Editing Talk:PS2 Emulation
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 202: | Line 202: | ||
| 0x3B || {{no}} || {{no}} || {{no}} || 0x43FAC || || | | 0x3B || {{no}} || {{no}} || {{no}} || 0x43FAC || || | ||
|}{{clear}} | |}{{clear}} | ||
====Function 0x05/0x06==== | |||
Well, my suspicion was true about a netemu command (for once in a blue moon). Function 0x05 fixes Tenchu: Wrath of Heaven's freezing issues by hooking it in the same function as the previous 0x0A patches (function is called dma2Exec in Tenchu Kurenai). I am hoping this can fix the Ecole games (finally...), Magic Pengel, Drakan, probably lots of others. Cool! | |||
*Initial testing with function 0x06 seems to fix Spartan: Total Warrior's freezing issues.--[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 17:24, 9 October 2022 (UTC) | |||
====Function 0x0D==== | ====Function 0x0D==== | ||
Line 265: | Line 269: | ||
The ingame FMVs with the graphic overlay are still stuttering heavily, though, and I am still unsure why. It seems like the shorter FMVs run fine, and the longer they are they more they have slowdown/stutter. This only applies to the "ingame" FMVs and not the opening ones. | The ingame FMVs with the graphic overlay are still stuttering heavily, though, and I am still unsure why. It seems like the shorter FMVs run fine, and the longer they are they more they have slowdown/stutter. This only applies to the "ingame" FMVs and not the opening ones. | ||
===ps2_netemu command 0x12=== | ===ps2_netemu command 0x12=== | ||
First 8 bytes of that command are special flags. Not quite sure about bytes 5-8 yet, because at some point they are used to "andc" with first 4 bytes. | |||
Some examples for first 4 bytes: | |||
0x100000 = Different code path for VU0 opcodes that do ADD/SUB with multiply (MSUB, MADDA, etc.). | |||
0x200000 = Run some additional code in VU0 load/store opcodes (ILW, LQI, ISWR, etc.) | |||
0x400000 = Skip emu syscall 3 (3) | |||
0x800000 = Skip emu syscall 3 (4) | |||
0x4000000 = This flag ensure that type 2 config from cmd 0x12 will run. Otherwise it seems to be skipped. | |||
0x8000000 = Run some additional code for VU0 DIV opcode | |||
0x30000000 = Different code path for VU0 MUL opcodes, include opcodes like MSUB for mul part. So 0x30100000 work for mul, and sub part. | |||
0x10000000 and 0x20000000 also work for that purpose, emu just check for any active bits after applying 0x30000000 mask. | |||
Keep in mind that you still need to use at least 8 bytes for cmd 0x12, just use 00 for bytes 5,6,7,8. | |||
Syscall 3 - Enable additional code related to VU0/COP2 | |||
*param = 3 Patch 0x186C10 to NOP | |||
*param = 4 Patch 0x186C40 to NOP | |||
*param = anything else LV1 panic | |||
* Do the VU0 accuracy flags need any subcommands? Official 0x12 configs for the State of Emergency/Driving Emotion/The Getaway use 0x00021000 0x00000000 flag.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 15:43, 9 March 2022 (UTC) | |||
** Flags are first 2 x 4 bytes of cmd 0x12. Config need at least 8 bytes, or it is ignored. There is no need for any subcommand. I suggest to not mess with second 4 bytes for now, and just use 00 00 00 00 as i'm not sure what is real usage of that yet (seems to be "disabler" mask for first 4 bytes, so they are use only one time). For now most aggressive config that use flags is Marvel Nemesis. After excluding 0x4000000 which trigger type 2 subcmd, config looks like this 00FFF000 00000000. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 05:42, 10 March 2022 (UTC) | |||
*** J&D1 sends garbage data through the VIF1 when specific orbs are picked up. It makes gxemu/netemu slow down as hell. 0x800000 reduces the lag significantly, down to the ten seconds approx. 0x400000 reduces the lag just for few seconds, then the emulation will slow down eventually.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 21:02, 31 January 2023 (UTC) | |||
====type 1==== | ====type 1==== | ||
Playground discussion, unsure about clrlslwi r11, r0, 16,3 result | Playground discussion, unsure about clrlslwi r11, r0, 16,3 result | ||
Line 338: | Line 325: | ||
seg017:00000000001984C0 bgt cr6, next_value | seg017:00000000001984C0 bgt cr6, next_value | ||
</pre> | </pre> | ||
====type 2==== | ====type 2==== | ||
Line 468: | Line 453: | ||
|} | |} | ||
--[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 21:03, 1 October 2022 (UTC) | --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 21:03, 1 October 2022 (UTC) | ||
===ps2_netemu command 0x22=== | ===ps2_netemu command 0x22=== | ||
Weird command. Sets something 1 (CDVD/MECHA), but seems to never use it. | Weird command. Sets something 1 (CDVD/MECHA), but seems to never use it. | ||
===ps2_netemu command 0x29=== | |||
===ps2_netemu command | Something related with read time, maybe seek time. First value is meant to be lower than second value, but this is not requirement. | ||
Code that use it seems to delay some read/seek operation by multiply of first, or second value depending which sector is currently read (or maybe which part of disc actually). Here is code from one of fuctions that use values from that command, keep in mind that "mecha" is just fancy name for cdvd in that emu. | |||
if ((75 * cdvd.CrtSecond + 4500 * cdvd.CrtMinute + cdvd.CrtFrame - 150) >= *(mecha.unk_0x60)) | |||
a = *(cmd_0x29_val_2); | |||
else | |||
a = *(cmd_0x29_val_1); | |||
b = 4835703278458516699; // read https://munroesj52.github.io/vec__int64__ppc_8h.html (search on page for that number). | |||
c = (79800000 * a * b) >> 64; // 0x4C1A6C0 (79800000) is value that lv1 repo key be.clock return. | |||
d = c >> 18; // This and 2 above are generally used as a division by multiply. | |||
e = get_timebase_reg(); | |||
if ( e == 0 ) | |||
{ | |||
do | |||
e = get_timebase_reg(); | |||
while ( e == 0 ); | |||
} | |||
f = e - *(mecha.unk_0x24); | |||
if ( f >= d ) | |||
{ | |||
MECHA_update_status(mecha); | |||
result = unlock_sc06(0x8000LL); | |||
} | |||
else | |||
{ | |||
do | |||
e = get_timebase_reg(); | |||
while ( e == 0 ); | |||
*(mecha.unk_20) = d - f + e; | |||
*mecha.unk_00 = 5; | |||
result = unlock_sc06(0x8000LL); | |||
} | |||
===ps2_netemu command 0x2A=== | ===ps2_netemu command 0x2A=== | ||
Line 515: | Line 517: | ||
Value from 0x20(r31) is later used in compare. That result in cdvd error, or in setting which seems schedule event to happen after time from timebase pass. This event is netemu syscall 8 (0x200) which is related to all ps2 cdvd reads. Tl;dr is that value give emulator some more time before cdvd error. Weird thing is that PS button fix it.. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 07:05, 7 March 2022 (UTC) | Value from 0x20(r31) is later used in compare. That result in cdvd error, or in setting which seems schedule event to happen after time from timebase pass. This event is netemu syscall 8 (0x200) which is related to all ps2 cdvd reads. Tl;dr is that value give emulator some more time before cdvd error. Weird thing is that PS button fix it.. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 07:05, 7 March 2022 (UTC) | ||
=== | ===ps2_netemu command 0x3D=== | ||
Looks like we misunderstood this command earlier, and probably we don't even need it. | |||
There seems to be no emu code that make use of it beside printing config revision. This need confirmation on real hardware. In case that missing 0x3D will fail, it will be good to test at least that is really version enforcer, because i can't find part of code that is eventually responsible for that. | |||
* | * Some time ago I tested the config with version 0x3D89 which contained commands supported from the version 0x40DC onwards. The console hung up right after LV2 reset.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 10:16, 24 April 2022 (UTC) | ||
* | ** Any chance you can test this again? Config parser don't have any check for revision, when it hit 0x3D is just storing value on address that seems to be related only to UI/Menu stuff. While i can imagine some check for overall config version (still I searched and it seems to be none), i can't imagine some additional per command revision check. Which is what your test suggest here. Emulator have only one config parser, one config buffer, and one check for command number (0x51 and above still don't trigger panic yet, just ignore command). I also tried to find version numbers of 15686, 16604, 16808, 16916, 17041, 17179, 17277, 17495 in code (as hex of course), and only 17495 is found in function that is not really related to any check (described here at the end: [[Talk:PS2_Emulation#Netemu_2]] ). [[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 15:06, 24 April 2022 (UTC)-- | ||
*** You are right. There is no revision check and the 0x3D command is not needed at all for the config to work.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 18:14, 5 May 2022 (UTC) | |||
**** We figured that out 2000 custom configs too late. :D Anyway, thanks for confirming that. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 17:30, 9 May 2022 (UTC) | |||
===ps2_netemu command 0x4D=== | |||
Ok, i don't get that config. Here is what happen in assembly: | |||
0xD820 ilhu r19, 0x7FFF | |||
0xD824 lqr r20, Q_cfg_0x4D ; 0x3F800000 in wild arms | |||
0xD82C iohl r19, 0xFFFF | |||
0xD834 and r17, r80, r19 ; r17 = Q & 0x7FFFFFFF mask | |||
0xD840 ceqi r15, r17, 0 ; r15 = r17 (shortcut to move 0 or value if exist to r15) | |||
0xD844 lqr r10, ST_Q | |||
0xD84C cwd r9, 0x30+var_30+8(sp) | |||
0xD850 rotqbyi r16, r20, 4 ; load mask from config to r16 | |||
0xD858 and r12, r15, r16 ; tempQ & 0x3F800000 (r15 and with mask from cfg 0x3F800000) | |||
0xD860 or r5, r80, r12 ; or r80(Q) with r12(Q masked with 0x3F800000) | |||
0xD868 shufb r7, r5, r10, r9 ; Prepare correct write for Q (r5 stored to r10 + 8) | |||
0xD870 stqr r7, ST_Q ; write result as Q value in STQ | |||
I removed irrelevant code that setup RGBA for readability, its not affecting Q. So my point is that all that masked Q is finally ored with r80. So with whole untouched Q value. Doen't that make all those operations irrelevant, or i made some mistake here?<br> | |||
This config can be quite important because it should help to fix issues like Galerians Ash without dirty static patches. More games affected: [[https://github.com/PCSX2/pcsx2/issues/5137 | List]] | |||
* I tested the 0x3F800000 and 0x71500000 values with Galerians Ash and it did not work at all.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 14:15, 8 March 2022 (UTC) | |||
* This command affects Star Wars: Battlefront II's jedi dash fullscreen blur effect. Without the command, the effect is not emulated properly or just skipped over. With it set to 0x3F800000, the screen is blurred properly on all four sides. With it set to 0x40000000, it seems like only the top 1/4 of the screen is used. With 0x3F000000, the blur effect is duplicated four times equally throughout, like a 2 x 2 matrix of blurs. With 0x3F800000, the effect is most correctly emulated to original hardware. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 02:02, 15 January 2023 (UTC) | |||
** Actually, using 0x41000000 (4 in float) seems to properly size the fullscreen effect to fit the entire screen, so this is the value I used in the config. It is most reminiscent of PS2 hardware. I am interested to see if this could affect something like Xenosaga’s black and white filter cutscenes. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 16:39, 16 January 2023 (UTC) | |||
***Effect is rendered correctly in PCSX2? In both hardware, and software mode? I mean that SW Battlefront effect. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 17:07, 16 January 2023 (UTC) | |||
****Just checked. The effect in both hardware and software are rendered the same way as netemu with command 0x4D set to 0x3F800000. I "tested the limits" by performing Count Dooku's midair R1 attack at the highest point in Mos Eisley's Assault game mode as the screen is gradually blurred from this. The screenshot is of software mode, but hardware is essentially the same: https://imgur.com/9k3uBFS The discoloration *is* correct and is not an emulation glitch. However, on actual PS2 hardware, the discoloration completely obscures the view instead of there being a viewable window in the center as the effect is rendered on the entire screen. The effect is essentially cut off from the center of the screen (character is not blurred) on PCSX2/netemu at 0x3F800000, while the entire screen is blurred on PS2. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 00:40, 17 January 2023 (UTC) | |||
==XMB messages related with PS2 Emulation== | ==XMB messages related with PS2 Emulation== | ||
Line 689: | Line 637: | ||
* Without Factory Service Mode : gives "Incompatible Data" when inserting PS2 disc | * Without Factory Service Mode : gives "Incompatible Data" when inserting PS2 disc | ||
* When enabling [ | * When enabling [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher] without factory service mode (patch4 set as http://pastie.org/private/jp8zhvuocjz95cfrjm0uzg) : no changes in XMB:Game (still only PS upscaler/smoothing, no PS2 mention at all) | ||
* When enabling [ | * When enabling [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher] without factory service mode (patch4 set as http://pastie.org/4355919) : gives XMB:Game PS2 smoothing/upscaling options, it also make an inserted disk to be seen as PS2 format. Still same problem of ¨incompatible title¨ and loss of BT/settings. Also after returning to XMB, it no longer sees the disc as PS2 format but as incompatible data (which suggests the lv2 patch is undone, as lv2 is reloaded when returning from the ps2 lpar) | ||
* Using [ | * Using [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] without factory service mode : no resetting of date/time/displayoutput (still output on mainscreen), but all connection to any bound bluetooth device is lost, even when connected via USB (need PS button reactivation), and after a long while comes up with the message that the title is not compatible and that the ps3 needs to be updated (Basic nag screen that is on BC PS3s when inserting a noncompatible title). | ||
* With Factory Service Mode enabled (there are no Xmb options to combinetest with [ | * With Factory Service Mode enabled (there are no Xmb options to combinetest with [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher] or [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg]): gives ´PS2 disc´ detected at disc icon, but starting gives: resetting of date/time/displayoutput (effectively disabling my mainscreen), then all connection to any bound bluetooth device is lost, even when connected via USB (needs multiple PS button reactivation), and after a long while comes up with the message that the title is not compatible and that the ps3 needs to be updated (Basic nag screen that is on BC PS3s when inserting a noncompatible title). | ||
In short: [ | In short: [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] and Factory Service Mode seem to enable simulare (it tries to boot it) while [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] gives you more options e.g. using [http://www.ps3devwiki.com/files/devtools/lv2-v9-pkg/ LV2Patcher]. | ||
Perhaps hardswapping out all the dev_flash ps2 emu files for the same software only emulator would circumvent the 'incompatible title' message. | Perhaps hardswapping out all the dev_flash ps2 emu files for the same software only emulator would circumvent the 'incompatible title' message. | ||
==== Second test: FW 2.70/3.15 ==== | ==== Second test: FW 2.70/3.15 ==== | ||
Silent Hill : gives disk icon "unsupported data" and error message like "This model of the PS3 system is not compatible with Playstation2 format software" when run via disc icon. Using [ | Silent Hill : gives disk icon "unsupported data" and error message like "This model of the PS3 system is not compatible with Playstation2 format software" when run via disc icon. Using [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] gives title not supported error message like "This title is not currently compatible with the PS3 system". | ||
==== Third test: FW 3.55 OtherOS++22GB (with SS Patches) ==== | ==== Third test: FW 3.55 OtherOS++22GB (with SS Patches) ==== | ||
Silent Hill : gives disk icon "unsupported data" and error message like "This model of the PS3 system is not compatible with Playstation2 format software" when run via disc icon. Using [ | Silent Hill : gives disk icon "unsupported data" and error message like "This model of the PS3 system is not compatible with Playstation2 format software" when run via disc icon. Using [http://www.ps3devwiki.com/files/OtherOSplusplus/misc/boot_ps2.pkg boot_ps2.pkg] gives blackscreen lockup, not reacting on PS button, or powerbutton, requiring removing powercord. | ||
Line 904: | Line 852: | ||
ID match US release of Crazy Taxi. This id is kinda special, because Swap Magic CD version, and some other Datel products like Action Replay use Crazy Taxi TOC in their retail discs. | ID match US release of Crazy Taxi. This id is kinda special, because Swap Magic CD version, and some other Datel products like Action Replay use Crazy Taxi TOC in their retail discs. | ||
Is known that they literally ripped part of disc (with key/logo, and TOC), and frankesteined it with own products. | Is known that they literally ripped part of disc (with key/logo, and TOC), and frankesteined it with own products. | ||
So mentioned check first compare hash, and if that match, then run function that perform another check at disc sector 267559 (0x41527), so exactly where main executable is. | So mentioned check first compare hash, and if that match, then run function that perform another check at disc sector 267559 (0x41527), so exactly where main executable is. | ||
I didn't figured out what next, but this is probably anti AR/Datel/SM check. What's weird, there seems to be nothing for TimeSplitters2 which if i recall correctly was used for DVD version of Swap Magic | I didn't figured out what next, but this is probably anti AR/Datel/SM check. What's weird, there seems to be nothing for TimeSplitters2 which if i recall correctly was used for DVD version of Swap Magic. | ||
==CDVD Commands== | ==CDVD Commands== | ||
Line 1,088: | Line 1,035: | ||
Every "mechacon_auth" command return zeroed result with different size. Only exception here is 0x81 which return 1. | Every "mechacon_auth" command return zeroed result with different size. Only exception here is 0x81 which return 1. | ||
</pre> | </pre> | ||
==EE I/O Handlers list== | ==EE I/O Handlers list== | ||
Line 1,678: | Line 1,554: | ||
|- | |- | ||
|} | |} | ||
1000F800 to 1000F8B0 seems to be some fake regs for testing purposes. Probably not existing on real PS2. | 1000F800 to 1000F8B0 seems to be some fake regs for testing purposes. Probably not existing on real PS2. | ||
* 1000F820 return "DrJock TV Quiz P" | |||
* 1000F830 return "hD bags few lynx" | |||
* 1000F820 return "DrJock TV Quiz P" | |||
* 1000F830 return "hD bags few lynx" | |||
That make string "DrJock TV Quiz PhD bags few lynx" - This is perfect summary of Sony work. Since correct pangram should use "MrJock". So even here they made mistake. | That make string "DrJock TV Quiz PhD bags few lynx" - This is perfect summary of Sony work. Since correct pangram should use "MrJock". So even here they made mistake. | ||
* | * 1F00F880 return hardcoded value of 0x4457, which match emu revision i'm working on. Can be just coincidence. | ||
==Random notes about SPE in ps2_netemu== | ==Random notes about SPE in ps2_netemu== | ||
Line 1,785: | Line 1,657: | ||
*8 - SPRfrom dma is handled on PPE only it seems | *8 - SPRfrom dma is handled on PPE only it seems | ||
*9 - SPRto dma is handled on PPE only it seems | *9 - SPRto dma is handled on PPE only it seems | ||
Additionally EEDMA handle VU1 code writes/reads | Additionally EEDMA handle VU1 code writes/reads. Only VU1 code, VU1 data is handled by SPE2 (VU1), and any VU0 r/w is handled by PPU only.<br> | ||
So is more like "Close to GS" DMA handler. | So is more like "Close to GS" DMA handler. | ||
Line 1,791: | Line 1,663: | ||
===VU1 emulation on SPE=== | ===VU1 emulation on SPE=== | ||
When I disassembled VU1 SPE program, i noticed that real code is really small part of that. Not much to run real VU recompiler/interpreter. | When I disassembled VU1 SPE program, i noticed that real code is really small part of that. Not much to run real VU recompiler/interpreter. | ||
Then i found out something impressive in my opinion. Real deal is that real code delivered to SPE is created on PPE dynamically based on real PS2 VU1 code. Due to similarity of SPE with VU requested in IBM by Sony at design level, there is no VU1 interpreter or recompiler per se. Emulator take VU1 code, dismount it to parts by OP field types, and reassemble into ready SPE code using ready hex templates. I'm not familiar with professional naming of that operation, but its like ahead of time translation of code. So when VU1 code reach SPE is already translated to SPE opcodes. In other terms, SPE responsible for running VU1 is really running VU1 code in some way. | Then i found out something impressive in my opinion. Real deal is that real code delivered to SPE is created on PPE dynamically based on real PS2 VU1 code. Due to similarity of SPE with VU requested in IBM by Sony at design level, there is no VU1 interpreter or recompiler per se. Emulator take VU1 code, dismount it to parts by OP field types, and reassemble into ready SPE code using ready hex templates. I'm not familiar with professional naming of that operation, but its like ahead of time translation of code. So when VU1 code reach SPE is already translated to SPE opcodes. In other terms, SPE responsible for running VU1 is really running VU1 code in some way. | ||
In latest ps2_netemu function responsible for translating VU1 code into SPE ready code is located at 0x13C69C | In latest ps2_netemu function responsible for translating VU1 code into SPE ready code is located at 0x13C69C | ||
===IPU SPE6=== | ===IPU SPE6=== | ||
Line 1,865: | Line 1,720: | ||
== Emu Patches == | == Emu Patches == | ||
===Skip demo disc check=== | |||
===Skip demo disc check=== | |||
Sony is blocking every game which id from SYSTEM.CNF starts with S, and 4th character is D (SLED, SCED, etc.). When demo is detected sys_stat is set to error code, and emulator return to XMB. Patches here remove that restriction. Apparently ps2_emu don't have that check, probably because there was no need for it (compatibility reasons i guess). | Sony is blocking every game which id from SYSTEM.CNF starts with S, and 4th character is D (SLED, SCED, etc.). When demo is detected sys_stat is set to error code, and emulator return to XMB. Patches here remove that restriction. Apparently ps2_emu don't have that check, probably because there was no need for it (compatibility reasons i guess). | ||
Line 1,970: | Line 1,788: | ||
B452CCB51348127DAF8A931B621E5E39 | B452CCB51348127DAF8A931B621E5E39 | ||
DL: https://www.mediafire.com/file/kpno5mubyy7q9p0/gx_cfg_ext.ppf/file | DL: https://www.mediafire.com/file/kpno5mubyy7q9p0/gx_cfg_ext.ppf/file | ||
== SPE programs dumper == | == SPE programs dumper == | ||
Line 1,986: | Line 1,797: | ||
== Random ps2_netemu notes == | == Random ps2_netemu notes == | ||
* Some members of pcsx2 team think that emulator is heavily based on early pcsx2. After some reversing this seems to be far away from true. But COP2 and VU0 (and only that for now) really are familiar here and there. To the point where i was able to use pcsx2 code to find names/usage of some variables (mVUbranch for example). But VU0/COP2 is for now only part that have obvious pcsx2 similarities. For example VU1 is different story, and don't even share code with VU0 part of emulator as far as i see. | |||
* Emulator not only patch SPU programs on init, but also patch own PPU code. Which is hard to understand when you can just make changes in source code... eg. 0x1F128 - 0x1F134 in latest emu. | * Emulator not only patch SPU programs on init, but also patch own PPU code. Which is hard to understand when you can just make changes in source code... eg. 0x1F128 - 0x1F134 in latest emu. | ||
===Registers=== | ===Registers=== | ||
It seems that emulator try to keep lower 64 bits of some r5900 registers in specific ppc registers. At least at the time when recompiler is running, also when 0x01 command run. | It seems that emulator try to keep lower 64 bits of some r5900 registers in specific ppc registers. At least at the time when recompiler is running, also when 0x01 command run. | ||
This helps little bit with understanding some hooks (0x01 commands). Reason is probably optimization, and cached regs are written only when they need to. At least that how it looks like from analyzing recompiled code. | This helps little bit with understanding some hooks (0x01 commands). Reason is probably optimization, and cached regs are written only when they need to. At least that how it looks like from analyzing recompiled code. | ||
r13 = unknown, but always preserved. | |||
r13 = | r14 = .MIPS_PC_REG | ||
r14 = | r16 = r5900_v0_reg_lower64_cached | ||
r17 = r5900_v1_reg_lower64_cached | |||
r16 = | r18 = r5900_a0_reg_lower64_cached | ||
r17 = | r19 = r5900_a1_reg_lower64_cached | ||
r18 = | r20 = r5900_a2_reg_lower64_cached | ||
r19 = | r21 = r5900_a3_reg_lower64_cached | ||
r20 = | r31 = r5900_ra_reg_lower64_cached | ||
r21 = | |||
r31 = | |||
Additionally, Onimusha hooks expect r25 to be r5900 s0, and r28 to be r5900 s3. But i didn't found other parts of recompiler that expect the same. So, for now only values above are confirmed. | Additionally, Onimusha hooks expect r25 to be r5900 s0, and r28 to be r5900 s3. But i didn't found other parts of recompiler that expect the same. So, for now only values above are confirmed. | ||
== RSX workload on the netemu == | == RSX workload on the netemu == | ||
Line 2,066: | Line 1,821: | ||
* Yes, i don't see why not. Assuming that is static patch to elf file, not some cobra style on the fly patch. But don't expect some magic from that. I don't know too much about RSX and not really much about GS. But PS2 emulation is usually limited by CPU power, specially in native resolution. But for example games that need 0x44 cmd, maybe they will work with smoothing now. Maybe some minor slowdowns will be fixed. I still don't know which parts of GS are emulated on RSX, for example softemu used something similar to pcsx2 software render. So there you will get almost nothing from RSX OC. But netemu is different. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 04:56, 20 March 2022 (UTC) | * Yes, i don't see why not. Assuming that is static patch to elf file, not some cobra style on the fly patch. But don't expect some magic from that. I don't know too much about RSX and not really much about GS. But PS2 emulation is usually limited by CPU power, specially in native resolution. But for example games that need 0x44 cmd, maybe they will work with smoothing now. Maybe some minor slowdowns will be fixed. I still don't know which parts of GS are emulated on RSX, for example softemu used something similar to pcsx2 software render. So there you will get almost nothing from RSX OC. But netemu is different. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 04:56, 20 March 2022 (UTC) | ||
** Tested the 600/750 MHz overclock with a few intensive games (SC3, ToCA3, CMR3, VP2, GT4). Assuming the patches are correctly applied (I have no idea at all), there is no performance boost at all.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 15:24, 29 May 2022 (UTC) | ** Tested the 600/750 MHz overclock with a few intensive games (SC3, ToCA3, CMR3, VP2, GT4). Assuming the patches are correctly applied (I have no idea at all), there is no performance boost at all.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 15:24, 29 May 2022 (UTC) | ||
== Netemu load/store with r0 register == | == Netemu load/store with r0 register == | ||
Line 2,073: | Line 1,827: | ||
Also easier example (without using negative addressing because this is additional emu quirk..). ld r2, 0x3008(r0). This opcode will load double word from 0x3008 address no matter what we currently have in r0, because RA is 0 which is badly interpreted as r0 base. | Also easier example (without using negative addressing because this is additional emu quirk..). ld r2, 0x3008(r0). This opcode will load double word from 0x3008 address no matter what we currently have in r0, because RA is 0 which is badly interpreted as r0 base. | ||
This is because of PowerPC quirk that i (and apparently IDA | This is because of PowerPC quirk that i (and apparently IDA) wasn't aware. From IBM manual: | ||
ld RT, Disp(RA) | ld RT, Disp(RA) | ||
Line 2,087: | Line 1,841: | ||
Tl;dr is that if RA is 0 (which disassemblers show as r0), then Disp is real load/store address. This is used many times in emu itself to access negative addresses (0xFFFFFFFFxxxxxxxx), and is used in all netemu cmd 0x01 hooks. | Tl;dr is that if RA is 0 (which disassemblers show as r0), then Disp is real load/store address. This is used many times in emu itself to access negative addresses (0xFFFFFFFFxxxxxxxx), and is used in all netemu cmd 0x01 hooks. | ||
While this is more PPC itself than emu stuff, i feel is important to mention this here. | While this is more PPC itself than emu stuff, i feel is important to mention this here. | ||
Now if we remember that emu have mapped "negative address", | Now if we remember that emu have mapped "negative address", functions like below starting to make sense. | ||
std r4, | sub_186A40: # CODE XREF: VIF0_big_jumptable_3026C+FCC↑p | ||
std r0, -0x6BF0(r0) # store r0 on 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment. | |||
std r4, -0x6BD0(r0) # store r4 on 0xFFFFFFFFFFFF9430, no matter what r0 actually is at the moment. | |||
std r5, -0x6BC8(r0) | |||
std r6, -0x6BC0(r0) | |||
std r7, -0x6BB8(r0) | |||
std r8, -0x6BB0(r0) | |||
std r9, -0x6BA8(r0) | |||
std r10, -0x6BA0(r0) | |||
std r11, -0x6B98(r0) | |||
std r12, -0x6B90(r0) | |||
mflr r4 | |||
std r1, -0x6BE8(r0) | |||
std r2, -0x6BE0(r0) | |||
std r3, -0x6BD8(r0) | |||
std r4, -0x7F80(r0) | |||
bl .VU0_cmd_0x12_fl_overflow_related | |||
ld r4, -0x7F80(r0) | |||
ld r1, -0x6BE8(r0) | |||
ld r2, -0x6BE0(r0) | |||
ld r3, -0x6BD8(r0) | |||
mtlr r4 | |||
ld r0, -0x6BF0(r0) # load to r0 from address 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment. | ld r0, -0x6BF0(r0) # load to r0 from address 0xFFFFFFFFFFFF9410, no matter what r0 actually is at the moment. | ||
ld r4, | ld r4, -0x6BD0(r0) # load to r4 from address 0xFFFFFFFFFFFF9430, no matter what r0 actually is at the moment. | ||
ld r5, -0x6BC8(r0) | |||
ld r6, -0x6BC0(r0) | |||
ld r7, -0x6BB8(r0) | |||
ld r8, -0x6BB0(r0) | |||
ld r9, -0x6BA8(r0) | |||
ld r10, -0x6BA0(r0) | |||
ld r11, -0x6B98(r0) | |||
ld r12, -0x6B90(r0) | |||
blr | |||
== ps2_gxemu external bios/rom loading. == | == ps2_gxemu external bios/rom loading. == | ||
Line 2,177: | Line 1,925: | ||
ori a,a, 0xXXXX | ori a,a, 0xXXXX | ||
lvx d,a, 0x0 | lvx d,a, 0x0 | ||
== Ugly fix for HDD whitelisted games loaded through Cobra == | == Ugly fix for HDD whitelisted games loaded through Cobra == | ||
Line 2,218: | Line 1,930: | ||
The HDD whitelisted games are crashing when loaded through the Cobra (they do work as a 2P package, but the HDD install prompt does not appear of course). I do not know whether the backwards compatible models are affected. The serial ID is compared in the game_ext_plugin module and currently the webMAN MOD does rename the executable inside the ISO to avoid the check. Here is a patch meant to be done on the fly in the payload when mounting the game. Only the SOCOM games have been tested - the HDD install prompt appears and regardless of what you choose, the game will boot successfully. | The HDD whitelisted games are crashing when loaded through the Cobra (they do work as a 2P package, but the HDD install prompt does not appear of course). I do not know whether the backwards compatible models are affected. The serial ID is compared in the game_ext_plugin module and currently the webMAN MOD does rename the executable inside the ISO to avoid the check. Here is a patch meant to be done on the fly in the payload when mounting the game. Only the SOCOM games have been tested - the HDD install prompt appears and regardless of what you choose, the game will boot successfully. | ||
<pre> | <pre> | ||
Original: | Original: 40 FE 00 34 3B FF FE D4 98 1E 00 0B 7F E3 FB 78 48 02 CF 35 3D 60 80 02 2B 83 00 1F 61 6B 8F 00 41 9D 00 78 | ||
Patched: 60 00 00 00 | Patched: 60 00 00 00 3B FF FE D4 98 1E 00 0B 7F E3 FB 78 48 02 CF 35 3D 60 80 02 2B 83 00 1F 61 6B 8F 00 48 00 00 78</pre> | ||
== | == Puzzle Quest == | ||
This should apply also to netemu, i guess it is still issue. Compatibility list don't have that entry. : https://github.com/PCSX2/pcsx2/issues/6733#issuecomment-1304643183 | |||
* The issue is there on netemu, but this method does not seem to fix it. I tried both 0x0A and 0x0B configs as a test.--[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 23:36, 5 November 2022 (UTC) | |||
** Yeah. I decided to look into that, and there seems to be no chance it will run on netemu without massive patch. Game send vif1 command to set mask3, then starts gif transfer and expect it to be timed precise enough to lift that mask and transfer few more qw while unpack on vif going on. Then again set mask by vif1 0x06 command and expect that gif transfer that is going on will be at good place for that mask. I think i can fix this, specially that old pcsx2 is also affected. But this is on "very far away todo list". To make it work, we probably need to split gif transfer, and this is already pain because it's chain transfer. This patch work on pcsx2 because they actually have implemented pretty decent timings, just way they handle intermittent mode make it broken apparently (send most of gif dma transfer anyway, and care more about timing closer to transfer finish). --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 10:43, 9 November 2022 (UTC) | |||
== Games with suspected DMA issues == | |||
List of games with DMA issues that are currently unfixed: | |||
* '''Reveal Fantasia (SLPS-25094)''' | |||
** DMA timing issue due to GIF transfers of (mostly) text data, arising from GRBAT_set functions which set data to transfer(?). | |||
** Recently fixed in PCSX2 with Instant DMA. | |||
** Currently fixed with added loop on EE so GIF DMA is not overwritten too fast. | |||
* '''Street Fighter EX3 (SLPS-20003, SLUS-20130, SLES-50072)''' | |||
** DMA timing issue due to GIF transfer of 2D HUD data. Freezes at the start or close to the start of the HUD showing. SLPS-20003 freezes a lot less consistently, most likely timing differences due to unoptimized assembly code. | |||
** Current fix skips 2D HUD rendering and in turn fixes freezing issues. | |||
* '''Melty Blood games, Arcana Heart games''' | |||
** PCSX2 has similar issue with possible freeze during Actress Again logo intro, but netemu behaves a bit differently. It is most likely fixed with Instant DMA on PCSX2 (needs confirmation). | |||
** Actress Again intro freezes later than PCSX2. Actress Again intro freezes at random points, and some stages/character select/character intros also freeze. | |||
** No current fix for netemu. | |||
* '''Scandal (SCPS-15001)''' | |||
** Glitched textures. | |||
** Recently fixed in PCSX2 with Instant DMA. | |||
** No current fix for netemu. | |||
* | |||
All games have been tested with command 0x01 GIF/VIF1 hooks to no avail. | |||
* ''' | * '''Discussion''' | ||
I decided to port RF config to Street Fighter 3 EX (SLUS), this way we should be able to check if that's really timing issue. Config work same way as before 00 20 19 24 is loop count (cur. 0x2000, max 0x7FFF) --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 18:25, 2 January 2023 (UTC) | |||
0a 00 00 00 07 00 00 00 50 44 16 00 20 ff bd 27 | |||
f0 ff 03 08 54 44 16 00 80 00 b5 ff 20 ff bd 27 | |||
c0 ff 0f 00 00 00 00 00 00 20 19 24 c4 ff 0f 00 | |||
* | 00 00 00 00 ff ff 19 14 c8 ff 0f 00 00 00 00 00 | ||
ff ff 39 27 cc ff 0f 00 00 00 00 00 16 91 05 08 | |||
d0 ff 0f 00 00 00 00 00 80 00 b5 ff | |||
* I will have to test more, but 0x2000 slows down the gameplay a bit but seems to fix the freezes. Around 0x1800 or lower seems to still freeze, albeit less quicker. I was at least able to play through the first two stages at 0x2000 with some slowdown and did not get any freezes. The original "fix" was 0x10 command on the mul.s in that function, which slowed down the gameplay and completely fixed the freeze, so this may also be doing something similar to that, or this could be the best fix we can get as it can be dynamic changed to faster/slower for testing. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 03:16, 4 January 2023 (UTC) | |||
== Stuntman/Driv3r research == | |||
== Stuntman/Driv3r research == | |||
Well, I decided to take another look at this game a few days ago after a weird dream I had. I am glad I did, since I have discovered some new things. This is with 0x0E accuracy adjustments. | Well, I decided to take another look at this game a few days ago after a weird dream I had. I am glad I did, since I have discovered some new things. This is with 0x0E accuracy adjustments. | ||
Line 2,354: | Line 2,048: | ||
* I believe that real PS2 also need those patches. For OPL, but not only. ROM2 with CH fonts is not existing outside of 3 ps2 models. All of them released only in China, and one of them is still not even dumped (devkit). This ROM2 is even missing in Hong Kong region PS2. Btw. When i implemented ROM2 support in pcsx2, i tested patching game first. Unluckily for netemu, and fortunately for pcsx2. First and only game i tried to patch was Ape Escape 2. :) --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 12:39, 23 November 2022 (UTC) | * I believe that real PS2 also need those patches. For OPL, but not only. ROM2 with CH fonts is not existing outside of 3 ps2 models. All of them released only in China, and one of them is still not even dumped (devkit). This ROM2 is even missing in Hong Kong region PS2. Btw. When i implemented ROM2 support in pcsx2, i tested patching game first. Unluckily for netemu, and fortunately for pcsx2. First and only game i tried to patch was Ape Escape 2. :) --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 12:39, 23 November 2022 (UTC) | ||
** Yup, lucky for me I tested Dynasty Warriors 3 first, then Ape Escape 2 was the second if I recall. I was worried but pleasantly surprised by the rest of the results. I assume ROM2 has data for simplified Chinese characters while Hong Kong/Taiwan uses traditional characters, and that’s probably why there is no ROM2 in the HK/TW region. I am not sure why they even included ROM2 in the first place if barely any games utilize it, but oh well. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 18:01, 28 November 2022 (UTC) | ** Yup, lucky for me I tested Dynasty Warriors 3 first, then Ape Escape 2 was the second if I recall. I was worried but pleasantly surprised by the rest of the results. I assume ROM2 has data for simplified Chinese characters while Hong Kong/Taiwan uses traditional characters, and that’s probably why there is no ROM2 in the HK/TW region. I am not sure why they even included ROM2 in the first place if barely any games utilize it, but oh well. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 18:01, 28 November 2022 (UTC) | ||
== Removing stuff from ps2 emu page == | == Removing stuff from ps2 emu page == | ||
Line 2,367: | Line 2,060: | ||
* I think these are all good ideas. I occasionally use the PS2 register info for help sometimes, but I could easily use PSI’s page for that (https://psi-rockin.github.io/ps2tek/). I agree that it doesn’t really belong on the page. I agree that emulation page is getting extensive, so maybe it would be good to move the config info to a new page. I am not opposed and are all for it. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 15:12, 16 January 2023 (UTC) | * I think these are all good ideas. I occasionally use the PS2 register info for help sometimes, but I could easily use PSI’s page for that (https://psi-rockin.github.io/ps2tek/). I agree that it doesn’t really belong on the page. I agree that emulation page is getting extensive, so maybe it would be good to move the config info to a new page. I am not opposed and are all for it. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 15:12, 16 January 2023 (UTC) | ||
== | == VU0 Issues in True Crime: NYC == | ||
Seems PCSX2 shares/shared a similar issue relating to camera/controls and AI movements: https://github.com/PCSX2/pcsx2/issues/7584 | |||
I am not sure what was changed between these revisions (maybe even something else outside of the report), but just leaving this here for reference. | |||
* Please test that config (NTSC-US), this disable so called auto align of camera. Lets see if there is any change in behavior. | |||
3d 00 00 00 11 11 00 00 0a 00 00 00 01 00 00 00 | |||
f0 a8 16 00 3c 00 02 ae 3c 00 00 ae 00 00 00 00 | |||
Regardless of that code working or not, here is config to enable player coordinates debugging: | |||
3d 00 00 00 11 11 00 00 0a 00 00 00 01 00 00 00 | |||
8c 08 4a 00 43 00 60 50 00 00 00 00 00 00 00 00 | |||
I assumed that is camera issue, but it will be good to see if player coordinates don't get some crazy values (comparing to pcsx2). This config is also useful to see if patching EE work at all for this game. Because game load another elf at start so 0x0A can be broken here. Configs can be combined if needed. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 19:13, 18 January 2023 (UTC) | |||
* | * So, I did some testing. Firstly, the 0x0A patches worked without issue. I did previously test the debug menu months (years?) ago, but did not extensively look into what was actually going on…so I did yesterday. It seems like the dir coordinates get problematic when X value is in between -0.70 and 0.70. Any X dir value less than 0.70 and greater than -0.70 have extremely erratic behavior. It also should be stated that X and Z values match at 0.70. AI characters also seem to behave wrongly with the same directional values. Maybe some bad math accuracy…but I did already use all math accuracy functions to no avail. So, not an issue with camera, not an issue with analog controller values, but an issue with specific dir math calculation. Maybe it’s branching when not supposed to? I did find some memory addresses that handle the math, but I am not at home now to share. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 15:10, 19 January 2023 (UTC) | ||
** | ** If it is a VU0 issue, then the EE/COP2 accuracy commands will not fix it.--[[User:Agrippa|Agrippa]] ([[User talk:Agrippa|talk]]) 15:47, 19 January 2023 (UTC) | ||
* Game do a lot of crazy shit. Whole function seems to be hand written assembly, including VU0 program that is running in the middle of that. For example that VU0 program do divide (7 cycles), waitq (wait for div result), and finally multiply by result of that q. All that in ebit delay slot. Ok, manual don't forbid that, but have some mercy for emulators.. Function on EE side is also weird as hell. 3 consecutive stores to the same address (overwrite without use). 15 lines of floating point operations to figure out if value is 0 or 1, to finally use π as a replacement for 1. I kinda replicated behavior from ps3 on pcsx2, but this involve that messy assembly part, and i have no idea which part is going wrong. I think that now i need to compare that to TC:LA, same engine maybe they made only some minor changes to break this in TC:NY. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 17:18, 19 January 2023 (UTC) | |||
** Ok, maybe that one can do something. This is first thing that is not used in LA, but used in NY. Additionally someone can try to mess with branches close to that place if config do nothing. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 18:18, 19 January 2023 (UTC) | |||
0a 00 00 00 01 00 00 00 7c ad 3c 00 01 00 62 30 | |||
21 10 60 00 00 00 00 00 | |||
*Unfortunately, the config did not fix the issue. I tried force branching over all of the smaller branches in the function, but it still did not help. However, I did try branching over the entirety of the math (bc1f to b higher in function), and the character was able to run forward from any position, so I think we are close. Seems to be related to this function, at least for movement. I will do some more experimenting with it later today. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 14:21, 20 January 2023 (UTC) | |||
**I am able to replicate similar behavior to netemu in function at 0x403ba8 (jumped to from 0x3cac88). Messing with branching and instructions here can mess up dir values in certain ranges, but others work perfectly fine. --[[User:Mrjaredbeta|Mrjaredbeta]] ([[User talk:Mrjaredbeta|talk]]) 00:25, 21 January 2023 (UTC) |