The principle is simple: to get the crash point, it is required to locate  the
offset (see chapter 2) inside the disassembled program.

Objdump is a tool used to disassemble programs. Please note it should only  be
used on unstripped binaries because they provide important information such as
function names.

Objdump syntax is something like:
  ppc-morphos-objdump --syms --reloc --disassemble-all unstripped_exe >disassembled_exe

Alternatively, just use the hitmania makefile and type "make dump" to create a
"hitmania.dump" file.

Load the disassembled file in a text editor like MorphEd.
No need to be scared by the content :-) There is no need to understand powerpc
assembler to locate the crash offset.

The file is a list made of three columns:
- The first column is an offset.
- The second column is the hexadecimal form of a PPC instruction.
- The third column is the human readable form of a PPC instruction.

Just search the needed offset in the first column. Then find the  function  it
belongs to. The function name is always surrounding the columns list.

In the reference log, the crash offset is 0x624:
------------------------------------------------------------------------------
 624:	b0 83 00 00 	sth	r4,0(r3)
------------------------------------------------------------------------------

It is part of a little function called "WriteWord":
------------------------------------------------------------------------------
00000624 <WriteWord>:
 624:	b0 83 00 00 	sth	r4,0(r3)
 628:	4e 80 00 20 	blr
------------------------------------------------------------------------------

So the WriteWord() function did an illegal write to the address 0!