Ground infrastructure child serializer dispatch
This commit is contained in:
parent
d8e6eac810
commit
a6ace52588
3 changed files with 94 additions and 22 deletions
|
|
@ -3032,6 +3032,12 @@ The low helper strip beneath that shared family is tighter now too: `0x0052ecd0`
|
|||
longer “what do these bytes mean?” but “how do those already-grounded selector values surface in
|
||||
the save-side `0x38a5` classes, especially the `0x0002 / 0xff` bridge class and the
|
||||
`0x0055 / 0x00` BallastCap class?”.
|
||||
The exact setter seam is grounded now too: direct disassembly of `0x0048a340` shows its dword
|
||||
argument writing `[this+0x226]`, its next two byte arguments writing `[this+0x219]` and
|
||||
`[this+0x251]`, and its final byte argument toggling bit `0x20` in `[this+0x24c]`. So the
|
||||
remaining infrastructure selector problem is no longer about hidden intermediate state; it is
|
||||
specifically how those already-grounded setter values are serialized or rebuilt into the
|
||||
save-side `0x38a5` prefix classes.
|
||||
One selector byte is partly grounded now too: when `[this+0x219]==2`, the chooser jump tables
|
||||
stop using the general bridge families and instead route `[this+0x252]` through fixed
|
||||
`BridgeDT/BridgeST` suspension-cap literals for `R10`, `L10`, `12`, `14`, `16`, and `18`.
|
||||
|
|
@ -3044,9 +3050,13 @@ The low helper strip beneath that shared family is tighter now too: `0x0052ecd0`
|
|||
with `DT` still grounded statically but not yet exercised by the current save corpus.
|
||||
The child loader family is explicit now too: local `.rdata` at `0x005cfd00` proves the
|
||||
`Infrastructure` child vtable uses the shared tagged callback strip directly, with
|
||||
`+0x40 = 0x00455fc0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`. So the remaining
|
||||
infrastructure problem is row-to-record mapping inside the `0x38a5` stream, not identifying the
|
||||
per-child loader family.
|
||||
`+0x40 = 0x00455fc0`, `+0x44 = 0x004559d0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`.
|
||||
Direct disassembly of `0x004559d0` now closes the concrete write-side chain behind raw wrapper
|
||||
`0x00455a40`: it writes `0x55f1`, serializes the string lanes
|
||||
`[this+0x206/+0x20a/+0x20e]`, writes `0x55f2`, dispatches slot `+0x4c`, runs `0x0052ec50`, and
|
||||
then closes `0x55f3`. So the remaining infrastructure problem is row-to-record mapping inside
|
||||
the `0x38a5` stream and which chooser/seed values reach those string lanes and footer bytes, not
|
||||
identifying the per-child loader family.
|
||||
The smaller attach helper `0x00490a3c` is now bounded too: it conditionally allocates one
|
||||
`Infrastructure` child from a caller-supplied payload stem, attaches it to the current owner, and
|
||||
then seeds three caller-supplied position lanes through `0x00539530` and `0x0053a5b0`. The
|
||||
|
|
|
|||
|
|
@ -75,11 +75,14 @@ Working rule:
|
|||
through a fixed literal when absent and defaulting the third lane back to the first string when
|
||||
absent. So the next pass should stay focused on payload-stream grouping and tagged value roles,
|
||||
not on rediscovering a missing third-string encoding.
|
||||
- The child loader identity is closed now too: local `.rdata` at `0x005cfd00` proves the
|
||||
- The child loader identity is tighter now too: local `.rdata` at `0x005cfd00` proves the
|
||||
`Infrastructure` child vtable uses the shared tagged callback strip directly, with
|
||||
`+0x40 = 0x00455fc0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`. So the remaining
|
||||
infrastructure frontier is row-to-record mapping inside `0x38a5`, not “which loader family does
|
||||
this child use?”.
|
||||
`+0x40 = 0x00455fc0`, `+0x44 = 0x004559d0`, `+0x48 = 0x00455870`, and `+0x4c = 0x00455930`.
|
||||
Direct disassembly of `0x004559d0` then shows the concrete write-side chain for the child
|
||||
payload: write `0x55f1`, serialize string lanes `[this+0x206/+0x20a/+0x20e]`, write `0x55f2`,
|
||||
dispatch slot `+0x4c`, run `0x0052ec50`, and close `0x55f3`. So the remaining infrastructure
|
||||
frontier is no longer “which slot does `0x00455a40` jump to?”; it is which chooser/seed values
|
||||
reach those string lanes and the trailing footer path.
|
||||
- The smaller helper `0x00490a3c` is narrower now too: it allocates one literal `Infrastructure`
|
||||
child, seeds it through `0x00455b70` with caller-provided stem input, attaches it through
|
||||
`0x005395d0`, seeds position lanes through `0x00539530/0x0053a5b0`, and optionally caches it as
|
||||
|
|
@ -183,6 +186,12 @@ Working rule:
|
|||
longer “what do these bytes mean?” but “how do those already-grounded selector values surface in
|
||||
the save-side `0x38a5` classes, especially the `0x0002 / 0xff` bridge class and the
|
||||
`0x0055 / 0x00` BallastCap class?”.
|
||||
- The exact setter seam is grounded now too: direct disassembly of `0x0048a340` shows its dword
|
||||
argument writing `[this+0x226]`, its next two byte arguments writing `[this+0x219]` and
|
||||
`[this+0x251]`, and its final byte argument toggling bit `0x20` in `[this+0x24c]`. So the
|
||||
remaining infrastructure selector problem is no longer about hidden intermediate state; it is
|
||||
specifically how those already-grounded setter values are serialized or rebuilt into the
|
||||
save-side `0x38a5` prefix classes.
|
||||
- One selector byte is partly grounded now too: when `[this+0x219]==2`, the chooser jump tables
|
||||
stop using the general bridge families and instead route `[this+0x252]` through fixed
|
||||
`BridgeDT/BridgeST` suspension-cap literals for `R10`, `L10`, `12`, `14`, `16`, and `18`.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue