Talk:PS2 Emulation: Difference between revisions
Jump to navigation
Jump to search
(Removed no longer relevant info.) |
|||
| (37 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== | == Registers == | ||
**1040000000 VU1 regs, mapping like on VU0. | **1040000000 VU1 regs, mapping like on VU0. | ||
**1050000000 VU1 micro data memory (1100C000 on real | **1050000000 VU1 micro data memory (1100C000 on real PS2 and PCSX2 debugger) size 0x4000. | ||
**1050004000 VU1 micro data memory mirror (1100C000 on real | **1050004000 VU1 micro data memory mirror (1100C000 on real PS2 and PCSX2 debugger) size 0x4000. Likely mirrored 2 more times on 8000 and c000 | ||
**104000C000 emulator place here VU1 constants used in popular operations. Eatan/eexp constants, masks for clamping, etc. Similar array can be found in | **104000C000 emulator place here VU1 constants used in popular operations. Eatan/eexp constants, masks for clamping, etc. Similar array can be found in PCSX2 (mVU_Globals), Dobiestation (atan_const, etc), Play! (GenerateEATAN, etc.) | ||
**1030004000 emulator place here VU0 constants used in popular operations. Like above (vu0 don't have efu so placing there efu constants for eatan/eexp is pointless, but there they are). | **1030004000 emulator place here VU0 constants used in popular operations. Like above (vu0 don't have efu so placing there efu constants for eatan/eexp is pointless, but there they are). | ||
--[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:37, 5 January 2023 (UTC) | --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:37, 5 January 2023 (UTC) | ||
= | == Miscellaneous information == | ||
Some data that eventually need to be posted on main emulation page. All data posted here is obtained from jak tpl (so called v1) emulator. All data is confirmed in code itself, no guessing (unless said otherwise). Time to start releasing that old work to public. | Some data that eventually need to be posted on main emulation page. All data posted here is obtained from jak tpl (so called v1) emulator. All data is confirmed in code itself, no guessing (unless said otherwise). Time to start releasing that old work to public. | ||
| Line 23: | Line 24: | ||
*Default misc settings used by Jak TPL emu: https://pastebin.com/79JCRXkq (ps2_lang is changed later if host system match possible ps2 languages) | *Default misc settings used by Jak TPL emu: https://pastebin.com/79JCRXkq (ps2_lang is changed later if host system match possible ps2 languages) | ||
== | == Miscellaneous information 2 == | ||
*Both settings do the same thing: | *Both settings do the same thing: | ||
--external-hdd-fix | --external-hdd-fix | ||
| Line 35: | Line 37: | ||
No matter which value is used, 1 is set. | No matter which value is used, 1 is set. | ||
== | == ee-native-function == | ||
Emulator have set of predefined functions used in popular PS2 SDK libraries. Those function are highly optimized to run natively on x64. <br> | Emulator have set of predefined functions used in popular PS2 SDK libraries. Those function are highly optimized to run natively on x64. <br> | ||
'''--ee-native-function=name,address''' under the hood this is hooking selected address, and replace it with jump to predefined function. Functions available in JAK TPL emu: | '''--ee-native-function=name,address''' under the hood this is hooking selected address, and replace it with jump to predefined function. Functions available in JAK TPL emu: | ||
| Line 99: | Line 96: | ||
jr $ra | jr $ra | ||
addiu $sp, 0x30 | addiu $sp, 0x30 | ||
This is corner case example as floatdidf convert a 64bit signed integer to IEEE double, and PS2 developers generally had no reason to use doubles (fpu/vu are operating on 32 bit floats). But you can see that whole conversion is practically done in 1 opcode, while ps2 take massive function to do this. Other functions are usually less optimized, but still really worth it. | This is corner case example as floatdidf convert a 64bit signed integer to IEEE double, and PS2 developers generally had no reason to use doubles (fpu/vu are operating on 32 bit floats). But you can see that whole conversion is practically done in 1 opcode, while ps2 take massive function to do this. Other functions are usually less optimized, but still really worth it. | ||
==EE/VU injection== | == EE/VU injection == | ||
"Injections" are special sets of precompiled functions | |||
<br>'''VU1''' | "Injections" are special sets of precompiled functions. This idea is known better as "HLE emulation". Available injections can vary depending on ps2-compiler.self, because that is where the lookup for available functions is done. This literally replaces the code that normally is the recompiler, with optimized version when address and hash match. Probably not many games can use this. Good candidates are games that use the same engine as currently released PS2 classics. Many times VU1 programs are reused by the same developer. | ||
<br /> | |||
'''VU1''' | |||
*Name + offset in JAK TPL compiler | *Name + offset in JAK TPL compiler | ||
*unk1 | *unk1 | ||
| Line 245: | Line 245: | ||
Same goes for "kernel" injections, they are also based on ID + Hash + address. Generally all "injections" should be safe to be enabled by configs. There is really small chance for hash/address(and id) collision. Not to be confused with "native" / "native-patch" ! | Same goes for "kernel" injections, they are also based on ID + Hash + address. Generally all "injections" should be safe to be enabled by configs. There is really small chance for hash/address(and id) collision. Not to be confused with "native" / "native-patch" ! | ||
== | = RESEARCH TO DO = | ||
{| cellspacing="0" cellpadding="2" border="1" class="wikitable" style="text-align: center;" | {| cellspacing="0" cellpadding="2" border="1" class="wikitable" style="text-align: center;" | ||
! Name !! Notes | ! Name !! Notes | ||
| Line 301: | Line 252: | ||
| Locating the gs registers || Abysmal. | | Locating the gs registers || Abysmal. | ||
|- | |- | ||
| Trying to reverse-engineer any emulator's executable by using assembly and hxd to improve compatibility || Tedious. | | Trying to reverse-engineer any emulator's executable by using assembly and hxd to improve compatibility || Tedious. | ||
|- | |- | ||
| Locating the proper CDVD read speed (God of war and Ratchet size matters [Both have affected music]) || IOP and CDVD commands help | | Locating the proper CDVD read speed (God of war and Ratchet size matters [Both have affected music]) || IOP and CDVD commands help | ||
|- | |- | ||
| Find out what some of the gs commands do and edit their description || Infelicitous! | | Find out what some of the gs commands do and edit their description || Infelicitous! | ||
|- | |- | ||
| Understand the gs lua functions | | Understand the gs lua functions || | ||
|- | |- | ||
|} | |} | ||
* GS registers | |||
* GS registers are not mapped in easy way comparing to other ones. Offsets will vary per emulator, and that is for sure. This is what you get in read mode on Jak games emulator (not sure if I have v1 or v2 to be honest, but it is known as ps2emu16): | |||
gs_reg_SCISSOR_1 0000000001B11800 | gs_reg_SCISSOR_1 0000000001B11800 | ||
gs_reg_FBA_1 0000000001B11808 | gs_reg_FBA_1 0000000001B11808 | ||
| Line 376: | Line 324: | ||
hwreg_GS_EXTWRITE 0000000007D89FB8 | hwreg_GS_EXTWRITE 0000000007D89FB8 | ||
hwreg_GS_BGCOLOR 0000000007D89FC0 | hwreg_GS_BGCOLOR 0000000007D89FC0 | ||
But keep in mind that GS regs can be "duplicated" for different emulation stages. GS is jited too, so it should have kind of pipeline too. | But keep in mind that GS regs can be "duplicated" for different emulation stages. GS is jited too, so it should have kind of pipeline too. | ||
"Implement a EE memory patch for ratchet up your arsenal" Game write data using qmtc2/ctc2 and expect VU0 to still run at this point, which is not always true. Mega high vu0 mpg cycles could potentially push it little further. Patching that will be pain just because Ratchet use code overlays. This mean you need to patch game image with the same patch in more than 20 places. Because what you see in | "Implement a EE memory patch for ratchet up your arsenal" Game write data using qmtc2/ctc2 and expect VU0 to still run at this point, which is not always true. Mega high vu0 mpg cycles could potentially push it little further. Patching that will be pain just because Ratchet use code overlays. This mean you need to patch game image with the same patch in more than 20 places. Because what you see in PCSX2 debugger / ps2dis will change depend on stage you play now. That's why PS3, and PCSX2 use dynamic JIT patches (PCSX2 use it for different issues tho). --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 14:20, 27 February 2023 (CET) | ||
== no-clamping == | == no-clamping == | ||
Sup. Can i know how no-clamping behavior was tested to confirm that "The default emulator's behavior cannot be set by CLI commands."? Because that doesn't sound right, and emulator explicitly set 0 or 1 on init, which is confirmed in emu code. What can happen, is that other clamping settings were changed during test, and that affected result. But looking at code i don't think there is any possibility that something "in between" exist. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:33, 21 June 2023 (CEST) | Sup. Can i know how no-clamping behavior was tested to confirm that "The default emulator's behavior cannot be set by CLI commands."? Because that doesn't sound right, and emulator explicitly set 0 or 1 on init, which is confirmed in emu code. What can happen, is that other clamping settings were changed during test, and that affected result. But looking at code i don't think there is any possibility that something "in between" exist. --[[User:Kozarovv|Kozarovv]] ([[User talk:Kozarovv|talk]]) 09:33, 21 June 2023 (CEST) | ||
<br>It is based on a test I did on Sly Cooper 2. If VU1 Clamping was set to 1 or 0, the game crashes. If left empty, game works fine. --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 14:58, 21 June 2023 (CEST) | <br>It is based on a test I did on Sly Cooper 2. If VU1 Clamping was set to 1 or 0, the game crashes. If left empty, game works fine. --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 14:58, 21 June 2023 (CEST) | ||
| Line 393: | Line 340: | ||
So, after taking some time to think about it, I had remembered that the game would crash right after the first pyramid fmv at the press start screen. But yeah, leave as it is. You have the upper hand in removing/adding anything you like --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 17:19, 21 June 2023 (CEST) | So, after taking some time to think about it, I had remembered that the game would crash right after the first pyramid fmv at the press start screen. But yeah, leave as it is. You have the upper hand in removing/adding anything you like --[[User:Scalerize|Scalerize]] ([[User talk:Scalerize|talk]]) 17:19, 21 June 2023 (CEST) | ||
== | == Configuration table with IDs from Jak games emulator == | ||
Here is a table from Jak games emulator. This is how the PS2 emulator config parser sees data from CLI. Please do not edit typos, etc as this is exactly how it is in the emulator. I am leaving it here, so that the main page can be slowly updated with data from the table if needed. The PS2 emulator translates commands to ID, then uses ID in the jump table in its parser to apply configuration. ID is not guaranteed to be the same between emulators, but I have not tested that. Comments match ID too. UNK value is not critical for anything, but it is used for something, and it is part of the original table. This table is missing a few commands which are parsed outside of the main configuration routine. | |||
|============================================================================================================| | |============================================================================================================| | ||
| Line 774: | Line 721: | ||
| 362 | 0x1 | --pmc-measure-frames | frames(int) | | | 362 | 0x1 | --pmc-measure-frames | frames(int) | | ||
|============================================================================================================| | |============================================================================================================| | ||
Note: Few commands is accidentally read with = , for example --elf-symbols=. Commands like this possibly expect == to be used. Anyway, good for us all of those cmds are meaningless. | Note: Few commands is accidentally read with = , for example --elf-symbols=. Commands like this possibly expect == to be used. Anyway, good for us all of those cmds are meaningless. | ||
===Script=== | === PS2 Emulator Configuration Table Dumper IDA PRO Script === | ||
IDA Script to dump this | |||
IDA Script to dump this information. It should find all by itself. Should... Tested on Jak games emulator, and Rogue Galaxy emulator. Keep in mind that it will dump only to IDA PRO output window. To dump it to file, you need to modify this script by yourself. Script will separate fields by comma. Output will be ID, UNK, COMMMAND, COMMENT. Next commas are eventually from config comment itself. | |||
<source lang="py"> | |||
import idc | import idc | ||
import idaapi | import idaapi | ||
| Line 809: | Line 760: | ||
addr += 0x18 | addr += 0x18 | ||
dump() | dump() | ||
==Fatal Fury Modding== | </source> | ||
'''It seems modifying the eboot.bin of any emulator using | |||
== Fatal Fury Battle Archives Vol. 2 Modding == | |||
'''It seems that modifying the eboot.bin of any emulator using HxD allows us to use commands without adding them to the CLI. Potentially, we could locate VU0's jit-sync and modify it to fix many issues, while changing the values of other commands to suit our needs. This is a to-do in the future. Considering it needs a lot of researching, I am not sure when and if to work on it. It is filled with what Stayhye calls "speculation".''' | |||
<br>Eboot MD5: 7fc9af268802b36ef299c3ee0448de7b | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Fatal Fury Eboot !! !! !! !! !! | ! Fatal Fury Battle Archives Vol. 2 Eboot !! !! !! !! !! | ||
|- | |- | ||
| || '''Offset (Eboot)''' || '''Value type''' || '''Normal value''' || '''Modified value''' || '''Notes''' | | || '''Offset (Eboot)''' || '''Value type''' || '''Normal value''' || '''Modified value''' || '''Notes''' | ||
|- | |- | ||
| '''EE | | '''Counters speed''' || 50FE1 || 4 Bytes || 294912000 || Can be modified as needed for as long as the value fits 4 bytes. || | ||
|- | |||
| '''EE Clock (Cycle scalar)''' || 50FE5 || 4 Bytes || 0x00010000 || Can be modified as needed for as long as the value fits 4 bytes. || It's converting decimals into hex?<br>0.1 -->0x19000000<br>0.19 --> 0x3000000<br>0.2 -->0x33000000<br>0.5 --> 0x80000000<br>0.98 --> 0xFA000000<br>0.987 --> 0xFC000000<br>0.996 --> 0xFE000000<br>0.999 --> 0xFF000000 | |||
|- | |||
| '''IOP Clock (Cycle scalar)''' || 510EB || 4 Bytes || 0x80000000 || Can be modified as needed for as long as the value fits 4 bytes. || | |||
|- | |||
| '''VU0 mpg cycles''' || 4DE410 || 8x 2 bytes || 100 (dec) || || | |||
|- | |- | ||
| ''' | | '''VU1 mpg cycles''' || 4DE420 || 8x 2 bytes || 100 (dec) || || | ||
|- | |- | ||
| | | (?) || 5105B || 4 Bytes || 10000 || || | ||
|-style="background-color:#7698FF" | |-style="background-color:#7698FF" | ||
| Binary or 1 byte??? || || || || || | | Binary or 1 byte??? || || || || || | ||
| Line 832: | Line 794: | ||
|- | |- | ||
| '''VU0-di-bits''' || 5110A || 1 Byte || 0x26 || 0x06 || | | '''VU0-di-bits''' || 5110A || 1 Byte || 0x26 || 0x06 || | ||
|-style="background-color:#7698FF" | |||
| Completely unknown || || || || || | |||
|- | |||
| ? || 51142 || 2 bytes? || 0x8 || || || | |||
|- | |||
| ? || 51139 || 2 bytes? || 0x2 || || || | |||
|- | |||
| ? || 510F5 || 2 bytes? || 0x7D || || || | |||
|- | |||
| ? || 51114 || 2 bytes? || 0x3628 || || Modifying creates an insane amount of sps | |||
|- | |||
| ? || 5127E || 2 bytes? || 0x8005 || || | |||
|- | |||
| ? || 51109 || 2 bytes? || 0xCB26 || || | |||
|- | |||
| ? || 4DEF60 || 8x 2 bytes || 1098907648(dec) || || Seems to have something to do with VU0 | |||
|- | |||
| ? || 51194 || 4bytes? || 00A00000 || || Controls screen size | |||
|- | |||
| ? || 50FD3 || 4bytes || 70000000 || || --vif-thread-chunk-size?? | |||
|- | |||
| Framelimiter? || 59C318 || 0x3 || || | |||
|- | |- | ||
|} | |} | ||
Latest revision as of 20:53, 8 October 2024
Registers[edit source]
- 1040000000 VU1 regs, mapping like on VU0.
- 1050000000 VU1 micro data memory (1100C000 on real PS2 and PCSX2 debugger) size 0x4000.
- 1050004000 VU1 micro data memory mirror (1100C000 on real PS2 and PCSX2 debugger) size 0x4000. Likely mirrored 2 more times on 8000 and c000
- 104000C000 emulator place here VU1 constants used in popular operations. Eatan/eexp constants, masks for clamping, etc. Similar array can be found in PCSX2 (mVU_Globals), Dobiestation (atan_const, etc), Play! (GenerateEATAN, etc.)
- 1030004000 emulator place here VU0 constants used in popular operations. Like above (vu0 don't have efu so placing there efu constants for eatan/eexp is pointless, but there they are).
--Kozarovv (talk) 09:37, 5 January 2023 (UTC)
Miscellaneous information[edit source]
Some data that eventually need to be posted on main emulation page. All data posted here is obtained from jak tpl (so called v1) emulator. All data is confirmed in code itself, no guessing (unless said otherwise). Time to start releasing that old work to public.
- Settings ignored by emulator (there is more than that): https://pastebin.com/Hm9bfnF6
- Settings which use bool (0/1, emu accept true/false on/off too) as value: https://pastebin.com/iaLLAXHn
- Settings which use double float as value: https://pastebin.com/cZvxCb6K (unk max values are likely DBL_MAX )
- Default VU1 settings used by Jak TPL emu: https://pastebin.com/tDsTNWFH
- Default VU0 settings used by Jak TPL emu: https://pastebin.com/iSEngpJh
- Default VU settings used by Jak TPL emu: https://pastebin.com/NL8Vae1b
- Default IOP settings used by Jak TPL emu: https://pastebin.com/9K4dk6vb
- Default FPU settings used by Jak TPL emu: https://pastebin.com/YrF7fBT5
- Default EE settings used by Jak TPL emu: https://pastebin.com/SBXimZhc (awesome formatting pastebin, good job)
- Default COP2 settings used by Jak TPL emu: https://pastebin.com/aG0LDryy
- Default misc settings used by Jak TPL emu: https://pastebin.com/79JCRXkq (ps2_lang is changed later if host system match possible ps2 languages)
Miscellaneous information 2[edit source]
- Both settings do the same thing:
--external-hdd-fix --cdvd-determinism
--ee-kernel-hle --ee-injection-kernel
- Setting take unused value:
--ee-cache-breaks-block No matter which value is used, 1 is set.
ee-native-function[edit source]
Emulator have set of predefined functions used in popular PS2 SDK libraries. Those function are highly optimized to run natively on x64.
--ee-native-function=name,address under the hood this is hooking selected address, and replace it with jump to predefined function. Functions available in JAK TPL emu:
memset | fptoui | ieee754_sinf memcpy | fptodp | ieee754_cosf strlen | dptofp | ieee754_sqrtf strcmp | fabs | asinf strcasecmp | fabsf | acosf litodp | ieee754_atan2f | sinf dptoli | ieee754_asinf | cosf floatdidf | ieee754_acosf | sqrtf
This drastically reduce emitted code size for selected function. Additionally there is no need to recompile that at all, emulator just emit jump to label, and that's all. Additionally emulator advance delta clock to compensate cycles which will be normally took by original function.
Example ee_native_floatdidf
vcvtsi2sd xmm0, xmm0, rdi vmovq rax, xmm0 retn
This is what real floatdidf looks like originally in ps2 mips, you can imagine that recompiled x64 code will be much longer. Every single instruction will be translated/recompiled separately.
addiu $sp, -0x30 sd $s0, 0x20+saved_s0($sp) move $s0, $a0 sd $s1, 0x20+saved_s1($sp) li $s1, 0x81E0 dsll32 $s1, 15 dsra32 $a0, $s0, 0 sd $ra, 0x20+saved_ra($sp) jal litodp nop move $a1, $s1 jal dpmul move $a0, $v0 move $a1, $s1 jal dpmul move $a0, $v0 move $s1, $v0 lui $v0, 0xFFFF dsrl32 $v0, 0 and $s0, $v0 dsll32 $s0, 0 dsra32 $s0, 0 jal litodp move $a0, $s0 bgez $s0, loc_2F3734 move $a0, $s1 li $a1, 0x83E0 dsll32 $a1, 15 jal dpadd move $a0, $v0 move $a0, $s1 jal dpadd move $a1, $v0 ld $ra, 0x20+saved_ra($sp) ld $s1, 0x20+saved_s1($sp) ld $s0, 0x20+saved_s0($sp) jr $ra addiu $sp, 0x30
This is corner case example as floatdidf convert a 64bit signed integer to IEEE double, and PS2 developers generally had no reason to use doubles (fpu/vu are operating on 32 bit floats). But you can see that whole conversion is practically done in 1 opcode, while ps2 take massive function to do this. Other functions are usually less optimized, but still really worth it.
EE/VU injection[edit source]
"Injections" are special sets of precompiled functions. This idea is known better as "HLE emulation". Available injections can vary depending on ps2-compiler.self, because that is where the lookup for available functions is done. This literally replaces the code that normally is the recompiler, with optimized version when address and hash match. Probably not many games can use this. Good candidates are games that use the same engine as currently released PS2 classics. Many times VU1 programs are reused by the same developer.
VU1
- Name + offset in JAK TPL compiler
- unk1
- VU1 mpg start address (divided by 8)
- Some kind of hash to ensure that correct part of microprogram gets replaced
- Many other unknown values
|______NAME_______|U|_ADDR_|______HASH?_____|U|N|K|N|O|W|N vu1_inject_1B5680, 0, 0, 354AAD4A5C5F8h, 0, 0,0, 0, 1, 0> ; DATA XREF: vu1_exec_1AD1D0+CC8↑o vu1_inject_1B5CC0, 0, 10Fh, 31BE7F0B62906DB7h,0, 0, 0, 0, 1, 0> vu1_inject_1BA950, 0, 0Fh, 0B67E7F1B32B878BDh,0, 0, 0, 0, 1, 0> vu1_inject_1BF5E0, 0, 754h, 280C4275B1928A12h,0, 0, 0, 0, 1, 0> vu1_inject_1C0290, 0, 74Ah, 8978033C72E3DCA2h,0, 0, 0, 0, 1, 0> vu1_inject_1C1080, 0, 58h, 559E11A1D3055656h, 0, 0, 0, 0, 1, 0> vu1_inject_1C09E0, 0, 49h, 0FF679F42534A3255h,0, 0, 0, 0, 1, 0> vu1_inject_1C72C0, 0, 17Eh, 52A3C65951B99CF3h,0, 0, 0, 0, 1, 0> vu1_inject_1C8840, 0, 286h, 0F6B365D47BC423C0h, 0, 0, 0, 0, 1, 0> vu1_inject_1C8A50, 0, 18Ch, 0D50B071B598E86C1h, 0, 0, 0, 0, 1, 0> vu1_inject_1C9C70, 0, 18Bh, 0D504FF9B7B8E86CFh, 0, 0, 0, 0, 1, 0> vu1_inject_1C9D40, 0, 183h, 0D886632A2396F9A4h, 0, 0, 0, 0, 1, 0> vu1_inject_1CAD20, 0, 3DDh, 36CF5FCB8AAED87Eh,0, 0, 0, 0, 1, 0> vu1_inject_1CC4F0, 0, 474h, 0D1A1E17DE3811013h, 0, 0, 0, 0, 1, 0> vu1_inject_1CCF10, 0, 96h, 2B8DB65EE593B395h, 0, 0, 0, 0, 1, 0> vu1_inject_1CE5E0, 0, 2B2h, 9E7800006C113EE5h,0, 0, 0, 0, 1, 0> vu1_inject_1CE930, 0, 0B8h, 760E33D4278BEA74h,0, 0, 0, 0, 1, 0> vu1_inject_1D0830, 0, 112h, 0DCE5CDA96EB6389Bh, 0, 0, 0, 0, 1, 0> vu1_inject_1D22E0, 0, 538h, 52561DBBF5CF1832h,0, 0, 0, 0, 1, 0> vu1_inject_1D3D80, 0, 55Ah, 1083419D800001Ch, 0, 0, 0, 0, 2, 0> vu1_inject_1D4820, 0, 549h, 0C5755531B35CC848h, 0, 0, 0, 0, 2, 0> vu1_inject_1D5300, 0, 168h, 0CAA8A8936947CFC1h, 0, 0, 0, 0, 2, 0> vu1_inject_1D8FC0, 0, 24h, 90616BE83F46B0B8h, 0, 0, 0, 0, 1, 0> vu1_inject_1DA6F0, 0, 7Fh, 3CF37762DE2DC97Ch, 0, 0, 0, 0, 2, 0> vu1_inject_1DC1B0, 0, 88h, 7004A0F767800h, 0, 0, 0, 0, 1, 0> vu1_inject_1DC1D0, 0, 0F3h, 2D4BD82E171ACD84h,0, 0, 0, 0, 2, 0> vu1_inject_1DE5C0, 0, 10Dh, 0BD8855ED4151881Ah, 0, 0, 0, 0, 2, 0> vu1_inject_1E0410, 0, 0DBh, 0F6B7D7417D0400D7h, 0, 0, 0, 0, 2, 0> vu1_inject_1E2160, 0, 10Ch, 0CFF00003408100h, 0, 0, 0, 0, 2, 0> vu1_inject_1E25E0, 0, 7FCh, 500001B028000259h,0, 0, 0, 0, 2, 0> vu1_inject_1E2A60, 0, 5ECh, 5D40E9B71E6A01A1h,0, 0, 0, 0, 2, 0> vu1_inject_1E6170, 0, 5A4h, 3917D188F40B9940h,0, 0, 0, 0, 2, 0> vu1_inject_1E8E30, 0, 16Fh, 95C2C290F7DD248h, 0, 0, 0, 0, 2, 0> vu1_inject_1ECDA0, 0, 7D3h, 7A00268978312859h,0, 0, 0, 0, 2, 0> vu1_inject_1EDBE0, 0, 5BDh, 0A9FAF30FCE438D4Bh, 0, 0, 0, 0, 2, 0> vu1_inject_1EF510, 0, 1C6h, 7C7755083564464Ch,0, 0, 0, 0, 2, 0>
EE Title
- Name used by emu
- Address in ps2-compiler memory
Please keep in mind that names can be misleading because if function can be reused for EU release, then US inject is used. This happen in Max Payne2 injects.
NAME ADDR Psychonauts_compareFunction_EMeshFrag CODE 0x12BC80 __Psychonauts_loadVUGeneralConstants_WorldClip CODE 0x12CA00 Psychonauts_loadVUGeneralConstants_WorldClip CODE 0x12CEB0 Psychonauts_loadVUGeneralConstants_ClipScreen CODE 0x12CFE0 Psychonauts_loadVUGeneralConstants_Frustrum CODE 0x12D110 GTALCS_SetMatrix CODE 0x12D670 GTALCS_sqrtf CODE 0x12DB80 GTALCS_US_0x2016b4 CODE 0x12DC80 GTALCS_US_0x201780 CODE 0x12E0E0 GTALCS_US_0x201c74 CODE 0x12E160 GTALCS_US_0x201da8 CODE 0x12E1E0 GTALCS_US_0x202a6c CODE 0x12E260 GTALCS_EU_0x2017bc CODE 0x12E2E0 GTALCS_EU_0x201888 CODE 0x12E360 GTALCS_EU_0x201d7c CODE 0x12E3E0 GTALCS_EU_0x201eb0 CODE 0x12E460 GTALCS_EU_0x202b74 CODE 0x12E4E0 GTALCS_JP_0x21e3fc CODE 0x12E560 GTALCS_JP_0x21e4c8 CODE 0x12E5E0 GTALCS_JP_0x21e9bc CODE 0x12E660 GTALCS_JP_0x21eaf0 CODE 0x12E6E0 GTALCS_JP_0x21f7b4 CODE 0x12E760 GTALCS_US_0x20138c CODE 0x12E7E0 GTALCS_US_0x2018ec CODE 0x12E8B0 GTALCS_US_0x201ae8 CODE 0x12E970 GTALCS_US_0x2021bc CODE 0x12EA30 GTALCS_US_0x2023c8 CODE 0x12EAE0 GTALCS_US_0x2025c4 CODE 0x12EB90 GTALCS_US_0x202770 CODE 0x12EC50 GTALCS_US_0x202b3c CODE 0x12ED10 GTALCS_EU_0x201494 CODE 0x12EDD0 GTALCS_EU_0x2019f4 CODE 0x12EEA0 GTALCS_EU_0x201bf0 CODE 0x12EF60 GTALCS_EU_0x2022c4 CODE 0x12F020 GTALCS_EU_0x2024d0 CODE 0x12F0D0 GTALCS_EU_0x2026cc CODE 0x12F180 GTALCS_EU_0x202878 CODE 0x12F240 GTALCS_EU_0x202c44 CODE 0x12F300 GTALCS_JP_0x21e0d4 CODE 0x12F3C0 GTALCS_JP_0x21e634 CODE 0x12F490 GTALCS_JP_0x21e830 CODE 0x12F550 GTALCS_JP_0x21ef04 CODE 0x12F610 GTALCS_JP_0x21f110 CODE 0x12F6C0 GTALCS_JP_0x21f30c CODE 0x12F770 GTALCS_JP_0x21f4b8 CODE 0x12F830 GTALCS_JP_0x21f884 CODE 0x12F8F0 GTALCS_US_0x22dd8c CODE 0x12F9B0 GTALCS_US_0x22ddd0 CODE 0x12FCD0 GTALCS_US_0x22e034 CODE 0x12FD50 GTALCS_US_0x22e078 CODE 0x12FE30 GTALCS_EU_0x22de8c CODE 0x12FEB0 GTALCS_EU_0x22ded0 CODE 0x12FF30 GTALCS_EU_0x22e178 CODE 0x12FFB0 GTALCS_JP_0x31ad3c CODE 0x130030 GTALCS_JP_0x31ad80 CODE 0x1300B0 GTALCS_JP_0x31b028 CODE 0x130130 GTAVCS_US_0x23e5ac CODE 0x1301B0 GTAVCS_US_0x23f440 CODE 0x130230 GTAVCS_US_0x23f558 CODE 0x1302B0 GTAVCS_US_0x23f8e0 CODE 0x130330 GTAVCS_US_0x23fa80 CODE 0x1303B0 GTAVCS_US_0x23ffb8 CODE 0x130430 GTAVCS_US_0x2f1d64 CODE 0x1304B0 GTAVCS_US_0x280bbc CODE 0x130530 GTAVCS_US_0x280c04 CODE 0x130610 GTAVCS_US_0x280894 CODE 0x130690 GTAVCS_US_0x2808e8 CODE 0x130710 MaxPayne2_assignSubDot CODE 0x130800 MaxPayne2_sceVu0MulMatrix3x4Const CODE 0x130D80 MaxPayne2_setTransformedPos CODE 0x132640 MaxPayne2_US_506940 CODE 0x132E50 MaxPayne2_US_506984 CODE 0x133460 sce_waitIpuIdle_hook CODE 0x133B10 sce_waitIpuIdle64_loop CODE 0x133E70 sce_waitIpuIdle64_top CODE 0x134300 sceMpeg_ri0_000 CODE 0x1351A0 sceMpeg_copyAddRefImage CODE 0x136B10
Example of one entry in emu.
SCE_RELRO:000000000021A280 stru_21A280 db 'SLES-53830',0 ; game_id ; "Psychonauts_compareFunction_EMeshFrag" SCE_RELRO:000000000021A280 db 0 SCE_RELRO:000000000021A280 dd 18A498h ; hook_start_pc SCE_RELRO:000000000021A280 dd 0 ; unk SCE_RELRO:000000000021A280 dd 18A504h ; hook_end_pc SCE_RELRO:000000000021A280 dd 0A40B81CBh ; hash SCE_RELRO:000000000021A280 dd 0 ; align1 SCE_RELRO:000000000021A280 dq offset Psychonauts_compareFunction_EMeshFrag; fnc_ptr SCE_RELRO:000000000021A280 dq 0 ; align2 SCE_RELRO:000000000021A280 dq offset aPsychonautsCom; hook_name
Same goes for "kernel" injections, they are also based on ID + Hash + address. Generally all "injections" should be safe to be enabled by configs. There is really small chance for hash/address(and id) collision. Not to be confused with "native" / "native-patch" !
RESEARCH TO DO[edit source]
| Name | Notes |
|---|---|
| Locating the gs registers | Abysmal. |
| Trying to reverse-engineer any emulator's executable by using assembly and hxd to improve compatibility | Tedious. |
| Locating the proper CDVD read speed (God of war and Ratchet size matters [Both have affected music]) | IOP and CDVD commands help |
| Find out what some of the gs commands do and edit their description | Infelicitous! |
| Understand the gs lua functions |
- GS registers are not mapped in easy way comparing to other ones. Offsets will vary per emulator, and that is for sure. This is what you get in read mode on Jak games emulator (not sure if I have v1 or v2 to be honest, but it is known as ps2emu16):
gs_reg_SCISSOR_1 0000000001B11800 gs_reg_FBA_1 0000000001B11808 gs_reg_ALPHA_1 0000000001B11810 gs_reg_TEST_1 0000000001B11818 gs_reg_CLAMP_1 0000000001B11820 gs_reg_FRAME_1 0000000001B11828 gs_reg_ZBUF_1 0000000001B11830 gs_reg_TEX0_1 0000000001B11838 gs_reg_TEX1_1 0000000001B11840 gs_reg_MIPTBP1_1 0000000001B11880 gs_reg_MIPTBP2_1 0000000001B11888 gs_reg_XYOFFSET_1_X 0000000001B11890 gs_reg_XYOFFSET_1_Y 0000000001B118A0 gs_reg_SCISSOR_2 0000000001B11910 gs_reg_FBA_2 0000000001B11918 gs_reg_ALPHA_2 0000000001B11920 gs_reg_TEST_2 0000000001B11928 gs_reg_CLAMP_2 0000000001B11930 gs_reg_FRAME_2 0000000001B11938 gs_reg_ZBUF_2 0000000001B11940 gs_reg_TEX0_2 0000000001B11948 gs_reg_TEX1_2 0000000001B11950 gs_reg_MIPTBP1_2 0000000001B11990 gs_reg_MIPTBP2_2 0000000001B11998 gs_reg_XYOFFSET_2_X 0000000001B119A0 gs_reg_XYOFFSET_2_Y 0000000001B119B0 gs_reg_FOGCOL 0000000001B11A20 gs_reg_COLCLAMP 0000000001B11A28 gs_reg_SCANMSK 0000000001B11A2C gs_reg_DTHE 0000000001B11A30 gs_reg_DIMX 0000000001B11A78 gs_reg_TEXA 0000000001B11A80 gs_reg_TEXCLUT 0000000001B11A88 gs_reg_PRIM 0000000001B11A90 gs_reg_PRMODE 0000000001B11AA0 gs_reg_PRMODECONT 0000000001B11AA8 gs_reg_BITBLTBUF 0000000001B222E8 gs_reg_TRXPOS 0000000001B222F0 gs_reg_TRXREG 0000000001B222F8 gs_reg_TRXDIR 0000000001B22300 hwreg_GS_CSR_lower_bits 00000000079892C8 hwreg_GS_IMR 00000000079892C9 hwreg_GS_BUSDIR 00000000079892CA hwreg_GS_SIGBLID 00000000079892CC hwreg_GS_SMODE2_INT 0000000007989304 hwreg_GS_PMODE 0000000007D89F50 hwreg_GS_SMODE1 0000000007D89F58 hwreg_GS_SMODE2 0000000007D89F60 hwreg_GS_SFRSH 0000000007D89F68 hwreg_GS_SYNCH1 0000000007D89F70 hwreg_GS_SYNCH2 0000000007D89F78 hwreg_GS_SYNCV 0000000007D89F80 hwreg_GS_DISPFB1 0000000007D89F88 hwreg_GS_DISPLAY1 0000000007D89F90 hwreg_GS_DISPFB2 0000000007D89F98 hwreg_GS_DISPLAY2 0000000007D89FA0 hwreg_GS_EXTBUF 0000000007D89FA8 hwreg_GS_EXTDATA 0000000007D89FB0 hwreg_GS_EXTWRITE 0000000007D89FB8 hwreg_GS_BGCOLOR 0000000007D89FC0
But keep in mind that GS regs can be "duplicated" for different emulation stages. GS is jited too, so it should have kind of pipeline too. "Implement a EE memory patch for ratchet up your arsenal" Game write data using qmtc2/ctc2 and expect VU0 to still run at this point, which is not always true. Mega high vu0 mpg cycles could potentially push it little further. Patching that will be pain just because Ratchet use code overlays. This mean you need to patch game image with the same patch in more than 20 places. Because what you see in PCSX2 debugger / ps2dis will change depend on stage you play now. That's why PS3, and PCSX2 use dynamic JIT patches (PCSX2 use it for different issues tho). --Kozarovv (talk) 14:20, 27 February 2023 (CET)
no-clamping[edit source]
Sup. Can i know how no-clamping behavior was tested to confirm that "The default emulator's behavior cannot be set by CLI commands."? Because that doesn't sound right, and emulator explicitly set 0 or 1 on init, which is confirmed in emu code. What can happen, is that other clamping settings were changed during test, and that affected result. But looking at code i don't think there is any possibility that something "in between" exist. --Kozarovv (talk) 09:33, 21 June 2023 (CEST)
It is based on a test I did on Sly Cooper 2. If VU1 Clamping was set to 1 or 0, the game crashes. If left empty, game works fine. --Scalerize (talk) 14:58, 21 June 2023 (CEST)
- Do you remember when game crash? Right after ps2 logo, when going ingame, any specific level, etc. --Kozarovv (talk) 15:32, 21 June 2023 (CEST)
Right after the ps2 logo if I recall correctly --Scalerize (talk) 16:34, 21 June 2023 (CEST)
- I think there was typo in config you tested. Crash right after PS2 logo is usually caused by unsupported command (emu will print "Unhandled option for this build/platform" and hit UD2 right after). Missing separator, typo, upper case characters, or something else was wrong. I double checked emu code, and it is set or not set (0 or 1). Recompiler parts which use it also test only for 0/1, and setting this command don't affect anything else. I'm going to leave description as is because without PS4 i can't test it by myself, but i'm really sceptical about it. :P --Kozarovv (talk) 16:46, 21 June 2023 (CEST)
So, after taking some time to think about it, I had remembered that the game would crash right after the first pyramid fmv at the press start screen. But yeah, leave as it is. You have the upper hand in removing/adding anything you like --Scalerize (talk) 17:19, 21 June 2023 (CEST)
Configuration table with IDs from Jak games emulator[edit source]
Here is a table from Jak games emulator. This is how the PS2 emulator config parser sees data from CLI. Please do not edit typos, etc as this is exactly how it is in the emulator. I am leaving it here, so that the main page can be slowly updated with data from the table if needed. The PS2 emulator translates commands to ID, then uses ID in the jump table in its parser to apply configuration. ID is not guaranteed to be the same between emulators, but I have not tested that. Comments match ID too. UNK value is not critical for anything, but it is used for something, and it is part of the original table. This table is missing a few commands which are parsed outside of the main configuration routine.
|============================================================================================================| | ID | UNK | COMMAND | COMMENT | |------------------------------------------------------------------------------------------------------------| | 0 | 0x0 | --help | | | 0 | 0x0 | -? | | | 1 | 0x1 | --rom | filename | | 2 | 0x1 | --image | filename | | 3 | 0x1 | --pack-image | filename | | 4 | 0x301 | --emulog-file | | | 5 | 0x1 | --r30 | filename | | 6 | 0x1 | --vu0 | filename | | 7 | 0x1 | --vu1 | filename | | 8 | 0x1 | --cop1 | filename | | 9 | 0x1 | --cop2 | filename | | 10 | 0x1 | --gs-plugin | filename | | 11 | 0x1 | --config | filename | | 12 | 0x1 | --config-opt | filename | | 13 | 0x1 | --config-local-lua | full pathname | | 14 | 0x301 | --ee-cache-breaks-block | | | 15 | 0x2 | --unit-test | filename | | 16 | 0x0 | --no-gs | | | 17 | 0x0 | --cli-only | | | 18 | 0x301 | --cpu-avx | | | 19 | 0x301 | --cpu-crc32 | | | 21 | 0x0 | --stopped | | | 22 | 0x4301 | --host-pad-enhance-deadzone | Legacy value/ignored | | 23 | 0x301 | --savedata-delete | | | 24 | 0x1 | --vmc1 filename | | | 24 | 0x4001 | --mcd1 filename | | | 25 | 0x1 | --vmc2 filename | | | 25 | 0x4001 | --mcd2 filename | | | 26 | 0x301 | --formatted-vmc | | | 26 | 0x4301 | --formatted-mcd | | | 27 | 0x301 | --mtap1 | | | 28 | 0x301 | --mtap2 | | | 29 | 0x1 | --vmc-src | native,host,target,null | | 30 | 0x1 | --vmc-dest | native,host,target,null | | 31 | 0x1 | --vmc1-src | native,host,target,null | | 31 | 0x4001 | --mcd1-initialize | native,host,target,null | | 32 | 0x1 | --vmc1-dest | native,host,target,null | | 32 | 0x4001 | --mcd1-write-type | native,host,target,null | | 33 | 0x1 | --vmc2-src | native,host,target,null | | 33 | 0x4001 | --mcd2-initialize | native,host,target,null | | 34 | 0x1 | --vmc2-dest | native,host,target,null | | 34 | 0x4001 | --mcd2-write-type | native,host,target,null | | 35 | 0x301 | --jitproc-use-aslr | | | 36 | 0x301 | --jitproc-build-match | | | 37 | 0x301 | --host-gamepads | | | 38 | 0x101 | --host-keyboard | slot [0-7] | | 39 | 0x302 | --host-pad-loses-focus | | | 40 | 0x301 | --ds4-deadzone-adjust | | | 41 | 0x301 | --ds4-diagonal-adjust | | | 42 | 0x301 | --pad-analog-to-digital | | | 43 | 0x301 | --hid-pad | | | 44 | 0x1 | --host-audio | [1,0,on,off,mono] | | 45 | 0x1 | --mute-audio | [all,none,main,bgm] | | 46 | 0x201 | --host-audio-latency | msec/float | | 47 | 0x301 | --host-vsync | | | 48 | 0x1 | --host-osd | [0,off,minimal,verbose] | | 49 | 0x1 | --host-graph | [0,off,fps] | | 50 | 0x301 | --host-dbg-kbd | | | 51 | 0x301 | --host-edit-safe-area | | | 52 | 0x302 | --threaded-gs | | | 53 | 0x101 | --rtc-epoch | unix_time (seconds since epoch) | | 54 | 0x2 | --isd-git-hash | git hash (sha1) | | 55 | 0x2 | --usrd-git-hash | git hash (sha1) | | 56 | 0x301 | --playgo-disc-per-chunk | | | 57 | 0x201 | --external-hdd-sleep-idle | idle timeout in ms | | 58 | 0x201 | --external-hdd-spinup-delay | delay in ms | | 59 | 0x301 | --external-hdd-sim | | | 60 | 0x301 | --external-hdd-fix | | | 61 | 0x201 | --host-window-scale | scale/float | | 62 | 0x1 | --host-window-pos | x,y | | 63 | 0x1 | --host-display-mode | [normal/4:3,full/16:9] | | 64 | 0x301 | --framelimiter | | | 65 | 0x201 | --framelimit-fps | FPS/float | | 66 | 0x201 | --framelimit-scalar | scalar/float | | 67 | 0x1 | --framelimit-mode | [normal,fast,fastest,slow,slower,slowest] | | 68 | 0x301 | --force-pal-60hz | | | 69 | 0x301 | --force-frame-blend | | | 70 | 0x301 | --audio-stretching | | | 71 | 0x101 | --spu2-update-deferral | Ts/integer | | 72 | 0x301 | --spu2-reverb | | | 73 | 0x301 | --spu2-c0-memin-to-bgm | | | 74 | 0x301 | --spu2-c1-memin-to-bgm | | | 75 | 0x101 | --spu2-ignore-kof | | | 76 | 0x101 | --spu2-voice-keyoff-threshold | Ts/integer | | 77 | 0x301 | --spu2-warnings | | | 78 | 0x101 | --stop-at | frameID/integer | | 79 | 0x101 | --exit-at | frameID/integer | | 80 | 0x2 | --pad-run | filename | | 81 | 0x1 | --pad-run-stop-after | [800ms,1s,3m,5h] | | 82 | 0x1 | --pad-run-exit-after | [800ms,1s,3m,5h] | | 83 | 0x2 | --pad-record | filename | | 84 | 0x101 | --pad-run-frame | frame_id/integer | | 85 | 0x101 | --pad-record-frame | frame_id/integer | | 86 | 0x301 | --record-video-hash | | | 87 | 0x301 | --record-audio-hash | | | 88 | 0x101 | --record-video-modulo | frames/integer | | 89 | 0x301 | --record-audio | | | 90 | 0x301 | --record-audio-image | | | 90 | 0x301 | --record-audio-img | | | 91 | 0x301 | --record-audio-ext | | | 92 | 0x1 | --path-snaps | dir/folder | | 93 | 0x1 | --path-recordings | dir/folder | | 94 | 0x1 | --path-audio-images | dir/folder | | 95 | 0x1 | --path-memcards | dir/folder | | 95 | 0x1 | --path-vmc | dir/folder | | 96 | 0x1 | --path-emulog | dir/folder | | 97 | 0x1 | --path-manual | dir/folder | | 98 | 0x1 | --path-patches | dir/folder | | 99 | 0x1 | --path-trophydata | dir/folder | | 100 | 0x1 | --path-featuredata | dir/folder | | 101 | 0x1 | --path-postproc | dir/folder | | 102 | 0x1 | --path-patches | dir/folder | | 103 | 0x1 | --path-toolingscript | dir/folder | | 104 | 0x1 | --record-name | subdir/folder | | 105 | 0x1 | --max-console-spam | bytes/lifetime | | 106 | 0x1 | --snapshot-name | filename | | 107 | 0x101 | --snapshot-save | frameId | | 108 | 0x2 | --snapshot-restore | filename | | 109 | 0x301 | --snapshot-mcd-files | | | 110 | 0x101 | --snapshot-repeat | repeat_count | | 111 | 0x1 | --snapshot-datafile | filename | | 112 | 0x101 | --snapshot-modulo | frames/integer | | 113 | 0x101 | --snapshot-debug | dbg-on-of | | 114 | 0x1 | --ee-block-validation | [PageProt,Hash,None] | | 115 | 0x301 | --ee-validate-kernel | | | 116 | 0x1 | --ee-const-folding | [None,Gpr,Fpu,All] | | 117 | 0x301 | --ee-load-rewrites | | | 118 | 0x301 | --ee-store-rewrites | | | 119 | 0x301 | --ee-live32 | | | 120 | 0x1 | --ee-regalloc-scalar | [0,none,ReadOnly,WriteOnly,RW] | | 121 | 0x1 | --ee-regalloc-simd | [0,none,ReadOnly,WriteOnly,RW] | | 122 | 0x301 | --ee-insn-flush-pc | | | 122 | 0x4301 | --ee-pc-coherency | | | 123 | 0x301 | --ee-insn-callmark | | | 123 | 0x4301 | --ee-insn-marking | | | 123 | 0x4301 | --ee-inst-marking | | | 124 | 0x301 | --ee-injection-kernel | | | 124 | 0x301 | --ee-kernel-hle | | | 125 | 0x301 | --ee-injection-title | | | 126 | 0x1 | --ee-static-block-links | Type,Type,... [None,Branches,JAL,COP2,All] | | 127 | 0x1 | --ee-regalloc-preserve-scalar | [0,none,LoadOnly,StoreOnly,LS] | | 128 | 0x1 | --ee-regalloc-preserve-simd | [0,none,LoadOnly,StoreOnly,LS] | | 129 | 0x301 | --ee-peephole | | | 130 | 0x301 | --ee-ignore-break | | | 130 | 0x4301 | --ee-break-as-nop | | | 131 | 0x101 | --ee-inline-limit-full | insn_count/integer | | 132 | 0x101 | --ee-inline-limit-partial | insn_count/integer | | 133 | 0x101 | --ee-jit-pagefault-threshold | fault_count/integer | | 134 | 0x301 | --ee-jit-opt-debug | | | 135 | 0x301 | --iop-validate-kernel | [PageProt,ShortHash,Hash,None] | | 136 | 0x1 | --iop-block-validation | [PageProt,ShortHash,Hash,None] | | 137 | 0x1 | --iop-shorthash-len | insn_count/integer | | 138 | 0x301 | --iop-const-folding | | | 141 | 0x301 | --iop-pc-coherency | | | 142 | 0x301 | --iop-inst-marking | | | 143 | 0x301 | --fpu-to-double | | | 144 | 0x301 | --fpu-no-clamping | | | 145 | 0x301 | --fpu-clamp-operands | | | 146 | 0x301 | --fpu-clamp-results | | | 147 | 0x301 | --fpu-custom-min-max | | | 148 | 0x301 | --fpu-custom-fused-madd | | | 149 | 0x301 | --fpu-accurate-range | start,end | | 150 | 0x301 | --fpu-accurate-muldiv | | | 151 | 0x1 | --fpu-accurate-muldiv-range | start,end | | 152 | 0x1 | --fpu-accurate-mul-fast | | | 153 | 0x1 | --fpu-accurate-addsub | | | 154 | 0x1 | --fpu-accurate-addsub-range | start,end | | 155 | 0x1 | --fpu-rsqrt-fast-estimate | | | 156 | 0x1 | --fpu-no-clamp-range | start,edn | | 157 | 0x301 | --vu-to-double | | | 158 | 0x301 | --vu-branch-hazard | | | 159 | 0x301 | --vu-evil-branches | | | 160 | 0x301 | --vu-d-bit | | | 161 | 0x301 | --vu-t-bit | | | 162 | 0x301 | --vu-inst-mflag | | | 163 | 0x301 | --vu-inst-cflag | | | 164 | 0x301 | --vu-custom-min-max | | | 165 | 0x301 | --vu-custom-fused-madd | | | 166 | 0x101 | --vu-xgkick-delay | vu_cycles/integer | | 167 | 0x301 | --vu-hack-triace | | | 168 | 0x101 | --vu-range-merge | vu_inst_cnt | | 169 | 0x301 | --vu0-no-clamping | | | 170 | 0x301 | --vu0-clamp-operands | | | 171 | 0x301 | --vu0-clamp-results | | | 172 | 0x101 | --vu0-opt-flags | [0,1,2] - 1=safe, 2=unsafe | | 173 | 0x101 | --vu0-opt-vf00 | [0,1,2] - 1=safe, 2=unsafe | | 174 | 0x301 | --vu0-opt-subroutine | | | 175 | 0x301 | --vu0-const-prop | | | 176 | 0x301 | --vu0-inst-q | | | 177 | 0x301 | --vu0-inst-p | | | 178 | 0x301 | --vu0-use-rcp | | | 179 | 0x301 | --vu0-use-rsqrt | | | 180 | 0x301 | --vu0-di-bits | | | 181 | 0x1 | --vu0-clamp-range | start,end | | 182 | 0x1 | --vu0-jr-cache-policy | [newprog,sameprog,auto] | | 183 | 0x1 | --vu0-jalr-cache-policy | [newprog,sameprog,auto] | | 184 | 0x1 | --vu0-mul0fix-range | start,end | | 185 | 0x1 | --vu0-accurate-addsub-range | start,end | | 186 | 0x1 | --vu0-aot-outmode | out/overwrite, append | | 187 | 0x101 | --vu0-aot-start-addr | start address | | 188 | 0x101 | --vu0-aot-end-addr | end address | | 189 | 0x1 | --vu0-aot-start-crc | verify crc | | 190 | 0x1 | --vu0-aot-end-crc | verify crc | | 191 | 0x301 | --vu1-no-clamping | | | 192 | 0x301 | --vu1-clamp-operands | | | 193 | 0x301 | --vu1-clamp-results | | | 194 | 0x101 | --vu1-opt-flags | [0,1,2] - 1=safe, 2=unsafe | | 195 | 0x101 | --vu1-opt-vf00 | [0,1,2] - 1=safe, 2=unsafe | | 196 | 0x301 | --vu1-opt-subroutine | | | 197 | 0x301 | --vu1-const-prop | | | 198 | 0x301 | --vu1-inst-q | | | 199 | 0x301 | --vu1-inst-p | | | 200 | 0x301 | --vu1-use-rcp | | | 201 | 0x301 | --vu1-use-rsqrt | | | 202 | 0x301 | --vu1-di-bits | | | 203 | 0x1 | --vu1-clamp-range | start,end | | 204 | 0x1 | --vu1-jr-cache-policy | [newprog,sameprog,auto] | | 205 | 0x1 | --vu1-jalr-cache-policy | [newprog,sameprog,auto] | | 206 | 0x1 | --vu1-mul0fix-range | start,end | | 207 | 0x1 | --vu1-accurate-addsub-range | start,end | | 208 | 0x1 | --vu1-aot-outmode | out/overwrite, append | | 209 | 0x101 | --vu1-aot-start-addr | start address | | 210 | 0x101 | --vu1-aot-end-addr | end address | | 211 | 0x1 | --vu1-aot-start-crc | verify crc | | 212 | 0x1 | --vu1-aot-end-crc | verify crc | | 214 | 0x301 | --vu0-injection | | | 215 | 0x301 | --vu1-injection | | | 216 | 0x301 | --vu1-native-patch | | | 217 | 0x301 | --cop2-no-clamping | | | 218 | 0x301 | --cop2-clamp-operands | | | 219 | 0x301 | --cop2-clamp-results | | | 220 | 0x101 | --cop2-opt-flags | [0,1,2] - 1=safe, 2=unsafe | | 221 | 0x101 | --cop2-opt-vf00 | [0,1,2] - 1=safe, 2=unsafe | | 222 | 0x301 | --cop2-const-prop | | | 223 | 0x301 | --cop2-inst-q | | | 224 | 0x301 | --cop2-inst-p | | | 225 | 0x301 | --cop2-use-rcp | | | 226 | 0x301 | --cop2-use-rsqrt | | | 227 | 0x301 | --cop2-di-bits | | | 228 | 0x1 | --cop2-accurate-range | start,end | | 229 | 0x301 | --cop2-accurate-mul | | | 230 | 0x1 | --cop2-accurate-mul-range | start,end | | 231 | 0x1 | --cop2-accurate-addsub | | | 232 | 0x1 | --cop2-accurate-addsub-range | start,end | | 233 | 0x1 | --cop2-no-clamp-range | start,end | | 234 | 0x301 | --cop2-regalloc | | | 235 | 0x101 | --ee-jit-disasm | [0,1=mips,2=x86] | | 236 | 0x101 | --iop-jit-disasm | [0,1=mips,2=x86] | | 237 | 0x101 | --vu-jit-disasm | [0,1=mips,2=x86] | | 238 | 0x301 | --vtune-ee | | | 239 | 0x301 | --vtune-vu | | | 240 | 0x1 | --ee-precompile-trace | filename | | 241 | 0x1 | --elf-symbols= | filename | | 242 | 0x1 | --map-symbols= | filename | | 243 | 0x1 | --symbols= | filename | | 244 | 0x1 | --pc-bisect-srcfile= | filename | | 245 | 0x301 | --verbose-tooling | | | 246 | 0x301 | --log-tooling | | | 247 | 0x301 | --verbose-deci2 | | | 248 | 0x301 | --verbose-cdvd-reads | | | 249 | 0x301 | --verbose-cpu-cycles | | | 250 | 0x301 | --verbose-thread-id | | | 252 | 0x301 | --assert-path1-ad | | | 254 | 0x301 | --ee-evt-check-full | | | 255 | 0x201 | --ee-cycle-scalar | scalar/float | | 256 | 0x1 | --ee-ignore-segfault | [none,R,W,RW] | | 257 | 0x1 | --ee-native-function | name,mipsaddr | | 258 | 0x101 | --ee-stlf-cycle-threshold | | | 259 | 0x201 | --ee-sif0-cycle-scalar | multiplier/float | | 260 | 0x201 | --ee-sif1-cycle-scalar | multiplier/float | | 261 | 0x201 | --iop-sif0-cycle-scalar | multiplier/float | | 262 | 0x201 | --iop-sif1-cycle-scalar | multiplier/float | | 263 | 0x101 | --iop-tight-slice-count | slices/int | | 264 | 0x301 | --iop-evt-check-full | | | 265 | 0x201 | --iop-cycle-scalar | scalar/float | | 266 | 0x101 | --cdvd-sector-read-cycles | cycles_per_sector | | 267 | 0x101 | --cdvd-sector-seek-cycles | cycles_per_sector | | 268 | 0x301 | --cdvd-determinism | | | 269 | 0x101 | --idec-cycles-per-qwc | int/multiplier | | 270 | 0x301 | --vif1-instant-xfer | | | 271 | 0x301 | --vif1-ignore-cmd-ints | | | 272 | 0x301 | --vif-ignore-invalid-cmd | | | 273 | 0x101 | --vif-thread-chunk-size | int/kilowords | | 274 | 0x1 | --vu1-mpg-cycles | cycles,$vupc,$vupc... | | 275 | 0x1 | --vu0-mpg-cycles | cycles,$vupc,$vupc... | | 276 | 0x301 | --detect-idle-vif | | | 277 | 0x301 | --detect-idle-ee | | | 278 | 0x301 | --detect-idle-iop | | | 279 | 0x301 | --detect-idle-intc | | | 280 | 0x1 | --detect-idle-chcr | dmaChan,dmaChan,... [none,VIF0,VIF1,GIF,fromIPU,toIPU,etc]| | 281 | 0x201 | --mfifo-manual-drain | frame_multiplier/float | | 282 | 0x101 | --mfifo-chunk-drain-cycles | cycles/int | | 283 | 0x101 | --gs-scanout-delay | hsync_count/integer | | 284 | 0x101 | --gs-fieldswap-delay | hsync_count/integer | | 285 | 0x301 | --gs-use-deferred-l2h | | | 286 | 0x1 | --l2h-2d-params | TRXREG,BITBLTBUF,height | | 287 | 0x1 | --gs-uprender | [none,2x2] | | 288 | 0x1 | --gs-upscale | [none,gpu,edgesmooth,motionvec] | | 289 | 0x201 | --gs-aspect-ratio | aspect/float (default=0.81) | | 290 | 0x301 | --gs-progressive | | | 291 | 0x301 | --gs-force-bilinear | | | 292 | 0x301 | --gs-use-mipmap | | | 293 | 0x301 | --gs-use-clut-merge | | | 294 | 0x1 | --gs-kernel-cl | kernelVariant | | 295 | 0x1 | --gs-kernel-cl-up | kernelVariantUp | | 296 | 0x301 | --gs-optimize-30fps | | | 297 | 0x101 | --gs-motion-factor | motion factor | | 298 | 0x101 | --gs-vert-precision | pixelshift | | 299 | 0x301 | --gs-check-trans-rejection | | | 300 | 0x301 | --gs-check-trans-rejection68 | | | 301 | 0x301 | --gs-override-small-tri-area | | | 302 | 0x1 | --gs-flush-ad-xyz | [always,safe,off,0] | | 303 | 0x1 | --gs-dirty-page-policy | dirtyPagePolicy | | 304 | 0x101 | --gs-render-tile-threshold | | | 305 | 0x101 | --gs-opt-frbuff-switch | | | 306 | 0x301 | --gs-uv-shift-pointsampling | | | 307 | 0x301 | --gs-h2l-list-opt | | | 308 | 0x301 | --gs-h2l-accurate-hash | | | 309 | 0x301 | --gs-ignore-rect-correction | | | 310 | 0x301 | --gs-ignore-dirty-page-border | | | 311 | 0x101 | --gs-frontend-opt-mode | | | 312 | 0x301 | --gs-hdr-support | | | 313 | 0x301 | --gs-adaptive-frameskip | | | 314 | 0x4101 | --gs-scanout-offsetx | relative offset/ignored | | 315 | 0x4101 | --gs-scanout-offsety | relative offset/ignored | | 316 | 0x301 | --gs-skip-dirty-flush-on-mipmap | | | 317 | 0x301 | --gs-packed15-fmv-opt | | | 318 | 0x1 | --safe-area-min | area/float (range 0.9 to 1.0) | | 319 | 0x301 | --lopnor-config | | | 320 | 0x301 | --lua-script | | | 321 | 0x301 | --lua-debug-api | | | 322 | 0x301 | --lua-use-pcall | | | 323 | 0x301 | --lua-trace-gc | | | 324 | 0x301 | --lua-trace-fn | | | 325 | 0x301 | --lua-trace-hooks | | | 326 | 0x301 | --lua-trace-vmsteps | | | 327 | 0x301 | --load-trophy-lua | | | 328 | 0x301 | --load-tooling-lua | | | 329 | 0x301 | --load-feature-lua | | | 330 | 0x301 | --host-trophy-support | | | 330 | 0x301 | --trophy-support | | | 331 | 0x201 | --pcr0-delta-hack | ratio/float | | 332 | 0x1 | --app-entitlement | entitlement/string | | 333 | 0x301 | --ee-mem-check-eob | | | 334 | 0x1 | --ee-hook | | | 335 | 0x1 | --iop-hook | | | 336 | 0x301 | --game-live-streaming | | | 337 | 0x301 | --game-live-streaming-record | | | 338 | 0x301 | --remote-play | | | 339 | 0x301 | --screenshot | | | 340 | 0x1 | --screenshot-overlay-image | filename | | 341 | 0x1 | --screenshot-photo-title | title/string | | 343 | 0x1 | --screenshot-comment | string | | 344 | 0x301 | --video-recording | | | 345 | 0x1 | --mute-streaming-audio | [none,all,main,bgm] | | 346 | 0x301 | --share-play | | | 347 | 0x1 | --image-disc1 | filename | | 348 | 0x1 | --image-disc2 | filename | | 349 | 0x1 | --image-disc3 | filename | | 350 | 0x1 | --image-disc4 | filename | | 351 | 0x1 | --image-disc5 | filename | | 352 | 0x101 | --max-disc-num | [1-5] | | 353 | 0x101 | --boot-disc-id | [0-4] | | 354 | 0x101 | --switch-disc-delay | frame_count/integer | | 355 | 0x301 | --switch-disc-reset | | | 356 | 0x1 | --ps2-title-id | title_id (ex: SLUS-21059) | | 356 | 0x4001 | --title-id-override | title_id (ex: SLUS-21059) | | 357 | 0x1 | --ps2-lang | | | 358 | 0x1 | --savedata-fingerprint | ps2tc,ps4tc,fingerprint | | 359 | 0x301 | --pmc-enable | | | 360 | 0x101 | --pmc-buffer-size | MB | | 361 | 0x1 | --pmc-sample-freq | Hz | | 362 | 0x1 | --pmc-measure-frames | frames(int) | |============================================================================================================|
Note: Few commands is accidentally read with = , for example --elf-symbols=. Commands like this possibly expect == to be used. Anyway, good for us all of those cmds are meaningless.
PS2 Emulator Configuration Table Dumper IDA PRO Script[edit source]
IDA Script to dump this information. It should find all by itself. Should... Tested on Jak games emulator, and Rogue Galaxy emulator. Keep in mind that it will dump only to IDA PRO output window. To dump it to file, you need to modify this script by yourself. Script will separate fields by comma. Output will be ID, UNK, COMMMAND, COMMENT. Next commas are eventually from config comment itself.
import idc
import idaapi
def dump():
search = "00 2D 3F 00" #\x00 -? x\00
addr = idaapi.find_binary(0, ida_idaapi.BADADDR, search, 0x10, SEARCH_DOWN)
addr += 1
addr = get_first_dref_to(addr)
addr -= 0x8 # Some emus might need that line commented.
if addr != BADADDR:
while 1:
nr = get_wide_word(addr)
nr = "%s" % nr
unk = get_wide_word(addr + 2)
unk = "%x" % unk
cfg_str_ptr = get_qword(addr + 8)
cfg_str = get_strlit_contents(cfg_str_ptr, -1, STRTYPE_C)
cfg_str = cfg_str.decode("ascii")
cfg_cmt_ptr = get_qword(addr + 16)
cfg_cmt = get_strlit_contents(cfg_cmt_ptr, -1, STRTYPE_C)
cfg_cmt = cfg_cmt.decode("ascii")
if cfg_cmt_ptr != 0:
full_str = nr + ", 0x" + unk + ", " + cfg_str + ", " + cfg_cmt
else:
full_str = nr + ", 0x" + unk + ", " + cfg_str
print(full_str)
if cfg_str[0:1] != "-":
print("Finished!")
break
addr += 0x18
dump()
Fatal Fury Battle Archives Vol. 2 Modding[edit source]
It seems that modifying the eboot.bin of any emulator using HxD allows us to use commands without adding them to the CLI. Potentially, we could locate VU0's jit-sync and modify it to fix many issues, while changing the values of other commands to suit our needs. This is a to-do in the future. Considering it needs a lot of researching, I am not sure when and if to work on it. It is filled with what Stayhye calls "speculation".
Eboot MD5: 7fc9af268802b36ef299c3ee0448de7b
| Fatal Fury Battle Archives Vol. 2 Eboot | ||||||
|---|---|---|---|---|---|---|
| Offset (Eboot) | Value type | Normal value | Modified value | Notes | ||
| Counters speed | 50FE1 | 4 Bytes | 294912000 | Can be modified as needed for as long as the value fits 4 bytes. | ||
| EE Clock (Cycle scalar) | 50FE5 | 4 Bytes | 0x00010000 | Can be modified as needed for as long as the value fits 4 bytes. | It's converting decimals into hex? 0.1 -->0x19000000 0.19 --> 0x3000000 0.2 -->0x33000000 0.5 --> 0x80000000 0.98 --> 0xFA000000 0.987 --> 0xFC000000 0.996 --> 0xFE000000 0.999 --> 0xFF000000 | |
| IOP Clock (Cycle scalar) | 510EB | 4 Bytes | 0x80000000 | Can be modified as needed for as long as the value fits 4 bytes. | ||
| VU0 mpg cycles | 4DE410 | 8x 2 bytes | 100 (dec) | |||
| VU1 mpg cycles | 4DE420 | 8x 2 bytes | 100 (dec) | |||
| (?) | 5105B | 4 Bytes | 10000 | |||
| Binary or 1 byte??? | ||||||
| VU1 Jit-sync | 510DE | Binary | 10000010 | 10000011 | Adding jit-sync changes the value at the end to 1 | |
| Vif1-instant-xfer | Still unknown, but it sits to the left of VU1 Jit-sync when found using ps4 cheater. | Binary | 00011111 | 00001111 | Adding vif1-instant-xfer=0, changes the 1 to 0 | |
| VU0 vf00 | 51109 and 5110A | 1 Byte each? | 0xCB and 0x26 | 0x4B and 0x27 | Modified value is when the command is set to 2 | |
| VU0-di-bits | 5110A | 1 Byte | 0x26 | 0x06 | ||
| Completely unknown | ||||||
| ? | 51142 | 2 bytes? | 0x8 | |||
| ? | 51139 | 2 bytes? | 0x2 | |||
| ? | 510F5 | 2 bytes? | 0x7D | |||
| ? | 51114 | 2 bytes? | 0x3628 | Modifying creates an insane amount of sps | ||
| ? | 5127E | 2 bytes? | 0x8005 | |||
| ? | 51109 | 2 bytes? | 0xCB26 | |||
| ? | 4DEF60 | 8x 2 bytes | 1098907648(dec) | Seems to have something to do with VU0 | ||
| ? | 51194 | 4bytes? | 00A00000 | Controls screen size | ||
| ? | 50FD3 | 4bytes | 70000000 | --vif-thread-chunk-size?? | ||
| Framelimiter? | 59C318 | 0x3 |