PSX RAM map
2 MB of main RAM at 0x80000000-0x801FFFFF. Click any region to see what lives there.
Interactive map
Order: low addresses on top. Hover for a one-liner, click for full detail.
BIOS / OS area
0x80000000 - 0x8000FFFF
PSX BIOS workspace, kernel TCB, exception vectors
SCUS_942.54 (the game executable)
0x80010000 - 0x8005FFFF
SCUS code (.text + libsnd / libspu / libcd / libapi)
0x80060000 - 0x8007FFFF
SCUS .rodata + .data (jump tables, global state)
Game state globals (in SCUS .bss)
0x801C9370
Battle 8-actor pointer table
0x80084708 + n*0x414
Per-character record (4 slots; display name at internal +0x2A7). Slot 3 (Terra) runs into the story-flag bitmap at 0x80085600, so its tail (+0x2BC..) aliases the globals.
0x80074358 - 0x80074367
4×u32 active-ability bitmask
0x801C70F0
In-RAM PROT.DAT TOC (loaded at boot)
0x8007BD24
Pointer to active battle context struct
0x8007BC3C + 0x801F351C..3528
World-map render-pipeline gate flag + params
0x8007C34C..0x36C
Actor-list slot table (7 linked-list heads consumed by FUN_8002519c)
Heap + scratch
0x80080000 - 0x801BFFFF
Game heap (asset buffers, runtime state, dialog buffer)
0x800EB654
Active battle context struct (pointed to by 0x8007BD24)
Runtime overlay window
0x801C0000 - 0x801CFFFF
Overlay header / shared dispatch region
0x801D0000 - 0x801EFFFF
Overlay code (varies by game mode: title / town / battle / menu)
0x801F0000 - 0x80205FFF
Extended overlay region (used by 256 KB town overlay)
Stack
~0x801FFF00 (top, grows down)
CPU stack
Click any row above to see details.
Notes
- The overlay window holds different code depending on which game mode is active. Static analysis only sees what's loaded at the time of capture. The repo has separate overlay imports for: title screen, town (PROT 0897), battle (PROT 0898), and the menu/options overlay (PROT 0899; the historical “PROT 0896 @ 0x801C5818” attribution is refuted - that base was an over-read artifact).
- Several globals that look like data ("DAT_xxxxx" in Ghidra) are actually pointers to in-heap structs. The battle context at
0x8007BD24is the canonical example - Ghidra types it asint*, code accesses it as(*ptr)[N]. - The PROT TOC at
0x801C70F0is loaded from disc at boot. Sam's earlier TOC math used a wrong offset (toc[p+5]-toc[p+2]instead oftoc[p+5]-toc[p+3]+4); fixing it shifted classification of hundreds of entries.