Editing PS2 Emulation
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 3: | Line 3: | ||
Emulation of Playstation 2 is currently handled by 3 kind of emulators. CECH-A/B models use ps2_emu.self able to use built-in PS2 hardware (EE/GS/Rambus memory), and have best compatibility. CECH-C/E use ps2_gxemu, this emulator use physical Graphic Synthesizer found in this ps3 model, but Emotion Engine is fully emulated here, also there is no Rambus memory. All other models emulate PS2 thru fully software based ps2_netemu used for ps2 classics, and hacked now to use decrypted ISO files. Earlier before Sony provided ps2 classics on PS Store there was another soft only emulator strongly based on ps2_gxemu. It was called ps2_softemu, and had support for original PS2 CDVD. Only emulator not able to run physical discs is ps2_netemu. | Emulation of Playstation 2 is currently handled by 3 kind of emulators. CECH-A/B models use ps2_emu.self able to use built-in PS2 hardware (EE/GS/Rambus memory), and have best compatibility. CECH-C/E use ps2_gxemu, this emulator use physical Graphic Synthesizer found in this ps3 model, but Emotion Engine is fully emulated here, also there is no Rambus memory. All other models emulate PS2 thru fully software based ps2_netemu used for ps2 classics, and hacked now to use decrypted ISO files. Earlier before Sony provided ps2 classics on PS Store there was another soft only emulator strongly based on ps2_gxemu. It was called ps2_softemu, and had support for original PS2 CDVD. Only emulator not able to run physical discs is ps2_netemu. | ||
Emulators are self files, but not typical one. Emulators are not truly PS3 Game OS elf executables, but Guest OS'es running on LV1 of PS3. This mean that LV2, or more friendly Game OS is unloaded before emulator is loaded. This also mean that while emulators are running we can't call any LV2 function. Also LV1 syscalls are limited to call from all emulators, but can be fully unlocked. | Emulators are self files, but not typical one. Emulators are not truly PS3 Game OS elf executables, but Guest OS'es running on LV1 of PS3. This mean that LV2, or more friendly Game OS is unloaded before emulator is loaded. This also mean that while emulators are running we can't call any LV2 function. Also LV1 syscalls are limited to call from all emulators, but can be fully unlocked. | ||
All emulators use built-in stripped developement version of PS2 BIOS with disabled debug functions that can affect some games. This is done because some games print debug info on screen when found that are run on dev bios. Bios between ps2_emu, and ps2_gxemu/ps2_netemu are different. Ps2_emu BIOS is able to run only on ps2emu version of emulator due to RDRAM check. | All emulators use built-in stripped developement version of PS2 BIOS with disabled debug functions that can affect some games. This is done because some games print debug info on screen when found that are run on dev bios. Bios between ps2_emu, and ps2_gxemu/ps2_netemu are different. Ps2_emu BIOS is able to run only on ps2emu version of emulator due to RDRAM check. | ||
PS3 models without Emotion Engine unit use "SPE-compatible SIMD graphics-rounding mode for VMX/Altivec Instructions" for FPU, and VU0 emulated floats calculations. This is set on emulator init by HV call 97 with param 1. VU1 actually run at SPE core so no compatibility mode need (or can) to be set. SPE compatible mode for PPE mean that rounding mode is set as round to zero, denormals are treated as zero, and there are no infinities or NaNs. So | PS3 models without Emotion Engine unit use "SPE-compatible SIMD graphics-rounding mode for VMX/Altivec Instructions" for FPU, and VU0 emulated floats calculations. This is set on emulator init by HV call 97 with param 1. VU1 actually run at SPE core so no compatibility mode need (or can) to be set. SPE compatible mode for PPE mean that rounding mode is set as round to zero, denormals are treated as zero, and there are no infinities or NaNs. So literally what PS2 VU was originally. Although SPE, and PPE SPE compatibility mode can still be inaccurate comparing to PS2. Good example here are TriAce games, or Castlevania COD where SPE calculation is wrong by 1 bit making games unplayable without patch. This is due to some PS2 math algo specific inaccuracies in FPU/VU implementation that are not present on any other hardware. | ||
Note: | Note: | ||
* not available in early Tool/DECR and Debug/DEX firmwares. But available in AV TOOL firmware since 1.00 | * not available in early Tool/DECR and Debug/DEX firmwares. But available in AV TOOL firmware since 1.00 | ||
* Emulation is based on a SCPH-50000/SCPH-20401 Playstation 2 Model. | * Emulation is based on a SCPH-50000/SCPH-20401 Playstation 2 Model. | ||
* [ | * [http://unina.stidue.net/Universita'%20di%20Trieste/Ingegneria%20Industriale%20e%20dell'Informazione/Tuzzi/Architetture_Avanzate_dei_Calcolatori/Emotion_2.pdf Introduction to PlayStation2 Architecture.pdf] | ||
* ps2tek docs - https://psi-rockin.github.io/ps2tek/ | * ps2tek docs - https://psi-rockin.github.io/ps2tek/ | ||
==PS2 emulators workload comparison== | ==PS2 emulators workload comparison== | ||
{{PS2 emulators workload comparison}} | {{PS2 emulators workload comparison}} | ||
Note: Apparently ps2_gxemu SPU layout changed at some point (maybe ps2_emu too), and above table is not accurate for latest emu versions.<br> | |||
0-6 layout for ps2_gxemu currently look like this: IOP, SPU2, IPU, VU1, EEDMA, GSGIF, UNK(probably isolation). | |||
==PS2 Emulator Types and Revisions== | ==PS2 Emulator Types and Revisions== | ||
Line 135: | Line 137: | ||
|} | |} | ||
<span style="font-size:small"> | <span style="font-size:small"> | ||
{{ | {{widedot}}'''Decrypted (elf)''': changes <abbr title="when comparing two decrypted files of the same revision from different firmwares the only difference is the build label">every firmware version</abbr><br> | ||
{{ | {{widedot}}'''<abbr title="0x20 bytes">Build label</abbr>''': yes, with timestamp, search for '''ps2ver:'''<br> | ||
{{ | {{widedot}}'''Target Firmware''': no/unknown<br> | ||
{{ | {{widedot}}'''Revision''': unknown | ||
</span> | </span> | ||
</div> | </div> | ||
Line 203: | Line 205: | ||
|} | |} | ||
<span style="font-size:small"> | <span style="font-size:small"> | ||
{{ | {{widedot}}'''Decrypted (elf)''': changes <abbr title="when comparing two decrypted files of the same revision from different firmwares there are no differences">every emu revision</abbr><br> | ||
{{ | {{widedot}}'''<abbr title="0x20 bytes">Build label</abbr>''': no/unknown<br> | ||
{{ | {{widedot}}'''Target Firmware''': no/unknown<br> | ||
{{ | {{widedot}}'''Revision''': unknown | ||
</span> | </span> | ||
</div><div style="float:left; width:24%;"> | </div><div style="float:left; width:24%;"> | ||
Line 259: | Line 261: | ||
|} | |} | ||
<span style="font-size:small"> | <span style="font-size:small"> | ||
{{ | {{widedot}}'''Decrypted (elf)''': changes <abbr title="when comparing two decrypted files of the same revision from different firmwares there are no differences">every emu revision</abbr><br> | ||
{{ | {{widedot}}'''<abbr title="0x20 bytes">Build label</abbr>''': no/unknown<br> | ||
{{ | {{widedot}}'''Target Firmware''': no/unknown<br> | ||
{{ | {{widedot}}'''Revision''': unknown | ||
</span> | </span> | ||
</div><div style="float:left; width:24%;"> | </div><div style="float:left; width:24%;"> | ||
Line 317: | Line 319: | ||
|} | |} | ||
<span style="font-size:small"> | <span style="font-size:small"> | ||
{{ | {{widedot}}'''Decrypted (elf)''': changes <abbr title="when comparing two decrypted files of the same revision from different firmwares there are no differences">every emu revision</abbr><br> | ||
{{ | {{widedot}}'''<abbr title="0x20 bytes">Build label</abbr>''': yes, without timestamp, search for '''build r'''<br> | ||
{{ | {{widedot}}'''Target Firmware''': included in the build label<br> | ||
{{ | {{widedot}}'''Revision''': yes, <abbr title="the location can be seen by comparing 4.23 (value 0x40DC) with 4.25 (value 0x4164) at offset 0x3E4BA in both">'''one''' time</abbr>, and included in the build label | ||
</span> | </span> | ||
</div> | </div> | ||
Line 421: | Line 423: | ||
===LIMG Segment=== | ===LIMG Segment=== | ||
The ISO.BIN.ENC | The ISO.BIN.ENC have a block of 0x4000 bytes added at the end codenamed "LIMG" that works as a descriptor of the ISO structure | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 480: | Line 482: | ||
===Video Modes=== | ===Video Modes=== | ||
'''Note:''' Real PS2 : | '''Note:''' Real PS2 : http://users.neoscientists.org/~blue/ps2videomodes.txt | ||
Video Modes | Video Modes | ||
Line 625: | Line 627: | ||
Used in function that start SPU programs, and in interrupts handlers, plus in few other places. | Used in function that start SPU programs, and in interrupts handlers, plus in few other places. | ||
|- | |- | ||
| 0x5400C || SPU_Sig_Notify_1 || SPU Signal Notification 1 Register || Read/Write || Used to write data that can be read in SPU_RdSigNotify1 channel corresponding SPE. | | 0x5400C || SPU_Sig_Notify_1 || SPU Signal Notification 1 Register || Read/Write || Used to write data that can be read in SPU_RdSigNotify1 in channel corresponding SPE. | ||
|- | |- | ||
| | | 0x5400C || SPU_Sig_Notify_2 || SPU Signal Notification 2 Register || Read/Write || Used to write data that can be read in SPU_RdSigNotify2 in channel corresponding SPE. | ||
|- | |- | ||
|} | |} | ||
Line 942: | Line 944: | ||
===ps2_netemu.self=== | ===ps2_netemu.self=== | ||
#BD Remote Control | #BD Remote Control | ||
#PLAYSTATION(R)3 Controller (Vendor ID 0x54C, Product ID 0x268), | #PLAYSTATION(R)3 Controller (Vendor ID 0x54C, Product ID 0x268), | ||
Line 954: | Line 953: | ||
#Vendor ID 0xF0D (Hori), Product ID 0x4A | #Vendor ID 0xF0D (Hori), Product ID 0x4A | ||
#Vendor ID 0x54C (Sony), Product ID 0x5AF | #Vendor ID 0x54C (Sony), Product ID 0x5AF | ||
==BIOS== | ==BIOS== | ||
Line 1,021: | Line 1,015: | ||
| ADDDRV || 0x85E960 || 0x3DF60 || Adds support for the DVD ROM (rom1:), via ROMDRV. || ELF | | ADDDRV || 0x85E960 || 0x3DF60 || Adds support for the DVD ROM (rom1:), via ROMDRV. || ELF | ||
|- | |- | ||
| STDIO || | | STDIO || 0x85DDC0 || 0x3D3C0 || Standard I/O library. || ELF | ||
|- | |- | ||
| SIFMAN || 0x85F9B0 || 0x3EFB0 || SIF manager. || ELF | | SIFMAN || 0x85F9B0 || 0x3EFB0 || SIF manager. || ELF | ||
Line 1,051: | Line 1,045: | ||
| RDRAM || 0x861A00 || 0x41000 || Provides a RDRAM test for the EE at power-on. This is run from RESET. || BIN | | RDRAM || 0x861A00 || 0x41000 || Provides a RDRAM test for the EE at power-on. This is run from RESET. || BIN | ||
|- | |- | ||
| EELOADCNF || 0x864750 || 0x43D50 || Contains the IOP boot configuration file for EELOAD. || BIN | |||
| EELOADCNF || | |||
|- | |- | ||
| SIFCMD || 0x864900 || 0x43F00 || SIF command module. Contains the SIF command and SIF RPC functions. || ELF | | SIFCMD || 0x864900 || 0x43F00 || SIF command module. Contains the SIF command and SIF RPC functions. || ELF | ||
Line 1,078: | Line 1,070: | ||
|- | |- | ||
| - || 0x87FE20 || 0x5F420 || || BIN | | - || 0x87FE20 || 0x5F420 || || BIN | ||
|- | |- | ||
| MCSERV || 0x881D40 || 0x61340 || RPC server for MCMAN. || ELF | | MCSERV || 0x881D40 || 0x61340 || RPC server for MCMAN. || ELF | ||
Line 1,089: | Line 1,079: | ||
| - || 0x8866C0 || 0x65CC0 || || BIN | | - || 0x8866C0 || 0x65CC0 || || BIN | ||
|- | |- | ||
| KROM || | | KROM || 0x886A00 || 0x66000 || Kanji ROM? Not sure where this is used. || BIN | ||
|- | |- | ||
| - || 0x8A0870 || 0x7FE70 || || BIN | | - || 0x8A0870 || 0x7FE70 || || BIN | ||
Line 1,194: | Line 1,184: | ||
*Notes | *Notes | ||
**List of PS2 disc games compatibles with PS3 HDD installation hardcoded in '''dev_flash/vsh/module/[[game_ext_plugin]].sprx''' | **List of PS2 disc games compatibles with PS3 HDD installation hardcoded in '''dev_flash/vsh/module/[[game_ext_plugin]].sprx''' | ||
** | **Virtuall PS2 HDD support module '''dev_flash/vsh/module/[[libps2hdd]].sprx''' ? | ||
===PS2 System Data (PSN HDD Tool package)=== | ===PS2 System Data (PSN HDD Tool package)=== | ||
Line 1,276: | Line 1,266: | ||
In PS2 Emulator same Title IDs are present with following information: | In PS2 Emulator same Title IDs are present with following information: | ||
SLPS25200 FINAL FANTASY XI : | SLPS25200 FINAL FANTASY XI : 0x100000000 (4 GB?) | ||
SCUS97269 FINAL FANTASY XI : | SCUS97269 FINAL FANTASY XI : 0x300000000 (12GB?) | ||
SLPM65981 Front Mission Online : | SLPM65981 Front Mission Online : 0x100000000 (4 GB?) | ||
SLPM65197 Nobunagas Ambition Online : | SLPM65197 Nobunagas Ambition Online : 0x200000000 (8 GB?) | ||
==Emulators management from GameOS== | ==Emulators management from GameOS== | ||
Line 1,289: | Line 1,279: | ||
===ps2_netemu syscalls === | ===ps2_netemu syscalls === | ||
Vector at 0xC00 address. | Vector at 0xC00 address. | ||
0x00 - | 0x00 - 0 = exec smth, | ||
1 = 0x132 lv1 panic | 1 = 0x132 lv1 panic | ||
2 = 0x133 lv1 panic | 2 = 0x133 lv1 panic | ||
Line 1,302: | Line 1,285: | ||
4 = 0x135 lv1 panic | 4 = 0x135 lv1 panic | ||
else = 0x136 lv1 panic | else = 0x136 lv1 panic | ||
0x03 - Enable additional code related to VU0/COP2 | |||
0x03 - Enable additional code related to VU0/COP2 | |||
3 = Patch 0x186C10 to NOP | 3 = Patch 0x186C10 to NOP | ||
4 = Patch 0x186C40 to NOP | 4 = Patch 0x186C40 to NOP | ||
anything else = LV1 panic | anything else = LV1 panic | ||
0x05 - External | 0x05 - External interrupt disable (48 bit in MSR) | ||
0x06 - External | 0x06 - External interrupt enable (48 bit in MSR) with param 0x8000, otherwise do nothing. | ||
0x0C - exec smth | |||
0x10 - lv1 panic | |||
0x0C - | |||
0x10 - lv1 panic | |||
0x800000XX - HV Syscall where XX is syscall nr. | 0x800000XX - HV Syscall where XX is syscall nr. | ||
else (other syscalls) - jump to 0x12670 (FW4.78 - current) for HW_0 | else (other syscalls) - jump to 0x12670 (FW4.78 - current) for HW_0 | ||
Line 1,420: | Line 1,379: | ||
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;" | {| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;" | ||
|- bgcolor="#cccccc" | |- bgcolor="#cccccc" | ||
! Name !! Auth ID !! Self<br />(/dev_flash/ps2emu) | ! Name !! Auth ID !! Self<br />(/dev_flash/ps2emu) !! Notes | ||
|- | |- | ||
| PS2_LPAR || 0x1020000003000001 || rowspan="2" | ps2_emu.self | | | PS2_LPAR || 0x1020000003000001 || rowspan="2" | ps2_emu.self || | ||
|- | |- | ||
| *SCE_CELLOS_SYSTEM_MGR_PS2 || 0x107000001D000001 | | *SCE_CELLOS_SYSTEM_MGR_PS2 || 0x107000001D000001 || | ||
|- | |- | ||
| PS2_GX_LPAR || 0x1020000003000001 || rowspan="2" | ps2_gxemu.self | | | PS2_GX_LPAR || 0x1020000003000001 || rowspan="2" | ps2_gxemu.self || | ||
|- | |- | ||
| *SCE_CELLOS_SYSTEM_MGR_PS2_GX || 0x107000001D000001 | | *SCE_CELLOS_SYSTEM_MGR_PS2_GX || 0x107000001D000001 || | ||
|- | |- | ||
| PS2_SW_LPAR || 0x1020000003000001 || rowspan="2" | ps2_softemu.self | | | PS2_SW_LPAR || 0x1020000003000001 || rowspan="2" | ps2_softemu.self || | ||
|- | |- | ||
| *SCE_CELLOS_SYSTEM_MGR_PS2_SW || 0x107000001D000001 | | *SCE_CELLOS_SYSTEM_MGR_PS2_SW || 0x107000001D000001 || | ||
|- | |- | ||
| PS2_NE_LPAR || 0x1020000003000001 || rowspan="2" | ps2_netemu.self || | | PS2_NE_LPAR || 0x1020000003000001 || rowspan="2" | ps2_netemu.self || | ||
|- | |- | ||
| *SCE_CELLOS_SYSTEM_MGR_PS2_NE || 0x107000001D000001 | | *SCE_CELLOS_SYSTEM_MGR_PS2_NE || 0x107000001D000001 || | ||
|- | |- | ||
|} | |} | ||
===Getting compatibility hardware info=== | ===Getting compatibility hardware info=== | ||
Line 1,466: | Line 1,420: | ||
In short, the "game configs" can modify the game image (by patching it) and can be used to configure the virtual PS2 (the emulated machine). And can be loaded from hardcoded data (inside the .self) or from an external file (this feature is supported only by ps2_netemu.self). Maximum CONFIG size for ps2_netemu is 16384 bytes. | In short, the "game configs" can modify the game image (by patching it) and can be used to configure the virtual PS2 (the emulated machine). And can be loaded from hardcoded data (inside the .self) or from an external file (this feature is supported only by ps2_netemu.self). Maximum CONFIG size for ps2_netemu is 16384 bytes. | ||
The config data consists in a list of concatenated values of 8 bytes length (uint32_t), and can be processed like this: | |||
union{ | |||
uint32_t command | |||
...data... | |||
} | |||
===Config Commands=== | ===Config Commands=== | ||
ps2_netemu.self fw4.50 sub_12D7D8, fw4.81 sub_12E050 | |||
params are uint32_t unless noted. | |||
If you want to read some speculation and brainstorming about them, please join the {{talk}} page | |||
At the time of writing this, most of the commands are completely or partially unknown.<br /> | |||
If you want to read some speculation and brainstorming about them, please join the {{talk}} page | |||
<div> | |||
<div style="float:top; text-align:center;">'''PS2 Emulators Config Commands Overview'''</div> | |||
<div style="float:left; width:50%;"> | |||
<div style="float:right; padding-right:5px;"> | |||
{| class="wikitable" style="font-size:85%; line-height:100%; text-align:center" | {| class="wikitable" style="font-size:85%; line-height:100%; text-align:center" | ||
| | |- | ||
! rowspan="2" | Command Name !! colspan="3" | Command ID !! rowspan="2" style="padding:1px" | Max<br>Usage !! colspan="4" | Command Data | ! rowspan="2" | Command Name !! rowspan="36" style="padding:0px" | || colspan="3" | Command ID !! rowspan="36" style="padding:0px" | || rowspan="2" style="padding:1px" | Max<br>Usage !! rowspan="36" style="padding:0px" | || colspan="4" | Command Data | ||
|- | |- | ||
! style="padding:1px" | gxemu !! style="padding:1px" | softemu !! style="padding:1px" | netemu !! Length !! colspan="3" | Params | ! style="padding:1px" | gxemu !! style="padding:1px" | softemu !! style="padding:1px" | netemu !! Length !! colspan="3" | Params | ||
Line 1,486: | Line 1,452: | ||
| 0x00 || 0x00 || 0x01 | | 0x00 || 0x00 || 0x01 | ||
| 3 ? || style="text-align:left" | 2 * uint32_t | | 3 ? || style="text-align:left" | 2 * uint32_t | ||
| {{cellcolors|#555|#fff|center}} offset || | | {{cellcolors|#555|#fff|center}} offset || {{cellcolors|#555|#fff|center}} functionid | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Set something | ! {{cellcolors|#fff|#000}} Set something | ||
| 0x01 || 0x01 || 0x02 | | 0x01 || 0x01 || 0x02 | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 1000=?<br>3000=?<br>6000=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Switch something | ||
| 0x02 || 0x02 || 0x03 | | 0x02 || 0x02 || 0x03 | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
Line 1,501: | Line 1,467: | ||
| 0x03 || 0x03 || 0x04 | | 0x03 || 0x03 || 0x04 | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 8=?<br>0x10=? | ||
|- | |- | ||
! {{cellcolors|#bd5|#000}} | ! {{cellcolors|#bd5|#000}} Set DIRECT/DIRECTHL VIF1 in SP3 EEDMA | ||
| 0x04 || 0x04 || {{cellcolors|#eee|#b44|center}} <abbr style="cursor:help; text-decoration:none" title="Not Available">0x05</abbr> | | 0x04 || 0x04 || {{cellcolors|#eee|#b44|center}} <abbr style="cursor:help; text-decoration:none" title="Not Available">0x05</abbr> | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Switch something | ||
| 0x05 || 0x05 || 0x06 | | 0x05 || 0x05 || 0x06 | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#c96|#000}} Delay | ! {{cellcolors|#c96|#000}} Delay VU xgkick by X cycles | ||
| 0x06 || 0x06 || 0x07 | | 0x06 || 0x06 || 0x07 | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="2=2cycles, 4=4cycles, 8=8cycles">cycles</abbr> | | colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="2=2cycles, 4=4cycles, 8=8cycles">cycles</abbr> | ||
|- | |- | ||
! {{cellcolors|#c96|#000}} Patch | ! {{cellcolors|#c96|#000}} Patch VU memory by <abbr title="two bit masks for original and patched data">bitmask</abbr> | ||
| 0x07 || 0x07 || 0x08 | | 0x07 || 0x07 || 0x08 | ||
| 3 || style="text-align:left" | 8 * uint32_t | | 3 || style="text-align:left" | 8 * uint32_t | ||
| colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="read mask, read mask, original opcode, original opcode, write mask, write mask, replace opcode, replace opcode">MASK</abbr> | | colspan="3" {{cellcolors|#c96|#000|center}} <abbr title="read mask, read mask, original opcode, original opcode, write mask, write mask, replace opcode, replace opcode">MASK</abbr> | ||
|- | |- | ||
! {{cellcolors|#9f9|#000}} Patch EE memory | ! {{cellcolors|#9f9|#000}} Patch EE memory with 2 opcodes | ||
| 0x08 || 0x08 || 0x09 | | 0x08 || 0x08 || 0x09 | ||
| <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t + LIST | | <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t + LIST | ||
| {{cellcolors|#9f9|#000|center}} <abbr title="amount of patches in the LIST">count</abbr> || colspan="2" {{cellcolors|#9f9|#000|center}} <abbr title="offset, original opcode, original opcode, replace opcode, replace opcode">LIST</abbr> | | {{cellcolors|#9f9|#000|center}} <abbr title="amount of patches in the LIST">count</abbr> || colspan="2" {{cellcolors|#9f9|#000|center}} <abbr title="offset, original opcode, original opcode, replace opcode, replace opcode">LIST</abbr> | ||
|- | |- | ||
! {{cellcolors|#9f9|#000}} Patch EE memory | ! {{cellcolors|#9f9|#000}} Patch EE memory with 1 opcode | ||
| {{NA}} || {{NA}} || 0x0A | | {{NA}} || {{NA}} || 0x0A | ||
| <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t + LIST | | <abbr title="command">1</abbr>→<abbr title="list">32</abbr> || style="text-align:left" | uint32_t + LIST | ||
Line 1,541: | Line 1,507: | ||
| 0x0A || 0x0A || 0x0C | | 0x0A || 0x0A || 0x0C | ||
| 1 || style="text-align:left" | 2 * uint16_t | | 1 || style="text-align:left" | 2 * uint16_t | ||
| | | 0=?<br>1=?<br>2=? || colspan="2" | 0=?<br>0x180=?<br>0x400=?<br>0x800=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Set something | ! {{cellcolors|#fff|#000}} Set something | ||
| 0x0B || 0x0B || 0x0D | | 0x0B || 0x0B || 0x0D | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | | | colspan="3" | 0=?<br>1=?(default?) | ||
|- | |- | ||
! {{cellcolors|#f93|#000}} COP2 and FPU accurate ADD/SUB address | ! {{cellcolors|#f93|#000}} COP2 and FPU accurate ADD/SUB address | ||
Line 1,556: | Line 1,522: | ||
| 0x0D || 0x0D || 0x0F | | 0x0D || 0x0D || 0x0F | ||
| 32 || style="text-align:left" | 2 * uint32_t | | 32 || style="text-align:left" | 2 * uint32_t | ||
| {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start | | {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start offset</abbr> || colspan="2" {{cellcolors|#f93|#000|center}} <abbr title="max 0x1FFFFFFF">end offset</abbr> | ||
|- | |- | ||
! {{cellcolors|#f93|#000}} | ! {{cellcolors|#f93|#000}} COP2 accurate MUL/DIV range | ||
| 0x0E || 0x0E || 0x10 | | 0x0E || 0x0E || 0x10 | ||
| 32 || style="text-align:left" | 2 * uint32_t | | 32 || style="text-align:left" | 2 * uint32_t | ||
| {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start | | {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start offset</abbr> || colspan="2" {{cellcolors|#f93|#000|center}} <abbr title="max 0x1FFFFFFF">end offset</abbr> | ||
|- | |- | ||
! {{cellcolors|#f93|#000}} VU0 accurate ADD/SUB address | ! {{cellcolors|#f93|#000}} VU0 accurate ADD/SUB address | ||
Line 1,568: | Line 1,534: | ||
| colspan="3" {{cellcolors|#f93|#000|center}} <abbr title="min 0x000, max 0xFF8">offset</abbr> | | colspan="3" {{cellcolors|#f93|#000|center}} <abbr title="min 0x000, max 0xFF8">offset</abbr> | ||
|- | |- | ||
! {{cellcolors|#588|#fff}} | ! {{cellcolors|#588|#fff}} VU related ? | ||
| 0x10 || 0x10 || 0x12 | | 0x10 || 0x10 || 0x12 | ||
| <abbr title="command">1</abbr>→<abbr title="list">63</abbr> || style="text-align:left" | uint32_t + LIST | | <abbr title="command">1</abbr>→<abbr title="list">63</abbr> || style="text-align:left" | uint32_t + LIST | ||
Line 1,578: | Line 1,544: | ||
| colspan="3" {{cellcolors|#dda|#000|center}} time ? | | colspan="3" {{cellcolors|#dda|#000|center}} time ? | ||
|- | |- | ||
! {{cellcolors|#f93|#000}} | ! {{cellcolors|#f93|#000}} VU1 transform ADD/SUB | ||
| 0x12 || 0x12 || 0x14 | | 0x12 || 0x12 || 0x14 | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Set something with bit flags | ||
| 0x13 || 0x13 || 0x15 | | 0x13 || 0x13 || 0x15 | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | 2 | | colspan="3" | 2=?<br>4=?<br>0x14=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Unknown | ! {{cellcolors|#fff|#000}} Unknown | ||
Line 1,593: | Line 1,559: | ||
| colspan="3" | ? | | colspan="3" | ? | ||
|- | |- | ||
! {{cellcolors|#9cf|#000}} | ! {{cellcolors|#9cf|#000}} COP0 configure MTC0/MFC0 | ||
| 0x15 || 0x15 || 0x17 | | 0x15 || 0x15 || 0x17 | ||
| 1 || style="text-align:left" | uint8_t ? | | 1 || style="text-align:left" | uint8_t ? | ||
Line 1,608: | Line 1,574: | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Switch something | ||
| 0x17 || 0x18 || 0x1A | | 0x17 || 0x18 || 0x1A | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Switch something | ||
| 0x18 || 0x19 || 0x1B | | 0x18 || 0x19 || 0x1B | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
Line 1,631: | Line 1,597: | ||
| 0x1B || {{NA}} || 0x1E | | 0x1B || {{NA}} || 0x1E | ||
| 1 || style="text-align:left" | uint8_t | | 1 || style="text-align:left" | uint8_t | ||
| colspan="3" | ? | | colspan="3" | 3=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Set something | ||
| 0x1C || 0x1C || 0x1F | | 0x1C || 0x1C || 0x1F | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | | | colspan="3" | 200=?<br>1000=?(default) | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Set something | ! {{cellcolors|#fff|#000}} Set something | ||
| 0x1D || 0x1D || 0x20 | | 0x1D || 0x1D || 0x20 | ||
| 1 || style="text-align:left" | uint64_t | | 1 || style="text-align:left" | uint64_t | ||
| colspan="3" | ? | | colspan="3" | 10=?<br>60=?(default)<br>100=?<br>120=?<br>200=?<br>240=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Set something | ! {{cellcolors|#fff|#000}} Set something | ||
| 0x1E || 0x1E || 0x21 | | 0x1E || 0x1E || 0x21 | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 0=?<br>1=?<br>2=? | ||
|} | |||
</div> | |||
</div> | |||
<div style="float:right; width:50%;"> | |||
<div style="float:left; padding-left:5px;"> | |||
{| class="wikitable" style="font-size:85%; line-height:100%; text-align:center" | |||
|- | |||
! rowspan="2" | Command Name !! rowspan="39" style="padding:0px" | || colspan="3" | Command ID !! rowspan="39" style="padding:0px" | || rowspan="2" style="padding:1px" | Max<br>Usage !! rowspan="39" style="padding:0px" | || colspan="4" | Command Data | |||
|- | |||
! style="padding:1px" | gxemu !! style="padding:1px" | softemu !! style="padding:1px" | netemu !! Length !! colspan="3" | Params | |||
|- | |- | ||
! {{cellcolors|#fff|#000}} Switch something | ! {{cellcolors|#fff|#000}} Switch something | ||
Line 1,653: | Line 1,629: | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Switch something | ||
| 0x1F || 0x20 || 0x23 | | 0x1F || 0x20 || 0x23 | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#ddf|#000}} | ! {{cellcolors|#ddf|#000}} Internal image aspect ratio ? | ||
| 0x20 || 0x21 || 0x24 | | 0x20 || 0x21 || 0x24 | ||
| 1 || style="text-align:left" | uint64_t | | 1 || style="text-align:left" | uint64_t | ||
| colspan="3" | ? | | colspan="3" | 12000=?<br>48000=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Switch something | ! {{cellcolors|#fff|#000}} Switch something | ||
Line 1,671: | Line 1,647: | ||
| 0x22 || 0x23 || 0x26 | | 0x22 || 0x23 || 0x26 | ||
| 32 || style="text-align:left" | 2 * uint32_t | | 32 || style="text-align:left" | 2 * uint32_t | ||
| {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start | | {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start offset</abbr> || colspan="2" {{cellcolors|#f93|#000|center}} <abbr title="max 0x1FFFFFFF">end offset</abbr> | ||
|- | |- | ||
! {{cellcolors|#f93|#000}} COP2 accurate ADD/SUB range | ! {{cellcolors|#f93|#000}} COP2 accurate ADD/SUB range | ||
| 0x23 || 0x24 || 0x27 | | 0x23 || 0x24 || 0x27 | ||
| 32 || style="text-align:left" | 2 * uint32_t | | 32 || style="text-align:left" | 2 * uint32_t | ||
| {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start | | {{cellcolors|#f93|#000|center}} <abbr title="min 0x100000">start offset</abbr> || colspan="2" {{cellcolors|#f93|#000|center}} <abbr title="max 0x1FFFFFFF">end offset</abbr> | ||
|- | |- | ||
! {{cellcolors|#aaf|#000}} Set something <abbr title="PS2 MECHACON related">(CDVD)</abbr> | ! {{cellcolors|#aaf|#000}} Set something <abbr title="PS2 MECHACON related">(CDVD)</abbr> | ||
| 0x24 || 0x25? || 0x28 | | 0x24? || 0x25? || 0x28 | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 0=?<br>1=?<br>2=?<br>3=? | ||
|- | |- | ||
! {{cellcolors|#aaf|#000}} CDVD seek | ! {{cellcolors|#aaf|#000}} CDVD read/seek timings ? | ||
| 0x25 || 0x26? || 0x29 | | 0x25? || 0x26? || 0x29 | ||
| 1 || style="text-align:left" | 2 * uint32_t | | 1 || style="text-align:left" | 2 * uint32_t | ||
| ? || colspan="2" | ? | | ? || colspan="2" | ? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Switch something | ! {{cellcolors|#fff|#000}} Switch something | ||
| 0x26 || 0x27 || 0x2A | | 0x26? || 0x27 || 0x2A | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|- | |- | ||
! {{cellcolors|#aaf|#000}} | ! {{cellcolors|#aaf|#000}} Switch something <abbr title="PS2 MECHACON related">(CDVD)</abbr> | ||
| 0x27? || 0x28 || 0x2B | | 0x27? || 0x28 || 0x2B | ||
| 1 || style="text-align:left" | 0 | | 1 || style="text-align:left" | 0 | ||
Line 1,701: | Line 1,677: | ||
| 0x28 || 0x29 || 0x2C | | 0x28 || 0x29 || 0x2C | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 1=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} Switch something | ! {{cellcolors|#fff|#000}} Switch something | ||
Line 1,711: | Line 1,687: | ||
| 0x2A || 0x2B || 0x2E | | 0x2A || 0x2B || 0x2E | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 0x172=? | ||
|- | |- | ||
! {{cellcolors|#fff|#000}} | ! {{cellcolors|#fff|#000}} Set something | ||
| 0x2B || {{NA}} || 0x2F | | 0x2B || {{NA}} || 0x2F | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 1=? | ||
|- | |- | ||
! {{cellcolors|#eee|#b44|left}} Reserved | ! {{cellcolors|#eee|#b44|left}} Reserved | ||
Line 1,766: | Line 1,742: | ||
| {{NA}} || {{NA}} || 0x43 | | {{NA}} || {{NA}} || 0x43 | ||
| 1 || style="text-align:left" | uint32_t | | 1 || style="text-align:left" | uint32_t | ||
| colspan="3" | ? | | colspan="3" | 0=?(default)<br>1=? | ||
|- | |- | ||
! {{cellcolors|#fcc|#000}} Disable smoothing filter | ! {{cellcolors|#fcc|#000}} Disable smoothing filter | ||
Line 1,833: | Line 1,809: | ||
| colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | | colspan="3" {{cellcolors|#ddd|#666|center}} ''Nothing'' | ||
|} | |} | ||
</div> | |||
</div> | |||
</div> | |||
<br style="clear: both;" /> | |||
<!-- We need to find a better way to organize the commands info below, right now all the info is "constricted" inside the same table but is better to take them out of the table to have more freedon when adding comments, etc... Are a lot so by now i prefer to dont make page sections for every command. Im going to try something that visually looks like page sections but are not (so are not going to be displayed in the TOC at top of the page). With this change we are moving forward because the command info is not going to be inside the same table anymore, im going to split them but the visual look and other details are not going to be definitive because later can be converted into page sections if someone insists in it --> | |||
=== | {{Boxcomm|id=0x00|name=Title ID Enforce|data=1x String in format: ABCD-12345}} | ||
Restricts the CONFIG to be used only by a specific [[Template:TITLE_ID_for_Physical_Media|Title ID]]<br> | |||
The presence of this command in the CONFIG is optional. If present it needs to be located always at the last position in the CONFIG | |||
=== | {{Boxcomm|id=0x01|name=EE_ADD_HOOK|data=2x uint32_t Params (addr, func_id 0-0x3B)}} | ||
Most of the hooks availables in netemu command 0x01 are fixes for a specific game, or a game engine<br> | |||
The Maximum Amount of times netemu command 0x01 can be used consecutivelly in the same config is 255. This is actually limit for EE hooks at all, 0x01 don't have own limit. | |||
{| class="wikitable | {| class="wikitable" style="width:100%; font-size:0.9em; line-height:90%" | ||
! | |- | ||
!Function ID!! Notes | |||
|- | |- | ||
| | |0x00|| | ||
|- | |- | ||
| | |0x01|| FIFA 2000 use it as hook for EE kernel at 0x80001858 (DMAC related). | ||
|- | |||
|0x02|| | |||
Max Payne | |||
Write 0 to D_ENABLEW in SPE 3 (EEDMA). D_ENABLER is NOT updated on PPE side. | |||
|- | |- | ||
| | |0x03|| | ||
Max Payne | |||
Write 0xFFFFFFFF (0x10000, other bits are ignored anyway) to D_ENABLEW in SPE 3 (EEDMA). D_ENABLER is NOT updated on PPE side. | |||
|- | |- | ||
| | |0x04|| Castle Shikigami II | ||
Skip r5900 CACHE IXIN/IHIN (Index/Hit invalidate) opcodes. Same as 0x03 command, but applied of selected ee offset. | |||
This is probably command from times when 0x03 was non existing, and while it apply on selected ee offset, command never recover default IXIN/IHIN handling. | |||
Note: There is leftover in emulator from command that reenable default behavior, but is unused now, and is not accessible by current config commands. | |||
|- | |- | ||
| | |0x05|| Force events test if D2_CHCR & 0x100 is true (if GIF dma is running). For more info check _cpuEventTest_Shared from pcsx2. Star Wars games developed by Pandemic Studios (freeze fix), Worms 3D and NBA 08. | ||
|- | |- | ||
| || | |0x06|| Force events test if D1_CHCR & 0x100 is true (if VIF1 dma is running). For more info check _cpuEventTest_Shared from pcsx2. | ||
| | |- | ||
|0x07|| | |||
== | |- | ||
|0x08|| Backup current unmodified COP0 status register state. Then disable EI bit, and notify emu that cmd 0x09 could be run. Harry Potter - Quidditch World Cup US use it at offset 0x2BD45C (EE) | |||
|- | |||
|0x09|| Restore COP0 status register state from previously created backup. Harry Potter - Quidditch World Cup US use it at offset 0x2BD620 (EE) | |||
|- | |||
|0x0A|| Fix for TriAce executable unpack function. | |||
Games unpack data using VU0 microruntime (not COP2). Because unpack involve floating points operations result can be inaccurate. And it is, | |||
exactly by 1 byte. Config add 1 to result of unpacked data. This can be confirmed also on pcsx2 with turned off TriAce hack, example for Radiata Stories US release. | |||
Set breakpoint on 0x124D90, and then when it's hit, add 1 to lower 64 bits of vf03 reg (in vu0f tab) and hit run. | |||
Game now work as it should. On PS3 this probably can be fixed also by 0x11 command, but since they had hook already done before 0x11 was a thing, it stayed as is. | |||
|- | |||
|0x0B|| Set lower 64 bits of mips $at register to 0 | |||
|- | |||
|0x0C|| Piglet's Big Game | |||
|- | |||
|0x0D|| usleep(100) | |||
|- | |||
|0x0E|| Used 3 times in Need for Speed - Carbon [Collector's Edition] US | |||
|- | |||
|0x0F|| | |||
Grand Theft Auto 3 (SLUS-20062) | |||
using 0x348B40, 0x18E1F0, 0x348EC8 ( + 200000000 base ) | |||
0x348B40 = start CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *)) | |||
0x18E1F0 = start CCollision::ProcessColModels((CMatrix const &, CColModel &, CMatrix const &, CColModel &, CColPoint *, CColPoint *, float *)) | |||
0x348EC8 = Almost end (only loading values preserved on stack) of CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *)) | |||
|- | |||
|0x10|| | |||
Grand Theft Auto 3 (SLES-50330), uses 0x349790, 0x10 (somewhat floats related) | |||
using 0x349790, 0x18E1F0, 0x349B18 ( + 200000000 base ) | |||
0x349790 = start CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *)) | |||
0x18E1F0 = start CCollision::ProcessColModels((CMatrix const &, CColModel &, CMatrix const &, CColModel &, CColPoint *, CColPoint *, float *)) | |||
0x349B18 = Almost end (only loading values preserved on stack) of CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *)) | |||
|- | |||
|0x11|| | |||
Grand Theft Auto 3 (SLES-50793) | |||
using 0x3495C0, 0x18E1F0, 0x349948 ( + 200000000 base ) | |||
0x3495C0 = start CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *)) | |||
0x18E1F0 = start CCollision::ProcessColModels((CMatrix const &, CColModel &, CMatrix const &, CColModel &, CColPoint *, CColPoint *, float *)) | |||
0x349948 = Almost end (only loading values preserved on stack) of CTheScripts::ClearSpaceForMissionEntity((CVector const &, CEntity *)) | |||
|- | |||
|0x12|| Disney/Pixar Finding Nemo (fixes the pause menu freeze) | |||
if COP0 status EI and EXL bits are 0, and other condition related to DMAC is met... | |||
store 0 in [ 0x204FC500 + 200000000 base] 0x4FC500 EE memory, and set lower 64 bits of mips $s0 register to 0. | |||
|- | |||
|0x13|| Snowblind Engine specific fix. Applies to the beginning of function called initLump. Config is responsible for grabbing data from one of registers for use in 0x14/0x15 hooks. Mentioned data is EE memory offset, if data from 0x13 is 0, 0x14/0x15 don't apply. | |||
|- | |||
|0x14|| Snowblind Engine specific fix. Applies to the end of function called initLump. Used in the older version of Snowblind Engine (Dark Alliance duology, The Bard's Tale, Fallout). | |||
|- | |||
|0x15|| Snowblind Engine specific fix. Applies to the end of function called initLump. Used in the newer version of Snowblind Engine (Champions duology, Justice League Heroes, Combat Elite). | |||
|- | |- | ||
| | |0x16|| Champions of Norrath (SLUS-20565) | ||
store 0x01114BA8 in [ 0x208EAB4C + 200000000 base] | |||
store 0x010C9E40 in [ 0x208EAB6C + 200000000 base] | |||
|- | |- | ||
| | |0x17|| | ||
condition r18 == 0x8000 | |||
setting: | |||
stores 0x40490FDA somewhere | |||
Note: 0x40490FDA (3.14159250) is the highest float approximation to π in hexadecimal without going over the value.<br /> | |||
Probably can improve FPU accuracy for some games. | |||
|- | |- | ||
| | |0x18|| Okami PAL specific hook. | ||
Check if opcode at 0x183F04 of EE memory is jal 0x183CB0 (0x0C060F2C). This is used to run additional hook patcher only 1 time. | |||
Later it will be nop here. so it means that new hooks are already applied. So function will just return early. | |||
if opcode at 0x183F04 is still jal 0x183CB0 (0x0C060F2C), | |||
then patch addresses 0x183F04 (jal 0x183CB0), 0x183F34 (jal 0x183CB0), 0x183F3C (jal 0x183D18) to nop. | |||
Finally adds 3 additional EE hooks. Emu addresses for ps2_netemu 4.70+ | |||
EE address | EMU address | |||
0x183F0C | sub_46334 | |||
0x183F3C | sub_45DA4 | |||
0x183D74 | sub_47B50 | |||
First hook is responsible for grabbing EE addresses from one of EE gpr register. Second hook perform few checks from data in EE gpr registers, and | |||
eventually store data from EE gpr registers on previously grabbed addresses. Hook 3 store one of previosly grabbed EE address on unknown part of memory. | |||
Whole thing looks like HLE version of noped functions. | |||
|- | |- | ||
| | |0x19|| Set lower 64 bits of mips $a1 register to unknown value (value is grabbed dynamically from recompiled code) | ||
|- | |- | ||
| | |0x1A|| | ||
store 0 in [ 0x209FD560 + 200000000 base] | |||
store 0 in [ 0x209F9550 + 200000000 base] | |||
store 0 in [ 0x20A01570 + 200000000 base] | |||
store 0 in [ 0x209F9540 + 200000000 base] | |||
store 0 in [ 0x209F5540 + 200000000 base] | |||
store 0 in [ 0x209F1530 + 200000000 base] | |||
|- | |- | ||
| | |0x1B|| | ||
store 0 in [ 0x20552168 + 200000000 base] | |||
|- | |- | ||
| | |0x1C|| | ||
store 1 in [ 0x20552168 + 200000000 base] | |||
|- | |- | ||
| | |0x1D|| | ||
store 0 in [ 0x20556C08 + 200000000 base] | |||
|- | |- | ||
| | |0x1E|| | ||
store 1 in [ 0x20556C08 + 200000000 base] | |||
|- | |- | ||
| | |0x1F|| | ||
store 0 in [ 0x205243D8 + 200000000 base] | |||
|- | |- | ||
| | |0x20|| | ||
store 1 in [ 0x205243D8 + 200000000 base] | |||
|- | |- | ||
| | |0x21|| | ||
store 0 in [ 0x20524F88 + 200000000 base] | |||
|- | |- | ||
| | |0x22|| | ||
store 1 in [ 0x20524F88 + 200000000 base] | |||
|- | |- | ||
| | |0x23|| | ||
store 0 in [ 0x2047E7F8 + 200000000 base] | |||
|- | |- | ||
| | |0x24|| | ||
store 1 in [ 0x2047E7F8 + 200000000 base] | |||
|- | |- | ||
| | |0x25|| | ||
store 0 in [ 0x204802B8 + 200000000 base] | |||
|- | |- | ||
| | |0x26|| | ||
store 1 in [ 0x204802B8 + 200000000 base] | |||
|- | |- | ||
| | |0x27|| | ||
store 0 in [ 0x20586348 + 200000000 base] | |||
|- | |||
|0x28|| | |||
store 1 in [ 0x20586348 + 200000000 base] | |||
|- | |||
|0x29|| | |||
store 0 in [ 0x205868A8 + 200000000 base] | |||
|- | |||
|0x2A|| | |||
store 1 in [ 0x205868A8 + 200000000 base] | |||
|- | |||
|0x2B|| | |||
|- | |||
|0x2C|| Shin Onimusha - Dawn of Dreams Fix ingame IPU runtime - JPN/US release [https://github.com/PCSX2/pcsx2/issues/1141 bug] | |||
|- | |||
|0x2D|| Shin Onimusha - Dawn of Dreams Fix ingame IPU runtime - PAL release [https://github.com/PCSX2/pcsx2/issues/1141 bug] | |||
|- | |||
|0x2E|| Shin Onimusha - Dawn of Dreams Fix ingame IPU runtime - Unk release (SCKA-20086? SLPM-66275? Why it is unused? Why non PS2 Best JPN release is missing hook?) | |||
|- | |||
|0x2F|| | |||
if value at EE Mem 0x37B0C4 == 0, set mips pc register (program counter) to 0x100B98 | |||
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0. | |||
|- | |||
|0x30|| | |||
if value at EE Mem 0x37B704 == 0, set mips pc register (program counter) to 0x100B98 | |||
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0. | |||
|- | |||
|0x31|| | |||
if value at EE Mem 0x37630C == 0, set mips pc register (program counter) to 0x100BA8 | |||
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0. | |||
|- | |||
|0x32|| | |||
if value at EE Mem 0x37BB0C == 0, set mips pc register (program counter) to 0x100BA8. | |||
Config is supposed to repeat chunk of code if EE mem 0x37BB0C == 0. | |||
|- | |||
|0x33|| | |||
|- | |||
|0x34|| not filled | |||
|- | |||
|0x35|| Ninkyouden: Toseinin Ichidaiki | |||
|- | |||
|0x36|| | |||
|- | |||
|0x37|| | |||
|- | |||
|0x38|| | |||
|- | |||
|0x39|| Used silently in command 0x4B with first param from 0x4B as hook address. | |||
|- | |||
|0x3A|| Used silently in command 0x4C with first param from 0x4C as hook address. | |||
|- | |||
|0x3B|| Grand Theft Auto 3 (JP/AS) ? using 0x351210, 0x18F590, 0x351568 ( + 200000000 base ) | |||
|} | |||
{{Boxcomm|id=0x02|name=Unknown|data=1x int32}} | |||
Used in function that handle D6 CHCR writes (SIF1), seems to be some kind of timing command for EE --> IOP DMA. | |||
*Valid values found: | |||
**1000d | |||
**3000d | |||
**6000d | |||
{{Boxcomm|id=0x03|name=Unknown|data=N/A}} | |||
Skip r5900 CACHE IXIN/IHIN (Index/Hit invalidate) opcodes. | |||
{{Boxcomm|id=0x04|name=Unknown|data=1x uint32_t index (i*0x80, special 0x12345: 0x91a280?)}} | |||
Patch SPE 3 program (eedma) by searching for ila r4, xxxxx, starting at 0x178A0 and replacing them with (0x42000004 | ((value << 7) & 0x1FFFF80) | |||
0x42000004 is ila r4 opcode. Due to opcode encoding example result of that patch with value 0x08 will be 0x42000404 (ila r4, 0x08). There is little bit more than that, but main purpose is just to patch SPE program behavior. | |||
*Valid values found: | |||
**0x08 | |||
**0x10 | |||
{{Boxcomm|id=0x05|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x06|name=Unknown|data=N/A}} | |||
Change VIF1 command 02h OFFSET behavior by patching pointer to function which process it to different previously unused function. | |||
{{Boxcomm|id=0x07|name=Delay VU xgkick by X cycles|data=1x uint32_t}} | |||
Default 1 | |||
{{Boxcomm|id=0x08|name=Patch VU memory by mask |data=8x uint32_t (read mask,read mask, original opcode, original opcode, write mask, write mask, replace opcode, replace opcode)}} | |||
Maximum Amount of Usage: 3 times | |||
{{Boxcomm|id=0x09|name=EE_INSN_REPLACE64|data=uint32_t count, <list> (offset, original opcode, original opcode, replace opcode, replace opcode)}} | |||
Maximum List Count: 32 | |||
*Valid values found | |||
**1 [Dark Cloud] and [Dead Or Alive 2 Hardcore] | |||
{{Boxcomm|id=0x0A|name=EE_INSN_REPLACE32|data=uint32_t count, <List> (offset, original opcode, replace opcode)}} | |||
Command present only in the ps2_netemu. Maximum List Count: 32 | |||
*Valid values found | |||
**1 [Deadly Strike] | |||
**2 [Dragon Force] | |||
{{Boxcomm|id=0x0B|name=MECHA_SET_PATCH|data=1x uint32_t count, <List> {sector id, offset, sizeof present opcodes, replace opcodes, original opcodes)}} | |||
Offset on the disc = sector id * sector size + offset + correction [see below]<br> | |||
Offset correction is based on selected read mode (not on media type):<br><br> | |||
CDRead requested block size (CD disc): | |||
*2048 = Offset + 0x18 (skip 12 sync bytes, 4 of header, and 8 of subheader) | |||
*2328 = Offset + 0x18 (skip 12 sync bytes, 4 of header, and 8 of subheader) | |||
*2340 = Offset + 0x0C (skip only 12 bytes of sync data) | |||
DVDRead requested block size (DVD Disc): | |||
*2064 = Offset match, but only until the 349th sector. Otherwise is offset - 0x0C because that read mode see data as ID DATA (4) + ID DATA EDC (2) + Reserved bytes (6) + 2048 data + EDC (4). | |||
"Offset + XX" for CD assume that you use Isobuster RAW mode. "Offset - XX" for DVD assume that you use Isobuster NON RAW mode<br> | |||
Special case is DVD read on very low sector, here you need to use exact offset without substrating 0x0C. Highest confirmed sector that don't use correction for now is 349. | |||
[Dead Or Alive 2 Hardcore] uses 7 | |||
[Gradius V] uses 1 | |||
[Grand Theft Auto III] uses 1 | |||
[Katamari Damacy] uses 1 | |||
[Manhunt] uses 1 | |||
[Odin Sphere] uses 2 | |||
[Primal] uses 1 | |||
[Psychonauts] uses 1 | |||
[Syphon Filter The Omega Strain] uses 1 | |||
Maximum List Count: 47 | |||
{{Boxcomm|id=0x0C|name=Unknown|data=1x (uint16_t, uint16_t)}} | |||
0/1/2,<0x63> | |||
{{Boxcomm|id=0x0D|name=Unknown|data=1x int32}} | |||
True/false. Default = 1 | |||
0 = Skip some IOP related code responsible for check value from IOP SPE LS 0x2C0C0 (and skip panic if value is 0 or -1). | |||
Also skip write of 0x80000000 to unknown place related to IOP memory (to 0x4005400C). | |||
{{Boxcomm|id=0x0E|name=Improves ADD/SUB accuracy|data=1x int32}} | |||
1 Param offset --- Improves ADD/SUB FPU/COP2 accuracy for selected offset. Work with opcodes from commands 0x26/0x27. Basically command like 0x0F just per offset, no per range. | |||
[Rygar] only has 0x147DA8 sub.s $f12, $f20, $f12 | |||
Used in official configs: SCUS97501=0x3C458C, SCES53642=0x3C4854, SLUS21026=0x386864, SLUS20916=0x121F64, SLUS20437=0x11EDF0 | |||
Maximum Amount of Usage: 32 times | |||
{{Boxcomm|id=0x0F|name=More accurate ADD/SUB memory range|data=List <uint32_t Param, uint32_t Param>}} | |||
More accurate memory range. This command is combined 0x26, and 0x27 command. | |||
[Dark Cloud] uses 0x239334, 0x1FFFFFF | |||
[Grand Theft Auto SA] uses 0x1E46DC, 0x1E4AE8 | |||
Maximum Amount of Usage: 32 (if there is no additional 0x26/0x27 command) | |||
{{Boxcomm|id=0x10|name=MULDIV Accurate range|data=List <uint32_t Param, uint32_t Param>}} | |||
More accurate MUL/DIV handling on selected memory range for selected FPU opcodes. Effectively work only with: | |||
MUL.s, DIV.s, MULA.s, MADD.s, MSUB.s, MADDA.s, MSUBA.s. | |||
For ADD/SUB opcodes, command is active only on Multiply stage. | |||
Maximum List Count: 32 | |||
{{Boxcomm|id=0x11|name=VU0 Accurate ADD/SUB|data=1x uint32_t Param}} | |||
Param is VU0 (MICROPROGRAM) memory offset, correct param is in range of 0x000 to 0xFF8. | |||
Lower pipeline fetch opcode from address, Upper from address + 4. So correct address for config needs to be 8 bytes aligned. | |||
Used in official configs: SLUS21172=0x208, SLUS20878=0x140,0x368,0x570 | |||
Maximum Amount of Usage: 32 times | |||
{{Boxcomm|id=0x12|name=Unknown|data=<List> (uint32_t count,}} | |||
VU0/COP2 related multicommand. | |||
First 8 bytes of that command are special flags. Not quite sure about bytes 5-8 yet, | |||
because at some point they are used to "andc" with first 4 bytes. | |||
Some examples for first 4 bytes: | |||
0x100000 = Different code path for VU0 opcodes that do ADD/SUB with multiply (MSUB, MADDA, etc.). | |||
0x200000 = Run some additional code in VU0 load/store opcodes (ILW, LQI, ISWR, etc.) | |||
0x400000 = Skip emu syscall 3 (3) | |||
0x800000 = Skip emu syscall 3 (4) | |||
0x4000000 = Enable type 2 config from cmd 0x12. | |||
0x8000000 = Accurate VU0 DIV opcode | |||
0x30000000 = Different code path for VU0 MUL opcodes, include opcodes like MSUB for mul part. So 0x30100000 work for mul, and sub part. | |||
0x10000000 and 0x20000000 also work for that purpose, emu just check for any active bits after applying 0x30000000 mask. | |||
Keep in mind that you still need to use at least 8 bytes for cmd 0x12, just use 00 for bytes 5,6,7,8. | |||
Later bits are dependent on which subcommand we want to run. | |||
[Primal] uses 0xD of type 2/3 subcommand (minus 0x2 for flags) | |||
[Rayman Arena] uses 0x11 of type 2/3 subcommand (minus 0x2 for flags) | |||
[Syphon Filter: The Omega Strain] uses 0x5 of type 1 subcommand (minus 0x2 for flags) | |||
Maximum List Count: 63 | |||
{{Boxcomm|id=0x13|name=Memory card timing related delay|data=1x uint64_t Param}} | |||
0x9bdc (39900) - Used by "Phantasy Star Universe" (official config for SLPM-66031), "WRC II Extreme", and "Burnout Dominator" | |||
0xf960 (63840) - Used by "Jak X: Combat Racing" (official config for SCUS-97429), and "Netsu Chu! Pro Yakyuu 2004" | |||
0x1d394 (119700) - Used by "Jissen Pachi-Slot Hisshouhou! Kemono-Oh" (official config for SLPS-20131) | |||
{{Boxcomm|id=0x14|name=VU1 transform ADD/SUB|data=N/A}} | |||
When enabled ADD/SUB VU1 opcodes are processed differently on recompiling/translation stage. Seems to be very specific hack, most likely not usable outside of THPS 4+ engine games. <br> | |||
Note: This setting affects only VU1, and only ADD/SUB. All other opcodes like ADDi,ADDq, MSUB, ADDbc, are not affected. | |||
{{Boxcomm|id=0x15|name=Unknown|data=1 Param ( <1, >1 )}} | |||
Patch SPE 0 (IOP) program in local memory. Command search for absolute branches in LS 0x3A2C0 - 0x3A6C0 and patch them to bi r127. This command take partially unused value. Value 0,1 do nothing, values 2 and above run command. Doesn't matter is 2,4, or 10. Nothing will change in command behavior. | |||
[Aeon Flux] uses 2 (gxemu config) | |||
[Bloodrayne 2] uses 4 | |||
[GRIMgRiMoiRe] uses 4 | |||
[Mana Khemia 2] uses 4 | |||
[Odin Sphere] uses 4 | |||
[SMT Persona 3 FES] uses 4 | |||
[Parappa the Rapper 2] uses 0x14 (softemu config) or 0x4 (gxemu config) | |||
{{Boxcomm|id=0x16|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x17|name=COP0 configure MTC0/MFC0|data=1x int32 ?}} | |||
True/false. Default 0. | |||
<br>Command change behavior of MTC0/MFC0 operation of COP0 Count ($9) register. When enabled time base register is used as a base for calculation, when disabled decrementer register is used as a base for calculations (using emu syscall 12). | |||
[Bully] uses 1 | |||
{{Boxcomm|id=0x18|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x19|name=Force analog controller mode|data=N/A}} | |||
Skips check for analog/digital controller mode and returns forced analog mode | |||
[Grand Theft Auto III] | |||
[Grandia II] | |||
[Red Faction 2] | |||
[Siren] | |||
{{Boxcomm|id=0x1A|name=Unknown|data=N/A}} | |||
IPU hack to end fromIPU DMA transfer on BCLR command (store 0 on D3_QWC and D3_CHCR.STR). Not stopping that transfer is actually correct behavior.. | |||
{{Boxcomm|id=0x1B|name=Unknown|data=N/A}} | |||
When IDEC command don't finish, probably due to bad timings. Hack clear D3_CHCR.STR bit when there is still QW left in D3_QWC reg , and IDEC finished already. | |||
[Mana Khemia 2] | |||
{{Boxcomm|id=0x1C|name=Emulate Multitap|data=read uint32_t (use uint8_t)}} | |||
Enables/disables Multitap emulation. Default 3 | |||
0 = disable multitap emulation | |||
1 = enable multitap in controller port 1 (when needed) | |||
2 = enable multitap in controller port 2 (when needed) | |||
3 = enable multitaps in both controller ports (when needed) | |||
[Medal of Honor: European Assault] uses 1 | |||
[Twisted Metal: Black] uses 1 | |||
{{Boxcomm|id=0x1D|name=Set Multitap|data=read uint32_t (use uint8_t)}} | |||
Sets multitap to specific controller ports and adjusts the order of ports to which controllers are synced. Default 0? | |||
0 = no multitap set (only when needed) | |||
Controller sync order: 1/1-A, 2/2-A, 1-B, 2-B... | |||
1 = sets multitap in controller port 1 at all times | |||
Controller sync order: 1/1-A, 1-B, 1-C, 1-D... | |||
2 = sets multitap in controller port 2 at all times | |||
Controller sync order: 1/1-A, 2/2-A, 2-B, 2-C... | |||
3 = sets multitaps in both controller ports at all times | |||
Controller sync order: same as 0 | |||
[Medal of Honor: European Assault] uses 1 | |||
[Twisted Metal: Black] uses 1 | |||
[Mystic Heroes] uses 2 (game does not detect multitap in controller port 1) | |||
[Sonic Riders] uses 2 (GX config, game may not detect multitap in controller port 1) | |||
{{Boxcomm|id=0x1E|name=Multitap related|data=read uint32_t (use uint8_t)}} | |||
[FIFA 2001] uses 3 (settings for both multitaps?) | |||
{{Boxcomm|id=0x1F|name=Unknown|data=1x uint32_t}} | |||
Default 1 | |||
Config value is added to another value, and stored later in negmem. For sure this is VIF0 related command, and can be VIF0 timing/cycle related. | |||
{{Boxcomm|id=0x20|name=Unknown|data=1x uint64_t}} | |||
Default 0x3C | |||
Config value is used as multiplier for some value, and result is used in vsync related runtimes. | |||
Is worth to note that 0x3C is default multiplier even for PAL titles, so is not stricly related to framerate, | |||
but to vsync counters (where 0x3C is still wrong anyway..). Result of multiply is also compared at some point to vsync delay value. | |||
{{Boxcomm|id=0x21|name=Unknown|data=1x uint32_t}} | |||
Option one default value = 1, when set to 0: r5900 CACHE opcode IXLTG store 0 in COP0 TagLo register. Additionally CACHE IXIN/IHIN opcodes use different code path. | |||
More than that one of recompiler functions is skipped at all, and another one choose alternative code path. | |||
Option two default value = 0, when set to 1: One of emulator r5900 recompiler functions select different code path, also skipping one of checks for option | |||
one since it's placed in the same function that use option two. | |||
0 = sets an option one from 1 to 0 and option two to 0 | |||
1 = sets an option one from 1 to 0 and option two to 1 | |||
2 = sets an option one from 1 to 1 and option two to 0 | |||
[Fatal Frame II] uses 0 | |||
[Grand Theft Auto Vice City] uses 1 | |||
[Grand Theft Auto III (EU)] uses 1 | |||
[SMT Persona 3 FES] uses 0 | |||
{{Boxcomm|id=0x22|name=Unknown|data=N/A}} | |||
Sets something 1 | |||
{{Boxcomm|id=0x23|name=Unknown|data=N/A}} | |||
Copy VIF1 command 01h STCYCL handler struct into unused 08h slot (slots are 100 bytes per command, include pointer to function that handle command, and other data). Then patch slot 08h function pointers to function at 0x14E00. 08h is normally unused, and handled as a NOP. This command is useful only with additional 0x01 (0x13-0x15) hooks, which inject 08h VIF1 command into game code when other conditions are met. | |||
{{Boxcomm|id=0x24|name=Unknown|data=1x uint64_t}} | |||
SIO2 related | |||
{{Boxcomm|id=0x25|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x26|name=FPU Accurate ADD/SUB range|data=List <uint32_t Param,uint32_t Param>}} | |||
Improves FPU accuracy for selected memory range. Efective only on: | |||
ADD.s, SUB.s, ADDA.s, SUBA.s, MADD.s, MSUB.s, MADDA.s, MSUBA.s | |||
For M(UL) opcodes, command is active only on ADD/SUB stage. | |||
[Bloodrayne 2] uses 0x340000, 0x350000 | |||
[Gradius V] uses 0x3046E0, 0x0x305E44 | |||
Maximum Amount of Usage: 32 (if there is no additional 0x0F command) | |||
{{Boxcomm|id=0x27|name=VU0 macromode accurate range|data=List <uint32_t Param,uint32_t Param>}} | |||
Improves COP2 operations accuracy for selected memory range. Effective only for opcodes: | |||
VSUBAxyzw, VSUBAq, VSUBAi, VSUBA, VSUBxyzw, VSUBq, VSUBi, VSUB, VMSUBAxyzw, | |||
VMSUBAq, VMSUBAi, VMSUBA, VMSUBxyzw, VMSUBq, VMSUBi, VMSUB, VMADDAxyzw, | |||
VMADDAq, VMADDAi, VMADDA, VMADDxyzw, VMADDq, VMADDi, VMADD, VADDAxyzw, | |||
VADDAq, VADDAi, VADDA, VADDxyzw, VADDq, VADDi, VADD | |||
Maximum Amount of Usage: 32 (if there is no additional 0x0F command) | |||
Seems to affect only ADD/SUB part of opcode. | |||
{{Boxcomm|id=0x28|name=Unknown|data=1x uint32_t}} | |||
<=3 | |||
{{Boxcomm|id=0x29|name=Unknown|data=2x uint32_t}} | |||
Seek/read time? Maybe seek/read delay? Full/fast seek? Default value is 0x1F40, 0xBB80 (8000, 48000) | |||
{{Boxcomm|id=0x2A|name=Unknown|data=N/A}} | |||
Sets something 1. | |||
All-Star Baseball 2004 | |||
{{Boxcomm|id=0x2B|name=Unknown|data=N/A}} | |||
When enabled emulated register 0x1F40200F (disc type) is set to 0x13 (PS2CDDA) when media type detected by emu is 0x12 (PS2CD), confirmed in emu code/assembly. Ps2_emu do same thing in "Setting mecha HACK to show GODZCD as GODZCDDA", but due to real media support this is done in little bit different way (but still, 1F40200F is set to 0x13). During testing Dance Factory game, still no tracks are detected regardless of the command. Could be a netemu or Cobra issue (single, mixed mode .bin/.cue loaded). | |||
Dance Factory | |||
{{Boxcomm|id=0x2C|name=Unknown|data=1x uint32_t}} | |||
Store (value | value << 32 | value << 64 | value << 96) on 0x2B4F0 of SPE 0 (IOP) LS. | |||
In summoner config it will be 0x00000001000000010000000100000001 stored at 0x2B4F0. | |||
Value is later used in clgt compare as rb register. Default seems to be 0x00000020000000200000002000000020. | |||
Summoner uses 0x1 | |||
{{Boxcomm|id=0x2D|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x2E|name=Unknown|data=1x uint32_t}} | |||
{{Boxcomm|id=0x2F|name=Unknown|data=1x uint32_t}} | |||
Store value on 0x2E784 in SPE 1 (PS2 SPU2) LS. Used values are 1, and 2 (after andi, so 3 trigger both configs). | |||
* Infamous Final Fantasy confirmation sound issue (in fact it does affect every sound effect using the reverb and only in the ps2_netemu) is fixed by 0x2 value. | |||
Indigo Prophecy/Fahrenheit uses 0x1 | |||
Kengo 3 uses 0x2 | |||
{{Boxcomm|id=0x30|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x31|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x32|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x33|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x34|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x35|name=Enable Force Flip Field|data=N/A}} | |||
Described in emu setting as "''Fix for [Hang] for soft-lock''" | |||
{{Boxcomm|id=0x36|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x37|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x38|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x39|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x3A|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x3B|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x3C|name=N/A|data=N/A}} | |||
Command not available in ps2_netemu.self | |||
{{Boxcomm|id=0x3D|name=Config revision|data=1x uint32_t}} | |||
This command works as a restriction, the emulator loads the config contents '''only''' if the '''emulator revision''' is bigger than the '''config revision'''. See: [[PS2_Emulation#PS2 Emulator Types and Revisions|PS2 Emulator Types and Revisions]]<br> | |||
The goal of this restriction is to prevent the emulator to load a config containing unsupported commands, as example netemu command 0x50 is only supported since netemu revision 17495 (shipped with PS3 firmware 4.78 or newer), otherway if you try to load a config with a revision higher than your netemu revision the contents of the config are going to be ignored (as example when trying to load a modern config using commands higher than 0x41 in a custom firmware 3.70)<br> | |||
In general is better to use a low revision with this command to lower the restriction as most as posible (oldest netemu revision is 15686), but '''only''' if the commands inside the config are not higher than 0x41, for a reference when creating custom configs check the table below, those are the minimal '''config revisions''' required that depends of the config commands contents | |||
{| class="wikitable" style="font-size:1em; line-height:1em" | |||
|+Config commands supported by emulator revision | |||
! Supported Commands !! ps2_netemu Revision !! PS3 Firmware | |||
|- | |||
| Up to 0x41 || 15686 || 3.70 or newer | |||
|- | |||
| Up to 0x43 || 16604 || 4.20 or newer | |||
|- | |||
| Up to 0x45 || 16808 || 4.30 or newer | |||
|- | |||
| Up to 0x46 || 16916 || 4.40 or newer | |||
|- | |||
| Up to 0x48 || 17041 || 4.45 or newer | |||
|- | |||
| Up to 0x4A || 17179 || 4.50 or newer | |||
|- | |||
| Up to 0x4D || 17277 || 4.55 or newer | |||
|- | |||
| Up to 0x50 || 17495 || 4.78 or newer | |||
|} | |||
*Problems: | |||
**The [[PS2 Official Configs|official NET config]] for Gradius V (SLPM-62462) uses config revision = 17498 (is the highest value ever found in a official PS2 classic config), this value is higher than any retail ps2_netemu.self revision, and is breaking the logic of the [[Template:Ps2configrev]] (used to calculate the PS3 firmware version required by the config). So either... 1) the description of this command written above is not accurate enought, or 2) the config has been "faked" to an incorrect revision, or 3) the config is real but sony made a mistake with the revision and the emulator is not loading it | |||
{{Boxcomm|id=0x3E|name=Unknown|data=N/A}} | |||
Similar to 0x0D with param 0. Affect the same IOP related code path, but skips more code. | |||
{{Boxcomm|id=0x3F|name=Unknown|data=1x uint32_t}} | |||
Store value on 0x2B700 of SPE 0 (IOP) LS. | |||
{{Boxcomm|id=0x40|name=Unknown|data=N/A}} | |||
Command change GIF behavior by setting value to 1 at address 0x2F0 LS in SPU4. | |||
Grand Theft Auto SA | |||
Silent Hill Origins - unofficial fix | |||
{{Boxcomm|id=0x41|name=Unknown|data=N/A}} | |||
When enabled ignore D_ENABLEW (1000F590) writes from EE on SPE3 (EEDMA). D_ENABLER is updated regardless of cmd on PPE side. Enabling that command nullify 0x01 hooks for Max Payne! | |||
Dragon Force | |||
God Hand | |||
Gradius V | |||
Katamari Damacy | |||
{{Boxcomm|id=0x42|name=EE Overlay patch|data=2 main Params + patch data: uint32_t address, uint32_t count, opcode,opcode,opcode...}} | |||
Applied on game start (more precisely while executing ps2 bios syscall 7 ExecPS2), if game overwrite selected part of memory, it will wipe 0x42 patch. See [[Special:Diff/67828/67858]] | |||
Start address can be (in theory) anywhere, but Sony used the 0xFF000 - 0xFFFFC range for this purpose. | |||
Count is size of patch in 4 bytes opcodes. So 5 opcode patch = count 5. | |||
Opcodes will be placed on selected address, we use only patch code, no need for original opcode. | |||
Next opcode addresses are auto calculated (+4..) so we need to specify only patch start address. | |||
Remember we need to jump to our new code, best way is command 0x0A with j (jump) opcode. | |||
Also is important to add return jump if required. That one need to be added in our 0x42 patch. | |||
Maximum opcodes count seems to be 0x3FF (1023 opcodes). | |||
{{Boxcomm|id=0x43|name=Unknown|data=1x int32}} | |||
Equal to command 0x40, but with Parameter: | |||
Command change GIF behavior by setting value at address 0x2F0 LS in SPU4, correct values are: | |||
0 = Default | |||
1 = More agressive changes (like 0x40) | |||
anything other = less agressive changes | |||
Code on SPU side check for non zero value, and in few places explicitly for 1 (ceqi rxx,rxx,1) without mask. | |||
Config have weird behavior. When there is no param, and config end (no more bytes after 43 00 00 00), then param 0xFFFFFFFF is set automatically. | |||
Shin Sangoku Musou uses 0xFFFFFFFF | |||
{{Boxcomm|id=0x44|name=Disables Smoothing and Smoothing option|data=N/A}} | |||
{{Boxcomm|id=0x45|name=Unknown|data=N/A}} | |||
Sets something 1 | |||
Prevent display_mode 2 (CELL_GCM_DISPLAY_576_unk) [640x576] | |||
and display_mode 0 (CELL_GCM_DISPLAY_480_unk) (60Hz?) [640x480] | |||
from beign set. | |||
Allow display_mode 1 (CELL_GCM_DISPLAY_480_unk2) (59Hz?) [640x480] | |||
and display_mode 5 (CELL_GCM_DISPLAY_720P_59) [1280x720] | |||
depending on sys_info.video_mode & 0x200 is 0 or not. | |||
Both 480 modes can be either I or P, so is something else, probably 59/60Hz. | |||
This config possibly affect only in-emu UI, but this require testing. | |||
Phantasy Star Complete Collection | |||
{{Boxcomm|id=0x46|name=Enable L2H Improvement|data=N/A}} | |||
Performance related setting for titles using L2H (Local to Host, so called GS download (from GS to EE)) | |||
SMT Digital Devil Saga 1 - Crazy amount of GS downloads used to draw characters in-game | |||
SMT Nocturne | |||
Fatal Frame II | |||
Other games affected (not in official config) | |||
Soul Calibur 2 - When looking at the sun | |||
GT4 - When looking at the sun | |||
Valkyrie Profile 2 - Similar situation to SMT DDS1, in Solde game literally do thousands of 30QWC downloads all the time. | |||
Tak and the Power of JuJu - Fix freeze during loading of the Burial Ground level in the NTSC version. This probably getting lucky with VIF1/GIF timing, normally command is not supposed to fix hang issues. | |||
{{Boxcomm|id=0x47|name=Enables XOR CSR|data=N/A}} | |||
Graphics related setting.<br> | |||
XOR bit 13 of GS CSR register (CSR.FIELD). Should fix fullscreen line corruption, maybe some interlacing issues. Long shot, but can possibly affect SCANMSK games. | |||
{{Boxcomm|id=0x48|name=VSYNC Delay|data=2x uint32_t}} | |||
*First param possible value are 1 = No IPU, 2 = IPU, 3 = Anytime. | |||
*Second param is delay (in ms?), and can be also negative value. | |||
**Emu has standard presets for second param. | |||
***Agressive = 0x3D090 (250000 decimal), | |||
***Normal = 0x186A0 (100000 decimal), | |||
***Conservative = 0x4E20 (20000 decimal), | |||
***But other values can be used. | |||
[SMT Digital Devil Saga 1] uses 1, 0x3D090 | |||
[Fatal Frame II] uses 0x2, 0xFFFFE69C (-6500 decimal) | |||
{{Boxcomm|id=0x49|name=Unknown|data=N/A}} | |||
Sets something 0xB,0,0 | |||
Trapt | |||
{{Boxcomm|id=0x4A|name=Unknown|data=N/A}} | |||
Change VIF1 command 14h MSCAL behavior to use 15h MSCALF (VIF1) instead. MSCALF behavior is the same as MSCAL, but also waits for PATH1 and PATH2 to not be active before starting a microprogram. This is hack, and MSCAL should be fixed instead to wait in queue instead of triggering early. | |||
Applies to the Snowblind Engine games. Fixes the rest of flickering textures. | |||
Meant to be used in conjunction with the GX/SOFT Snowblind Engine's specific commands (double 0x01 and 0x23 combo). | |||
{{Boxcomm|id=0x4B|name=Redirect SAVEDATA by ID|data=2x uint32_t + ID: offset, int, char[]}} | |||
For proper config we need at least 2 (can be more if needed) 0x4B commands, one to enable redirect, one to disable. | |||
First param is EE memory offset that when is hit enable/disable redirection. | |||
Second param is partially unknown, seems to be size of next param to read * 4 (3 in known configs), or 0xFFFFFFFF for disable redirect command. | |||
Third param is ID of SAVEDATA we want to use padded with 00 to match 12 bytes, or all 00 in disable redirect config. | |||
Important note here is that config have own 00 00 00 00 terminator at the end. | |||
So after 12 bytes of ID we need to add 4 bytes of 00. That apply also to disable redirect version. | |||
{{Boxcomm|id=0x4C|name=Unknown|data=2x uint32_t + ID: offset, int, char[]}} | |||
Used to redirect to different ISO without game reset. First param is EE offset to hook, second param is ID size * 4. Emulator do some checks here, safe value is 3 (3 * 4 bytes), third value is ID in big endian hex ascii (eg. NPJD12345), additionally 0x4C expect own 00 00 00 00 terminator. To eventually end redirection use another 0x4C but with (offset, 0xFFFFFFFF, 4 * 0x00000000 . This config have very similar usage to 0x4B, just redirect to different iso, instead to different MC. Currently is unknown that cobra patched emulators support that config properly. | |||
{{Boxcomm|id=0x4D|name=Unknown|data=1x uint32_t}} | |||
Param is MASK used in some conversion of Q value in RGBAQ writes. Default value 0. | |||
tempQ = Q & 0x7FFFFFFF | |||
tempQ = tempQ & MASK | |||
Q = tempQ | unmasked Q | |||
Wild Arms: The Fifth Vanguard uses 0x3F800000 | |||
{{Boxcomm|id=0x4E|name=Unknown|data=Unknown}} | |||
{{Boxcomm|id=0x4F|name=Unknown|data=Unknown}} | |||
{{Boxcomm|id=0x50|name=Enable pressure sensitive controls|data=N/A}} | |||
===Config file examples (for netemu)=== | |||
====Official PS2 Classic==== | |||
See: [[PS2 Official Configs]] | |||
====Official GXEMU/SOFTEMU extracted==== | |||
See: [[PS2 Official Configs]] | |||
==== Custom Configs ==== | |||
See: [[PS2 Custom Configs]] | |||
===Config data examples (hardcoded)=== | |||
====Inside ps2_emu.self==== | |||
Embedded patches are based on Checksum/Hash of title. ps2_emu is only emulator version where patches are described inside self file in ascii. Known patch types described in ascii are: Patch data, new SPU2 params, and Setting mecha HACK to show GODZCD as GODZCDDA. | |||
{| class="wikitable sortable" | |||
! PS2 Title !! Hash !! Game !! Patch Type !! Data | |||
|- | |||
| SCUS_971.46|| 0x6B1ADE00D||Disney's Treasure Planet || Patch data - Fixes black screen at start, it apply to STREAM_D.IRX file in IOP folder. || 0x147C (sector) , 0x580 (offset) (- 0xC on disc) | |||
Replace opcodes | |||
00 01 01 3C lui at,0x0100 | |||
80 BF 03 3C lui v1,0xBF80 | |||
C8 10 63 8C lw v1,0x10C8(v1) | |||
24 18 61 00 and v1,at | |||
FB FF 61 10 beq v1,at, -0x10 | |||
00 00 00 00 nop | |||
Original opcodes | |||
FF FF 01 24 li at,-0x1 | |||
04 00 61 14 bne at,v1, +0x14 | |||
00 80 01 3C lui at,0x8000 | |||
02 00 41 14 bne at,v0, +0x0C | |||
00 00 00 00 nop | |||
0D 00 06 00 break | |||
|- | |||
|SLUS_201.74 ||0x23D92589C5|| Rumble Racing || Patch data - fixes black screen after Playstation 2 logo. Patch apply to AUDIO.IRX file in MODULES folder || 0x3AEDA (sector), 0x120 (offset) | |||
Replace opcodes | |||
06 00 80 14 bnez a0, +0x1C | |||
21 20 43 00 addu a0,v0,v1 | |||
21 10 A0 00 move v0,a1 | |||
02 00 A0 14 bnez a1, +0x0C | |||
00 00 00 00 nop | |||
01 00 05 24 li a1,0x1 | |||
EB FF 40 10 beqz v0, -0x50 | |||
04 00 84 24 addiu a0,0x4 | |||
FC FF 90 24 addiu s0,a0,-0x4 | |||
Original opcodes | |||
07 00 80 14 bnez a0, +0x20 | |||
21 80 43 00 addu s0,v0,v1 | |||
21 10 A0 00 move v0,a1 | |||
02 00 A0 14 bnez a1, +0x0C | |||
00 00 00 00 nop | |||
01 00 05 24 li a1,0x1 | |||
FC FF 40 10 beqz v0, -0x0C | |||
00 00 00 00 nop | |||
04 00 04 26 addiu a0,s0,0x4 | |||
|- | |||
|SLUS_211.96||0x24D92589D5|| Indigo Prophecy || new SPU2 params || 1 | |||
|- | |||
|SLPM_661.93||0x608634992D|| <abbr title="https://www.gamefaqs.com/ps2/544598-indigo-prophecy/data">Fahrenheit (NTSC-J)</abbr> || new SPU2 params || 1 | |||
|- | |||
|SLUS_212.96||0x5CA15DF14D|| Dance Factory ||Setting mecha HACK to show GODZCD as GODZCDDA || | |||
|} | |||
====Inside ps2_gxemu.self/ps2_softemu.self==== | |||
There are hundreds of configs hidden in ps2_gxemu, and ps2_softemu self files. Internal config structure is basing on custom hash based on Title ID, internal memory offset pointing to place where true patch instruction is, and count of used commands. When disc/iso is started emulator search for configs, and if config for selected ID exist, then emulator apply it by itself. Is not perfect way of applying patches, because some games use the same ID, but different content. Good example here is Star Wars Battlefront II SLUS-21240, where some versions of game can refuse to work because it apply bad patch. | |||
{| class="wikitable sortable" | |||
! PS2 Title !! Hash !! Game !! Patch Type !! Data | |||
|- | |||
| || || || || | |||
|} | |||
==Known Emulation Bugs== | |||
This list known bugs inside emulator code that make emulation inaccurate. Since those are only EE side bugs for now, ps2_gxemu/ps2_netemu/ps_softemu share the same issues. | |||
{| class="wikitable sortable" | |||
! Bug !! Description !! Known Affected Games | |||
|- | |||
| Missing Emotion Engine Data Cache emulation || Emulating that is literally not possible without making games run at 3 fps. Fixed by patches to game image, or EE code. Instruction Cache (not Data) seems to be implemented, at least partially. || Ice Age 2, DOA2: Extreme, Nascar 2009. | |||
|- | |||
| Branch delay slot violation not supported on EE || Some games have Branch instruction inside Branch delay slots, this is not emulated correctly on EE (VU have proper emulation of that). This is patched in configs by rearangging MIPS code. || WRC 3,4,Rally Evolved, one of Action Replay discs. | |||
|- | |||
| VIF bugs || There is no correct timing, and queuing for some VIF commands like MSCAL. || Snowblind Engine games. Probably more. | |||
|- | |||
| XGKick is instant || Some games expect to XGKick happen few cycles in future, on PS3 is done instant. Fixed by config 0x07 which delay XGKick by selected value || WRC series, Wakeboarding Unleashed, TriAce games, World of Outlaws - Sprint Cars, Ty - The Tazmanian Tiger, dot Hack - G.U. series, and more | |||
|- | |||
| COP2 instructions are instant || Some games rely on fact that COP2 operations can take some time, on PS3 emulators they are done instantly due to lack of correctly emulated pipeline Patched by rearranging mips code || FFX, FFX-2, Ghost in The Shell SAC, Ace Combat series, Sprint Cars 1/2, Black, Run Like Hell, Everblue 2, Dragon Quest - Shounen Yangus no Fushigi na Daibouken, and many more | |||
|- | |||
| VU0 is not running in sync with EE core || Seems like old pcsx2 mVU approach is used where VU0 is running thousands of cycles ahead of EE. Partially resolved on emu using 0x12 command with 2/3 subcommands. || 24 The Game, ATV Quad Power Racing 2, Twisted Metal Head-On, Primal, Ghosthunter, Rayman Arena, Rayman 3, All games using M-bit. | |||
|- | |||
| M-Bit not supported || Emulator ignore VU0 M-Bit, that cause issues for games that need it to work correctly. This is done because there is no way to sync correctly running VU0 without sync with EE. Partially resolved on emu using 0x12 command with 2/3 subcommands. || Totally Spies! Totally Party, Mike Tyson Heavyweight Boxing, My Street, Crash Twinsanity, Marvel Nemesis, Panzer Elite Action - Fields of Glory, TriAce games (speed optimizations only), Super Monkey Ball Adventure, most Eko Software games, and many more. | |||
|- | |||
| Emulator Fail to save correct flag instances while ending VU0 program on Ebit || This cause few games to read bad flag status (not status flag!) on COP2. This is resolved on emu by forcing update of MAC flag on every STATUS flag read (by config 0x12), this cause slowdowns creating a lot of unnesessary operations. || Driving Emotion Type-S, State of Emergency 2, The Getaway Black Monday. | |||
|- | |||
| Not updated status flag when VDIV/VSQRT/VRSQRT is done on COP2 || Potential bad flag state can cause a lot of issues that are not related on first sight || Yanya Caballista (already patched by custom config) | |||
|- | |||
| In corner cases emu select wrong block pipeline state while processing Flag VU opcodes. || This can cause various issues, mostly SPS, missing graphic, specific slowdowns, etc. For now it was only confirmed that FSAND opcode don't ask for exact pipeline state, but looking at assembly of other opcode this rather affect all of them. || Tales of Legendia, more.. | |||
|- | |||
| CTC2 opcode write whole value to R register, while only 23 bits are writable. Rest is hardcoded to 0x3F800000. || Can cause many weird issues like broken physics, broken graphics. PCSX2 was also affected [[https://github.com/PCSX2/pcsx2/pull/6611 more]]. || There is only one game that is known to be affected, and is already partially patched (patch still break fog), is Musashi Samurai Legend. | |||
|- | |||
|} | |||
===Software emulation bugs=== | |||
Related to the GS emulation issues mostly. Apply to the ps2_netemu especially. | |||
{| class="wikitable sortable" | |||
! Bug !! Description !! Known Affected Games | |||
|- | |- | ||
| | | No mipmapping support || Emulator does ignore the mipmap layers, probably for performance reasons. It is processing only the level 0 texture base pointer specified in the TEX0 register. There are games writing a garbage data into that memory area, when the mipmap level is different than zero. As a result, a garbled texture is shown instead of a correct one. || Ace Combat series, Ape Escape 2, EA Sports F1 series, Harry Potter series, ICO (psuedo volumetric rays), Jak and Daxter series, Nickelodeon Barnyard and Nicktoons Unite (very strange implementation), Ratchet and Clank series and more. | ||
|- | |- | ||
| | | SCANMSK register ignored || Emulator does ignore the SCANMSK setting responsible for restricting the drawing primitives on the odd or even lines. It is used as a fake transparency effect in some games by merging the two display circuits. || Metal Gear Solid series (heavy used in the MGS2 on the water and reflection effects), Gran Turismo series (ghost cars), Raw Danger! (depth of field/tonemapping effect) | ||
|- | |- | ||
|} | |} | ||
Line 2,608: | Line 3,248: | ||
* http://wiki.pcsx2.net/index.php/Category:Software_rendering_only_games | * http://wiki.pcsx2.net/index.php/Category:Software_rendering_only_games | ||
{{Reverse engineering}}<noinclude> | {{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> | ||
[[Category:Main]] | |||
</noinclude> |