Editing PS2 Emulation

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 17: Line 17:
==PS2 emulators workload comparison==
==PS2 emulators workload comparison==
{{PS2 emulators workload comparison}}
{{PS2 emulators workload comparison}}
Note: Apparently ps2_gxemu SPU layout changed at some point (maybe ps2_emu too), and above table is not accurate for latest emu versions.<br>
0-6 layout for ps2_gxemu currently look like this: IOP, SPU2, IPU, VU1, EEDMA, GSGIF, UNK(probably isolation).


==PS2 Emulator Types and Revisions==
==PS2 Emulator Types and Revisions==
Line 480: Line 482:


===Video Modes===
===Video Modes===
'''Note:''' Real PS2 : https://web.archive.org/web/20180802152820/http://users.neoscientists.org/~blue/ps2videomodes.txt
'''Note:''' Real PS2 : http://users.neoscientists.org/~blue/ps2videomodes.txt


  Video Modes
  Video Modes
Line 942: Line 944:


===ps2_netemu.self===
===ps2_netemu.self===
Support for USB devices seems to be limited comparing to other available emulators. Although PS2 side of USB subsystem seems to be fully implemented. IOP emulator in SPU handle USB HW registers addresses and generate interrupt for PPU which later handle RW to mentioned registers in similar fashion to ps2_emu/ps2_gxemu. PS2 side of things can be disabled/enabled using one byte, when disabled USB writes are ignored, and USB reads return 0. Initial state is unknown. Emulator seems to accept HID controllers and use them as DS3.
<br/><br/>
Supported devices:
#BD Remote Control
#BD Remote Control
#PLAYSTATION(R)3 Controller (Vendor ID 0x54C, Product ID 0x268),  
#PLAYSTATION(R)3 Controller (Vendor ID 0x54C, Product ID 0x268),  
Line 958: Line 957:
#PS3 Dance Dance Revolution Dance Pad - not ps2 accessory, opposite arrows can't be pressed at the same time.
#PS3 Dance Dance Revolution Dance Pad - not ps2 accessory, opposite arrows can't be pressed at the same time.
#Pop'N Music controllers - Require PS2 to USB converter. Wrong button mappings can be fixed by remap in config file.
#Pop'N Music controllers - Require PS2 to USB converter. Wrong button mappings can be fixed by remap in config file.
#Retro-Bit Official SEGA Mega Drive USB 6-Button Controller. Mapped for PS3 already and also works with this emulator. Lacks analogue sticks and shoulder buttons.


==BIOS==
==BIOS==
Line 1,276: Line 1,274:


In PS2 Emulator same Title IDs are present with following information:  
In PS2 Emulator same Title IDs are present with following information:  
  SLPS25200 FINAL FANTASY XI          : 0x00000001
  SLPS25200 FINAL FANTASY XI          : 0x100000000 (4 GB?)
  SCUS97269 FINAL FANTASY XI          : 0x00000003
  SCUS97269 FINAL FANTASY XI          : 0x300000000 (12GB?)
  SLPM65981 Front Mission Online      : 0x00000001
  SLPM65981 Front Mission Online      : 0x100000000 (4 GB?)
  SLPM65197 Nobunagas Ambition Online : 0x00000002 (return different value in IOP SPEED 0x10000004 read (2 instead of default 3) )
  SLPM65197 Nobunagas Ambition Online : 0x200000000 (8 GB?)


==Emulators management from GameOS==
==Emulators management from GameOS==
Line 1,290: Line 1,288:
Vector at 0xC00 address.
Vector at 0xC00 address.
  0x00 -
  0x00 -
       0 = return ((unk from 0x1C30/0x1C38 << 56) | thread_number << 48 | ctrl_CT1 (in bit 30) | srr1_EE (in bit 15) | srr1_PS (in bit 14) | srr1_DR (in bit 4))
       0 = exec smth,  
          Where 0x1C30/0x1C38 is selected depending on current HW thread.
          Thread number is current SW thread
          ctrl_CT1 is lower bit of CT (Current Thread) from PPC Control Register (0 for HW0, 1 for HW1)
          srr1_EE is MSR Enable External Interrupts bit from time when exception occurred (from before syscall was executed)
          srr1_PS is MSR Problem State bit from time when exception occurred (from before syscall was executed)
          srr1_DR is MSR Data Relocate bit from time when exception occurred (from before syscall was executed)
       1 = 0x132 lv1 panic
       1 = 0x132 lv1 panic
       2 = 0x133 lv1 panic
       2 = 0x133 lv1 panic
Line 1,311: Line 1,303:
       anything else = LV1 panic
       anything else = LV1 panic
  0x04 - Unknown. Available for HW0 only.  
  0x04 - Unknown. Available for HW0 only.  
  0x05 - External interrupts disable (48 bit in MSR). Returns previous MSR state.
  0x05 - External interrupt disable (48 bit in MSR).
  0x06 - External interrupts enable (48 bit in MSR) if param & 0x8000 is not 0, otherwise disable them.
  0x06 - External interrupt enable (48 bit in MSR) with param 0x8000, otherwise do nothing.
      This sc is more like restore 48th bit of MSR, but many times emu use it to enable bit without using old state.
      Also, emulator panic LV1 if syscall is called while external interrupts are already enabled.
  0x0A - IPU emulation related syscall
  0x0A - IPU emulation related syscall
  0x0B - IPU emulation related syscall
  0x0B - IPU emulation related syscall
  0x0C - Used in PS2 COP0 MTC0/MFC0 r9/r25 (count/perf), decrementer/timing related, return value in r15.
  0x0C - Used in PS2 COP0 MTC0/MFC0 r9/r25 (count/perf), decrementer/timing related, return value in r15.
         Config CMD 0x17 disable that syscall for r9 (count) r/w, and alternative path is used. Perf r/w still use it.
         Config CMD 0x17 disable that syscall for r9 (count) r/w, and alternative path is used. Perf r/w still use it.
0x0E - PS2 counters/timers related (also used on vsync related functions).
0x0F - PS2 counters/timers related (also used on vsync related functions).
  0x10 - lv1 panic.
  0x10 - lv1 panic.
0x11 - Wrapper for lv1_read_virtual_uart(port_number, buffer, bytes) [HW0 only, only ports 0 and 2 available, else panic]
0x12 - Wrapper for lv1_storage_send_device_command(dev_id, cmd_id, cmd_block, cmd_size, data_buffer, blocks)
      [HW0 only, Available only for threads: VRC, MECHA, HDD, else panic]
      params are rearranged:
      r3 = cmd_block (0x245E000 is added to this value internally)
      r4 = data_buffer (0x245E000 is added to this value internally)
      r5 = blocks
      dev_id is taken from 0x245D008 and it is 0(HDD) for my dump.
      cmd_id = 0x88 and cmd_size is 8.
0x13 - Set thread info unknown byte to 1 for respective thread and set unknown byte to 1 in USB thread.
      [HW0 only, else panic. Available only for threads: BL2MAIN and BL2LNK, else do nothing in exception handler]
0x14 - Same as 0x13 but set all bits to 0 regardless which thread called it.
      [HW0 only, else panic. Available only for threads: BL2MAIN and BL2LNK, else do nothing in exception handler]
  0x1002 - Invalidate gpu hvcalls.
  0x1002 - Invalidate gpu hvcalls.
  0x800000XX - HV Syscall where XX is syscall nr.
  0x800000XX - HV Syscall where XX is syscall nr.
Line 1,470: Line 1,445:
===Config Commands===
===Config Commands===
  ps2_netemu.self fw4.50 sub_12D7D8, fw4.81 sub_12E050
  ps2_netemu.self fw4.50 sub_12D7D8, fw4.81 sub_12E050
params are uint32_t unless noted.


Below is a brief summary table with basic info about available config commands. <br>
At the time of writing this, most of the commands are completely or partially unknown.<br />
Detailed commands description can be found here: '''[[PS2_Emulation/PS2_Config_Commands|PS2 Config Commands]]'''. <br>
If you want to read some speculation and brainstorming about them, please join the {{talk}} page
If you want to read some speculation and brainstorming about them, please join the {{talk}} page. <br>


{| class="wikitable" style="font-size:85%; line-height:100%; text-align:center"
{| class="wikitable" style="font-size:85%; line-height:100%; text-align:center"
Line 1,496: Line 1,471:
| colspan="3" | ?
| colspan="3" | ?
|-
|-
! {{cellcolors|#fff|#000}} Skip r5900 CACHE IXIN/IHIN opcodes
! {{cellcolors|#fff|#000}} Switch something
| 0x02 || 0x02 || 0x03
| 0x02 || 0x02 || 0x03
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
Line 1,506: Line 1,481:
| colspan="3" | ?
| colspan="3" | ?
|-
|-
! {{cellcolors|#bd5|#000}} Alternative VIF1 DIRECT/DIRECTHL handler
! {{cellcolors|#bd5|#000}} Set DIRECT/DIRECTHL VIF1 in SP3 EEDMA
| 0x04 || 0x04 || {{cellcolors|#eee|#b44|center}} <abbr style="cursor:help; text-decoration:none" title="Not Available">0x05</abbr>
| 0x04 || 0x04 || {{cellcolors|#eee|#b44|center}} <abbr style="cursor:help; text-decoration:none" title="Not Available">0x05</abbr>
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#fff|#000}} Alternative VIF1 OFFSET handler
! {{cellcolors|#fff|#000}} Switch something
| 0x05 || 0x05 || 0x06
| 0x05 || 0x05 || 0x06
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#c96|#000}} Delay VU1 xgkick by X cycles
! {{cellcolors|#c96|#000}} Delay VU xgkick by X cycles
| 0x06 || 0x06 || 0x07
| 0x06 || 0x06 || 0x07
| 1 || style="text-align:left" | uint32_t
| 1 || style="text-align:left" | uint32_t
| colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="2=2cycles, 4=4cycles, 8=8cycles">cycles</abbr>
| colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="2=2cycles, 4=4cycles, 8=8cycles">cycles</abbr>
|-
|-
! {{cellcolors|#c96|#000}} Patch VU1 memory by <abbr title="two bit masks for original and patched data">bitmask</abbr>
! {{cellcolors|#c96|#000}} Patch VU memory by <abbr title="two bit masks for original and patched data">bitmask</abbr>
| 0x07 || 0x07 || 0x08
| 0x07 || 0x07 || 0x08
| 3 || style="text-align:left" | 8&nbsp;*&nbsp;uint32_t
| 3 || style="text-align:left" | 8&nbsp;*&nbsp;uint32_t
| colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="read mask, read mask, original opcode, original opcode, write mask, write mask, replace opcode, replace opcode">MASK</abbr>
| colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="read mask, read mask, original opcode, original opcode, write mask, write mask, replace opcode, replace opcode">MASK</abbr>
|-
|-
! {{cellcolors|#9f9|#000}} Patch EE memory 64 bit
! {{cellcolors|#9f9|#000}} Patch EE memory with 2 opcodes
| 0x08 || 0x08 || 0x09
| 0x08 || 0x08 || 0x09
| <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t&nbsp;+&nbsp;LIST
| <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t&nbsp;+&nbsp;LIST
| {{cellcolors|#9f9|#000|center}} <abbr title="amount of patches in the LIST">count</abbr> || colspan="2" {{cellcolors|#9f9|#000|center}} <abbr title="offset, original opcode, original opcode, replace opcode, replace opcode">LIST</abbr>
| {{cellcolors|#9f9|#000|center}} <abbr title="amount of patches in the LIST">count</abbr> || colspan="2" {{cellcolors|#9f9|#000|center}} <abbr title="offset, original opcode, original opcode, replace opcode, replace opcode">LIST</abbr>
|-
|-
! {{cellcolors|#9f9|#000}} Patch EE memory 32 bit
! {{cellcolors|#9f9|#000}} Patch EE memory with 1 opcode
| {{NA}} || {{NA}} || 0x0A
| {{NA}} || {{NA}} || 0x0A
| <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t&nbsp;+&nbsp;LIST
| <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t&nbsp;+&nbsp;LIST
Line 1,561: Line 1,536:
| {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start&nbsp;offset</abbr> || colspan="2" {{cellcolors|#f93|#000|center}} <abbr title="max 0x1FFFFFFF">end&nbsp;offset</abbr>
| {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start&nbsp;offset</abbr> || colspan="2" {{cellcolors|#f93|#000|center}} <abbr title="max 0x1FFFFFFF">end&nbsp;offset</abbr>
|-
|-
! {{cellcolors|#f93|#000}} FPU accurate MUL/DIV range
! {{cellcolors|#f93|#000}} COP2 accurate MUL/DIV range
| 0x0E || 0x0E || 0x10
| 0x0E || 0x0E || 0x10
| 32 || style="text-align:left" | 2&nbsp;*&nbsp;uint32_t
| 32 || style="text-align:left" | 2&nbsp;*&nbsp;uint32_t
Line 1,571: Line 1,546:
| colspan="3" {{cellcolors|#f93|#000|center}} <abbr title="min 0x000, max 0xFF8">offset</abbr>
| colspan="3" {{cellcolors|#f93|#000|center}} <abbr title="min 0x000, max 0xFF8">offset</abbr>
|-
|-
! {{cellcolors|#588|#fff}} VU0/COP2 multi cmd
! {{cellcolors|#588|#fff}} VU related ?
| 0x10 || 0x10 || 0x12
| 0x10 || 0x10 || 0x12
| <abbr title="command">1</abbr>→<abbr title="list">63</abbr> || style="text-align:left" | uint32_t&nbsp;+&nbsp;LIST
| <abbr title="command">1</abbr>→<abbr title="list">63</abbr> || style="text-align:left" | uint32_t&nbsp;+&nbsp;LIST
Line 1,581: Line 1,556:
| colspan="3" {{cellcolors|#dda|#000|center}} time ?
| colspan="3" {{cellcolors|#dda|#000|center}} time ?
|-
|-
! {{cellcolors|#f93|#000}} Alternative VU1 ADD/SUB
! {{cellcolors|#f93|#000}} VU1 transform ADD/SUB
| 0x12 || 0x12 || 0x14
| 0x12 || 0x12 || 0x14
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#fff|#000}} Patch IOP SPE program
! {{cellcolors|#fff|#000}} Set something with bit flags
| 0x13 || 0x13 || 0x15
| 0x13 || 0x13 || 0x15
| 1 || style="text-align:left" | uint32_t
| 1 || style="text-align:left" | uint32_t
| colspan="3" | 2 or higher
| colspan="3" | ?
|-
|-
! {{cellcolors|#fff|#000}} Unknown
! {{cellcolors|#fff|#000}} Unknown
Line 1,596: Line 1,571:
| colspan="3" | ?
| colspan="3" | ?
|-
|-
! {{cellcolors|#9cf|#000}} Alternative COP0 MTC0/MFC0 Count ($9) handler
! {{cellcolors|#9cf|#000}} COP0 configure MTC0/MFC0
| 0x15 || 0x15 || 0x17
| 0x15 || 0x15 || 0x17
| 1 || style="text-align:left" | uint8_t ?
| 1 || style="text-align:left" | uint8_t ?
Line 1,611: Line 1,586:
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#fff|#000}} End fromIPU DMA transfer on BCLR command
! {{cellcolors|#fff|#000}} Switch something
| 0x17 || 0x18 || 0x1A
| 0x17 || 0x18 || 0x1A
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#fff|#000}} IPU IDEC Hack
! {{cellcolors|#fff|#000}} Switch something
| 0x18 || 0x19 || 0x1B
| 0x18 || 0x19 || 0x1B
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
Line 1,636: Line 1,611:
| colspan="3" | ?
| colspan="3" | ?
|-
|-
! {{cellcolors|#fff|#000}} Enable VIF0 cmds MSXXX/MPG/FLUSHE timings.
! {{cellcolors|#fff|#000}} Set something
| 0x1C || 0x1C || 0x1F
| 0x1C || 0x1C || 0x1F
| 1 || style="text-align:left" | uint32_t
| 1 || style="text-align:left" | uint32_t
| colspan="3" | Initial cycles to run
| colspan="3" | ?
|-
|-
! {{cellcolors|#fff|#000}} Set something
! {{cellcolors|#fff|#000}} Set something
Line 1,656: Line 1,631:
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#fff|#000}} Snowblind Engine hack
! {{cellcolors|#fff|#000}} Switch something
| 0x1F || 0x20 || 0x23
| 0x1F || 0x20 || 0x23
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#ddf|#000}} SIO2 Delay
! {{cellcolors|#ddf|#000}} Internal image aspect ratio ?
| 0x20 || 0x21 || 0x24
| 0x20 || 0x21 || 0x24
| 1 || style="text-align:left" | uint64_t
| 1 || style="text-align:left" | uint64_t
Line 1,686: Line 1,661:
| colspan="3" | ?
| colspan="3" | ?
|-
|-
! {{cellcolors|#aaf|#000}} CDVD seek timing
! {{cellcolors|#aaf|#000}} CDVD read/seek timings ?
| 0x25 || 0x26? || 0x29
| 0x25 || 0x26? || 0x29
| 1 || style="text-align:left" | 2&nbsp;*&nbsp;uint32_t
| 1 || style="text-align:left" | 2&nbsp;*&nbsp;uint32_t
Line 1,696: Line 1,671:
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing''
|-
|-
! {{cellcolors|#aaf|#000}} Enable CDDA hack <abbr title="PS2 MECHACON related">(CDVD)</abbr>
! {{cellcolors|#aaf|#000}} Switch something <abbr title="PS2 MECHACON related">(CDVD)</abbr>
| 0x27? || 0x28 || 0x2B
| 0x27? || 0x28 || 0x2B
| 1 || style="text-align:left" | 0
| 1 || style="text-align:left" | 0
Line 1,716: Line 1,691:
| colspan="3" | ?
| colspan="3" | ?
|-
|-
! {{cellcolors|#fff|#000}} SPU2 multi cmd.
! {{cellcolors|#fff|#000}} Set something
| 0x2B || {{NA}} || 0x2F
| 0x2B || {{NA}} || 0x2F
| 1 || style="text-align:left" | uint32_t
| 1 || style="text-align:left" | uint32_t
Line 1,837: Line 1,812:
|}
|}


===Config file examples (for netemu)===
<!-- We need to find a better way to organize the commands info below, right now all the info is "constricted" inside the same table but is better to take them out of the table to have more freedon when adding comments, etc... Are a lot so by now i prefer to dont make page sections for every command. Im going to try something that visually looks like page sections but are not (so are not going to be displayed in the TOC at top of the page). With this change we are moving forward because the command info is not going to be inside the same table anymore, im going to split them but the visual look and other details are not going to be definitive because later can be converted into page sections if someone insists in it -->


====Official PS2 Classic====
See: [[PS2 Official Configs]]


====Official GXEMU/SOFTEMU extracted====
{{Boxcomm|id=0x00|name=Title ID Enforce / Multidisc config|data=1x String in format: ABCD-12345}}
See: [[PS2 Official Configs]]
Restricts the CONFIG to be used only by a specific [[Template:TITLE_ID_for_Physical_Media|Title ID]]
The presence of this command in the CONFIG is optional. If present it needs to be located always at the last position in the CONFIG. When bytes are present after Title ID, emulator read them to setup multidisc info.
Multidisc info bytes:
First byte:  Unknown, seems to be unused. 00 in known configs (Grandia 3).
Second byte: Discs count (0-9), when 0 or 1 emulator don't enable multidisc mode.
Third byte:  Which disc in set is this one (0-8 for discs 1-9)
Fourth byte: That one is optional, but very important. When set to 1,
              disc swap menu will be in "Reset game" menu and disc change will trigger reset (default behavior).
              But when this byte is set to 0, new option in main emu menu called "Switch Discs" will appear. Emulator change disc without reset.
              Keep in mind we don't know how accurate swap emulation is here, games are picky for some details.
              Every iso bin enc in set need to have proper data in separate config.
              Disc 1: ISO.BIN.ENC --> CONFIG --> 00 02 00 00, Disc2: ISO.BIN.ENC2 --> CONFIG2 --> 00 02 01 00, etc.


==== Custom Configs ====
{{Boxcomm|id=0x01|name=EE_ADD_HOOK|data=2x uint32_t Params (addr, func_id 0-0x3B)}}
See: [[PS2 Custom Configs]]
Most of the hooks availables in netemu command 0x01 are fixes for a specific game, or a game engine<br>
The Maximum Amount of times netemu command 0x01 can be used consecutivelly in the same config is 255. This is actually limit for EE hooks at all, 0x01 don't have own limit.


===Config data examples (hardcoded)===
<div style="overflow-x:auto">
====Inside ps2_emu.self====
{| class="wikitable" style="width:100%; font-size:0.9em; line-height:90%"
Embedded patches are based on Checksum/Hash of title. ps2_emu is only emulator version where patches are described inside self file in ascii. Known patch types described in ascii are: Patch data, new SPU2 params, and Setting mecha HACK to show GODZCD as GODZCDDA.
|-
 
!Function ID!! Notes
{| class="wikitable sortable"
|-
! PS2 Title !! Hash !! Game !! Patch Type !! Data
|0x00|| FIFA 2000 use it as hook for EE kernel at 0x800017E8 (DMAC related). Command backup value from r5900 s0 register.
|-
|0x01|| FIFA 2000 use it as hook for EE kernel at 0x80001858 (DMAC related). Command restore previously backed up value to r5900 s0 register.
|-
|0x02||
Max Payne
Write 0 to D_ENABLEW in SPE 3 (EEDMA). D_ENABLER is NOT updated on PPE side.
|-
|0x03||
Max Payne
Write 0xFFFFFFFF (0x10000, other bits are ignored anyway) to D_ENABLEW in SPE 3 (EEDMA). D_ENABLER is NOT updated on PPE side.
|-
|0x04|| Castle Shikigami II
Skip r5900 CACHE IXIN/IHIN (Index/Hit invalidate) opcodes. Same as 0x03 command, but applied of selected ee offset.
This is probably command from times when 0x03 was non existing, and while it apply on selected ee offset, command never recover default IXIN/IHIN handling.
Note: There is leftover in emulator from command that reenable default behavior, but is unused now, and is not accessible by current config commands.
|-
|-
| SCUS_971.46|| 0x6B1ADE00D||Disney's Treasure Planet || Patch data - Fixes black screen at start, it apply to STREAM_D.IRX file in IOP folder. || 0x147C (sector) , 0x580 (offset) (- 0xC on disc)
|0x05|| Force events test if D2_CHCR & 0x100 is true (if GIF dma is running). For more info check _cpuEventTest_Shared from pcsx2. Star Wars games developed by Pandemic Studios (freeze fix), Worms 3D and NBA 08.
Replace opcodes
00 01 01 3C lui at,0x0100
80 BF 03 3C lui v1,0xBF80
C8 10 63 8C lw v1,0x10C8(v1)
24 18 61 00 and v1,at
FB FF 61 10 beq v1,at, -0x10
00 00 00 00 nop
Original opcodes
FF FF 01 24 li at,-0x1
04 00 61 14 bne at,v1, +0x14
00 80 01 3C lui at,0x8000
02 00 41 14 bne at,v0, +0x0C
00 00 00 00 nop
0D 00 06 00 break 
|-
|-
|SLUS_201.74 ||0x23D92589C5|| Rumble Racing || Patch data - fixes black screen after Playstation 2 logo. Patch apply to AUDIO.IRX file in MODULES folder || 0x3AEDA (sector), 0x120 (offset)
|0x06|| Force events test if D1_CHCR & 0x100 is true (if VIF1 dma is running). For more info check _cpuEventTest_Shared from pcsx2.
Replace opcodes
06 00 80 14 bnez a0, +0x1C
21 20 43 00 addu a0,v0,v1
21 10 A0 00 move v0,a1
02 00 A0 14 bnez a1, +0x0C
00 00 00 00 nop
01 00 05 24 li a1,0x1
EB FF 40 10 beqz v0, -0x50
04 00 84 24 addiu a0,0x4
FC FF 90 24 addiu s0,a0,-0x4
Original opcodes
07 00 80 14 bnez a0, +0x20
21 80 43 00 addu s0,v0,v1
21 10 A0 00 move v0,a1
02 00 A0 14 bnez a1, +0x0C
00 00 00 00 nop
01 00 05 24 li a1,0x1
FC FF 40 10 beqz v0, -0x0C
00 00 00 00 nop
04 00 04 26 addiu a0,s0,0x4
|-
|-
|SLUS_211.96||0x24D92589D5|| Indigo Prophecy || new SPU2 params || 1
|0x07||  
|-
|-
|SLPM_661.93||0x608634992D|| <abbr title="https://www.gamefaqs.com/ps2/544598-indigo-prophecy/data">Fahrenheit (NTSC-J)</abbr> || new SPU2 params || 1
|0x08|| Backup current unmodified COP0 status register state. Then disable EI bit, and notify emu that cmd 0x09 could be run. Harry Potter - Quidditch World Cup US use it at offset 0x2BD45C (EE)
|-
|-
|SLUS_212.96||0x5CA15DF14D|| Dance Factory ||Setting mecha HACK to show GODZCD as GODZCDDA ||
|0x09|| Restore COP0 status register state from previously created backup. Harry Potter - Quidditch World Cup US use it at offset 0x2BD620 (EE)
|}
 
====Inside ps2_gxemu.self/ps2_softemu.self====
There are hundreds of configs hidden in ps2_gxemu, and ps2_softemu self files. Internal config structure is basing on custom hash based on Title ID, internal memory offset pointing to place where true patch instruction is, and count of used commands. When disc/iso is started emulator search for configs, and if config for selected ID exist, then emulator apply it by itself. Is not perfect way of applying patches, because some games use the same ID, but different content. Good example here is Star Wars Battlefront II SLUS-21240, where some versions of game can refuse to work because it apply bad patch.
 
{| class="wikitable sortable"
! PS2 Title !! Hash !! Game !! Patch Type !! Data
|-
|-
| ||  || ||  ||  
|0x0A|| Fix for TriAce executable unpack function.
|}
  Games unpack data using VU0 microruntime (not COP2). Because unpack involve floating points operations result can be inaccurate. And it is,
 
  exactly by 1 byte. Config add 1 to result of unpacked data. This can be confirmed also on pcsx2 with turned off TriAce hack, example for Radiata Stories US release.
==Known Emulation Bugs==
  Set breakpoint on 0x124D90, and then when it's hit, add 1 to lower 64 bits of vf03 reg (in vu0f tab) and hit run.
This list known bugs inside emulator code that make emulation inaccurate. Since those are only EE side bugs for now, ps2_gxemu/ps2_netemu/ps_softemu share the same issues.  
Game now work as it should. On PS3 this probably can be fixed also by 0x11 command, but since they had hook already done before 0x11 was a thing, it stayed as is.
{| class="wikitable sortable"
! Bug !! Description !! Known Affected Games
|-
|-
| Missing Emotion Engine Data Cache emulation || Emulating that is literally not possible without making games run at 3 fps. Fixed by patches to game image, or EE code. Instruction Cache (not Data) seems to be implemented, at least partially. || Ice Age 2, DOA2: Extreme, Nascar 2009.
|0x0B|| Set lower 64 bits of mips $at register to 0
|-
|-
| Branch delay slot violation not supported on EE || Some games have Branch instruction inside Branch delay slots, this is not emulated correctly on EE (VU have proper emulation of that). This is patched in configs by rearangging MIPS code. || WRC 3,4,Rally Evolved, one of Action Replay discs. 
|0x0C|| Piglet's Big Game
|-
|-
| Unmapped write only EE memory (confirmed only for SIF) || Reads/Writes to 0x2000000+ shouldn't throw bus error on dma transfers. Write should be performed as successful, memory should stay unchanged. Reads should return 0. || Games developed by In Utero, while creating initial save file, send DMA where address is EE stack pointer. At the time of transfer start $sp is too high, and requested transfer size make MADR overflow above 0x2000000 at some point. This is game bug, and happen also on real hardware. Fixed by config.
|0x0D|| usleep(100)
|-
|-
| VIF bugs || There is no correct timing, and queuing for some VIF commands like MSCAL. || Snowblind Engine games. Probably more.  
|0x0E|| Used 3 times in Need for Speed - Carbon [Collector's Edition] US.
Used in place where game load code overlays, and in place where game self modify code.
Config run the same function which is run when PS2 syscall 7 (ExecPS2) hook is triggered (0x1831A8 in latest emu memory).
Only difference is that 0x42 overlay is not reloaded, and check for "cdrom0" string is not performed.
Command could be potentially useful for games that like to change own code. Eg. Load "bin" files with code (HSG/HST), or modify own code by direct writes to memory (NFS Carbon CE...)
|-
|-
| XGKick is instant || Some games expect to XGKick happen few cycles in future, on PS3 is done instant. Fixed by config 0x07 which delay XGKick by selected value || WRC series, Wakeboarding Unleashed, TriAce games, World of Outlaws - Sprint Cars, Ty - The Tazmanian Tiger, dot Hack - G.U. series, and more
|0x0F||  
Grand Theft Auto 3 (SLUS-20062)
using 0x348B40, 0x18E1F0, 0x348EC8 ( + 200000000 base )
0x348B40 = start CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
0x18E1F0 = start CCollision::ProcessColModels((CMatrix const &, CColModel &, CMatrix const &, CColModel &, CColPoint *, CColPoint *, float *))
0x348EC8 = Almost end (only loading values preserved on stack) of CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
|-
|-
| COP2 instructions are instant || Some games rely on fact that COP2 operations can take some time, on PS3 emulators they are done instantly due to lack of correctly emulated pipeline Patched by rearranging mips code || FFX, FFX-2, Ghost in The Shell SAC, Ace Combat series, Sprint Cars 1/2, Black, Run Like Hell, Everblue 2, Dragon Quest - Shounen Yangus no Fushigi na Daibouken, and many more
|0x10||  
Grand Theft Auto 3 (SLES-50330)
using 0x349790, 0x18E1F0, 0x349B18 ( + 200000000 base )
0x349790 = start CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
0x18E1F0 = start CCollision::ProcessColModels((CMatrix const &, CColModel &, CMatrix const &, CColModel &, CColPoint *, CColPoint *, float *))
0x349B18 = Almost end (only loading values preserved on stack) of CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
|-
|-
| VU0 is not running in sync with EE core || VU0 is running program "at once", which mean that VU0 run until it hits E bit. From EE perspective it looks like whole VU0 program run in 1 cycle. Games that expect VU0 registers to be changed from EE side while VU0 is running are broken due to that. Partially resolved using 0x12 command with 2/3 subcommands, or by code rearranging.|| 24 The Game, ATV Quad Power Racing 2, Twisted Metal Head-On, Primal, Ghosthunter, Rayman Arena, Rayman 3, Largo winch. All games using M-bit.
|0x11||  
Grand Theft Auto 3 (SLES-50793)
using 0x3495C0, 0x18E1F0, 0x349948 ( + 200000000 base )
0x3495C0 = start CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
0x18E1F0 = start CCollision::ProcessColModels((CMatrix const &, CColModel &, CMatrix const &, CColModel &, CColPoint *, CColPoint *, float *))
0x349948 = Almost end (only loading values preserved on stack) of CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
|-
|-
| M-Bit not supported || Emulator ignore VU0 M-Bit, that cause issues for games that need it to work correctly. This is done because there is no way to sync correctly running VU0 without sync with EE. Partially resolved on emu using 0x12 command with 2/3 subcommands, or direct VU0/MIPS code rearranging. || Totally Spies! Totally Party, Mike Tyson Heavyweight Boxing, My Street, Crash Twinsanity, Marvel Nemesis, Panzer Elite Action - Fields of Glory, TriAce games (speed optimizations only), Super Monkey Ball Adventure, most Eko Software games, and many more.
|0x12|| Disney/Pixar Finding Nemo (fixes the pause menu freeze)
if COP0 status EI and EXL bits are 0, and other condition related to DMAC is met...
store 0 in [ 0x204FC500 + 200000000 base] 0x4FC500 EE memory, and set lower 64 bits of mips $s0 register to 0.
|-
|-
| T-Bit not supported on VU0 || Emulator ignore VU0 T-Bit, that cause issues for games that need it to work. Note: T-Bit is correctly handled for VU1. || Spiderman 3 set T-Bit, then do cfc2 from TPC (address where VU0 stopped). Since T-Bit is ignored, TPC is wrong. Value is later copied to CMSAR0, and program continue at wrong address. Well that's what should happen, but T-Bit also not signalize correct bit in VPU-STAT. Causing another issue, also in Spiderman 3.  
|0x13|| Snowblind Engine specific fix. Applies to the beginning of function called initLump. Config is responsible for grabbing data from one of registers for use in 0x14/0x15 hooks. Mentioned data is EE memory offset, if data from 0x13 is 0, 0x14/0x15 don't apply.
|-
|-
| Emulator do not update correct flag instances for COP2 while ending VU0 program on Ebit || This cause few games to read bad flag status (not status flag!) on COP2. This is resolved on emu by forcing update of MAC flag on every STATUS flag read (by config 0x12), this cause slowdowns creating a lot of unnecessary operations. || Driving Emotion Type-S, State of Emergency 2, The Getaway Black Monday.
|0x14|| Snowblind Engine specific fix. Applies to the end of function called initLump. Used in the older version of Snowblind Engine (Dark Alliance duology, The Bard's Tale, Fallout).
|-
|-
| Not updated status flag when VDIV/VSQRT/VRSQRT is done on COP2 || Potential bad flag state can cause a lot of issues that are not related on first sight || Yanya Caballista (already patched by custom config)
|0x15|| Snowblind Engine specific fix. Applies to the end of function called initLump. Used in the newer version of Snowblind Engine (Champions duology, Justice League Heroes, Combat Elite).
|-
|-
| In corner cases emu select wrong block flags pipeline state (both VU0/EEonBE and VU1/VRC affected). || This can cause various issues, mostly SPS, missing graphic, specific slowdowns, etc. Issue seems to occur when branch/jump delay slot have opcode important for flags calculation. Theory is that cached microprogram don't include modified flags state from delay slot instruction. So when already recompiled program is fetched from pool, it will miss one cycle in fmac flags pipeline. This can be crucial in games that rely on it. || Tales of Legendia and Klonoa 2 set sticky flag bits to 0 and branch with sub.xyzw in delay slot (expecting that sub change status flag), Tamsoft engine games set sticky bits to 0 in branch delay slot, this was most ridiculous bug, because problematic branch was pointing to next opcode after delay slot, removing branch was enough. True Crime: NY is only known game where VU0 is affected by this bug. more..
|0x16|| Champions of Norrath (SLUS-20565)
store 0x01114BA8 in [ 0x208EAB4C + 200000000 base]
store 0x010C9E40 in [ 0x208EAB6C + 200000000 base]
|-
|-
| CTC2 opcode write whole value to R register, while only 23 bits are writable. Rest is hardcoded to 0x3F800000. || Can cause many weird issues like broken physics, broken graphics. PCSX2 was also affected [[https://github.com/PCSX2/pcsx2/pull/6611 more]]. || The one game that is known to be affected, and is already patched, is Musashi: Samurai Legend.
|0x17|| NFS HP2 fpu rounding fix.
Check if a0 == 0x8000 (32768), apply config if true. Config is little bit more complicated than it should, emu flush all fpu regs to memory just to modify one field in altivec vector register.
When condition is met ps2 cop1 f08 register is modified from 0x40490FDB to 0x40490FDA, this result in next operations to end up as negative 0.0 (0x80000000) instead of just 0.0 (0x00000000).
Seems to trigger when loading of stage or loading of attract mode is close to finish or done.
|-
|-
| CFC2 from R register should return only 23 lower bits. || CFC2 from R on real PS2 return only lower 23 bits. Originally found out by PCSX2 team [[https://github.com/PCSX2/pcsx2/pull/8409 more]] and later confirmed to affect ps2_netemu in emu assembly. || There is only one game that is known to be affected, Onimusha Dawn of Dreams.
|0x18|| Okami PAL specific hook.
Check if opcode at 0x183F04 of EE memory is jal 0x183CB0 (0x0C060F2C). This is used to run additional hook patcher only 1 time.
  Later it will be nop here. so it means that new hooks are already applied. So function will just return early.
if opcode at 0x183F04 is still jal 0x183CB0 (0x0C060F2C),
then patch addresses 0x183F04 (jal 0x183CB0), 0x183F34 (jal 0x183CB0), 0x183F3C (jal 0x183D18) to nop.
Finally adds 3 additional EE hooks. Emu addresses for ps2_netemu 4.70+
EE address | EMU address
0x183F0C  | sub_46334
0x183F3C  | sub_45DA4
0x183D74  | sub_47B50
First hook is responsible for grabbing EE addresses from one of EE gpr register. Second hook perform few checks from data in EE gpr registers, and
eventually store data from EE gpr registers on previously grabbed addresses. Hook 3 store one of previosly grabbed EE address on unknown part of memory.
Whole thing looks like HLE version of noped functions.
|-
|-
| Missing floating point result overflow/underflow detection (U/O flags not set) || Since this affect all units (FPU/VU), many issues can occur. But in reality it seems to not affect any games. While this is easier to implement than on x86 system (full floats range, compared to ieee754), there is no way to do that by hardware way. Because SPU add/sub don't set those flags on single precision operations, and vmx have them disabled in spu compatibility mode. || Superman Returns.
|0x19|| Burnout 2
Copy lower 64 bits of $v0 r5900 register to lower 64 bits of $a1 r5900 register.
All that to make next opcode (hook address + 4) "beq $a1, $v0, addr" always true. Because $a1 and $v0 now have the same value.
This in turn skip CTimer::GetTimeSeconds((void)) in function CReplay::NextFrame((CDrivingControls *)). Worth to note that CReplay::NextFrame seems to be not related to replay per se, but to car physics.
|-
|-
| DMA between SPR and VU1 memory cause emulator panic. || Currently cause is unknown. It seems that functions responsible for transfer don't check that VU is running. Manual state that dma can be performed only when VU is not active, and pcsx2 wait until VU end. Games affected in emulators on ps3 display this warning in pcsx2 if mtvu is enabled: "MTVU: SPR Accessing VU1 Memory". Affected games are fixed by rearranging code to do lq/sq loop instead of DMA. || Summoner 2 (SPRfrom to VU1 data mem), Kaena (SPRto from VU1 data mem).
|0x1A||  
store 0 in [ 0x209FD560 + 200000000 base]
store 0 in [ 0x209F9550 + 200000000 base]
store 0 in [ 0x20A01570 + 200000000 base]
store 0 in [ 0x209F9540 + 200000000 base]
store 0 in [ 0x209F5540 + 200000000 base]
store 0 in [ 0x209F1530 + 200000000 base]
|-
|-
| IOP SIF0/1 DMA IRQs can be disabled (masked), which is not true on real hardware. || IOP interrupts 0x2A and 0x2B should always trigger. Fixed by patches to IOP code. Ps2_emu seems to be unfacted, probably handled on real hw in CXD9208GP. || Knockout Kings 2001, DOA2: Hardcore.
|0x1B||
store 0 in [ 0x20552168 + 200000000 base]
|-
|0x1C||
store 1 in [ 0x20552168 + 200000000 base]
|-
|0x1D||
store 0 in [ 0x20556C08 + 200000000 base]
|-
|0x1E||
store 1 in [ 0x20556C08 + 200000000 base]
|-
|0x1F||
store 0 in [ 0x205243D8 + 200000000 base]
|-
|0x20||
store 1 in [ 0x205243D8 + 200000000 base]
|-
|0x21||
store 0 in [ 0x20524F88 + 200000000 base]
|-
|0x22||
store 1 in [ 0x20524F88 + 200000000 base]
|-
|0x23||
store 0 in [ 0x2047E7F8 + 200000000 base]
|-
|0x24||
store 1 in [ 0x2047E7F8 + 200000000 base]
|-
|0x25||
store 0 in [ 0x204802B8 + 200000000 base]
|-
|0x26||
store 1 in [ 0x204802B8 + 200000000 base]
|-
|0x27||
store 0 in [ 0x20586348 + 200000000 base]
|-
|0x28||
store 1 in [ 0x20586348 + 200000000 base]
|-
|0x29||
store 0 in [ 0x205868A8 + 200000000 base]
|-
|0x2A||
store 1 in [ 0x205868A8 + 200000000 base]
|-
|0x2B||
if ($a1 & 0xF0000000 != 0) a1 = 0
|-
|0x2C|| Shin Onimusha - Dawn of Dreams Fix IPU DMA JPN((PlayStation 2 the Best)/US release.
|-
|0x2D|| Shin Onimusha - Dawn of Dreams Fix IPU DMA PAL release.
|-
|0x2E|| Shin Onimusha - Dawn of Dreams Fix IPU DMA Unk release. Code from emu match SLPM-66275 release. Why it is unused? Hook address will be 0x3BB4EC.
|-
|0x2F||
if value at EE Mem 0x37B0C4 == 0, set mips pc register (program counter) to 0x100B98
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0.
|-
|0x30||
if value at EE Mem 0x37B704 == 0, set mips pc register (program counter) to 0x100B98
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0.
|-
|0x31||
if value at EE Mem 0x37630C == 0, set mips pc register (program counter) to 0x100BA8
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0.
|-
|0x32||
if value at EE Mem 0x37BB0C == 0, set mips pc register (program counter) to 0x100BA8.
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0.
|-
|0x33||
|-
|0x34|| not filled
|-
|0x35|| Ninkyouden: Toseinin Ichidaiki
|-
|0x36||
|-
|0x37||
|-
|0x38||
|-
|0x39|| Used silently in command 0x4B with first param from 0x4B as hook address. Hook seems to be unusable without 0x4B command, because there is no way to setup redirect mode and ID without 0x4B.
|-
|0x3A|| Used silently in command 0x4C with first param from 0x4C as hook address. Hook seems to be unusable without 0x4C command, because there is no way to setup redirect mode and ID without 0x4C.
|-
|0x3B|| Grand Theft Auto 3 (SLPM-55293 "Rockstar Classics")
using 0x351210, 0x18F590, 0x351568 ( + 200000000 base )
0x351210 = start CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
0x18F590 = start CCollision::ProcessColModels((CMatrix const &, CColModel &, CMatrix const &, CColModel &, CColPoint *, CColPoint *, float *))
0x351568 = Almost end (only loading values preserved on stack) of CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *))
|}
|}
===Software emulation bugs===
</div>
Related to the GS emulation issues mostly. Apply to the ps2_netemu especially.
 
{| class="wikitable sortable"
{{Boxcomm|id=0x02|name=Unknown|data=1x int32}}
! Bug !! Description !! Known Affected Games
Used in function that handle D6 CHCR writes (SIF1), seems to be some kind of timing command for EE --> IOP DMA.
*Valid values found:
**1000d
**3000d
**6000d
 
{{Boxcomm|id=0x03|name=Unknown|data=N/A}}
Skip r5900 CACHE IXIN/IHIN (Index/Hit invalidate) opcodes.
 
{{Boxcomm|id=0x04|name=Unknown|data=1x uint32_t index (i*0x80, special 0x12345: 0x91a280?)}}
Patch SPE 3 program (eedma) by searching for ila r4, xxxxx, starting at 0x178A0 and replacing them with (0x42000004 | ((value << 7) & 0x1FFFF80)
0x42000004 is ila r4 opcode. Due to opcode encoding example result of that patch with value 0x08 will be 0x42000404 (ila r4, 0x08). There is little bit more than that, but main purpose is just to patch SPE program behavior.
*Valid values found:
**0x08
**0x10
 
{{Boxcomm|id=0x05|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x06|name=Unknown|data=N/A}}
Change VIF1 command 02h OFFSET behavior by patching pointer to function which process it to different previously unused function.
 
{{Boxcomm|id=0x07|name=Delay VU xgkick by X cycles|data=1x uint32_t}}
Default 1
 
{{Boxcomm|id=0x08|name=Patch VU memory by mask |data=8x uint32_t (read mask,read mask, original opcode, original opcode, write mask, write mask, replace opcode, replace opcode)}}
Maximum Amount of Usage: 3 times
{{Boxcomm|id=0x09|name=EE_INSN_REPLACE64|data=uint32_t count, <list> (offset, original opcode, original opcode, replace opcode, replace opcode)}}
Maximum List Count: 32
*Valid values found
**1 [Dark Cloud] and [Dead Or Alive 2 Hardcore]
 
{{Boxcomm|id=0x0A|name=EE_INSN_REPLACE32|data=uint32_t count, <List> (offset, original opcode, replace opcode)}}
Command present only in the ps2_netemu. Maximum List Count: 32
*Valid values found
**1 [Deadly Strike]
**2 [Dragon Force]
 
{{Boxcomm|id=0x0B|name=MECHA_SET_PATCH|data=1x uint32_t count, <List> {sector id, offset, sizeof present opcodes, replace opcodes, original opcodes)}}
Offset on the disc = sector id * sector size + offset + correction [see below]<br>
Offset correction is based on selected read mode (not on media type):<br><br>
CDRead requested block size (CD disc):
*2048 = Offset + 0x18 (skip 12 sync bytes, 4 of header, and 8 of subheader)
*2328 = Offset + 0x18 (skip 12 sync bytes, 4 of header, and 8 of subheader)
*2340 = Offset + 0x0C (skip only 12 bytes of sync data)
 
DVDRead requested block size (DVD Disc):
*2064 = Offset match, but only until the 349th sector. Otherwise is offset - 0x0C because that read mode see data as ID DATA (4) + ID DATA EDC (2) + Reserved bytes (6) + 2048 data + EDC (4).
 
"Offset + XX" for CD assume that you use Isobuster RAW mode. "Offset - XX" for DVD assume that you use Isobuster NON RAW mode<br>
Special case is DVD read on very low sector, here you need to use exact offset without substrating 0x0C. Highest confirmed sector that don't use correction for now is 349.
  [Dead Or Alive 2 Hardcore] uses 7
  [Gradius V] uses 1
  [Grand Theft Auto III] uses 1
  [Katamari Damacy] uses 1
  [Manhunt] uses 1
  [Odin Sphere] uses 2
  [Primal] uses 1
  [Psychonauts] uses 1
  [Syphon Filter The Omega Strain] uses 1
Maximum List Count: 47
 
{{Boxcomm|id=0x0C|name=Unknown|data=1x (uint16_t, uint16_t)}}
First param can be 0, 1, or 2. Second param in range of 0 and 0xFFFF. Second param is used only if first param == 1. Default values are (1, 0x1000) for PS2DVD, and (1, 0x400) for PS2CD and PS2CDDA.<br>
Other valid values for the second param (found in oficial configs ?): 0x180, 0x800
 
{{Boxcomm|id=0x0D|name=Unknown|data=1x int32}}
True/false. Default = 1
0 = Skip some IOP related code responsible for check value from IOP SPE LS 0x2C0C0 (and skip panic if value is 0 or -1).
Also skip write of value 0x80000000 to SPU Signal Notification 1 Register of IOP SPE.
 
{{Boxcomm|id=0x0E|name=Improves ADD/SUB accuracy|data=1x int32}}
1 Param offset --- Improves ADD/SUB FPU/COP2 accuracy for selected offset. Work with opcodes from commands 0x26/0x27. Basically command like 0x0F just per offset, no per range.
  [Rygar] only has 0x147DA8 sub.s  $f12, $f20, $f12
Used in official configs: SCUS97501=0x3C458C, SCES53642=0x3C4854, SLUS21026=0x386864, SLUS20916=0x121F64, SLUS20437=0x11EDF0
Maximum Amount of Usage: 32 times
 
{{Boxcomm|id=0x0F|name=More accurate ADD/SUB memory range|data=List <uint32_t Param, uint32_t Param>}}
More accurate memory range. This command is combined 0x26, and 0x27 command.
  [Dark Cloud] uses 0x239334, 0x1FFFFFF
  [Grand Theft Auto SA] uses 0x1E46DC, 0x1E4AE8
Maximum Amount of Usage: 32 (if there is no additional 0x26/0x27 command)
 
{{Boxcomm|id=0x10|name=MULDIV Accurate range|data=List <uint32_t Param, uint32_t Param>}}
More accurate MUL/DIV handling on selected memory range for selected FPU opcodes. Effectively work only with:
MUL.s, DIV.s, MULA.s, MADD.s, MSUB.s, MADDA.s, MSUBA.s.
For ADD/SUB opcodes, command is active only on Multiply stage.
Maximum List Count: 32
 
{{Boxcomm|id=0x11|name=VU0 Accurate ADD/SUB|data=1x uint32_t Param}}
Param is VU0 (MICROPROGRAM) memory offset, correct param is in range of 0x000 to 0xFF8.
Lower pipeline fetch opcode from address, Upper from address + 4. So correct address for config needs to be 8 bytes aligned.
Used in official configs: SLUS21172=0x208, SLUS20878=0x140,0x368,0x570
Maximum Amount of Usage: 32 times
 
{{Boxcomm|id=0x12|name=Unknown|data=<List> (uint32_t count,}}
VU0/COP2 related multicommand.
First 8 bytes of that command are special flags. Not quite sure about bytes 5-8 yet,
because at some point they are used to "andc" with first 4 bytes.
Some examples for first 4 bytes:
0x1000    = Run additional flag related code after every FMAC operation, VU0 only, COP2 do this by default.
0x2000    = Emit some additional code when lower opcode is fsset, this flag require 0x1000 to be enabled. VU0 only.
0x100000  = When enabled opcodes like MSUB, MADDA, etc, do proper multiply first, then add/sub. When disabled (default) single opcode is used (vmaddfp / vmmsubfp). Not used in COP2 mode.
              Note: When this command is disabled, then "Accurate MUL" is skipped for MADDxx/MSUBxx regardless that 0x30000000 is set or not.
              Because there is no way to do correct MUL separately when altivec madd/msub is used.
0x200000  = Run some additional code in VU0 load/store opcodes (ILW, LQI, ISWR, etc.) Not used in COP2 mode.
0x400000  = Skip emu syscall 3 (3)
0x800000  = Skip emu syscall 3 (4)
0x4000000  = Enable type 2 config from cmd 0x12.
0x8000000  = Accurate VU0 DIV opcode, not used in COP2 mode.
0x10000000 = Fast Accurate VU0 MUL. Try to round mantissa. Opcodes like MSUB/MADD additionally require 0x100000 to be enabled, otherwise command skip them. Not used in COP2 mode.
0x20000000 = Full Accurate VU0 MUL. Use runtime from CMD 0x10, but for every matching VU0 opcode, including opcodes like MSUB for mul part.
              Opcodes like MSUB/MADD additionally require 0x100000 to be enabled, otherwise command skip them.
Selecting both 0x10000000 and 0x20000000 (0x30000000) work the same way as 0x20000000.
Keep in mind that you still need to use at least 8 bytes for cmd 0x12, just use 00 for bytes 5,6,7,8.
Later bits are dependent on which subcommand we want to run.
 
  [Primal] uses 0xD of type 2/3 subcommand (minus 0x2 for flags)
  [Rayman Arena] uses 0x11 of type 2/3 subcommand (minus 0x2 for flags)
  [Syphon Filter: The Omega Strain] uses 0x5 of type 1 subcommand (minus 0x2 for flags)
Maximum List Count: 63
 
{{Boxcomm|id=0x13|name=Memory card timing related delay|data=1x uint64_t Param}}
0x9bdc  (39900)  - Used by "Phantasy Star Universe" (official config for SLPM-66031), "WRC II Extreme", and "Burnout Dominator"
0xf960  (63840)  - Used by "Jak X: Combat Racing" (official config for SCUS-97429), and "Netsu Chu! Pro Yakyuu 2004"
0x1d394 (119700) - Used by "Jissen Pachi-Slot Hisshouhou! Kemono-Oh" (official config for SLPS-20131)
 
{{Boxcomm|id=0x14|name=VU1 transform ADD/SUB|data=N/A}}
When enabled ADD/SUB VU1 opcodes are processed differently on recompiling/translation stage. Seems to be very specific hack, most likely not usable outside of THPS 4+ engine games. <br>
Note: This setting affects only VU1, and only ADD/SUB. All other opcodes like ADDi,ADDq, MSUB, ADDbc, are not affected.
 
{{Boxcomm|id=0x15|name=Unknown|data=1 Param ( <1, >1 )}}
Patch SPE 0 (IOP) program in local memory. Command search for absolute branches in LS 0x3A2C0 - 0x3A6C0 and patch first branch that match to "bi r127". That weird approach was probably used because spe program differ little bit between emu versions, so they don't need to update command on every new emu revision. Currently (4.75+) this command patch branch at address 0x3A3A4 (bra sub_2E600). This command takes partially unused value. Value 0,1 do nothing, values 2 and above run command. Doesn't matter is 2,4, or 10. Nothing will change in command behavior.
[Aeon Flux] uses 2 (gxemu config)
[Bloodrayne 2] uses 4
[GRIMgRiMoiRe] uses 4
[Mana Khemia 2] uses 4
[Odin Sphere] uses 4
[SMT Persona 3 FES] uses 4
[Parappa the Rapper 2] uses 0x14 (softemu config) or 0x4 (gxemu config)
{{Boxcomm|id=0x16|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x17|name=COP0 configure MTC0/MFC0|data=1x int32 ?}}
True/false. Default 0.
<br>Command change behavior of MTC0/MFC0 operation of COP0 Count ($9) register. When enabled time base register is used as a base for calculation, when disabled decrementer register is used as a base for calculations (using emu syscall 12).
[Bully] uses 1
 
{{Boxcomm|id=0x18|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x19|name=Force analog controller mode|data=N/A}}
Skips check for analog/digital controller mode and returns forced analog mode
[Grand Theft Auto III]
[Grandia II]
[Red Faction 2]
[Siren]
 
{{Boxcomm|id=0x1A|name=Unknown|data=N/A}}
IPU hack to end fromIPU DMA transfer on BCLR command (store 0 on D3_QWC and D3_CHCR.STR). Not stopping that transfer is actually correct behavior..
 
{{Boxcomm|id=0x1B|name=Unknown|data=N/A}}
When IDEC command don't finish, probably due to bad timings. Hack clear D3_CHCR.STR bit when there is still QW left in D3_QWC reg , and IDEC finished already.
[Mana Khemia 2]
 
{{Boxcomm|id=0x1C|name=Emulate Multitap|data=read uint32_t (use uint8_t)}}
Enables/disables Multitap emulation. Default 3
0 = disable multitap emulation
1 = enable multitap in controller port 1 (when needed)
2 = enable multitap in controller port 2 (when needed)
3 = enable multitaps in both controller ports (when needed)
  [Medal of Honor: European Assault] uses 1
  [Twisted Metal: Black] uses 1
 
 
{{Boxcomm|id=0x1D|name=Set Multitap|data=read uint32_t (use uint8_t)}}
Sets multitap to specific controller ports and adjusts the order of ports to which controllers are synced. Default 0?
0 = no multitap set (only when needed)
    Controller sync order: 1/1-A, 2/2-A, 1-B, 2-B...
1 = sets multitap in controller port 1 at all times
    Controller sync order: 1/1-A, 1-B, 1-C, 1-D...
2 = sets multitap in controller port 2 at all times
    Controller sync order: 1/1-A, 2/2-A, 2-B, 2-C...
3 = sets multitaps in both controller ports at all times
    Controller sync order: same as 0
  [Medal of Honor: European Assault] uses 1
  [Twisted Metal: Black] uses 1
  [Mystic Heroes] uses 2 (game does not detect multitap in controller port 1)
  [Sonic Riders] uses 2 (GX config, game may not detect multitap in controller port 1)
 
{{Boxcomm|id=0x1E|name=Multitap related|data=read uint32_t (use uint8_t)}}
[FIFA 2001] uses 3 (settings for both multitaps?)
 
{{Boxcomm|id=0x1F|name=Unknown|data=1x uint32_t}}
Default 1
Make VIF0 commands MSCAL/MSCALF/MSCNT/MPG/FLUSHE non instant. By default every VIF0 command take 1 cycle, so it's instant.
This config give vif0 some timing sense.
When delta from config passed and vpustat vu0 bits are non 0 (so practically if vif0 is still running),
add 500 cycles and go on until next event test before doing anything on vif0.
This can also be used to ensure that next vif0 command won't run until delta from config passed.
Value from config is added to current r5900 cycles and vif0 will do nothing unless current cycles match new value.
*Valid values found: 200d, 1000d
 
{{Boxcomm|id=0x20|name=Unknown|data=1x uint64_t}}
Default 0x3C
Config value is used as multiplier for some value, and result is used in vsync related runtimes.
Is worth to note that 0x3C is default multiplier even for PAL titles, so is not stricly related to framerate,
but to vsync counters (where 0x3C is still wrong anyway..). Result of multiply is also compared at some point to vsync delay value.
*Valid values found: 10d, 60d, 100d, 120d, 200d, 240d
 
{{Boxcomm|id=0x21|name=Unknown|data=1x uint32_t}}
Option one default value = 1, when set to 0: r5900 CACHE opcode IXLTG store 0 in COP0 TagLo register. More than that recompiler skip function responsible for analyze and emitting costly iCache checks.
This drastically reduce emitted code size, and practically disable iCache emulation. Additionally CACHE IXIN/IHIN opcodes use different very long code path (this can be skipped with cmd 0x03).
Option two default value = 0, when set to 1: Emit some kind of check for current r5900 PC with possible trap (tw opcode) at the end. 1 is valid only when option one is 0.
0 = sets an option one to 0 and option two to 0
1 = sets an option one to 0 and option two to 1
2 = sets an option one to 1 and option two to 0 (default)
  [Fatal Frame II] uses 0
  [Grand Theft Auto Vice City] uses 1
  [Grand Theft Auto III (EU)] uses 1
  [SMT Persona 3 FES] uses 0
 
{{Boxcomm|id=0x22|name=Unknown|data=N/A}}
Sets something 1
 
{{Boxcomm|id=0x23|name=Unknown|data=N/A}}
Copy VIF1 command 01h STCYCL handler struct into unused 08h slot (slots are 100 bytes per command, include pointer to function that handle command, and other data). Then patch slot 08h function pointers to function at 0x14E00. 08h is normally unused, and handled as a NOP. This command is useful only with additional 0x01 (0x13-0x15) hooks, which inject 08h VIF1 command into game code when other conditions are met.
 
{{Boxcomm|id=0x24|name=Unknown|data=1x uint64_t}}
SIO2 related
*Valid values found: 12000d, 48000d
 
{{Boxcomm|id=0x25|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x26|name=FPU Accurate ADD/SUB range|data=List <uint32_t Param,uint32_t Param>}}
Improves FPU accuracy for selected memory range. Efective only on:
ADD.s, SUB.s, ADDA.s, SUBA.s, MADD.s, MSUB.s, MADDA.s, MSUBA.s
For M(UL) opcodes, command is active only on ADD/SUB stage.
  [Bloodrayne 2] uses 0x340000, 0x350000
  [Gradius V] uses 0x3046E0, 0x0x305E44
Maximum Amount of Usage: 32 (if there is no additional 0x0F command)
 
{{Boxcomm|id=0x27|name=VU0 macromode accurate range|data=List <uint32_t Param,uint32_t Param>}}
Improves COP2 operations accuracy for selected memory range. Effective only for opcodes:
VSUBAxyzw, VSUBAq, VSUBAi, VSUBA, VSUBxyzw, VSUBq, VSUBi, VSUB, VMSUBAxyzw,
VMSUBAq, VMSUBAi, VMSUBA, VMSUBxyzw, VMSUBq, VMSUBi, VMSUB, VMADDAxyzw,
VMADDAq, VMADDAi, VMADDA, VMADDxyzw, VMADDq, VMADDi, VMADD, VADDAxyzw,
VADDAq, VADDAi, VADDA, VADDxyzw, VADDq, VADDi, VADD
Maximum Amount of Usage: 32 (if there is no additional 0x0F command)
Seems to affect only ADD/SUB part of opcode.
 
{{Boxcomm|id=0x28|name=Unknown|data=1x uint32_t}}
<=3
*Valid values found: 0, 1, 2, 3
 
{{Boxcomm|id=0x29|name=Unknown|data=2x uint32_t}}
Seek time modifier. Exact values meaning is unknown for now, they are used as multiplier. First param affect fast seek time, second param affect full seek time. Default value is 0x1F40, 0xBB80 (8000, 48000). Config affect only CDVD N Command Seek, read command that "SeekToSector" is not affected.
 
{{Boxcomm|id=0x2A|name=Unknown|data=N/A}}
Sets something 1.
All-Star Baseball 2004
 
{{Boxcomm|id=0x2B|name=Unknown|data=N/A}}
When enabled emulated register 0x1F40200F (disc type) is set to 0x13 (PS2CDDA) when media type detected by emu is 0x12 (PS2CD), confirmed in emu code/assembly. Ps2_emu do same thing in "Setting mecha HACK to show GODZCD as GODZCDDA", but due to real media support this is done in little bit different way (but still, 1F40200F is set to 0x13). During testing Dance Factory game, still no tracks are detected regardless of the command. Could be a netemu or Cobra issue (single, mixed mode .bin/.cue loaded).
Dance Factory
 
{{Boxcomm|id=0x2C|name=Unknown|data=1x uint32_t}}
Store (value | value << 32 | value << 64 | value << 96) on 0x2B4F0 of SPE 0 (IOP) LS.
In summoner config it will be 0x00000001000000010000000100000001 stored at 0x2B4F0.
Value is later used in clgt compare as rb register. Default seems to be 0x00000020000000200000002000000020.
Summoner uses 0x1
 
{{Boxcomm|id=0x2D|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x2E|name=Unknown|data=1x uint32_t}}
*Valid values found: 0x172
 
{{Boxcomm|id=0x2F|name=Unknown|data=1x uint32_t}}
Store value on 0x2E784 in SPE 1 (PS2 SPU2) LS. Used values are 1, and 2 (after andi, so 3 trigger both configs).
* Infamous Final Fantasy confirmation sound issue (in fact it does affect every sound effect using the reverb and only in the ps2_netemu) is fixed by 0x2 value.
Indigo Prophecy/Fahrenheit uses 0x1
Kengo 3 uses 0x2
 
{{Boxcomm|id=0x30|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x31|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x32|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x33|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x34|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x35|name=Enable Force Flip Field|data=N/A}}
Described in emu setting as "''Fix for [Hang] for soft-lock''"
 
{{Boxcomm|id=0x36|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x37|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x38|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x39|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x3A|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x3B|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x3C|name=N/A|data=N/A}}
Command not available in ps2_netemu.self
 
{{Boxcomm|id=0x3D|name=Config revision|data=1x uint32_t}}
Used by debug menu to print config revision. While every official and unofficial config use it, command is not mandatory. Debug menu will just print '''None''' as a config revision if command is missing. Official configs use this as a kind of debugging info to know minimal required emu revision.
 
{| class="wikitable" style="font-size:1em; line-height:1em"
|+Config commands supported by emulator revision
! Supported Commands !! ps2_netemu Revision !! PS3 Firmware
|-
|-
| No mipmapping support || Emulator does ignore the mipmap layers, probably for performance reasons. It is processing only the level 0 texture base pointer specified in the TEX0 register. There are games writing garbage data into that memory area, when the mipmap level is different than zero. As a result, a garbled texture is shown instead of a correct one. || Ace Combat series, Ape Escape 2, EA Sports F1 series, Harry Potter series, ICO (psuedo volumetric rays), Jak and Daxter series, Nickelodeon Barnyard and Nicktoons Unite (very strange implementation), Ratchet and Clank series and more.
| Up to 0x41 || 15686 || 3.70 or newer
|-
| Up to 0x43 || 16604 || 4.20 or newer
|-
| Up to 0x45 || 16808 || 4.30 or newer
|-
| Up to 0x46 || 16916 || 4.40 or newer
|-
| Up to 0x48 || 17041 || 4.45 or newer
|-
| Up to 0x4A || 17179 || 4.50 or newer
|-
| Up to 0x4D || 17277 || 4.55 or newer
|-
| Up to 0x50 || 17495 || 4.78 or newer
|}
See: [[PS2_Emulation#PS2 Emulator Types and Revisions|PS2 Emulator Types and Revisions]]
 
{{Boxcomm|id=0x3E|name=Unknown|data=N/A}}
Similar to 0x0D with param 0. Affect the same IOP related code path, but skips more code.
 
{{Boxcomm|id=0x3F|name=Unknown|data=1x uint32_t}}
Store value on 0x2B700 of SPE 0 (IOP) LS. SIF1 DMA related.
 
{{Boxcomm|id=0x40|name=Unknown|data=N/A}}
Command change GIF behavior by setting value to 1 at address 0x2F0 LS in SPU4.
Grand Theft Auto SA
Silent Hill Origins - unofficial fix
 
{{Boxcomm|id=0x41|name=Unknown|data=N/A}}
When enabled ignore D_ENABLEW (1000F590) writes from EE on SPE3 (EEDMA). D_ENABLER is updated regardless of cmd on PPE side. Enabling that command nullify 0x01 hooks for Max Payne!
Dragon Force
God Hand
Gradius V
Katamari Damacy
 
{{Boxcomm|id=0x42|name=EE Overlay patch|data=2 main Params + patch data: uint32_t address, uint32_t count, opcode,opcode,opcode...}}
Applied on game start (more precisely while executing ps2 bios syscall 7 ExecPS2), if game overwrite selected part of memory, it will wipe 0x42 patch. See [[Special:Diff/67828/67858]]
Start address can be (in theory) anywhere, but Sony used the 0xFF000 - 0xFFFFC range for this purpose.
Count is size of patch in 4 bytes opcodes. So 5 opcode patch = count 5.
Opcodes will be placed on selected address, we use only patch code, no need for original opcode.
Next opcode addresses are auto calculated (+4..) so we need to specify only patch start address.
Remember we need to jump to our new code, best way is command 0x0A with j (jump) opcode.
Also is important to add return jump if required. That one need to be added in our 0x42 patch.
Maximum opcodes count seems to be 0x3FF (1023 opcodes).
 
{{Boxcomm|id=0x43|name=Unknown|data=1x int32}}
Equal to command 0x40, but with Parameter:
Command change GIF behavior by setting value at address 0x2F0 LS in SPU4, correct values are:
0 = Default
1 = More agressive changes (like 0x40)
anything other = less agressive changes
Code on SPU side check for non zero value, and in few places explicitly for 1 (ceqi rxx,rxx,1) without mask.  
Config have weird behavior. When there is no param, and config end (no more bytes after 43 00 00 00), then param 0xFFFFFFFF is set automatically. 
Shin Sangoku Musou uses 0xFFFFFFFF
 
{{Boxcomm|id=0x44|name=Disables Smoothing and Smoothing option|data=N/A}}
 
{{Boxcomm|id=0x45|name=Unknown|data=N/A}}
Sets something 1
Prevent  display_mode 2 (CELL_GCM_DISPLAY_576_unk)        [640x576]
and      display_mode 0 (CELL_GCM_DISPLAY_480_unk) (60Hz?) [640x480]
from beign set.
Allow  display_mode 1 (CELL_GCM_DISPLAY_480_unk2) (59Hz?) [640x480]
and    display_mode 5 (CELL_GCM_DISPLAY_720P_59)          [1280x720]
depending on sys_info.video_mode & 0x200 is 0 or not.
Both 480 modes can be either I or P, so is something else, probably 59/60Hz.
This config possibly affect only in-emu UI, but this require testing.
Phantasy Star Complete Collection
 
{{Boxcomm|id=0x46|name=Enable L2H Improvement|data=N/A}}
Performance related setting for titles using L2H (Local to Host, so called GS download (from GS to  EE))
SMT Digital Devil Saga 1 - Crazy amount of GS downloads used to draw characters in-game
SMT Nocturne
Fatal Frame II
Other games affected (not in official config)
Soul Calibur 2 - When looking at the sun
GT4 - When looking at the sun
Valkyrie Profile 2 - Similar situation to SMT DDS1, in Solde game literally do thousands of 30QWC downloads all the time.
Tak and the Power of JuJu - Fix freeze during loading of the Burial Ground level in the NTSC version. This probably getting lucky with VIF1/GIF timing, normally command is not supposed to fix hang issues.
 
{{Boxcomm|id=0x47|name=Enables XOR CSR|data=N/A}}
Graphics related setting.<br>
XOR  bit 13 of GS CSR register (CSR.FIELD). Should fix fullscreen line corruption, maybe some interlacing issues. Long shot, but can possibly affect SCANMSK games.
 
{{Boxcomm|id=0x48|name=VSYNC Delay|data=2x uint32_t}}
*First param possible value are 1 = No IPU, 2 = IPU, 3 = Anytime.
*Second param is delay (in ms?), and can be also negative value.
**Emu has standard presets for second param.
***Agressive = 0x3D090 (250000 decimal),
***Normal = 0x186A0 (100000 decimal),
***Conservative = 0x4E20 (20000 decimal),
***But other values can be used.
[SMT Digital Devil Saga 1] uses 1, 0x3D090
[Fatal Frame II] uses 0x2, 0xFFFFE69C (-6500 decimal)
 
{{Boxcomm|id=0x49|name=Unknown|data=N/A}}
Skip part of code which use GS XYOFFSET_1 register, possibly ignore it at all. 
Trapt
 
{{Boxcomm|id=0x4A|name=Unknown|data=N/A}}
Change VIF1 command 14h MSCAL behavior to use 15h MSCALF (VIF1) instead. MSCALF behavior is the same as MSCAL, but also waits for PATH1 and PATH2 to not be active before starting a microprogram. This is hack, and MSCAL should be fixed instead to wait in queue instead of triggering early.
Applies to the Snowblind Engine games. Fixes the rest of flickering textures.
Meant to be used in conjunction with the GX/SOFT Snowblind Engine's specific commands (double 0x01 and 0x23 combo).
 
{{Boxcomm|id=0x4B|name=Redirect SAVEDATA by ID|data=2x uint32_t + ID: offset, int, char[]}}
For proper config we need at least 2 (can be more if needed) 0x4B commands, one to enable redirect, one to disable.
First param is EE memory offset that when is hit enable/disable redirection.
Second param is used to select which card will be redirected:
  0x00 do nothing
  0x01 for SCEVMC0.VME
  0x02 for SCEVMC1.VME
  0x03 for SCEVMC0.VME and SCEVMC1.VME
  0xFFFFFFFF to disable redirection, and use original VMEs.
Third param is ID of SAVEDATA we want to use padded with 00 to match 12 bytes, or all 00 in disable redirect config.
Important note here is that config have own 00 00 00 00 terminator at the end.
So after 12 bytes of ID we need to add 4 bytes of 00. That apply also to disable redirect version.
Under the hood config also setup 0x01 hook commands with 0x39 subcommand on selected addresses.
 
{{Boxcomm|id=0x4C|name=Unknown|data=2x uint32_t + ID: offset, int, char[]}}
Used to redirect to different ISO without game reset. First param is EE offset to hook, second param is some kind of mode selector, depending on that
emulator later set mecha switch disc state:
  mode 0x01 = set disc switch state to 1 (on next mecha main loop it will emulate opening the tray).
  mode 0x02 = set disc switch state to 3.
  mode 0x03 = set disc switch state to 3. This state repeats because it work different way depending that emulated tray is closed or no.
  mode 0x04 = set disc switch state to 2.
  mode anything else = do nothing.
Third value is ID in big endian hex ascii (eg. NPJD12345), additionally 0x4C expect own 00 00 00 00 terminator. To eventually end redirection use
another 0x4C but with (offset, 0xFFFFFFFF, 4 * 0x00000000 . This config have very similar usage to 0x4B, just redirect to different iso, instead to
different MC. Currently is unknown that cobra patched emulators support that config properly, and swap disc thru 0x00 command seems to be easier.
This config don't work if 0x00 multidisc config is detected. Config under the hood setup 0x01 hooks with subcommand 0x3A
 
{{Boxcomm|id=0x4D|name=Unknown|data=1x uint32_t}}
Param is floating point value. Default value 0.
if Q in GS RGBAQ write is 0.0 or -0.0 then
    Q = Q | value from config
else
    Q = Q
 
Wild Arms: The Fifth Vanguard uses 0x3F800000 (1.0)
 
{{Boxcomm|id=0x4E|name=Unknown|data=Unknown}}
 
{{Boxcomm|id=0x4F|name=Unknown|data=Unknown}}
 
{{Boxcomm|id=0x50|name=Enable pressure sensitive controls|data=N/A}}
 
===Config file examples (for netemu)===
 
====Official PS2 Classic====
See: [[PS2 Official Configs]]
 
====Official GXEMU/SOFTEMU extracted====
See: [[PS2 Official Configs]]
 
==== Custom Configs ====
See: [[PS2 Custom Configs]]
 
===Config data examples (hardcoded)===
====Inside ps2_emu.self====
Embedded patches are based on Checksum/Hash of title. ps2_emu is only emulator version where patches are described inside self file in ascii. Known patch types described in ascii are: Patch data, new SPU2 params, and Setting mecha HACK to show GODZCD as GODZCDDA.
 
{| class="wikitable sortable"
! PS2 Title !! Hash !! Game !! Patch Type !! Data
|-
| SCUS_971.46|| 0x6B1ADE00D||Disney's Treasure Planet || Patch data - Fixes black screen at start, it apply to STREAM_D.IRX file in IOP folder. || 0x147C (sector) , 0x580 (offset) (- 0xC on disc)
Replace opcodes
00 01 01 3C lui at,0x0100
80 BF 03 3C lui v1,0xBF80
C8 10 63 8C lw v1,0x10C8(v1)
24 18 61 00 and v1,at
FB FF 61 10 beq v1,at, -0x10
00 00 00 00 nop
Original opcodes
FF FF 01 24 li at,-0x1
04 00 61 14 bne at,v1, +0x14
00 80 01 3C lui at,0x8000
02 00 41 14 bne at,v0, +0x0C
00 00 00 00 nop
0D 00 06 00 break 
|-
|SLUS_201.74 ||0x23D92589C5|| Rumble Racing || Patch data - fixes black screen after Playstation 2 logo. Patch apply to AUDIO.IRX file in MODULES folder || 0x3AEDA (sector), 0x120 (offset)
Replace opcodes
06 00 80 14 bnez a0, +0x1C
21 20 43 00 addu a0,v0,v1
21 10 A0 00 move v0,a1
02 00 A0 14 bnez a1, +0x0C
00 00 00 00 nop
01 00 05 24 li a1,0x1
EB FF 40 10 beqz v0, -0x50
04 00 84 24 addiu a0,0x4
FC FF 90 24 addiu s0,a0,-0x4
Original opcodes
07 00 80 14 bnez a0, +0x20
21 80 43 00 addu s0,v0,v1
21 10 A0 00 move v0,a1
02 00 A0 14 bnez a1, +0x0C
00 00 00 00 nop
01 00 05 24 li a1,0x1
FC FF 40 10 beqz v0, -0x0C
00 00 00 00 nop
04 00 04 26 addiu a0,s0,0x4
|-
|SLUS_211.96||0x24D92589D5|| Indigo Prophecy || new SPU2 params || 1
|-
|SLPM_661.93||0x608634992D|| <abbr title="https://www.gamefaqs.com/ps2/544598-indigo-prophecy/data">Fahrenheit (NTSC-J)</abbr> || new SPU2 params || 1
|-
|SLUS_212.96||0x5CA15DF14D|| Dance Factory ||Setting mecha HACK to show GODZCD as GODZCDDA ||
|}
 
====Inside ps2_gxemu.self/ps2_softemu.self====
There are hundreds of configs hidden in ps2_gxemu, and ps2_softemu self files. Internal config structure is basing on custom hash based on Title ID, internal memory offset pointing to place where true patch instruction is, and count of used commands. When disc/iso is started emulator search for configs, and if config for selected ID exist, then emulator apply it by itself. Is not perfect way of applying patches, because some games use the same ID, but different content. Good example here is Star Wars Battlefront II SLUS-21240, where some versions of game can refuse to work because it apply bad patch.
 
{| class="wikitable sortable"
! PS2 Title !! Hash !! Game !! Patch Type !! Data
|-
|  ||  ||  ||  || 
|}
 
==Known Emulation Bugs==
This list known bugs inside emulator code that make emulation inaccurate. Since those are only EE side bugs for now, ps2_gxemu/ps2_netemu/ps_softemu share the same issues.
{| class="wikitable sortable"
! Bug !! Description !! Known Affected Games
|-
| Missing Emotion Engine Data Cache emulation || Emulating that is literally not possible without making games run at 3 fps. Fixed by patches to game image, or EE code. Instruction Cache (not Data) seems to be implemented, at least partially. || Ice Age 2, DOA2: Extreme, Nascar 2009.
|-
| Branch delay slot violation not supported on EE || Some games have Branch instruction inside Branch delay slots, this is not emulated correctly on EE (VU have proper emulation of that). This is patched in configs by rearangging MIPS code. || WRC 3,4,Rally Evolved, one of Action Replay discs. 
|-
| Unmapped write only EE memory (confirmed only for SIF) || Reads/Writes to 0x2000000+ shouldn't throw bus error on dma transfers. Write should be performed as successful, memory should stay unchanged. Reads should return 0. || Games developed by In Utero, while creating initial save file, send DMA where address is EE stack pointer. At the time of transfer start $sp is too high, and requested transfer size make MADR overflow above 0x2000000 at some point. This is game bug, and happen also on real hardware. Fixed by config.
|-
| VIF bugs || There is no correct timing, and queuing for some VIF commands like MSCAL. || Snowblind Engine games. Probably more.
|-
| XGKick is instant || Some games expect to XGKick happen few cycles in future, on PS3 is done instant. Fixed by config 0x07 which delay XGKick by selected value || WRC series, Wakeboarding Unleashed, TriAce games, World of Outlaws - Sprint Cars, Ty - The Tazmanian Tiger, dot Hack - G.U. series, and more
|-
| COP2 instructions are instant || Some games rely on fact that COP2 operations can take some time, on PS3 emulators they are done instantly due to lack of correctly emulated pipeline Patched by rearranging mips code || FFX, FFX-2, Ghost in The Shell SAC, Ace Combat series, Sprint Cars 1/2, Black, Run Like Hell, Everblue 2, Dragon Quest - Shounen Yangus no Fushigi na Daibouken, and many more
|-
| VU0 is not running in sync with EE core || VU0 is running program "at once", which mean that VU0 run until it hits E bit. From EE perspective it looks like whole VU0 program run in 1 cycle. Games that expect VU0 registers to be changed from EE side while VU0 is running are broken due to that. Partially resolved using 0x12 command with 2/3 subcommands, or by code rearranging.|| 24 The Game, ATV Quad Power Racing 2, Twisted Metal Head-On, Primal, Ghosthunter, Rayman Arena, Rayman 3, Largo winch. All games using M-bit.
|-
| M-Bit not supported || Emulator ignore VU0 M-Bit, that cause issues for games that need it to work correctly. This is done because there is no way to sync correctly running VU0 without sync with EE. Partially resolved on emu using 0x12 command with 2/3 subcommands, or direct VU0/MIPS code rearranging. || Totally Spies! Totally Party, Mike Tyson Heavyweight Boxing, My Street, Crash Twinsanity, Marvel Nemesis, Panzer Elite Action - Fields of Glory, TriAce games (speed optimizations only), Super Monkey Ball Adventure, most Eko Software games, and many more.
|-
| T-Bit not supported on VU0 || Emulator ignore VU0 T-Bit, that cause issues for games that need it to work. Note: T-Bit is correctly handled for VU1. || Spiderman 3 set T-Bit, then do cfc2 from TPC (address where VU0 stopped). Since T-Bit is ignored, TPC is wrong. Value is later copied to CMSAR0, and program continue at wrong address. Well that's what should happen, but T-Bit also not signalize correct bit in VPU-STAT. Causing another issue, also in Spiderman 3.
|-
| Emulator do not update correct flag instances for COP2 while ending VU0 program on Ebit || This cause few games to read bad flag status (not status flag!) on COP2. This is resolved on emu by forcing update of MAC flag on every STATUS flag read (by config 0x12), this cause slowdowns creating a lot of unnecessary operations. || Driving Emotion Type-S, State of Emergency 2, The Getaway Black Monday.
|-
| Not updated status flag when VDIV/VSQRT/VRSQRT is done on COP2 || Potential bad flag state can cause a lot of issues that are not related on first sight || Yanya Caballista (already patched by custom config)
|-
| In corner cases emu select wrong block flags pipeline state (both VU0/EEonBE and VU1/VRC affected). || This can cause various issues, mostly SPS, missing graphic, specific slowdowns, etc. Issue seems to occur when branch/jump delay slot have opcode important for flags calculation. Theory is that cached microprogram don't include modified flags state from delay slot instruction. So when already recompiled program is fetched from pool, it will miss one cycle in fmac flags pipeline. This can be crucial in games that rely on it. || Tales of Legendia and Klonoa 2 set sticky flag bits to 0 and branch with sub.xyzw in delay slot (expecting that sub change status flag), Tamsoft engine games set sticky bits to 0 in branch delay slot, this was most ridiculous bug, because problematic branch was pointing to next opcode after delay slot, removing branch was enough. True Crime: NY is only known game where VU0 is affected by this bug. more..
|-
| CTC2 opcode write whole value to R register, while only 23 bits are writable. Rest is hardcoded to 0x3F800000. || Can cause many weird issues like broken physics, broken graphics. PCSX2 was also affected [[https://github.com/PCSX2/pcsx2/pull/6611 more]]. || The one game that is known to be affected, and is already patched, is Musashi: Samurai Legend.
|-
| CFC2 from R register should return only 23 lower bits. || CFC2 from R on real PS2 return only lower 23 bits. Originally found out by PCSX2 team  [[https://github.com/PCSX2/pcsx2/pull/8409 more]] and later confirmed to affect ps2_netemu in emu assembly. || There is only one game that is known to be affected, Onimusha Dawn of Dreams.
|-
| Missing floating point result overflow/underflow detection (U/O flags not set) || Since this affect all units (FPU/VU), many issues can occur. But in reality it seems to not affect any games. While this is easier to implement than on x86 system (full floats range, compared to ieee754), there is no way to do that by hardware way. Because SPU add/sub don't set those flags on single precision operations, and vmx have them disabled in spu compatibility mode. || Superman Returns.
|-
| DMA between SPR and VU1 memory cause emulator panic. || Currently cause is unknown. It seems that functions responsible for transfer don't check that VU is running. Manual state that dma can be performed only when VU is not active, and pcsx2 wait until VU end. Games affected in emulators on ps3 display this warning in pcsx2 if mtvu is enabled: "MTVU: SPR Accessing VU1 Memory". Affected games are fixed by rearranging code to do lq/sq loop instead of DMA. || Summoner 2 (SPRfrom to VU1 data mem), Kaena (SPRto from VU1 data mem).
|-
| IOP SIF0/1 DMA IRQs can be disabled (masked), which is not true on real hardware. || IOP interrupts 0x2A and 0x2B should always trigger. Fixed by patches to IOP code. Ps2_emu seems to be unfacted, probably handled on real hw in CXD9208GP. || Knockout Kings 2001, DOA2: Hardcore.
|}
===Software emulation bugs===
Related to the GS emulation issues mostly. Apply to the ps2_netemu especially.
{| class="wikitable sortable"
! Bug !! Description !! Known Affected Games
|-
|-
| SCANMSK register ignored || Emulator does ignore the SCANMSK setting responsible for restricting the drawing primitives on the odd or even lines. It is used as a fake transparency effect in some games by merging the two display circuits. || Metal Gear Solid series (water and reflection effects), Gran Turismo series (ghost cars), Raw Danger! (depth of field effect)
| No mipmapping support || Emulator does ignore the mipmap layers, probably for performance reasons. It is processing only the level 0 texture base pointer specified in the TEX0 register. There are games writing a garbage data into that memory area, when the mipmap level is different than zero. As a result, a garbled texture is shown instead of a correct one. || Ace Combat series, Ape Escape 2, EA Sports F1 series, Harry Potter series, ICO (psuedo volumetric rays), Jak and Daxter series, Nickelodeon Barnyard and Nicktoons Unite (very strange implementation), Ratchet and Clank series and more.
|-
|-
| Missing PCRTC feedback write support || PCRTC feature that writes back the image to the frame buffer is not supported or broken. Additional RGB to YCbCr conversion could be performed there. || Xenosaga Episode I: Der Wille zur Macht (black and white cut scenes)
| SCANMSK register ignored || Emulator does ignore the SCANMSK setting responsible for restricting the drawing primitives on the odd or even lines. It is used as a fake transparency effect in some games by merging the two display circuits. || Metal Gear Solid series (heavy used in the MGS2 on the water and reflection effects), Gran Turismo series (ghost cars), Raw Danger! (depth of field/tonemapping effect)
|-
|-
|}
|}
Line 2,611: Line 3,309:
* http://wiki.pcsx2.net/index.php/Category:Software_rendering_only_games
* http://wiki.pcsx2.net/index.php/Category:Software_rendering_only_games


{{Reverse engineering}}<noinclude>
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
[[Category:Main]]
</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)