gbadev.org forum archive

This is a read-only mirror of the content originally found on forum.gbadev.org (now offline), salvaged from Wayback machine copies. A new forum can be found here.

DS development > NDS RAM sections not overwritten by commercial games?

#55727 - chishm - Sat Oct 01, 2005 1:28 am

I am not interested in piracy, just hear me out.

I was examining the NDS file specs in the NDSTech Wiki, and I noticed that the Metroid ARM9 binary is loaded into RAM starting from 0x0200:4000. I have noticed this in all the other commercial demos that I have examined too. This means they are purposely not overwritting main RAM from 0x0200:0000 to 0x0200:4000. Examining some of the loaders also shows they are purposely leaving this memory untouched.

Curiosity leads me to ask - what is so special about this section of RAM? Does it contain any useful data left by the BIOS, or is it used for any specific function?

Maybe we can use this behaviour to our advantage.

#55732 - josath - Sat Oct 01, 2005 5:20 am

Maybe they use that space as working memory? Like for malloc() or something?

#55738 - chishm - Sat Oct 01, 2005 8:14 am

josath wrote:
Maybe they use that space as working memory? Like for malloc() or something?

Possibly, but its only 16KiB, which isn't much to malloc from. That, and warez loaders seem to go to the trouble of not overwriting it. I'm thinking it might have some useful functions copied from the firmware or some form of copy protection. It'd be good if it was the former, because then we might get easier access to the hardware. This is all just speculation for now, though.

#55748 - Mighty Max - Sat Oct 01, 2005 2:45 pm

This space is saved for the header.

The header info of i.e. Metroid Prime Hunters Demo reserves that size:
http://www.bottledlight.com/ds/index.php/FileFormats/NDSFormat

Yet big parts of this space seems to be unused.
_________________
GBAMP Multiboot

#55755 - chishm - Sat Oct 01, 2005 3:36 pm

That's what I was saying. The games seem to purposely not use that area. The reason that the ARM9 starts 4KiB into the NDS file is due to it being aligned to 4KiB (same source as MightyMax). This still doesn't completely explain why it is 4KiB aligned when copied, since the NDS header is copied to another location anyway, and the space in between (in the file) is padded with 0s.