Talk:PSP Emulation

From PS3 Developer wiki
Revision as of 09:51, 5 September 2021 by Sandungas (talk | contribs) (NID info moved to frontpage)
Jump to navigation Jump to search

PSP Emulator Types and Revisions

PSP Emulators Types and Revisions
psp_emulator.elf (decrypted)
Firmware Bytes MD5 Rev
1.00 ~ 3.10 No
3.15 ? ? ?
? ? ? ?
? ? ? ?
3.66 419.120 DFED8FCDB36A4284A27369304D47674F ?
3.70 419.176 0F6F1D92D045A86565DF705276776A41 same
~ Any
3.74 DC8C67FEEB605D73D073BBCAD8F17E6A
4.00 419.416 7371A95BB0ACB1152EB13EA11C866F87 same
4.01 C17EE35A278E64227558FA9C39E805B5
4.10 419.472 DAA4E9816037E1EFFFF15B344B61BD1D same
4.11 2DF5AFE349E082A79AF4E50B8100F80A
4.15 ? ? ?
4.20 419.480 540422B0759D20738BF498337E33B7E2 same
~ Any
4.25 5D20DFAE9E0D704F6DD17D2A807A1D2C
? ? ? ?
? ? ? ?
? ? ? ?
4.78 419.520 EFEA0DFDDD6E7C479983B5E4E8B95295 same
~ Any
4.82 5CAC36C3F940749B4DD5E03DB02C732A

  ·  Decrypted (elf): changes every firmware version
  ·  Build label: no/unknown
  ·  Target Firmware: yes, repeated two times
  ·  Revision: unknown

psp_translator.elf (decrypted)
Firmware Bytes MD5 Rev
1.00 ~ 3.10 No
3.15 ? ? ?
? ? ? ?
? ? ? ?
3.66 283.128 0F52CE7666276B71FF5C560D7BD28014 ?
3.70 283.128 C35D80E8B1A4A61212EA773C061BF1DC same
~ Any
3.74 A42CD1453C52149297A975F2BA5B2D38
4.00 283.128 DF07955312D1C09DC2DC355EBA47F8AA same
4.01 A06E7BF7C1D062878593E1D4EA85B4C9
4.10 283.128 FB4801625CA15AC58DB28A4223EFD4A2 same
4.11 3154FF57D36E3D7C4F2C061393816482
4.15 ? ? ?
4.20 283.120 C125A486D3C48EA2C957EAFC0AB69B39 same
~ Any
4.23 S C469B41798157C53C3E7794E9BDF9D36
4.25 283.120 A675423F5C8B9FD02AA2150D46B953AE ?
? ? ? ?
? ? ? ?
? ? ? ?
4.78 283.120 A35809CE6C184F3E3B52C18E0AE19217 same
~ Any
4.82 58E104453AC60DE2B671E43F09D96E80

  ·  Decrypted (elf): changes every firmware version
  ·  Build label: no/unknown
  ·  Target Firmware: yes, repeated one time
  ·  Revision: unknown


Playstation Portable

PPSSPP
00010000 Scratchpad
04000000 VRAM
08800000 User memory
08804000 Default load address
88000000 Kernel memory
psp_emulator.self
B0000000 Default load address

Crypto

Supported Kirk Crypto ? (1,4,7,11,12,13,14,16,17,18,19)

emulator_api errors

Google translations from japanese error messages:

 0002 This world did not have a room that are playing the same game
 1005 Upon your use of this application, you'll need to agree to the Terms of Use
 2001 Network connection it has expired. It will return to the title screen
 2002 Network connection it has expired. It will return to the title screen
 2007 You can not connect to ad hoc. Please check the information page
 3001 You can not connect to the network. Please check the information page
 3003 There is no possible connection server
 4001 You can not connect to the network. Please check information page
 4001 You can not connect to the network. Please check information page
 4004 We will not exceed the number that can be created room
 4005 We have exceeded the maximum number of bookmarks. Please register again by removing unnecessary bookmark
 4006 The lobby is a registered
 4007 It will return to the title for a certain period of time operation is not performed
 5002 This room is taking entry limit
 5005 Because the connection type of network is different, you can not play in this room. Please check the manual
 5006 It is during the transmission of comments
 6001 You can not change the wallpaper for the free capacity of the HDD is insufficient. To make the change of wallpaper you need free space of more than 17MB.
 6002 The size of the image can not be specified in the wallpaper. Please check the information page
 6003 It does not support the file format of the image. Please check the information page
10001 Not available, because 20GB model (CECHB00) is not equipped with wireless LAN feature.
10002 PlayStation®3, please use it to connect to the broadband network in a wired.
10003 A system error has occurred.
10004 It is connected. Please be patient. Channel 1
10005 It is connected. Please be patient. Channel 6
10006 It is connected. Please be patient. Channel 11
10007 It is connected. Please be patient. Channel automatic
10008 Not available in the sub-account that is limiting the use of chat. administrator of n master account (such as parents) Please use after receiving the permission of chat use to.
10009 Upon your use of ad-hoc party, you should be asked to agree to the Terms of Service.
10010 You need to sign up to PlayStation®Network.
10011 I signed out from PlayStation®Network. You exit. / Please use it to enable the Internet connection.
10012 It is in a location other than the lobby.
30002 In order to start the ad-hoc party, System software update is required.
30003 Ad-hoc party is not installed. Please download the ad-hoc party (free of charge) from PlayStation®Store.
30004 Ad-hoc party has been updated. If you play the PSP® (PlayStation®Portable) Remaster is. Restart from the PSP® (PlayStation®Portable) Remaster icon.
30005 You can not connect to PlayStation®Network. Please check the configuration of the body.
30006 Are you sure that you want to move to the ad-hoc party? Please check the save data.
30007 We were leaving from the room.
30008 We left the room
30009 You can not connect to the network. Please confirm information page.
30010 Room of the password is incorrect.
30011 This room is taking entry limit.
30012 This room can not enter because of the packed.
30013 We were leaving from the room.
30014 Are you sure that you want to leave the room? Data when you leave the room not been saved will be lost.
30015 Are you sure that you want to leave the room?
30016 Are you sure that you want to move to end the game to the ad-hoc party? What you do not save will be lost.
30017 We did not put in a room.
30018 This PSP®Remaster title in eight room is not supported.
30019 You can not connect to PlayStation®Network. Please check the information page. 
30020 We were leaving from the room. Are you sure that you want to move to the ad-hoc party without saving the game?
30021 The selected lobby is packed.
H8001 I could not connect.
H8002 I could not connect.
H8003 I could not connect.
H8004 I could not connect.
H8005 I could not connect.
H8006 I could not connect.
S7001 I could not connect.
S7002 I could not connect.
S7003 I could not connect.
S7004 We were leaving from the room.

Experimental Patch

Original:

00000000000285B0
00000000000285B0 empty_buffer:                           # CODE XREF: sceIoIoctlAsync+74�j
00000000000285B0                                         # sceIofileAsync+140�j ...
00000000000285B0                 li        r31, 0        
00000000000285B4                 clrldi    r27, r3, 32   
00000000000285B8                 li        r29, 0        
00000000000285BC                 cmpwi     cr4, r31, 0   
00000000000285C0
00000000000285C0 IoFileMgrForUser_822ADD32:              # CODE XREF: sceIoIoctlAsync+184�j
00000000000285C0                                         # sceIofileAsync+2D0�j
00000000000285C0                 clrldi    r7, r23, 32   # out data ptr 
00000000000285C4                 extsw     r3, r24       # id
00000000000285C8                 extsw     r4, r28       # cmd
00000000000285CC                 mr        r6, r27       # in size
00000000000285D0                 clrldi    r8, r25, 32   # out len 
00000000000285D4                 mr        r5, r29       # in data ptr
00000000000285D8                 bl        _IoFileMgrForUser_822ADD32 # pspFileSystem.... ?
00000000000285DC                 ld        r2, 0xC0+var_98(r1)
00000000000285E0                 mr        r31, r3
00000000000285E4                 beq       cr4, loc_285F4 # nop
00000000000285E8                 mr        r3, r29
00000000000285EC                 bl        _sys_libc_free
00000000000285F0                 ld        r2, 0xC0+var_98(r1)
00000000000285F4
00000000000285F4 loc_285F4:                              # CODE XREF: sceIoIoctlAsync+B4�j
00000000000285F4                 stw       r31, 8(r30)   # return value


Modification:

LOAD:00000000000285B0
LOAD:00000000000285B0 loc_285B0:                              # CODE XREF: sceIoIoctlAsync+74�j
LOAD:00000000000285B0                                         # sceIoIoctlAsync+140�j ...
LOAD:00000000000285B0                 bl        _sys_libc_malloc
LOAD:00000000000285B4                 clrldi    r26, r3, 32
LOAD:00000000000285B8                 lis       r28, 0x101 # 0x1010005                           # Seek cmd id
LOAD:00000000000285BC                 ori       r28, r28, 5 # 0x1010005
LOAD:00000000000285C0                 b         loc_28724
LOAD:00000000000285C4 # ---------------------------------------------------------------------------
LOAD:00000000000285C4
LOAD:00000000000285C4 loc_285C4:                              # CODE XREF: sceIoIoctlAsync+184�j   #
LOAD:00000000000285C4                                         # sceIoIoctlAsync+2D0�j              # Both branches also modified, so we can use 5x4 bytes
LOAD:00000000000285C4                 clrldi    r7, r23, 32
LOAD:00000000000285C8                 extsw     r3, r24
LOAD:00000000000285CC                 extsw     r4, r28
LOAD:00000000000285D0                 mr        r6, r27
LOAD:00000000000285D4                 clrldi    r8, r25, 32
LOAD:00000000000285D8                 mr        r5, r29
LOAD:00000000000285DC                 bl        _IoFileMgrForUser_822ADD32
LOAD:00000000000285E0                 ld        r2, 0xC0+var_98(r1)
LOAD:00000000000285E4                 mr        r31, r3
LOAD:00000000000285E8                 mr        r3, r29
LOAD:00000000000285EC                 bl        _sys_libc_free
LOAD:00000000000285F0                 ld        r2, 0xC0+var_98(r1)
LOAD:00000000000285F4                 stw       r31, 8(r30)

Unsupported ID's will be replaced with empty buffers and simply sent through IoIoctl.
PGD = ID 0x04100001
This ugly and highly experimental poc code simply redirects unsupported cmd's to 0x01010005 (Seek Begin)
prolly breaks other cmd's

Supported cmd ID's:

0x1010005 (UMD file seek set)
0x1010009
0x101000A
(0x1020006)
(0x1020007)
0x1030008 (Read UMD file)
(0x1D20002)
0x1F100A6 (UMD file seek whence)
0x1F30003 (UMD disc read sectors operation)

Referenced as help:
https://raw.githubusercontent.com/hrydgard/ppsspp/master/Core/HLE/sceIo.cpp
https://code.google.com/p/jpcsp/source/browse/trunk/src/jpcsp/HLE/modules150/IoFileMgrForUser.java

0x01020001 - Get UMD Primary Volume Descriptor
0x01020002 - Get UMD Path Table
0x01020003 - Get UMD sector size
0x01020004 - Get UMD file pointer
0x01010005 - Set UMD file seek
0x01020006 - Get UMD file start sector
0x01020007 - Get UMD file length in bytes
0x01030008 - Read UMD file
0x01D20001 - Get UMD device file current sector seek position
0x01F30003 - Read raw sectors from UMD device file
0x01F100A6 - Set UMD device file seek by sector
0x04100001 - Define decryption key (DRM by amctrl.prx)
0x04100002 - Set PGD offset
0x04100010 - Get PGD data size

NPEZ00093 TETRIS

MINIS2 SETTINGS

AW.SINGLE_BUF = 80
AW.REUSE_ADRS = 110000

PPSSPP

23:10:028 user_main    I[SCEGE]: Common\FramebufferCommon.cpp:331 Creating FBO for 00110000 : 280 x 20 x 3<br>
23:10:030 user_main    W[SCEGE]: Common\FramebufferCommon.cpp:373 FBO reusing depthbuffer, 00110000/00044000 and 00088000/00044000<br>
23:10:041 user_main    I[G3D]: GLES\ShaderManager.cpp:140 Linked shader: vs 31 fs 32<br>
23:15:969 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: >L<br>
23:16:302 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: <OK<br>
23:16:377 user_main    W[G3D]: GLES\TextureCache.cpp:336 Render to texture with different strides 256 != 280<br>
23:19:096 user_main    I[SCEGE]: GLES\Framebuffer.cpp:730 Resizing FBO for 00110000 : 256 x 272 x 3<br>
23:39:980 user_main    I[SCEGE]: GLES\Framebuffer.cpp:730 Resizing FBO for 00110000 : 256 x 272 x 3<br>

Crashes

Black Rock Shooter

lv2(2): # 
lv2(2): # 
lv2(2): # SDK version: 446000 
lv2(2): # system software version: 4.46 (DEX) 
lv2(2): # revision: 49873 
lv2(2): # 
lv2(2): # Lv-2 detected an interrupt(exception) in a user PPU Thread. 
lv2(2): # 
lv2(2): # Interrupt(exception) Info. 
lv2(2): #   Type : Data Storage 
lv2(2): #   SRR0 : 0x00000000016a8d94 00000000000C8D94                 lwz       r17, 0x454(r15) ; r15 = 0
lv2(2): #   SRR1 : 0x800000000200e032 
lv2(2): #   DSISR: 0x0000000040000000 
lv2(2): #   DAR  : 0x0000000000000454 
lv2(2): #   TB   : 0x000000028bed73b7 
lv2(2): #   HW Thread #: 1 
lv2(2): # 
lv2(2): # Backtrace 
lv2(2): #   0x00000000016a8d88 sub_c8CB0 + 0xD8
lv2(2): #   0x00000000015e36ac PEmuCoreLib_7EBDEE23 + -0x20
lv2(2): #   0x0000000000b7d25c ThreadManForKernel_D3C08E1A + 0x2A0
lv2(2): #   0x000000000163bc48 sub_5B0C8 + 0xB78
lv2(2): #   0x000000000163c68c sub_5C32C + 0x348 
lv2(2): #   0x000000000163dc14 sub_5DA7C + 0x1E8
lv2(2): #   0x000000000163ddd8 
lv2(2): #   0x00000000016697c8 
lv2(2): #   0xbadadd0010700fcc 
lv2(2): # 
lv2(2): # User PPU Thread Info. 
lv2(2): #   ID        : 0x010700fd 
lv2(2): #   Name      : PEmuExecThread 
lv2(2): #   Stack addr: 0x00000000d00ab000 
lv2(2): #   Stack size: 0x0000000000020000 
lv2(2): #   Priority  : 1001 
lv2(2): #   Proc name : /dev_flash/pspemu/psp_emulator.self 
lv2(2): #   Proc ID   : 0x1030200 
lv2(2): # 
lv2(2): # Register Info. 
lv2(2): #      LR: 0x00000000016a8d8c     CR:0x4824202a 
lv2(2): #     CTR: 0x00000000000a512c 
lv2(2): # 
lv2(2): #   GPR 0: 0x00000000016a8d8c  GPR 1: 0x00000000d00c9f50 
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0x0000000000000000 
lv2(2): #   GPR 4: 0x80000000006ac990  GPR 5: 0x0000000000000000 
lv2(2): #   GPR 6: 0x0000000000000000  GPR 7: 0x0000000000000000 
lv2(2): #   GPR 8: 0x00000000300000c0  GPR 9: 0x0000000000000001 
lv2(2): #   GPR10: 0x00000000010700fd  GPR11: 0x0000000000000000 
lv2(2): #   GPR12: 0x00000000000c0308  GPR13: 0x000000001000cf50 
lv2(2): #   GPR14: 0x0000000001abc4f0  GPR15: 0x0000000000000000 
lv2(2): #   GPR16: 0x000000004824202a  GPR17: 0x00000000801a4730 
lv2(2): #   GPR18: 0x00000000089a6550  GPR19: 0x0000000000000000 
lv2(2): #   GPR20: 0x0000000000057e40  GPR21: 0x0000000000000002 
lv2(2): #   GPR22: 0x0000000009979e00  GPR23: 0x0000000000000800 
lv2(2): #   GPR24: 0x00000000089a6550  GPR25: 0x0000000009973e00 
lv2(2): #   GPR26: 0x0000000009983e00  GPR27: 0x0000000009983e00 
lv2(2): #   GPR28: 0x0000000009983e00  GPR29: 0x0000000009983e00 
lv2(2): #   GPR30: 0x0000000009fec650  GPR31: 0x0000000008815618 
lv2(2): # 
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x82008000 
lv2(2): # 
lv2(2): #   FPR 0: 0xc000000000000000  FPR 1: 0x0000000000000000 
lv2(2): #   FPR 2: 0x0000000000000000  FPR 3: 0x0000000000000000 
lv2(2): #   FPR 4: 0xfff8000082008000  FPR 5: 0x408c200000000000 
lv2(2): #   FPR 6: 0x3f52345680000000  FPR 7: 0x00000010703fd000 
lv2(2): #   FPR 8: 0x0000000000000000  FPR 9: 0x0000000000000000 
lv2(2): #   FPR10: 0x0000000000000000  FPR11: 0x00000010703fd000 
lv2(2): #   FPR12: 0xfff8000082008000  FPR13: 0x407f400000000000 
lv2(2): #   FPR14: 0x00000010703fd000  FPR15: 0x00000010703fd000 
lv2(2): #   FPR16: 0x00000010703fd000  FPR17: 0x00000010703fd000 
lv2(2): #   FPR18: 0x00000010703fd000  FPR19: 0x00000010703fd000 
lv2(2): #   FPR20: 0x00000010703fd000  FPR21: 0x00000010703fd000 
lv2(2): #   FPR22: 0x00000010703fd000  FPR23: 0x00000010703fd000 
lv2(2): #   FPR24: 0x00000010703fd000  FPR25: 0x00000010703fd000 
lv2(2): #   FPR26: 0x00000010703fd000  FPR27: 0x00000010703fd000 
lv2(2): #   FPR28..


r31 = 8815618 

0881560C	addu	s1,s0,s1
08815610	jal	zz_sceAtracReleaseAtracID
08815614	nop	
08815618	li	a0,-0x1
0881561C	sw	a0,0x2020(s2)
08815620	lb	s1,0x20A0(s1)
08815624	beq	s1,zero,pos_08815634

crash #2 on loading

lv2(2): # Interrupt(exception) Info.
lv2(2): #   Type : Data Storage
lv2(2): #   SRR0 : 0x00000000016a8d94
lv2(2): #   SRR1 : 0x800000000200e032
lv2(2): #   DSISR: 0x0000000040000000
lv2(2): #   DAR  : 0x0000000000000454
lv2(2): #   TB   : 0x0000000106f65ac5
lv2(2): #   HW Thread #: 1
lv2(2): #
lv2(2): # Backtrace
lv2(2): #   0x00000000016a8d88
lv2(2): #   0x00000000015e36ac
lv2(2): #   0x0000000000b7d25c
lv2(2): #   0x000000000163bc48
lv2(2): #   0x000000000163c68c
lv2(2): #   0x000000000163dc14
lv2(2): #   0x000000000163ddd8
lv2(2): #   0x00000000016697c8
lv2(2): #   0xbadadd001030068c
lv2(2): #
lv2(2): # User PPU Thread Info.
lv2(2): #   ID        : 0x01030069
lv2(2): #   Name      : PEmuExecThread
lv2(2): #   Stack addr: 0x00000000d00ab000
lv2(2): #   Stack size: 0x0000000000020000
lv2(2): #   Priority  : 1001
lv2(2): #   Proc name : /dev_flash/pspemu/psp_emulator.self
lv2(2): #   Proc ID   : 0x1010200
lv2(2): #
lv2(2): # Register Info.
lv2(2): #      LR: 0x00000000016a8d8c     CR:0x4824208a
lv2(2): #     CTR: 0x00000000000a512c
lv2(2): #
lv2(2): #   GPR 0: 0x00000000016a8d8c  GPR 1: 0x00000000d00c9f50
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0x0000000000000000
lv2(2): #   GPR 4: 0x80000000006768a0  GPR 5: 0x0000000000000000
lv2(2): #   GPR 6: 0x0000000000000000  GPR 7: 0x0000000000000000
lv2(2): #   GPR 8: 0x00000000300000c0  GPR 9: 0x0000000000000001
lv2(2): #   GPR10: 0x0000000001030069  GPR11: 0x0000000000000000
lv2(2): #   GPR12: 0x00000000000c0308  GPR13: 0x000000001000cf50
lv2(2): #   GPR14: 0x0000000001abc4f0  GPR15: 0x0000000000000000
lv2(2): #   GPR16: 0x000000004824208a  GPR17: 0x00000000805c3858
lv2(2): #   GPR18: 0x0000000000000001  GPR19: 0x0000000009e28010
lv2(2): #   GPR20: 0x0000000000000001  GPR21: 0x0000000000000001
lv2(2): #   GPR22: 0x0000000000000000  GPR23: 0x0000000000000000
lv2(2): #   GPR24: 0x0000000004000000  GPR25: 0x0000000000000080
lv2(2): #   GPR26: 0x0000000000000001  GPR27: 0x0000000009e28010
lv2(2): #   GPR28: 0x0000000000000001  GPR29: 0x0000000000000001
lv2(2): #   GPR30: 0x0000000009ffda80  GPR31: 0x0000000008814a94 	jal	zz_sceCtrlReadBufferPositive
lv2(2): #
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x82004000
lv2(2): #
lv2(2): #   FPR 0: 0x407be00000000000  FPR 1: 0x0000000000000000
lv2(2): #   FPR 2: 0x406e000000000000  FPR 3: 0x0000000000000000
lv2(2): #   FPR 4: 0xfff8000082004000  FPR 5: 0x4040000000000000
lv2(2): #   FPR 6: 0x3fef000000000000  FPR 7: 0x0000001030369000
lv2(2): #   FPR 8: 0x407be00000000000  FPR 9: 0x406e000000000000
lv2(2): #   FPR10: 0x0000000000000000  FPR11: 0x0000001030369000
lv2(2): #   FPR12: 0xfff8000082004000  FPR13: 0x407f400000000000
lv2(2): #   FPR14: 0x0000001030369000  FPR15: 0x0000001030369000
lv2(2): #   FPR16: 0x0000001030369000  FPR17: 0x0000001030369000
lv2(2): #   FPR18: 0x0000001030369000  FPR19: 0x0000001030369000
lv2(2): #   FPR20: 0x0000001030369000  FPR21: 0x0000001030369000
lv2(2): #   FPR22: 0x0000001030369000  FPR23: 0x0000001030369000
lv2(2): #   FPR24: 0x0000001030369000  FPR25: 0x0000001030369000
lv2(2): #   FPR26: 0x0000001030369000  FPR27: 0x0000001030369000
lv2(2): #   FPR28: 0x0000001030369000  FPR29: 0x0000001030369000
lv2(2): #   FPR30: 0x0000001030369000  FPR31: 0x0000001030369000
lv2(2): #

zz_sceAtracReleaseAtracID zz_sceCtrlReadBufferPositive

Its a thread? timing/sync problem.

Cars

Cars Race-O-Rama

rsx-err 262

_CELL_DBG_RSX_ERROR_GRAPH_COMMAND_ERROR

  • invalid data is specified for a command
  • this error indicates that the command is supported but the data for that command is a value outside of the allowable range

Dissidia 012

lv2(2): # Interrupt(exception) Info.
lv2(2): #   Type : Instruction Segment
lv2(2): #   SRR0 : 0xbadadd0010800610
lv2(2): #   SRR1 : 0x800000000000c032
lv2(2): #   DSISR: 0x0000000000200000
lv2(2): #   DAR  : 0x0000000010005f20
lv2(2): #   TB   : 0x000000022782edce
lv2(2): #   HW Thread #: 0

lv2(2): # Register Info.
lv2(2): #      LR: 0xbadadd0010800610     CR:0x28000022
lv2(2): #     CTR: 0x00000000000a512c
lv2(2): #
lv2(2): #   GPR 0: 0xbadadd0010800610  GPR 1: 0x00000000d00caf90
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0x0000000000000000
lv2(2): #   GPR 4: 0x8000000000638750  GPR 5: 0x0000000000000000
lv2(2): #   GPR 6: 0x0000000000000000  GPR 7: 0x0000000000000095
lv2(2): #   GPR 8: 0x0000000030000070  GPR 9: 0x0108006100000000
lv2(2): #   GPR10: 0x0000000001080061  GPR11: 0x0000000000000000
lv2(2): #   GPR12: 0x00000000000c0308  GPR13: 0x000000001000cf50
lv2(2): #   GPR14: 0x0000000000000000  GPR15: 0x0000000000000000
lv2(2): #   GPR16: 0x0000000000000000  GPR17: 0x0000000000000000
lv2(2): #   GPR18: 0x0000000000000000  GPR19: 0x0000000000000000
lv2(2): #   GPR20: 0x0000000000000000  GPR21: 0x0000000000000000
lv2(2): #   GPR22: 0x0000000000000000  GPR23: 0x0000000000000000
lv2(2): #   GPR24: 0x0000000000000000  GPR25: 0x0000000000000000
lv2(2): #   GPR26: 0x0000000000000000  GPR27: 0x0000000000000000
lv2(2): #   GPR28: 0x0000000000000000  GPR29: 0x0000000000000000
lv2(2): #   GPR30: 0x0000000000000000  GPR31: 0x0000000000000000
lv2(2): #
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x82004000
lv2(2): #
lv2(2): #   FPR 0: 0x0000000000000000  FPR 1: 0x0000000000000000
lv2(2): #   FPR 2: 0x0000000000000000  FPR 3: 0x0000000000000000
lv2(2): #   FPR 4: 0xfff8000082004000  FPR 5: 0x403b800000000000
lv2(2): #   FPR 6: 0x0000000000000000  FPR 7: 0x0000000000000000
lv2(2): #   FPR 8: 0x0000000000000000  FPR 9: 0x0000000000000000
lv2(2): #   FPR10: 0x3ff0000000000000  FPR11: 0x0000000000000000
lv2(2): #   FPR12: 0xfff8000082004000  FPR13: 0xbff0000000000000
lv2(2): #   FPR14: 0x0000001080361000  FPR15: 0x0000001080361000
lv2(2): #   FPR16: 0x0000001080361000  FPR17: 0x0000001080361000
lv2(2): #   FPR18: 0x0000001080361000  FPR19: 0x0000001080361000
lv2(2): #   FPR20: 0x0000001080361000  FPR21: 0x0000001080361000
lv2(2): #   FPR22: 0x0000001080361000  FPR23: 0x0000001080361000
lv2(2): #   FPR24: 0x0000001080361000  FPR25: 0x0000001080361000
lv2(2): #   FPR26: 0x0000001080361000  FPR27: 0x0000001080361000
lv2(2): #   FPR28: 0x0000001080361000  FPR29: 0x0000001080361000
lv2(2): #   FPR30: 0x0000001080361000  FPR31: 0x0000001080361000
	lui	a0,0x886
	lui	a1,0x886
	addiu	a0,a0,0x64C4
	jal	z_un_088eceb0
	addiu	a1,a1,0x64FC
	li	a0,0x264
	li	a1,0x2
	jal	z_un_088ecfd4
	li	a2,0x2
	jal	z_un_088ee754
	nop	
	li	a0,0x1
	...

z_un_088ecfd4:

	addiu	sp,sp,-0x20
	sw	s0,0x0(sp)
	sw	s1,0x4(sp)
	move	s0,a2
	move	s1,a1
	sw	s2,0x8(sp)
	sw	s3,0xC(sp)
	sw	ra,0x10(sp)
	jal	z_un_088ecf48
	move	s2,a0
	lui	s3,0x89D
	lw	a0,0x7F00(s3)
	beq	a0,zero,pos_088ED0B8
	nop	
	lbu	a0,0x0(a0)
	bne	a0,zero,pos_088ED0B0
	nop	
	slti	a0,s2,0x264
	bne	a0,zero,pos_088ED0A8
	nop	
	slti	a0,s1,0x2
	bne	a0,zero,pos_088ED0A0
	nop	
	slti	a0,s0,0x2
	bne	a0,zero,pos_088ED098
	nop	
	move	a0,s2
	move	a1,s1
	jal	z_un_088ef658
	move	a2,s0
	jal	zz_sceMpegInit
	...

z_un_088ee754:

	addiu	sp,sp,-0x20
	sw	s0,0x4(sp)
	lui	s0,0x89D
	lw	a0,0x7F00(s0)
	sw	s1,0x8(sp)
	sw	s2,0xC(sp)
	sw	s3,0x10(sp)
	sw	ra,0x14(sp)
	beq	a0,zero,pos_088EE7E0
	nop	
	lbu	a1,0x0(a0)
	beq	a1,zero,pos_088EE7D8
	nop	
	lbu	a0,0x1(a0)
	bne	a0,zero,pos_088EE7D0
	nop	
	jal	zz_sceMpegQueryMemSize
	...

launching OVL process

Gods Eater Burst

Original EBOOT.PBP, no EBOOT.BIN resigned.

lv2(2): # Interrupt(exception) Info.
lv2(2): #   Type : Instruction Segment
lv2(2): #   SRR0 : 0xbadadd0010800010
lv2(2): #   SRR1 : 0x800000000000c032
lv2(2): #   DSISR: 0x0000000000200000
lv2(2): #   DAR  : 0x800000020011c010
lv2(2): #   TB   : 0x000000018b2e5560
lv2(2): #   HW Thread #: 0
lv2(2): #
lv2(2): # Backtrace
lv2(2): #   0xbadadd001080000c

lv2(2): # Register Info.
lv2(2): #      LR: 0xbadadd0010800010     CR:0x24000028
lv2(2): #     CTR: 0x000000000163c62c
lv2(2): #
lv2(2): #   GPR 0: 0xbadadd0010800010  GPR 1: 0x00000000d00caf90
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0xffffffffffffffff
lv2(2): #   GPR 4: 0x00000000300e4af0  GPR 5: 0x0000000000000021
lv2(2): #   GPR 6: 0x0000000000010000  GPR 7: 0x0000000000000000
lv2(2): #   GPR 8: 0x00000000d00cad90  GPR 9: 0x0000000000000000
lv2(2): #   GPR10: 0xffffffff80020001  GPR11: 0x0000000000000002
lv2(2): #   GPR12: 0x0000000024000028  GPR13: 0x000000001000cf50
lv2(2): #   GPR14: 0x0000000000000000  GPR15: 0x0000000000000000
lv2(2): #   GPR16: 0x0000000000000000  GPR17: 0x0000000000000000
lv2(2): #   GPR18: 0x0000000000000000  GPR19: 0x0000000000000000
lv2(2): #   GPR20: 0x0000000000000000  GPR21: 0x0000000000000000
lv2(2): #   GPR22: 0x0000000000000000  GPR23: 0x0000000000000000
lv2(2): #   GPR24: 0x0000000000000000  GPR25: 0x0000000000000000
lv2(2): #   GPR26: 0x0000000000000000  GPR27: 0x0000000000000000
lv2(2): #   GPR28: 0x0000000000000000  GPR29: 0x0000000000000000
lv2(2): #   GPR30: 0x0000000000000000  GPR31: 0x0000000000000000
lv2(2): #
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x00000000
lv2(2): #
lv2(2): #   FPR 0: 0x0000001080301000  FPR 1: 0x0000000000000000
lv2(2): #   FPR 2: 0x0000000000000000  FPR 3: 0x0000000000000000
lv2(2): #   FPR 4: 0x0000000000000000  FPR 5: 0x0000000000000000
lv2(2): #   FPR 6: 0x0000000000000000  FPR 7: 0x0000000000000000
lv2(2): #   FPR 8: 0x0000000000000000  FPR 9: 0x0000000000000000
lv2(2): #   FPR10: 0x0000000000000000  FPR11: 0x0000000000000000
lv2(2): #   FPR12: 0x0000000000000000  FPR13: 0x0000000000000000
lv2(2): #   FPR14: 0x0000000000000000  FPR15: 0x0000000000000000
lv2(2): #   FPR16: 0x0000000000000000  FPR17: 0x0000000000000000
lv2(2): #   FPR18: 0x0000000000000000  FPR19: 0x0000000000000000
lv2(2): #   FPR20: 0x0000000000000000  FPR21: 0x0000000000000000
lv2(2): #   FPR22: 0x0000000000000000  FPR23: 0x0000000000000000
lv2(2): #   FPR24: 0x0000000000000000  FPR25: 0x0000000000000000
lv2(2): #   FPR26: 0x0000000000000000  FPR27: 0x0000000000000000
lv2(2): #   FPR28: 0x0000000000000000  FPR29: 0x0000000000000000
lv2(2): #   FPR30: 0x0000000000000000  FPR31: 0x0000000000000000

Suggestion 0xbadadd..... is related to EBOOT sign, decryption,....

Evangelion

PS3 - crashes on unsupported scePauth_F7AA47F6 which it cant resolve

[FILE LOADING]:map/free/freemap.xml
[FILE LOADING]:sound/se/se_map00.phb
Lo[FILE LOADING]:ui/free/place.bin
ad : [sound/se/se_map00][3,-1]
[8]ui/free/place.bin
[FILE LOADING]:ui/common/fm_00.bin
[9]ui/common/fm_00.bin
[FILE LOADING]:ui/common/fm_01.bin
[10]ui/common/fm_01.bin
[FILE LOADING]:ui/common/fm_02.bin
[11]ui/common/fm_02.bin
[FILE LOADING]:ui/free/command00.bin
[12]ui/free/command00.bin
[FILE LOADING]:ui/free/command00.bin
[13]ui/free/command00.bin
[FILE LOADING]:ui/free/rs_02.bin
[14]ui/free/rs_02.bin
[FILE LOADING]:ui/free/bn_c000.gim
[FILE LOADING]:ui/free/com_nm.gim
ERROR 0x9ffed84
SQ:lv2(2): #
lv2(2): #
lv2(2): # SDK version: 446000
lv2(2): # system software version: 4.46 (DEX)
lv2(2): # revision: 49873
lv2(2): #
lv2(2): # Lv-2 detected an interrupt(exception) in a user PPU Thread.
lv2(2): #
lv2(2): # Interrupt(exception) Info.
lv2(2): #   Type : Data Storage
lv2(2): decrypt line = (1) column = (0) : error unexpected character(control)
lv2(2): #   SRR0 : 0x0000000081052170
lv2(2): #   SRR1 : 0x800000000200e032
lv2(2): #   DSISR: 0x0000000042000000
lv2(2): #   DAR  : 0x00000000b182b18e
lv2(2): #   TB   : 0x00000003e747def9
lv2(2): #   HW Thread #: 0
lv2(2): #
lv2(2): # Backtrace
lv2(2): #   0x00000000016a8d88 sub_C8CB0 + 0xD8
lv2(2): #   0x00000000015e36ac
lv2(2): #   0x0000000000b7d25c
lv2(2): #   0x000000000163bc48 bl        _ThreadManForUser_D3C08E1A
lv2(2): #   0x000000000163c68c bl        sub_5B0C8
lv2(2): #   0x000000000163dc14 bl        sub_5C32C
lv2(2): #   0x000000000163ddd8 bl        sub_5DA7C / SceModmgrStart
lv2(2): #   0x00000000016697c8 - PEmuExecThread
lv2(2): #   0xbadadd0010800a3c
lv2(2): #
lv2(2): # User PPU Thread Info.
lv2(2): #   ID        : 0x010800a4
lv2(2): #   Name      : PEmuExecThread
lv2(2): #   Stack addr: 0x00000000d00ab000
lv2(2): #   Stack size: 0x0000000000020000
lv2(2): #   Priority  : 1001
lv2(2): #   Proc name : /dev_flash/pspemu/psp_emulator.self
lv2(2): #   Proc ID   : 0x1030200
lv2(2): #
lv2(2): # Register Info.
lv2(2): #      LR: 0x0000000080bc1cf4     CR:0x28228082
lv2(2): #     CTR: 0x0000000081051ab8
lv2(2): #
lv2(2): #   GPR 0: 0x0000000000000000  GPR 1: 0x00000000d00c9f50
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0x00000000b3900000
lv2(2): #   GPR 4: 0x0000000000000000  GPR 5: 0x0000000001abc4f0
lv2(2): #   GPR 6: 0x00000000089ee400  GPR 7: 0x0000000081051ab8
lv2(2): #   GPR 8: 0x00000000300000c0  GPR 9: 0x0000000000000001
lv2(2): #   GPR10: 0x00000000b8c050b0  GPR11: 0x00000000b182b18e
lv2(2): #   GPR12: 0x00000000b182b182  GPR13: 0x000000001000cf50
lv2(2): #   GPR14: 0x0000000001abc4f0  GPR15: 0x00000000300e55c0
lv2(2): #   GPR16: 0x000000008107c290  GPR17: 0x0000000008aa6c88
lv2(2): #   GPR18: 0x0000000008aa6cb0  GPR19: 0x0000000008aa6958
lv2(2): #   GPR20: 0x0000000008aa6c80  GPR21: 0xfffffffffffffffc
lv2(2): #   GPR22: 0x00000000000000b0  GPR23: 0x0000000008c05088
lv2(2): #   GPR24: 0x000000006d92e082  GPR25: 0x0000000008ca4690
lv2(2): #   GPR26: 0x0000000000000002  GPR27: 0x0000000008000000
lv2(2): #   GPR28: 0x00000000000003e8  GPR29: 0x0000000000000032
lv2(2): #   GPR30: 0x0000000009ffe8d0  GPR31: 0x00000000089ee400
lv2(2): #
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x82064000
lv2(2): #
lv2(2): #   FPR 0: 0xbfe3542760000000  FPR 1: 0x0000000000000000
lv2(2): #   FPR 2: 0x407c800000000000  FPR 3: 0x0000000000000000
lv2(2): #   FPR 4: 0xfff8000082064000  FPR 5: 0x408e000000000000
lv2(2): #   FPR 6: 0x3f51111120000000  FPR 7: 0x0000000000000000
lv2(2): #   FPR 8: 0x4070000000000000  FPR 9: 0x0000000000000000
lv2(2): #   FPR10: 0x0000000000000000  FPR11: 0x0000000000000000
lv2(2): #   FPR12: 0xfff8000082064000  FPR13: 0xbff0000000000000
lv2(2): #   FPR14: 0x00000010803a4000  FPR15: 0x00000010803a4000
lv2(2): #   FPR16: 0x00000010803a4000  FPR17: 0x00000010803a4000
lv2(2): #   FPR18: 0x00000010803a4000  FPR19: 0x00000010803a4000
lv2(2): #   FPR20: 0x00000010803a4000  FPR21: 0x00000010803a4000
lv2(2): #   FPR22: 0x00000010803a4000  FPR23: 0x00000010803a4000
lv2(2): #   FPR24: 0x00000010803a4000  FPR25: 0x00000010803a4000
lv2(2): #   FPR26: 0x00000010803a4000  FPR27: 0x00000010803a4000
lv2(2): #   FPR28: 0x00000010803a4000  FPR29: 0x00000010803a4000
lv2(2): #   FPR30: 0x00000010803a4000  FPR31: 0x00000010803a4000

PPSSPP

28:02:573 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:map/free/freemap.xml
28:02:576 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:sound/se/se_map00.phb
28:02:593 user_main    I[KERNEL]: HLE\sceKernelMemory.cpp:1140 sceKernelPrintf: Load : [sound/se/se_map00][3,-1]
28:02:594 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/free/place.bin
28:02:608 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [8]ui/free/place.bin
28:02:609 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/common/fm_00.bin
28:02:615 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [9]ui/common/fm_00.bin
28:02:615 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/common/fm_01.bin
28:02:618 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [10]ui/common/fm_01.bin
28:02:618 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/common/fm_02.bin
28:02:620 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [11]ui/common/fm_02.bin
28:02:621 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/free/command00.bin
28:02:622 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [12]ui/free/command00.bin
28:02:623 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/free/command00.bin
28:02:624 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [13]ui/free/command00.bin
28:02:624 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/free/rs_02.bin
28:02:627 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [14]ui/free/rs_02.bin
28:02:628 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/free/bn_c000.gim
28:02:634 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:ui/free/com_nm.gim
28:02:638 user_main    I[HLE]: HLE\scePauth.cpp:38 scePauth_F7AA47F6(08c2cc40, 00000df0, 0bffed80, 0bffed84)
28:02:639 user_main    I[COMMON]: FileUtil.cpp:248 CreateDir: directory ...\ppsspp_win\memstick/PAUTH
28:02:660 user_main    E[HLE]: HLE\scePauth.cpp:63 No decrypted file found! save as ...\ppsspp_win\memstick/PAUTH/pauth_5fb505c3.bin
28:02:676 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: ERROR 0xffffffff
28:02:679 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:char/free/c000.xml
28:02:682 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:char/free/c000/c000_00a.gmo
28:02:720 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:char/freemot/a000b.gmo
28:02:738 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:char/freemot/a010b.gmo
28:02:771 user_main    I[IO]: HLE\sceIo.cpp:906 stdout: [FILE LOADING]:char/freemot/a011a.gmo

Harry Potter and the Half-Blood Prince

rsx-err 262

Killzone Liberation

lv2(2): # Interrupt(exception) Info.
lv2(2): #   Type : Instruction Segment
lv2(2): #   SRR0 : 0xbadadd0010b00760
lv2(2): #   SRR1 : 0x800000000000c032
lv2(2): #   DSISR: 0x0000000002200000
lv2(2): #   DAR  : 0x8000000100078ad0
lv2(2): #   TB   : 0x00000007828ccc76
lv2(2): #   HW Thread #: 1

lv2(2): # Register Info.
lv2(2): #      LR: 0xbadadd0010b00760     CR:0x24000028
lv2(2): #     CTR: 0x000000000163c62c
lv2(2): #
lv2(2): #   GPR 0: 0xbadadd0010b00760  GPR 1: 0x00000000d00caf90
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0xffffffffffffffff
lv2(2): #   GPR 4: 0x00000000300e4630  GPR 5: 0x0000000000000021
lv2(2): #   GPR 6: 0x0000000000010000  GPR 7: 0x0000000000000000
lv2(2): #   GPR 8: 0x00000000d00cad90  GPR 9: 0x0000000000000000
lv2(2): #   GPR10: 0xffffffff80020001  GPR11: 0x0000000000000002
lv2(2): #   GPR12: 0x0000000024000028  GPR13: 0x000000001000cf50
lv2(2): #   GPR14: 0x0000000000000000  GPR15: 0x0000000000000000
lv2(2): #   GPR16: 0x0000000000000000  GPR17: 0x0000000000000000
lv2(2): #   GPR18: 0x0000000000000000  GPR19: 0x0000000000000000
lv2(2): #   GPR20: 0x0000000000000000  GPR21: 0x0000000000000000
lv2(2): #   GPR22: 0x0000000000000000  GPR23: 0x0000000000000000
lv2(2): #   GPR24: 0x0000000000000000  GPR25: 0x0000000000000000
lv2(2): #   GPR26: 0x0000000000000000  GPR27: 0x0000000000000000
lv2(2): #   GPR28: 0x0000000000000000  GPR29: 0x0000000000000000
lv2(2): #   GPR30: 0x0000000000000000  GPR31: 0x0000000000000000
lv2(2): #
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x00000000
lv2(2): #
lv2(2): #   FPR 0: 0x00000010b0376000  FPR 1: 0x0000000000000000
lv2(2): #   FPR 2: 0x0000000000000000  FPR 3: 0x0000000000000000
lv2(2): #   FPR 4: 0x0000000000000000  FPR 5: 0x0000000000000000
lv2(2): #   FPR 6: 0x0000000000000000  FPR 7: 0x0000000000000000
lv2(2): #   FPR 8: 0x0000000000000000  FPR 9: 0x0000000000000000
lv2(2): #   FPR10: 0x0000000000000000  FPR11: 0x0000000000000000
lv2(2): #   FPR12: 0x0000000000000000  FPR13: 0x0000000000000000
lv2(2): #   FPR14: 0x0000000000000000  FPR15: 0x0000000000000000
lv2(2): #   FPR16: 0x0000000000000000  FPR17: 0x0000000000000000
lv2(2): #   FPR18: 0x0000000000000000  FPR19: 0x0000000000000000
lv2(2): #   FPR20: 0x0000000000000000  FPR21: 0x0000000000000000
lv2(2): #   FPR22: 0x0000000000000000  FPR23: 0x0000000000000000
lv2(2): #   FPR24: 0x0000000000000000  FPR25: 0x0000000000000000
lv2(2): #   FPR26: 0x0000000000000000  FPR27: 0x0000000000000000
lv2(2): #   FPR28: 0x0000000000000000  FPR29: 0x0000000000000000
lv2(2): #   FPR30: 0x0000000000000000  FPR31: 0x0000000000000000

Fix:

ELF_PATH = disc0:/PSP_GAME/USRDIR/KZL.PRX

Crash was happening because emulator does not support game prx via loader.

KZL PRX crash after guerilla logo

lv2(2): # Interrupt(exception) Info.
lv2(2): #   Type : Data Storage
lv2(2): #   SRR0 : 0x000000000165d70c sub_7CBB8 + 0xB54
lv2(2): #   SRR1 : 0x800000000200e032
lv2(2): #   DSISR: 0x0000000040000000
lv2(2): #   DAR  : 0x0000000000000000
lv2(2): #   TB   : 0x00000009f27df9f0
lv2(2): #   HW Thread #: 1
lv2(2): #
lv2(2): # Backtrace
lv2(2): #   0x00000000d00cfd0c
lv2(2): #   0x000000000162dfcc sub_4DF98 + 0x34 - 0x779242A2 0x00220920 sceRtcConvertLocalTimeToUTC
lv2(2): #   0x0000000001602bf4 cvt.s.w %s,%s
lv2(2): #   0x00000000016c8d88
lv2(2): #   0x00000000016036ac vmone.t %s
lv2(2): #   0x0000000000b9d25c
lv2(2): #   0x000000000165bc48
lv2(2): #   0x000000000165c68c
lv2(2): #   0x000000000165dc14
lv2(2): #   0x000000000165ddd8
lv2(2): #   0x00000000016897c8
lv2(2): #   0xbadadd0018100c7c
lv2(2): #
lv2(2): # User PPU Thread Info.
lv2(2): #   ID        : 0x018100c8
lv2(2): #   Name      : PEmuExecThread
lv2(2): #   Stack addr: 0x00000000d00b1000
lv2(2): #   Stack size: 0x0000000000020000
lv2(2): #   Priority  : 1001
lv2(2): #   Proc name : /dev_flash/pspemu/psp_emulator.self
lv2(2): #   Proc ID   : 0x1050200
lv2(2): #
lv2(2): # Register Info.
lv2(2): #      LR: 0x000000000165d704     CR:0x28242042
lv2(2): #     CTR: 0x00000000000a512c
lv2(2): #
lv2(2): #   GPR 0: 0x0000000008e92184  GPR 1: 0x00000000d00cfc80
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0x0000000000000000
lv2(2): #   GPR 4: 0x0000000000000001  GPR 5: 0x0000000009f000b4
lv2(2): #   GPR 6: 0x0000000000000000  GPR 7: 0x00000000400e4630
lv2(2): #   GPR 8: 0x0000000009f000b4  GPR 9: 0x000000000011db40
lv2(2): #   GPR10: 0x0000000008820300  GPR11: 0x0000000001a6c658
lv2(2): #   GPR12: 0x00000000000c0308  GPR13: 0x000000001000d260
lv2(2): #   GPR14: 0x0000000001abc4f0  GPR15: 0x00000000400e5170
lv2(2): #   GPR16: 0x0000000028242042  GPR17: 0x000000008004b1a0
lv2(2): #   GPR18: 0x0000000000000000  GPR19: 0x0000000000000001
lv2(2): #   GPR20: 0x0000000000000000  GPR21: 0x0000000000000000
lv2(2): #   GPR22: 0x0000000001abc4f0  GPR23: 0x00000000400e5170
lv2(2): #   GPR24: 0x0000000000000000  GPR25: 0x0000000000000001
lv2(2): #   GPR26: 0x0000000000000000  GPR27: 0x0000000000000000
lv2(2): #   GPR28: 0x0000000000000000  GPR29: 0x0000000000000000
lv2(2): #   GPR30: 0x0000000000000000  GPR31: 0x0000000000000000
lv2(2): #
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x00000000
lv2(2): #
lv2(2): #   FPR 0: 0x00000018103c8000  FPR 1: 0x00000018103c8000
lv2(2): #   FPR 2: 0x00000018103c8000  FPR 3: 0x00000018103c8000
lv2(2): #   FPR 4: 0xfff8000000000000  FPR 5: 0x00000018103c8000
lv2(2): #   FPR 6: 0x00000018103c8000  FPR 7: 0x00000018103c8000
lv2(2): #   FPR 8: 0x00000018103c8000  FPR 9: 0x00000018103c8000
lv2(2): #   FPR10: 0x00000018103c8000  FPR11: 0x00000018103c8000
lv2(2): #   FPR12: 0xfff8000000000000  FPR13: 0x00000018103c8000
lv2(2): #   FPR14: 0x00000018103c8000  FPR15: 0x00000018103c8000
lv2(2): #   FPR16: 0x00000018103c8000  FPR17: 0x00000018103c8000
lv2(2): #   FPR18: 0x00000018103c8000  FPR19: 0x00000018103c8000
lv2(2): #   FPR20: 0x00000018103c8000  FPR21: 0x00000018103c8000
lv2(2): #   FPR22: 0x00000018103c8000  FPR23: 0x00000018103c8000
lv2(2): #   FPR24: 0x00000018103c8000  FPR25: 0x00000018103c8000
lv2(2): #   FPR26: 0x00000018103c8000  FPR27: 0x00000018103c8000
lv2(2): #   FPR28: 0x00000018103c8000  FPR29: 0x00000018103c8000
lv2(2): #   FPR30: 0x00000018103c8000  FPR31: 0x00000018103c8000

Metal Gear Solid Portable

PS3 - freezes on startup

lv2(2): #   Type : Instruction Segment 
lv2(2): #   SRR0 : 0xbadadd0010300bd0 
lv2(2): #   SRR1 : 0x800000000000c032 
lv2(2): #   DSISR: 0x0000000002200000 
lv2(2): #   DAR  : 0x00000000b0010000 
lv2(2): #   TB   : 0x00000000dfe842f2 
lv2(2): #   HW Thread #: 1 
lv2(2): # 
lv2(2): # Backtrace 
lv2(2): #   0xbadadd0010300bcc 
lv2(2): # 
lv2(2): # User PPU Thread Info. 
lv2(2): #   ID        : 0x010300bd 
lv2(2): #   Name      : PEmuExecThread 
lv2(2): #   Stack addr: 0x00000000d00ab000 
lv2(2): #   Stack size: 0x0000000000020000 
lv2(2): #   Priority  : 1001 
lv2(2): #   Proc name : /dev_flash/pspemu/psp_emulator.self 
lv2(2): #   Proc ID   : 0x1010200 
lv2(2): # 
lv2(2): # Register Info. 
lv2(2): #      LR: 0xbadadd0010300bd0     CR:0x24000028 
lv2(2): #     CTR: 0x000000000163c62c 
lv2(2): # 
lv2(2): #   GPR 0: 0xbadadd0010300bd0  GPR 1: 0x00000000d00caf90 
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0xffffffffffffffff 
lv2(2): #   GPR 4: 0x00000000300e6030  GPR 5: 0x0000000000000021 
lv2(2): #   GPR 6: 0x0000000000010000  GPR 7: 0x0000000000000000 
lv2(2): #   GPR 8: 0x00000000d00cad90  GPR 9: 0x0000000000000000 
lv2(2): #   GPR10: 0xffffffff80020001  GPR11: 0x0000000000000002 
lv2(2): #   GPR12: 0x0000000024000028  GPR13: 0x000000001000cf50 
lv2(2): #   GPR14: 0x0000000000000000  GPR15: 0x0000000000000000 
lv2(2): #   GPR16: 0x0000000000000000  GPR17: 0x0000000000000000 
lv2(2): #   GPR18: 0x0000000000000000  GPR19: 0x0000000000000000 
lv2(2): #   GPR20: 0x0000000000000000  GPR21: 0x0000000000000000 
lv2(2): #   GPR22: 0x0000000000000000  GPR23: 0x0000000000000000 
lv2(2): #   GPR24: 0x0000000000000000  GPR25: 0x0000000000000000 
lv2(2): #   GPR26: 0x0000000000000000  GPR27: 0x0000000000000000 
lv2(2): #   GPR28: 0x0000000000000000  GPR29: 0x0000000000000000 
lv2(2): #   GPR30: 0x0000000000000000  GPR31: 0x0000000000000000 
lv2(2): # 
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x00000000 
lv2(2): # 
lv2(2): #   FPR 0: 0x00000010303bd000

Crash happened because of wrong signing of EBOOT.BIN via PrxEncrypter, starts when signed with sign_np

later on freezes

rsx-err 1 

_CELL_DBG_RSX_ERROR_FIFO_PARSE_ERROR

Motorstorm Arctic Edge

On Freeze:

rsx-err 256
local cmd area [100000-500000]
cmd_offset=1e0000 start_cmd=f7bc
put=44060 get=4a9900
debug label = 1337c0d3
ret_local_offset = 4ace30
ret_main_offset = 44060
cmdbuf_base = 100000
old_jts[0]=204ace34
flip timeout!
local cmd area [100000-500000]
cmd_offset=3a0000 start_cmd=fc70
put=44060 get=4a9900
debug label = 1337c0d3
ret_local_offset = 2efa30
ret_main_offset = 44060
get[-32] = 43900000
get[-31] = 43800000
get[-30] = 0
get[-29] = ffffffff
get[-28] = 4499999a
get[-27] = 448b4b4b
get[-26] = 3f800000
get[-25] = 0
get[-24] = 41808
get[-23] = 0
get[-22] = 400c1714
get[-21] = 0
get[-20] = 0
get[-19] = 0
get[-18] = 41808
get[-17] = 8
get[-16] = 0
get[-15] = 0
get[-14] = 0
get[-13] = 40801818
get[-12] = 43a00000
get[-11] = 0
get[-10] = 0
get[-9] = ffffffff
get[-8] = 44aaaaab
get[-7] = 0
get[-6] = 3f800000
get[-5] = 0
get[-4] = 43b00000
get[-3] = 0
get[-2] = 0
get[-1] = ffffffff
get[0] = 44bbbbbc
get[1] = 0
get[2] = 3f800000
get[3] = 0
get[4] = 43b00000
get[5] = 43800000
get[6] = 0
get[7] = ffffffff
get[8] = 44bbbbbc
get[9] = 448b4b4b
get[10] = 3f800000
get[11] = 0
get[12] = 43a00000
get[13] = 43800000
get[14] = 0
get[15] = ffffffff
get[16] = 44aaaaab
get[17] = 448b4b4b
get[18] = 3f800000
get[19] = 0
get[20] = 41808
get[21] = 0
get[22] = 400c1714
get[23] = 0
get[24] = 0
get[25] = 0
get[26] = 41808
get[27] = 8
get[28] = 0
get[29] = 0
get[30] = 0
get[31] = 40801818
get[32] = 43b00000

rsx-err 256 - _CELL_DBG_RSX_ERROR_GRAPH_LIMIT_COLOR ?

  • failure on accessing a tiled area (accessed as a color buffer)
  • cellGcmSetSurface() not properly set for the tiled area
  • pitch sizes in cellGcmSetSurface() are larger than cellGcmSetTileInfo() / cellGcmSetDisplayBuffer()
  • memory format specified in cellGcmSetInlineTransfer() must be linear format
  • fragment program being placed in tiled area and cellGcmSetFragmentProgramParameter() called

Naruto Ultimate Ninja Impact

fatal error : cannot load disc0:/sce_lbn0xE640_size0x5100 0x80020148
fatal error : cannot load module disc0:/sce_lbn0xE640_size0x5100
fatal error : cannot load disc0:/sce_lbn0xE640_size0x5100 0x80020148
fatal error : cannot load module disc0:/sce_lbn0xE640_size0x5100
fatal error : cannot load disc0:/sce_lbn0xE640_size0x5100 0x80020148
fatal error : cannot load module disc0:/sce_lbn0xE640_size0x5100

SCE_KERNEL_ERROR_UNSUPPORTED_PRX_TYPE = 0x80020148

Patapon 3

PS3

lv2(2): # Interrupt(exception) Info.
lv2(2): #   Type : Data Storage
lv2(2): #   SRR0 : 0x0000000001668aa4 sub_88A80+0x24
lv2(2): #   SRR1 : 0x800000000200e032
lv2(2): #   DSISR: 0x0000000042000000
lv2(2): #   DAR  : 0x0000000000000038
lv2(2): #   TB   : 0x000000017fdd4b06
lv2(2): #   HW Thread #: 0
lv2(2): # Backtrace
lv2(2): #   0x0000000001668cc4 _Export_PEmuCoreLib_3A9CD1C8+0x2C
lv2(2): #   0x0000000000dd369c
lv2(2): #   0x000000000160827c sceIoClose+0x1C
lv2(2): #   0x00000000015e2bf4
lv2(2): #   0x00000000016a8d88
lv2(2): #   0x00000000015e36ac
lv2(2): #   0x0000000000b7d25c
lv2(2): #   0x000000000163bc48
lv2(2): #   0x000000000163c68c
lv2(2): #   0x000000000163dc14
lv2(2): #   0x000000000163ddd8
lv2(2): #   0x00000000016697c8
lv2(2): #   0xbadadd0010700f4c
lv2(2): # Register Info.
lv2(2): #      LR: 0x0000000001668ce4     CR:0x28244044
lv2(2): #     CTR: 0x00000000000a562c
lv2(2): #
lv2(2): #   GPR 0: 0x0000000000000000  GPR 1: 0x00000000d00c98a0
lv2(2): #   GPR 2: 0x000000000191ef80  GPR 3: 0x0000000001abccec
lv2(2): #   GPR 4: 0x00000000300e4180  GPR 5: 0x0000000001abc4f0
lv2(2): #   GPR 6: 0x00000000015e2ba0  GPR 7: 0x00000000801bafc0
lv2(2): #   GPR 8: 0x00000000300e4180  GPR 9: 0x0000000000000000
lv2(2): #   GPR10: 0x0000000000000000  GPR11: 0x0000000000000000
lv2(2): #   GPR12: 0x00000000000c0328  GPR13: 0x000000001000cf50
lv2(2): #   GPR14: 0x0000000001abc4f0  GPR15: 0x00000000300e51e0
lv2(2): #   GPR16: 0x0000000028244042  GPR17: 0x0000000000000000
lv2(2): #   GPR18: 0x0000000008c4b6eb  GPR19: 0x00000000ffffffff
lv2(2): #   GPR20: 0x0000000000000001  GPR21: 0x0000000000000000
lv2(2): #   GPR22: 0x0000000008c4b6e8  GPR23: 0x0000000008c4b6e0
lv2(2): #   GPR24: 0x00000000fefefeff  GPR25: 0x0000000000000002
lv2(2): #   GPR26: 0x0000000008a59820  GPR27: 0x0000000001a9c0b4
lv2(2): #   GPR28: 0x00000000300e4180  GPR29: 0x00000000300e4180
lv2(2): #   GPR30: 0x00000000300e4180  GPR31: 0x0000000000000000
lv2(2): #
lv2(2): #     XER: 0x0000000000000000  FPSCR: 0x00000000
lv2(2): #
lv2(2): #   FPR 0: 0x00000010703f5000  FPR 1: 0x00000010703f5000
lv2(2): #   FPR 2: 0x00000010703f5000  FPR 3: 0x00000010703f5000
lv2(2): #   FPR 4: 0xfff8000000000000  FPR 5: 0x00000010703f5000
lv2(2): #   FPR 6: 0x00000010703f5000  FPR 7: 0x00000010703f5000
lv2(2): #   FPR 8: 0x00000010703f5000  FPR 9: 0x00000010703f5000
lv2(2): #   FPR10: 0x00000010703f5000  FPR11: 0x00000010703f5000
lv2(2): #   FPR12: 0xfff8000000000000  FPR13: 0x00000010703f5000
lv2(2): #   FPR14: 0x00000010703f5000  FPR15: 0x00000010703f5000
lv2(2): #   FPR16: 0x00000010703f5000  FPR17: 0x00000010703f5000
lv2(2): #   FPR18: 0x00000010703f5000  FPR19: 0x00000010703f5000
lv2(2): #   FPR20: 0x00000010703f5000  FPR21: 0x00000010703f5000
lv2(2): #   FPR22: 0x00000010703f5000  FPR23: 0x00000010703f5000
lv2(2): #   FPR24: 0x00000010703f5000  FPR25: 0x00000010703f5000
lv2(2): #   FPR26: 0x00000010703f5000  FPR27: 0x00000010703f5000
lv2(2): #   FPR28: 0x00000010703f5000  FPR29: 0x00000010703f5000
lv2(2): #   FPR30: 0x00000010703f5000  FPR31: 0x00000010703f5000

PPSSPP

17:07:711 user_main    D[IO]: HLE\sceIo.cpp:1762 5=sceIoOpenAsync(disc0:/PSP_GAME/USRDIR/DATAMS.HED, 00000001, 00000000)
17:07:711 user_main    D[IO]: HLE\sceIo.cpp:1879 5 = sceIoWaitAsyncCB(5, 0bfff330): waiting
17:07:711 user_main    D[IO]: HLE\sceIo.cpp:1141 206848 = sceIoLseek(5, 0, 2)
17:07:711 user_main    D[IO]: HLE\sceIo.cpp:1141 0 = sceIoLseek(5, 0, 0)
17:07:711 FileThread   D[IO]: HLE\sceIo.cpp:1177 0 = sceIoLseekAsync(5, 0, 0)
17:07:711 FileThread   D[IO]: HLE\sceIo.cpp:1907 0 = sceIoPollAsync(5, 0bfdb988): not ready
17:07:711 FileThread   D[IO]: HLE\sceIo.cpp:1718 sceIoSetAsyncCallback(5, 295, 08c49bc0)
17:07:712 FileThread   D[IO]: HLE\sceIo.cpp:1910 0 = sceIoPollAsync(5, 0bfdba88)
17:07:712 FileThread   D[IO]: HLE\sceIo.cpp:884 sceIoReadAsync(5, 08c4ce80, 13fc8): deferring result
17:07:712 FileThread   D[IO]: HLE\sceIo.cpp:1907 0 = sceIoPollAsync(5, 0bfdb988): not ready
17:07:712 FileThread   D[IO]: HLE\sceIo.cpp:1718 sceIoSetAsyncCallback(5, 295, 08c49bc0)
17:07:712 FileThread   D[IO]: HLE\sceIo.cpp:1907 0 = sceIoPollAsync(5, 0bfdb988): not ready
17:07:712 FileThread   D[IO]: HLE\sceIo.cpp:1907 0 = sceIoPollAsync(5, 0bfdb988): not ready
17:07:712 FileThread   D[IO]: HLE\sceIo.cpp:1907 0 = sceIoPollAsync(5, 0bfdb988): not ready
17:07:712 FileThread   D[IO]: HLE\sceUmd.cpp:317 0x32=sceUmdGetDriveStat()
17:07:713 FileThread   D[IO]: HLE\sceIo.cpp:1910 81864 = sceIoPollAsync(5, 0bfdba88)
17:15:853 user_main    D[IO]: HLE\sceIo.cpp:1285 sceIoClose(5)

18:26:237 user_main    D[IO]: HLE\sceIo.cpp:1762 5=sceIoOpenAsync(disc0:/PSP_GAME/USRDIR/DATAMS.BND, 00000001, 00000000)
18:26:237 user_main    D[IO]: HLE\sceIo.cpp:1879 5 = sceIoWaitAsyncCB(5, 0bfff490): waiting
18:26:237 user_main    D[IO]: HLE\sceIo.cpp:693 sceIoGetstat(disc0:/PSP_GAME/USRDIR/DATAMS.BND, 0bfff498) : sector = 0001f350
18:30:214 user_main    D[IO]: HLE\sceIo.cpp:1285 sceIoClose(-1)


Persona3 PORTABLE

No Exception Message, Console hard freezes.

flip timeout!

local cmd area [100000-500000]
cmd_offset=330000 start_cmd=df3c
put=2c9c0 get=43750c
debug label = 1337c0d3
ret_local_offset = 43aec0
ret_main_offset = 2c9c0
AW.VRAM_MODE = 1


Sword Art Online

Right in ingame Tutorial, hard freezes console, no exception message


finish mpeg avc

lv2(2): System Warning : busy loop detected
local cmd area [100000-500000]
cmd_offset=3d0000 start_cmd=170c
put=622c0 get=4d1708
debug label = 1337c0d3
ret_local_offset = 3c27e0
ret_main_offset = 622c0

Valkyrie Profile Lenneth


sceDisplayGetAccumulatedHcount() = d325
sceDisplayGetAccumulatedHcount() = d443
sceDisplaySetFrameBuf(topaddr:4088000, bufferwidth:512, pixelformat:3, sync:1) = 0
sceDisplayGetAccumulatedHcount() = d561
sceGeEdramGetAddr() = 4000000
sceGeEdramGetAddr() = 4000000
sceGeListEnQueue(list:4198800,, stall:0, cbid:0, arg:9f13e20) = 49adca28
sceDisplayGetAccumulatedHcount() = d67f
sceDisplaySetFrameBuf(topaddr:4000000, bufferwidth:512, pixelformat:3, sync:0) = 0
sceGeListEnQueue(list:48e951c0,, stall:48e951c0, cbid:0, arg:8857520) = 48adca1f
sceGeEdramGetAddr() = 4000000
sceGeListUpdateStallAddr(qid:48adca1f,, stall:48e952fc) = 0
sceGeListUpdateStallAddr(qid:48adca1f,, stall:48e95394) = 0
sceGeEdramGetAddr() = 4000000
sceGeEdramGetAddr() = 4000000
sceGeListEnQueue(list:4198800,, stall:0, cbid:0, arg:9f13e20) = 4fadca16
sceDisplayGetAccumulatedHcount() = d79d
sceDisplaySetFrameBuf(topaddr:4088000, bufferwidth:512, pixelformat:3, sync:0) = 0
sceGeListEnQueue(list:48e951c0, stall:48e951c0, cbid:0, arg:8857520) = 4eadca0d
rsx-err 257 
local cmd area [100000-500000]
cmd_offset=20000 start_cmd=76e0
put=10ed8 get=52f680
debug label = 1337c0d3
ret_local_offset = 1275b0
ret_main_offset = 10dd4
cmdbuf_base = 100000
old_jts[0]=201275b4
sceGeEdramGetAddr() = 4000000
sceGeListUpdateStallAddr(qid:4eadca0d,, stall:48e952fc) = 0
sceGeListUpdateStallAddr(qid:4eadca0d,, stall:48e95394) = 0
sceGeEdramGetAddr() = 4000000
sceGeEdramGetAddr() = 4000000
sceGeListEnQueue(list:4198800,, stall:0, cbid:0, arg:9f13e20) = 4dadca05
sceUtilitySavedataInitStart(8e9bc1c) = 0

rsx-err 257 - _CELL_DBG_RSX_ERROR_GRAPH_LIMIT_Z ?

  • tiled area is accessed as depth buffer
  • depth buffer area not properly specified in cellGcmSetSurface() for tiled area
  • pitch size not properly specified in cellGcmSetSurface() or may be larger than in cellGcmSetTileInfo()
  • pitch size in cellGcmSetDisplayBuffer() must be the same as for the color buffer in cellGcmSetTileInfo() and cellGcmSetSurface()