I'm still working on this. This is fun.
For those who are interested in what I have achieved so far:
There are maps with direct axis and with axis pointers. Found a way to detect maps with axis pointers. Scanned the opcodes to find the corresponding addresses for axis and maps. So for a map where the axis are unknown opcodes are scanned until the corresponding axis is found even for those one where the axis is preloaded in ram.
0x761E4
[1000, 1200, 1400, 1600, 1800, 2000, 2250, 2500, 3000, 3500, 4000, 4500]
[800, 1000, 1200, 1400, 1600, 1800, 2000, 2300, 2600, 3000, 3500, 4000, 4500, 5000, 6000, 7000]
[[-430, -510, -580, -640, -710, -770, -830, -890, -950, -990, -980, 0, 0, 0, 0, 0],
[-390, -470, -560, -630, -670, -720, -760, -800, -820, -840, -650, -500, 0, 0, 0, 0],
[-350, -480, -550, -620, -670, -690, -705, -710, -720, -730, -720, -610, -470, -250, -20, 0],
[-350, -470, -540, -595, -640, -670, -680, -690, -634, -590, -570, -530, -420, -280, 0, 0],
[-360, -440, -500, -545, -585, -620, -630, -640, -640, -550, -490, -440, -350, -280, 0, 0],
[-360, -420, -470, -510, -550, -570, -590, -590, -570, -510, -460, -390, -300, -250, 0, 0],
[-350, -410, -460, -500, -530, -550, -560, -560, -556, -500, -450, -440, -270, -270, 0, 0],
[-350, -400, -440, -480, -500, -520, -530, -550, -560, -540, -500, -380, -270, -210, 0, 0],
[-390, -460, -515, -570, -620, -660, -680, -680, -670, -500, -480, -380, -250, -80, 0, 0],
[-350, -430, -508, -590, -660, -750, -790, -740, -630, -490, -400, -290, -100, 0, 0, 0],
[-330, -400, -480, -500, -630, -660, -660, -620, -500, -380, -280, -160, -100, 0, 0, 0],
[-310, -380, -478, -540, -590, -600, -600, -550, -430, -300, -190, -60, 0, 0, -40, 0]]
I will continue working on it until I have identified all maps.
