No ESRB Screen (NTSC-U Only) [Diamond]

[Vega]

Diamond's last visit to the forum was almost 2 years ago, so I doubt he will reply your questions.

I can't tell you Diamonds method of approach for this code in general (what to look for, type of analysis, etc) but the RAM write is writing the following instruction...

b 0x1C

Which overwrites the original instruction of lis r3, 0x8038.

The b 0x1C is an unconditional branch. It will force the execution of the CPU to jump over the subsequent 4 instructions below. Obviously, since the original instruction is overwritten, this essentially "cancels" out the 5 instructions starting at 0x80604094

Here's a view of the first 12 instructions (withOUT the code applied) starting at 0x80604094

Code:

loc_0:
  lis r3, 0x8038 #******THIS******* is the instruction that gets replaced with "b 0x1C"
  lwz r3, 7296(r3)
  lwz r0, 112(r3)
  cmpwi r0, 0x0
  bne- loc_1
  li r0, 0x16
  stw r0, 8(r31)

loc_1:
  lwz r0, 8(r31)
  cmpwi r0, 0xFFFF
  beq- loc_2
  stw r0, 12(r31)
  b 0xC

loc_2:

If we pretend to apply the RAM Write code, that source now looks like this....

Code:

loc_0:
  b loc_3
  lwz r3, 7296(r3) #This gets skipped
  lwz r0, 112(r3) #This gets skipped
  cmpwi r0, 0x0 #This gets skipped
  bne- loc_1 #This gets skipped
  loc_3:
  li r0, 0x16 #*******new Branch will jump here!!!
  stw r0, 8(r31)

loc_1:
  lwz r0, 8(r31)
  cmpwi r0, 0xFFFF
  beq- loc_2
  stw r0, 12(r31)
  b 0xC

loc_2:

What his code is doing is ensuring that the value of 0x16 will always get stored to r31 + 8. His custom branch will ensure this as it prevents the possibility of the bne branch (5th instruction of the source) being taken because said bne branch will never get executed again.

The value of 0x16 is probably some group of binary flags that "tell" the game we've already seen the ESRB screen.