Copy Link
Add to Bookmark
Report
Playstation Memory Layout
ï0x00000000-0x001fffff - RAM
ï0x1f000000-0x1f?????? - Mapped memory to the parallel port
ï0x1f800000-0x1f800fff - Scratch Pad
ï0x1f801000-0x1f80???? - Hardware registers, and misc.
ï0x80000000-0x801fffff - Mirror of RAM
ï0xa0000000-0xa01fffff - Mirror of RAM
ï0xbfc00000-0xbfc7ffff - ROM, kernel, and shell
------------------------------------------------------------------------
0x00000000-0x001fffff
Relative offset:
Note: Address ranging from 0x00007xxx till 0x0000dfff are not shown, since they are
machine dependent. On a CEX1000 they might not be the same as on a CEX3000.
ï0x00000108 - Pointer to Task State table
ï0x0000010c - Size in bytes.
ï0x00000110 - Pointer to Task CallBacks table.
ï0x00000114 - Size in bytes.
ï0x00000120 - Pointer to Event table.
ï0x00000124 - Size in bytes.
ï0x00000140 - Pointer to file descriptor table. See below for details.
ï0x00000144 - Size in bytes.
ï0x00000150 - Pointer to IO Device Driver Descriptor Table. See below for details.
Thanks to Foo Chen Hon
ï0x00000154 - Size in bytes
ï0x0000e000 - 0x0000ffff - Start of Kernel Memory Pool.
File descriptor:
The kernel has allocated space for 16 fdescriptors, this means, you can not
have more than 16 files open, whatever devices they use...
typedef struct _fdTbl_ {
long flag;
long dev_num;
void *buffer;
long numBlocks;
long position; /* the actual seek offset on the file */
long devflag;
long error;
iodd *dev; /* a pointer to a structure containing all
routines like read,write,close,etc... for a
specific device (cdrom,memcard,...) */
long ???,???;
long handle;
} fdTbl;
/* Below thanks to Foo Chen Hon */
IO Device Driver Descriptor:
typedef struct _iodd_ {
char *dev_name;
long devflag; /* Not sure */
long blockSize;
char *dev_desc; /* Pointer to description */
long init(); /* Init device Driver */
long open(int fd,char *fname) /* open device */
long ???;
long close(); /* close device */
long ioctl(); /* IO control on device */
long read(); /* read from the device */
long write(); /* write on the device */
long erase(); /* erase a file */
long undelete(); /* unerase a file */
long firstfile(); /* find first file matching pattern */
long nextfile(); /* find next file matching pattern */
long format(); /* format the device */
long cd(); /* change directory */
long rename; /* rename file */
long deinit; /* Deinit the device driver */
long ???;
} iodd;
------------------------------------------------------------------------
0x1f000000-0x1f??????
Relative offset:
ï0x0000 - This address contains an address that the kernel will jump to after bootstrapping.
ï0x0004 - Must contain 'Licensed by Sony Computer Entertainment Inc.\0' to be a valid interface.
ï0x0080 - This address contains an address that the kernel will jump to before bootstrapping.
ï0x0084 - The same as 0x0004
ï0x00b4 - Code, data, whatever of the device plugged in the psx.
------------------------------------------------------------------------
0x1f801000-0x1f80xxxx
Relative offset:
ï0x00001060 - Effective memory size
ï0x00001080 - MDEC - Data In address
ï0x00001088 - MDEC - chcr in
ï0x00001090 - MDEC - Data Out address
ï0x00001098 - MDEC - chcr out
ï0x00001800 - CD-ROM B
ï0x00001801 - CD-ROM - This one is used by CdControl* to write the command number.
ï0x00001802 - CD-ROM - Used by CdControl* to pass the command arguments
ï0x00001803 - CD-ROM ï0x00001810 - GPU data - One of its use is to write/read VRAM
ï0x00001814 - GPU status - If read, it gives the GPU status.
ï0x00001824 - MDEC - status
ï0x00002040 - Dip switches
------------------------------------------------------------------------
BR>
0xbfc00000-0xbfc7ffff
Relative offset:
ï0x00000100 - Contains the word 0x19951204 , the date it was compiled
ï0x00000104 - 'Sony Computer Entertainment Inc.'
ï0x0000012c - 'CEX-3000/1001/1002 by K.S.' (in my case)
ï0x00000150-0x0000ffff - Initialisation of lots of stuff, some system calls,...
ï0x00010000-0x00017fff - This contains most of the kernel system calls code.
It is copied to RAM at 0xa0000500. After it is copied, the kernel jumps
to 0xa0000500, where it clears some memory, (used internally by kernel operations).
ï0x00018000-0x007fffff - This where the Shell is located (CD Player memory card
management,etc...). It is copied to main memory at address 0x80030000, and its
there that is decided what to do, do the country check, and stuff, and if it
should return to kernel to execute an exe file.
------------------------------------------------------------------------
si17911@ci.uminho.pt