LUMP_SPOOLINFO is something mystical, but tried to decompile function that loads offsets
It's difficult to understand MIPS assembly sometimes
Procedure is directly taken from driver 2 demo executable, and decompiled to C
It loads spool info (may be partial, because cell allocation function call is next after this)
Code: Select allstruct struct_0 {
int32_t e0[4];
int32_t e1;
};
int32_t * g1; // 0xa41e8
struct struct_0 g2; // 0xa41f8
struct struct_0 g3; // 0xa4620
int32_t g4 = 0; // gpregs4 - initially lump data pointer
void function_40000(void) {
int32_t v1 = g4; // 0x40000
int32_t v2 = *(int32_t *)0x94ec0; // 0x40010
g4 = v2;
int32_t v3 = 2048 * *(int32_t *)v1; // 0x40014
*(int32_t *)3076 = v2;
int32_t v4 = v1 + 4;
int32_t v5; // 0x4002c
if ((int32_t)(v3 > 0xffff) == 0) {
// 0x40024
v5 = 0x10000;
// branch -> 0x4002c
} else {
// .dec_label_pc_4002c_crit_edge
v5 = v3;
// branch -> 0x4002c
}
int32_t v6 = g4 + v5; // 0x4002c
int32_t v7 = v6;
int32_t v8 = 0xa41e8;
*(int32_t *)0x94ec0 = v6;
*(int32_t *)3068 = v4 + 4;
int32_t v9 = *(int32_t *)v4 + 4 + v4; // 0x40074
g4 = *(int32_t *)v9;
*(int32_t *)3020 = v9 + 4;
int32_t v10 = 16 * g4; // 0x40084
int32_t v11 = (v10 | 4) + v9; // 0x4008c
*(int32_t *)3088 = v11;
int32_t v12 = v10 + v11; // 0x40094
*(int32_t *)3040 = g4;
g1[v8] = v7;
int32_t v13 = 0; // 0x400a4
int32_t v14 = 0xa4620;
g3.e0[v14] = v13;
int32_t v15 = 0; // 0x400a8
int32_t v16 = 0xa41f8;
g2.e0[v16] = v15;
int32_t v17 = v12; // 0x400ac
int32_t v18 = v8 + 4; // 0x400c4
int32_t v19 = 2; // 0x400c8
int32_t v20 = *(int32_t *)v17 + v13; // 0x400cc
int32_t v21 = *(int32_t *)(v17 + 16) + v15; // 0x400d0
int32_t v22 = v7 + (*(int32_t *)(v17 + 32) + 2047 & -2048); // 0x400dc
// branch -> 0x400a0
while (v19 > 0xffffffff) {
// 0x400a0
g1[v18] = v22;
v13 = v20;
v14 += 4;
g3.e0[v14] = v13;
v15 = v21;
v16 += 4;
g2.e0[v16] = v15;
v17 += 4;
v18 += 4;
v19--;
v20 = *(int32_t *)v17 + v13;
v21 = *(int32_t *)(v17 + 16) + v15;
v22 += (*(int32_t *)(v17 + 32) + 2047 & -2048);
// continue -> 0x400a0
}
// 0x400e0
v4 = v12 + 48;
g3.e1 = v20;
g2.e1 = v21;
*(int32_t *)0x94ec0 = v22;
*(int32_t *)3048 = v4 + 4;
*(int32_t *)2968 = 2 * *(int32_t *)v4 + 4 + v4 + 4;
}
Looks like i've found a nice MIPS translator at
http://decompiler.fit.vutbr.cz (code structure only, data types and numbers may be wrong)
Other decompilers which i've tried aren't capable to generate valid code (even asm in IDA didn't look good while i've tried to translate it manually)
I think this code might be helpful. I'll test it soon to load lump properly