(04-10-2019, 12:30 AM)Flavor Wrote: Loïc, could you post the source of the called function that pops the return and then retrieves some values? I assume it's quite short.
Also, what does that first bit of code do before the "jump" to call the "function?"
Values are set only as example...
as an example, jump are handled like that :
Code:
0x200180: LD XHL,(0x4006) : E1 06 40 23 |
0x200184: LD XIX,0x0020018F : 44 8F 01 20 00 |
0x200189: LD (0x4006),XIX : F1 06 40 64 |
0x20018D: JP T,XHL : B3 D8 | here we can assume XHL eq 0x294CFE
Then we jump to :
Code:
0x294CFE: PUSH XIY : 3D |
0x294CFF: LD XIY,0x00299592 : 45 92 95 29 00 |
0x294D04: LD IZ,0x0122 : 36 22 01 |
0x294D07: LD IX,0x9C80 : 34 80 9C |
0x294D0A: CALL 0x200BAC : 1D AC 0B 20 |
0x294D0E: POP XIY : 5D |
0x294D0F: CALL 0x20023C : 1D 3C 02 20 |
From this point, the call operator push 0x294D11 to the stack.
Instead of a RET, the function pop 0x294D11 from the stack and uses it to retrieve other values.
Code:
0x20023C: POP XDE : 5A |
0x20023D: LD A,(XDE++1) : C5 E8 21 |
0x200240: LD XHL,0x002007A1 : 43 A1 07 20 00 |
0x200245: LD HL,(XHL + A) : D3 03 EC E0 23 |
0x20024A: JP T,XHL : B3 D8 |
note : We can reach this function either by a call 0x20023C or a jump 0x20023D
Here, I could find all the "CALL 0x20023C" to retrieve every single "A" value to find all XHL possible jump.
Up to now, though I'm able to find some text in the ROM, I couldn't find how they are addressed in the code. I found tables in Nigeronpa, but not here... maybe everithing is stored using base address + offset
I was lucky with Nigeronpa that was a lot easier to read !