In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

NAND Boot Program: Difference between revisions

From WiiBrew
Jump to navigation Jump to search
← Older edit
Hallowizer (talk | contribs)
5,579 edits
Known global variables: Added glob_7d60's string
Hallowizer (talk | contribs)
5,579 edits
looks like v1.1 doesn't have the ESP stuff
 
(23 intermediate revisions by 2 users not shown)
Line 1: Line 1:
The '''NAND Boot Program''' is a [[DOL]] that is the boot content of every [[Broadway]] title (except the [[System Menu]]). It is linked with [[Revolution OS]], though a separate copy from the game itself.
The '''NAND Boot Program''' is a [[DOL]] that is the boot content of every [[Broadway]] title (except the [[System Menu]]). It is linked with [[Revolution OS]], though a separate copy from the game itself. It is responsible for loading the main content from index 1 of a [[title]]; newer versions are able to apply an LZ11 decompression.


A special version can also be found in [[IOS15]] and [[IOS21]]; this one lists "%s" as its version, and was probably added to those [[IOS]]es to cause [[error 001]] to appear for IOS21 discs.
Similar to the System Menu, the NAND Boot Program is governed by its own [[/BS2|BS2]] with far fewer states.


Similar to the System Menu, the NAND Boot Program is governed by its own [[/BS2|BS2]] with far fewer states.
== SDK libraries ==
These libraries were taken from the version in Mii Channel v6.


A list of known functions can be found [https://docs.google.com/spreadsheets/d/1siu7GbmYs7-V6ktgdA6wdadeY6D_1S21UIzjnmCCRsA/edit#gid=0 here].
{| class="wikitable"
! Name
! Build timestamp
|-
| [[Revolution OS|OS]]
| Aug 8 2007 02:06:24 (0x4199_60831)
|-
| EXI
| Aug 8 2007 01:59:22 (0x4199_60831)
|-
| SI
| Aug 8 2007 02:07:10 (0x4199_60831)
|-
| VI
| Aug 8 2007 02:07:17 (0x4199_60831)
|-
| DVD
| Aug 8 2007 01:59:13 (0x4199_60831)
|-
| [[NAND (SDK)|NAND]]
| Aug 8 2007 02:08:58 (0x4199_60831)
|-
| [[SC]]
| Aug 8 2007 02:09:03 (0x4199_60831)
|-
| [[PAD]]
| Aug 8 2007 02:07:08 (0x4199_60831)
|}


== Known global variables ==
== ESP ==
This list contains both globals from Revolution OS and the NAND Boot Program, as it has not been determined which variables belong to which part of the DOL. r13 is the base pointer that all global variables (not constants) are stored relative to; it is initialized to 0x813735a0. They are stored at a negative offset, and the absolute value of the offset will be used for naming. For example, glob_7ec8 means -0x7ec8(r13).
Error messages for <code>ES_InitLib</code>, <code>ES_GetTitleId</code>, <code>ESP_OpenContentFile</code>, <code>ESP_ReadContentFile</code>, <code>ESP_CloseContentFile</code>, and <code>ESP_CloseLib</code> can be found in <code>BS2Tick</code> in v1.21 (and possibly v1.4). It is not clear what ESP is; the lists of function names in [[SEL]] files list all of these functions as [[ES]] functions, so it is possible that this was simply a typo, hence the inconsistency in <code>ES_InitLib</code> and <code>ESP_CloseLib</code>.
* glob_7944 holds the total number of [[IOS]] IPC messages enqueued
* glob_7948 holds the number of pending IPC messages
* glob_7c40 is the lower 32 bits of the IOS heap range
* glob_7c50 is some counter that is decremented by 813394a8
* glob_7c54 and glob_7c58 are the ends of some linked list. This linked list has a function pointer, an unknown value, and then a next pointer, and finally a prev pointer.
* glob_7c60 is the pointer to the syscall table
* glob_7c90 is where all memory is allocated from (FUN_81333de4 in the [[Mii Channel]] v6 SDK); it is decreased every time memory is allocated.
* glob_7cb8 holds 0x80000000, probably as a base address to add offsets to.
* glob_7cdc is a boolean that stores whether OSInit has been called.
* glob_7d08 is the pointer to the bi2.bin buffer
* glob_7d20 is the current BS2 state
* glob_7d54 is a heap ID passed to AllocAligned
* glob_7d60-glob_7d58 form the string "[[:/dev/es]]". It is not known why it is stored in the r13 area instead of as a normal global.
* glob_7ec8 seems to control whether [[error 001]] shows; 1 means error 001 should be shown by the NAND Boot Program, anything else means don't show the error. It can be set to 1 by the function that is LAB_8134a6e8 in the Mii Channel v6 SDK.
* glob_7ee8 is 0 while the bi2.bin data is being processed by OSInit, 1 afterward
* glob_7f68 is the upper 32 bits of the [[IOS]] heap range


== Versions ==
== RVA ==
Several versions have been found: the <code>%s</code> version in [[IOS15]] and [[IOS21]], the <code>v1.1</code> version in some channels, and the <code>v1.0</code> version in [[Forecast Channel dummy]] and [[News Channel dummy]]. v1.1 has a build string of <code>release build: Oct 26 2006 16:22:40 (0x4199_60831)</code>, while %s has a build string of <code>release build: Jul 31 2007 12:29:44 (0x4199_60831)</code>. The only other differences between v1.1 and %s seem to be that %s includes patches for the [[Internet Channel]], and %s mentions RVA units.
There is a logic used to determine whether the current device is an [[Wii#RVA|RVA]] system; this is done by checking if [[:/title/00000001/00000002/data/RVA.txt]] exists.


v1.0's strings are identical to v1.1's, although the <code>RVL_SDK - OS</code> that follows has a build date of Sep 15 2006 for v1.0, and Sep 21 2006 for v1.1.
== Internet Channel patches ==
Versions 1.21 and above perform a "MEM1 patch" and a "MEM2 patch" on the [[Internet Channel]]. The details of this patch are currently not known.


== ESP ==
== Version history ==
Error messages for <code>ES_InitLib</code>, <code>ES_GetTitleId</code>, <code>ESP_OpenContentFile</code>, <code>ESP_ReadContentFile</code>, <code>ESP_CloseContentFile</code>, and <code>ESP_CloseLib</code> can be found in the bi2.bin reading function. It is not clear what "ESP" is; it may have been an older version of [[ES]], possibly even used on the iQue Player, which did not have a concept of titles but had a title-like system where each title was a single content.
=== v1.4 ===
* Replaced <code>DEVELOPMENT MODE</code> in the heading string with <code>%s</code>, possibly indicating that this was meant to be the first version released
* Main binary is now uncompressed (using [[LZ11]]) before booting


== Dev units ==
=== v1.21 ===
There is a string in the %s version saying "Set Device Code : [RVA]", which probably means dev units used code RVA instead of RVL. Strings already exist in the [[System Menu]] that suggest that RVL is not used for dev units.
* Replaced the version in the heading string with <code>%s</code> (with the version stored elsewhere)


There also seems to be a file called [[:/title/00000001/00000002/data/RVA.txt]] that is referenced.
=== v1.1 ===
Found in many public [[channel]]s. Differences from v1.0 are unknown.


== Internet Channel patches ==
=== v1.0 ===
The %s version performs a "MEM1 patch" and a "MEM2 patch" on the Internet Channel. The details of this patch are currently not known.
First release. Probably a beta version, since the only known appearance is in [[Forecast Channel dummy]] and [[News Channel dummy]] v0.


[[Category:Official software]]
[[Category:NAND Boot Program]]

Latest revision as of 05:49, 19 August 2022

The NAND Boot Program is a DOL that is the boot content of every Broadway title (except the System Menu). It is linked with Revolution OS, though a separate copy from the game itself. It is responsible for loading the main content from index 1 of a title; newer versions are able to apply an LZ11 decompression.

Similar to the System Menu, the NAND Boot Program is governed by its own BS2 with far fewer states.

SDK libraries

These libraries were taken from the version in Mii Channel v6.

Name Build timestamp
OS Aug 8 2007 02:06:24 (0x4199_60831)
EXI Aug 8 2007 01:59:22 (0x4199_60831)
SI Aug 8 2007 02:07:10 (0x4199_60831)
VI Aug 8 2007 02:07:17 (0x4199_60831)
DVD Aug 8 2007 01:59:13 (0x4199_60831)
NAND Aug 8 2007 02:08:58 (0x4199_60831)
SC Aug 8 2007 02:09:03 (0x4199_60831)
PAD Aug 8 2007 02:07:08 (0x4199_60831)

ESP

Error messages for ES_InitLib, ES_GetTitleId, ESP_OpenContentFile, ESP_ReadContentFile, ESP_CloseContentFile, and ESP_CloseLib can be found in BS2Tick in v1.21 (and possibly v1.4). It is not clear what ESP is; the lists of function names in SEL files list all of these functions as ES functions, so it is possible that this was simply a typo, hence the inconsistency in ES_InitLib and ESP_CloseLib.

RVA

There is a logic used to determine whether the current device is an RVA system; this is done by checking if /title/00000001/00000002/data/RVA.txt exists.

Internet Channel patches

Versions 1.21 and above perform a "MEM1 patch" and a "MEM2 patch" on the Internet Channel. The details of this patch are currently not known.

Version history

v1.4

  • Replaced DEVELOPMENT MODE in the heading string with %s, possibly indicating that this was meant to be the first version released
  • Main binary is now uncompressed (using LZ11) before booting

v1.21

  • Replaced the version in the heading string with %s (with the version stored elsewhere)

v1.1

Found in many public channels. Differences from v1.0 are unknown.

v1.0

First release. Probably a beta version, since the only known appearance is in Forecast Channel dummy and News Channel dummy v0.

Retrieved from "https://wiibrew.org/w/index.php?title=NAND_Boot_Program&oldid=117949"