Editing Talk:PS2 Emulation
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 207: | Line 207: | ||
* This hack allow to run all spe cores while doing nothing on ppe side. Is like giving spe more time (100 msec). This can be used to fix some timing issues here or there. But if you know game offset that you want to use it, you probably can already fix it in different way. Also this probably won't affect "emulation cycles", so is not like pcsx2 EE timing hack. About pcsx2 EE timing hack.. This is really stupid hack if you ask me. Hack make all events listed [[https://github.com/PCSX2/pcsx2/blob/5bdec2f532e94065655032eb6cf7f7715c075e3b/pcsx2/R5900.h#L403 here]] to take 8 cycles. No matter that really it was 1, or 2000 cycles, it will make all of that 8 cycles. Idea of that hack is not bad itself, but it is terrible implementation that make a lot of things random. I think that ps2 emu on ps4 do this much better, as you can select only one event, and set cycles for it. While on pcsx2 if you want DMAC_FROM_IPU to take 8 cycles, you also make ALL OTHER events to take 8 cycles. I don't know how lucky that hack is to not break other stuff. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 07:47, 12 March 2022 (UTC) | * This hack allow to run all spe cores while doing nothing on ppe side. Is like giving spe more time (100 msec). This can be used to fix some timing issues here or there. But if you know game offset that you want to use it, you probably can already fix it in different way. Also this probably won't affect "emulation cycles", so is not like pcsx2 EE timing hack. About pcsx2 EE timing hack.. This is really stupid hack if you ask me. Hack make all events listed [[https://github.com/PCSX2/pcsx2/blob/5bdec2f532e94065655032eb6cf7f7715c075e3b/pcsx2/R5900.h#L403 here]] to take 8 cycles. No matter that really it was 1, or 2000 cycles, it will make all of that 8 cycles. Idea of that hack is not bad itself, but it is terrible implementation that make a lot of things random. I think that ps2 emu on ps4 do this much better, as you can select only one event, and set cycles for it. While on pcsx2 if you want DMAC_FROM_IPU to take 8 cycles, you also make ALL OTHER events to take 8 cycles. I don't know how lucky that hack is to not break other stuff. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 07:47, 12 March 2022 (UTC) | ||
=== | ===ps2_netemu command 0x4=== | ||
Patch SPE 3 program (eedma) by searching for ila r4, xxxxx, starting at 0x178A0 and replacing them with (0x42000004 | ((value << 7) & 0x1FFFF80)<br> | |||
0x42000004 is ila r4 opcode. Due to opcode encoding example result of that patch with value 0x08 will be 0x42000404 (ila r4, 0x08). | |||
There is little bit more than that, but main purpose is just to patch SPE program behavior. | |||
* What are the valid values? The official config from The Suffering uses a 0x8 value, yet the flashing does still happen. Increasing it to 0x20 seems to fix the flashing.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 14:42, 22 February 2022 (UTC) | |||
** 0x00 - 0x3FFFF. Well you can use higher values, but it will be truncated by mask to something below 0x40000 anyway. Default is 0x12345 if i understand correctly. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 16:29, 22 February 2022 (UTC) | |||
* | |||
===ps2_netemu command 0x5=== | ===ps2_netemu command 0x5=== | ||
Line 245: | Line 235: | ||
===ps2_netemu command 0x0B=== | ===ps2_netemu command 0x0B=== | ||
There is a lot of misunderstanding about that command. | |||
Offset seems to be dependent on read mode, is not about what media we use. This is dependent how game read data, more precisely how game read that one sector we want to patch. | |||
PCSX2 "CDVD reads" logs can help here: | |||
'''CDRead requested block size (CD disc):''' | |||
*2048 = Offset + 0x18 (skip 12 sync bytes, 4 of header, and 8 of subheader) | |||
*2328 = Offset + 0x18 (skip 12 sync bytes, 4 of header, and 8 of subheader) | |||
*2340 = Offset + 0x0C (skip only 12 bytes of sync data) | |||
'''DVDRead requested block size (DVD Disc):''' | |||
* | *2064 = Offset match, but only until the 349th sector. Otherwise is offset - 0x0C because that read mode see data as ID DATA (4) + ID DATA EDC (2) + Reserved bytes (6) + 2048 data + EDC (4). Why there is some weirdness that about first sectors, no idea. Maybe it is something common for DVD discs that i'm not aware off. | ||
"Offset + XX" for CD assume that you use Isobuster RAW mode. "Offset - XX" for DVD assume that you use Isobuster NON RAW mode (ISO can't store all data, so is missing ID/Resv bytes too.<br> | |||
Keep in mind there is a bug in pcsx2 where fastboot "force" 2048 CD read on DVD disc for executable. That one will match 2064 read for us. | |||
* You are very right. I was not aware about different read modes you can specify in the sceCdRead command. That makes sense and that explains that Freekstyle issue. Regarding the whole offset misunderstanding, I know it could be confusing sometimes when you open the mounted file system through the HxD for example (only data bytes are seen). It is important to load the image file in the hex editor directly (or use the "Load image file" in HxD), or check the RAW box in the Isobuster's sector viewer.<br> When it comes to the DVD discs, I know the offset correction is somehow related to the DVD RAW 2064 bytes per sector mode. But I am not sure if it is not applied until the 349th sector precisely - it is what I noticed by looking into the Psychonauts and Street Racing Syndicate configs. The latter has got the patch data applied to the 349th sector without the 0xC correction at all. It is the farthest example I have found.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 14:47, 20 February 2022 (UTC) | |||
* The next 0x0B sector DVD patch in ascending order is in the Ace Combat Zero: The Belkan War config (402nd sector). It does use the +0xC correction. So it is somewhere between 349th and 402nd sector the correction starts to be applied.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 14:00, 22 February 2022 (UTC) | |||
===ps2_netemu command 0x0C=== | ===ps2_netemu command 0x0C=== | ||
Line 266: | Line 266: | ||
The ingame FMVs with the graphic overlay are still stuttering heavily, though, and I am still unsure why. It seems like the shorter FMVs run fine, and the longer they are they more they have slowdown/stutter. This only applies to the "ingame" FMVs and not the opening ones. | The ingame FMVs with the graphic overlay are still stuttering heavily, though, and I am still unsure why. It seems like the shorter FMVs run fine, and the longer they are they more they have slowdown/stutter. This only applies to the "ingame" FMVs and not the opening ones. | ||
===ps2_netemu command 0x0F=== | |||
Apparently command is combined 0x26, and 0x27. Address range is added to both 0x26, and 0x27 list. | |||
This is probably because someone realized later that you not always need accuracy on both FPU, and COP2 to make things work, and that game speed suffer from it. So command was split into 2 separate commands, leaving combined 0x0F for backward compatibility. | |||
0x0F use 2 list counters. From 0x26, and from 0x27. This make usage limit variable. With overall limit 31 for 0x27, and 31 for 0x26. When we have 20 0x0F commands, and 12 0x27, or 0x26. Emulator will panic as one of counters will be above allowed (31) number. | |||
* | Edit: There are some additional runtimes which check 0x26/0x0F/0x10/0x27 and 0x0E. Those runtimes check that current PC match one from configs, and return true or false. Is unknown what is purpose of that check, and even if it is really used (no xrefs, but can be ppc bctr jump). I'm suspecting that check is what make slowdown when commands are used on unsupported opcodes. This is weird if is really working, but that will explain slowdowns.. Supported opcodes perform own check for current PC, and supported command anyway. So maybe that's some kind of hint for recompiler. No idea, really. | ||
** | * In other words, the 0x0E command is equal to the 0x0F one, but it does work on a specific offset instead of range, am I right? And neither 0x0E/0x0F/0x26/0x27 should affect the mul/div accuracy, but the add/sub only.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 14:26, 6 March 2022 (UTC) | ||
** Yes 0x0E, and 0x0F do the same thing. Difference is just 0x0E do this per offset, 0x0F per range. And yes 0x0E/0x0F/0x26/0x27 are only for ADD/SUB opcodes. That still include ADD parts in Multiply ADD opcode, etc. One thing that is missing is MUL/DIV accuracy command for COP2, maybe is not needed.. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 16:24, 6 March 2022 (UTC) | |||
*** Cool, so the Silent Hill 2/3 0x0E command is only hitting the add part of the madda.s instruction for the camera fix. Makes sense. This is interesting since the mul portion doesn't have to be adjusted and I think a command that would hit madda.s as a whole would cause a slight performance drop vs just the add adjustment. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 01:20, 7 March 2022 (UTC) | |||
* Does the 31 limit apply to the 0x0E command too? There is a custom config with 32 0x0E commands and it does not make the emulator panic.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 15:13, 7 March 2022 (UTC) | |||
** Nice catch. All commands support 32, not 31 entries.. Code grab count, compare to 31, and panic if is greater than 31. But if count is 31 it won't panic, and proceed to add another entry + increment count to 32. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 07:03, 8 March 2022 (UTC) | |||
===ps2_netemu command 0x12=== | ===ps2_netemu command 0x12=== | ||
First 8 bytes of that command are special flags. Not quite sure about bytes 5-8 yet, because at some point they are used to "andc" with first 4 bytes. | |||
Some examples for first 4 bytes: | |||
0x100000 = Different code path for VU0 opcodes that do ADD/SUB with multiply (MSUB, MADDA, etc.). | |||
0x200000 = Run some additional code in VU0 load/store opcodes (ILW, LQI, ISWR, etc.) | |||
0x400000 = Skip emu syscall 3 (3) | |||
0x800000 = Skip emu syscall 3 (4) | |||
0x4000000 = This flag ensure that type 2 config from cmd 0x12 will run. Otherwise it seems to be skipped. | |||
0x8000000 = Run some additional code for VU0 DIV opcode | |||
0x30000000 = Different code path for VU0 MUL opcodes, include opcodes like MSUB for mul part. So 0x30100000 work for mul, and sub part. | |||
0x10000000 and 0x20000000 also work for that purpose, emu just check for any active bits after applying 0x30000000 mask. | |||
Keep in mind that you still need to use at least 8 bytes for cmd 0x12, just use 00 for bytes 5,6,7,8. | |||
* Do the VU0 accuracy flags need any subcommands? Official 0x12 configs for the State of Emergency/Driving Emotion/The Getaway use 0x00021000 0x00000000 flag.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 15:43, 9 March 2022 (UTC) | |||
** Flags are first 2 x 4 bytes of cmd 0x12. Config need at least 8 bytes, or it is ignored. There is no need for any subcommand. I suggest to not mess with second 4 bytes for now, and just use 00 00 00 00 as i'm not sure what is real usage of that yet (seems to be "disabler" mask for first 4 bytes, so they are use only one time). For now most aggressive config that use flags is Marvel Nemesis. After excluding 0x4000000 which trigger type 2 subcmd, config looks like this 00FFF000 00000000. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 05:42, 10 March 2022 (UTC) | |||
====type 1==== | ====type 1==== | ||
Playground discussion, unsure about clrlslwi r11, r0, 16,3 result | Playground discussion, unsure about clrlslwi r11, r0, 16,3 result | ||
Line 338: | Line 328: | ||
seg017:00000000001984C0 bgt cr6, next_value | seg017:00000000001984C0 bgt cr6, next_value | ||
</pre> | </pre> | ||
====type 2==== | ====type 2==== | ||
Line 404: | Line 392: | ||
stw r9, 0x1238(r31) save count>>1 | stw r9, 0x1238(r31) save count>>1 | ||
std r11, 0x1240(r31) save ptr to table values start | std r11, 0x1240(r31) save ptr to table values start | ||
---big handler, different register settings?--- | |||
===ps2_netemu command 0x29=== | |||
Something related with read time, maybe seek time. First value is meant to be lower than second value, but this is not requirement. | |||
Code that use it seems to delay some read/seek operation by multiply of first, or second value depending which sector is currently read (or maybe which part of disc actually). Here is code from one of fuctions that use values from that command, keep in mind that "mecha" is just fancy name for cdvd in that emu. | |||
if ((75 * cdvd.CrtSecond + 4500 * cdvd.CrtMinute + cdvd.CrtFrame - 150) >= *(mecha.unk_0x60)) | |||
a = *(cmd_0x29_val_2); | |||
else | |||
a = *(cmd_0x29_val_1); | |||
b = 4835703278458516699; // read https://munroesj52.github.io/vec__int64__ppc_8h.html (search on page for that number). | |||
c = (79800000 * a * b) >> 64; // 0x4C1A6C0 (79800000) is value that lv1 repo key be.clock return. | |||
d = c >> 18; // This and 2 above are generally used as a division by multiply. | |||
e = get_timebase_reg(); | |||
if ( e == 0 ) | |||
{ | |||
do | |||
e = get_timebase_reg(); | |||
while ( e == 0 ); | |||
} | |||
f = e - *(mecha.unk_0x24); | |||
if ( f >= d ) | |||
{ | |||
MECHA_update_status(mecha); | |||
result = unlock_sc06(0x8000LL); | |||
} | |||
else | |||
{ | |||
do | |||
e = get_timebase_reg(); | |||
while ( e == 0 ); | |||
*(mecha.unk_20) = d - f + e; | |||
*mecha.unk_00 = 5; | |||
result = unlock_sc06(0x8000LL); | |||
} | |||
===ps2_netemu command 0x2E=== | |||
Without this command applied there is a black screen and no sound after the PS2LOGO, but the game (Growlanser Generations) is working in the background. Pressing the "PS" button fixes it. After applying this command (0x172 parameter) everything works correctly. | |||
* this (like most "mecha" commands) is messing with timing. | |||
lwz r0, 0x2C(r31) # cmd_0x2E | |||
cmpwi cr7, r0, 0 | |||
beq cr7, cdvd_error_1349B4 # skip cdvd error if cmd not 0. | |||
nop | |||
loc_134988: | |||
mftb r9 | |||
cmpwi cr7, r9, 0 | |||
beq cr7, loc_134988 # Loop until timebase is not 0 | |||
clrldi r0, r0, 32 | |||
add r0, r0, r9 | |||
li r9, 5 | |||
std r0, 0x20(r31) # cmd_0x2E + timebase | |||
stw r9, 0(r31) | |||
b end_134844 | |||
Value from 0x20(r31) is later used in compare. That result in cdvd error, or in setting which seems schedule event to happen after time from timebase pass. This event is netemu syscall 8 (0x200) which is related to all ps2 cdvd reads. Tl;dr is that value give emulator some more time before cdvd error. Weird thing is that PS button fix it.. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 07:05, 7 March 2022 (UTC) | |||
===ps2_netemu command | ===ps2_netemu command 0x3D=== | ||
Looks like we misunderstood this command earlier, and probably we don't even need it. | |||
There seems to be no emu code that make use of it beside printing config revision. This need confirmation on real hardware. In case that missing 0x3D will fail, it will be good to test at least that is really version enforcer, because i can't find part of code that is eventually responsible for that. | |||
* Some time ago I tested the config with version 0x3D89 which contained commands supported from the version 0x40DC onwards. The console hung up right after LV2 reset.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 10:16, 24 April 2022 (UTC) | |||
** Any chance you can test this again? Config parser don't have any check for revision, when it hit 0x3D is just storing value on address that seems to be related only to UI/Menu stuff. While i can imagine some check for overall config version (still I searched and it seems to be none), i can't imagine some additional per command revision check. Which is what your test suggest here. Emulator have only one config parser, one config buffer, and one check for command number (0x51 and above still don't trigger panic yet, just ignore command). I also tried to find version numbers of 15686, 16604, 16808, 16916, 17041, 17179, 17277, 17495 in code (as hex of course), and only 17495 is found in function that is not really related to any check (described here at the end: [[Talk:PS2_Emulation#Netemu_2]] ). [[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 15:06, 24 April 2022 (UTC)-- | |||
*** You are right. There is no revision check and the 0x3D command is not needed at all for the config to work.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 18:14, 5 May 2022 (UTC) | |||
===ps2_netemu command | ===ps2_netemu command 0x4D=== | ||
Ok, i don't get that config. Here is what happen in assembly: | |||
0xD820 ilhu r19, 0x7FFF | |||
0xD824 lqr r20, Q_cfg_0x4D ; 0x3F800000 in wild arms | |||
0xD82C iohl r19, 0xFFFF | |||
0xD834 and r17, r80, r19 ; r17 = Q & 0x7FFFFFFF mask | |||
0xD840 ceqi r15, r17, 0 ; r15 = r17 (shortcut to move 0 or value if exist to r15) | |||
0xD844 lqr r10, ST_Q | |||
0xD84C cwd r9, 0x30+var_30+8(sp) | |||
0xD850 rotqbyi r16, r20, 4 ; load mask from config to r16 | |||
0xD858 and r12, r15, r16 ; tempQ & 0x3F800000 (r15 and with mask from cfg 0x3F800000) | |||
0xD860 or r5, r80, r12 ; or r80(Q) with r12(Q masked with 0x3F800000) | |||
0xD868 shufb r7, r5, r10, r9 ; Prepare correct write for Q (r5 stored to r10 + 8) | |||
* | 0xD870 stqr r7, ST_Q ; write result as Q value in STQ | ||
I removed irrelevant code that setup RGBA for readability, its not affecting Q. So my point is that all that masked Q is finally ored with r80. So with whole untouched Q value. Doen't that make all those operations irrelevant, or i made some mistake here?<br> | |||
This config can be quite important because it should help to fix issues like Galerians Ash without dirty static patches. More games affected: [[https://github.com/PCSX2/pcsx2/issues/5137 | List]] | |||
* I tested the 0x3F800000 and 0x71500000 values with Galerians Ash and it did not work at all.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 14:15, 8 March 2022 (UTC) | |||
==XMB messages related with PS2 Emulation== | |||
{| | {{Boxcode|title=explore_category_sysconf.rco\Text\English.xml|code=<syntaxhighlight lang="xml"> | ||
<Text name="msg_ps_ps2_upconvert">PS/PS2 - Upscaler</Text> | |||
<Text name="msg_ps_upconvert">PS - Upscaler</Text> | |||
<Text name="msg_ps_ps2_smoothing">PS/PS2 - Smoothing</Text> | |||
<Text name="msg_ps_smoothing">PS - Smoothing</Text> | |||
<Text name="msg_ps_ps2_smoothing_explanation">Reduces the roughness of the displayed image.</Text> | |||
</syntaxhighlight>}} | |||
{{Boxcode|title=game_ext_plugin.rco\Text\English.xml|code=<syntaxhighlight lang="xml"> | |||
<Text name="msg_error_cannot_play_ps2disc_scee">This title is not currently compatible with the PS3™ system. Please visit faq.eu.playstation.com/bc for a list of PlayStation®2 format software titles that are compatible, and to update the System Software that will enable your PS3™ system to play additional PlayStation®2 format software titles.</Text> | |||
<Text name="msg_error_cannot_play_ps2disc_scea">This title is not currently compatible with the PS3™ system. If you update your system software the title may become compatible with your system. Please visit http://www.us.playstation.com/Support/CompatibleStatus to check whether a specific PlayStation®2 format software title is compatible with the PS3™ system.</Text> | |||
<Text name="msg_error_cannot_play_ps2disc_scej">This title is not currently compatible with the PS3™ system. If you update your system software the title may become compatible with your system. Please visit http://www.jp.playstation.com/ps3/status/ to check whether a specific PlayStation®2 format software title is compatible with the PS3™ system.</Text> | |||
<Text name="msg_error_cannot_play_ps2disc_scek">This title is not currently compatible with the PS3™ system. If you update your system software the title may become compatible with your system. Please visit http://www.playstation.co.kr/info/bc to check whether a specific PlayStation®2 format software title is compatible with the PS3™ system.</Text> | |||
<Text name="msg_error_cannot_play_ps2disc_sceasia">This title is not currently compatible with the PS3™ system. If you update your system software the title may become compatible with your system. Please visit http://asia.playstation.com/status to check whether a specific PlayStation®2 format software title is compatible with the PS3™ system.</Text> | |||
<Text name="msg_cannot_run_ps2_fromat_corretly_stop">A problem has occurred. This PlayStation®2 format software was forced to quit.</Text> | |||
</syntaxhighlight>}} | |||
=== | {{Boxcode|title=explore_plugin_full.rco\Text\English.xml|code=<syntaxhighlight lang="xml"> | ||
<Text name="msg_setting_file_ps2">Settings File (PlayStation®2)</Text> | |||
<Text name="msg_your_bb_navigator">Your PlayStation®BB Navigator</Text> | |||
= | <Text name="msg_system_driver_ps1">System Driver</Text> | ||
This | <Text name="msg_system_driver_ps2">System Driver (PlayStation®2)</Text> | ||
<Text name="msg_error_cannot_play_ps2_format">This model of the PS3™ system is not compatible with PlayStation®2 format software.</Text> | |||
</syntaxhighlight>}} | |||
==Obsolete experiments== | |||
This is kept here for historical purposes, but needs to be rewritten or deleted | |||
===Getting Playstation 2 Software Emulator working=== | |||
Method (on Firmware 3.55, without! Cobra-USB Dongle or Downgrade) for all consoles (fat & slim). | |||
1. Replace following files on your consoles /dev_flash/ | |||
with the ones included in this archive | |||
p3dwik-ps2compatfiles.rar | |||
2. Get into Factory Service Mode (FSM Tool/Dongle) | |||
3. Insert your Original PS2 Game Disc | |||
4. It will run. | |||
Note: Backups wont work. You're getting the compatibility of the 2.60 software emulator with all of its bugs. | |||
Download: [http://www.sendspace.com/file/bm9z9v p3dwik-ps2compatfiles.rar]<br> | |||
Possible compatibility Lists: | |||
* http://tortuga-cove.com/forums/viewtopic.php?f=57&t=530 | |||
* [[Talk:Emulation#PS2.2FPStwo]] | |||
====boot_ps2==== | |||
http://foxbrew.org/ps3/otheros-utils/boot_ps2.git <br /> | |||
http://www.multi...upload.com/QKK7ETPHXZ boot_ps2-src.rar (1.43 KB) <br /> | |||
http://www.multi...upload.com/YCZ63Y6TQ5 boot_ps2.pkg (69.17 KB) <br /> | |||
any chance of having this package resigned for 4.21 cfw? might be useful to see if it'll boot ps2_netemu.self LPAR. | |||
(can boot ps2lpar, but also petitboot if otheros installed! 50:50 chance) | |||
[http://rghost.net/42586725 boot_ps2 4.xx eboots.zip (153 KB)] <br /> installing 3.55 pkg and replacing the eboot and editing the sfo should work. | |||
=== Enable Playstation 2 on non BC's=== | |||
= | [[http://www.ps3devwiki.com/index.php?title=Emulation#Getting_Playstation_2_Software_Emulator_working Getting Playstation 2 Software Emulator working]] | ||
[[Image:Vsh_ps2_change1.png|left|thumb|400px|XMB Game Settings non BC/BC,patched]]<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br> | |||
==== Service Mode in relation to PS2 emulation tests ==== | |||
* Service mode resets display settings (on default it uses HDMI with composite on MultiAV connector) - this means that users of Component cables can get garbled screen / no display output (in tests below, the primairy screen) unless using composite wiring/screen (in tests below, the secondairy screen). | |||
* Service Mode also resets user presets like disc autoboot, so it needs to be disabled again if needed. | |||
* Any made Virtual Memory Cards previously will be removed and you will have no access to them, nor be able to create one. | |||
* When PS3 is switching to PS2, connection with Sixaxis / Dualshock 3 will be lost (even when using USB wired connection). In some cases easily resyncable by using PS button, but in other cases the leds stay off and the controller cannot be used (until ps2 mode is exited or console rebooted) | |||
* | |||
* As a workaround for above wireless controller issue, you can use an USB2PS2 converter and connect an old PS2 / Dualshock2 controller. | |||
==== | ==== tests on 2000 series PS3 Slim ==== | ||
Testplatform: | |||
SKU: 2000 series slim (minver 2.70) | |||
Firmware: 3.55 'Rogero 3.4' mmap114+peek/poke but no SS-patches | |||
Memorycards: MC:PS1 in slot1, MC:PS2 in slot2. | |||
Mainscreen: Component+Composite 576i+P/720i+P//1080i | |||
Sec.screen: Composite 576i | |||
48 titles tested (PAL disc on PAL SKU) // [[User:Euss|Euss]] | |||
* Without Factory Service Mode : gives "Incompatible Data" when inserting PS2 disc | |||
( | * When enabling [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher] without factory service mode (patch4 set as http://pastie.org/private/jp8zhvuocjz95cfrjm0uzg) : no changes in XMB:Game (still only PS upscaler/smoothing, no PS2 mention at all) | ||
[http:// | * When enabling [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher] without factory service mode (patch4 set as http://pastie.org/4355919) : gives XMB:Game PS2 smoothing/upscaling options, it also make an inserted disk to be seen as PS2 format. Still same problem of ¨incompatible title¨ and loss of BT/settings. Also after returning to XMB, it no longer sees the disc as PS2 format but as incompatible data (which suggests the lv2 patch is undone, as lv2 is reloaded when returning from the ps2 lpar) | ||
* Using [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] without factory service mode : no resetting of date/time/displayoutput (still output on mainscreen), but all connection to any bound bluetooth device is lost, even when connected via USB (need PS button reactivation), and after a long while comes up with the message that the title is not compatible and that the ps3 needs to be updated (Basic nag screen that is on BC PS3s when inserting a noncompatible title). | |||
[[http://www.ps3devwiki.com/ | * With Factory Service Mode enabled (there are no Xmb options to combinetest with [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher] or [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg]): gives ´PS2 disc´ detected at disc icon, but starting gives: resetting of date/time/displayoutput (effectively disabling my mainscreen), then all connection to any bound bluetooth device is lost, even when connected via USB (needs multiple PS button reactivation), and after a long while comes up with the message that the title is not compatible and that the ps3 needs to be updated (Basic nag screen that is on BC PS3s when inserting a noncompatible title). | ||
[[ | In short: [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] and Factory Service Mode seem to enable simulare (it tries to boot it) while [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] gives you more options e.g. using [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher]. | ||
Perhaps hardswapping out all the dev_flash ps2 emu files for the same software only emulator would circumvent the 'incompatible title' message. | |||
==== Second test: FW 2.70/3.15 ==== | |||
Silent Hill : gives disk icon "unsupported data" and error message like "This model of the PS3 system is not compatible with Playstation2 format software" when run via disc icon. Using [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] gives title not supported error message like "This title is not currently compatible with the PS3 system". | |||
==== Third test: FW 3.55 OtherOS++22GB (with SS Patches) ==== | |||
Silent Hill : gives disk icon "unsupported data" and error message like "This model of the PS3 system is not compatible with Playstation2 format software" when run via disc icon. Using [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] gives blackscreen lockup, not reacting on PS button, or powerbutton, requiring removing powercord. | |||
===== considering titles to test ===== | |||
* http://en.wikipedia.org/wiki/List_of_PlayStation_3_backward_compatible_PlayStation_2_and_PlayStation_games | |||
===== considering titles to test ===== | |||
* http://en.wikipedia.org/wiki/List_of_PlayStation_3_backward_compatible_PlayStation_2_and_PlayStation_games | |||
* http://tortuga-cove.com/forums/viewtopic.php?f=57&t=530 | * http://tortuga-cove.com/forums/viewtopic.php?f=57&t=530 | ||
* http://us.playstation.com/support/compatiblestatus/index.htm | * http://us.playstation.com/support/compatiblestatus/index.htm | ||
Line 904: | Line 780: | ||
ID match US release of Crazy Taxi. This id is kinda special, because Swap Magic CD version, and some other Datel products like Action Replay use Crazy Taxi TOC in their retail discs. | ID match US release of Crazy Taxi. This id is kinda special, because Swap Magic CD version, and some other Datel products like Action Replay use Crazy Taxi TOC in their retail discs. | ||
Is known that they literally ripped part of disc (with key/logo, and TOC), and frankesteined it with own products. | Is known that they literally ripped part of disc (with key/logo, and TOC), and frankesteined it with own products. | ||
So mentioned check first compare hash, and if that match, then run function that perform another check at disc sector 267559 (0x41527), so exactly where main executable is. | So mentioned check first compare hash, and if that match, then run function that perform another check at disc sector 267559 (0x41527), so exactly where main executable is. | ||
I didn't figured out what next, but this is probably anti AR/Datel/SM check. What's weird, there seems to be nothing for TimeSplitters2 which if i recall correctly was used for DVD version of Swap Magic | I didn't figured out what next, but this is probably anti AR/Datel/SM check. What's weird, there seems to be nothing for TimeSplitters2 which if i recall correctly was used for DVD version of Swap Magic. | ||
==CDVD Commands== | ==CDVD Commands== | ||
Line 1,088: | Line 963: | ||
Every "mechacon_auth" command return zeroed result with different size. Only exception here is 0x81 which return 1. | Every "mechacon_auth" command return zeroed result with different size. Only exception here is 0x81 which return 1. | ||
</pre> | </pre> | ||
==EE I/O Handlers list== | ==EE I/O Handlers list== | ||
Line 1,678: | Line 1,482: | ||
|- | |- | ||
|} | |} | ||
1000F800 to 1000F8B0 seems to be some fake regs for testing purposes. Probably not existing on real PS2. | 1000F800 to 1000F8B0 seems to be some fake regs for testing purposes. Probably not existing on real PS2. | ||
* 1000F820 return "DrJock TV Quiz P" | |||
* 1000F830 return "hD bags few lynx" | |||
* 1000F820 return "DrJock TV Quiz P" | |||
* 1000F830 return "hD bags few lynx" | |||
That make string "DrJock TV Quiz PhD bags few lynx" - This is perfect summary of Sony work. Since correct pangram should use "MrJock". So even here they made mistake. | That make string "DrJock TV Quiz PhD bags few lynx" - This is perfect summary of Sony work. Since correct pangram should use "MrJock". So even here they made mistake. | ||
* | * 1F00F880 return hardcoded value of 0x4457, which match emu revision i'm working on. Can be just coincidence. | ||
==Random notes about SPE in ps2_netemu== | ==Random notes about SPE in ps2_netemu== | ||
===IOP SPE=== | ===IOP SPE=== | ||
This is unconfirmed by any code reversing for now, but IOP emulator print messages like: | This is unconfirmed by any code reversing for now, but IOP emulator print messages like: | ||
Cache write (IOPADDR/LSADDR/SIZE) | Cache write (IOPADDR/LSADDR/SIZE) | ||
Cache read (IOPADDR/LSADDR/SIZE) | Cache read (IOPADDR/LSADDR/SIZE) | ||
ERROR: Double ICACHE fault | ERROR: Double ICACHE fault | ||
Which suggest that instruction cache is emulated for IOP. Making this (ps2/gx/net) emu only PS2 emulator that support cache emulation for IOP. For now even most ps1 emulators lack of that feature, and none of known PS2 emulators do that (including Pcsx2/Play!/Dobiestation). With this we can safely assume that also load delay slots are handled correctly here. Unrelated, but is hard to believe that someone implemented icache, but not load delay slots. Which again make it only known emu set that support this afaik. | Which suggest that instruction cache is emulated for IOP. Making this (ps2/gx/net) emu only PS2 emulator that support cache emulation for IOP. For now even most ps1 emulators lack of that feature, and none of known PS2 emulators do that (including Pcsx2/Play!/Dobiestation). With this we can safely assume that also load delay slots are handled correctly here. Unrelated, but is hard to believe that someone implemented icache, but not load delay slots. Which again make it only known emu set that support this afaik. | ||
===EEDMA on SPE3=== | ===EEDMA on SPE3=== | ||
Line 1,785: | Line 1,510: | ||
*8 - SPRfrom dma is handled on PPE only it seems | *8 - SPRfrom dma is handled on PPE only it seems | ||
*9 - SPRto dma is handled on PPE only it seems | *9 - SPRto dma is handled on PPE only it seems | ||
Additionally EEDMA handle VU1 code writes/reads | Additionally EEDMA handle VU1 code writes/reads. Only VU1 code, VU1 data is handled by SPE2 (VU1), and any VU0 r/w is handled by PPU only.<br> | ||
So is more like "Close to GS" DMA handler. | So is more like "Close to GS" DMA handler. | ||
Line 1,791: | Line 1,516: | ||
===VU1 emulation on SPE=== | ===VU1 emulation on SPE=== | ||
When I disassembled VU1 SPE program, i noticed that real code is really small part of that. Not much to run real VU recompiler/interpreter. | When I disassembled VU1 SPE program, i noticed that real code is really small part of that. Not much to run real VU recompiler/interpreter. | ||
Then i found out something impressive in my opinion. Real deal is that real code delivered to SPE is created on PPE dynamically based on real PS2 VU1 code. Due to similarity of SPE with VU requested in IBM by Sony at design level, there is no VU1 interpreter or recompiler per se. Emulator take VU1 code, dismount it to parts by OP field types, and reassemble into ready SPE code using ready hex templates. I'm not familiar with professional naming of that operation, but its like ahead of time translation of code. So when VU1 code reach SPE is already translated to SPE opcodes. In other terms, SPE responsible for running VU1 is really running VU1 code in some way. | Then i found out something impressive in my opinion. Real deal is that real code delivered to SPE is created on PPE dynamically based on real PS2 VU1 code. Due to similarity of SPE with VU requested in IBM by Sony at design level, there is no VU1 interpreter or recompiler per se. Emulator take VU1 code, dismount it to parts by OP field types, and reassemble into ready SPE code using ready hex templates. I'm not familiar with professional naming of that operation, but its like ahead of time translation of code. So when VU1 code reach SPE is already translated to SPE opcodes. In other terms, SPE responsible for running VU1 is really running VU1 code in some way. | ||
In latest ps2_netemu function responsible for translating VU1 code into SPE ready code is located at 0x13C69C | In latest ps2_netemu function responsible for translating VU1 code into SPE ready code is located at 0x13C69C | ||
===IPU skip mpeg hack=== | |||
There are some leftovers of SKIP MPEG hack in SPE 6 (IPU), i'm not sure that is still available. | There are some leftovers of SKIP MPEG hack in SPE 6 (IPU), i'm not sure that is still available. | ||
Looking at cmd 0x1A there is small chance that is mentioned hack, but i can't confirm yet. | |||
===SPE4 and SPE5=== | ===SPE4 and SPE5=== | ||
Line 1,864: | Line 1,568: | ||
== Emu Patches == | == Emu Patches == | ||
===Skip demo disc check=== | ===Skip demo disc check=== | ||
Line 1,970: | Line 1,637: | ||
B452CCB51348127DAF8A931B621E5E39 | B452CCB51348127DAF8A931B621E5E39 | ||
DL: https://www.mediafire.com/file/kpno5mubyy7q9p0/gx_cfg_ext.ppf/file | DL: https://www.mediafire.com/file/kpno5mubyy7q9p0/gx_cfg_ext.ppf/file | ||
== SPE programs dumper == | == SPE programs dumper == | ||
Line 1,986: | Line 1,646: | ||
== Random ps2_netemu notes == | == Random ps2_netemu notes == | ||
* | * Some members of pcsx2 team think that emulator is heavily based on early pcsx2. After some reversing this seems to be far away from true. But COP2 and VU0 (and only that for now) really are familiar here and there. To the point where i was able to use pcsx2 code to find names/usage of some variables (mVUbranch for example). But VU0/COP2 is for now only part that have obvious pcsx2 similarities. For example VU1 is different story, and don't even share code with VU0 part of emulator as far as i see. | ||
* Emulator use the same functions for FPU, and VU math where possible. This mean that for example FPU cvt.s and VU0 (and) COP2 ITOF0 at some point use exactly same function. Probably only for strictly math part, rest is different of course. | |||
* Most FPU and COP2 opcodes have "accurate math" path inlined into main opcode function, but inaccurate path is different function which is little bit weird, since inaccurate path is what is used 99% of times. | |||
* | * VU0 (micro) NOP have function prologue/epilogue , and additional call in assembly. This is pointless, and potentially burn some PPE cycles for nothing. Probably nothing that can be visible to the naked eye, but still worth to note. | ||
.VU0_NOP: | |||
stdu r1, back_chain(r1) | |||
mflr r4 | |||
std r4, 0x70+arg_10(r1) | |||
bl .VU0_NOP_ <-------- | |||
nop | |||
ld r0, 0x70+arg_10(r1) | |||
addi r1, r1, 0x70 | |||
mtlr r0 | |||
blr | |||
.VU0_NOP_: <------- | |||
ld r11, off_74C4C0 # counter_unk_cycles_2EBBC08 | |||
ld r10, off_74C4C8 # counter_old_unk_cycles_2EBBC0C | |||
lwz r9, counter_unk_cycles_2EBBC08 | |||
addi r0, r9, 1 | |||
stw r9, counter_old_unk_cycles_2EBBC0C | |||
stw r0, counter_unk_cycles_2EBBC08 | |||
blr | |||
* Emulator not only patch SPU programs on init, but also patch own PPU code. Which is hard to understand when you can just make changes in source code... eg. 0x1F128 - 0x1F134 in latest emu. | |||
* Emulator | |||
== RSX workload on the netemu == | == RSX workload on the netemu == | ||
Line 2,065: | Line 1,678: | ||
Looks like there is a way to overclock the RSX core by 50 or 100 MHz through LV1 patches. Will the netemu benefit from it? | Looks like there is a way to overclock the RSX core by 50 or 100 MHz through LV1 patches. Will the netemu benefit from it? | ||
* Yes, i don't see why not. Assuming that is static patch to elf file, not some cobra style on the fly patch. But don't expect some magic from that. I don't know too much about RSX and not really much about GS. But PS2 emulation is usually limited by CPU power, specially in native resolution. But for example games that need 0x44 cmd, maybe they will work with smoothing now. Maybe some minor slowdowns will be fixed. I still don't know which parts of GS are emulated on RSX, for example softemu used something similar to pcsx2 software render. So there you will get almost nothing from RSX OC. But netemu is different. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 04:56, 20 March 2022 (UTC) | * Yes, i don't see why not. Assuming that is static patch to elf file, not some cobra style on the fly patch. But don't expect some magic from that. I don't know too much about RSX and not really much about GS. But PS2 emulation is usually limited by CPU power, specially in native resolution. But for example games that need 0x44 cmd, maybe they will work with smoothing now. Maybe some minor slowdowns will be fixed. I still don't know which parts of GS are emulated on RSX, for example softemu used something similar to pcsx2 software render. So there you will get almost nothing from RSX OC. But netemu is different. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 04:56, 20 March 2022 (UTC) | ||
== Netemu load/store with r0 register == | == Netemu load/store with r0 register == | ||
Line 2,073: | Line 1,684: | ||
Also easier example (without using negative addressing because this is additional emu quirk..). ld r2, 0x3008(r0). This opcode will load double word from 0x3008 address no matter what we currently have in r0, because RA is 0 which is badly interpreted as r0 base. | Also easier example (without using negative addressing because this is additional emu quirk..). ld r2, 0x3008(r0). This opcode will load double word from 0x3008 address no matter what we currently have in r0, because RA is 0 which is badly interpreted as r0 base. | ||
This is because of PowerPC quirk that i (and apparently IDA | This is because of PowerPC quirk that i (and apparently IDA) wasn't aware. From IBM manual: | ||
ld RT, Disp(RA) | ld RT, Disp(RA) | ||
Line 2,087: | Line 1,698: | ||
Tl;dr is that if RA is 0 (which disassemblers show as r0), then Disp is real load/store address. This is used many times in emu itself to access negative addresses (0xFFFFFFFFxxxxxxxx), and is used in all netemu cmd 0x01 hooks. | Tl;dr is that if RA is 0 (which disassemblers show as r0), then Disp is real load/store address. This is used many times in emu itself to access negative addresses (0xFFFFFFFFxxxxxxxx), and is used in all netemu cmd 0x01 hooks. | ||
While this is more PPC itself than emu stuff, i feel is important to mention this here. | While this is more PPC itself than emu stuff, i feel is important to mention this here. | ||
Now if we remember that emu have mapped "negative address", | Now if we remember that emu have mapped "negative address", functions like below starting to make sense. | ||
std r4, | sub_186A40: # CODE XREF: VIF0_big_jumptable_3026C+FCC↑p | ||
std r0, -0x6BF0(r0) # store r0 on 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment. | |||
std r4, -0x6BD0(r0) # store r4 on 0xFFFFFFFFFFFF9430, no matter what r0 actually is at the moment. | |||
std r5, -0x6BC8(r0) | |||
std r6, -0x6BC0(r0) | |||
std r7, -0x6BB8(r0) | |||
std r8, -0x6BB0(r0) | |||
std r9, -0x6BA8(r0) | |||
std r10, -0x6BA0(r0) | |||
std r11, -0x6B98(r0) | |||
std r12, -0x6B90(r0) | |||
mflr r4 | |||
std r1, -0x6BE8(r0) | |||
std r2, -0x6BE0(r0) | |||
std r3, -0x6BD8(r0) | |||
std r4, -0x7F80(r0) | |||
bl .VU0_cmd_0x12_fl_overflow_related | |||
ld r4, -0x7F80(r0) | |||
ld r1, -0x6BE8(r0) | |||
ld r2, -0x6BE0(r0) | |||
ld r3, -0x6BD8(r0) | |||
mtlr r4 | |||
ld r0, -0x6BF0(r0) # load to r0 from address 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment. | ld r0, -0x6BF0(r0) # load to r0 from address 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment. | ||
ld r4, | ld r4, -0x6BD0(r0) # load to r4 from address 0xFFFFFFFFFFFF9430, no matter what r0 actually is at the moment. | ||
ld r5, -0x6BC8(r0) | |||
ld r6, -0x6BC0(r0) | |||
ld r7, -0x6BB8(r0) | |||
ld r8, -0x6BB0(r0) | |||
ld r9, -0x6BA8(r0) | |||
ld r10, -0x6BA0(r0) | |||
ld r11, -0x6B98(r0) | |||
ld r12, -0x6B90(r0) | |||
blr | |||
== ps2_gxemu external bios/rom loading. == | == ps2_gxemu external bios/rom loading. == | ||
Line 2,136: | Line 1,741: | ||
Note: This code don't exist in ps2_netemu. | Note: This code don't exist in ps2_netemu. | ||