bytes |
| 0x619A0 [0x45] | ID of most recently hit checkpoint box; when not -1 or 0 and saving state, vector at 0x61A24 recorded in place of objects trans | 4 bytes |
| ... | 2 x 4 bytes | |
| 0x619AC [0x48] | ? read by GemsC, also BoxsC and FruiC | 4 bytes |
| ... | 3 x 4 bytes | |
| 0x619BC [0x4C] | points to self-instantiated DispC state 10 | 4 bytes |
| ... | 23 x 4 bytes | |
| 0x61A1C [0x64] | set to 0xD00 by DispC | 4 bytes |
| ... | 4 bytes | |
| 0x61A24 [0x66] | trans vector of most recent broken checkpoint box; replaces object trans when saving state if flag 0x619A0 set | 3 x 4 bytes |
| ... | 3 x 4 bytes | |
| 0x61A34 [0x6A] | fade duration/counter? | 4 bytes |
| ... | 9 x 4 bytes | |
| 0x61A5C [0x74] | ?? set to 0 for each neighbor zone when loading a new zone | 4 bytes |
| 0x61A60 [0x75] | set/incremented by boxes when spawned; reset when loading a new zone for each neighbor zone | 4 bytes |
| 0x61A64 [0x76] | ?? set to 0 for each neighbor zone when loading a new zone | 4 bytes |
| 0x61A68 | _svm_okof1 | 8 bytes |
| 0x61A70 | _svm_okof2 | 8 bytes |
| 0x61A78 | heap | * bytes |
