Talk:PS2 Emulation/PS2 Config Commands: Difference between revisions

Game CONFIG commands (notepad and worklog)[edit source]

All info here related with commands needs to be moved to frontpage at some point

ps2_netemu command 0x1[edit source]

There are some additional internal patches using CONFIG cmd id 0x01, using subs not available in 0x3B list

condition: 0xBBB5F800, 0x3B949C00, 0x42133A90
setting: 
  0x18E1F0, sub_4670C (4.70)
  0x348EC8, sub_44338 (4.70)

Function Mapping[edit source]

ps2_netemu.self contains a table (with entry_length=8 and entry_number=variable) where are listed the function offsets used by config command 0x01

This table is used to assign a funct_id to a funct_offset. The funct_id is given by the position of the entry in the table, so the first entry in the table is funct_id=0x00, second entry is funct_id=0x01 and so on

The purpose of this table is to be able use the same funct_id values in the external CONFIG files for netemu, this way even if the func_offset changes in between versions (internally inside the ps2_netemu.self file structure) the funct_id will be the same. The other ps2 emulator types doesnt have this table (doesnt needs it because doesnt uses external CONFIG files)

• funct_offset_table location by ps2_netemu versions:
  • Table v1 (the table contains the same data)
    • Firmware:370-374 offset:0x897ED8 length:0x1C8
  • Table v2 (the table contains the same data)
    • Firmware:400-401 offset:0x8970E8 length:0x1C8
  • Table v3 (the table contains the same data)
    • Firmware:410-411 offset:0x8971E8 length:0x1C8
    • Firmware:420-425 offset:0x8972F8 length:0x1C8
  • Table v4
    • Firmwares 4.30 up to 4.76 was not tested (if someone wants to add this info do it here)
  • Table vX (latest)
    • Firmware:478-488 offset:0x8063f8 length:0x1E0

Example from ps2_netemu.self 4.88

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

008063F0                          00 00 00 00 00 04 2F 70          ....../p
00806400  00 00 00 00 00 04 30 34 00 00 00 00 00 04 47 C0  ......04......GÀ
00806410  00 00 00 00 00 04 46 E0 00 00 00 00 00 04 33 84  ......Fà......3„
00806420  00 00 00 00 00 04 74 5C 00 00 00 00 00 04 6D 20  ......t\......m 
00806430  00 00 00 00 00 04 7C 1C 00 00 00 00 00 04 31 00  ......|.......1.
00806440  00 00 00 00 00 04 31 D8 00 00 00 00 00 04 34 48  ......1Ø......4H
00806450  00 00 00 00 00 04 35 20 00 00 00 00 00 04 45 E8  ......5 ......Eè
00806460  00 00 00 00 00 04 45 0C 00 00 00 00 00 04 44 30  ......E.......D0
00806470  00 00 00 00 00 04 42 54 00 00 00 00 00 04 41 70  ......BT......Ap
00806480  00 00 00 00 00 04 40 8C 00 00 00 00 00 04 60 FC  ......@Œ......`ü
00806490  00 00 00 00 00 04 35 E4 00 00 00 00 00 04 7F C4  ......5ä.......Ä
008064A0  00 00 00 00 00 04 5A 1C 00 00 00 00 00 04 55 90  ......Z.......U.
008064B0  00 00 00 00 00 04 6A DC 00 00 00 00 00 04 5F A8  ......jÜ......_¨
008064C0  00 00 00 00 00 04 7A 88 00 00 00 00 00 04 5C 6C  ......zˆ......\l
008064D0  00 00 00 00 00 04 54 C0 00 00 00 00 00 04 53 F0  ......TÀ......Sð
008064E0  00 00 00 00 00 04 53 20 00 00 00 00 00 04 52 50  ......S ......RP
008064F0  00 00 00 00 00 04 51 80 00 00 00 00 00 04 50 B0  ......Q€......P°
00806500  00 00 00 00 00 04 4F E0 00 00 00 00 00 04 4F 10  ......Oà......O.
00806510  00 00 00 00 00 04 4E 40 00 00 00 00 00 04 4D 70  [email protected]
00806520  00 00 00 00 00 04 4C A0 00 00 00 00 00 04 4B D0  ......L ......KÐ
00806530  00 00 00 00 00 04 4B 00 00 00 00 00 00 04 4A 30  ......K.......J0
00806540  00 00 00 00 00 04 49 60 00 00 00 00 00 04 48 90  ......I`......H.
00806550  00 00 00 00 00 04 66 2C 00 00 00 00 00 04 71 14  ......f,......q.
00806560  00 00 00 00 00 04 6F 9C 00 00 00 00 00 04 6E 24  ......oœ......n$
00806570  00 00 00 00 00 04 59 2C 00 00 00 00 00 04 58 48  ......Y,......XH
00806580  00 00 00 00 00 04 57 64 00 00 00 00 00 04 56 80  ......Wd......V€
00806590  00 00 00 00 00 04 75 60 00 00 00 00 00 00 00 00  ......u`........
008065A0  00 00 00 00 00 04 62 18 00 00 00 00 00 04 36 B4  ......b.......6´
008065B0  00 00 00 00 00 04 7D 28 00 00 00 00 00 04 72 98  ......}(......r˜
008065C0  00 00 00 00 00 04 76 74 00 00 00 00 00 04 6B D4  ......vt......kÔ
008065D0  00 00 00 00 00 04 3F AC                          ......?¬

Function 0x0D[edit source]

What is the purpose of this function? Could it be used as a potential fix for the various DMA issues (similar to the EE timing hack in PCSX2)? I may be wrong, but I think the majority of netemu's emulation problems are caused by DMA issues, which are unfortunately hard to fix.

• This hack allow to run all spe cores while doing nothing on ppe side. Is like giving spe more time (100 msec). This can be used to fix some timing issues here or there. But if you know game offset that you want to use it, you probably can already fix it in different way. Also this probably won't affect "emulation cycles", so is not like pcsx2 EE timing hack. About pcsx2 EE timing hack.. This is really stupid hack if you ask me. Hack make all events listed [here] to take 8 cycles. No matter that really it was 1, or 2000 cycles, it will make all of that 8 cycles. Idea of that hack is not bad itself, but it is terrible implementation that make a lot of things random. I think that ps2 emu on ps4 do this much better, as you can select only one event, and set cycles for it. While on pcsx2 if you want DMAC_FROM_IPU to take 8 cycles, you also make ALL OTHER events to take 8 cycles. I don't know how lucky that hack is to not break other stuff. --Kozarovv (talk) 07:47, 12 March 2022 (UTC)

Function 0x35[edit source]

Ninkyouden: Toseinin Ichidaiki (SLPM-66274) is using command 0x1 with function 0x35 at 0x13ED94...it seems like its executed at the VSync function of the game. This hook is also not in gxemu judging from the table above. No immediate change with or without the command that I can tell. Any idea on what this is doing?

• Function check some bits in GIF, but i don't know what exactly (offset 0x300/0x310 in fe SPU). When bits are 0 command end. When bits are not 0, PPU side of PS3 sleeps 256 cycles, and then check again fe SPU. That loop won't ends unless bits are 0. Just small tip about hooks that are close to VSync. This is not always related to VSync per se. Of course can be, but don't really need to. I mean, if you want to run hook in predictable place, and with similar time steps. VSync is where you hook game code then. --Kozarovv (talk) 05:31, 22 August 2022 (UTC)
  • Yes, I first thought it would be VSync related, but I figured it could be something executed at every VSync like you said. Thanks for checking in on this hook. I am thinking of testing games like Tenchu: Wrath of Heaven and Street Fighter EX3 with this hook to see if anything changes (at least Tenchu's issue is directly related to GIF, SFEX3 not too sure). --Mrjaredbeta (talk) 00:54, 23 August 2022 (UTC)

ps2_netemu command 0x5[edit source]

The external config format used by ps2_netemu.self doesnt supports command ID 0x5. But this same command with a different ID (0x4) was used by this game configs embedded inside ps2_gxemu.self: Grand Theft Auto: Liberty City Stories (SLES-54135, SLES-54136, SLUS-21423), Grand Theft Auto: Vice City Stories (SLES-54622, SLES-54623, SLUS-21590), Hunter: The Reckoning Wayward (SLES-51823), Onimusha: Dawn of Dreams (SLPM-66275), Shinseiki Evangelion: Ayanami Ikusei Keikaku with Asuka Hokan Keikaku (SLPM-65340), Tekken Tag Tournament (SLUS-20001). The reason why this command is not supported in the external config files is because the related emulator code is enabled permanently in ps2_netemu.self for all games

This command patches EEDMA SPE program during emulator init (0x1F77C in latest netemu) to set different handling for DIRECT/DIRECTHL VIF1 commands. Weird solution, wasn't better to just change pointers in spe program instead of patching that on init?

• Is there any way to patch the emulator to prevent that command to apply? I wonder if it is affecting the behaviour of some games.--Agrippa (talk) 20:00, 11 March 2022 (UTC)
  • Yeah, you can patch it on decrypted emu.

Find

91 48 00 00 90 09 00 1C 90 09 00 10 90 09 00 14 90 09 00 18 90 0b 00 1C 90 0b 00 10 90 0b 00 14 90 0b 00 18

Replace

91 48 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00

And find

E9 42 8C 20 3C 00 00 01 60 00 72 80 E9 2A 00 00

replace

4E 80 00 20 3C 00 00 01 60 00 72 80 E9 2A 00 00

Now you need to encrypt it with scetool, using original emu as a template.

scetool --template orig_ps2_netemu.self --sce-type=SELF --compress-data=TRUE --encrypt ps2_netemu.elf ps2_netemu.self

Remember to delete netemu from flash, then copy new one. Overwriting can fail as there is not enough space on dev_flash. --Kozarovv (talk) 07:35, 12 March 2022 (UTC)

ps2_netemu command 0x0B[edit source]

SRS:Street Racing Syndicate - sector to patch: 3021/1392496 (1.03) or 1402736 (2.00), offset correction: no, PCSX2 log:

CDRead: Reading Sector 0003021 (008 Blocks of Size 2048) at Speed=4x(CAV) Spindle=83

WRC: Rally Evolved - sector to patch: 3235/1792256 (1.01), offset correction: no, PCSX2 log:

CDRead: Reading Sector 0003235 (008 Blocks of Size 2048) at Speed=4x(CAV) Spindle=83

Notice the CDRead command instead of DvdRead.

• Not sure this is the case here. But PCSX2 have bug in fastboot, where it always fallback to CDRead for few first reads. To confirm you can launch game with fastboot disabled, pcsx2 now should read those sectors with proper mode. At the second hand.. Maybe that's what happen on PS3? Probably no, as far as i know netemu bios perform something similar to fullboot. But maybe, sony can break unbreakable, and this actually seems to be reasonable explanation. --Kozarovv (talk) 05:18, 22 August 2022 (UTC)
  • That is how it does look like on the newest PCSX2 build at the moment of posting it. It does use a CDRead for few reads after loading an ELF file, even in the full boot mode. --Agrippa (talk) 17:27, 22 August 2022 (UTC)

Emulator does panic itself, when two separate 0x0B commands are used.--Agrippa (talk) 20:25, 15 November 2022 (UTC)

ps2_netemu command 0x0C[edit source]

These pairs of parameters: 0x0001 and 0x0400; 0x0001 and 0x0800; 0x0001 and 0x0180 fix few missing sound effects in the Klonoa 2. The side effect is slightly longer loading times in general. This game is known for its various audio buffer issues related to the CDVD speed.

• I actually suspected this can be some delay for reads, but default value is (1, 0x1000) so doesn't really fit for delay. Since Shadowman 2 use it, and have known CD issue. Testing Shadowman2 without config can be interesting, if i'm right there will be a lot of broken textures right after you take control of main character. With broken Shadowman2 it will be easy to know that lower values are "better" or higher values are "better". That should help to understand what's going on. Assuming that SM2 really break without config... --Kozarovv (talk) 19:10, 3 March 2022 (UTC)
  • Tested Shadowman with and without config. No texture corruption either way, but it seems like the config helps with frame rate issues maybe caused by streaming in contents from the disc? Either that or placebo. --Mrjaredbeta (talk) 02:39, 4 March 2022 (UTC)
    • Well that's "unfortunate" because Shadowman2 would be perfect test case here. I noticed that Shadowma2 have hardcoded bios settings "CDVD_READ_DELAY", so maybe is handled there. --Kozarovv (talk) 19:11, 4 March 2022 (UTC)

It seems like this command can further improve FMVs that still have stuttering issues with command 0x21 enabled. The Fear's opening FMVs are heavily improved with command 0x21 set at 1, but there is still some video slowdown and audio stuttering and popping remaining. With the addition of command 0x0C set to 0x1 and 0x400, the slowdown and stutter is completely fixed. I have only tested 0x400 as a value so far.

The ingame FMVs with the graphic overlay are still stuttering heavily, though, and I am still unsure why. It seems like the shorter FMVs run fine, and the longer they are they more they have slowdown/stutter. This only applies to the "ingame" FMVs and not the opening ones.

I did some work on it, and it seems to modify read speed. Higher values should give faster read speed. Eventually higher values will give more frequent event checks, but read speed modifier seems to be more probable now when we know default values. To get faster read speed we should use (1, x > 0x400) for CD, and (1, x > 0x1000) for DVD. At this point Shadowman 2 is good test candidate again, just with some really high value. All configs from GX emu looks like they slowing down reads, because values for DVD are below 0x1000, Shadowman2 without config doesn't change anything because this config use default value... Burnout 3 is interesting here, only config that seems to use 0 (yolo read speed) option. --Kozarovv (talk) 22:24, 3 July 2023 (CEST)

void MECHA_on_state_3(__int64* mecha)
{
  ReadSectorSize = *(mecha + 0x70);
  if ( !ReadSectorSize )
    panic(1u);
   
  do
    current_tb = get_current_timebase()
  while ( !current_tb );
  
  readed_sectors_count = readed_size_in_bytes / ReadSectorSize;
  readed_sectors_count_mul_by_79800000 = 79800000LL * readed_sectors_count
  tb_for_seek_and_read = *(mecha + 0x18);
  skip = current_tb - tb_for_seek_and_read >= readed_sectors_count_mul_by_79800000 / val_from_cmd_0x0C_1)
  
  if ( cmd_0x0C_0 != 1 || val_from_cmd_0x0C_1 == 0 || skip )
  {
    if ( *(mecha + 0xD4) <= BytesToRead && !*(mecha + 0xE4) )
    {
      *(mecha + 0xD4) = readed_size_in_bytes;
      *mecha_state = 4; // Reading done here. Going to next step.
      return;
    }
    panic(1u);
  }
  set_scheduler(
    5uLL,                                                                               // 5 - CDVD event
    tb_for_seek_and_read + readed_sectors_count_mul_by_79800000 / val_from_cmd_0x0C_1,  // When
    &syscall8_200,                                                                      // Event Handler.
    0LL);                                                                               // unk
}

• Netemu does crash when the first param is set to 0x2.--Agrippa (talk) 21:03, 7 July 2023 (CEST)
  • No idea why, function that check config compare to 2 and panic if greater than. So 2 is accepted at least there. This config is used in 4 places. All of them use next part of config only if this one is 1. 3 places check explicitly for 1, one place check for 0. Setting 2 is weird from code point of view because it's almost like 0, but allow code to do one check in read function, and to be honest this doesn't look like intentional behavior because similar check is performed earlier in previous N command state, and there is handled properly including setting 1F402006 to error code instead of panic. --Kozarovv (talk) 22:31, 7 July 2023 (CEST)

ps2_netemu command 0x12[edit source]

type 1[edit source]

Playground discussion, unsure about clrlslwi r11, r0, 16,3 result

 Syphon Filter The Omega Strain
 298  00 00 00 00 
 29C  00 00 00 00 
 2A0  01 00>02 00< Type1, Count 2
 2A4  31 00 99 18  
 2A8  32 00 B6 18 


 type 1: (Syphon Filter The Omega Strain	)
	*0x48  | ptr to 1st value *0x2A4 (0x15F)
	*0x50  | count of type values

        (0x18990031 >> 0xC) & 0xFFFF0 = 0x18990
        (0x18B60032 >> 0xC) & 0xFFFF0 = 0x18B60

	store value in [0x18990 + ??? ] 
	
seg017:0000000000198498 next_value:                             # CODE XREF: read_id0x12_type_1+120�j
seg017:0000000000198498                 lwz       r0, 0(r10)    # -> 0x18990031
seg017:000000000019849C                 addi      r8, r8, 1     # counter
seg017:00000000001984A0                 ld        r29, 0(r31)
seg017:00000000001984A4                 addi      r10, r10, 4   # ptr to next value
seg017:00000000001984A8                 rlwinm    r28, r0, 20,12,27 # r28 = (r0 >> 12) & 0xFFFF0 = (0x18990031 >> 12) & 0xFFFF0 = 0x18990
seg017:00000000001984AC                 clrlslwi  r11, r0, 16,3 # r11 = 0x0031 << 3 = 0x188
seg017:00000000001984B0                 add       r26, r28, r29 # r26 = 0x18990 + ??
seg017:00000000001984B4                 stw       r11, 4(r26)   # store 0x62000? or 0x188? in r26
seg017:00000000001984B8                 lwz       r5, 0x50(r31) # count
seg017:00000000001984BC                 cmplw     cr6, r5, r8
seg017:00000000001984C0                 bgt       cr6, next_value

Leaving old info for now as it have good explanation of code itself. Command patch vu0_jit_data memory directly. For example above patch will write 0x188 to 0x1C018994 address. vu0 jit mem hold info about microprograms, like how many cycles will run, where program start/end, where is ebit, etc. For now is unknown which info is patched, but shift by 3 suggest it will be vu0 address related info. --Kozarovv (talk) 12:23, 14 June 2023 (CEST)

type 2[edit source]

Fix for interlocking/synchronization EE with VU0 in micro mode. Usually used with games that are m bit sensitive, or loop endlessly on VU0 due to lack of sync with EE core.

Primal
298  00 00 00 04 
29C  00 00 00 00  
2A0  02 00>03 00< Type 2, Count 3
2A4  5F 01 00 00 	
2A8  8D BD 6F 2C 	
2AC  67 03 00 00  	
2B0  02 00>03 00< Type 2, Count 3
2B4  6B 01 00 00 	
2B8  31 35 70 E9 	
2BC  72 03 00 00  	
2C0  03 00>02 00< Type 3, Count 2
2C4  60 9B 39 10 
2C8  18 9C 39 10	
2CC

type 2:
	*0x20C | counter
	*0x210 | 1st value: 0x15F      -> only gets compared, if passed check 2nd value
	*0x214 | 2nd value: 0x2C6FBD8D -> only gets compared, if passed use *0x218 + *0x21C
	*0x218 | 1 ( = count - 2)
        *0x21C | ptr to 3rd value *0x2AC (0x367)

First value is VU0 microprogram start address, multiply by 8 to get correct offset in VU0 micro mem. That one is confirmed,
and you can check CMSAR0 register status in pcsx2 when EE hit address from type 3 command to make sure. Now some guessing. 
Second value is probably hash of microprogram (from start address to e bit end). 
Third value can be run cycles before program is force stopped, for example to wait on m bit for EE side to catch, or to stop endless
loop that normally should already end if VU0 didn't run ahead of EE.
Fourth and next values if available can be run cycles for next program runs. 
A lot of guessing here. But looking at games that use it, there is high possibility that is correct.
This command is always used with type 3, or 4. This is probably not required, but without notifying EE side type 2 is useless. 

type 3[edit source]

 Example Primal
	*0x11B4| counter
	*0x11B8| -1 -> 0x399B60? 
	*0x11BC| 0 -> 0x399B60?
	*0x11C0| ptr to *0x2C4 values
	*0x11C4| count (2)

	r11 = r0 & 0xFFFFFFF = 0x10399B60 & 0xFFFFFFF = 0x399B60
	0x10399C18 & 0xFFFFFFF = 0x399C18

	r3 = r31 >> 28 = 0x10399B60 >> 0x1C = 1
	a check if 1,2

type 4[edit source]

        cmpwi     cr7, r0, 4
        bne       cr7, panic_dword_1967BC
        srwi      r9, r6, 1     # r9 = r6 >> 1 = count >> 1
        addi      r11, r4, 4
        stw       r9, 0x1238(r31) save count>>1
        std       r11, 0x1240(r31) save ptr to table values start

One correct entry is 2x 32 bit. First 32 bits are EE Opcode in little endian, second 32 bits are the same as first 4 bits of type 3 (interlocking). This type of config work in conjunction with type 2 config, and was required because R&C series use EE memory overlays. So type 3 config can't be used here as EE offset change per game level.

Here is alternative config for Rayman 3 (SLUS_206.01), this time using type 4 instead of 3. Just to confirm above is true. Untested, because i have no ability to do that.

12 00 00 00 0C 00 00 00 00 00 00 04 00 00 00 00
02 00 04 00 00 00 00 00 AE B3 4E 5D 20 02 00 00
46 02 00 00 04 00 04 00 00 30 D3 48 01 00 00 00
00 30 C8 48 01 00 00 00

ps2_netemu command 0x17[edit source]

This command is used only in Bully which is only known game by R* Vancouver, there is a chance that is only game which need it. But just in case, what game do is MTC0 $zero, Count
And read that at some point. Since we are in recompiler, count is updated only on events. This can create situation where game retrieve 0 value from count reg. Which according to pcsx2 source is wrong ([| referred as TIMR]). To be honest I'm not 100% sure that is issue here. Only other problem i can imagine is potential divide by 0 in emu itself. Anyway, if game do MTC0 zero, Count (00 48 80 40), or any weird operations with Count. This config should be tested.

ps2_netemu command 0x21[edit source]

Well, i don't know where to start.. This command with param 0 or 1 at some point prevent writes to TagLo register. Not with MTC0 tho, but during different opcode that is handled separately. I got this unresolved yet, but it seems that is CACHE opcode. That potentially mean ps2_netemu support some parts of instruction cache. But this need to be tested on real hardware. Good candidate here is WRC4. When command 0x21 with 0 or 1 is added to standard config, game should fail to load at all (unless game getting lucky like described in emu bugs section).

• I assume the cache handling would be the cause for games panicking/shutting down when 0x21 is set at 0? I cannot remember correctly if WRC panics (Agrippa would know better), but games like Shadow Hearts 2/3 will shut down after loading a save when instructions are being loaded in the EE memory from outside the main executable. My mind is blanking on other games besides those two, but surely a handful of games I have tested have had shutdowns caused by this command.--Mrjaredbeta (talk) 20:13, 1 October 2022 (UTC)
  • Yes, since that command disable cache handling only partially. There could be some unexpected issues. Problem is that 0x21 do little bit more, and little bit weird. Not gonna lie, cache is new territory for me since i never worked with any emu that support it. PCSX2 support good chunk of cache, but only in interpreter mode, and usually i just patched games to not rely on cache. This is what i got for now.
    • If my memory serves me right:
      • WRC4 - panic at the loading of stages (0x21-0)
      • VP2 - panic at the switching to the battle mode (0x21-0) or player models fail to load in the battle mode (0x21-1)
      • MGS3 - frame rate improvement, at the expense of awfully longer loading times (0x21-0).--Agrippa (talk) 11:40, 2 October 2022 (UTC)
  • Since it’s worth mentioning, 0x21 set to 0 also fixes the camera angle issue in Radiata Stories after one or two battle sequences.--Mrjaredbeta (talk) 15:02, 2 October 2022 (UTC)
    • I think the issue is not related to the camera at all. It looks similar to the VP2 case I posted earlier - the models fail to load on the post battle screen (shadows are drawn, though). Moreover, various models do disappear for a second in the battle mode too, if I remember correctly. Just a guess, as both games share the same engine.--Agrippa (talk) 18:22, 4 October 2022 (UTC)

I messed little bit with this code today, and 0x21_1, plus 0x03 at the same time seems to be most aggressive combo to remove instruction cache emulation. Not sure about compatibility, but this two configs together skip most cache code in emulator. --Kozarovv (talk) 10:21, 21 October 2022 (UTC)

• Quick test with this, random game (ATV Offroad Fury 4). It seems like 0x21_0 still gave a better improvement to menu FMV playback/stutter than 0x21_1 and 0x03. I didn't notice any change in performance with 0x21_1 in this scenario. Caching is still enabled with IHIN/IXIN with 0x21_0?--Mrjaredbeta (talk) 00:15, 22 October 2022 (UTC)
  • Whoops, sorry i meant 0x21_0 and 0x03. 0x21_1 actually create a lot of additional recompiled code. 0x21_0 is so fast because it skips lookup for cached addresses also outside of general cache opcodes (that how it looks like, i need to do little bit more work here). IHIN/IXIN (hit/index invalidation) can be totally disabled only with 0x03. 0x21 (0/1) still generate a lot of code for IHIN/IXIN when 0x03 is not used, even more that without 0x21. --Kozarovv (talk) 06:53, 22 October 2022 (UTC)
    • Okay, that makes sense. It is difficult to tell if adding 0x03 with 0x21_0 made any difference with this game as FMV is fixed with just 0x21_0, but it may be beneficial to test games that still have FMV playback issues with 0x21_0 enabled (slight desync still with Shadow Hearts).--Mrjaredbeta (talk) 15:05, 22 October 2022 (UTC)

Emotion Engine Cache support
Apparently, emulator support some parts of cache. More precisely instruction cache. Implementation seems to be simple and not 100% accurate, and there is no data cache support (obviously - speed). Still impressive there is something at all in recompiler.

Supported opcodes:

--Kozarovv (talk) 21:03, 1 October 2022 (UTC)

Example of recompiled code with enabled cache emulation: https://pastebin.com/sDwc1MLX

• Every operation with r15 and following r7/r8 loads, compares, and cr operations will be skipped by emitter with 0x21 --> 0
• r15 is loaded with current address (page?), to get full value shift it left by 6 eg. 0x808710 << 6 = 0x2021C400 (shift left by 6 = multiplying by 0x40)
• For small part of code posted on pastebin, cache check is performed 33 times * 8 opcodes = 264 opcodes from 801 are cache checks! A lot of work, a lot of code mostly for nothing.
• Conclusion. Use 0x21 --> 0 whenever you can. iCache emulation is pointless for 99% of games.
• Small oftopic. Every opcode that write to r13 increase emulated cycles. Every opcode writing to r14 modify current r5900 pc. Every branch to 0x3800 mean that event test will be performed.
• Problematic games (have issues with 0x21 enabled): Shadow Hearts 3, Jak & Daxter, VP2, Hot Shots series, Kingdom Hearts. Any game that load additional code overlays and do that custom way, for example Shadow Hearts 3 load code from bin files hidden in cpx files. All those games doesn't really need iCache emulation to work, but emulator seems to have issue with code invalidation. Only small amount of games used this method of loading, so it still should be fine for 99% of games.

--Kozarovv (talk) 07:32, 22 May 2023 (CEST)

• Radiata does not crash. English patch for FFXII IZJS does crash though (0x21 fixes stuttering in turbo mode).--Agrippa (talk) 20:33, 22 May 2023 (CEST)
  • Whoops, my bad. Fixed. :P --Kozarovv (talk) 09:44, 23 May 2023 (CEST)
    • Actually, the icache invalidation issues could explain why the infamous Maori VP2 overlay anti-protection patch is not working on the netemu.--Agrippa (talk) 22:14, 15 June 2023 (CEST)
      • His patch is basically self modifying code, so its possible. You can try cmd 0x01 with 0x0E subcommand hook at 0x01feb1c0. This invalidate whole mem every time offset is hit, ensuring that new code that is written from patcher is not in conflict with cache. Also remember that 0x42 is applied only on syscall 7, so if game modify 0x1feb1c0 - 0x1feb2e0 region, it will wipe patcher. And games often memzero whole data memory right after start. This issue don't exist on pcsx2 because it will reapply it on next vsync, while on netemu only 0x09/0x0A patches are reapplied. --Kozarovv (talk) 15:37, 16 June 2023 (CEST)

ps2_netemu command 0x28[edit source]

This command is heavily stripped version of command from gxemu. On netemu only option that seems to change anything is 0. From what i gathered in emu, when set to 0 SEEK ncmd will to be ignored and instant command ack is set. When 0 is used cdvd.SeekToSector is not updated from NCMD params. For emulated vm this mean next read command will perform seek to sector from position where last read end. Not sure if i'm understanding that correctly, it seems to be very hacky solution.

After some more work, its either skip seek, or make seek instant. Still a hack, but may give some loading boosts here and there (and break a lot of stuff too).

ps2_netemu command 0x2A[edit source]

Any idea what this command is doing? It seems to be directly related to IPU. I thought it only fixed black screen issues on certain games, but it also fixes Mystery Mayhem’s glitching/freezing/stuttering FMVs.

• This config skip check of another value, which finally make one of functions to never run. This affect "SYS" thread, and value that is checked seems to be related to EE/COP2 recompilers (pure guess by addresses that write there...). Nothing related directly to IPU, that's for sure. But this is part of emu that i have basically untouched, so i can't tell what its really skipped here. Function that is skipped trigger other functions which read cached mips code. So maybe something related to recompiler flushing, or constant propagation. Hard to tell at this point. For sure this is something i want to look more into, but not yet. --Kozarovv (talk) 05:56, 8 July 2022 (UTC)
  • Gotcha. So, I guess it is indirectly affecting the IPU? Or at least something EE/COP2 touches after IPU stuff. The current games that this command fixes are: All Star Baseball 2004 (GX config), Scooby-Doo! Mystery Mayhem (fixes repeating audio and FMV slowdown), Pro Evolution Soccer 6 (PAL v2.00 and NTSC-J only, unneeded in other versions, fixes black screen after opening FMV), and SCORE International Baja 1000 (fixes black screen after career mode FMV). These are all the currently known uses of the command. --Mrjaredbeta (talk) 02:15, 10 July 2022 (UTC)

ps2_netemu command 0x2E[edit source]

Without this command applied there is a black screen and no sound after the PS2LOGO, but the game (Growlanser Generations) is working in the background. Pressing the "PS" button fixes it. After applying this command (0x172 parameter) everything works correctly.

• this (like most "mecha" commands) is messing with timing.

lwz       r0, 0x2C(r31)           # cmd_0x2E
cmpwi     cr7, r0, 0
beq       cr7, cdvd_error_1349B4  # skip cdvd error if cmd not 0.
nop

loc_134988:
mftb      r9
cmpwi     cr7, r9, 0
beq       cr7, loc_134988        # Loop until timebase is not 0
clrldi    r0, r0, 32
add       r0, r0, r9
li        r9, 5
std       r0, 0x20(r31)          # cmd_0x2E + timebase
stw       r9, 0(r31)
b         end_134844

Value from 0x20(r31) is later used in compare. That result in cdvd error, or in setting which seems schedule event to happen after time from timebase pass. This event is netemu syscall 8 (0x200) which is related to all ps2 cdvd reads. Tl;dr is that value give emulator some more time before cdvd error. Weird thing is that PS button fix it.. --Kozarovv (talk) 07:05, 7 March 2022 (UTC)

Shin Sangoku Musou config[edit source]

This config does something with sceGsSyncPath by storing 0x4 to INTC_STAT before jumping to it (from one of the main function, so only a specific jump to sceGsSyncPath). I am thinking it fixes this: WhECT9RGZ0k (YouTube link)

What could be happening internally for something like this to be fixed? Interrupt delay to avoid an infinite loop or something? The freeze looks similar to something like the Ecole games (Melty Blood) where the game can move slightly after the freeze, or even break out of it entirely (rare).

• It does write an interrupt request for the start of the VBlank. Looks like the game does sync with the refresh rate and the game logic (at least the specific function you have mentioned) does break itself when the timing is not right.--Agrippa (talk) 14:59, 10 August 2022 (UTC)
  • Writing to INTC_STAT remove vblank start bit in this case (acknowledge that interrupt happened). But yeah, generally this is timing issue. Probably similar issue to what pcsx2 have: [| here.] But affect different games due to other differences in emulator. --Kozarovv (talk) 19:38, 10 August 2022 (UTC)