├── Actors.md ├── ExtractedStateList.md ├── GDB.md ├── LevelFormat.md ├── LevelNames.md ├── States.md └── ghidra_scripts ├── SMM2ActorIDDumper.py ├── SMM2ProfileFinder.py └── SMM2StateFinder.py /Actors.md: -------------------------------------------------------------------------------- 1 | The addresses here relate to version 1.0.0 of the game. 2 | 3 | # Engine Actor Data 4 | 5 | | ID | Name | SubName | Profile | BuildFunc | _10 | _14 | _18 | _20 | _24 | 6 | |----|------|---------|---------|-----------|-----|-----|-----|-----|-----| 7 | | 0 | TenCoin | | 0x7102451190 | 0x71008bf570 | 0x0 | 0x3 | 0x7101d04aa0 | 0x0 | 0x84 | 8 | | 1 | SplitKuriboMgr | | 0x710242b1e0 | 0x710076b070 | 0x1 | 0x5 | 0x7101d0359c | 0x0 | 0x0 | 9 | | 2 | ObjectCommon | | 0x71022ff348 | 0x710040b8a0 | 0x2 | 0x5 | 0x7101cfbf18 | 0x0 | 0x0 | 10 | | 3 | CourseQuestAssistObject | | 0x7102300f28 | 0x710040d850 | 0x3 | 0x5 | 0x7101cfbf18 | 0x0 | 0x0 | 11 | | 4 | GoalPole | | 0x710244d850 | 0x7100889d70 | 0x4 | 0x3 | 0x7101d046fc | 0x0 | 0x0 | 12 | | 5 | Mario3Goal | | 0x710244e910 | 0x710089ea00 | 0x5 | 0x3 | 0x7101d04890 | 0x0 | 0x0 | 13 | | 6 | MariowGoal | | 0x710244ff98 | 0x71008a61f0 | 0x6 | 0x3 | 0x7101d048e0 | 0x0 | 0x0 | 14 | | 7 | CastleGoal | | 0x710244c0c0 | 0x71008767a0 | 0x7 | 0x3 | 0x7101d045c4 | 0x0 | 0x0 | 15 | | 8 | Lift | | 0x710244dce8 | 0x7100899ad0 | 0x8 | 0x3 | 0x7101d04830 | 0x0 | 0x4 | 16 | | 9 | Lift | | 0x710244de80 | 0x710089d630 | 0x9 | 0x3 | 0x7101d04868 | 0x0 | 0x4 | 17 | | 10 | LiftTrialStart | | 0x710244dee0 | 0x710089df00 | 0xa | 0x3 | 0x7101d0487c | 0x0 | 0x4 | 18 | | 11 | FallLift | | 0x710244dc88 | 0x7100898e00 | 0xb | 0x3 | 0x7101d0481c | 0x0 | 0x4 | 19 | | 12 | YouganLift | | 0x710244ddf8 | 0x710089a2b0 | 0xc | 0x3 | 0x7101d04844 | 0x0 | 0x4 | 20 | | 13 | Trampoline | | 0x71024513a0 | 0x71008c2f90 | 0xd | 0x3 | 0x7101d04aec | 0x0 | 0x4 | 21 | | 14 | OnOffSwitchBlock | | 0x710244b520 | 0x71008739f0 | 0xe | 0x3 | 0x7101d04550 | 0x0 | 0x4 | 22 | | 15 | WarpBox | | 0x71024514f0 | 0x71008c5340 | 0xf | 0x3 | 0x7101d04b18 | 0x0 | 0x4 | 23 | | 16 | SnakeBlock | | 0x7102450dd0 | 0x71008b1a20 | 0x10 | 0x3 | 0x7101d049c4 | 0x0 | 0x0 | 24 | | 17 | MapObjSnakeBlockMovePanel | | 0x7102450e30 | 0x71008b7a20 | 0x11 | 0x3 | 0x7101d049fc | 0x0 | 0x4 | 25 | | 18 | BlockBikkuri | | 0x710244b290 | 0x710086db60 | 0x12 | 0x3 | 0x7101d04420 | 0x0 | 0x0 | 26 | | 19 | OrbitBlock | OrbitBlock | 0x71024500e8 | 0x71008a8580 | 0x13 | 0x3 | 0x7101d04908 | 0x0 | 0x0 | 27 | | 20 | FireBar | | 0x710244c438 | 0x7100882a70 | 0x14 | 0x3 | 0x7101d04660 | 0x0 | 0x4 | 28 | | 21 | Burner | | 0x710244b620 | 0x7100873fe0 | 0x15 | 0x3 | 0x7101d04578 | 0x0 | 0x204 | 29 | | 22 | HalfHitWall | | 0x710244d8d0 | 0x710088ccf0 | 0x16 | 0x3 | 0x7101d04734 | 0x0 | 0x4 | 30 | | 23 | Seesaw | | 0x7102450c98 | 0x71008acef0 | 0x17 | 0x3 | 0x7101d04968 | 0x0 | 0x4 | 31 | | 24 | Key | | 0x710244dae0 | 0x7100895b30 | 0x18 | 0x3 | 0x7101d047d8 | 0x0 | 0x4 | 32 | | 25 | Balloon | | 0x710244a418 | 0x7100859d10 | 0x19 | 0x3 | 0x7101d042a0 | 0x0 | 0x0 | 33 | | 26 | BellTree | | 0x710244a518 | 0x710085ca70 | 0x1a | 0x3 | 0x7101d042d8 | 0x0 | 0x6 | 34 | | 27 | SwingCrane | | 0x7102451110 | 0x71008bc2c0 | 0x1b | 0x3 | 0x7101d04a68 | 0x0 | 0x4 | 35 | | 28 | Sun | | 0x7102451080 | 0x71008b97a0 | 0x1c | 0x3 | 0x7101d04a54 | 0x0 | 0x8 | 36 | | 29 | Moon | Moon | 0x710244f518 | 0x71008a52f0 | 0x1d | 0x3 | 0x7101d048cc | 0x0 | 0x8 | 37 | | 30 | NobinobiPakkun | | 0x71024296b8 | 0x710071eb90 | 0x1e | 0x1 | 0x7101d030dc | 0x0 | 0xc | 38 | | 31 | UganFish | | 0x710242bca0 | 0x710079c870 | 0x1f | 0x1 | 0x7101d03844 | 0x0 | 0xc | 39 | | 32 | OnpuBlock | | 0x710244b4d0 | 0x71008722e0 | 0x20 | 0x3 | 0x7101d044bc | 0x0 | 0x4 | 40 | | 33 | ChikuwaBlock | | 0x710244c210 | 0x710087b800 | 0x21 | 0x3 | 0x7101d04610 | 0x0 | 0x4 | 41 | | 34 | IceBlock | | 0x710244b470 | 0x7100872050 | 0x22 | 0x3 | 0x7101d044a8 | 0x0 | 0x4 | 42 | | 35 | HardBlock | | 0x710244b3b0 | 0x7100871b30 | 0x23 | 0x3 | 0x7101d04480 | 0x0 | 0x4 | 43 | | 36 | KumoBlock | | 0x710244b350 | 0x71008718a0 | 0x24 | 0x3 | 0x7101d0446c | 0x0 | 0x4 | 44 | | 37 | HatenaBlock | | 0x710244b410 | 0x7100871dc0 | 0x25 | 0x3 | 0x7101d04494 | 0x0 | 0x4 | 45 | | 38 | RengaBlock | | 0x710244b580 | 0x7100873c80 | 0x26 | 0x3 | 0x7101d04564 | 0x0 | 0x4 | 46 | | 39 | ClearBlock | | 0x710244b2f0 | 0x7100871610 | 0x27 | 0x3 | 0x7101d04458 | 0x0 | 0x4 | 47 | | 40 | Ivy | | 0x710244d9d0 | 0x7100890b30 | 0x28 | 0x3 | 0x7101d04768 | 0x0 | 0x4 | 48 | | 41 | BigClub | | 0x710244a6b8 | 0x710085f360 | 0x29 | 0x3 | 0x7101d042ec | 0x0 | 0x4 | 49 | | 42 | Icicle | | 0x710244d930 | 0x710088db10 | 0x2a | 0x3 | 0x7101d04748 | 0x0 | 0x4 | 50 | | 43 | JumpStep | JumpStep | 0x710244da70 | 0x7100892990 | 0x2b | 0x3 | 0x7101d047a0 | 0x0 | 0x84 | 51 | | 44 | PSwitch | PSwitch | 0x7102450c28 | 0x71008ac4e0 | 0x2c | 0x3 | 0x7101d04954 | 0x0 | 0x80 | 52 | | 45 | PowBlock | PowBlock | 0x7102450b90 | 0x71008aa9f0 | 0x2d | 0x3 | 0x7101d04940 | 0x0 | 0x84 | 53 | | 46 | PowBlockRed | PowBlockRed | 0x7102450bd8 | 0x71008aa9f0 | 0x2e | 0x0 | 0x7101d04940 | 0x0 | 0x484 | 54 | | 47 | Stone | Stone | 0x7102450f90 | 0x71008b8820 | 0x2f | 0x3 | 0x7101d04a38 | 0x0 | 0x84 | 55 | | 48 | WoodBox | WoodBox | 0x71024515b0 | 0x71008c9b90 | 0x30 | 0x3 | 0x7101d04b2c | 0x0 | 0x84 | 56 | | 49 | Hopper | Hopper | 0x71024267a8 | 0x7100681630 | 0x31 | 0x1 | 0x7101d029fc | 0x0 | 0xc | 57 | | 50 | Hopper | HopperBig | 0x71024267f0 | 0x7100681630 | 0x32 | 0x1 | 0x7101d02a10 | 0x0 | 0xc | 58 | | 51 | Met | Met | 0x71024286e8 | 0x7100706910 | 0x33 | 0x1 | 0x7101d02e5c | 0x0 | 0xc | 59 | | 52 | Met | MetBig | 0x7102428730 | 0x7100706910 | 0x34 | 0x1 | 0x7101d02e70 | 0x0 | 0xc | 60 | | 53 | Dossun | Dossun | 0x7102425b68 | 0x710064b000 | 0x35 | 0x1 | 0x7101d01220 | 0x0 | 0xc | 61 | | 54 | Dossun | DossunBig | 0x7102425bb0 | 0x710064b000 | 0x36 | 0x1 | 0x7101d01234 | 0x0 | 0xc | 62 | | 55 | Dossun | SideDossun | 0x710242b0c8 | 0x7100765c10 | 0x37 | 0x1 | 0x7101d03574 | 0x0 | 0xc | 63 | | 56 | Dossun | SideDossunBig | 0x710242b110 | 0x7100765c10 | 0x38 | 0x1 | 0x7101d03588 | 0x0 | 0xc | 64 | | 57 | KillerHoudai | KillerHoudai | 0x71024270c8 | 0x710069bc20 | 0x39 | 0x1 | 0x7101d02b28 | 0x0 | 0x84 | 65 | | 58 | SenkanHoudai | SenkanHoudai | 0x710242afb8 | 0x71007628a0 | 0x3a | 0x1 | 0x7101d03528 | 0x0 | 0x84 | 66 | | 59 | SenkanHoudai | SenkanHoudaiBig | 0x710242b000 | 0x71007628a0 | 0x3b | 0x0 | 0x7101d0353c | 0x0 | 0x84 | 67 | | 60 | Poo | Poo | 0x710242a658 | 0x71007456c0 | 0x3c | 0x1 | 0x7101d03410 | 0x0 | 0xc | 68 | | 61 | Poo | PooBig | 0x710242a6a0 | 0x71007456c0 | 0x3d | 0x1 | 0x7101d03424 | 0x0 | 0xc | 69 | | 62 | BlackPakkun | BlackPakkun | 0x7102424d30 | 0x7100608e60 | 0x3e | 0x1 | 0x7101d00f90 | 0x0 | 0x8c | 70 | | 63 | BlackPakkun | BlackPakkunBig | 0x7102424d78 | 0x7100608e60 | 0x3f | 0x1 | 0x7101d00fa4 | 0x0 | 0x8c | 71 | | 64 | WanwanPile | WanwanPile | 0x710242bf00 | 0x71007b3a90 | 0x40 | 0x3 | 0x7101d038b8 | 0x0 | 0x84 | 72 | | 65 | JumpStepSide | JumpStepSide | 0x7102450cf8 | 0x71008af470 | 0x41 | 0x3 | 0x7101d0497c | 0x0 | 0x84 | 73 | | 66 | Togemet | Togemet | 0x710242b520 | 0x7100775290 | 0x42 | 0x1 | 0x7101d036b4 | 0x0 | 0xc | 74 | | 67 | Togemet | TogemetBig | 0x710242b568 | 0x7100775290 | 0x43 | 0x1 | 0x7101d036c8 | 0x0 | 0xc | 75 | | 68 | Togemet | TogemetYellow | 0x710242b5b0 | 0x7100775290 | 0x44 | 0x1 | 0x7101d036b4 | 0x0 | 0xc | 76 | | 69 | Togemet | TogemetYellowBig | 0x710242b5f8 | 0x7100775290 | 0x45 | 0x1 | 0x7101d036c8 | 0x0 | 0xc | 77 | | 70 | Coin | Coin | 0x7102448cb8 | 0x71008408f0 | 0x46 | 0x3 | 0x7101d03e10 | 0x0 | 0x84 | 78 | | 71 | Coin10 | Coin10 | 0x7102448d00 | 0x71008408f0 | 0x47 | 0x3 | 0x7101d03e24 | 0x0 | 0x284 | 79 | | 72 | Coin30 | Coin10 | 0x7102448d48 | 0x71008408f0 | 0x48 | 0x3 | 0x7101d03e24 | 0x0 | 0x284 | 80 | | 73 | Coin50 | Coin10 | 0x7102448d90 | 0x71008408f0 | 0x49 | 0x3 | 0x7101d03e24 | 0x0 | 0x284 | 81 | | 74 | Tornado | | 0x7102451280 | 0x71008c0900 | 0x4a | 0x3 | 0x7101d04ab4 | 0x0 | 0x110 | 82 | | 75 | KoopaClown | KoopaClown | 0x7102427ca8 | 0x71006d25a0 | 0x4b | 0x1 | 0x7101d02c98 | 0x0 | 0x18c | 83 | | 76 | KoopaCar | KoopaCar | 0x7102427ba0 | 0x71006c6610 | 0x4c | 0x1 | 0x7101d02c28 | 0x0 | 0xc | 84 | | 77 | Yoshi | | 0x71024631d0 | 0x7100a2b370 | 0x4d | 0x0 | 0x7101d09e04 | 0x0 | 0x0 | 85 | | 78 | Player | | 0x710245f4a8 | 0x71009b9dd0 | 0x4e | 0x0 | 0x7101d09a5c | 0x0 | 0x0 | 86 | | 79 | ChaseKinopio | | 0x710244c1c0 | 0x7100879060 | 0x4f | 0x3 | 0x7101d045fc | 0x0 | 0x4 | 87 | | 80 | GoalKinopico | | 0x710244ce20 | 0x71008888a0 | 0x50 | 0x3 | 0x7101d046e8 | 0x0 | 0x4 | 88 | | 81 | PlayerFire | | 0x71022fa480 | 0x71003b5d00 | 0x51 | 0x5 | 0x7101cfddb4 | 0x0 | 0x0 | 89 | | 82 | PlayerSuperBall | | 0x71022fa510 | 0x71003b79a0 | 0x52 | 0x5 | 0x7101cfddec | 0x0 | 0x0 | 90 | | 83 | KutsuKuribo | KutsuKuribo | 0x71024282b8 | 0x71006fd980 | 0x53 | 0x1 | 0x7101d02dd4 | 0x0 | 0xc | 91 | | 84 | KutsuKuribo | KutsuKuriboBig | 0x7102428300 | 0x71006fd980 | 0x54 | 0x1 | 0x7101d02de8 | 0x0 | 0xc | 92 | | 85 | KutsuKuriboHeels | KutsuKuriboHeels | 0x7102428348 | 0x71006fd980 | 0x55 | 0x1 | 0x7101d02dd4 | 0x0 | 0xc | 93 | | 86 | KutsuKuriboHeels | KutsuKuriboHeelsBig | 0x7102428390 | 0x71006fd980 | 0x56 | 0x1 | 0x7101d02de8 | 0x0 | 0xc | 94 | | 87 | Kuribo | Kuribo | 0x7102427fa0 | 0x71006f0a70 | 0x57 | 0x1 | 0x7101d02d5c | 0x0 | 0xc | 95 | | 88 | Kuribo | KuriboBig | 0x7102427fe8 | 0x71006f0a70 | 0x58 | 0x1 | 0x7101d02d70 | 0x0 | 0xc | 96 | | 89 | Kuribo | Kuribo3W | 0x71024280e8 | 0x71006f8980 | 0x59 | 0x1 | 0x7101d02d84 | 0x0 | 0xc | 97 | | 90 | Kuribo | KuriboBig3W | 0x7102428130 | 0x71006f8980 | 0x5a | 0x1 | 0x7101d02d98 | 0x0 | 0xc | 98 | | 91 | Kuribo | Kuribon | 0x71024281e0 | 0x71006f9f80 | 0x5b | 0x1 | 0x7101d02dac | 0x0 | 0xc | 99 | | 92 | Kuribo | KuribonBig | 0x7102428228 | 0x71006f9f80 | 0x5c | 0x1 | 0x7101d02dc0 | 0x0 | 0xc | 100 | | 93 | Kakibo | Kakibo | 0x71024269f0 | 0x7100689fd0 | 0x5d | 0x1 | 0x7101d02a4c | 0x0 | 0xc | 101 | | 94 | Kakibo | KakiboBig | 0x7102426a38 | 0x7100689fd0 | 0x5e | 0x1 | 0x7101d02a60 | 0x0 | 0xc | 102 | | 95 | Kakibon | Kakibon | 0x7102426b38 | 0x710068b340 | 0x5f | 0x1 | 0x7101d02a74 | 0x0 | 0xc | 103 | | 96 | Kakibon | KakibonBig | 0x7102426b80 | 0x710068b340 | 0x60 | 0x1 | 0x7101d02a88 | 0x0 | 0xc | 104 | | 97 | Nokonoko | NokonokoGreen | 0x7102429728 | 0x7100724f30 | 0x61 | 0x1 | 0x7101d031d4 | 0x0 | 0xc | 105 | | 98 | Nokonoko | NokonokoGreenBig | 0x7102429770 | 0x7100724f30 | 0x62 | 0x1 | 0x7101d031e8 | 0x0 | 0xc | 106 | | 99 | NokonokoNaked | NokonokoWorldGreen | 0x7102429800 | 0x7100725e60 | 0x63 | 0x1 | 0x7101d031fc | 0x0 | 0xc | 107 | | 100 | NokonokoNaked | NokonokoWorldGreenBig | 0x7102429890 | 0x7100725e60 | 0x64 | 0x1 | 0x7101d03210 | 0x0 | 0xc | 108 | | 101 | NokonokoRed | NokonokoRed | 0x7102429ab0 | 0x710072a4e0 | 0x65 | 0x1 | 0x7101d032b0 | 0x0 | 0xc | 109 | | 102 | NokonokoRed | NokonokoRedBig | 0x7102429af8 | 0x710072a4e0 | 0x66 | 0x1 | 0x7101d032c4 | 0x0 | 0xc | 110 | | 103 | NokonokoNakedRed | NokonokoWorldRed | 0x7102429848 | 0x7100725e60 | 0x67 | 0x1 | 0x7101d031fc | 0x0 | 0xc | 111 | | 104 | NokonokoNakedRed | NokonokoWorldRedBig | 0x71024298d8 | 0x7100725e60 | 0x68 | 0x1 | 0x7101d03210 | 0x0 | 0xc | 112 | | 105 | NokonokoNaked | NokonokoNaked3W | 0x7102429948 | 0x7100728300 | 0x69 | 0x1 | 0x7101d03288 | 0x0 | 0xc | 113 | | 106 | NokonokoNaked | NokonokoNakedBig3W | 0x71024299d8 | 0x7100728300 | 0x6a | 0x1 | 0x7101d0329c | 0x0 | 0xc | 114 | | 107 | NokonokoNakedRed | NokonokoNakedRed3W | 0x7102429990 | 0x7100728300 | 0x6b | 0x1 | 0x7101d03288 | 0x0 | 0xc | 115 | | 108 | NokonokoNakedRed | NokonokoNakedRedBig3W | 0x7102429a20 | 0x7100728300 | 0x6c | 0x1 | 0x7101d0329c | 0x0 | 0xc | 116 | | 109 | Pakkun | Pakkun | 0x7102429b98 | 0x7100733e70 | 0x6d | 0x1 | 0x7101d03398 | 0x0 | 0xc | 117 | | 110 | Pakkun | PakkunBig | 0x7102429be0 | 0x7100733e70 | 0x6e | 0x1 | 0x7101d033ac | 0x0 | 0xc | 118 | | 111 | Pakkun | Pakkun3W | 0x7102429d00 | 0x710073c6a0 | 0x6f | 0x0 | 0x7101d033d8 | 0x0 | 0xc | 119 | | 112 | Pakkun | Pakkun3WBig | 0x7102429d48 | 0x710073c6a0 | 0x70 | 0x1 | 0x7101d033ec | 0x0 | 0xc | 120 | | 113 | Pakkun | PPakkun | 0x710242a7d0 | 0x710074d990 | 0x71 | 0x1 | 0x7101d03438 | 0x0 | 0xc | 121 | | 114 | Pakkun | PPakkunBig | 0x710242a818 | 0x710074d990 | 0x72 | 0x1 | 0x7101d0344c | 0x0 | 0xc | 122 | | 115 | FirePakkun | FirePakkun | 0x7102425d90 | 0x7100652900 | 0x73 | 0x1 | 0x7101d02888 | 0x0 | 0xc | 123 | | 116 | FirePakkun | FirePakkunBig | 0x7102425dd8 | 0x7100652900 | 0x74 | 0x1 | 0x7101d0289c | 0x0 | 0xc | 124 | | 117 | FirePakkun | FirePakkun3W | 0x7102425e98 | 0x7100655830 | 0x75 | 0x1 | 0x7101d028b0 | 0x0 | 0xc | 125 | | 118 | FirePakkun | FirePakkun3WBig | 0x7102425ee0 | 0x7100655830 | 0x76 | 0x1 | 0x7101d028c4 | 0x0 | 0xc | 126 | | 119 | EnemyWaki | | 0x710242bd10 | 0x71007a62c0 | 0x77 | 0x5 | 0x7101d03858 | 0x0 | 0x0 | 127 | | 120 | EnemyMagnumKillerHoudai3W | | 0x7102428548 | 0x7100703820 | 0x78 | 0x5 | 0x7101d02e10 | 0x0 | 0x0 | 128 | | 121 | Bros | Bros1st | 0x71024251a8 | 0x710061ae30 | 0x79 | 0x1 | 0x7101d0102c | 0x0 | 0xc | 129 | | 122 | Bros | BrosU | 0x7102425248 | 0x710061bfa0 | 0x7a | 0x1 | 0x7101d01058 | 0x0 | 0xc | 130 | | 123 | FireBros | FireBros | 0x7102425cd0 | 0x7100651e50 | 0x7b | 0x1 | 0x7101d02874 | 0x0 | 0xc | 131 | | 124 | MegaBros | MegaBros | 0x71024285a8 | 0x7100703e50 | 0x7c | 0x1 | 0x7101d02e24 | 0x0 | 0xc | 132 | | 125 | MegaFireBros | MegaFireBros | 0x7102428648 | 0x7100705f40 | 0x7d | 0x1 | 0x7101d02e38 | 0x0 | 0xc | 133 | | 126 | Choropoo | Choropoo | 0x7102425900 | 0x7100641140 | 0x7e | 0x1 | 0x7101d01124 | 0x0 | 0xc | 134 | | 127 | Choropoo | ChoropooBig | 0x7102425948 | 0x7100641140 | 0x7f | 0x1 | 0x7101d01138 | 0x0 | 0xc | 135 | | 128 | Bombhei | Bombhei | 0x7102424f40 | 0x710060aa30 | 0x80 | 0x1 | 0x7101d00fdc | 0x0 | 0xc | 136 | | 129 | Bombhei | BombheiBig | 0x7102424f88 | 0x710060aa30 | 0x81 | 0x1 | 0x7101d00ff0 | 0x0 | 0xc | 137 | | 130 | Togezo | Togezo | 0x710242b718 | 0x710077bd80 | 0x82 | 0x1 | 0x7101d0377c | 0x0 | 0xc | 138 | | 131 | Togezo | TogezoBig | 0x710242b760 | 0x710077bd80 | 0x83 | 0x1 | 0x7101d03790 | 0x0 | 0xc | 139 | | 132 | Jugem | Jugem | 0x71024268b0 | 0x7100684310 | 0x84 | 0x1 | 0x7101d02a24 | 0x0 | 0xc | 140 | | 133 | MagnumKiller | MagnumKiller | 0x7102428440 | 0x7100700f60 | 0x85 | 0x1 | 0x7101d02dfc | 0x0 | 0xc | 141 | | 134 | MagnumKillerSearch | MagnumKillerSearch | 0x7102428488 | 0x7100700f60 | 0x86 | 0x1 | 0x7101d02dfc | 0x0 | 0xc | 142 | | 135 | Killer | Killer | 0x7102426fd0 | 0x71006999d0 | 0x87 | 0x1 | 0x7101d02b14 | 0x0 | 0xc | 143 | | 136 | KillerSearch | KillerSearch | 0x7102427018 | 0x71006999d0 | 0x88 | 0x1 | 0x7101d02b14 | 0x0 | 0xc | 144 | | 137 | Kameck | Kameck | 0x7102426c68 | 0x710068c3b0 | 0x89 | 0x1 | 0x7101d02a9c | 0x0 | 0xc | 145 | | 138 | Kameck | KameckBig | 0x7102426cb0 | 0x710068c3b0 | 0x8a | 0x1 | 0x7101d02ab0 | 0x0 | 0xc | 146 | | 139 | Teresa | Teresa | 0x710242b308 | 0x710076cbc0 | 0x8b | 0x1 | 0x7101d03654 | 0x0 | 0x8c | 147 | | 140 | Teresa | TeresaBig | 0x710242b350 | 0x710076cbc0 | 0x8c | 0x1 | 0x7101d03668 | 0x0 | 0x8c | 148 | | 141 | Teresa | TeresaSpread | 0x710242b398 | 0x710076cbc0 | 0x8d | 0x1 | 0x7101d0367c | 0x0 | 0x8c | 149 | | 142 | Teresa | TeresaSpreadBig | 0x710242b3e0 | 0x710076cbc0 | 0x8e | 0x1 | 0x7101d03690 | 0x0 | 0x8c | 150 | | 143 | Necchi | Necchi | 0x71024293d8 | 0x710071a440 | 0x8f | 0x1 | 0x7101d0307c | 0x0 | 0xc | 151 | | 144 | Teren | Teren | 0x710242b240 | 0x710076c0c0 | 0x90 | 0x1 | 0x7101d0361c | 0x0 | 0x8c | 152 | | 145 | Teren | TerenBig | 0x710242b288 | 0x710076c0c0 | 0x91 | 0x0 | 0x7101d03630 | 0x0 | 0x8c | 153 | | 146 | Hacchin | Hacchin | 0x7102426500 | 0x710066f600 | 0x92 | 0x1 | 0x7101d029ac | 0x0 | 0xc | 154 | | 147 | Hacchin | HacchinBig | 0x7102426548 | 0x710066f600 | 0x93 | 0x1 | 0x7101d029c0 | 0x0 | 0xc | 155 | | 148 | Pyonchu | Pyonchu | 0x710242ae08 | 0x710075e0e0 | 0x94 | 0x1 | 0x7101d03500 | 0x0 | 0xc | 156 | | 149 | Pyonchu | PyonchuBig | 0x710242ae50 | 0x710075e0e0 | 0x95 | 0x1 | 0x7101d03514 | 0x0 | 0xc | 157 | | 150 | Pyonchu | HariPyonchu | 0x710242ae98 | 0x710075e0e0 | 0x96 | 0x1 | 0x7101d03500 | 0x0 | 0xc | 158 | | 151 | Pyonchu | HariPyonchuBig | 0x710242aee0 | 0x710075e0e0 | 0x97 | 0x1 | 0x7101d03514 | 0x0 | 0xc | 159 | | 152 | Karon | Karon | 0x7102426db0 | 0x71006929e0 | 0x98 | 0x1 | 0x7101d02ad8 | 0x0 | 0xc | 160 | | 153 | Karon | KaronBig | 0x7102426df8 | 0x71006929e0 | 0x99 | 0x1 | 0x7101d02aec | 0x0 | 0xc | 161 | | 154 | Karon | KaronShell | 0x7102426e40 | 0x71006929e0 | 0x9a | 0x1 | 0x7101d02b00 | 0x0 | 0xc | 162 | | 155 | Gesso | Gesso | 0x7102426290 | 0x7100665250 | 0x9b | 0x1 | 0x7101d0295c | 0x0 | 0xc | 163 | | 156 | Gesso | GessoBig | 0x71024262d8 | 0x7100665250 | 0x9c | 0x1 | 0x7101d02970 | 0x0 | 0xc | 164 | | 157 | Gesso | Gesso3W | 0x71024263c8 | 0x71006699a0 | 0x9d | 0x1 | 0x7101d02984 | 0x0 | 0xc | 165 | | 158 | Gesso | Gesso3WBig | 0x7102426410 | 0x71006699a0 | 0x9e | 0x0 | 0x7101d02998 | 0x0 | 0xc | 166 | | 159 | Hanachan | Hanachan | 0x71024265f0 | 0x7100670e40 | 0x9f | 0x1 | 0x7101d029d4 | 0x0 | 0xc | 167 | | 160 | Hanachan | HanachanBig | 0x7102426638 | 0x7100670e40 | 0xa0 | 0x1 | 0x7101d029e8 | 0x0 | 0xc | 168 | | 161 | Fugumannen | Fugumannen | 0x71024260c8 | 0x710065e450 | 0xa1 | 0x1 | 0x7101d02904 | 0x0 | 0xc | 169 | | 162 | Fugumannen | FugumannenBig | 0x7102426110 | 0x710065e450 | 0xa2 | 0x1 | 0x7101d02918 | 0x0 | 0xc | 170 | | 163 | Pukupuku | Pukupuku | 0x710242a8d8 | 0x710074f520 | 0xa3 | 0x1 | 0x7101d03460 | 0x0 | 0xc | 171 | | 164 | Pukupuku | PukupukuBig | 0x710242a920 | 0x710074f520 | 0xa4 | 0x1 | 0x7101d03474 | 0x0 | 0xc | 172 | | 165 | PukupukuRed | PukupukuRed | 0x710242aa10 | 0x7100754740 | 0xa5 | 0x1 | 0x7101d03488 | 0x0 | 0xc | 173 | | 166 | PukupukuRed | PukupukuRedBig | 0x710242aa58 | 0x7100754740 | 0xa6 | 0x1 | 0x7101d0349c | 0x0 | 0xc | 174 | | 167 | Bubble | Bubble | 0x7102425338 | 0x71006225b0 | 0xa7 | 0x1 | 0x7101d0106c | 0x0 | 0x8c | 175 | | 168 | Bubble | BubbleBig | 0x7102425380 | 0x71006225b0 | 0xa8 | 0x1 | 0x7101d01080 | 0x0 | 0x8c | 176 | | 169 | Wanwan | Wanwan | 0x710242bd88 | 0x71007a7940 | 0xa9 | 0x1 | 0x7101d03890 | 0x0 | 0xc | 177 | | 170 | Wanwan | WanwanBig | 0x710242bdd0 | 0x71007a7940 | 0xaa | 0x1 | 0x7101d038a4 | 0x0 | 0xc | 178 | | 171 | Arihei | Arihei | 0x7102424ad8 | 0x7100600660 | 0xab | 0x1 | 0x7101d00f48 | 0x0 | 0xc | 179 | | 172 | Arihei | AriheiBig | 0x7102424b20 | 0x7100600660 | 0xac | 0x1 | 0x7101d00f5c | 0x0 | 0xc | 180 | | 173 | Arihei | TunoArihei | 0x7102424b68 | 0x7100600660 | 0xad | 0x1 | 0x7101d00f48 | 0x0 | 0xc | 181 | | 174 | Arihei | TunoAriheiBig | 0x7102424bb0 | 0x7100600660 | 0xae | 0x1 | 0x7101d00f5c | 0x0 | 0xc | 182 | | 175 | Donketu | Donketu | 0x7102425a08 | 0x7100645c20 | 0xaf | 0x1 | 0x7101d011dc | 0x0 | 0xc | 183 | | 176 | Donketu | DonketuBig | 0x7102425a50 | 0x7100645c20 | 0xb0 | 0x1 | 0x7101d011f0 | 0x0 | 0xc | 184 | | 177 | Koopa | KoopaM1 | 0x71024272b8 | 0x710069ebf0 | 0xb1 | 0x1 | 0x7101d02b60 | 0x0 | 0x8c | 185 | | 178 | Koopa | KoopaM1Big | 0x7102427300 | 0x710069ebf0 | 0xb2 | 0x1 | 0x7101d02b74 | 0x0 | 0x8c | 186 | | 179 | Koopa | KoopaM3 | 0x7102427348 | 0x710069ebf0 | 0xb3 | 0x1 | 0x7101d02b60 | 0x0 | 0x8c | 187 | | 180 | Koopa | KoopaM3Big | 0x7102427390 | 0x710069ebf0 | 0xb4 | 0x1 | 0x7101d02b74 | 0x0 | 0x8c | 188 | | 181 | Koopa | KoopaMW | 0x71024273d8 | 0x710069ebf0 | 0xb5 | 0x1 | 0x7101d02b60 | 0x0 | 0x8c | 189 | | 182 | Koopa | KoopaMWBig | 0x7102427420 | 0x710069ebf0 | 0xb6 | 0x1 | 0x7101d02b74 | 0x0 | 0x8c | 190 | | 183 | Koopa | KoopaWU | 0x7102427468 | 0x710069ebf0 | 0xb7 | 0x0 | 0x7101d02b60 | 0x0 | 0x8c | 191 | | 184 | Koopa | KoopaWUBig | 0x71024274b0 | 0x710069ebf0 | 0xb8 | 0x1 | 0x7101d02b74 | 0x0 | 0x8c | 192 | | 185 | Koopa3W | Koopa3W | 0x7102427650 | 0x71006b55f0 | 0xb9 | 0x1 | 0x7101d02c00 | 0x0 | 0xc | 193 | | 186 | Koopa3W | Koopa3WBig | 0x7102427698 | 0x71006b55f0 | 0xba | 0x1 | 0x7101d02c14 | 0x0 | 0xc | 194 | | 187 | KoopaJr | KoopaJr | 0x7102427e18 | 0x71006e4180 | 0xbb | 0x1 | 0x7101d02cf4 | 0x0 | 0xc | 195 | | 188 | KoopaJr | KoopaJrBig | 0x7102427e60 | 0x71006e4180 | 0xbc | 0x1 | 0x7101d02d08 | 0x0 | 0xc | 196 | | 189 | BunbunM3 | BunbunM3 | 0x7102425610 | 0x710062f6b0 | 0xbd | 0x1 | 0x7101d010bc | 0x0 | 0xc | 197 | | 190 | BunbunM3 | BunbunM3Big | 0x7102425658 | 0x710062f6b0 | 0xbe | 0x1 | 0x7101d010d0 | 0x0 | 0xc | 198 | | 191 | BunbunU | BunbunU | 0x71024257a8 | 0x7100636b50 | 0xbf | 0x1 | 0x7101d010fc | 0x0 | 0xc | 199 | | 192 | BunbunU | BunbunUBig | 0x71024257f0 | 0x7100636b50 | 0xc0 | 0x1 | 0x7101d01110 | 0x0 | 0xc | 200 | | 193 | Bunbun3W | Bunbun3W | 0x71024254d0 | 0x7100629d20 | 0xc1 | 0x1 | 0x7101d01094 | 0x0 | 0xc | 201 | | 194 | Bunbun3W | Bunbun3WBig | 0x7102425518 | 0x7100629d20 | 0xc2 | 0x1 | 0x7101d010a8 | 0x0 | 0xc | 202 | | 195 | Punpun | Punpun | 0x710242ab60 | 0x7100754bd0 | 0xc3 | 0x1 | 0x7101d034b0 | 0x0 | 0xc | 203 | | 196 | Punpun | PunpunBig | 0x710242aba8 | 0x7100754bd0 | 0xc4 | 0x1 | 0x7101d034c4 | 0x0 | 0xc | 204 | | 197 | PunpunFake | PunpunFake | 0x710242ad30 | 0x710075bd60 | 0xc5 | 0x1 | 0x7101d034d8 | 0x0 | 0x14 | 205 | | 198 | PunpunFake | PunpunFakeBig | 0x710242ad78 | 0x710075bd60 | 0xc6 | 0x1 | 0x7101d034ec | 0x0 | 0x14 | 206 | | 199 | FishBone | FishBone | 0x7102425f70 | 0x7100657e70 | 0xc7 | 0x1 | 0x7101d028d8 | 0x0 | 0xc | 207 | | 200 | FishBone | FishBoneBig | 0x7102425fb8 | 0x7100657e70 | 0xc8 | 0x1 | 0x7101d028ec | 0x0 | 0xc | 208 | | 201 | Garigari | | 0x710244c4d8 | 0x7100886bf0 | 0xc9 | 0x3 | 0x7101d04698 | 0x0 | 0x4 | 209 | | 202 | Marumaru | | 0x710244e9f8 | 0x71008a2160 | 0xca | 0x3 | 0x7101d048a4 | 0x0 | 0x4 | 210 | | 203 | SuperKinoko | SuperKinoko | 0x71024487f0 | 0x71008379a0 | 0xcb | 0x2 | 0x7101d03d58 | 0x0 | 0xcc | 211 | | 204 | FireFlower | FireFlower | 0x7102448780 | 0x7100837470 | 0xcc | 0x2 | 0x7101d03d44 | 0x0 | 0xcc | 212 | | 205 | SuperStar | SuperStar | 0x7102448a78 | 0x71008399d0 | 0xcd | 0x2 | 0x7101d03dbc | 0x0 | 0xcc | 213 | | 206 | 1upKinoko | 1upKinoko | 0x71024488c0 | 0x7100838750 | 0xce | 0x2 | 0x7101d03d80 | 0x0 | 0xcc | 214 | | 207 | PoisonKinoko | PoisonKinoko | 0x7102448908 | 0x7100838750 | 0xcf | 0x2 | 0x7101d03d80 | 0x0 | 0xcc | 215 | | 208 | Leave | Leave | 0x7102448870 | 0x7100837da0 | 0xd0 | 0x2 | 0x7101d03d6c | 0x0 | 0xcc | 216 | | 209 | Feather | Feather | 0x7102448710 | 0x7100837040 | 0xd1 | 0x2 | 0x7101d03d30 | 0x0 | 0xcc | 217 | | 210 | Propeller | Propeller | 0x7102448988 | 0x7100838b10 | 0xd2 | 0x2 | 0x7101d03d94 | 0x0 | 0xcc | 218 | | 211 | SuperBell | SuperBell | 0x7102448b28 | 0x710083a2b0 | 0xd3 | 0x2 | 0x7101d03de4 | 0x0 | 0xcc | 219 | | 212 | SuperHammer | SuperHammer | 0x7102448b88 | 0x710083a670 | 0xd4 | 0x2 | 0x7101d03df8 | 0x0 | 0xcc | 220 | | 213 | Shoes | Shoes | 0x7102448a18 | 0x7100839000 | 0xd5 | 0x2 | 0x7101d03da8 | 0x0 | 0xcc | 221 | | 214 | BigKinoko | BigKinoko | 0x71024486a0 | 0x7100836ae0 | 0xd6 | 0x2 | 0x7101d03cb4 | 0x0 | 0xcc | 222 | | 215 | SuperBallFlower | SuperBallFlower | 0x7102448ac8 | 0x7100839f00 | 0xd7 | 0x2 | 0x7101d03dd0 | 0x0 | 0xcc | 223 | | 216 | Door | | 0x710244c380 | 0x7100880c10 | 0xd8 | 0x3 | 0x7101d0464c | 0x0 | 0x4 | 224 | | 217 | YoshiEgg | YoshiEgg | 0x7102451600 | 0x71008cb780 | 0xd9 | 0x3 | 0x7101d04b40 | 0x0 | 0x8c | 225 | | 218 | YoshiEgg | YoshiEggBig | 0x7102451648 | 0x71008cb780 | 0xda | 0x3 | 0x7101d04b40 | 0x0 | 0x28c | 226 | | 219 | Hammer | | 0x71022f9f50 | 0x71003aa4e0 | 0xdb | 0x5 | 0x7101cfdc6c | 0x0 | 0x0 | 227 | | 220 | EnmyFire | | 0x71022f9d30 | 0x71003a8230 | 0xdc | 0x5 | 0x7101cfdc44 | 0x0 | 0x4 | 228 | | 221 | YoshiFire | | 0x71022fa970 | 0x71003bedf0 | 0xdd | 0x5 | 0x7101cfde9c | 0x0 | 0x0 | 229 | | 222 | BulletYoshiBone | | 0x71022fa8d0 | 0x71003bdea0 | 0xde | 0x5 | 0x7101cfde88 | 0x0 | 0x4 | 230 | | 223 | BulletToge | | 0x71022fa830 | 0x71003bd2d0 | 0xdf | 0x5 | 0x7101cfde74 | 0x0 | 0x4 | 231 | | 224 | KameckMagic | | 0x71022f9fb0 | 0x71003abeb0 | 0xe0 | 0x5 | 0x7101cfdc80 | 0x0 | 0x0 | 232 | | 225 | BulletBone | | 0x71022f9c90 | 0x71003a7330 | 0xe1 | 0x5 | 0x7101cfdc30 | 0x0 | 0x4 | 233 | | 226 | BulletSenkanBall | | 0x71022fa610 | 0x71003ba250 | 0xe2 | 0x1 | 0x7101cfde38 | 0x0 | 0x8 | 234 | | 227 | BulletSpanner | | 0x71022fa750 | 0x71003bbfe0 | 0xe3 | 0x5 | 0x7101cfde60 | 0x0 | 0x4 | 235 | | 228 | BulletKoopaFire | | 0x71022fa228 | 0x71003b1e50 | 0xe4 | 0x5 | 0x7101cfdcd8 | 0x0 | 0x4 | 236 | | 229 | BulletKoopaFireFall | | 0x71022fa388 | 0x71003b4520 | 0xe5 | 0x5 | 0x7101cfdd58 | 0x0 | 0x4 | 237 | | 230 | ShoesAttack | | 0x71022fa6b0 | 0x71003bb3a0 | 0xe6 | 0x5 | 0x7101cfde4c | 0x0 | 0x0 | 238 | | 231 | KoopaClownFire | | 0x71022fa1c8 | 0x71003af260 | 0xe7 | 0x5 | 0x7101cfdc94 | 0x0 | 0x0 | 239 | | 232 | BulletPunpunShuriken | | 0x71022fa570 | 0x71003b8db0 | 0xe8 | 0x1 | 0x7101cfde24 | 0x0 | 0x8 | 240 | | 233 | FireBrosFire | | 0x71022f9e30 | 0x71003a9aa0 | 0xe9 | 0x5 | 0x7101cfdc58 | 0x0 | 0x4 | 241 | | 234 | JugemCloud | JugemCloud | 0x7102426960 | 0x7100685c90 | 0xea | 0x1 | 0x7101d02a38 | 0x0 | 0x11c | 242 | | 235 | EnemyTowerManager | | 0x710242b870 | 0x7100785170 | 0xeb | 0x5 | 0x7101d037a4 | 0x0 | 0x80 | 243 | | 236 | KoopaFireEmitter | | 0x710242bf90 | 0x71007b6900 | 0xec | 0x5 | 0x7101d03944 | 0x0 | 0x100 | 244 | | 237 | MapObjCoinHopJump | | 0x710244c280 | 0x710087c310 | 0xed | 0x3 | 0x7101d04624 | 0x0 | 0x4 | 245 | | 238 | MapObjCoinYoshiEat | | 0x710244c2e0 | 0x710087f260 | 0xee | 0x3 | 0x7101d04638 | 0x0 | 0x4 | 246 | | 239 | StartArea | | 0x7102450e90 | 0x71008b7ce0 | 0xef | 0x3 | 0x7101d04a10 | 0x0 | 0x0 | 247 | | 240 | StartSignBoard | | 0x7102450ef0 | 0x71008b8190 | 0xf0 | 0x3 | 0x7101d04a24 | 0x0 | 0x5 | 248 | | 241 | CastleBridge | | 0x710244b680 | 0x71008761a0 | 0xf1 | 0x3 | 0x7101d045b0 | 0x0 | 0x84 | 249 | | 242 | AirSignBoard | | 0x7102449950 | 0x7100856940 | 0xf2 | 0x3 | 0x7101d04284 | 0x0 | 0x5 | 250 | | 243 | MiddleFlag | | 0x710244f428 | 0x71008a3310 | 0xf3 | 0x3 | 0x7101d048b8 | 0x0 | 0x4 | 251 | | 244 | BattleActorSpouter | | 0x71024570a0 | 0x7100908360 | 0xf4 | 0x5 | 0x7101d04cbc | 0x0 | 0x0 | 252 | | 245 | EditPlayer | | 0x71023496f0 | 0x71004c1080 | 0xf5 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 253 | | 246 | EditSaka30 | EditSaka30 | 0x710234cf20 | 0x71004d2980 | 0xf6 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 254 | | 247 | EditSaka45 | EditSaka45 | 0x710234d138 | 0x71004d2f10 | 0xf7 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 255 | | 248 | EditGround | EditGround | 0x7102333d68 | 0x710048ce30 | 0xf8 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 256 | | 249 | EditDokan | EditDokan | 0x710232eb50 | 0x710047e200 | 0xf9 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 257 | | 250 | EditClearDokan | EditClearDokan | 0x710232ca58 | 0x710047b650 | 0xfa | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 258 | | 251 | EditGroundMushroom | EditGroundMushRoom | 0x7102335e60 | 0x71004948a0 | 0xfb | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 259 | | 252 | EditGroundBox | EditGroundBox | 0x7102334868 | 0x7100490350 | 0xfc | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 260 | | 253 | EditHalfColBox | EditHalfColBox | 0x71023374b0 | 0x7100498770 | 0xfd | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 261 | | 254 | EditBridge | EditBridge | 0x71023283d0 | 0x7100475d50 | 0xfe | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 262 | | 255 | EditBeltConveyor | EditBeltConveyor | 0x7102326b10 | 0x7100470df0 | 0xff | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 263 | | 256 | EditSlopeBeltConveyor | EditSlopeBeltConveyor | 0x710234fef0 | 0x71004db9b0 | 0x100 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 264 | | 257 | EditTsuta | EditTsuta | 0x7102356210 | 0x71004ebfc0 | 0x101 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 265 | | 258 | EditRail | EditRail | 0x710234c218 | 0x71004c8930 | 0x102 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 266 | | 259 | EditJugemCloud | EditJugemCloud | 0x710233ab80 | 0x710049fb70 | 0x103 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 267 | | 260 | EditKoopaClown | EditKoopaClown | 0x710233fcd8 | 0x71004aca50 | 0x104 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 268 | | 261 | EditKoopaCar | EditKoopaCar | 0x710233f1e0 | 0x71004ac1a0 | 0x105 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 269 | | 262 | EditSwingCrane | EditSwingCrane | 0x7102353850 | 0x71004e4a80 | 0x106 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 270 | | 263 | EditKuribo | EditKuribo | 0x7102340a38 | 0x71004b2660 | 0x107 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 271 | | 264 | EditKutsuKuribo | EditKutsuKuribo | 0x7102340c50 | 0x71004b2ba0 | 0x108 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 272 | | 265 | EditNokonoko | EditNokonoko | 0x71023449a0 | 0x71004bcdf0 | 0x109 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 273 | | 266 | EditPakkun | EditPakkun | 0x7102348098 | 0x71004c05d0 | 0x10a | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 274 | | 267 | EditBlackPakkun | EditBlackPakkun | 0x71023276a8 | 0x7100474b80 | 0x10b | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 275 | | 268 | EditHammerBros | EditHammerBros | 0x7102338ab0 | 0x710049a470 | 0x10c | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 276 | | 269 | EditDossun | EditDossun | 0x71023301e0 | 0x7100485380 | 0x10d | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 277 | | 270 | EditKillerHoudai | EditKillerHoudai | 0x710233ced0 | 0x71004a6ae0 | 0x10e | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 278 | | 271 | EditMagnumKiller | EditMagnumKiller | 0x7102342d50 | 0x71004b8c80 | 0x10f | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 279 | | 272 | EditPoo | EditPoo | 0x710234a4b8 | 0x71004c6210 | 0x110 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 280 | | 273 | EditChoropoo | EditChoropoo | 0x710232b468 | 0x710047add0 | 0x111 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 281 | | 274 | EditBombhei | EditBombhei | 0x71023278d8 | 0x7100475640 | 0x112 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 282 | | 275 | EditTogezo | EditTogezo | 0x71023556b8 | 0x71004eaa10 | 0x113 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 283 | | 276 | EditMet | EditMet | 0x7102343a60 | 0x71004ba3f0 | 0x114 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 284 | | 277 | EditJugem | EditJugem | 0x710233a088 | 0x710049f340 | 0x115 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 285 | | 278 | EditKameck | EditKameck | 0x710233ade8 | 0x71004a5220 | 0x116 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 286 | | 279 | EditTogemet | EditTogemet | 0x7102354ba8 | 0x71004ea4f0 | 0x117 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 287 | | 280 | EditTeresa | EditTeresa | 0x7102353c70 | 0x71004e7e10 | 0x118 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 288 | | 281 | EditKaron | EditKaron | 0x710233b8e0 | 0x71004a5670 | 0x119 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 289 | | 282 | EditFishBone | EditFishBone | 0x71023324a0 | 0x710048a030 | 0x11a | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 290 | | 283 | EditGesso | EditGesso | 0x7102332778 | 0x710048ad80 | 0x11b | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 291 | | 284 | EditSenkanHoudai | EditSenkanHoudai | 0x710234f3f8 | 0x71004da160 | 0x11c | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 292 | | 285 | EditHanachan | EditHanachan | 0x7102338cc8 | 0x710049c140 | 0x11d | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 293 | | 286 | EditPukupuku | EditPukupuku | 0x710234b3e0 | 0x71004c7650 | 0x11e | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 294 | | 287 | EditBubble | EditBubble | 0x7102328ec8 | 0x7100476fa0 | 0x11f | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 295 | | 288 | EditWanwan | EditWanwan | 0x7102356d68 | 0x71004ed2d0 | 0x120 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 296 | | 289 | EditArihei | EditArihei | 0x7102323f70 | 0x710046c6e0 | 0x121 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 297 | | 290 | EditHopper | EditHopper | 0x7102339a40 | 0x710049e8c0 | 0x122 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 298 | | 291 | EditHacchin | EditHacchin | 0x71023369b8 | 0x7100498390 | 0x123 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 299 | | 292 | EditPyonchu | EditPyonchu | 0x710234b5f8 | 0x71004c7b70 | 0x124 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 300 | | 293 | EditFugumannen | EditFugumannen | 0x7102332718 | 0x710048a9a0 | 0x125 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 301 | | 294 | EditDonketsu | EditDonketsu | 0x710232eba0 | 0x7100482760 | 0x126 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 302 | | 295 | EditKoopa | EditKoopa | 0x710233efb8 | 0x71004aaad0 | 0x127 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 303 | | 296 | EditKoopaJr | EditKoopaJr | 0x71023407c0 | 0x71004b0bb0 | 0x128 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 304 | | 297 | EditBunbun | EditBunbun | 0x7102328f28 | 0x7100477900 | 0x129 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 305 | | 298 | EditUganFish | EditUganFish | 0x7102356b50 | 0x71004ecd90 | 0x12a | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 306 | | 299 | EditRengaBlock | EditRengaBlock | 0x710234cd08 | 0x71004d2480 | 0x12b | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 307 | | 300 | EditHatenaBlock | EditHatenaBlock | 0x71023399e0 | 0x710049e420 | 0x12c | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 308 | | 301 | EditToge | EditToge | 0x7102353e88 | 0x71004e94e0 | 0x12d | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 309 | | 302 | EditHardBlock | EditHardBlock | 0x7102338ee0 | 0x710049e190 | 0x12e | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 310 | | 303 | EditIceBlock | EditIceBlock | 0x7102339c58 | 0x710049eca0 | 0x12f | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 311 | | 304 | EditIcicle | EditIcicle | 0x7102339e70 | 0x710049ef30 | 0x130 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 312 | | 305 | EditLavaEditor | EditLavaEditor | 0x7102341748 | 0x71004b3b60 | 0x131 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 313 | | 306 | EditGroundGoal | | 0x7102335360 | 0x7100490e00 | 0x132 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 314 | | 307 | EditGroundStart | | 0x7102336958 | 0x7100495980 | 0x133 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 315 | | 308 | EditCastleBridge | EditCastleBridge | 0x710232a530 | 0x7100479370 | 0x134 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 316 | | 309 | EditDoor | EditDoor | 0x710232f6e8 | 0x7100482b40 | 0x135 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 317 | | 310 | EditWarpBox | EditWarpBox | 0x7102357860 | 0x71004eeef0 | 0x136 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 318 | | 311 | EditGoalPole | | 0x7102333270 | 0x710048c820 | 0x137 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 319 | | 312 | EditJumpStep | EditJumpStep | 0x710233ad88 | 0x71004a4db0 | 0x138 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 320 | | 313 | EditTornado | EditTornado | 0x7102355718 | 0x71004ebc90 | 0x139 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 321 | | 314 | EditLift | EditLift | 0x7102342240 | 0x71004b6db0 | 0x13a | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 322 | | 315 | EditYouganLift | EditYouganLift | 0x71023583b8 | 0x71004f1300 | 0x13b | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 323 | | 316 | EditSeesaw | EditSeesaw | 0x710234e8e8 | 0x71004d92b0 | 0x13c | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 324 | | 317 | EditKinokoTrampoline | EditKinokoTrampoline | 0x710233e4c0 | 0x71004a9630 | 0x13d | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 325 | | 318 | EditPSwitch | EditPSwitch | 0x710234b1c8 | 0x71004c7130 | 0x13e | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 326 | | 319 | EditOnOffSwitch | EditOnOffSwitch | 0x7102345498 | 0x71004bd7e0 | 0x13f | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 327 | | 320 | EditKey | EditKey | 0x710233c3d8 | 0x71004a6730 | 0x140 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 328 | | 321 | EditPowBlock | EditPowBlock | 0x710234a6d0 | 0x71004c6ca0 | 0x141 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 329 | | 322 | EditSuperKinoko | EditSuperKinoko | 0x710233d9c8 | 0x71004a8820 | 0x142 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 330 | | 323 | EditSpecialItem | EditSpecialItem | 0x71023514f0 | 0x71004e1e90 | 0x143 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 331 | | 324 | EditSuperHammer | EditSuperHammer | 0x7102352b40 | 0x71004e3950 | 0x144 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 332 | | 325 | Edit1upKinoko | Edit1upKinoko | 0x710231f1c0 | 0x7100448bb0 | 0x145 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 333 | | 326 | EditFireFlower | EditFireFlower | 0x7102332430 | 0x7100488cb0 | 0x146 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 334 | | 327 | EditSuperStar | EditSuperStar | 0x7102352d58 | 0x71004e44f0 | 0x147 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 335 | | 328 | EditChikuwaBlock | EditChikuwaBlock | 0x710232b250 | 0x710047a7f0 | 0x148 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 336 | | 329 | EditKumoBlock | EditKumoBlock | 0x71023409d8 | 0x71004b1ed0 | 0x149 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 337 | | 330 | EditOnpuBlock | EditOnpuBlock | 0x7102345f90 | 0x71004bda80 | 0x14a | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 338 | | 331 | EditClearBlock | EditClearBlock | 0x710232bf60 | 0x710047b290 | 0x14b | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 339 | | 332 | EditTensenBlock | EditTensenBlock | 0x7102353a58 | 0x71004e7940 | 0x14c | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 340 | | 333 | EditFlashBlock | EditFlashBlock | 0x71023326b8 | 0x710048a580 | 0x14d | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 341 | | 334 | EditSnakeBlock | EditSnakeBlock | 0x71023509e8 | 0x71004df520 | 0x14e | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 342 | | 335 | EditNobinobiPakkun | EditNobinobiPakkun | 0x7102344778 | 0x71004bb760 | 0x14f | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 343 | | 336 | EditBikkuriBlock | EditBikkuriBlock | 0x7102327638 | 0x7100473660 | 0x150 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 344 | | 337 | EditOrbitBlock | EditOrbitBlock | 0x7102346a88 | 0x71004be400 | 0x151 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 345 | | 338 | EditCoin | EditCoin | 0x710232d560 | 0x710047d1f0 | 0x152 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 346 | | 339 | EditCoin10 | EditCoin10 | 0x710232e058 | 0x710047db60 | 0x153 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 347 | | 340 | EditPinkCoin | EditPinkCoin | 0x7102348b90 | 0x71004c0b30 | 0x154 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 348 | | 341 | EditFireBar | EditFireBar | 0x7102332218 | 0x7100487110 | 0x155 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 349 | | 342 | EditWoodBox | EditWoodBox | 0x71023581a0 | 0x71004f0dd0 | 0x156 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 350 | | 343 | EditBurner | EditBurner | 0x7102329a30 | 0x7100478230 | 0x157 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 351 | | 344 | EditStartSignBoard | | 0x7102351e30 | 0x71004e2c20 | 0x158 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 352 | | 345 | EditAirSignBoard | EditAirSignBoard | 0x7102323d58 | 0x710046b940 | 0x159 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 353 | | 346 | EditCheckpointFlag | EditCheckpointFlag | 0x710232b038 | 0x7100479860 | 0x15a | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 354 | | 347 | EditHalfHitWall | EditHalfHitWall | 0x7102337fb8 | 0x71004999a0 | 0x15b | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 355 | | 348 | EditSaw | EditSaw | 0x710234ddf0 | 0x71004d8e80 | 0x15c | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 356 | | 349 | EditMarumaru | EditMarumaru | 0x7102342f68 | 0x71004b9fc0 | 0x15d | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 357 | | 350 | EditTogeKonbo | EditTogeKonbo | 0x7102354990 | 0x71004e9760 | 0x15e | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 358 | | 351 | EditNeedleCube | EditNeedleCube | 0x7102343c78 | 0x71004bb330 | 0x15f | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 359 | | 352 | EditSunAndMoon | EditSunAndMoon | 0x7102352928 | 0x71004e3270 | 0x160 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 360 | | 353 | EditBellTree | EditBellTree | 0x7102326018 | 0x710046f7e0 | 0x161 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 361 | | 354 | EditQuestChaseKinopio | EditQuestChaseKinopio | 0x710234b658 | 0x71004c8030 | 0x162 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 362 | | 355 | EditQuestMaterialStone | EditQuestMaterialStone | 0x710234b718 | 0x71004c8610 | 0x163 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 363 | | 356 | EditQuestGoalKinopico | EditQuestGoalKinopico | 0x710234b6b8 | 0x71004c8340 | 0x164 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 364 | | 357 | EditAutoScrollCamera | EditAutoScrollCamera | 0x7102324a80 | 0x710046cc50 | 0x165 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 365 | | 358 | EditOtoasobiIcon | EditOtoasobiIcon | 0x7102347590 | 0x71004bf9a0 | 0x166 | 0x4 | 0x7101cff5f4 | 0x0 | 0x0 | 366 | | 359 | QuestPlayer | | 0x7102467310 | 0x7100a6aa40 | 0x167 | 0x0 | 0x7101d0a338 | 0x0 | 0x0 | 367 | | 360 | QuestActorKinopio | | 0x7102464b98 | 0x7100a37580 | 0x168 | 0x5 | 0x7101d09ee8 | 0x0 | 0x0 | 368 | | 361 | BuildChief | | 0x7102464a68 | 0x7100a36ae0 | 0x169 | 0x5 | 0x7101d09eac | 0x0 | 0x0 | 369 | | 362 | QuestActorQuestCounter | | 0x7102465740 | 0x7100a47170 | 0x16a | 0x5 | 0x7101d09f2c | 0x0 | 0x0 | 370 | | 363 | UndoDog | | 0x71024662d0 | 0x7100a49510 | 0x16b | 0x5 | 0x7101d09fa8 | 0x0 | 0x0 | 371 | | 364 | Yamamura | | 0x7102466330 | 0x7100a4ac30 | 0x16c | 0x5 | 0x7101d09fbc | 0x0 | 0x0 | 372 | | 365 | YamamuraStained | | 0x7102466390 | 0x7100a4af80 | 0x16d | 0x5 | 0x7101d09fd0 | 0x0 | 0x0 | 373 | | 366 | RobotTop | | 0x71024657a0 | 0x7100a47320 | 0x16e | 0x5 | 0x7101d09f40 | 0x0 | 0x0 | 374 | | 367 | RobotBottom | | 0x7102465860 | 0x7100a48390 | 0x16f | 0x5 | 0x7101d09f68 | 0x0 | 0x0 | 375 | | 368 | RobotAntenna | | 0x7102465800 | 0x7100a47f90 | 0x170 | 0x5 | 0x7101d09f54 | 0x0 | 0x0 | 376 | | 369 | Eraser | | 0x7102464ad8 | 0x7100a36fa0 | 0x171 | 0x5 | 0x7101d09ec0 | 0x0 | 0x0 | 377 | | 370 | Block | | 0x71024649f8 | 0x7100a36480 | 0x172 | 0x5 | 0x7101d09e98 | 0x0 | 0x0 | 378 | | 371 | Frog | | 0x7102464b38 | 0x7100a372c0 | 0x173 | 0x5 | 0x7101d09ed4 | 0x0 | 0x0 | 379 | | 372 | Peach | | 0x71024656e0 | 0x7100a46ee0 | 0x174 | 0x5 | 0x7101d09f18 | 0x0 | 0x0 | 380 | | 373 | QuestActorTag | | 0x7102466270 | 0x7100a48ee0 | 0x175 | 0x5 | 0x7101d09f94 | 0x0 | 0x0 | 381 | 382 | # Course Part IDs 383 | 384 | | File ID | Edit | ??? | M1 | M3 | MW | WU | 3W | 385 | |---------|------|-----|----|----|----|----|----| 386 | | 0 | *EditKuribo* | *Kuribo* | *Kuribo* | *Kuribo* | *Kuribon* | *Kuribo* | *Kuribo3W* | 387 | | 1 | *EditNokonoko* | *NokonokoGreen* | *NokonokoGreen* | *NokonokoGreen* | *NokonokoGreen* | *NokonokoGreen* | *NokonokoGreen* | 388 | | 2 | *EditPakkun* | *Pakkun* | *Pakkun* | *Pakkun* | *PPakkun* | *Pakkun* | *Pakkun3W* | 389 | | 3 | *EditHammerBros* | *Bros1st* | *Bros1st* | *Bros1st* | *Bros1st* | *BrosU* | *BrosU* | 390 | | 4 | *EditRengaBlock* | RengaBlock | RengaBlock | RengaBlock | RengaBlock | RengaBlock | RengaBlock | 391 | | 5 | *EditHatenaBlock* | HatenaBlock | HatenaBlock | HatenaBlock | HatenaBlock | HatenaBlock | HatenaBlock | 392 | | 6 | *EditHardBlock* | HardBlock | HardBlock | HardBlock | HardBlock | HardBlock | HardBlock | 393 | | 7 | *EditGround* | *none* | *none* | *none* | *none* | *none* | *none* | 394 | | 8 | *EditCoin* | TenCoin | TenCoin | TenCoin | TenCoin | TenCoin | TenCoin | 395 | | 9 | *EditDokan* | *none* | *none* | *none* | *none* | *none* | *none* | 396 | | 10 | *EditJumpStep* | *JumpStep* | *JumpStep* | *JumpStep* | *JumpStep* | *JumpStep* | *JumpStep* | 397 | | 11 | *EditLift* | Lift | Lift | Lift | Lift | Lift | Lift | 398 | | 12 | *EditDossun* | *Dossun* | *Dossun* | *Dossun* | *Dossun* | *Dossun* | *Dossun* | 399 | | 13 | *EditKillerHoudai* | *KillerHoudai* | *KillerHoudai* | *KillerHoudai* | *KillerHoudai* | *KillerHoudai* | *KillerHoudai* | 400 | | 14 | *EditGroundMushRoom* | *none* | *none* | *none* | *none* | *none* | *none* | 401 | | 15 | *EditBombhei* | *Bombhei* | *Bombhei* | *Bombhei* | *Bombhei* | *Bombhei* | *Bombhei* | 402 | | 16 | *EditGroundBox* | *none* | *none* | *none* | *none* | *none* | *none* | 403 | | 17 | *EditBridge* | *none* | *none* | *none* | *none* | *none* | *none* | 404 | | 18 | *EditPSwitch* | *PSwitch* | *PSwitch* | *PSwitch* | *PSwitch* | *PSwitch* | *PSwitch* | 405 | | 19 | *EditPowBlock* | *PowBlock* | *PowBlock* | *PowBlock* | *PowBlock* | *PowBlock* | *PowBlock* | 406 | | 20 | *EditSuperKinoko* | *SuperKinoko* | *SuperKinoko* | *SuperKinoko* | *SuperKinoko* | *SuperKinoko* | *SuperKinoko* | 407 | | 21 | *EditChikuwaBlock* | ChikuwaBlock | ChikuwaBlock | ChikuwaBlock | ChikuwaBlock | ChikuwaBlock | ChikuwaBlock | 408 | | 22 | *EditKumoBlock* | KumoBlock | KumoBlock | KumoBlock | KumoBlock | KumoBlock | KumoBlock | 409 | | 23 | *EditOnpuBlock* | OnpuBlock | OnpuBlock | OnpuBlock | OnpuBlock | OnpuBlock | OnpuBlock | 410 | | 24 | *EditFireBar* | FireBar | FireBar | FireBar | FireBar | FireBar | FireBar | 411 | | 25 | *EditTogezo* | *Togezo* | *Togezo* | *Togezo* | *Togezo* | *Togezo* | *Togezo* | 412 | | 26 | EditGroundGoal | *none* | *none* | *none* | *none* | *none* | *none* | 413 | | 27 | EditGoalPole | GoalPole | GoalPole | Mario3Goal | MariowGoal | GoalPole | GoalPole | 414 | | 28 | *EditMet* | *Met* | *Met* | *Met* | *Met* | *Met* | *Met* | 415 | | 29 | *EditClearBlock* | ClearBlock | ClearBlock | ClearBlock | ClearBlock | ClearBlock | ClearBlock | 416 | | 30 | *EditJugem* | *Jugem* | *Jugem* | *Jugem* | *Jugem* | *Jugem* | *Jugem* | 417 | | 31 | *EditJugemCloud* | *JugemCloud* | *JugemCloud* | *JugemCloud* | *JugemCloud* | *JugemCloud* | *JugemCloud* | 418 | | 32 | *EditMagnumKiller* | *MagnumKiller* | *MagnumKiller* | *MagnumKiller* | *MagnumKiller* | *MagnumKiller* | *MagnumKiller* | 419 | | 33 | *Edit1upKinoko* | *1upKinoko* | *1upKinoko* | *1upKinoko* | *1upKinoko* | *1upKinoko* | *1upKinoko* | 420 | | 34 | *EditFireFlower* | *FireFlower* | *FireFlower* | *FireFlower* | *FireFlower* | *FireFlower* | *FireFlower* | 421 | | 35 | *EditSuperStar* | *SuperStar* | *SuperStar* | *SuperStar* | *SuperStar* | *SuperStar* | *SuperStar* | 422 | | 36 | *EditYouganLift* | YouganLift | YouganLift | YouganLift | YouganLift | YouganLift | YouganLift | 423 | | 37 | EditGroundStart | *none* | *none* | *none* | *none* | *none* | *none* | 424 | | 38 | EditStartSignBoard | StartSignBoard | StartSignBoard | StartSignBoard | StartSignBoard | StartSignBoard | StartSignBoard | 425 | | 39 | *EditKameck* | *Kameck* | *Kameck* | *Kameck* | *Kameck* | *Kameck* | *Kameck* | 426 | | 40 | *EditTogemet* | *Togemet* | *Togemet* | *Togemet* | *Togemet* | *Togemet* | *Togemet* | 427 | | 41 | *EditTeresa* | *Teresa* | *Teresa* | *Teresa* | *Teresa* | *Teresa* | *Teresa* | 428 | | 42 | *EditKoopaClown* | *KoopaClown* | *KoopaClown* | *KoopaClown* | *KoopaClown* | *KoopaClown* | *KoopaClown* | 429 | | 43 | *EditToge* | *none* | *none* | *none* | *none* | *none* | *none* | 430 | | 44 | *EditSpecialItem* | *BigKinoko* | *BigKinoko* | *Leave* | *Feather* | *Propeller* | *SuperBell* | 431 | | 45 | *EditKutsuKuribo* | *KutsuKuribo* | *KutsuKuribo* | *KutsuKuribo* | *YoshiEgg* | *YoshiEgg* | *KutsuKuribo* | 432 | | 46 | *EditKaron* | *Karon* | *Karon* | *Karon* | *Karon* | *Karon* | *Karon* | 433 | | 47 | *EditSenkanHoudai* | *SenkanHoudai* | *SenkanHoudai* | *SenkanHoudai* | *SenkanHoudai* | *SenkanHoudai* | *SenkanHoudai* | 434 | | 48 | *EditGesso* | *Gesso* | *Gesso* | *Gesso* | *Gesso* | *Gesso* | *Gesso3W* | 435 | | 49 | *EditCastleBridge* | *none* | *none* | *none* | *none* | *none* | *none* | 436 | | 50 | *EditHopper* | *Hopper* | *Hopper* | *Hopper* | *Hopper* | *Hopper* | *Hopper* | 437 | | 51 | *EditPyonchu* | *Pyonchu* | *Pyonchu* | *Pyonchu* | *Pyonchu* | *Pyonchu* | *Pyonchu* | 438 | | 52 | *EditHanachan* | *Hanachan* | *Hanachan* | *Hanachan* | *Hanachan* | *Hanachan* | *Hanachan* | 439 | | 53 | *EditBeltConveyor* | *none* | *none* | *none* | *none* | *none* | *none* | 440 | | 54 | *EditBurner* | Burner | Burner | Burner | Burner | Burner | Burner | 441 | | 55 | *EditDoor* | Door | Door | Door | Door | Door | Door | 442 | | 56 | *EditPukupuku* | *Pukupuku* | *Pukupuku* | *Pukupuku* | *Pukupuku* | *Pukupuku* | *Pukupuku* | 443 | | 57 | *EditBlackPakkun* | *BlackPakkun* | *BlackPakkun* | *BlackPakkun* | *BlackPakkun* | *BlackPakkun* | *BlackPakkun* | 444 | | 58 | *EditPoo* | *Poo* | *Poo* | *Poo* | *Poo* | *Poo* | *Poo* | 445 | | 59 | *EditRail* | *none* | *none* | *none* | *none* | *none* | *none* | 446 | | 60 | *EditBubble* | *Bubble* | *Bubble* | *Bubble* | *Bubble* | *Bubble* | *Bubble* | 447 | | 61 | *EditWanwan* | *Wanwan* | *Wanwan* | *Wanwan* | *Wanwan* | *Wanwan* | *Wanwan* | 448 | | 62 | *EditKoopa* | *KoopaM1* | *KoopaM1* | *KoopaM3* | *KoopaMW* | *KoopaWU* | *Koopa3W* | 449 | | 63 | *EditIceBlock* | IceBlock | IceBlock | IceBlock | IceBlock | IceBlock | IceBlock | 450 | | 64 | *EditTsuta* | Ivy | Ivy | Ivy | Ivy | Ivy | Ivy | 451 | | 65 | *EditHacchin* | *Hacchin* | *Hacchin* | *Hacchin* | *Hacchin* | *Hacchin* | *Hacchin* | 452 | | 66 | *EditAirSignBoard* | AirSignBoard | AirSignBoard | AirSignBoard | AirSignBoard | AirSignBoard | AirSignBoard | 453 | | 67 | *EditHalfHitWall* | HalfHitWall | HalfHitWall | HalfHitWall | HalfHitWall | HalfHitWall | HalfHitWall | 454 | | 68 | *EditSaw* | Garigari | Garigari | Garigari | Garigari | Garigari | Garigari | 455 | | 69 | EditPlayer | *none* | *none* | *none* | *none* | *none* | *none* | 456 | | 70 | *EditCoin10* | *Coin10* | *Coin10* | *Coin10* | *Coin10* | *Coin10* | *Coin10* | 457 | | 71 | *EditHalfColBox* | *none* | *none* | *none* | *none* | *none* | *none* | 458 | | 72 | *EditKoopaCar* | *KoopaCar* | *KoopaCar* | *KoopaCar* | *KoopaCar* | *KoopaCar* | *KoopaCar* | 459 | | 73 | *EditQuestChaseKinopio* | ChaseKinopio | ChaseKinopio | ChaseKinopio | ChaseKinopio | ChaseKinopio | ChaseKinopio | 460 | | 74 | *none* | *none* | *none* | *none* | *none* | *none* | *none* | 461 | | 75 | *EditQuestMaterialStone* | *Stone* | *Stone* | *Stone* | *Stone* | *Stone* | *Stone* | 462 | | 76 | *EditTornado* | Tornado | Tornado | Tornado | Tornado | Tornado | Tornado | 463 | | 77 | *EditBunbun* | *BunbunM3* | *BunbunM3* | *BunbunM3* | *BunbunM3* | *BunbunU* | *Bunbun3W* | 464 | | 78 | *none* | *none* | *none* | *none* | *none* | *none* | *none* | 465 | | 79 | *none* | *none* | *none* | *none* | *none* | *none* | *none* | 466 | | 80 | *none* | *none* | *none* | *none* | *none* | *none* | *none* | 467 | | 81 | *none* | *none* | *none* | *none* | *none* | *none* | *none* | 468 | | 82 | *EditMarumaru* | Marumaru | Marumaru | Marumaru | Marumaru | Marumaru | Marumaru | 469 | | 83 | *EditTogeKonbo* | BigClub | BigClub | BigClub | BigClub | BigClub | BigClub | 470 | | 84 | *EditSnakeBlock* | SnakeBlock | SnakeBlock | SnakeBlock | SnakeBlock | SnakeBlock | SnakeBlock | 471 | | 85 | *EditOrbitBlock* | *OrbitBlock* | *OrbitBlock* | *OrbitBlock* | *OrbitBlock* | *OrbitBlock* | *OrbitBlock* | 472 | | 86 | *EditUganFish* | UganFish | UganFish | UganFish | UganFish | UganFish | UganFish | 473 | | 87 | *EditSaka30* | *none* | *none* | *none* | *none* | *none* | *none* | 474 | | 88 | *EditSaka45* | *none* | *none* | *none* | *none* | *none* | *none* | 475 | | 89 | *EditAutoScrollCamera* | *none* | *none* | *none* | *none* | *none* | *none* | 476 | | 90 | *EditCheckpointFlag* | MiddleFlag | MiddleFlag | MiddleFlag | MiddleFlag | MiddleFlag | MiddleFlag | 477 | | 91 | *EditSeesaw* | Seesaw | Seesaw | Seesaw | Seesaw | Seesaw | Seesaw | 478 | | 92 | *EditPinkCoin* | *none* | *none* | *none* | *none* | *none* | *none* | 479 | | 93 | *EditClearDokan* | *none* | *none* | *none* | *none* | *none* | *none* | 480 | | 94 | *EditSlopeBeltConveyor* | *none* | *none* | *none* | *none* | *none* | *none* | 481 | | 95 | *EditKey* | Key | Key | Key | Key | Key | Key | 482 | | 96 | *EditArihei* | *Arihei* | *Arihei* | *Arihei* | *Arihei* | *Arihei* | *Arihei* | 483 | | 97 | *EditWarpBox* | WarpBox | WarpBox | WarpBox | WarpBox | WarpBox | WarpBox | 484 | | 98 | *EditKoopaJr* | *KoopaJr* | *KoopaJr* | *KoopaJr* | *KoopaJr* | *KoopaJr* | *KoopaJr* | 485 | | 99 | *EditOnOffSwitch* | *none* | *none* | *none* | *none* | *none* | *none* | 486 | | 100 | *EditTensenBlock* | *none* | *none* | *none* | *none* | *none* | *none* | 487 | | 101 | *EditLavaEditor* | *none* | *none* | *none* | *none* | *none* | *none* | 488 | | 102 | *EditChoropoo* | *Choropoo* | *Choropoo* | *Choropoo* | *Choropoo* | *Choropoo* | *Choropoo* | 489 | | 103 | *EditFishBone* | *FishBone* | *FishBone* | *FishBone* | *FishBone* | *FishBone* | *FishBone* | 490 | | 104 | *EditSunAndMoon* | Sun | Sun | Sun | Sun | Sun | Sun | 491 | | 105 | *EditSwingCrane* | SwingCrane | SwingCrane | SwingCrane | SwingCrane | SwingCrane | SwingCrane | 492 | | 106 | *EditBellTree* | BellTree | BellTree | BellTree | BellTree | BellTree | BellTree | 493 | | 107 | *EditNobinobiPakkun* | NobinobiPakkun | NobinobiPakkun | NobinobiPakkun | NobinobiPakkun | NobinobiPakkun | NobinobiPakkun | 494 | | 108 | *EditFlashBlock* | *none* | *none* | *none* | *none* | *none* | *none* | 495 | | 109 | *EditOtoasobiIcon* | *none* | *none* | *none* | *none* | *none* | *none* | 496 | | 110 | *EditNeedleCube* | *none* | *none* | *none* | *none* | *none* | *none* | 497 | | 111 | *none* | *none* | *none* | *none* | *none* | *none* | *none* | 498 | | 112 | *EditWoodBox* | *WoodBox* | *WoodBox* | *WoodBox* | *WoodBox* | *WoodBox* | *WoodBox* | 499 | | 113 | *EditKinokoTrampoline* | Trampoline | Trampoline | Trampoline | Trampoline | Trampoline | Trampoline | 500 | | 114 | *EditFugumannen* | *Fugumannen* | *Fugumannen* | *Fugumannen* | *Fugumannen* | *Fugumannen* | *Fugumannen* | 501 | | 115 | *EditQuestGoalKinopico* | GoalKinopico | GoalKinopico | GoalKinopico | GoalKinopico | GoalKinopico | GoalKinopico | 502 | | 116 | *EditSuperHammer* | *SuperHammer* | *SuperHammer* | *SuperHammer* | *SuperHammer* | *SuperHammer* | *SuperHammer* | 503 | | 117 | *EditDonketsu* | *Donketu* | *Donketu* | *Donketu* | *Donketu* | *Donketu* | *Donketu* | 504 | | 118 | *EditIcicle* | Icicle | Icicle | Icicle | Icicle | Icicle | Icicle | 505 | | 119 | *EditBikkuriBlock* | BlockBikkuri | BlockBikkuri | BlockBikkuri | BlockBikkuri | BlockBikkuri | BlockBikkuri | 506 | -------------------------------------------------------------------------------- /GDB.md: -------------------------------------------------------------------------------- 1 | For the sake of documentation, here's some info on how to get GDB and Yuzu working so that you can dump the game's memory and do other interesting things. 2 | 3 | For this setup I used Yuzu on Windows 10 and Ubuntu on WSL. 4 | 5 | Install devkitPro as specified on https://devkitpro.org/wiki/devkitPro_pacman into the WSL environment: 6 | 7 | sudo ln -s /proc/self/mounts /etc/mtab 8 | sudo dpkg -i devkitpro-pacman.deb 9 | dkp-pacman -Syu 10 | dkp-pacman -S devkitA64 11 | 12 | Run yuzu and enable the GDB stub under Configuration > General > Debug. 13 | 14 | Run `/opt/devkitpro/devkitA64/bin/aarch64-none-elf/gdb` inside WSL, and enter `target remote :24689` to connect. 15 | 16 | I couldn't figure out how to get a memory map out of the very limited gdb support in yuzu, but you can do some painstaking binary searching to figure out where memory starts and ends -- for my setup with SMM v1.0.0, this was from `0x8000000` to `0xB325000`. The MOD0 header for Mario Maker's main binary begins at `0x8005000`. 17 | 18 | (gdb) dump memory memdump8000000.bin 0x8000000 0xB325000 19 | 20 | -------------------------------------------------------------------------------- /LevelFormat.md: -------------------------------------------------------------------------------- 1 | This information relates to version 1.0.0 of _Super Mario Maker 2_. Not guaranteed to be correct; a lot of these fields are just educated guesses based off observations from the files included in the game. 2 | 3 | ## Encryption 4 | 5 | Special thanks to simontime for writing a decryptor, which is available on GitHub here: [simontime/SMM2CourseDecryptor](https://github.com/simontime/SMM2CourseDecryptor) 6 | 7 | See that repository for working decryption code. The configuration block it uses is as follows: 8 | 9 | | Offset | Type | Description | 10 | |--------|------|-------------| 11 | | 00 | u8[16] | AES IV | 12 | | 10 | u32[4] | Randomiser state (for key generation) | 13 | | 20 | u8[16] | AES-CMAC digest | 14 | 15 | ## File Layout 16 | 17 | Size 0x5C000. This describes the fixed-size .bcd files that contain each course in the game's romfs, following Yaz0 decompression and SARC extraction. 18 | 19 | | Offset | Type | Description | 20 | |--------|------|-------------| 21 | | 00 | u32 | Assumed version number -- must be 1 in v1.0.0 | 22 | | 04 | u16 | Assumed version number -- must be 0x10 in v1.0.0 | 23 | | 06 | *padding* | 2 empty bytes | 24 | | 08 | u32 | CRC32 of the decrypted level file from offset 0x10 to 0x5BFD0 (non-inclusive) | 25 | | 0C | char[4] | Magic `SCDL` (`53 53 44 4C`) | 26 | | 10 | LevelHeader | level header (encrypted) | 27 | | 210 | LevelArea | main level area (encrypted) | 28 | | 2E0F0 | LevelArea | sub level area (encrypted) | 29 | | 5BFD0 | CryptoCfg | information for the level file's encryption | 30 | 31 | ## Level Header 32 | 33 | Size 0x200. Stores metadata about the level itself. Some of this is still unknown. 34 | 35 | | Offset | Type | Description | 36 | |--------|------|-------------| 37 | | 00 | u8 | Y position of start (in tiles) | 38 | | 01 | u8 | Y position of goal (in tiles) | 39 | | 02 | u16 | X position of goal (in tiles * 10) | 40 | | 04 | u16 | Time limit; defaults to 300 | 41 | | 06 | u16 | Target amount required for clear condition | 42 | | 08 | u16 | Creation year | 43 | | 0A | u8 | Creation month | 44 | | 0B | u8 | Creation day | 45 | | 0C | u8 | Creation hour | 46 | | 0D | u8 | Creation minute | 47 | | 0E | u8 | Unknown byte | 48 | | 0F | u8 | Clear condition type (more below) | 49 | | 10 | u32 | Clear condition object (CRC32 of more below) | 50 | | 14 | u32 | Unknown | 51 | | 18 | u32 | Management flags: &1 always seems to be set, &2 shows that a level has passed its Clear Check, &0x10 shows that the level may not be uploaded | 52 | | 1C | u32 | Always seems to be zeroes | 53 | | 20 | u32 | Time taken in Clear Check (units unknown), or 0xFFFFFFFF if the level has not been cleared | 54 | | 24 | u32 | Initialised to a random value when a level is created | 55 | | 28 | u32 | Unknown, related somehow to levels being uploaded to Course World (level appears as "Uploaded" in Coursebot's My Courses if this is non-zero) | 56 | | .. | .. | .. zero in all files .. | 57 | | F0 | u8 | Unknown, usually FF but sometimes set to other things | 58 | | F1 | char[3] | Game style, null-terminated: `M1`, `M3`, `MW`, `WU`, `3W` | 59 | | F4 | wchar16[33] | Course name, null-terminated, UCS-2 | 60 | | 136 | wchar16[101] | Course description, null-terminated, UCS-2 (game only lets you enter up to 75, but there's space for 100) | 61 | 62 | ## Clear Conditions 63 | 64 | These appear to be controlled by three values in the level header: the condition type (field at 0xF), condition object (field at 0x10) and target amount (field at 0x6). 65 | 66 | The following combinations are seen in the game's files: 67 | 68 | | Type | String | Hash | Outcome | 69 | |------|--------|------|---------| 70 | | | None | `DFA2AFF1` | *unchecked* | 71 | | 1 | EnemyKuribo | `7F07ACBF` | Must defeat X Goombas | 72 | | | EnemyKakibo | `C77685E8` | *unchecked* | 73 | | | EnemyNokonoko | `CCE12A46` | *unchecked* | 74 | | | EnemyMet | `C7DAD20F` | *unchecked* | 75 | | 1 | EnemyTogezo | `4B115542` | Must defeat X Spinies | 76 | | | EnemyPakkun | `DF6717DE` | *unchecked* | 77 | | | EnemyFirePakkun | `E50302F7` | *unchecked* | 78 | | | EnemyBlackPakkun | `CE9A707B` | *unchecked* | 79 | | 1 | EnemyNobinobiPakkun | `E47C2BE8` | Must defeat X Piranha Creepers | 80 | | 1 | EnemyKaron | `E25C5F60` | Must defeat X Dry Bones | 81 | | | EnemyFishBone | `563755F2` | *unchecked* | 82 | | | EnemyPoo | `A3AEC34A` | *unchecked* | 83 | | | EnemyChoropoo | `5A085610` | *unchecked* | 84 | | | EnemyBros | `634A6671` | *unchecked* | 85 | | | EnemyMegaBros | `A09BB51F` | *unchecked* | 86 | | | EnemyJugem | `794C6EB3` | *unchecked* | 87 | | 1 | EnemyGesso | `387C22CA` | Must defeat X Bloopers | 88 | | 1 | EnemyPukupuku | `103BBA8C` | Must defeat X Cheeps | 89 | | | EnemyTogemet | `FE75363E` | *unchecked* | 90 | | | EnemyArihei | `4C44DA92` | *unchecked* | 91 | | 1 | EnemyBubble | `7A128199` | Must defeat X Lava Bubbles | 92 | | | EnemyWanwan | `CE2E5A15` | *unchecked* | 93 | | | EnemyHanachan | `CF81610A` | *unchecked* | 94 | | | EnemyBombhei | `48D111E0` | *unchecked* | 95 | | | EnemyDossun | `7F88648A` | *unchecked* | 96 | | | EnemyTeresa | `501C7C00` | *unchecked* | 97 | | | EnemyTeren | `756120EE` | *unchecked* | 98 | | | EnemyMagnumKiller | `FFE76309` | *unchecked* | 99 | | | EnemyKameck | `F571D608` | *unchecked* | 100 | | | EnemySun | `66C2B75E` | *unchecked* | 101 | | | EnemyPyonchu | `F0F35CBA` | *unchecked* | 102 | | | EnemyHacchin | `E3F62C75` | *unchecked* | 103 | | | EnemyDonketsu | `4067AB4E` | *unchecked* | 104 | | | EnemyUganFish | `3F50B513` | *unchecked* | 105 | | | EnemyFugumannen | `3F4124E8` | *unchecked* | 106 | | | EnemyHopper | `467AFB58` | *unchecked* | 107 | | 1 | EnemyKoopa | `4B980B7F` | Must defeat X Bowsers | 108 | | | EnemyKoopaJr | `CA315249` | *unchecked* | 109 | | | EnemyBunbun | `3C164EB1` | *unchecked* | 110 | | 1 | EnemyPunpun | `6DAA9A3F` | Must defeat X Pom Poms | 111 | | | EnemyKiller | `405DCE65` | *unchecked* | 112 | | 2 | ItemSuperKinoko | `ED1023EA` | Must be Super Mario | 113 | | | ItemOneUpKinoko | `62B74A93` | *unchecked* | 114 | | | ItemFireFlower | `2A8E77BB` | *unchecked* | 115 | | | ItemSuperStar | `C73BE7EC` | *unchecked* | 116 | | | ItemDekaKinoko | `7C8612D5` | *unchecked* | 117 | | | ItemLeaf | `35A5AF47` | *unchecked* | 118 | | | ItemFeather | `BB926013` | *unchecked* | 119 | | 2 | ItemPropeller | `3A2F3996` | Must be Propeller Mario | 120 | | | ItemSuperBell | `7DDB5D7F` | *unchecked* | 121 | | | ItemSuperHammer | `B7402052` | *unchecked* | 122 | | | ItemSuperBallFlower | `6A1CE415` | *unchecked* | 123 | | | ObjectPowBlock | `66477BE4` | *unchecked* | 124 | | | ObjectPowBlockRed | `48B4157B` | *unchecked* | 125 | | | ObjectPSwitch | `63F3D532` | *unchecked* | 126 | | | ObjectWoodBox | `E6F2EEBE` | *unchecked* | 127 | | | ObjectJumpStep | `553A9590` | *unchecked* | 128 | | | AdditionalItemShoe | `1A098D50` | *unchecked* | 129 | | 2 | AdditionalItemYoshi | `FAE86A49` | Must be on Yoshi | 130 | | | AdditionalItemHelmetMet | `B4FA3D4B` | *unchecked* | 131 | | 2 | AdditionalItemHelmetTogezo | `DE0ABFC6` | Must wear a Spiny Shell | 132 | | | AdditionalItemKoopaClown | `D9893249` | *unchecked* | 133 | | 2 | AdditionalItemJugemCloud | `4C8772A3` | Must be on a Lakitu's Cloud | 134 | | 2 | AdditionalItemKoopaCar | `DE56FFB5` | Must be on a Koopa Car | 135 | | 2 | AdditionalItemKaronShoe | `97F8A309` | Must wear a Dry Bones Shell | 136 | | 1 | Coin | `F55B3863` | Must collect X coins | 137 | | | Coin10 | `C78F5040` | *unchecked* | 138 | | | Coin30 | `F5B932C2` | *unchecked* | 139 | | | Coin50 | `A3E39544` | *unchecked* | 140 | | 3 | Damage | `1664515A` | Do not take damage | 141 | | 3 | Land | `08327AE6` | Do not touch the ground | 142 | | | ShellNokonoko | `3EAB9AA1` | *unchecked* | 143 | | 3 | Crane | `97F4CF7A` | Do not use Swinging Claws | 144 | | 3 | Water | `3AF23BDE` | Do not leave the water | 145 | | 1 | BellTree | `C2A80228` | Must handstand on X trees | 146 | | 1 | QuestChaseKinopio | `EF026A7F` | Must have X Toads | 147 | | 2 | QuestMaterialStone | `46219146` | Must be carrying the stone | 148 | 149 | The examples listed with a type and description are those seen in the files on romfs; others are guessed based on a list found in the binary. The objects are referenced by storing the CRC32 of their name. 150 | 151 | ## Level Area 152 | 153 | Positioning in this game considers each tile to be 16x16. Some positions in the format specify values within this space, others address individual tiles instead, and others specify values multiplied by 10 (considering each tile to be 160x160). A veritable mess. 154 | 155 | Coordinates and dimensions specified below will use the former unless specified otherwise. Y coordinates originate at the bottom, so higher values are further up. 156 | 157 | This structure is of size 0x2DEE0. 158 | 159 | | Offset | Type | Description | 160 | |--------|------|-------------| 161 | | 00 | u8 | course theme: 0 = ground, 1 = underground, 2 = castle, 3 = airship, 4 = underwater, 5 = ghost house, 6 = snow, 7 = desert, 8 = sky, 9 = forest | 162 | | 01 | u8 | autoscroll type (00..04) | 163 | | 02 | u8 | values seen: 00, 01 - editor seems to sometimes sets it to 1 for horizontal levels and 0 for vertical...? not sure what the criteria are | 164 | | 03 | u8 | level orientation: 00 = horizontal, 01 = vertical | 165 | | 04 | u8 | maximum height of water/lava | 166 | | 05 | u8 | water/lava mode: 0 = static, 1 = continuous rise, 2 = rise/lower | 167 | | 06 | u8 | water/lava movement speed: 0 = static, 1 = slow, 2 = medium, 3 = fast | 168 | | 07 | u8 | minimum height of water/lava | 169 | | 08 | u32 | right boundary (always 0x300 for vertical areas) | 170 | | 0C | u32 | top boundary (always 0x1B0 for horizontal areas) | 171 | | 10 | u32 | left boundary (always 0) | 172 | | 14 | u32 | bottom boundary (always 0, except for certain vertical sub-areas) | 173 | | 18 | u32 | some kinda bitfield :: &2 means night mode, &1 is unknown | 174 | | 1C | u32 | object count | 175 | | 20 | u32 | free-standing sound effect count | 176 | | 24 | u32 | snake block count | 177 | | 28 | u32 | clear pipe count | 178 | | 2C | u32 | piranha creeper count | 179 | | 30 | u32 | expanding block count | 180 | | 34 | u32 | track block count | 181 | | 38 | u32 | unused, always zero | 182 | | 3C | u32 | tile count | 183 | | 40 | u32 | rail count | 184 | | 44 | u32 | icicle count | 185 | | 48 | Object[2600] | objects | 186 | | 14548 | SoundEffect[300] | free-standing sound effects (not attached to any object) | 187 | | 149F8 | Snake[5] | snake block paths | 188 | | 15CCC | ClearPipe[200] | clear pipes (3D World style) | 189 | | 240EC | Creeper[10] | piranha creepers (3D World style) | 190 | | 24434 | ExpandingBlock[10] | expanding blocks (3D World style) | 191 | | 245EC | TrackBlock[10] | track blocks (3D World style) | 192 | | 247A4 | Tile[4000] | simple terrain tiles | 193 | | 28624 | Rail[1500] | rails (path tracks) as individual objects | 194 | | 2CC74 | Icicle[300] | icicles | 195 | | 2D124 | .. | .. 0xDBC unmapped bytes (maybe unused? need to check if any files have data here) | 196 | 197 | ## Objects/Parts 198 | 199 | | Offset | Type | Description | 200 | |--------|------|-------------| 201 | | 00 | u32 | X position * 10 (each tile is 160x160) | 202 | | 04 | u32 | Y position * 10 (each tile is 160x160) | 203 | | 08 | u16 | unused? | 204 | | 0A | u8 | object width (in tiles) | 205 | | 0B | u8 | object height (in tiles) | 206 | | 0C | u32 | object flags | 207 | | 10 | u32 | child object flags | 208 | | 14 | u32 | extended data | 209 | | 18 | u16 | object type | 210 | | 1A | u16 | child object type (or 0xFFFF if no child) | 211 | | 1C | u16 | link ID (or 0xFFFF if none) | 212 | | 1E | u16 | sound effect (or 0xFFFF if none) | 213 | 214 | As in Mario Maker 1, objects can contain children (e.g. enemies containing keys or powerups which appear when the enemy is killed, or blocks containing a variety of items). 215 | 216 | The extended data field is usually zero, but is used by the following objects: 217 | 218 | - `EditTsuta` (see quest_008) 219 | - `EditFireBar` (see quest_020) 220 | - `EditBubble` (see quest_023) 221 | - `EditSnakeBlock`: references an ID from the Snake Block section of the file 222 | - `EditNobinobiPakkun`: references an ID from the Piranha Creeper section of the file 223 | - `EditBikkuriBlock`: references an ID from the Expanding Block section of the file 224 | - `EditOrbitBlock`: references an ID from the Track Block section of the file 225 | 226 | There may be more; these are just the examples that showed up in the courses in romfs. 227 | 228 | Default flags: 0x06000040 229 | 230 | Examples observed: 231 | 232 | - 2 : Wings (tested on Coin) 233 | - 4 : Music block (tested on Note Block) 234 | - 4 : Goombrat (tested on Goomba) 235 | - 4 : Red shell (tested on Koopa) 236 | - 4 : Red Cheep (tested on Cheep-Cheep) 237 | - 4 : Shell only (tested on Buzzy Beetle) 238 | - 4 : Blue (tested on Spike Top) 239 | - 4 : Blooper Nanny (tested on Blooper) 240 | - 4 : Shoots fireballs (tested on Piranha Plant) 241 | - 4 : Deactivate burner 242 | - 8 : Firebar rotates anti-clockwise 243 | - 8 : Conveyor belt faces right 244 | - 8 : Burner faces right 245 | - 0x10 : Burner faces down 246 | - 0x18 : Burner faces left 247 | - 0x20 : Pipe faces left 248 | - 0x40 : Pipe faces up (also set on most other objects) 249 | - 0x60 : Pipe faces down 250 | - 0x400 : Make object larger (tested on Goomba) 251 | - 0x4000 : Red Yoshi (tested on Yoshi Egg) 252 | - 0x8000 : Para (tested on Coin) 253 | - 0x40000 : Mushroom addition (tested on Fire Flower) 254 | - 0x40000 : Conveyor belt goes fast 255 | - 0x40000 : Yellow platform (tested on Mushroom Platform) 256 | - 0x80000 : Green platform (tested on Mushroom Platform) 257 | - 0x40000 : 30 Coin (tested on 10 Coin) 258 | - 0x80000 : 50 Coin (tested on 10 Coin) 259 | - 0x40000 : Door is P-switch controlled 260 | - 0x80000 : Door is key controlled 261 | - 0x100000 : Slope goes down-right (steep) 262 | - 0x200000 : Slope goes up-right (gentle - unnecessary?) 263 | - 0x300000 : Slope goes down-right (gentle) 264 | - 0x100000, 0x200000, 0x300000 ... 0xA00000 : Warp pipe ID (10 max, connects to corresponding pipe in other area) 265 | - 0x000000, 0x200000 ... 0x700000 : Door ID (8 max, 0 connects to 1, 2 connects to 3, 4 connects to 5, 6 connects to 7) 266 | - 0 : Spike pillar faces down 267 | - 0x400000 : Spike pillar faces left 268 | - 0x800000 : Spike pillar faces up 269 | - 0xC00000 : Spike pillar faces right 270 | - 0 : One-way Wall faces right 271 | - 0x400000 : One-way Wall faces down 272 | - 0x800000 : One-way Wall faces left 273 | - 0xC00000 : One-way Wall faces up 274 | - 0x100000 : Conveyor belt slope goes up-right (steep) 275 | - 0x200000 : Conveyor belt slope goes down-right (steep) 276 | - 0x400000 : Conveyor belt is switch-controlled 277 | - 0 : Firebar is 1 tile long 278 | - 0x400000 : Firebar is 2 tiles long 279 | - 0x800000 : Firebar is 3 tiles long 280 | - 0xC00000 : Firebar is 4 tiles long 281 | - 0x1000000 : Firebar is 5 tiles long 282 | - 0x1400000 : Firebar is 6 tiles long 283 | - 0x1800000 : Firebar is 7 tiles long 284 | - 0x1C00000 : Firebar is 8 tiles long 285 | - 0 : Cannon faces up-left 286 | - 0x400000 : Cannon faces up 287 | - 0x800000 : Cannon faces up-right 288 | - 0xC00000 : Cannon faces right 289 | - 0x1000000 : Cannon faces left 290 | 291 | Checkpoint flags: 292 | 293 | - 0x6400000 : Rotated 90 degrees clockwise 294 | - 0x6800000 : Rotated 180 degrees 295 | - 0x6C00000 : Rotated 270 degrees 296 | 297 | Pipes: 298 | 299 | - 0x40000 : Red Pipe 300 | - 0x80000 : Blue Pipe 301 | - 0xC0000 : Yellow Pipe 302 | 303 | - 0x06000000 : Facing Right 304 | - 0x06000060 : Facing Down 305 | - 0x06000020 : Facing Left 306 | 307 | Thwomps: 308 | 309 | - 0x06000058 : Normal Thwomp 310 | - 0x06000040 : Left Thwomp 311 | - 0x06000050 : Right Thwomp 312 | 313 | Arrow Signs: 314 | 315 | - 0x06000040 : Facing right 316 | - 0x06400040 : Facing down-right 317 | - 0x06800040 : Facing down 318 | - 0x06C00040 : Facing down-left 319 | - 0x07000040 : Facing left 320 | - 0x07400040 : Facing up-left 321 | - 0x07800040 : Facing up 322 | - 0x07C00040 : Facing up-right 323 | 324 | ## Freestanding Sound Effects 325 | 326 | | Offset | Type | Description | 327 | |--------|------|-------------| 328 | | 00 | u8 | effect type | 329 | | 01 | u8 | X position (in tiles) | 330 | | 02 | u8 | Y position (in tiles) | 331 | | 03 | *padding* | empty byte | 332 | 333 | ## Snake Block Tracks 334 | 335 | | Offset | Type | Description | 336 | |--------|------|-------------| 337 | | 00 | u8 | ID | 338 | | 01 | u8 | node count | 339 | | 02 | u8 | unknown, always 1 - may signal "this slot is in use"? | 340 | | 03 | *padding* | empty byte | 341 | | 04 | SnakeNode[120] | nodes | 342 | 343 | ### Snake Block Nodes 344 | 345 | | Offset | Type | Description | 346 | |--------|------|-------------| 347 | | 00 | u16 | index? starts at 0, goes up by 1 each node | 348 | | 02 | u16 | seen values: 1, 2, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 16 | 349 | | 04 | u16 | seen values: 0x100 | 350 | | 06 | u16 | unused? | 351 | 352 | Weirdness in quest_051: the only snake block object refers to ID 2, and the only track structure has ID 1 and is in the second slot, not the first as you'd expect. Something odd is up there... 353 | 354 | ## Clear Pipes 355 | 356 | | Offset | Type | Description | 357 | |--------|------|-------------| 358 | | 00 | u8 | ID | 359 | | 01 | u8 | node count | 360 | | 02 | u8 | unknown, always 1 - may signal "this slot is in use"? | 361 | | 03 | *padding* | empty byte | 362 | | 04 | ClearPipeNode[36] | nodes | 363 | 364 | ### Clear Pipe Nodes 365 | 366 | | Offset | Type | Description | 367 | |--------|------|-------------| 368 | | 00 | u8 | unknown, ranges from 0 to 11 | 369 | | 01 | u8 | index? starts at 0, goes up by 1 each node | 370 | | 02 | u8 | unknown - wide spread, may be some kind of coordinate | 371 | | 03 | u8 | unknown - wide spread, may be some kind of coordinate | 372 | | 04 | u8 | seems to be always 2 | 373 | | 05 | u8 | values seen: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 13, 15, 16, 18, 21, 23, 26, 27, 35 | 374 | | 06 | u8 | seems to be always 1 | 375 | | 07 | u8 | values seen: 0, 1, 2, 3 | 376 | 377 | ## Piranha Creeper Tracks 378 | 379 | | Offset | Type | Description | 380 | |--------|------|-------------| 381 | | 00 | u8 | unknown, always 1 - may signal "this slot is in use"? | 382 | | 01 | u8 | ID | 383 | | 02 | u8 | node count | 384 | | 03 | *padding* | empty byte | 385 | | 04 | CreeperNode[20] | nodes | 386 | 387 | ### Piranha Creeper Nodes 388 | 389 | | Offset | Type | Description | 390 | |--------|------|-------------| 391 | | 00 | u8 | seems to be always 1 | 392 | | 01 | u8 | values seen: 1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 393 | | 02 | u8 | seems to be always 0 | 394 | | 03 | u8 | seems to be always 0 | 395 | 396 | ## Expanding Block Tracks 397 | 398 | | Offset | Type | Description | 399 | |--------|------|-------------| 400 | | 00 | u8 | unknown, always 1 - may signal "this slot is in use"? | 401 | | 01 | u8 | ID | 402 | | 02 | u8 | node count | 403 | | 03 | *padding* | empty byte | 404 | | 04 | ExpandingBlockNode[10] | nodes | 405 | 406 | ### Expanding Block Nodes 407 | 408 | | Offset | Type | Description | 409 | |--------|------|-------------| 410 | | 00 | u8 | seems to be always 1 | 411 | | 01 | u8 | values seen: 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 412 | | 02 | u8 | seems to be always 0 | 413 | | 03 | u8 | seems to be always 0 | 414 | 415 | ## Track Block Tracks 416 | 417 | | Offset | Type | Description | 418 | |--------|------|-------------| 419 | | 00 | u8 | unknown, always 1 - may signal "this slot is in use"? | 420 | | 01 | u8 | ID | 421 | | 02 | u8 | node count | 422 | | 03 | *padding* | empty byte | 423 | | 04 | TrackBlockNode[10] | nodes | 424 | 425 | ### Track Block Nodes 426 | 427 | | Offset | Type | Description | 428 | |--------|------|-------------| 429 | | 00 | u8 | seems to be always 1 | 430 | | 01 | u8 | values seen: 1, 2, 4, 5, 9, 11, 12, 13, 14, 15, 16 | 431 | | 02 | u8 | seems to be always 0 | 432 | | 03 | u8 | seems to be always 0 | 433 | 434 | ## Tiles 435 | 436 | | Offset | Type | Description | 437 | |--------|------|-------------| 438 | | 00 | u8 | X position in tiles | 439 | | 01 | u8 | Y position in tiles | 440 | | 02 | u16 | tile ID | 441 | 442 | ## Rails 443 | 444 | | Offset | Type | Description | 445 | |--------|------|-------------| 446 | | 00 | u16 | seems to be always zero | 447 | | 02 | u8 | always 0 or 1 | 448 | | 03 | u8 | X position in tiles | 449 | | 04 | u8 | Y position in tiles | 450 | | 05 | u8 | unknown, in range 0-14 | 451 | | 06 | u16 | unknown | 452 | | 08 | u16 | unknown | 453 | | 0A | u16 | unknown | 454 | 455 | ## Icicles 456 | 457 | | Offset | Type | Description | 458 | |--------|------|-------------| 459 | | 00 | u8 | X position in tiles | 460 | | 01 | u8 | Y position in tiles | 461 | | 02 | u8 | always 0 or 1 | 462 | | 03 | *padding* | empty byte | 463 | -------------------------------------------------------------------------------- /LevelNames.md: -------------------------------------------------------------------------------- 1 | | Filename | In-Game Name | 2 | |----------|--------------| 3 | | quest_000 | A Downhill Battle | 4 | | quest_001 | Underground Coin Collecting | 5 | | quest_002 | ON/OFF Switch Research Expedition | 6 | | quest_003 | Under the Angry Sun | 7 | | quest_004 | Upside-Down Stretches | 8 | | quest_005 | Rotten Produce | 9 | | quest_006 | Good Lakitu, Bad Lakitu | 10 | | quest_007 | Big Showdown on a Little Star | 11 | | quest_008 | Boo's Towering House of Terror | 12 | | quest_009 | Blinking Block Blitz | 13 | | quest_010 | Banzai Bill Chase Scene | 14 | | quest_011 | That's One Hot Car! | 15 | | quest_012 | Swing, Claw! Swing! | 16 | | quest_013 | The Keymaster | 17 | | quest_014 | Ant Trooper March | 18 | | quest_015 | Shoe-Stopper | 19 | | quest_016 | Goomba Clubhouse | 20 | | quest_017 | Plenty of Cheep Cheeps in the Sea | 21 | | quest_018 | Swinging Claw Ropes Course | 22 | | quest_019 | Monty Mole Iceberg Getaway | 23 | | quest_020 | NO JUMPING ALLOWED! | 24 | | quest_021 | Bouncing through the Clouds | 25 | | quest_022 | Impassable Castle | 26 | | quest_023 | Wobbly Seesaw Castle | 27 | | quest_024 | Fast Snake Block Frontier | 28 | | quest_025 | Above the Clouds, Beyond the Vines | 29 | | quest_026 | Angry Angry Sun | 30 | | quest_027 | Lava Bubble Limbo | 31 | | quest_028 | 100 Coins under the Sea | 32 | | quest_029 | Hello, 3D World! | 33 | | quest_030 | Koopa Troopa Car, Go! | 34 | | quest_031 | ON/OFF Koopa Troopas | 35 | | quest_032 | Threat Level: Porcupuffer | 36 | | quest_033 | The Road to Wall Jump Mastery | 37 | | quest_034 | The Way of the Shell | 38 | | quest_035 | ON/OFF Switcheroo! | 39 | | quest_036 | Get Over It! | 40 | | quest_037 | Ancient Seesaw Fortress | 41 | | quest_038 | Save Me, Snake Block! | 42 | | quest_039 | Fly-By-Night Clown Car | 43 | | quest_040 | Red Yoshi's Cheep Cheep Cleanup | 44 | | quest_041 | The Darkness Lifts | 45 | | quest_042 | Deep in the Windy Valley | 46 | | quest_043 | Banzai Bill Ambush | 47 | | quest_044 | The Underground Menace | 48 | | quest_045 | Dry Bones Lava Lurker | 49 | | quest_046 | Tunnel to the Dark Side of the Moon | 50 | | quest_047 | Begone, Rotten Mushroom! | 51 | | quest_048 | With a Lantern | 52 | | quest_049 | Blink Blank Blunk | 53 | | quest_050 | Koopa Clown Car Coin Collecting | 54 | | quest_051 | Snake Blocks in the Sky | 55 | | quest_052 | Bumper Jump Around! | 56 | | quest_053 | Twisting through the Desert Sands | 57 | | quest_054 | Fire Koopa Clown Carnage | 58 | | quest_055 | Vines in the Castle | 59 | | quest_056 | BUZZY: The Movie: The Book: The Ride | 60 | | quest_057 | Lava Rising | 61 | | quest_058 | Seesaw Catapults | 62 | | quest_059 | The Mystery of the Haunted Manor | 63 | | quest_060 | The World's Greatest Cannon Ride | 64 | | quest_061 | Above the Clouds | 65 | | quest_062 | Treetop Fireballs | 66 | | quest_063 | River Fish in the Forest | 67 | | quest_064 | Dash On, Dash Off | 68 | | quest_065 | Blooper Barrage | 69 | | quest_066 | Icicle Playground | 70 | | quest_067 | Boo-ring Course | 71 | | quest_068 | Shoes in the Clouds | 72 | | quest_069 | Winter and Spring and Winter Again | 73 | | quest_070 | Climbing Twister Cave | 74 | | quest_071 | Dirty Donuts | 75 | | quest_072 | Red POW Block on the Move | 76 | | quest_073 | Dry Bones Shell Boating | 77 | | quest_074 | Lava Bubble Castle | 78 | | quest_075 | ON/OFF Rail Switch | 79 | | quest_076 | Para-Beetle Transfer | 80 | | quest_077 | Just a Normal, Everyday Castle | 81 | | quest_078 | Freezing Rain | 82 | | quest_079 | Boom Boom Rager | 83 | | quest_080 | Stone of Destiny | 84 | | quest_081 | Secret of the Dry Bones Shell | 85 | | quest_082 | Red Yoshi's Highway of Flames | 86 | | quest_083 | Launching Bob-ombs, Collecting Co-coins | 87 | | quest_084 | Invincible Windsprinter | 88 | | quest_085 | Skipsqueak Towers | 89 | | quest_086 | Bing Bang Boom in Bully Castle! | 90 | | quest_087 | Sail the Skies...Without Jumping | 91 | | quest_088 | No-Jump Snowfield! | 92 | | quest_089 | Master of the Trees | 93 | | quest_090 | POW Block Wake-Up Call! | 94 | | quest_091 | Piranha Creeper Squash | 95 | | quest_092 | Spiny Shell Smashers | 96 | | quest_093 | Buried Stones | 97 | | quest_094 | Cat-Scratch Stone | 98 | | quest_095 | Stone from the River | 99 | | quest_096 | Let's Go, Builder Mario! | 100 | | quest_097 | March of the Rookie Toads | 101 | | quest_098 | Super Mario Bros. W1-1? | 102 | | quest_099 | Swinging Claw Escape | 103 | | quest_100 | Swamp Escape by Shell! | 104 | | quest_101 | Chain Chomp Chiller | 105 | | quest_102 | Airship Flight | 106 | | quest_103 | Coin Collecting on an Unmanned Airship | 107 | | quest_104 | Summer Shootout | 108 | | quest_105 | Molten Rain | 109 | | quest_106 | Spiny Busters | 110 | | quest_107 | Target: A Single Pom Pom | 111 | | quest_108 | House of ! Blocks | 112 | | quest_109 | Darkness Ahead, Darkness Below | 113 | | quest_110 | High atop Thwomp Tower | 114 | | quest_111 | Cheep Cheep Maze | 115 | | quest_112 | Hold Your Breath | 116 | | quest_113 | Sea of Sorrow | 117 | | quest_114 | Heavy Stone Heave-Ho | 118 | | quest_115 | Head in the Clouds | 119 | | quest_116 | Little Toad Lost | 120 | | quest_117 | Toad Rescue | 121 | | quest_118 | Operation: Toadal Eclipse | 122 | | quest_119 | Meowser Showdown! | -------------------------------------------------------------------------------- /States.md: -------------------------------------------------------------------------------- 1 | Much of SMM2 is controlled by a state machine system. Conveniently, Nintendo has left plain-text names for all the states in the executable. Making use of them is a bit more of a pain - the state structures are all created dynamically. 2 | 3 | Dumping the data from memory isn't really feasible; these are only created when needed, so you would have to trigger every single one and dump them afterwards. 4 | 5 | Doing it by hand is prohibitive; there's hundreds of them. A reasonable middle ground is static analysis! 6 | 7 | An initial attempt at this is provided in the `ExtractedStateList.md` file in this repository. The Ghidra script used for this is in the scripts subdirectory. 8 | -------------------------------------------------------------------------------- /ghidra_scripts/SMM2ActorIDDumper.py: -------------------------------------------------------------------------------- 1 | #TODO write a description for this script 2 | #@author 3 | #@category Functions 4 | #@keybinding 5 | #@menupath 6 | #@toolbar 7 | 8 | import ghidra.program.model.pcode.PcodeOp as PcodeOp 9 | import json 10 | 11 | with open('/Users/ash/src/switch/actorInfo.json', 'r') as f: 12 | actorInfo = json.load(f) 13 | 14 | def resolvePcodeToConstant(op): 15 | if op.getOpcode() in (PcodeOp.CAST, PcodeOp.COPY): 16 | return resolveVarnode(op.getInput(0)) 17 | elif op.getOpcode() == PcodeOp.PTRSUB: 18 | return resolveVarnode(op.getInput(1)) 19 | else: 20 | return None 21 | #raise ValueError('unknown opcode @ %r' % op) 22 | 23 | def resolveVarnode(varnode): 24 | if varnode.isAddress() or varnode.isConstant(): 25 | return varnode 26 | else: 27 | return resolvePcodeToConstant(varnode.getDef()) 28 | 29 | 30 | ints = {} 31 | 32 | decompiler = ghidra.app.decompiler.DecompInterface() 33 | decompiler.toggleSyntaxTree(True) 34 | decompiler.toggleCCode(False) 35 | decompiler.openProgram(currentProgram) 36 | 37 | func = getFunction('sinit_ActorIDs') 38 | results = decompiler.decompileFunction(func, 5, monitor) 39 | hfunc = results.getHighFunction() 40 | 41 | for op in hfunc.getPcodeOps(): 42 | if op.getOpcode() in (PcodeOp.COPY, PcodeOp.INDIRECT) and op.getOutput().isAddress(): 43 | #print(op) 44 | outAddr = op.getOutput().getAddress() 45 | inVarnode = resolveVarnode(op.getInput(0)) 46 | if inVarnode is None: 47 | continue 48 | 49 | outOffset = outAddr.getOffset() 50 | if outOffset == inVarnode.getOffset(): 51 | print('???? %r %r %r ????' % (outAddr, inVarnode, op)) 52 | continue # warn? 53 | 54 | if inVarnode.getSize() == 8: 55 | high = (inVarnode.getOffset() >> 32) & 0xFFFFFFFF 56 | low = inVarnode.getOffset() & 0xFFFFFFFF 57 | ints[outOffset] = int(low) 58 | ints[outOffset + 4] = int(high) 59 | else: 60 | ints[outOffset] = int(inVarnode.getOffset() & 0xFFFFFFFF) 61 | 62 | 63 | def dumpIntArray(name): 64 | results = [] 65 | 66 | data = getDataAt(toAddr(name)) 67 | addrRange = (data.getMinAddress(), data.getMaxAddress()) 68 | addr = data.getMinAddress() 69 | while addr < data.getMaxAddress(): 70 | results.append(ints[addr.getOffset()]) 71 | addr = addr.add(4) 72 | 73 | return results 74 | 75 | nonEdit = dumpIntArray('NonEditActorIDs') 76 | edit = dumpIntArray('EditActorIDs') 77 | game = dumpIntArray('GameActorIDs') 78 | 79 | def niceActorName(n): 80 | if n == 0xFFFFFFFF: 81 | return '*none*' 82 | elif actorInfo[n]['str2']: 83 | return '*%s*' % actorInfo[n]['str2'] 84 | else: 85 | return actorInfo[n]['str1'] 86 | 87 | print('| File ID | Edit | ??? | M1 | M3 | MW | WU | 3W |') 88 | print('|---------|------|-----|----|----|----|----|----|') 89 | 90 | for i in xrange(len(nonEdit)): 91 | bits = (edit[i], nonEdit[i], game[i*5], game[i*5+1], game[i*5+2], game[i*5+3], game[i*5+4]) 92 | mungedBits = [niceActorName(x) for x in bits] 93 | print('| %d | %s |' % (i, ' | '.join(mungedBits))) 94 | 95 | 96 | '''for i, eid in enumerate(dumpIntArray('GameActorIDs')): 97 | if eid == 0xFFFFFFFF: 98 | print('%d -> NULL' % i) 99 | else: 100 | if actorInfo[eid]['str2']: 101 | print('%d -> %d(%s/%s)' % (i, eid, actorInfo[eid]['str1'], actorInfo[eid]['str2'])) 102 | else: 103 | print('%d -> %d(%s)' % (i, eid, actorInfo[eid]['str1']))''' 104 | -------------------------------------------------------------------------------- /ghidra_scripts/SMM2ProfileFinder.py: -------------------------------------------------------------------------------- 1 | #TODO write a description for this script 2 | #@author 3 | #@category Functions 4 | #@keybinding 5 | #@menupath 6 | #@toolbar 7 | 8 | import ghidra.program.model.pcode.PcodeOp as PcodeOp 9 | import json 10 | 11 | actorTable = getDataAt(toAddr('maybeBaseOfActorTable')) 12 | acRange = (actorTable.getMinAddress(), actorTable.getMaxAddress()) 13 | 14 | profVtable = toAddr('Profile_vtable').getOffset() 15 | print(repr(profVtable)) 16 | profileIDsByAddr = {} 17 | profileObjectsSeen = set() 18 | profileIDsSeen = set() 19 | writes = {} 20 | 21 | decompiler = ghidra.app.decompiler.DecompInterface() 22 | decompiler.toggleSyntaxTree(True) 23 | decompiler.toggleCCode(False) 24 | decompiler.openProgram(currentProgram) 25 | 26 | def addr(offset): 27 | return acRange[0].getNewAddress(offset) 28 | 29 | def readStr(addr): 30 | bits = [] 31 | while True: 32 | c = getByte(addr) 33 | if c == 0: 34 | return ''.join(bits) 35 | else: 36 | # TODO getByte returns signed values, fix this 37 | bits.append(chr(c)) 38 | addr = addr.add(1) 39 | 40 | def resolvePcodeToConstant(op): 41 | if op.getOpcode() in (PcodeOp.CAST, PcodeOp.COPY): 42 | return resolveVarnode(op.getInput(0)) 43 | elif op.getOpcode() == PcodeOp.PTRSUB: 44 | return resolveVarnode(op.getInput(1)) 45 | else: 46 | return None 47 | #raise ValueError('unknown opcode @ %r' % op) 48 | 49 | def resolveVarnode(varnode): 50 | if varnode.isAddress() or varnode.isConstant(): 51 | return varnode.getAddress() 52 | else: 53 | return resolvePcodeToConstant(varnode.getDef()) 54 | 55 | 56 | def workOnThing(func): 57 | print('Working on %r...' % func) 58 | results = decompiler.decompileFunction(func, 5, monitor) 59 | hfunc = results.getHighFunction() 60 | 61 | for op in hfunc.getPcodeOps(): 62 | if op.getOpcode() in (PcodeOp.COPY, PcodeOp.INDIRECT) and op.getOutput().isAddress(): 63 | #print(op) 64 | outAddr = op.getOutput().getAddress() 65 | inValue = resolveVarnode(op.getInput(0)) 66 | if inValue is None: 67 | continue 68 | 69 | outOffset = outAddr.getOffset() 70 | if outOffset == inValue.getOffset(): 71 | continue # warn? 72 | 73 | writes[outOffset] = inValue.getOffset() 74 | if inValue.getOffset() == profVtable: 75 | profileObjectsSeen.add(outAddr) 76 | 77 | #print('write %r to %r' % (inValue, outAddr)) 78 | 79 | if outAddr >= acRange[0] and outAddr <= acRange[1]: 80 | actorID = outAddr.subtract(acRange[0]) // 8 81 | profileIDsSeen.add(actorID) 82 | print('Found write %r to actortable for num %d' % (inValue, actorID)) 83 | print(repr(op.getInput(0))) 84 | 85 | 86 | '''workOnThing(toAddr('sinit_BulletBone')) 87 | workOnThing(toAddr('sinit_BulletEnemyFire'))''' 88 | #workOnThing(toAddr('fkx2')) 89 | 90 | functionsToCheck = set() 91 | acheck = acRange[0] 92 | while acheck < acRange[1]: 93 | for ref in getReferencesTo(acheck): 94 | if ref.getReferenceType().isWrite(): 95 | functionsToCheck.add(getFunctionContaining(ref.getFromAddress())) 96 | acheck = acheck.add(8) 97 | 98 | print(len(functionsToCheck)) 99 | i = 0 100 | for fn in functionsToCheck: 101 | print ('%d...' % i), 102 | workOnThing(fn) 103 | i += 1 104 | 105 | '''init_array = getMemoryBlock('.init_array') 106 | i = 0 107 | iapos = init_array.getStart() 108 | while iapos < init_array.getEnd() and i < 200: 109 | print ('%d... ' % i), 110 | fn_addr = getDataAt(iapos).getValue() 111 | if getInstructionAt(fn_addr) is None: 112 | print('gonna disassemble %r' % fn_addr) 113 | disassemble(fn_addr) 114 | if getFunctionAt(fn_addr) is None: 115 | print('gonna create fn %r' % fn_addr) 116 | createFunction(fn_addr, None) 117 | workOnThing(getFunctionAt(fn_addr)) 118 | iapos = iapos.add(8) 119 | i += 1''' 120 | 121 | print(profileIDsSeen) 122 | #print(i) 123 | 124 | profType = getDataTypes('ActorProfile')[0] 125 | 126 | results = [] 127 | 128 | for i in sorted(profileIDsSeen): 129 | offset = writes[acRange[0].add(i * 8).getOffset()] 130 | print('%d -> %x' % (i, offset)) 131 | 132 | assert(writes[offset] == profVtable) 133 | 134 | address = addr(offset) 135 | if getDataAt(address).dataType != profType: 136 | clearListing(address, address.add(profType.getLength() - 1)) 137 | createData(address, profType) 138 | 139 | buildAddr = addr(writes[offset + 8]) 140 | if getInstructionAt(buildAddr) is None: 141 | disassemble(buildAddr) 142 | if getFunctionAt(buildAddr) is None: 143 | createFunction(buildAddr, None) 144 | 145 | _10 = (writes[offset + 0x10] & 0xFFFFFFFF) 146 | _14 = ((writes[offset + 0x10] >> 32) & 0xFFFFFFFF) 147 | _18 = writes[offset + 0x18] 148 | _20 = writes[offset + 0x20] 149 | _24 = writes[offset + 0x24] 150 | str1 = readStr(addr(writes[offset + 0x30])) 151 | str2 = readStr(addr(writes[offset + 0x40])) 152 | print('%d -> %r,%r' % (i, str1, str2)) 153 | 154 | createLabel(address, 'ActorProfile%d_%s' % (i, str1), True) 155 | createLabel(buildAddr, 'ActorBuild%d_%s' % (i, str1), True) 156 | 157 | assert(len(results) == i) 158 | results.append({ 159 | 'profile': offset, 160 | 'buildFunc': buildAddr.getOffset(), 161 | '_10': _10, 162 | '_14': _14, 163 | '_18': _18, 164 | '_20': _20, 165 | '_24': _24, 166 | 'str1': str1, 167 | 'str2': str2 168 | }) 169 | 170 | with open('/Users/ash/src/switch/actorInfo.json', 'w') as f: 171 | json.dump(results, f) 172 | -------------------------------------------------------------------------------- /ghidra_scripts/SMM2StateFinder.py: -------------------------------------------------------------------------------- 1 | #TODO write a description for this script 2 | #@author 3 | #@category Functions 4 | #@keybinding 5 | #@menupath 6 | #@toolbar 7 | 8 | import ghidra.program.model.pcode.PcodeOp as PcodeOp 9 | import json 10 | 11 | DEBUG = False 12 | STOREDEBUG = False 13 | 14 | dynamic_ignores = set([ 15 | # these all cannot be determined statically through 16 | # this script as they don't follow the pattern of one constant 17 | # state list 18 | 0x71005D3B00, 0x71005D4F90, 0x7100700740, 0x71005D2540, 0x7100AB7070, 19 | 0x71005CFB40, 20 | 0x71005D1790, 21 | 0x7100E37010, 22 | 0x7100BA31D0, 23 | 0x7100BB66A0, 24 | 0x71005ECF50, 25 | 0x710084AAC0, 26 | 0x7100A08230, 27 | 0x7100752920, 28 | 0x71008272F0, 29 | 0x7100739B20, 30 | 0x71006A6720, 31 | 0x71005F87C0, 32 | 0x71006E7AD0, 33 | 0x71006E9A20, 34 | 35 | 0x7100AB7070, # doesn't decompile 36 | 0x7100B4ECE0, # decompilation errors 37 | ]) 38 | 39 | 40 | 41 | empties = [] 42 | kludge_names = { 43 | # 0x7100D05040: 'LessonMenu::MainSeq', 44 | # 0x7100EC9970: 'ResidentSeq', 45 | # 0x7100C14620: 'CourseIn::MainSeq', 46 | # 0x7100E71650: 'UIQuestClearSupportWindowSeq', 47 | # 0x7100E4DEC0: 'UIScoreSeq', 48 | # 0x7100E52850: 'UITimeUpSeq', 49 | # 0x7100E6F8C0: 'UIQuestClearSupportActSeq', 50 | # 0x7100BD4500: 'UIInfoRealTimeSeq', 51 | # 0x7100B8C740: 'MessageWindow_00Seq', # used for Qst_MessageWindow_00Seq and Cmn_MessageWindow_00Seq 52 | # 0x7100E34690: 'UIMissionAttentionSeq', 53 | # 0x7100BB1520: 'UICommentSceneSeq', 54 | # 0x7100CC8480: 'UIGameOverSeq', 55 | # 0x7100EECB70: 'WorldMap::MainSeq', 56 | # 0x7100EA9160: 'UISlidePassSeq', 57 | # 0x7100E1EB20: 'UILclBtlResultSeq', 58 | # 0x7100F016F0: 'MultipleThings', # used for lots of UI elements it seems 59 | # 0x7100D315E0: 'NetworkFindSeq', # used for NetworkFindMakerSeq, NetworkFindCourseSeq 60 | } 61 | output = [] 62 | 63 | decompiler = ghidra.app.decompiler.DecompInterface() 64 | decompiler.toggleSyntaxTree(True) 65 | decompiler.toggleCCode(False) 66 | decompiler.openProgram(currentProgram) 67 | 68 | allocator_addr = toAddr('allocator') 69 | stateHolderCtor_addr = toAddr('StateHolder_ctor') 70 | stateListCtor_addr = toAddr('StateList_ctor') 71 | stateListPrepare_addr = toAddr('StateList_prepare') 72 | stateSetName_addr = toAddr('StateList_setName') 73 | 74 | cstr_vt_addr = toAddr('CStr_vt') 75 | cstr_vt_offset = cstr_vt_addr.getOffset() 76 | 77 | register_space = getAddressFactory().getRegisterSpace() 78 | reg08_addr = register_space.getAddress(8) 79 | # reg08_vn = hfunc.findInputVarnode(8, reg08_addr) 80 | 81 | 82 | def addr(offset): 83 | # doesn't matter what addr we use, just has to be in the same address space 84 | if hasattr(offset, 'getOffset'): 85 | return allocator_addr.getNewAddress(offset.getOffset()) 86 | else: 87 | return allocator_addr.getNewAddress(offset) 88 | 89 | def readStr(addr): 90 | bits = [] 91 | while True: 92 | c = getByte(addr) 93 | if c == 0: 94 | return ''.join(bits) 95 | else: 96 | # TODO getByte returns signed values, fix this 97 | bits.append(chr(c)) 98 | addr = addr.add(1) 99 | 100 | def resolvePcodeToConstant(op): 101 | if op.getOpcode() in (PcodeOp.CAST, PcodeOp.COPY): 102 | return resolveVarnode(op.getInput(0)) 103 | elif op.getOpcode() == PcodeOp.PTRSUB: 104 | return resolveVarnode(op.getInput(1)) 105 | else: 106 | return None 107 | # raise ValueError('unknown opcode @ %r' % op) 108 | 109 | def resolveVarnode(varnode): 110 | if varnode.isAddress() or varnode.isConstant(): 111 | return varnode.getAddress() 112 | # elif varnode.isRegister(): 113 | # # TODO make this do something more interesting...? 114 | # return None 115 | else: 116 | d = varnode.getDef() 117 | if d is None: 118 | print('!!! WARNING !!!') 119 | print(varnode) 120 | return None 121 | return resolvePcodeToConstant(d) 122 | 123 | def resolveStackAddr(varnode): 124 | # known patterns for these: 125 | # direct ref to modified sp: reg:08 -> PTRSUB(reg:08 -> null, const:-0x80) 126 | # offset from original sp: unique -> PTRSUB(reg:08 -> null, const:-0x70) 127 | d = varnode.getDef() 128 | if d.getOpcode() == PcodeOp.CAST: 129 | return resolveStackAddr(d.getInput(0)) 130 | elif d.getOpcode() == PcodeOp.PTRSUB: 131 | assert(d.getInput(0).getAddress() == reg08_addr) 132 | assert(d.getInput(0).getDef() is None) 133 | assert(d.getInput(1).isConstant()) 134 | return d.getInput(1).getAddress().getOffset() 135 | else: 136 | print(varnode) 137 | print(d) 138 | return None 139 | # raise 'unknown op' 140 | 141 | def resolveStruct(varnode): 142 | d = varnode.getDef() 143 | if d.getOpcode() == PcodeOp.CAST: 144 | return resolveStruct(d.getInput(0)) 145 | elif d.getOpcode() == PcodeOp.CALL: 146 | # this is where the struct was allocated, so just spit it out 147 | return varnode 148 | else: 149 | print(varnode) 150 | print(d) 151 | raise 'unknown op' 152 | 153 | def extract_multi_left(pvar): 154 | if isinstance(pvar, tuple) and pvar[0] == 'multi': 155 | return pvar[1] 156 | else: 157 | return pvar 158 | 159 | def pvar_add(pvar, num): 160 | if isinstance(pvar, long): 161 | return pvar + num 162 | elif isinstance(pvar, tuple) and pvar[0] == 'add' and isinstance(pvar[2], long): 163 | return ('add', pvar[1], pvar[2] + num) 164 | elif isinstance(pvar, tuple) and pvar[0] == 'multi' and isinstance(pvar[1], long): 165 | # not strictly correct but it makes some cases work 166 | # and we kinda don't pay attention to MULTIEQUAL at all anyway 167 | # (we always just use the first value) 168 | return pvar[1] + num 169 | else: 170 | return ('add', pvar, num) 171 | 172 | def resolveStructOffset(varnode, depth=0): 173 | depth += 1 174 | if depth > 200: 175 | # print(varnode) 176 | # raise 'recursing very deeply' 177 | return ('big recursion', varnode) 178 | 179 | d = varnode.getDef() 180 | if d is None: 181 | if varnode.isInput() and varnode.isRegister(): 182 | return varnode 183 | elif varnode.isConstant(): 184 | return varnode.getAddress().getOffset() 185 | elif varnode.isInput() and varnode.isAddress() and varnode.getSize() == 8: 186 | # print('WARNING::: Assuming READ') 187 | var_ptr = varnode.getAddress() 188 | var_value = getDataAt(var_ptr).getValue() 189 | if var_value is None: 190 | return varnode 191 | else: 192 | return var_value.getOffset() 193 | else: 194 | print('!!! !!! !!! Null def !!! !!! !!!') 195 | print(varnode) 196 | raise 'null def' 197 | elif d.getOpcode() in (PcodeOp.CAST, PcodeOp.INDIRECT, PcodeOp.COPY): 198 | return resolveStructOffset(d.getInput(0), depth) 199 | elif d.getOpcode() in (PcodeOp.CALL, PcodeOp.CALLIND): 200 | # this is where the struct was allocated, so just spit it out 201 | return varnode 202 | elif d.getOpcode() == PcodeOp.LOAD: 203 | return ('load', resolveStructOffset(d.getInput(1), depth)) 204 | elif d.getOpcode() in (PcodeOp.PTRSUB, PcodeOp.INT_ADD): 205 | struc = resolveStructOffset(d.getInput(0), depth) 206 | if d.getInput(1).isConstant(): 207 | addend = d.getInput(1).getAddress().getOffset() 208 | return pvar_add(struc, addend) 209 | else: 210 | return ('add', struc, d.getInput(1)) 211 | elif d.getOpcode() == PcodeOp.PTRADD: 212 | struc = resolveStructOffset(d.getInput(0), depth) 213 | assert(d.getInput(2).isConstant()) 214 | if d.getInput(1).isConstant(): 215 | addend = d.getInput(1).getAddress().getOffset() * d.getInput(2).getAddress().getOffset() 216 | return pvar_add(struc, addend) 217 | else: 218 | return ('ptrAddMult', struc, d.getInput(1), d.getInput(2).getAddress().getOffset()) 219 | elif d.getOpcode() == PcodeOp.INT_AND: 220 | return ('and', resolveStructOffset(d.getInput(0)), resolveStructOffset(d.getInput(1))) 221 | elif d.getOpcode() == PcodeOp.INT_RIGHT: 222 | return ('>>', resolveStructOffset(d.getInput(0)), resolveStructOffset(d.getInput(1))) 223 | elif d.getOpcode() == PcodeOp.MULTIEQUAL: 224 | # if depth > 10: 225 | # # kludge to stop FUN_71008ed500 from hitting a horrible case 226 | # return ('MI OVER LIMIT',) 227 | # return ('multi', resolveStructOffset(d.getInput(0), depth), resolveStructOffset(d.getInput(1), depth)) 228 | return ('multi', resolveStructOffset(d.getInput(0), depth), None) 229 | else: 230 | print(varnode) 231 | print(d) 232 | raise 'unknown op' 233 | 234 | def work_on_function(func): 235 | print('Working on %r...' % func) 236 | results = decompiler.decompileFunction(func, 15, monitor) 237 | hfunc = results.getHighFunction() 238 | 239 | stack_writes = {} 240 | statelists = [] 241 | statebuffers = [] 242 | 243 | holdernames = {} 244 | bufferToListIndex = {} 245 | statecounts = {} 246 | statenames = {} 247 | statevars = {} 248 | 249 | n = 0 250 | for block in hfunc.getBasicBlocks(): 251 | # print(block) 252 | for op in block.getIterator(): 253 | # print('<%d> %r' % (n, op)) 254 | try: 255 | # resolve stack writes 256 | # for now we just pretend MULTIEQUAL (phi nodes) doesn't exist 257 | if op.getOpcode() in (PcodeOp.COPY, PcodeOp.INDIRECT): 258 | # print('COPY: %r' % op) 259 | output_addr = op.getOutput().getAddress() 260 | if output_addr.isStackAddress(): 261 | # print('Stack write %r' % output_addr) 262 | resolved_src = resolveVarnode(op.getInput(0)) 263 | if resolved_src != None: 264 | resolved_src_offset = resolved_src.getOffset() 265 | # if resolved_src_offset == cstr_vt_offset: 266 | # print('Writing CStr!') 267 | offs = output_addr.getOffset() 268 | if (offs & 7) == 4 and (offs - 4) in stack_writes: 269 | # print('ORing extra portion onto var') 270 | stack_writes[offs - 4] |= (resolved_src.getOffset() << 32) 271 | else: 272 | stack_writes[offs] = resolved_src.getOffset() 273 | # print('...%r' % resolved_src) 274 | 275 | elif op.getOpcode() == PcodeOp.STORE: 276 | # we want to catch writes into the state structs 277 | target_vn = op.getInput(1) 278 | target = resolveStructOffset(target_vn) 279 | 280 | if STOREDEBUG: 281 | print('Store: %r' % (target,)) 282 | 283 | # does this match one of the patterns we expect to see for a state write? 284 | # ('load', statebuffer) 285 | # ('add', ('load', statebuffer), Y) 286 | # ('multi', ('add', ('load', statebuffer), X), ('load', statebuffer)) 287 | # ('add', ('multi', ('add', ('load', statebuffer), X), ('load', statebuffer)), Y) 288 | is_state_write = False 289 | if isinstance(target, tuple): 290 | if target[0] == 'load' and target[1] in statebuffers: 291 | is_state_write = True 292 | statebuffer = target[1] 293 | state_offset = 0 294 | elif target[0] == 'multi': 295 | # Store: ('multi', ('add', ('load', ('add', (unique, 0x1000199f, 8), 160L)), 64L), ('load', ('add', (unique, 0x1000199f, 8), 160L))) 296 | _, left, right = target 297 | if isinstance(left, tuple) and left[0] == 'add' and isinstance(left[1], tuple): 298 | if left[1][0] == 'load' and left[1][1] in statebuffers: 299 | is_state_write = True 300 | statebuffer = left[1][1] 301 | state_offset = left[2] 302 | elif target[0] == 'add' and isinstance(target[1], tuple): 303 | if target[1][0] == 'load' and target[1][1] in statebuffers: 304 | is_state_write = True 305 | statebuffer = target[1][1] 306 | state_offset = target[2] 307 | elif isinstance(target[1], tuple) and target[1][0] == 'multi': 308 | _, left, right = target[1] 309 | if isinstance(left, tuple) and left[0] == 'add' and isinstance(left[1], tuple): 310 | if left[1][0] == 'load' and left[1][1] in statebuffers: 311 | is_state_write = True 312 | statebuffer = left[1][1] 313 | state_offset = left[2] + target[2] 314 | # elif isinstance(target[0], tuple) and target[0][0] == 'load' and target[0][1] in statebuffers: 315 | # is_state_write = True 316 | # statebuffer = target[0][1] 317 | # state_offset = target[1] 318 | # elif target[0] == 'multi': 319 | # _, left, right = target 320 | # if isinstance(left, tuple) and isinstance(left[0], tuple) and left[0][0] == 'load' and left[0][1] in statebuffers: 321 | # is_state_write = True 322 | # statebuffer = left[0][1] 323 | # state_offset = left[1] 324 | # elif isinstance(target[0], tuple) and target[0][0] == 'multi': 325 | # _, left, right = target[0] 326 | # if isinstance(left, tuple) and isinstance(left[0], tuple) and left[0][0] == 'load' and left[0][1] in statebuffers: 327 | # is_state_write = True 328 | # statebuffer = left[0][1] 329 | # state_offset = left[1] + target[1] 330 | 331 | # print('<%d> store: target=%r data=%r' % (n, target, data)) 332 | if is_state_write: 333 | data_vn = op.getInput(2) 334 | data = resolveStructOffset(data_vn) 335 | stateList = bufferToListIndex[statebuffer] 336 | if STOREDEBUG: 337 | print('<%d> statewrite: list=%r offs=%d data=%r' % (n, stateList, state_offset, data)) 338 | statevars[stateList, state_offset] = data 339 | 340 | elif op.getOpcode() == PcodeOp.CALL: 341 | call_addr = op.getInput(0).getAddress() 342 | if call_addr == allocator_addr: 343 | if DEBUG: 344 | print('Allocating %r into %r' % (op.getInput(1), op.getOutput())) 345 | elif call_addr == stateHolderCtor_addr: 346 | stateHolder = resolveStructOffset(op.getInput(1)) 347 | name_vn = op.getInput(2) 348 | if name_vn.isInput(): 349 | # exception for e.g. FUN_7100d05040 350 | if DEBUG: 351 | print('' % (stateHolder,)) 352 | if func.getEntryPoint().getOffset() in kludge_names: 353 | holdernames[stateHolder] = kludge_names[func.getEntryPoint().getOffset()] 354 | else: 355 | # holdernames[stateHolder] = '???' 356 | empties.append((func, stateHolder)) 357 | else: 358 | nameCStr = resolveStackAddr(op.getInput(2)) 359 | if nameCStr != None: 360 | str_addr = addr(stack_writes[nameCStr + 8]) 361 | name = readStr(str_addr) 362 | if DEBUG: 363 | print('StateHolder %r created with CStr %r' % (stateHolder, name)) 364 | holdernames[stateHolder] = name 365 | elif call_addr == stateListCtor_addr: 366 | stateList = resolveStructOffset(op.getInput(1)) 367 | if DEBUG: 368 | print('creating statelist @ %r' % (stateList, )) 369 | assert(stateList[0] == 'add') 370 | buf = ('add', stateList[1], stateList[2] + 0x30) 371 | statelists.append(stateList) 372 | statebuffers.append(buf) 373 | bufferToListIndex[buf] = stateList 374 | elif call_addr == stateListPrepare_addr: 375 | stateList = resolveStructOffset(op.getInput(1)) 376 | stateCount = resolveVarnode(op.getInput(2)).getOffset() 377 | if DEBUG: 378 | print('statelist @ %r has %d states' % (stateList, stateCount)) 379 | statecounts[stateList] = int(stateCount) 380 | elif call_addr == stateSetName_addr: 381 | stateList = resolveStructOffset(op.getInput(1)) 382 | stateId = resolveVarnode(op.getInput(2)).getOffset() 383 | nameCStr = resolveStackAddr(op.getInput(3)) 384 | str_addr = addr(stack_writes[nameCStr + 8]) 385 | name = readStr(str_addr) 386 | if DEBUG: 387 | print('statelist @ %r sets name %r to %r' % (stateList, stateId, name)) 388 | statenames[(stateList, int(stateId))] = name 389 | 390 | except Exception as e: 391 | print('FAILED OP:') 392 | print(op) 393 | raise 394 | n += 1 395 | print('done: %d' % n) 396 | 397 | # go through all of these 398 | if DEBUG: 399 | print('HOLDERNAMES: %r' % holdernames) 400 | print('STATEBUFFERS: %r' % statebuffers) 401 | print('STATELISTS: %r' % statelists) 402 | print('STATECOUNTS: %r' % statecounts) 403 | if STOREDEBUG: 404 | print('STATEVARS: %r' % statevars) 405 | for listnum, lst in enumerate(statelists): 406 | name = 'Func%X::Unnamed%02d' % (func.getEntryPoint().getOffset(), listnum) 407 | try: 408 | if isinstance(lst, tuple) and lst[0] == 'add': 409 | name = 'Func%X::%s@%X' % (func.getEntryPoint().getOffset(), holdernames[lst[1]], lst[2]) 410 | except KeyError: 411 | name += '_StateHolder@%X' % lst[2] 412 | if lst in statecounts: 413 | # find the first vtable 414 | for i in xrange(statecounts[lst]): 415 | if (lst,i) in statenames: 416 | first_vtable = statevars[lst, i*64] 417 | break 418 | 419 | if STOREDEBUG: 420 | print(first_vtable) 421 | output.append('') 422 | output.append('**%s** (vtable: 0x%X)' % (name, first_vtable)) 423 | output.append('') 424 | 425 | output.append('| ID | Name | Func1 | Func2 | Func3 |') 426 | output.append('|----|------|-------|-------|-------|') 427 | 428 | for i in xrange(statecounts[lst]): 429 | def nice_ptmf(o): 430 | offset = extract_multi_left(statevars[lst, i*64+o]) 431 | flag = extract_multi_left(statevars[lst, i*64+o+8]) 432 | if offset == 0 and flag == 0: 433 | return 'none' 434 | elif flag == 0: 435 | return '0x%X' % (offset,) 436 | else: 437 | return 'vf%X' % (offset,) 438 | 439 | if (lst,i) in statenames: 440 | statename = statenames[lst,i] 441 | vtable = statevars[lst, i*64] 442 | assert(vtable == first_vtable) 443 | ptmf1 = nice_ptmf(0x10) 444 | ptmf2 = nice_ptmf(0x20) 445 | ptmf3 = nice_ptmf(0x30) 446 | 447 | output.append('| %d | %s | %s | %s | %s |' % (i, statename, ptmf1, ptmf2, ptmf3)) 448 | else: 449 | output.append('| %d | *Missing?* | - | - | - |' % i) 450 | else: 451 | output.append('') 452 | output.append('%s: empty' % name) 453 | 454 | 455 | functions = set() 456 | for ref in getReferencesTo(stateListPrepare_addr): 457 | func = getFunctionContaining(ref.fromAddress) 458 | if func is None: 459 | print('NO FUNCTION: %r' % ref.fromAddress) 460 | else: 461 | functions.add(func) 462 | 463 | 464 | failed = [] 465 | 466 | # work_on_function(getFunction('FUN_7100538bf0')) 467 | # work_on_function(getFunction('FUN_71005d3b00')) 468 | # 7101080AB0, 71008BF570, 7100EC68F0, 710090CBD0 469 | # work_on_function(getFunction('ActorBuild0_TenCoin')) 470 | # work_on_function(getFunction('FUN_7100ec68f0')) 471 | # work_on_function(getFunction('FUN_710090cbd0')) 472 | 473 | n = 0 474 | for func in sorted(functions): 475 | print('%d/%d...' % (n, len(functions))) 476 | if func.getEntryPoint().getOffset() in dynamic_ignores: 477 | print('ignoring because dynamic') 478 | else: 479 | try: 480 | work_on_function(func) 481 | except Exception as e: 482 | print(e) 483 | failed.append(func) 484 | n += 1 485 | # if n >= 20: 486 | # break 487 | 488 | with open('/Users/ash/src/switch/stateoutput.md', 'w') as f: 489 | for out in output: 490 | f.write(out) 491 | f.write('\n') 492 | # print(out) 493 | 494 | for e in empties: 495 | print(e) 496 | for f in failed: 497 | print(f) 498 | --------------------------------------------------------------------------------