Description
PlayStation 2 emulation on the PlayStaion 4 is handled with little difference to the PlayStation 3,
some issues that the PlayStation 3 faced have moved into the PlayStation 4 along with a few new issues.
The PS4 is too weak for emulation, and for that reason Sony had to sacrifice accuracy for performance
Each PS2ONPS4 package file (.pkg) includes the emulator itself, the ps4 does not have a native built-in emulator in its firmware but it does have some PS2 emulator specific features, like the functions sceLncUtilIsPs2Emu, sceShellCoreUtilGetImposeMenuFlagForPs2Emu, sceSystemServiceAddLocalProcessForPs2Emu, or sceSystemServiceShowImposeMenuForPs2Emu.
Emulators are programmed to be accurate for the games that they were made for, and that alone is a challenge for accurate emulation. since emulators include per title patches, and different default settings, and since the Playstation 2 hardware is a complex system to emulate, any small change in configuration can have make or break a game.
Currently the most used emulator is Jakv2 since it is the most compatible, but for game crashes we use RECVX, and for VU accuracy we use roguev1.
The BIOS itself is included in the game's pkg and it is the exact same BIOS that was used in the ps2_netemu. Another important thing is the lack of encryption mechanism for PS2 game disc image file, this time it is just a plain ISO file, but the emulator still supports LIMG sector that allows the usage of non-2048 sector size discs. Memory card is also decrypted, but the emulator checks the crc of some of the regions to ensure that the memory card was Not modified. the PS2 Emulator supports LUA scripting by "Lua Bridge", and it is an extremely powerful interface that provide many possibilities to improve compatibility.
This is first time that Sony really cared about floats in their emulator. Compared to the PS3 CPU, x86-64 is doing a worse job in mimicing PS2 FPU and VU floats calculation behavior. This is resolved by clamping, accurate math used per memory offset, and/or converting floats to double precision. the emulator uses openCL for GS, and probably other components.
Emulator Configuration
Files
Emulator configuration is handled by 4 files:
- config-emu-ps4.txt - Stores paths, basic video/audio settings in official packages. But unofficially can be also used for advanced settings for global effect in multi disc .pkg with all commands originally used in cli.conf file.
- XXXX-YYYYY_cli.conf - Stores per disc advanced settings. GS, VU, EE, IOP, FPU, COP2 emulation settings, are here. Also hacks, and hooks.
- XXXX-YYYYY_config.lua - Used for per disc advanced scripts. Patching EE/IOP memory, Conditional hooks.
- disc-swap-cli.conf - Stores info of multi disc games.
Commands
Known functions: Require cleanup.
The rest of the cli and lua commands can all be found inside of an emu's decrypted eboot.bin.
config-emu-ps4.txt commands
Command |
Values |
Notes |
Usage
|
|
Misc |
|
|
--config-local-lua |
|
|
--config-local-lua=""
|
--load-tooling-lua |
|
|
--load-tooling-lua=0
|
--max-console-spam |
|
|
|
--path-snaps |
dir/folder |
Path to savestates folder |
--path-snaps="/tmp/snapshots"
|
--path-recordings |
dir/folder |
|
--path-recordings="/tmp/recordings"
|
--path-memcards |
dir/folder |
|
|
--path-vmc |
dir/folder |
|
--path-vmc="/tmp/vmc"
|
--emulog-file |
0, 1 |
Creates a log file with information that is Rarely useful |
--emulog-file=1
|
--path-emulog |
dir/folder |
Sets the directory of the emulog file, Requires --emulog-file=1 command |
--path-emulog="/tmp/recordings"
|
--path-manual |
dir/folder |
|
|
--path-patches |
dir/folder |
Path to patches folder |
--path-patches="/app0/patches"
|
--path-trophydata |
dir/folder |
|
--path-trophydata="/app0/trophy_data"
|
--path-featuredata |
dir/folder |
Path to folder with XXXX-YYYYY_features.lua file |
--path-featuredata="/app0/feature_data"
|
--path-postproc |
dir/folder |
Post-processing (shaders?) |
|
--path-toolingscript |
dir/folder |
|
--path-toolingscript="/app0/patches"
|
--snapshot-name |
|
|
|
--snapshot-datafile |
|
|
|
--snapshot-restore |
|
|
|
--snapshot-save |
frameId(?) |
|
|
--snapshot-mcd-files |
|
|
|
--snapshot-repeat |
repeat_count |
|
|
--snapshot-modulo |
|
|
|
--host-keyboard |
slot [0-7] |
|
--host-keyboard=4
|
--host-window-scale |
scale/float |
|
--host-window-scale=0.5
|
--host-window-pos |
x,y |
|
|
--host-display-mode |
normal,full,4:3,16:9 |
Set display mode |
--host-display-mode=full
|
--host-graph |
fps |
Debug option that requires an unleaked debug ps2 bios |
--host-graph=fps
|
--host-osd |
verbose, minimal |
|
--host-osd=0
|
--host-vsync |
0, 1 |
Enable or disable vsync |
--host-vsync=1
|
--host-trophy-support |
|
|
|
--rtc-epoch |
unix_time (seconds since epoch) |
|
--rtc-epoch=1523776362
|
--framelimiter |
0, 1 |
Enable or disable Frame limiting |
--framelimiter=1
|
--framelimit-fps |
FPS/float |
framelimiter |
--framelimit-fps=0.8
|
--framelimit-scalar |
scalar/float |
scalar must be between 0.1 and 5.0 |
--framelimit-scalar=3.2
|
--framelimit-mode |
slowest,slower,slow,normal,fast,fastest,turbo |
A Standalone framelimiter |
--framelimit-mode=fast
|
--ps2-lang |
system |
sets language, Might seem like a useless command, but a Tiny number of games refuse to boot without a selected language. |
--ps2-lang=system
|
--ps2-title-id |
XXXX-YYYYY Example: (SLUS-21515) |
Sets title-id for patches, Requires the game's region code as value |
--ps2-title-id=SLES-50366
|
--gs-uprender |
none, 2x2 |
Internal resolution upscaler. |
--gs-uprender=2x2
|
--gs-upscale |
none, gpu, edgesmooth, motionvec, point, motionvector, smooth, motion |
upscaling type |
--gs-upscale=EdgeSmooth
|
|
CDVD |
|
|
--max-disc-num |
1-5 |
numbers of discs in package (maximum=5) |
--max-disc-num=1
|
--boot-disc-id |
1-5 |
sets boot disc for multi-disc pkg |
--boot-disc-id=0
|
--switch-disc-reset |
1 = Enables resetting the game upon disc swap
0 = Disables resetting the game upon disc swap |
0 Can be used to prevent Resetting the game when switching multiple discs, useful for games like Samurai warriors 2 that have Import data Feature, Sadly this command isn't supported by many emulators, but jakv2 is confirmed to support it |
--switch-disc-reset=1
|
--cdvd-sector-read-cycles |
0.1 = Fastest,
80000 = Slowest |
Set DVD reading speed, higher values are slower, lower values are faster, Kinetica uses 40000, Psychonauts 4000, Red dead revolver 5000, Rise of kasai 31000, some games require moderate speed, too slow or too fast could cause audio problems. |
--cdvd-sector-read-cycles=40000
|
--cdvd-sector-seek-cycles |
0.1 = Fastest,
80000 = Slowest |
Set the speed at which the emulated CDVD spins, higher values are slower,
lower values are faster, fixes boot-up sometimes. More info here [1]. |
--cdvd-sector-seek-cycles=1
|
--verbose-cdvd-reads |
0, 1 |
Might improve disc reading if set to 1 |
--verbose-cdvd-reads=0
|
|
Audio |
|
|
--host-audio-latency |
msec/float |
Audio latency must be between 0.010 and 4.0 |
--host-audio-latency=1.5
|
--path-audio-images |
dir/folder |
|
|
--record-audio |
|
|
|
--record-audio-img |
|
|
|
--record-audio-image |
|
|
|
--record-audio-ext |
|
|
|
--host-audio |
1,0,on,off,mono |
|
--host-audio=1
|
--mute-audio |
all,none,main,bgm |
|
--mute-audio=all
|
--mute-streaming-audio |
all,none,main,bgm |
|
--mute-streaming-audio=all
|
|
Controllers |
|
|
--ds4-deadzone-adjust |
|
|
|
--ds4-diagonal-adjust |
|
|
|
--host-pad-loses-focus |
|
|
--host-pad-loses-focus=1
|
--host-gamepads |
0, 1 |
This command was used to fix urban reign allowing only 1 controller. |
--host-gamepads=1
|
--pad-record |
0, 1 |
Enables Logging pad info in emulog |
|
--pad-analog-to-digital |
0, 1 |
Eternel ring emu uses the value 0 |
--pad-analog-to-digital=0
|
--mtap1 |
Disabled, Always, ByHost |
Multitap switch, The values are correct but the multitap only works in certain games. |
--mtap1=always
|
--mtap2 |
Disabled, Always, ByHost |
Multitap switch, some games require multitap to be selected only on second port (1, 2-a, 2-b, 2-c layout). To achieve that we need to disable first mtap. |
--mtap2=always
|
XXXX-YYYYY_cli.conf commands
Please note that the commands listed here also work in config-emu-ps4.txt. But the official way to use them is by CLI file. The CLI file way is also needed for multi-disc packages. Some of the commands are still not discovered, and some known commands are missing their values.
All CLI commands are pre-made. It's not possible to create CLI commands out of thin air.
The values of the commands are also pre-defined by Sony and/or have a set of possible values or ranges.
Some CLI commands have no effect and were added to the eboot.bin without any programming. Some useful commands were removed or added in different emu revisions, or their effects changed.
EE
commands for the emulated Emotion Engine. These commands may assist you in gaining performance or better sync.
Command |
Values |
Notes |
Usage
|
|
Speedhacks |
|
|
--ee-cycle-scalar |
[Overclocking]
(0.99 => 0.1)
[Underclocking]
(1.1 => 5.0) |
Underclocking the ee can be useful for performance gain (Can cause stuttering fmvs though.) And overclocking the ee should only be useful for the purpose of fixing games. The default value is 1.0 |
--ee-cycle-scalar=1.0
|
--ee-context-switch-cycles |
[Overclocking(?)]
(0.99 => 0.1)
[Cycle skipping(?)]
(1.1 => ∞ ) |
This command's function is yet to be discovered. Its effects are similar to cyclescalar, regardless, It's not supported by Jak emulators. |
--ee-context-switch-cycles=2700?
|
--ee-hook |
AdvanceClock
FastForwardClock
Mfifodrain |
Apply a function into an offset in the ee memory. FastForwardClock is likely an overclocking function while AdvanceClock is the opposite. Mfifodrain is still unknown. |
--ee-hook=0x0025A9F2,AdvanceClock,,500 --ee-hook=0x0019F0AD,FastForwardClock
|
|
Game fixes |
|
|
--ee-jit-pagefault-threshold |
0-254 |
Reduces the occurrence of crashes the higher it is. Only accepts 1 byte long values with 254 being the limit |
--ee-jit-pagefault-threshold=40
|
--ee-block-validation |
PageProt, PageProtection, Hash, Full, none |
way of validating that block been modified, and require recompilation. [Some info about PageProt way] |
--ee-block-validation=None
|
--ee-shorthash-len |
inst_count/integer |
Length of shorthash in instruction/opcode count. Require --ee-block-validation=Hash |
|
--ee-const-folding |
None,Gpr,Fpu,All |
EE constant folding. "All" seems to be the default option. |
--ee-const-folding=none
|
--ee-ignore-segfault |
none, read, write, readwrite |
Ignore segmentation fault. May help with crashes but will probably cause graphical inaccuracies |
--ee-ignore-segfault=readwrite
|
--ee-native-function |
memcpy
memset |
Check redfaction's config for more details. |
--ee-native-function=memcpy,0x11e328
|
|
Other |
|
|
--ee-jit-disasm |
0 or 1 for mips and 2 for x86 |
Emotion engine Just in Time disassembler mode (Likely a debug log option) |
--ee-jit-disasm=1
|
--ee-ignore-break |
0, 1 |
When enabled, BREAK instructions will be ignored. |
|
--ee-break-as-nop |
0, 1 |
Turns a BREAK instruction into a NOP Instruction (this seems to be rarely useful as Break usually mean eof) |
--ee-break-as-nop=1
|
--ee-jit-opt-debug |
0, 1 |
|
|
--ee-pc-coherency |
0, 1 |
|
|
--ee-insn-flush-pc |
0, 1 |
|
|
--ee-inst-marking |
0,1? |
|
|
--ee-insn-marking |
0,1? |
|
|
--ee-kernel-hle |
0, 1 |
High-level emulation kernel |
|
--ee-injection-kernel |
0, 1 |
|
|
--ee-injection-title |
0, 1 |
|
|
--ee-validate-kernel |
0, 1 |
|
|
--ee-regalloc-scalar |
0,none,ReadOnly,WriteOnly,RW |
register allocation setting |
|
--ee-regalloc-simd |
readwrite, writeonly, readonly |
register allocation setting |
|
--ee-regalloc-preserve-scalar |
LoadOnly, LO, StoreOnly, SO, LoadStore, LS |
EE JIT Scalar/Int Regalloc Mode |
--ee-regalloc-preserve-scalar=LoadStore
|
--ee-regalloc-preserve-simd |
ReadOnly, RO, WriteOnly WO, RW |
EE JIT SIMD/XMM Regalloc Mode |
--ee-regalloc-preserve-simd=RW
|
--ee-static-block-links |
options Type,Type,... [Branch,Branches,JAL,COP2,All] |
|
--ee-static-block-links=JAL,COP2
|
--vtune-ee |
|
|
|
--ee-live32 |
0,1? |
|
|
--ee-cache-breaks-block |
0,1? |
|
|
--ee-evt-check-full |
0, 1 |
|
|
--ee-peephole |
0, 1? |
|
|
--ee-load-rewrites |
0,1? |
|
|
--ee-store-rewrites |
0,1? |
|
|
--ee-precompile-trace |
|
|
|
--ee-penalize-short-blocks |
0, 1 |
|
|
--ee-mem-check-eob |
|
EE memory check end of block |
|
--ee-insn-callmark |
|
|
|
--ee-inline-limit-full |
insn_count/integer |
|
|
--ee-inline-limit-partial |
|
|
|
--ee-stlf-cycle-threshold |
? |
? |
|
--detect-idle-ee |
0, 1 |
|
--detect-idle-ee=1
|
FPU
The FPU is a fast single-precision unit that serves the EE. It's also called (COP1).
Command |
Values |
Notes |
Usage
|
|
Game fixes |
|
|
--fpu-no-clamping |
1 = Heavy clamping
0 = Light clamping |
changes the clamping behavior of the FPU. The default emulator's behavior is none of the included values and cannot be set by CLI commands. |
--fpu-no-clamping=0
|
--fpu-custom-min-max |
0, 1 |
Custom Max/Mini logic for denormals. Enabled by default. Disabling it might break some games |
--fpu-custom-min-max=0
|
--fpu-accurate-range |
start,end offset (0x0 - 0x1FFFFFF) |
accurate Mul/Div/Add/Sub Math instructions for the FPU by using software floats rather than hardware floats. Can be used for full EE/FPU Mathematical accuracy in the specified range. |
--fpu-accurate-range=0x1acce0,0x2acce0
|
--fpu-no-clamp-range |
start,end offset (0x0 - 0x1FFFFFF) |
heavy clamping for the FPU in the selected memory range. |
--fpu-no-clamp-range=0x1acce0,0x2acce0
|
--fpu-accurate-muldiv |
0 = Disabled
1 = Enabled |
allows the FPU to accurately Divide/Multiply by 0 for all offsets by using software floats rather than hardware floats. (Extremely slow) |
--fpu-accurate-muldiv=1
|
--fpu-accurate-addsub |
0 = Disabled
1 = Enabled |
allows the FPU to accurately Add/Subtract for all offsets by using software floats rather than hardware floats. (Extremely slow) |
--fpu-accurate-addsub=1
|
--fpjk-muldiv-range |
offset (0x0 - 0x1FFFFFF) |
? |
--fpjk-muldiv-range=0x123456
|
--fpu-accurate-muldiv-range |
start,end offset (0x0 - 0x1FFFFFF) |
allows the FPU to accurately Divide/Multiply by 0 in the specified ee memory range by using software floats rather than hardware floats. |
--fpu-accurate-muldiv-range=0x1acce0,0x2acce0
|
--fpu-accurate-addsub-range |
start,end offset (0x0 - 0x1FFFFFF) |
allows the FPU to accurately Add/Subtract in the specified ee memory range by using software floats rather than hardware floats. |
--fpu-accurate-addsub-range=0x1acce0,0x2acce0
|
|
Speedhacks |
|
|
--fpu-rsqrt-fast-estimate |
0, 1 |
Less accurate RSQRT. Possible speedhack but can degrade accuracy. Enabled by default. Disabling it is required for full FPU accuracy |
--fpu-rsqrt-fast-estimate=1
|
--fpu-accurate-mul-fast |
0, 1 |
A speed up option for --fpu-accurate-muldiv-range that only has an effect while the "muldiv" command is being used. |
--fpu-accurate-mul-fast=1
|
|
Other |
|
|
--fpu-custom-fused-madd |
0, 1 |
Custom FMA (fused multiply-add). Disabled by default. |
--fpu-custom-fused-madd=0
|
--fpu-to-double |
0, 1 |
Converts floats to doubles (Accurate) |
--fpu-to-double=1
|
--fpu-clamp-operands |
0, 1 |
Improves FPU clamping |
--fpu-clamp-operands=1
|
--fpu-clamp-results |
0, 1 |
Improves FPU clamping |
--fpu-clamp-results=1
|
VIF
Decompresses vector data, uploads microprograms to the VUs, and sends graphical data to the GIF,
VIF CLI commands are mostly used for fixing games that freeze.
Command |
Values |
Notes |
Usage
|
|
VIF |
Game fixes |
|
--vif-ignore-invalid-cmd |
0, 1 |
Ignore invalid vif commands. In some cases, setting it to 1 can fix games that freeze while showing the same frame. |
--vif-ignore-invalid-cmd=1
|
--vif-thread-chunk-size |
1, 1000 |
Unknown usage, Regardless, it seems that 1024 is the limit. Only integer values are permitted. |
--vif-thread-chunk-size=100
|
--detect-idle-vif |
0, 1 |
Enabled by default. Unknown function |
--detect-idle-vif=0
|
|
VIF1 |
Game fixes |
|
--vif1-ignore-cmd-ints |
0, 1 |
Set to 1 to Ignore CMD ints. Can in some cases fix games that freeze while showing the same frame if set to 1.
Games likes "Men in Black II - Alien Escape" and
"Test Drive Unlimited" Will always need it. |
--vif1-ignore-cmd-ints=1
|
--vif1-instant-xfer |
1 = Instant VIF1
0 = Delayed VIF1 |
Allows you to change VIF1 timing. 0 is more accurate. can be used to fix graphical glitches or to prevent the game from freezing. |
--vif1-instant-xfer=0
|
GS
"GS" stands for Graphics Synthesizer. It's the PlayStation®2's co-processor that's responsible for rendering the graphics (but is also used by some games for additional calculations and other purposes)
Command |
Values |
Notes |
Usage
|
|
Speedhacks |
|
|
--gs-optimize-30fps |
0, 1 |
Speedhack for GS hungry games. |
--gs-optimize-30fps=1
|
--gs-adaptive-frameskip |
0, 1 |
Speedhack. Skips frames when the gs demands more resources than there are available. doesn't work on all emulators. Does however work on jak emulators |
--gs-adaptive-frameskip=1
|
|
Gs settings / Behaviour |
|
|
--gs-use-deferred-l2h |
0, 1 |
Delay option for L2H (local to host, GS to EE). |
--gs-use-deferred-l2h=1
|
--gs-uprender |
none,2x2 |
Internal resolution upscaler. |
--gs-uprender=2x2
|
--gs-upscale |
none, gpu, edgesmooth, smooth, motion, motionvec, motionvector, point |
Upscaling type Selector |
--gs-upscale=EdgeSmooth
|
--gs-kernel-cl-up |
"DarkCloud2" "fantavision" "h2lpool2x2", "OptRightTri", "clutmerge2x2", "mipmap2x2", "up2x2simple", "up2x2skipinterp", "up2x2tc", "up2x2", default |
Kernel Variant Color lookup Upscaler (?), Mipmap and clutmerge and h2l will have to be enabled first before using their options |
--gs-kernel-cl-up="clutmerge2x2"
|
--gs-override-small-tri-area |
0, 1 |
Could potentially restore missing text in some games. |
--gs-override-small-tri-area=1
|
--gs-dirty-page-policy |
0, 1 |
|
--gs-dirty-page-policy=1
|
--gs-ignore-dirty-page-border |
0, 1 |
? |
--gs-ignore-dirty-page-border=1
|
--gs-ignore-rect-correction |
0, 1 |
|
--gs-ignore-rect-correction=1
|
--gs-opt-frbuff-switch |
0, 1 |
|
--gs-opt-frbuff-switch=0
|
--gs-kernel-cl |
h2lpool, clutmerge, mipmap, DarkCloud2, fantavision, Mipmap and clutmerge and h2l will have to be enabled first before using their options |
Kernel Variant Color lookup(?). Options included here can be upscaling if --gs-kernel-cl-up were to be used along with it |
--gs-kernel-cl="clutmerge"
|
--force-frame-blend |
0, 1 |
Enables blend (Deinterlacing?). Should be used to fix games with shaking screens. |
--force-frame-blend=1
|
--force-pal-60hz |
0, 1 |
Enables 60hz PAL mode. |
--force-pal-60hz=1
|
--gs-use-clut-merge |
0, 1 |
Color lookup table(?). It could possibly solve graphical issues or improve the quality of the colors. |
--gs-use-clut-merge=1
|
--gs-use-mipmap |
0, 1 |
Enables Mipmapping. Can be used to fix Graphics. |
--gs-use-mipmap=1
|
--gs-progressive |
0, 1 |
Enables progressive scan. It's used to fix Graphical glitches/double screen issues. |
|
--gs-vert-precision |
8, 16 |
3D Rendering vertex precision, the emu expects the values of 8 or 16. Any other values are not permitted. |
--gs-vert-precision=8
|
--gs-force-bilinear |
0, 1 |
enables bilinear filtering. can fix ghosting problems in some cases. But despite this, it's not recommended for games that use 2D images. |
--gs-force-bilinear=1
|
--gs-skip-dirty-flush-on-mipmap |
0, 1 |
Skip flushing the texture cache when mipmap settings change (?). It does, however, require mipmap to be enabled first. |
--gs-skip-dirty-flush-on-mipmap=1
|
--gs-packed15-fmv-opt |
0, 1 |
|
--gs-packed15-fmv-opt=1
|
--gs-fieldswap-delay |
0, 254 |
Wait longer than usual to change field. Reduces Sharpness. |
|
--gs-uv-shift-pointsampling |
0, 1 |
Can be used on games like manhunt that have issues with UV light rendering |
--gs-uv-shift-pointsampling=1
|
--gs-render-tile-threshold |
0, 3000000 |
|
--gs-render-tile-threshold=300000
|
--threaded-gs |
0, 1 |
Multi-threaded-gs ? |
--threaded-gs=1
|
--gs-aspect-ratio |
aspect/float (default=0.81) |
|
--gs-aspect-ratio=0.65
|
--gs-frontend-opt-mode |
0, 1, 2 |
? |
--gs-frontend-opt-mode=1
|
--gs-motion-factor |
25, 50 |
|
--gs-motion-factor=25
|
--gs-scanout-delay |
0, 200 |
|
--gs-scanout-delay=200
|
--gs-scanout-offsetx |
relative offset/ignored |
Directly overwrite GS register? |
--gs-scanout-offsetx=27
|
--gs-scanout-offsety |
relative offset/ignored |
Directly overwrite GS register? |
--gs-scanout-offsety=27
|
--gs-flush-ad-xyz |
always, safe, safeZwrite, off, 0 |
Force a primitive flush when a framebuffer is also an input texture. This fixes some processing effects, but despite that fact, it's very heavy on the GS and will cost you performance, GTA: SA and Jak games need this command. |
--gs-flush-ad-xyz=safe
|
--gs-check-trans-rejection |
0, 1 |
Check transfer rejection ? |
--gs-check-trans-rejection=1
|
--gs-check-trans-rejection68 |
0, 1 |
|
--gs-check-trans-rejection68=1
|
--safe-area-min |
area/float (range 0.9 to 1.0) any other values outside of that range will be rejected by the emulator |
|
--safe-area-min=0.9
|
--l2h-2d-params |
TRXREG,BITBLTBUF,height |
|
--l2h-2d-params=0x0000000800000001,0x000000003a0a2300,512,2
|
--gs-h2l-accurate-hash |
0, 1 |
Used with h2l Upscaler |
--gs-h2l-accurate-hash=1
|
--gs-h2l-list-opt |
0, 1 |
Used with h2l Upscaler |
--gs-h2l-list-opt=1
|
|
Other |
|
|
--framelimit-mode |
slowest,slower,slow,normal,fast,fastest,turbo |
Standalone Framelimiter |
--framelimit-mode=fast
|
--gs-hdr-support |
0, 1? |
? |
|
VU
Custom DSPs used to process vertex data, physics calculations, and other related tasks. Settings found here affect VU1 & VU0 & COP2
Command |
Values |
Notes |
Usage
|
|
Graphical fixes |
|
|
--vu-xgkick-delay |
Limit is between
(0 => 31) |
Delay xgkick instruction execution. PCSX2 uses 6 cycles, PS3 uses 2-8 cycles depending on the game. Can be used to repair missing graphics with 0 being the most compatible. Useful for games with GIF issues |
--vu-xgkick-delay=8
|
--vu-custom-min-max |
0, 1 |
Custom Max/Mini logic for denormals, Disabled on pcsx2 by default but enabled by default on a couple of emus like jakv2. Disabling it could potentially restore missing graphics. |
--vu-custom-min-max=0
|
|
Game fixes |
|
|
--vu-hack-triace |
0, 1 |
Special hack for games that were Developed by Tri Ace, correct VU addi calculation. Without it result is one bit off, which is enough to break game decryption algo, and thus crashing the game. |
--vu-hack-triace=1
|
--vu-branch-hazard |
0, 1 |
Disabling it managed to prevent "Batman - Rise of Sin Tzu" from Crashing |
--vu-branch-hazard=0
|
--vu-evil-branches |
0, 1 |
Take in count branch in delay slot, or not. More Info |
|
--vu-to-double |
0, 1 |
Converts floats to double. Enabling it
is the accurate option. |
--vu-to-double=1
|
--vu-custom-fused-madd |
0, 1 |
Custom FMA (fused multiply-add). Disabled by default |
--vu-custom-fused-madd=1
|
|
Speedhacks |
|
|
--vu-opt-sf-check |
0, 1 |
Updates status flags only on blocks which will read them. Known in pcsx2 as mVU flag hack. Won't work with most emulators, but will work on Arc Twilight of the Spirits™ |
--vu-opt-sf-check=1
|
--vu-opt-jr-caching |
0, 1 |
Optimize Jump Register caching. (vi15). Won't work with most emulators but will work on Arc Twilight of the Spirits™ |
--vu-opt-jr-caching=1
|
|
Other |
|
|
--vu-d-bit |
0, 1 |
Debug break. Halts the VU and sends an interrupt to the EE. |
--vu-d-bit=0
|
--vu-t-bit |
0, 1 |
Debug halt. Acts similarly to D-bit |
--vu-t-bit=0
|
--vu-inst-mflag |
0, 1 |
? |
--vu-inst-mflag=1
|
--vu-inst-cflag |
0, 1 |
? |
--vu-inst-cflag=1
|
--vtune-vu |
? |
? |
|
--vu-jit-disasm |
0, 1, 2 |
? |
--vu-jit-disasm=1
|
--vu-range-merge |
vu_inst_cnt |
? |
|
VU1
VU1 is the GS’s alternate processing unit, Commands here can possibly improve performance, Prevent crashes, and resolve SPS issues.
Command |
Values |
Notes |
Usage
|
|
Speedhacks |
|
|
--vu1-mpg-cycles |
0.1 - 20000 |
Set initial speed for VU1 Micro-programs. Increasing it will result in better performance while decreasing it will do the opposite. Increasing it can also sometimes help games that are MTVU sensitive. |
--vu1-mpg-cycles=1000
|
--vu1-di-bits |
0, 1 |
0 to skip setting Invalid, and Div by zero flags in status register. Can be used as speedhack as it skips costly calculations, but at the same time can cause issues like broken geometry. |
--vu1-di-bits=0
|
--vu1-const-prop |
0, 1 |
Enabled by default. 0 will disable it and cause performance issues.More info |
--vu1-const-prop=1
|
--vu1-opt-flags |
0, 1, 2 |
Optimize flags instances when do VU recompilation (1 is safe, 2 update sticky, and mac flag on every status flag update) More Info |
--vu1-opt-flags=0
|
--vu1-opt-vf00 |
0, 1, 2 |
Optimization for the vf00 register. |
--vu1-opt-vf00=2
|
--vu1-jr-cache-policy |
newprog, sameprog, auto, new, same |
PCSX2 uses newprog as default setting.Info |
--vu1-jr-cache-policy=sameprog
|
--vu1-jalr-cache-policy |
newprog, sameprog, auto, new, same |
PCSX2 uses newprog as default setting.Info |
--vu1-jalr-cache-policy=sameprog
|
|
Game fixes / Graphical fixes |
|
|
--vu1 |
jit-sync, jit, trans, jit-async |
Selector between IR/JIT and it modes, jit-sync works similarly to disabling MTVU. |
--vu1=jit-sync
|
--vu1-no-clamping |
1 = Heavy clamping
0 = Light clamping |
Changes the clamping behavior of the VU1. The default emulator's behavior is is none of the included values and cannot be set by CLI commands. |
--vu1-no-clamping=0
|
--vu1-clamp-range |
vu1 memory offset start,end (0x0 - 0x3FF) |
Values must be 2 bytes or lower and should not exceed 0x0800 |
|
--vu1-accurate-addsub-range |
vu1 memory offset start,end (0x0 - 0x3FF) |
Allows the VU1 to accurately Add/Subtract in the specified ee memory range by using software floats rather than hardware floats. |
--vu1-accurate-addsub-range=0x0000,0x0600
|
--vu1-mul0fix-range |
vu1 memory offset start,end (0x0 - 0x3FF) |
Allows the VU1 to accurately Multiply by 0 in the specified ee memory range by using software floats rather than hardware floats. |
--vu1-mul0fix-range=0x123,0x123
|
--vu1-injection |
0, 1 |
unknown |
--vu1-injection=1
|
--vu1-native-patch |
0, 1 |
Use native patches from recompiler, not compatible with jak emus, Could be VU1 round mode since sony uses it for their official release of Primal, and Primal is known to require that mode to work correctly. |
--vu1-native-patch=1
|
|
Other |
|
|
--vu1-inst-p |
0, 1 |
instant P, no stalling on WAITP, or instances of P |
--vu1-inst-p=1
|
--vu1-use-rcp |
0, 1 |
Use sse rcp. Disabled by default |
|
--vu1-use-rsqrt |
0, 1 |
Use sse rsqrt. Enabeled by default |
|
--vu1-clamp-operands |
0, 1 |
Improves VU1 clamping |
--vu1-clamp-operands=1
|
--vu1-clamp-results |
0, 1 |
Improves VU1 clamping |
--vu1-clamp-results=1
|
--vu1-inst-q |
0, 1 |
instant Q, no stalling on WAITQ, or instances of Q. |
--vu1-inst-q=1
|
--assert-path1-ad |
0, 1 |
Path 1 is how the GIF takes data from VU1 via XGKICK instruction. It's unknown what this command does but it's related to VU1 |
--assert-path1-ad=1
|
VU0
VU0 is the EE’s alternate processing unit , it is also called "micro-mode"
Command |
Values |
Notes |
Usage
|
|
Speedhacks |
|
|
--vu0-mpg-cycles |
0.1 - 20000 |
Set initial cycle speed for VU0 Micro-programs. |
--vu0-mpg-cycles=1000
|
--vu0-di-bits |
0, 1 |
0 to skip setting Invalid, and Div by zero flags in status register. Can be used as speedhack as it skips costly calculations, but at the same time can cause issues like broken geometry, and weird physics behavior. Depending per game. |
--vu0-di-bits=0
|
--vu0-const-prop |
0, 1 |
Constant propagation, can Be used as speedhack for VU0 hungry games when set to 1 More info |
--vu0-const-prop=1
|
--vu0-opt-vf00 |
0, 1, 2 |
Optimization for the vf00 register. |
--vu0-opt-vf00=1
|
--vu0-opt-flags |
0, 1, 2 |
Optimize flags when do VU recompilation (1 is safe, 2 update sticky, and mac flag on every status flag update) More Info |
--vu0-opt-flags=1
|
--vu0-jr-cache-policy |
newprog, sameprog, auto, new, same |
PCSX2 use newprog as default setting Info |
--vu0-jr-cache-policy=sameprog
|
--vu0-jalr-cache-policy |
newprog, sameprog, auto, new, same |
PCSX2 use newprog as default setting Info |
--vu0-jalr-cache-policy=sameprog
|
|
Game fixes |
|
|
--vu0-clamp-range |
start, end offset (0x0 - 0xA000) |
per range clamping for VU0 |
--vu0-clamp-range=0x100,0x120
|
--vu0-no-clamping |
1 = Heavy clamping
0 = Light clamping |
Changes the clamping behavior of the VU0. The default emulator's behavior is none of the included values and cannot be set by CLI commands. |
--vu0-no-clamping=0
|
--vu0-accurate-addsub-range |
offset (0x0 - 0xA000) |
Allows the VU0 to accurately Add/Subtract in the specified ee memory range by using software floats rather than hardware floats. |
|
--vu0-mul0fix-range |
vu0 memory offset start,end (0x0 - 0xA000) |
Allows the VU0 to accurately Multiply by 0 in the specified ee memory range by using software floats rather than hardware floats |
|
|
Other |
|
|
--vu0-injection |
0, 1 |
Uknown usage. |
--vu0-injection=1
|
--vu0-inst-q |
0, 1 |
instant Q, no stalling on WAITQ, or instances of Q |
--vu0-inst-q=1
|
--vu0-inst-p |
0, 1 |
instant P, no stalling on WAITP, or instances of P |
--vu0-inst-p=1
|
--vu0-use-rcp |
0, 1 |
use sse rcp |
--vu0-use-rcp=1
|
--vu0-use-rsqrt |
0, 1 |
use sse rsqrt |
--vu0-use-rsqrt=1
|
--vu0-clamp-operands |
0, 1 |
Improves VU0 clamping |
--vu0-clamp-operands=1
|
--vu0-clamp-results |
0, 1 |
Improves VU0 clamping |
--vu0-clamp-results=1
|
COP2
COP2, Also known as VU0 Macro-mode. these commands "may" only be useful for games that use M-bit
Command |
Values |
Notes |
Usage
|
|
Speedhacks |
|
|
--cop2-opt-flags |
0, 1 ,2 |
Optimize flags when do VU recompilation (1 is safe, 2 update sticky, and mac flag on every status flag update) More Info |
--cop2-opt-flags=1
|
--cop2-opt-vf00 |
0, 1, 2 |
Optimization for the vf00 register. |
--cop2-opt-vf00=1
|
--cop2-const-prop |
0, 1 |
Constant propagation, Can Be Used as speedhack for COP2 hungry games when set to 1 More info |
--cop2-const-prop=1
|
--cop2-di-bits |
0, 1 |
0 to skip setting Invalid, and Div by Zero flags in status register, and therefore improve performance. Can be used as speedhack as it skip costly calculations. |
--cop2-di-bits=0
|
|
Game fixes |
|
|
--cop2-no-clamping |
1 = Heavy clamping
0 = Light clamping |
Changes the clamping behavior of the COP2. The default emulator's behavior is none of the included values and cannot be set by CLI commands. |
--cop2-no-clamping=0
|
--cop2-accurate-range |
start,end offset (0x0 - 0x1FFFFFF) |
Accurate Mul/Div/Add/Sub Math instructions for the COP2 by using software floats rather than hardware floats. Can be used for full COP2 Mathematical accuracy in the specified range. |
--cop2-accurate-range=0x123456,0x134567
|
--cop2-no-clamp-range |
start,end offset (0x0 - 0x1FFFFFF) |
Per-range clamping for COP2. |
--cop2-no-clamp-range=0x123456,0x134567
|
--cop2-accurate-mul-range |
start,end offset (0x0 - 0x1FFFFFF) |
Accurate Multiplication instructions for the COP2 in the specified range by using software floats rather than hardware floats |
--cop2-accurate-mul-range=0x123456,0x134567
|
--cop2-accurate-mul |
1 = Enabled
0 = Disabled |
Allows the COP2 to accurately Multiply for all offsets by using software floats rather than hardware floats. (Extremely slow) |
--cop2-accurate-mul=1
|
--cop2-accurate-addsub |
1 = Enabled
0 = Disabled |
Allows the COP2 to accurately Add/Subtract for all offsets by using software floats rather than hardware floats. (Extremely slow) |
--cop2-accurate-addsub=1
|
--cop2-accurate-addsub-range |
start,end offset (0x0 - 0x1FFFFFF) |
Allows the COP2 to accurately Add/Subtract in the specified ee memory range by using software floats rather than hardware floats. |
--cop2-accurate-addsub-range=0x123456,0x134567
|
|
Other |
|
|
--cop2-regalloc |
0, 1 ? |
PCSX2 seems to have this enabled by default. |
|
--cop2-inst-q |
0, 1 |
instant Q, no stalling on VWAITQ, or instances of Q. |
|
--cop2-inst-p |
0, 1 |
instant P, no stalling on VWAITP, or instances of P. |
|
--cop2-use-rcp |
0, 1 |
use sse rcp |
|
--cop2-use-rsqrt |
0, 1 |
use sse rsqrt |
--cop2-use-rsqrt=0
|
--cop2-clamp-operands |
0, 1 |
Improves COP2 clamping |
--cop2-clamp-operands=1
|
--cop2-clamp-results |
0, 1 |
Improves COP2 clamping |
--cop2-clamp-results=1
|
CDVD
Commands for changing the nature of CDVD emulation.
Command |
Values |
Notes |
Usage
|
|
Game fixes |
|
|
--cdvd-sector-read-cycles |
0.1 = Fastest,
80000 = Slowest |
Set DVD reading speed, higher values are slower,
lower values are faster, Kinetica uses 40000,
Psychonauts 4000, Red dead revolver 5000, Rise of kasai 31000,
some games require moderate speed, too slow or too fast could cause audio problems. |
--cdvd-sector-read-cycles=40000
|
--cdvd-sector-seek-cycles |
0.1 = Fastest,
80000 = Slowest |
Set the speed at which the emulated CDVD spins, higher values are slower,
lower values are faster, fixes boot-up sometimes. More info here [2]. |
--cdvd-sector-seek-cycles=1
|
|
Misc |
|
|
--max-disc-num |
1-5 |
Numbers of discs in package (maximum=5) |
--max-disc-num=1
|
--boot-disc-id |
1-5 |
Sets boot disc for multi-disc pkg |
--boot-disc-id=0
|
--switch-disc-reset |
1 = Enables resetting the game upon disc swap
0 = Disables resetting the game upon disc swap |
0 Can be used to prevent Resetting the game when switching multiple discs, useful for games like Samurai warriors 2 that have Import data Feature, Sadly this command isn't supported by many emulators, but jakv2 is confirmed to support it |
--switch-disc-reset=1
|
--cdvd-determinism |
0, 1 |
(?) |
--cdvd-determinism=1
|
--verbose-cdvd-reads |
0, 1 |
Seems to slightly improve reading speed when enabled (?) |
--verbose-cdvd-reads=1
|
IOP
The emulated I/O Processor (IOP) settings, Commands here are rarely useful, since the ps4 emulates it very accurately, very few games will require these options. the iop controls the emulated DEV9, SPU2, USB, Memory cards, CDVD, Firewire, along with other input/output Devices
Command |
Values |
Notes |
Usage
|
|
Game fixes |
|
|
--iop-cycle-scalar |
[Overclocking]
(0.99 => 0.1)
[Underclocking]
(1.1 => 5.0) |
Not a Speedhack, when you lower it below 1.0 the iop is overclocked, when you increase it above 1.0 the iop is underclocked. the only thing you will notice from this is faster/slower loading speed |
--iop-cycle-scalar=1.0
|
--iop-const-folding |
None,Gpr,All |
IOP constant folding More info |
--iop-const-folding=All
|
--iop-tight-slice-count |
0, 2000 |
Seems to slow down the iop the higher the value, Can be used in games such as the godfather or gran turismo 4 to solve stuttering fmvs due to very fast iop cycles |
--iop-tight-slice-count=12
|
--iop-hook |
AdvanceClock, FastForwardClock |
IOP native hook, Sony uses it on their official release of Red dead revolver |
--iop-hook=0x0086ac,FastForwardClock
|
--iop-block-validation |
IsC, ShortHash, Hash |
Way of validating that block been modified, and require recompilation, other Possible values include PageProt, None, PageProtection |
--iop-block-validation=IsC
|
|
Other |
|
|
--iop-validate-kernel |
0, 1 |
|
|
--iop-shorthash-len |
inst_count/integer |
Length of shorthash in instruction/opcode count. Require --iop-block-validation=ShortHash |
|
--iop-pc-coherency |
0, 1 |
|
|
--iop-inst-marking |
0, 1? |
|
|
--detect-idle-iop |
0, 1 |
enabled by default. |
--detect-idle-iop=0
|
--iop-jit-disasm |
|
|
|
--iop-evt-check-full |
0, 1 ? |
|
|
SIF
The SIF is how the EE and IOP communicate with each other. SIF has some mailbox hardware registers that the CPUs can use to pass values to each other, which happens during SIF initialization. However, once both sides have booted, they use the SIF0 (IOP->EE) and SIF1 (EE->IOP) DMA channels to communicate. Despite common belief, these commands have no effect on performance, and are rarely ever useful.
Command |
Values |
Notes |
Usage
|
|
|
SIF1 (IOP) |
|
--iop-sif1-cycle-scalar |
[Overclocking]
(0.99 => 0.1)
[Underclocking]
(1.1 => ∞ ) |
It controls how much data the IOP receives from the EE |
--iop-sif1-cycle-scalar=0.1
|
--ee-sif1-cycle-scalar |
[Overclocking]
(0.99 => 0.1)
[Underclocking]
(1.1 => ∞ ) |
It controls how much data the EE sends to the IOP |
--ee-sif1-cycle-scalar=0.1
|
|
|
SIF0 (EE) |
|
--iop-sif0-cycle-scalar |
[Overclocking]
(0.99 => 0.1)
[Underclocking]
(1.1 => ∞ ) |
It controls how much data the IOP sends to the EE |
--iop-sif0-cycle-scalar=0.1
|
--ee-sif0-cycle-scalar |
[Overclocking]
(0.99 => 0.1)
[Underclocking]
(1.1 => ∞ ) |
It controls how much data the EE receives from the IOP |
--ee-sif0-cycle-scalar=0.1
|
Misc
Command |
Values |
Notes |
Usage
|
--idec-cycles-per-qwc |
int/multiplier |
Likely related to the ipu |
--idec-cycles-per-qwc=768
|
--mfifo-manual-drain |
0.1/5.0 |
A command for changing the functionality of --ee-hook=0x0,Mfifodrain |
--mfifo-manual-drain=0.30
|
--mfifo-chunk-drain-cycles |
1/400000 |
A command for changing the functionality of --ee-hook=0x0,Mfifodrain |
--mfifo-chunk-drain-cycles=210000
|
--pcr0-delta-hack |
0.1 , 400000 |
|
--pcr0-delta-hack=1
|
--jitproc-use-aslr |
|
|
|
--detect-idle-intc |
0, 1 |
enabled by default, set to 0 in order to disable it |
--detect-idle-intc=0
|
--detect-idle-chcr |
0, 1 |
enabled by default, set to 0 in order to disable it |
--detect-idle-chcr=0
|
--rom |
location of the bios that's inside of the fpkg |
Could allow to use custom bios, though still not working |
--rom="PS20220WD20050620.crack" or --rom="/roms/PS20220WD20050620.crack"
|
PCSX2's gameindex
Current Gameindex.yaml
Old Gameindex.yaml files in case these settings get deleted from PCSX2
This list includes the gameindex's equivalent commands in the ps4.
These commands are fully tested. there's no need to edit them
PCSX2 |
PS4 |
Notes
|
XGKickHack |
--vu-xgkick-delay=0 |
Limit is between
(0 => 31)
|
VuAddSubHack |
--vu-hack-triace=1 |
Required for every single game developed by TriAce
|
vuClampMode: 2 |
--vu1-no-clamping=0
--vu0-no-clamping=0
--cop2-no-clamping=0 |
|
vuClampMode: 3 |
--vu1-no-clamping=1
--vu0-no-clamping=1
--cop2-no-clamping=1
|
|
vu0ClampMode: 2 |
--vu0-no-clamping=0
--cop2-no-clamping=0 |
|
vu0ClampMode: 3 |
--vu0-no-clamping=1
--cop2-no-clamping=1
|
|
vu1ClampMode: 2 |
--vu1-no-clamping=0 |
|
vu1ClampMode: 3 |
--vu1-no-clamping=1
|
|
eeClampMode: 2 |
--fpu-no-clamping=0 |
|
eeClampMode: 3 |
--fpu-no-clamping=1
|
|
FpuNegDivHack & FpuMulHack |
--fpu-accurate-muldiv=1 |
it'll have an impact on performance,
therefore it's recommended to use "--fpu-accurate-mul-fast=1" along with it.
|
cpuCLUTRender: 1 |
--gs-uv-shift-pointsampling=1 |
|
MTVUSpeedHack: 0 |
--vu1=jit-sync |
|
IbitHack |
--vu1-di-bits=0
--vu1-const-prop=1 |
Note: this emulator has this hack enabled by default
for all games and emulators, these 2 commands are only provided to
assist games that need that hack with performance and is not the equivalent of this hack.
|
roundSprite: 1 |
--gs-use-clut-merge=1 |
Note: Works very similar but not the equivalent
|
mergeSprite: 1 |
--gs-kernel-cl-up="up2x2simple" |
Note: Works very similar but not the equivalent
|
cpuSpriteRenderBW: 4 |
--gs-opt-frbuff-switch=1 |
Note: Works very similar to it, But it's not exactly the same
|
mipmap: 1 |
--gs-use-mipmap=1 |
|
autoFlush: 1 |
--gs-flush-ad-xyz=safe |
Possible values include
always, safe, off, 0
|
VIF1StallHack |
--vif1-instant-xfer=0 |
if that doesn't work you can always use
the lua command eeObj.SchedulerDelayEvent("vif1.dma", 0x9000)
|
VIFFIFOHack |
--vif1-ignore-cmd-ints=1 |
|
wildArmsHack: 1 |
--gs-kernel-cl-up="DarkCloud2" |
|
deinterlace: |
--force-frame-blend=1 |
|
Emulators
Every emulator is programmed in a different way, and sometimes choosing the right emulator is the only possible way to fix a game. Emulators are not provided pre-installed on your PS4, they have to be unpacked from your PS2 Classics backup. This list includes the typical usage of some of the emulators.
Emulator name |
Typical usage |
API Version |
Similar emulators
|
|
2017 |
|
|
Jak and Daxter: The Precursor Legacy |
Good compatibility with most ps2 games, and it has a very high api version which means more LUA commands are supported. often referred to as "Jak v2" |
2.2 |
JakX, Jak 2, Jak 3, Parappa.
|
Art of Fighting Anthology |
It functions similarly to RECVX and was successful in fixing "Coraline." often referred to as "AOFA" |
|
|
Resident Evil – Code: Veronica |
Fixes Games like Jackie chan Adventures, Pac-man World 3, Yu-Gi-Oh: Capsule monsters freezing at the splash screen likely due to the way it emulates VU1. often referred to as "RECVX" |
1.7 |
Fatal Fury, Redfaction, AOFA.
|
|
2016 |
|
|
Redfaction |
It is prominently used to fix games that are VU1 sensitive. It was used to fix Tony Hawk games suddenly crashing. |
1.6 |
Max payne
|
Forbidden
siren |
The only emulator that was able fix Ice age 2 being stuck at splash screen by using it in conjunction with Kozarovv's patch. It also fixed Gran turismo 4 running EXTREMELY slow. |
0.1 |
|
King of fighters 2000 |
Fixes graphical issues and sps in games such as Crash Twinsanity, and prevents Koei tecmo games from suddenly freezing when battle starts. often referred to as "KOF2000" |
1.2 |
Roguev1 and KOF98
|
Destroy All Humans! |
Partially fixed Tenchu: Fatal Shadows |
|
|
Rise of the Kasai |
Fixed most of the Harry potter games. often referred to as "rotk" |
|
|
|
2015 |
|
|
War of the monsters v1 |
Probably the most GS/GIF accurate emulator we have on the PS4(?), Fixed Enter the Matrix crashing with upscaling on, and fixed Devil may cry 2 characters having missing faces, fixed Tekken 5 having graphical corruptions in some levels, Fixed the bard's tale crashing, it also happens to be the default emulator for PS2ClassicsGUI |
0.1 |
|
GTA 3 |
Fixed the pal Version of Genji: Dawn of the Samurai |
|
|
Parappa 2 |
The only emulator that was able to Boot Spyro: A Hero's Tail |
|
|
Star Wars Racer Revenge |
Seems to be the most similar emulator to the ps3. useful for debugging games as it also shows useful information such as pagefault |
0.1 |
|
XXXX-YYYYY_config.lua
It is the most powerful Configuration on the emulator, it Allows direct patching of EE/IOP/VU memory, hooks registers, hook dma, almost Everything can be done here.
If needed it can hook registers by using register names from alias files. Alias files (ee-cpr0-alias.lua, ee-gpr-alias.lua, ee-hwaddr.lua) are stored in lua_include folder, and can be included to config by using require ( "alias file name" ).
Known functions:
Require cleanup.
ApiRequest
The foundation of the lua. The lua will cause the game to crash if it is not present.
Command |
Usage |
Notes
|
apiRequest |
apiRequest(0.1) |
apiRequest(<api version>)
Different emu versions support different highest api.
Calling api is mandatory. some commands require higher version. Highest known version is 2.3 api from JAK 2,3,X game emulator.
|
(Emulator) EmuObject
Commands for the emulator
Command |
Usage |
Notes
|
|
Object calling class |
|
getEmuObject |
local emuObj = getEmuObject() |
Required for all functions using emuObj, that include: LoadConfig SaveConfig GetPad AddVsyncHook
RemoveVsyncHook AddEntryPointHook RemoveEntryPointHook
AddLoginHook RemoveLoginHook AddLogoutHook RemoveLogoutHook
CheckEntitlement AddImageHook AddGifTagHook SwapMemCard
SetFormattedCard OpenDiscTray CloseDiscTray SwitchDisc
EnableImposeMenu GetDiscId GetDiscTitleId
AddSectorReadHook AddMCWriteHook ShowDiscSwitchInfo GetPs4SystemLang SetPs2Lang
ThrottleNorm ThrottleFast ThrottleMax AddAssertionHook
SetGsTitleFix SetDeinterlace SetDisplayAspectWide SetDisplayAspectNormal
ForceRefreshRate LoadFsShader SetDisplaySafeArea PadSetLightBar
AddPadHook PadPressureStickRemap SetVolumes GetVolumes
SetAudioRoute GetAudioRoute AddSnapshotLoadedHook
RemoveSnapshotLoadedHook IsNeoMode IsToolingVerbose emuMediaPatch
|
|
Hooks |
|
AddVsyncHook |
emuObj.AddVsyncHook(<task to be done every vsync>) |
emuObj.AddVsyncHook(my_function)
my_function can be anything, from simple patches, to extensive hook.
Example usage can be found in SLUS-21550 features file. some games are not compatible with it and will crash upon startup.
|
RemoveVsyncHook |
emuObj.RemoveVsyncHook(<previously added task to be removed>) |
emuObj.RemoveVsyncHook(my_function)
|
AddEntryPointHook |
emuObj.AddEntryPointHook(<task>) |
Task to be done at ps2 game main elf entry point (right where game is loaded).
|
RemoveEntryPointHook |
|
|
AddLoginHook |
|
|
RemoveLoginHook |
|
|
AddLogoutHook |
|
|
RemoveLogoutHook |
|
|
AddImageHook |
|
|
AddGifTagHook |
|
|
AddSectorReadHook |
emuObj.AddSectorReadHook(<sector, unk, task>) |
Hook to do task when disc image sector is read. Not all values are known (ex. emuObj.AddSectorReadHook(776480, 32, <task/function>) )
|
AddMCWriteHook |
emuObj.AddMCWriteHook() |
|
AddAssertionHook |
emuObj.AddAssertionHook() |
|
AddSnapshotLoadedHook |
|
|
RemoveSnapshotLoadedHook |
|
|
AddPadHook |
emuObj.AddPadHook() |
|
|
Audio |
|
SetVolumes |
emuObj.SetVolumes('global', 'main', 'bgm') |
Set volume, usually setting global is enough. Example: emuObj.SetVolumes(0.31, 1.0, 1.0) values, in floats 1.0 = 100%
|
GetVolumes |
emuObj.GetVolumes() |
Return current volume levels for ('global', 'main', 'bgm') in floating point values.
|
SetAudioRoute |
|
|
GetAudioRoute |
|
|
|
Game loading speed |
|
ThrottleNorm |
emuObj.ThrottleNorm() |
Enable default framelimiter (50/60 fps depend on region).
|
ThrottleFast |
emuObj.ThrottleFast() |
Faster than default, but exact value is unknown.
|
ThrottleMax |
emuObj.ThrottleMax() |
Disable framelimiter During loading screens, This setting can sometimes be harmful when used globally in config files. Loading times are faster, but the game also runs faster than it should when the PS4 has enough free cpu power.
|
|
CDVD |
|
OpenDiscTray |
|
|
CloseDiscTray |
|
|
SwitchDisc |
emuObj.SwitchDisc(<disc ID>) |
ID can be provided as is, or for example read from memory or register when needed.
|
GetDiscId |
emuObj.GetDiscId() |
Return DiscId in XXXX_YYY.ZZ format
|
GetDiscTitleId |
|
|
ShowDiscSwitchInfo |
emuObj.ShowDiscSwitchInfo() |
|
|
Other |
|
EnableImposeMenu |
emuObj.EnableImposeMenu(<true/false>) |
EnableImposeMenu(false)
|
LoadConfig |
|
|
SaveConfig |
|
|
GetPad |
emuObj.GetPad(<gamepad button by bits>) |
example usage for reading input:
local CheckInputs = function()
local pad_bits = emuObj.GetPad()
local UP = pad_bits & 0x0010
local DOWN = pad_bits & 0x0040
local LEFT = pad_bits & 0x0080
local RIGHT = pad_bits & 0x0020
local Triangle = pad_bits & 0x1000
local Cross = pad_bits & 0x4000
local Square = pad_bits & 0x8000
local Circle = pad_bits & 0x2000
local L1 = pad_bits & 0x0400
local L2 = pad_bits & 0x0100
local L3 = pad_bits & 0x0002
local R1 = pad_bits & 0x0800
local R2 = pad_bits & 0x0200
local R3 = pad_bits & 0x0004
local Select = pad_bits & 0x0001
local Start = pad_bits & 0x0008
if (L2 ~= 0) then
<here function that should be done when L2 is pushed>
end
end
emuObj.AddVsyncHook(CheckInputs) <to trigger check at every vsync>
|
SwapMemCard |
|
|
SetFormattedCard |
emuObj.SetFormattedCard(<"file name">) |
emuObj.SetFormattedCard("custom_formatted.card")
Allow to use custom memory card.
|
GetPs4SystemLang |
emuObj.GetPs4SystemLang() |
Return PS4 system language (in unknown format).
|
SetPs2Lang |
emuObj.SetPs2Lang(<Lang ID>) |
Set emulated PS2 language, correct Lang IDs are 0-18, Strangely, Some Games can Crash if their Specific Language is not selected
0 - japanese
1 - english
2 - french
3 - spanish
4 - german
5 - italian
6 - dutch
7 - portuguese
8 - russian
9 - korean
10 - traditonal-chinese
11 - simplified-chinese
12 - finnish
13 - swedish
14 - danish
15 - norwegian
16 - polish
17 - portuguese-brazil
18 - english-uk
|
PadSetLightBar |
emuObj.PadSetLightBar(<port, red, green, blue>) |
Set DS4 light bar color. Correct port values are 0-3, correct light values are 0-255.
|
PadPressureStickRemap |
emuObj.PadPressureStickRemap() |
|
IsNeoMode |
emuObj.IsNeoMode() |
Check that PS4 run in NEO (PRO) mode. Return 1/0
|
IsToolingVerbose |
|
|
CheckEntitlement |
|
|
emuMediaPatch |
emuMediaPatch(disc sector, 12/24 + offset, { original data }, { replace data }) |
Replace 4 bytes from loaded iso file. For unknown reason we always need to add 12 to real offset for DVD game, and 24 for CD game.
|
|
GS related |
|
CountFrameOnPS2 |
emuObj.CountFrameOnPS2() |
updates FRAPS/Actual FPS reading in olympus
|
SetGsTitleFix |
emuObj.SetGsTitleFix() |
More info
|
SetDisplayAspectWide |
emuObj.SetDisplayAspectWide() |
Force display area to 16:9 (If game not support widescreen, it will be stretched).
|
SetDisplayAspectNormal |
emuObj.SetDisplayAspectNormal() |
Force display area to 4:3.
|
ForceRefreshRate |
emuObj.ForceRefreshRate(<hz>) |
emuObj.ForceRefreshRate(50) correct values are 0, 50, 60 where 0 = default.
|
LoadFsShader |
emuObj.LoadFsShader(<slot?>, "<path>") |
Shaders must be loaded right after GS has been initialized.
Example:
Global_InitGpuResources = function()
emuObj.LoadFsShader(1, "./shader.sb")
end
That only load Fragment Shader to program memory, to use it we need BindFragmentShader,
and if depend on shader SetShaderParams.
|
SetDisplaySafeArea |
|
|
(EE) EEObject
Commands for the emulated Emotion Engine
Command |
Usage |
Notes
|
|
Object calling class |
|
getEEObject |
local eeObj = getEEObject() |
Required for all functions using eeObj
|
|
Memory editing |
|
ReplaceMem64 |
eeObj.ReplaceMem64(<address>, <value>) |
|
ReplaceMem32 |
eeObj.ReplaceMem32(<address>, <value>) |
Permanently replace an offset without needing addvsynchook
|
ReplaceMem16 |
eeObj.ReplaceMem16(<address>, <value>) |
|
ReplaceMem8 |
eeObj.ReplaceMem8(<address>, <value>) |
|
ReadMemFloat |
eeObj.ReadMemFloat(<address>) |
eeObj.ReadMemFloat(0x258c3c)
|
WriteMemFloat |
eeObj.WriteMemFloat(<address>, <value>) |
eeObj.WriteMemFloat(0x365364, 1.3333333)
|
ReadMem128 |
eeObj.ReadMem128(<ee memory offset>) |
Read 16 bytes from offset, examples: eeObj.ReadMem128(0x100198)
|
ReadMemFloat128 |
eeObj.ReadMemFloat128(<ee memory offset>) |
return 16 bytes from offset in float form
|
WriteMem128 |
|
|
WriteMemFloat128 |
|
|
ReadMem64 |
eeObj.ReadMem64(<ee memory offset>) |
Read 8 bytes from offset, examples: eeObj.ReadMem64(0x100198)
|
WriteMem64 |
eeObj.WriteMem64(<ee memory offset>, <data>) |
|
ReadMem32 |
eeObj.ReadMem32(<ee memory offset>) |
Read 4 bytes from offset, examples: eeObj.ReadMem32(0x100198)
eeObj.ReadMem32(gp - 31348)
|
WriteMem32 |
eeObj.WriteMem32(<ee memory offset>, <data>) |
Write 4 bytes to offset, example: eeObj.WriteMem32(0x2c89ac, 0x001b70f0)
|
ReadMem16 |
eeObj.ReadMem16(<ee memory offset>) |
Read 2 bytes from offset, example: eeObj.ReadMem16(0x100198)
|
WriteMem16 |
eeObj.WriteMem16(<ee memory offset>, <data>) |
Write 2 bytes to offset, example: eeObj.WriteMem16(0x2c89ac, 0x70f0)
|
ReadMem8 |
eeObj.ReadMem8(<ee memory offset>) |
Read 1 byte from offset, example: eeObj.ReadMem8(0x100198)
|
WriteMem8 |
eeObj.WriteMem8(<ee memory offset>, <data>) |
Write 1 byte to offset, example: eeObj.WriteMem8(0x2c89ac, 0xf0)
|
ReadMemStr |
eeObj.ReadMemStr(address/register) |
Read string from address until null terminator
|
WriteMemStr |
eeObj.WriteMemStr(address, string) |
|
WriteMemStrZ |
|
eeObj.WriteMemStrZ(string pointer, string) . Pointer can be read from GPR
|
|
GPR require (Necessary for register related commands) |
|
|
local gpr = require( "ee-gpr-alias" )
|
GetGpr64 |
eeObj.GetGPR64(<gpr register>) |
example: eeObj.GetGPR64(t3)
|
SetGpr64 |
|
|
GetGprFloat |
|
Get gpr value as float value
|
SetGprFloat |
|
Set gpr value as float value
|
GetGpr |
eeObj.GetGPR(<gpr register>) |
eeObj.GetGPR(t3)
|
SetGpr |
eeObj.SetGPR(<gpr register> ,<value>) |
example: eeObj.SetGPR(gpr.a3 ,1)
Require defined getEEObject() as eeObj
|
GetFprHex |
eeObj.GetFprHex(<FPU register (0-31)>) |
Get/return floating point register value as hex string
|
SetFprHex |
eeObj.SetFprHex(<FPU register (0-31), value (u32)>) |
Set floating point register value as hex string
|
GetFpr |
eeObj.GetFpr(<register number>) |
example eeObj.GetFpr(14)
|
SetFpr |
eeObj.SetFpr(<fpr register number>, <value>) |
Simple example eeObj.SetFpr(14, 50.0) will set frp 14 to 50.0
But we can also combine commands to add/sub from registers
eeObj.SetFpr(14, eeObj.GetFpr(14) + 50.0) this will add 50.0 to current fpr 14 value
|
GetPc |
eeObj.GetPc() |
This command is very helpful as it will return to you the current EE address that's being read. can be used also with additional var. like eeObj.GetPc()+4
|
SetPc |
eeObj.SetPC(<PC>) |
eeObj.SetPC(0x266B80)
|
GetCPR0 |
eeObj.GetCPR0(<COP0 register>) |
|
SetCPR0 |
eeObj.SetCPR0(<COP0 register>) |
|
|
Hooks |
|
AddHook |
eeObj.AddHook(<ee offset>, <original opcode>, <definied hook name>) |
example: local W1 =
function()
emuObj.SetDisplayAspectNormal()
end
local ws1 = eeObj.AddHook(0x1c9840, 0xaf808c78, W1)
|
RemoveHook |
|
|
AddPreHook |
|
|
AddPostHook |
|
|
RemovePreHook |
|
|
RemovePostHook |
|
|
AddJitResetHook |
|
|
RemoveJitResetHook |
|
|
AddHookJT |
eeObj.AddHookJT(Offset, offset opcode, ???) |
Seems to somehow be related to gpr registers
|
|
Dma |
|
DmaAddHook |
eeobj.DmaAddHook(channel=%d key=%x) |
Possible Dma channel numbers (?)
GIF = 0 VIF0 = 1
VIF1 = 2 SIF0 = 4
SIF1 = 5 IPU0 = 6
IPU1 = 7
Possible values for hooks
DmaTransfer [VIF0/VIF1], RaiseIntc [VIF0/VIF1], NormalTransfer [SIF0/SIF1].
|
DmaRemoveHook |
|
|
|
Speedhacks |
|
FastForwardClock |
eeObj.FastForwardClock() |
Skip Emotion engine Cycles
|
AdvanceClock |
eeObj.AdvanceClock() |
it is still unknown how to use this command, check Psychonauts lua for more details.
|
GetClock |
eeObj.GetClock() |
Returns the value of how many cycles the ee is ahead of normal clock (?)
|
Vu1MpgCycles |
eeObj.Vu1MpgCycles(<cycles>) |
Works just like the cli command --vu1-mpg-cycles=
|
|
Other |
|
CallPredicate
|
SchedulerDelayEvent |
eeObj.SchedulerDelayEvent("event", cycles) |
Parrapa use eeObj.SchedulerDelayEvent("vif1.dma", 0x6500) other events are gif.dma, vif0.dma, vif1.dma, sif0.dma, Sif0-NormalTransfer, sif1.dma, Sif1-NormalTransfer, ipu0.dma, ipu1.dma . This command allow to delay certain DMA transfer by cycles.
|
WaitVu1 |
eeObj.WaitVu1() |
Likely to be the lua equivalent of "--vu1=jit-sync".
|
GetPcRingBuffer |
|
|
Precompile |
|
Requires unknown values
|
CalcInsnHash |
|
|
getOverlayObject |
eeObj.getOverlayObject() |
local eeOverlay = eeObj.getOverlayObject()
|
GetVif1Cycles |
eeObj.GetVif1Cycles() |
local vif1_cycles = eeObj.GetVif1Cycles() create vif_cycles value that can be used later, you can rename it as you wish.
|
(IOP) IOPObject
Commands for the emulated input-output processor
Command |
Usage |
Notes
|
|
Object calling class |
|
getIOPObject |
local iopObj = getIOPObject() |
Required for all functions using iopObj, that include: ReplaceMem64 ReplaceMem32 ReplaceMem16 ReplaceMem8 ReadMemFloat
WriteMemFloat WriteMem64 WriteMem32 WriteMem16 WriteMem8
ReadMemStr AddHook RemoveHook GetGpr SetGpr GetPc SetPc
GetCPR0 SetCPR0
|
|
Memory editing |
|
ReplaceMem64 |
iopObj.ReplaceMem64(<address>, <value>) |
|
ReplaceMem32 |
iopObj.ReplaceMem32(<address>, <value>) |
|
ReplaceMem16 |
iopObj.ReplaceMem16(<address>, <value>) |
|
ReplaceMem8 |
iopObj.ReplaceMem8(<address>, <value>) |
|
ReadMemFloat |
iopObj.ReadMemFloat(<address>) |
iopObj.ReadMemFloat(0x28c3c)
|
WriteMemFloat |
iopObj.WriteMemFloat(<address>, <value>) |
iopObj.WriteMemFloat(0x65364, 1.3333333)
|
ReadMem128 |
iopObj.ReadMem128(<iop memory offset>) |
|
WriteMem128 |
iopObj.WriteMem128(<iop memory offset>, <value>) |
|
ReadMemFloat128 |
iopObj.ReadMemFloat128(<iop memory offset>) |
|
WriteMemFloat128 |
iopObj.WriteMemFloat128(<iop memory offset>, <value>) |
|
ReadMem64 |
iopObj.ReadMem64(<iop memory offset>) |
Read 8 Bytes From offset
|
WriteMem64 |
iopObj.WriteMem64(<iop memory offset>, <data>) |
Write 8 Bytes From offset
|
ReadMem32 |
iopObj.ReadMem32(<iop memory offset>) |
Read 4 bytes from offset, examples: iopObj.ReadMem32(0x1198)
iopObj.ReadMem32(gp - 348)
|
WriteMem32 |
iopObj.WriteMem32(<iop memory offset>, <data>) |
Write 4 bytes to offset, example: iopObj.WriteMem32(0x89ac, 0x001b70f0)
|
ReadMem16 |
iopObj.ReadMem16(<iop memory offset>) |
Read 2 bytes from offset, example: iopObj.ReadMem16(0x1198)
|
WriteMem16 |
iopObj.WriteMem16(<iop memory offset>, <data>) |
Write 2 bytes to offset, example: iopObj.WriteMem16(0x89ac, 0x70f0)
|
ReadMem8 |
iopObj.ReadMem8(<iop memory offset>) |
Read 1 byte from offset, example: iopObj.ReadMem8(0x1198)
|
WriteMem8 |
iopObj.WriteMem8(<iop memory offset>, <data>) |
Write 1 byte to offset, example: iopObj.WriteMem8(0x89ac, 0xf0)
|
ReadMemStr |
|
|
GetGpr |
iopObj.GetGPR(<gpr register>) |
iopObj.GetGPR(a1)
|
SetGpr |
iopObj.SetGPR(<gpr register> ,<value>) |
example: iopObj.SetGPR(gpr.v0 ,3)
|
GetPc |
iopObj.GetPc() |
can be used also with additional var. like iopObj.GetPc()+8
|
SetPc |
iopObj.SetPC(<PC>) |
iopObj.SetPC(0x6B80)
|
GetCPR0 |
iopObj.GetCPR0(<COP0 register>) |
|
SetCPR0 |
iopObj.SetCPR0(<COP0 register>) |
|
|
Clock speed |
|
FastForwardClock |
iopObj.FastForwardClock() |
|
AdvanceClock |
iopObj.AdvanceClock() |
|
GetClock |
iopObj.GetClock() |
Returns the value of how many cycles the iop is ahead of normal clock (?)
|
|
Hooks |
|
AddHook |
iopObj.AddHook() |
|
RemoveHook |
iopObj.RemoveHook() |
|
(GS) GsObject
Commands for the emulated Graphics synthesizer
Command |
Usage |
Notes
|
|
Object calling class |
|
getGsObject |
local gsObj = getGsObject() |
|
|
Graphical fixes / Improvement |
|
SetL2HMode |
gsObj.SetL2HMode() |
|
SetUprenderMode |
gsObj.SetUprenderMode(1) |
Set uprender mode. Overrides CLI, 0=none, 1=2x2
|
SetUpscaleMode |
gsObj.SetUpscaleMode() |
|
GetFramesInQueue |
gsObj.GetFramesInQueue() |
Returns the value of the frames that are still in queue
|
SetFrameSkipping |
gsObj.SetFrameSkipping(true) |
false and true are the values.
|
SetDeinterlaceShift |
gsObj.SetDeinterlaceShift(0) |
The values are 1 and 0, Enable or disable interlacing, requires emulators with high api
|
Does not require Object calling or Uknown
Command |
Usage |
Notes
|
eeInsnReplace |
eeInsnReplace(EE memory offset, Original opcode (BE), Replace opcode (BE)) |
Replace 4 bytes opcode in ee memory, correct memory range is 0x0 to 0x1FFFFFFF
|
vuInsnReplace |
vuInsnReplace(vu 0/1, vu memory offset divided by 8, (original opcode<<32) | original opcode, (replace opcode<<32) | replace opcode) |
Replace 2 x 4 bytes in VU memory, correct memory range depend on selected VU, left shift by 32 is used for VU lower opcodes. Command will fail if size is above 254. example:
vuInsnReplace(0, 0x167, (0x000002ff << 32) | 0x520507ff,(0x000002ff << 32) | 0x8000033c)
Replace 64 bits of VU0 at offset 0xB38
|
iopInsnReplace |
iopInsnReplace(IOP memory offset, Original opcode, opcode replacement) |
Replace 4 bytes in iop memory, correct memory range is 0x0 to 0x1FFFFF, iopInsnReplace(0x1FFFFF, 0x0, 0x0803fff0)
|
eeNativeFunction |
eeNativeFunction(<ee offset>, <original opcode>, <function>) |
eeNativeFunction(0x11fa9c, 0x0080402d, 'memcpy')
Different emulators can have different functions included, vide SO3. Require api 1.4 or higher.
But functions from this list should be available in every emu:
ieee754_acosf ieee754_asinf ieee754_sqrtf
fabs cosf fabsf
sinf acosf asinf
sqrtf fptoui fptodp
litodp dptoli dptofp
memcpy memset strlen
|
eeNativeHook |
eeNativeHook(<ee ofset>, <original opcode>, <action>) |
eeNativeHook require apiRequest(1.4) or higher.
|
GsCustomShader |
|
|
Unlock |
|
|
IsUnlocked |
|
|
InsnOverlay |
InsnOverlay({<opcode, opcode, opcode...>}) |
example: InsnOverlay({
0x27bdfff0, -- addiu $sp, -0x10
0xffbf0000, -- sd $ra, 0(sp)
0xffb00008, -- sd $s0, 8(sp)
0x3c05000f, -- lui $a1, 0x000f
0x34a57000, -- ori $a1, 0x7000
0x0c0db8b6, -- jal Script::State::DoString
0x0080802d, -- move $s0, $a0
0x24050001, -- li $a1, 1
0x0c0dba4c, -- jal Script::State::IsNull(int)
0x0200202d, -- move $a0, $s0
0xdfb00008, -- ld $s0, 8(sp)
0xdfbf0000, -- ld $ra, 0(sp)
0x03e00008, -- jr ra
0x27bd0010 -- addiu $sp, 0x10
})
|
eeDebugBreak |
|
|
CsBindShader |
|
|
CsSetParamInt32 |
|
|
CsSetParamFloat |
|
|
CsResetContext |
|
|
CsPrintContext |
|
|
PsBindShader |
|
|
PsSetParamInt32 |
|
|
PsSetParamFloat |
|
|
PsResetContext |
|
|
PsPrintContext |
|
|
Note: eeObj, emuObj, gsObj, etc are described as required, this is not really true. You can set functions locals they use as whatever you want, but due to specify of that emulator it will be better to keep official naming used in official configs.
Other objects
Command |
Usage |
Notes
|
|
getGLSObject class |
|
getGLSObject |
|
|
Enable |
|
|
EnableServerRecording |
|
|
Pause |
|
|
|
getGsObject class |
|
|
getAudioObject class |
|
getAudioObject |
|
|
muteStreamingAll |
|
|
muteStreamingMain |
|
|
muteStreamingBGM |
|
|
|
getRemotePlayObject class |
|
getRemotePlayObject |
|
|
Enable |
|
|
|
getVideoRecordingObject class |
|
getVideoRecordingObject |
|
|
Enable |
|
|
|
getSharePlayObject class |
|
getSharePlayObject |
|
|
Enable |
|
|
|
getSpriteObject group |
|
getSpriteObject |
|
|
Enable |
|
|
Disable |
|
|
BindFragmentShader |
|
|
SetShaderParams |
|
Is not clear that params depend on shader, or are somehow hardcoded.
Example usage:
local sprite0 = getSpriteObject(0)
local scanlineParams = {
240.0, -- float scanlineCount
0.7, -- float scanlineHeight;
1.5, -- float scanlineBrightScale;
0.5, -- float scanlineAlpha;
0.5 -- float vignetteStrength;
}
sprite0.SetShaderParams(scanlineParams)
|
BindTexture |
|
|
SetPosXY |
|
|
SetSizeXY |
|
|
SetPosUV |
|
|
SetSizeUV |
|
|
PrintContext |
|
|
SetBlendColor |
sprite<X>.SetBlendColor(<R,G,B,A>) in floats, max val. 1.0 |
local sprite0 = getSpriteObject(0)
sprite0.SetBlendColor(1.0,1.0,1.0,1.0)
|
getTrophyObject |
local trophyObj = getTrophyObject() |
Required for all functions using trophyObj
|
getDmaObject |
local dmaObj = getDmaObject() |
Depreciated API - use EE:DmaAddHook / EE:DmaRemoveHook instead. Is not clear when it was depreciated, JAK emu don't use it.
|
getScreenShotObject |
|
|
Registers for hook
Registers defined in alias files.
GetGpr/SetGpr
gpr.zero gpr.at
gpr.v0 gpr.v1
gpr.a0 gpr.a1 gpr.a2 gpr.a3
gpr.t0 gpr.t1 gpr.t2 gpr.t3
gpr.t4 gpr.t5 gpr.t6 gpr.t7
gpr.s0 gpr.s1 gpr.s2 gpr.s3
gpr.s4 gpr.s5 gpr.s6 gpr.s7
gpr.t8 gpr.t9
gpr.k0 gpr.k1
gpr.gp gpr.sp gpr.fp gpr.ra
gpr.lo gpr.hi gpr.sa
example: eeObj.GetGpr(gpr.a1)
GetCPR0/SetCPR0
cpr.index cpr.pagemask
cpr.random cpr.wired
cpr.entrylo0 cpr.badvaddr
cpr.entrylo1 cpr.count
cpr.context cpr.entryhi
cpr.compare cpr.config cpr.taglo
cpr.status cpr.badpaddr cpr.taghi
cpr.cause cpr.hwbk cpr.errorepc
cpr.epc cpr.pccr
cpr.prid
example: eeObj.GetCPR0(cpr.status)
SetGsTitleFix
One of the most important commands in lua, allows to change the GS's behavior.
Part of EmuObject() class, used frequently in official configs.
Examples
-- fix vision logo (Wild Arms 3)
local thresholdArea = 0 -- ignore alls items : fix #112276
emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , { texType = 3, cbp = 0x2390, tbp = 0x288000} )
------------------------------------------------------------------------------------------------------
-- Ignore up-render shift for triangles when writing mask = write alpha only . Will fix shadows (bug# 6724).
emuObj.SetGsTitleFix( "ignoreUpShiftTri", "reserved" , { fbmask = 0x00FFFFFF } )
------------------------------------------------------------------------------------------------------
-- Performance fix ( bug# 9474 )
if 0 then -- emuObj.IsNeoMode() then -- neo mode check disabled, due to bug #10442
emuObj.SetGsTitleFix( "globalSet", "reserved", { workLoadThreshold = 125000} )
else
emuObj.SetGsTitleFix( "globalSet", "reserved", { workLoadThreshold = 100000} )
end
------------------------------------------------------------------------------------------------------
-- bug# 9972
emuObj.SetGsTitleFix( "ignoreSubBuffCov", "reserved", { } )
------------------------------------------------------------------------------------------------------
-- Bully bug 9392
-- Performace fix
local thresholdArea = 600
emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80000044 , zmsk=1 , tw=4, th=4 } )
------------------------------------------------------------------------------------------------------
-- Bug#9174 -
emuObj.SetGsTitleFix( "ignoreSubBuffCov", "reserved", { } )
------------------------------------------------------------------------------------------------------
-- Bug#9240 (Light maps uprender)
-- Copy z-buffer for future use with light maps. psm = SCE_GS_PSMZ24 (49)
emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {tw=9, th=9, psm=49, zmsk=1 } )
------------------------------------------------------------------------------------------------------
-- Apply light maps texMode=2 (bilinear) psm= SCE_GS_PSMCT32 (0)
emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {tw=8, th=8, psm=0, ztst=1, texMode=2 } )
------------------------------------------------------------------------------------------------------
-- Performace fix (bug #9785 )
emuObj.SetGsTitleFix( "globalSet", "reserved", { waveThreshold = 90000} )
emuObj.SetGsTitleFix( "ignoreAreaUpdate", 0, { } )
------------------------------------------------------------------------------------------------------
-- Accumulate fill area only when conditions are met
emuObj.SetGsTitleFix( "includeAreaUpdate", "reserved" , {alphaIsNot = 0, zmsk = 1, tw = 6, th = 6 , tbp = 0x00302000} )
emuObj.SetGsTitleFix( "ignoreUpRender", 130 , { totalArea= 700} )
------------------------------------------------------------------------------------------------------
-- Fix shadow
emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", { texMode=1 } )
------------------------------------------------------------------------------------------------------
-- Reduce flush count
emuObj.SetGsTitleFix( "SetSelfRender", "reserved", { fbmask= 0x00FFFFFF , renderSelf=1 , zmsk=1 , alpha=0 , texMode=1 } )
------------------------------------------------------------------------------------------------------
-- Disable post-processing
emuObj.SetGsTitleFix( "ignoreSprite", "reserved", { texType=1 , tw=5 , th=8, zmsk=1 , alpha=0x80000044 } )
------------------------------------------------------------------------------------------------------
-- Small triangle rejection. Works in conjunction with CLI setting gs-override-small-tri-area=1
-- keep default area for texture 256x256 ( no blend) (Anakin face)
emuObj.SetGsTitleFix( "setRejectionArea", 500,{twIsNot=8, thIsNot=8 } )
------------------------------------------------------------------------------------------------------
-- Set triangle rejection area= 1000 when alpha blend is not 0 ( i.e blend is On)
emuObj.SetGsTitleFix( "setRejectionArea", 1000, {alphaIsNot=0 } )
------------------------------------------------------------------------------------------------------
-- Performace fix
local thresholdArea = 600
emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80008068 , zmsk=1 } )
------------------------------------------------------------------------------------------------------
-- Performace fix
local thresholdArea = 700
emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80000044 , zmsk=1 } )
------------------------------------------------------------------------------------------------------
-- Disable uprender on the draw command which samples the framebuffer (0x3200) using bilinear sampling (texMode=2)
-- All lighting effects use TriFan prim type, so use that as well to filter against.
emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {prim=5, texMode=2, tbp=0x320000} )
Commands
Command |
Notes
|
globalSet |
used with workLoadThreshold or waveThreshold or loadThreshold
|
reserved |
|
forceBiLinear |
|
ignoreSubBuffCov |
ignore ? buffer coverage
|
trianglesAsParticles |
|
ignoreAreaUpdate |
|
SetSelfRender |
|
ignoreSprite |
|
clipScissors |
|
forcePoint |
|
forcePointSampling |
|
setRejectionArea |
|
ignoreUpRender |
Ignore uprender for texture type described in params
|
includeAreaUpdate |
|
forceSimpleFetch |
Used Frequently To Fix Graphical Corruptions, emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {psm=0} )
|
fetchFromCurrBuff |
emuObj.SetGsTitleFix( "fetchFromCurrBuff", "reserved", {psm=0} )
|
ignoreUpShiftTri |
emuObj.SetGsTitleFix( "ignoreUpShiftTri", "reserved", {psm=0} )
|
skipPacked |
|
changeAlpha |
|
ignoreUpRenderTimeout |
|
Arguments/variables
Argument |
Notes
|
alpha_mask |
|
alphaIsNot |
alpha - is not X
|
texMode |
1 - Point? , 2 - bilinear
|
twIsLess |
texture width - is less than X
|
thIsLess |
texture height - is less than X
|
twIsNot |
texture width - is not X
|
thIsNot |
texture width - is not X
|
psmIsNot |
texture pixel storage format - is not X
PSMCT32 = 0 PSMT4HL = 36
PSMCT24 = 1 PSMT4HH = 44
PSMCT16 = 2 PSMZ32 = 48
PSMCT16S = 10 PSMZ24 = 49
PSMT8 = 19 PSMZ16 = 50
PSMT4 = 20 PSMZ16S = 58
PSMT8H = 27
|
zmsk |
Z (depth) draw mask
update Z buffer = 0
don't update Z buffer = 1
When 1 depth test result will be ignored
|
tw |
texture width
|
th |
texture height
|
ztst |
Z (depht) test method
ZNOUSE = 0
ZALWAYS = 1
ZGEQUAL = 2
ZGREATER = 3
0 - All pixels fail
1 - All pixels pass
2 - Pass if Z grater or equal to Z buffer
3 - Pass if Z grater than Z buffer
|
mipIsGt |
mip level is grater than X (?)
|
mmin |
MMIN flag
NEAREST = 0
LINEAR = 1
NEAREST_MIPMAP_NEAREST = 2
NEAREST_MIPMAP_LINEAR = 3
LINEAR_MIPMAP_NEAREST = 4
LINEAR_MIPMAP_LINEAR = 5
|
prim |
GS primitive type
Point = 0
Line = 1
LineStrip = 2
Triangle = 3
TriangleStrip = 4
TriangleFan = 5
Sprite = 6
|
primIsNot |
GS primitive type - is not
Point = 0
Line = 1
LineStrip = 2
Triangle = 3
TriangleStrip = 4
TriangleFan = 5
Sprite = 6
|
fillArea |
|
frameW |
|
renderSelf |
|
hasClut |
|
alphaTest |
|
primTest |
|
workLoadThreshold |
|
alpha |
example: alpha=0x80000044
alpha=0
|
texType |
(1-3, more? )
|
tbp |
texture base pointer
|
cbp |
CLUT buffer base pointer
|
psm |
texture pixel storage format
PSMCT32 = 0 PSMT4HL = 36
PSMCT24 = 1 PSMT4HH = 44
PSMCT16 = 2 PSMZ32 = 48
PSMCT16S = 10 PSMZ24 = 49
PSMT8 = 19 PSMZ16 = 50
PSMT4 = 20 PSMZ16S = 58
PSMT8H = 27
|
mxl |
maximum mip level (0-6)
|
fbmask |
?
|
totalArea |
|
packedRegs |
|
packedRegsLo |
|
packedRegsHi |
|
packedRegsNum |
|
packedFlags |
|
packedPrim |
|
areaNumFrames |
|
waveThreshold |
|
loadThreshold |
|
fixSpriteDivTab |
|
Official examples
You can find the rest of them here
Canis Canem Edit
SLES 535.61
LUA
require( "ee-gpr-alias" ) -- you can access EE GPR by alias (gpr.a0 / gpr["a0"])
apiRequest(0.1)
-- EA sports cricket 07 bug 9392
-- Performance fix
local emuObj = getEmuObject()
local thresholdArea = 600
emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80000044 , zmsk=1 , tw=4, th=4 } )
Custom config.lua examples
Here is the first custom lua config created by the community:
apiRequest(0.1)
-- Fix black screen SLUS-20064
eeInsnReplace(0x1CF3CC, 0x4100ffff, 0x00000000) -- bc0f 0x1CF3CC to nop
This is very basic command to replace part of EE memory with other instruction.
- apiRequest(0.1) - Is required for every config. Used version depend on your original eboot highest supported api. 0.1 seems to be enough for basic patches like here. 2.3 is highest known for now.
- -- Fix black screen SLUS-20064 is comment
- eeInsnReplace(0x1CF3CC, 0x4100ffff, 0x00000000) is our true command here. We are replacing the value 0x4100FFFF to 0x00000000 at the offset of 0x1CF3CC . Like you can see we need to add what opcode is replaced. Not only patch, and memory offset.
- -- bc0f 0x1CF3CC to nop is just another comment, in this case explaining what is changed
Other custom configurations made by users can be found here
Converting cheats into a json
HOW TO CONVERT "PS2 RAW CHEATS" TO EMULATOR (jak) "PS4 GOLDHEN JSON CHEATS"...
Example:
FLATOUT 1, SLUS_209.01 (E0127F2D)
Cash inf
# fixed on 9,999,999
# DanAQ-ptbr: 20201025, 20201028, 20210316
208CA4FC 0098967F
THERE ARE 3 (three) STEPS...
1st) The values in PS2 are in "BIG ENDIAN" while in the emulator (jak v2) the
values are in "LOW ENDIAN" (inverted). Just invert the bytes being like this...
FLATOUT 1, SLUS_209.01 (E0127F2D)
Cash inf
# fixed on 9,999,999
# DanAQ-ptbr: 20201025, 20201028, 20210316
208CA4FC 7F969800
2nd) replace the first digit to 808. The "Cheat" above will look like this...
FLATOUT 1, SLUS_209.01 (E0127F2D)
Cash inf
# fixed on 9.999.999
# DanAQ-ptbr: 20201025, 20201028, 20210316
80808CA4FC 7F969800
3rd) Subtract 0x400000 from the memory address...
80808CA4FC
- 400000
____________
80804CA4FC
NOTE: WORKS ON GOLDHEN v2.2;
UNFORTUNATELY NEW GOLDHEN (v2.2.2) DOES NOT LIST THE CHEATS
(ignores SLES?????*.json and SLUS?????*.json, listing only CUSA?????*.json);
I STILL DON'T UNDERSTAND HOW THE "ON" AND "OFF" COMMANDS WORK IN JSON,
SOME GAMES ARE TURNING OFF THE "CHEAT".
ATTENTION TO THE TYPES OF BYTES ON PS2, EXAMPLE...
WORD (4 bytes) .. 2000XXXX 3F800000 (float value 1.00)
converts to -> 808000XXXX 0000803F (float value 1.00)
subtract 400000 -> 807FFCXXXX 0000803F (float value 1.00)
SHORT (2 bytes) .. 1000XXXX ????03E8 (int value 1,000)
convert to -> 808000XXXX E803 (int value 1,000)
subtract 400000 -> 807FFCXXXX E803 (int value 1,000)
BYTE (1 byte) .. 0000XXXX ??????63 (int value 99)
convert to -> 808000XXXX 63 (int value 99)
subtract 400000 -> 807FFCXXXX 63 (int value 99)
?? = unused bytes
................................................................................
GOLDHEN JSON FINAL CHEATS (SLUS20901_01.00.json)...
{
"name":"FlatOut 1",
"id":"SLUS20901",
"version":"01.00",
"process":"eboot.bin",
"mods":
[
{
"name":"Cash inf",
"type":"checkbox",
"memory":
[
{
"offset":"80804CA4FC",
"on":"7F969800",
"off":"7E969800"
}
]
}
],
"credits":
[
"DanAQ-ptbr: 20201025, 20201028, 20210316, 20220404"
]
}
DanAQ-ptbr: 20220414
Memory Mapping
Name |
From |
To
|
EE Flat Memory (4gb) |
0x0000008000000000 |
0x0000008100000000
|
IOP Flat Memory (4gb) |
0x0000009000000000 |
0x0000009100000000
|
R59 Binary Cache |
0x0000000914B10000 |
0x0000000916B10000
|
R30 Binary Cache |
0x0000000916B14000 |
0x0000000917314000
|
jitVU0 |
0x0000000917318000 |
0x0000000917B18000
|
jitVU1 |
0x0000000917B1C000 |
0x0000000918B1C000
|
|
Host's EE Memory Map |
|
EE RAM - Kernel |
0x0000008000000000 |
0x0000008000080000
|
EE RAM - Debug |
0x0000008000078000 |
0x0000008000080000
|
EE RAM - User |
0x0000008000080000 |
0x0000008002000000
|
EE Hw Devices |
0x0000008010000000 |
0x0000008010010000
|
EE ROM |
0x000000801FC00000 |
0x000000801FFE0000
|
EE RAM - Uncached |
0x0000008020080000 |
0x0000008022000000
|
EE RAM - UncachedAccel |
0x0000008030100000 |
0x0000008032000000
|
EE Scratchpad |
0x0000008070000000 |
0x0000008070004000
|
EE Debug |
0x00000080FFFF8000 |
0x0000008100000000
|
|
Host's IOP Memory Map |
|
IOP RAM |
0x0000009000000000 |
0x0000009000200000
|
IOP RAM (mirror 1) |
0x0000009000200000 |
0x0000009000400000
|
IOP RAM (mirror 2) |
0x0000009000400000 |
0x0000009000600000
|
IOP RAM (mirror 3) |
0x0000009000600000 |
0x0000009000800000
|
IOP Scratchpad |
0x000000901F800000 |
0x000000901F801000
|
IOP HW |
0x000000901F801000 |
0x000000901F810000
|
IOP ROM |
0x000000901FC00000 |
0x000000901FFE0000
|
Registers Map
EE-IOP
This is an incomplete list of the emulated ps2 registers. 0x1000000xxx base is not guaranteed in different emu revisions, but layout should be the same regardless of base.
Assuming base is different (Like on kof2000) simply reduce these offsets by 8 hex values.
Regardless, this should not affect IOP or the VU0 and VU1 registers.
Tested on Jak v2
Eboot md5:c644f6879af225a6e5a70233fc4625a3
GPR-EE
|
Address
|
|
FPR
|
Address
|
|
CP0
|
Address
|
|
GPR-IOP
|
Address
|
zero |
0x1000000000 |
f00 |
0x1000000230 |
Index |
0x10000002D0 |
zero |
0x1020000000
|
at |
0x1000000010 |
f01 |
0x1000000234 |
Random |
0x10000002D4 |
at |
0x1020000004
|
v0 |
0x1000000020 |
f02 |
0x1000000238 |
EntryLo0 |
0x10000002D8 |
v0 |
0x1020000008
|
v1 |
0x1000000030 |
f03 |
0x100000023C |
EntryLo1 |
0x10000002DC |
v1 |
0x102000000C
|
a0 |
0x1000000040 |
f04 |
0x1000000240 |
Context |
0x10000002E0 |
a0 |
0x1020000010
|
a1 |
0x1000000050 |
f05 |
0x1000000244 |
PageMask |
0x10000002E4 |
a1 |
0x1020000014
|
a2 |
0x1000000060 |
f06 |
0x1000000248 |
Wired |
0x10000002E8 |
a2 |
0x1020000018
|
a3 |
0x1000000070 |
f07 |
0x100000024C |
rsvd7 |
0x10000002EC |
a3 |
0x102000001C
|
t0 |
0x1000000080 |
f08 |
0x1000000250 |
BadVAddr |
0x10000002F0 |
t0 |
0x1020000020
|
t1 |
0x1000000090 |
f09 |
0x1000000254 |
Count |
0x10000002F4 |
t1 |
0x1020000024
|
t2 |
0x10000000A0 |
f10 |
0x1000000258 |
EntryHi |
0x10000002F8 |
t2 |
0x1020000028
|
t3 |
0x10000000B0 |
f11 |
0x100000025C |
Compare |
0x10000002FC |
t3 |
0x102000002C
|
t4 |
0x10000000C0 |
f12 |
0x1000000260 |
Status |
0x1000000300 |
t4 |
0x1020000030
|
t5 |
0x10000000D0 |
f13 |
0x1000000264 |
Cause |
0x1000000304 |
t5 |
0x1020000034
|
t6 |
0x10000000E0 |
f14 |
0x1000000268 |
EPC |
0x1000000308 |
t6 |
0x1020000038
|
t7 |
0x10000000F0 |
f15 |
0x100000026C |
PRid |
0x100000030C |
t7 |
0x102000003C
|
s0 |
0x1000000100 |
f16 |
0x1000000270 |
Config |
0x1000000310 |
s0 |
0x1020000040
|
s1 |
0x1000000110 |
f17 |
0x1000000274 |
Iab |
0x1000000314 |
s1 |
0x1020000044
|
s2 |
0x1000000120 |
f18 |
0x1000000278 |
Iabm |
0x1000000318 |
s2 |
0x1020000048
|
s3 |
0x1000000130 |
f19 |
0x100000027C |
Dab |
0x100000031C |
s3 |
0x102000004C
|
s4 |
0x1000000140 |
f20 |
0x1000000280 |
Dabm |
0x1000000320 |
s4 |
0x1020000050
|
s5 |
0x1000000150 |
f21 |
0x1000000284 |
Dvm |
0x1000000324 |
s5 |
0x1020000054
|
s6 |
0x1000000160 |
f22 |
0x1000000288 |
Dvbm |
0x1000000328 |
s6 |
0x1020000058
|
s7 |
0x1000000170 |
f23 |
0x100000028C |
BadPAddr |
0x100000032C |
s7 |
0x102000005C
|
t8 |
0x1000000180 |
f24 |
0x1000000290 |
Debug |
0x1000000330 |
t8 |
0x1020000060
|
t9 |
0x1000000190 |
f25 |
0x1000000294 |
Perf |
0x1000000334 |
t9 |
0x1020000064
|
k0 |
0x10000001A0 |
f26 |
0x1000000298 |
Pcr0 |
0x1000000338 |
k0 |
0x1020000068
|
k1 |
0x10000001B0 |
f27 |
0x100000029C |
Pcr1 |
0x100000033C |
k1 |
0x102000006C
|
gp |
0x10000001C0 |
f28 |
0x10000002A0 |
TagLo |
0x1000000340 |
gp |
0x1020000070
|
sp |
0x10000001D0 |
f29 |
0x10000002A4 |
TagHi |
0x1000000344 |
sp |
0x1020000074
|
fp |
0x10000001E0 |
f30 |
0x10000002A8 |
ErrorEPC |
0x1000000348 |
fp |
0x1020000078
|
ra |
0x10000001F0 |
f31 |
0x10000002AC |
Rsvd31 |
0x100000034C |
ra |
0x102000007C
|
unk (pc?) |
0x1000000200 |
fACC |
0x10000002B0 |
COP0 additional registers |
|
pc |
0x102000008C
|
hi/lo (2 x 64?) |
0x1000000210 |
FPU CTRL (FCR) |
|
real Pcr0 |
0x1000000350 |
hi |
0x1020000090 ??
|
sa |
0x1000000220 |
cp1cond |
0x10000002B4 |
real Pcr1 |
0x1000000358 |
lo |
0x1020000094 ??
|
|
|
fpu ver |
0x10000002B8
|
|
|
fpu sticky |
0x10000002BC
|
|
|
fpu ctrl |
0x10000002C0
|
|
|
2CF unknown |
0x10000002C4
|
Emulator related regs
"Fake" register |
Address |
Notes
|
(?) |
0x1000000360 |
Locking the value seems to cause a crash.
|
Current PC |
0x1000000368 |
Shows the current offset that's being read by the EE
|
(?) |
0x100000036C |
it showed 0x80000184 in dbz bd 1
|
Delta counter |
0x1000000370 |
(Passed cycles, likely decrementer).
Evt check is performed on branch test when 0.
Fastforwardclock set this to 0,
advanceclock subtract value from this fake reg)
|
Cycles |
0x1000000378 |
(need work)
|
(?) |
0x1000000384 |
Possibly used by sony for diagnosis. unlike the pc,
this one doesn't change after a crash and has much lower latency
Thus meaning it's better at diagnosing problems, still unknown what it is though
|
VU0f-VU0i
Register
|
W
|
Z
|
Y
|
X
|
|
Register
|
W
|
Z
|
Y
|
X
|
vf00 |
0x103000000C |
0x1030000008 |
0x1030000004 |
0x1030000000 |
vf17 |
0x103000011C |
0x1030000118 |
0x1030000114 |
0x1030000110
|
vf01 |
0x103000001C |
0x1030000018 |
0x1030000014 |
0x1030000010 |
vf18 |
0x103000012C |
0x1030000128 |
0x1030000124 |
0x1030000120
|
vf02 |
0x103000002C |
0x1030000028 |
0x1030000024 |
0x1030000020 |
vf19 |
0x103000013C |
0x1030000138 |
0x1030000134 |
0x1030000130
|
vf03 |
0x103000003C |
0x1030000038 |
0x1030000034 |
0x1030000030 |
vf20 |
0x103000014C |
0x1030000148 |
0x1030000144 |
0x1030000140
|
vf04 |
0x103000004C |
0x1030000048 |
0x1030000044 |
0x1030000040 |
vf21 |
0x103000015C |
0x1030000158 |
0x1030000154 |
0x1030000150
|
vf05 |
0x103000005C |
0x1030000058 |
0x1030000054 |
0x1030000050 |
vf22 |
0x103000016C |
0x1030000168 |
0x1030000164 |
0x1030000160
|
vf06 |
0x103000006C |
0x1030000068 |
0x1030000064 |
0x1030000060 |
vf23 |
0x103000017C |
0x1030000178 |
0x1030000174 |
0x1030000170
|
vf07 |
0x103000007C |
0x1030000078 |
0x1030000074 |
0x1030000070 |
vf24 |
0x103000018C |
0x1030000188 |
0x1030000184 |
0x1030000180
|
vf08 |
0x103000008C |
0x1030000088 |
0x1030000084 |
0x1030000080 |
vf25 |
0x103000019C |
0x1030000198 |
0x1030000194 |
0x1030000190
|
vf09 |
0x103000009C |
0x1030000098 |
0x1030000094 |
0x1030000090 |
vf26 |
0x10300001AC |
0x10300001A8 |
0x10300001A4 |
0x10300001A0
|
vf10 |
0x10300000AC |
0x10300000A8 |
0x10300000A4 |
0x10300000A0 |
vf27 |
0x10300001BC |
0x10300001B8 |
0x10300001B4 |
0x10300001B0
|
vf11 |
0x10300000BC |
0x10300000B8 |
0x10300000B4 |
0x10300000B0 |
vf28 |
0x10300001CC |
0x10300001C8 |
0x10300001C4 |
0x10300001C0
|
vf12 |
0x10300000CC |
0x10300000C8 |
0x10300000C4 |
0x10300000C0 |
vf29 |
0x10300001DC |
0x10300001D8 |
0x10300001D4 |
0x10300001D0
|
vf13 |
0x10300000DC |
0x10300000D8 |
0x10300000D4 |
0x10300000D0 |
vf30 |
0x10300001EC |
0x10300001E8 |
0x10300001E4 |
0x10300001E0
|
vf14 |
0x10300000EC |
0x10300000E8 |
0x10300000E4 |
0x10300000E0 |
vf31 |
0x10300001FC |
0x10300001F8 |
0x10300001F4 |
0x10300001F0
|
vf15 |
0x10300000FC |
0x10300000F8 |
0x10300000F4 |
0x10300000F0 |
ACC |
0x103000020C |
0x1030000208 |
0x1030000204 |
0x1030000200
|
vf16 |
0x103000010C |
0x1030000108 |
0x1030000104 |
0x1030000100
|
Register
|
Address
|
|
Register
|
Address
|
vi00 |
0x1030000210 |
Status |
0x1030000310??
|
vi01 |
0x1030000220 |
MACflag |
0x1030000320??
|
vi02 |
0x1030000230 |
Clipflag |
0x1030000330??
|
vi03 |
0x1030000240 |
c2c19 |
0x1030000340??
|
vi04 |
0x1030000250 |
R |
0x1030000350??
|
vi05 |
0x1030000260 |
I |
0x1030000360
|
vi06 |
0x1030000270 |
Q |
0x1030000370??
|
vi07 |
0x1030000280 |
c2c23 |
0x1030000380??
|
vi08 |
0x1030000290 |
c2c24 |
0x1030000390??
|
vi09 |
0x10300002A0 |
c2c25 |
0x10300003A0??
|
vi10 |
0x10300002B0 |
TPC |
0x10300003B0
|
vi11 |
0x10300002C0 |
CMSAR0 |
0x10300003C0??
|
vi12 |
0x10300002D0 |
FBRST |
0x10300003D0
|
vi13 |
0x10300002E0 |
VPU-STAT |
0x10300003E0??
|
vi14 |
0x10300002F0 |
CMSAR1 |
0x10300003F0??
|
vi15 |
0x1030000300 |
c2c30 |
0x1030000400??
|
VU1f-VU1i
Register
|
W
|
Z
|
Y
|
X
|
|
Register
|
W
|
Z
|
Y
|
X
|
vf00 |
0x104000000C |
0x1040000008 |
0x1040000004 |
0x1040000000 |
vf17 |
0x104000011C |
0x1040000118 |
0x1040000114 |
0x1040000110
|
vf01 |
0x104000001C |
0x1040000018 |
0x1040000014 |
0x1040000010 |
vf18 |
0x104000012C |
0x1040000128 |
0x1040000124 |
0x1040000120
|
vf02 |
0x104000002C |
0x1040000028 |
0x1040000024 |
0x1040000020 |
vf19 |
0x104000013C |
0x1040000138 |
0x1040000134 |
0x1040000130
|
vf03 |
0x104000003C |
0x1040000038 |
0x1040000034 |
0x1040000030 |
vf20 |
0x104000014C |
0x1040000148 |
0x1040000144 |
0x1040000140
|
vf04 |
0x104000004C |
0x1040000048 |
0x1040000044 |
0x1040000040 |
vf21 |
0x104000015C |
0x1040000158 |
0x1040000154 |
0x1040000150
|
vf05 |
0x104000005C |
0x1040000058 |
0x1040000054 |
0x1040000050 |
vf22 |
0x104000016C |
0x1040000168 |
0x1040000164 |
0x1040000160
|
vf06 |
0x104000006C |
0x1040000068 |
0x1040000064 |
0x1040000060 |
vf23 |
0x104000017C |
0x1040000178 |
0x1040000174 |
0x1040000170
|
vf07 |
0x104000007C |
0x1040000078 |
0x1040000074 |
0x1040000070 |
vf24 |
0x104000018C |
0x1040000188 |
0x1040000184 |
0x1040000180
|
vf08 |
0x104000008C |
0x1040000088 |
0x1040000084 |
0x1040000080 |
vf25 |
0x104000019C |
0x1040000198 |
0x1040000194 |
0x1040000190
|
vf09 |
0x104000009C |
0x1040000098 |
0x1040000094 |
0x1040000090 |
vf26 |
0x10400001AC |
0x10400001A8 |
0x10400001A4 |
0x10400001A0
|
vf10 |
0x10400000AC |
0x10400000A8 |
0x10400000A4 |
0x10400000A0 |
vf27 |
0x10400001BC |
0x10400001B8 |
0x10400001B4 |
0x10400001B0
|
vf11 |
0x10400000BC |
0x10400000B8 |
0x10400000B4 |
0x10400000B0 |
vf28 |
0x10400001CC |
0x10400001C8 |
0x10400001C4 |
0x10400001C0
|
vf12 |
0x10400000CC |
0x10400000C8 |
0x10400000C4 |
0x10400000C0 |
vf29 |
0x10400001DC |
0x10400001D8 |
0x10400001D4 |
0x10400001D0
|
vf13 |
0x10400000DC |
0x10400000D8 |
0x10400000D4 |
0x10400000D0 |
vf30 |
0x10400001EC |
0x10400001E8 |
0x10400001E4 |
0x10400001E0
|
vf14 |
0x10400000EC |
0x10400000E8 |
0x10400000E4 |
0x10400000E0 |
vf31 |
0x10400001FC |
0x10400001F8 |
0x10400001F4 |
0x10400001F0
|
vf15 |
0x10400000FC |
0x10400000F8 |
0x10400000F4 |
0x10400000F0 |
ACC |
0x104000020C |
0x1040000208 |
0x1040000204 |
0x1040000200
|
vf16 |
0x104000010C |
0x1040000108 |
0x1040000104 |
0x1040000100
|
Register
|
Address
|
|
Register
|
Address
|
vi00 |
0x1040000210 |
Status |
0x1040000310??
|
vi01 |
0x1040000220 |
MACflag |
0x1040000320??
|
vi02 |
0x1040000230 |
Clipflag |
0x1040000330??
|
vi03 |
0x1040000240 |
c2c19 |
0x1040000340??
|
vi04 |
0x1040000250 |
R |
0x1040000350??
|
vi05 |
0x1040000260 |
I |
0x1040000360
|
vi06 |
0x1040000270 |
Q |
0x1040000370??
|
vi07 |
0x1040000280 |
c2c23 |
0x1040000380??
|
vi08 |
0x1040000290 |
c2c24 |
0x1040000390??
|
vi09 |
0x10400002A0 |
c2c25 |
0x10400003A0??
|
vi10 |
0x10400002B0 |
TPC |
0x10400003B0
|
vi11 |
0x10400002C0 |
CMSAR0 |
0x10400003C0??
|
vi12 |
0x10400002D0 |
FBRST |
0x10400003D0
|
vi13 |
0x10400002E0 |
VPU-STAT |
0x10400003E0??
|
vi14 |
0x10400002F0 |
CMSAR1 |
0x10400003F0??
|
vi15 |
0x1040000300 |
c2c30 |
0x1040000400??
|
Register Details
Credits to psi rockin
Name |
Purpose / info
|
zero |
Hardwired to 0, writes are ignored
|
at |
Temporary register used for pseudo-instructions
|
v0-v1 |
Return register, holds values returned by functions
|
a0-a3 |
Argument registers, holds first four parameters passed to a function
|
t0-t7 |
Temporary registers. t0-t3 may also be used as additional argument registers
|
s0-s7 |
Saved registers. Functions must save and restore these before using them
|
t8-t9 |
Temporary registers
|
k0-k1 |
Reserved for use by kernels
|
gp |
Global pointer
|
sp |
Stack pointer, address of currently-executing function
|
fp |
Frame pointer
|
ra |
Return address. Used by JAL and (usually) JALR to store the address to return to after a function
|
Special registers |
|
pc |
Program counter, address of currently-executing instruction (32-bit)
|
hi/lo |
Stores multiplication and division results (64-bit)
|
hi1/lo1 |
Used by MULT1/DIV1 type instructions, same as above (64-bit)
|
sa |
Shift amount used by QFSRV instruction
|
Aside from zero, all GPRs may be freely accessed if convention rules are respected.
Open CL and Floats
PS4 native Floating point support and OpenCL info, for both CPU and GPU. The understanding of floating point conversion is very important for emulating the PS2.
Info found below came from this: gist
There you can find more info about PS4's OpenCL.
CPU
Info |
Value
|
Device Name |
CXD90026AG - DG1002FGF84HT
|
Device Vendor |
AuthenticAMD
|
Device Vendor ID |
0x1022
|
Device OpenCL C Version |
OpenCL C 1.2 pocl
|
Device Type |
CPU
|
Max compute units |
8
|
Max work item dimensions |
3
|
Max work item sizes |
4096x4096x4096
|
Max work group size |
4096
|
Preferred work group size multiple |
8
|
Half-precision Floating-point support |
(n/a)
|
Single-precision Floating-point support |
(core)
|
Denormals |
Yes
|
Infinity and NANs |
Yes
|
Round to nearest |
Yes
|
Round to zero |
Yes
|
Round to infinity |
Yes
|
IEEE754-2008 fused multiply-add |
No
|
Support is emulated in software |
No
|
Correctly-rounded divide and sqrt operations |
Yes
|
Double-precision Floating-point support |
(cl_khr_fp64)
|
Denormals |
Yes
|
Infinity and NANs |
Yes
|
Round to nearest |
Yes
|
Round to zero |
Yes
|
Round to infinity |
Yes
|
IEEE754-2008 fused multiply-add |
Yes
|
Support is emulated in software |
No
|
Execution capabilities |
|
Run OpenCL kernels |
Yes
|
Run native kernels |
Yes
|
SPIR versions |
1.2
|
Device Extensions |
cl_khr_byte_addressable_store
cl_khr_global_int32_base_atomics
cl_khr_global_int32_extended_atomics
cl_khr_local_int32_base_atomics
cl_khr_local_int32_extended_atomics
cl_khr_3d_image_writes
cl_khr_spir
cl_khr_fp64
cl_khr_int64_base_atomics
cl_khr_int64_extended_atomics
|
GPU
Info |
Values
|
Device Name |
AMD LIVERPOOL
|
Device Vendor |
AMD
|
Device Vendor ID |
0x1002
|
Device Version |
OpenCL 1.1
|
Device OpenCL C Version |
OpenCL C 1.1
|
Device Type |
GPU
|
Max compute units |
18
|
Max work item dimensions |
3
|
Max work item sizes |
256x256x256
|
Max work group size |
256
|
Compiler Available |
Yes
|
Preferred work group size multiple |
64
|
Half-precision Floating-point support |
(cl_khr_fp16)
|
Denormals |
No
|
Infinity and NANs |
Yes
|
Round to nearest |
Yes
|
Round to zero |
No
|
Round to infinity |
No
|
IEEE754-2008 fused multiply-add |
No
|
Support is emulated in software |
No
|
Single-precision Floating-point support |
(core)
|
Denormals |
No
|
Infinity and NANs |
Yes
|
Round to nearest |
Yes
|
Round to zero |
No
|
Round to infinity |
No
|
IEEE754-2008 fused multiply-add |
No
|
Support is emulated in software |
No
|
Correctly-rounded divide and sqrt operations |
No
|
Double-precision Floating-point support |
(cl_khr_fp64)
|
Denormals |
Yes
|
Infinity and NANs |
Yes
|
Round to nearest |
Yes
|
Round to zero |
Yes
|
Round to infinity |
Yes
|
IEEE754-2008 fused multiply-add |
Yes
|
Support is emulated in software |
No
|
Execution capabilities |
|
Run OpenCL kernels |
Yes
|
Run native kernels |
No
|
Device Extensions |
cl_khr_byte_addressable_store
cl_khr_byte_addressable_store
cl_khr_global_int32_base_atomics
cl_khr_global_int32_extended_atomics
cl_khr_local_int32_base_atomics
cl_khr_local_int32_extended_atomics
cl_khr_int64_base_atomics
cl_khr_int64_extended_atomics
cl_khr_fp64
cl_khr_fp16
|
PS3 Config support
The emulator supports configurations in the format known from ps2_netemu/ps2classic that came from the PS3. This feature was
officially used in Arc the Lad Twilight of the Spirits ps2-ps4 classic.
To enable ps3 style config add this to config-emu-ps4.txt:
--lopnor-config=1
--ps2-title-id=TITLE-ID
Config file need to be in folder ...'''/patches/{TITLE-ID}/''' and file need to have name '''{TITLE-ID}_lopnor.cfgbin'''. title id need to be in XXXX-YYYYY format (ex. SLUS-12345).
Example path: /patches/SLUS-12345/SLUS-12345_lopnor.cfgbin
Tester confirmed that configs work like that. We don't even need to edit them, they work as is.
Please keep in mind that not all commands are recognized, only 0x01 (can depend upon emu revision), 0x09, 0x0A, 0x0B, 0x0F, 0x10, 0x26, 0x27, 0x42.
For example Rayman 3 config Does not work due to the command being unsupported
Command 0x07 is NOT recognized, but can be manually translated to cli config (to: --vu-xgkick-delay=value).
Same goes for 0x11 (--vu0-accurate-addsub-range can be used).
Known issues
List of known issues in the PS4's PS2 emulator
Issue |
Games affected |
Solution |
Description
|
Suspected iop issue(?) |
Zatch Bell! Mamodo Fury, Godfather, Gran turismo 4, SSX |
|
a Stutter that's not caused by performance but by inaccurate iop emulation leading to stuttering fmvs/mainmenu
|
Suspected GIF issue (?) |
Tenchu - Fatal Shadows, Genji dawn of the samurai, Batman begins, Lara Croft Tomb Raider - The Angel of Darkness, Dragon ball z budokai tenkaichi 1, Possibly many more! |
LUA patches |
|
No support for EE Cache |
Ice Age 2, DOA2: Extreme, Nascar 2009, Barnyard, Others |
Lua patches to the EE memory and picking the right emulator |
It's not a ps4 issue per say since these issues are also encountered by Pcsx2. but Pcsx2 does have support for EE cache, though it doesn't use it to fix these games because emulating EE cache is extremely slow. so that's why the Pcsx2 team decided to use pnach patches to fix this issue.
|
VU0/COP2 is not running in sync with EE core |
24 The Game, ATV Quad Power Racing 2, Twisted Metal Head-On, Primal, Ghosthunter, Rayman Arena, Rayman 3, Largo winch. All games using M-bit. other games affected by COP2 timing |
ee hook AdvanceClock or fastforwardclock commands on affected addresses, Most of the time it will be CTC2 instructions that are affected Or using Kozraovv's method of EE memory patching |
Rayman 3's fix for example
Largo winch's fix for example
This issue can also be replicated on Pcsx2 if you overclock the EE by +3
|
No roundmode support for VU or FPU |
Koun, Tony hawk games, Devil may cry 3, Gun, TY the Tasmanian Tiger 3, Beyond Good & Evil, MTX Mototrax, Many others |
Lua patches to the EE memory |
|
No M-Bit support |
Every game that uses M-Bit. Totally Spies! Totally Party, Mike Tyson Heavyweight Boxing, My Street, Crash Twinsanity, Marvel Nemesis, Panzer Elite Action - Fields of Glory, Super Monkey Ball Adventure, most Eko Software games, and many more. [3] |
Lua patches to the EE memory |
M-bit: Only applicable for VU0. Ends interlock on a single QMTC2.I/CTC2.I instruction, allowing the EE to continue execution
|
Wrong read speed for some games |
Shadowman(Textures), God of war (Music), Ratchet and clank size matters (Music), every game that's listed to require CDVD_READ_DELAY. and many other affected games |
Try your luck with IOP and CDVD CLI commands. |
Also known in sony's bios as CDVD_READ_DELAY
|
In-accurate VU0/VU1/COP2 emulation |
Sly cooper games, Crash twinsanity, Crazy frog racer, Rayman 3, Koei tecmo games, Klonoa 2, others. |
Choosing a VU accurate emulator such as Roguev1 or Kof2000 with the right clamping commands |
The issue leads to SPS and graphical issues and sometimes freezing.
|
In-accurate Multiply/Divide/Add/Subtract instructions |
Max payne, Bully, Jackie chan adventures, Wild arms 3, Pac-man World 3, Gran turismo 4, Others |
Addsub/Muldiv Cli commands |
Causes many geometry issues and black screens. Sony reduced the accuracy of these instructions to improve performance
|
Multitap doesn't support all games |
Urban reign, many others |
None |
|
DMA writes when busy signal is engaged |
Ratchet and clank games, Metal gear solid 2, others |
None yet |
AKA eetiminghack
|
VU1 running too fast (DMA sync) |
Harry Potter the Chamber of secrets, Mercenaries 2 |
None yet |
|
VIF1 runs instantly |
Urban reign, Avatar, Parappa 2, Eternal Poison, Soul Calibur 2, Soul Calibur 3, Others |
Using LUA's SchedulerDelayEvent command or Using CLI'S vif1-instant-xfer command |
Sony wanted to improve the performance, which is the reason VIF1 is instant. The lua's command can be customizable to set the delay period, the cli can't, therefore lua's command is much more compatible
|
Inaccuracies in the IPU |
Burnout 3, Onimusha dawn of dreams |
None yet |
|
Diagnosing problems
This guide will assist you in tracing the issue's cause,The list is based on what you can possibly solve using CLI
Definitely check out ps3 Emulator Bugs too, as many of them likely occur in the PS4.
Issue |
VU1 |
EE |
GS |
VIF |
IOP |
COP2 |
VU0 |
VU |
FPU |
SIF
|
Performance |
✔ |
✔ |
✔ |
✔ |
|
|
|
✔ |
|
|
Crashes |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
✔
|
Broken graphics |
✔ |
|
✔ |
✔ |
|
✔ |
✔ |
✔ |
|
|
Glitches |
|
|
|
✔ |
|
✔ |
✔ |
✔ |
✔ |
|
Performance bottleneck order:
VU1 ==> EE ==> GS
As can be seen, the biggest bottleneck for the ps4 is the emulated VU1.
Therefore its Speedhacks will be the most effective for performance.
Debugging through PS4CHEATER
The program PS4CHEATER can be used to debug PS2 register by adding these addresses into it:
1000000368 (Jakv2 uses this offset)
1000000360 (Emus with older revision use this one)
And change the type into > View as Hex.
Make sure live cheats is on.
One of them will contain the Currently executing offset in the ee's memory.
PS2 Bios
Description
The PS2 bios is the file PS20220WD20050620.crack included in every PS2 game .pkg. It Is exactly the same BIOS that Sony used in ps2_netemu.self in PS3. Due to lack of many X modules, homebrew compatibility is limited, and many of those need to be recompiled to use non X versions of modules, or need to load open source versions of them through MC/CDVD. Important non X module that is missing is LIBSD, and homebrew that need it, will likely fail to boot, or cause an error.
Bios is know to blacklist some titles, and refuse to boot them. This include all titles with 00000000 000000A0 flag from that list (click here)
More about the bios
Bios version seems to be Developement v2.20 from Japan region (22/01/2007), but it's of course not limited to booting only NTSC-J games.
Emulator not support USB peripherals, but this seems to be not limitation of BIOS, as it is used also in CECH C/E PS3 consoles.
There are signs that different bios version exist, named PS20190AC20030623_nordram_miniOSD.bin. This bios have included handy extensions for debugging, and can debug print with "debug osd verbosity" from CLI set to "verbose". Most noticeable difference for both bios files seems to be special RDRAM module.
While PS3 emulators patch bios to preferred region, emulator used in PS4 uses a so called CallHook which is better known for pcsx2 users as fastboot. No need to describe patch here, just look at PCSX2 fastboot code. It's the same code, but PS4 emus don't have patches for different bios revisions.
Bios file information:
File name: PS20220WD20050620.crack
MD5: 83AD2B530C9C102A561BA1CDC6D996D5
Files inside ROM image
File |
Offset in exported bin |
Description |
File type (exportable)
|
RESET |
0x00 |
Bootstrap code for the EE and IOP. |
BIN
|
ROMDIR |
0x2780 |
The ROMDIR part of the ROM image, which provides information on the location and name of files contained in the image. |
BIN
|
EXTINFO |
0x2CC0 |
Contains the "EXTINFO" for all files in the ROM image. |
BIN
|
SBIN |
0x3330 |
Seems to be the pad controller library for the PS1 monitor. |
BIN
|
LOGO |
0xA2D0 |
PS1 logo? |
BIN
|
IOPBTCONF |
00x1EA20 |
Boot configuration file for the IOP, during the final phase of the IOP reset. If no UDNL module is specified, the IOP will only have a single IOP reset in the reboot process, with the modules listed in IOPBTCONF. |
BIN
|
IOPBTCON2 |
0x1EB10 |
Boot configuration file for the IOP, for the first phase of the IOP reset (before UDNL is loaded). |
BIN
|
SYSMEM |
0x1EBE0 |
System Memory Manager. |
ELF
|
LOADCORE |
0x1FE00 |
The core of IOP module loading. Provides the lowest level of IOP module loading functions. Also handles the startup of the IOP. |
ELF
|
EXCEPMAN |
0x22380 |
Exception manager. |
ELF
|
INTRMANP |
0x22F60 |
Interrupt Manager. According to wisi, it is for PS mode. |
ELF
|
INTRMANI |
0x24970 |
Interrupt Manager. According to wisi, it is for IOP mode. |
ELF
|
SSBUSC |
0x267B0 |
SSBUS Controller library. The SSBUS seems to be the bus that all peripherals get connected to. It seems to have the power to control the mapping of the device registers, as well as access timing. |
ELF
|
TIMEMANP |
0x26F20 |
Timer Manager (PS mode) |
ELF
|
TIMEMANI |
0x27B00 |
Timer Manager (IOP mode) |
ELF
|
DMACMAN |
0x28730 |
DMA Controller Manager. |
ELF
|
SYSCLIB |
0x2BE30 |
System C Library. |
ELF
|
HEAPLIB |
0x2E590 |
Memory HEAP LIBrary (i.e. thvpool, thfpool) |
ELF
|
THREADLIB |
0x2F290 |
Multi_Thread_Manager |
ELF
|
VBLANK |
0x38020 |
V-Blank management |
ELF
|
IOMAN |
0x38DB0 |
IO Manager |
ELF
|
MODLOAD |
0x3AD20 |
IOP module loader. |
ELF
|
ROMDRV |
0x3D070 |
ROM driver. Provides access to the boot ROM (rom0). |
ELF
|
ADDDRV |
0x3DF60 |
Adds support for the DVD ROM (rom1:), via ROMDRV. |
ELF
|
STDIO |
0x3D3C0 |
Standard I/O library. |
ELF
|
SIFMAN |
0x3EFB0 |
SIF manager. |
ELF
|
SIFINIT |
0x40550 |
Initializes the SIF. |
ELF
|
EESYNC |
0x40970 |
For synchronizing with the EE, at the end of IOP resets. EESYNC from DNAS images are evil; they also perform a memory wipe of the region from 0x00084000 to .0x00100000. |
ELF
|
EENULL |
0x40E10 |
The idle thread (id #0) module, in ps2 loaded to 0x00081FC0. |
BIN
|
PS1ID |
0x40E50 |
Only found in newer boot ROMs |
BIN
|
LIBFI |
0x40E60 |
Not present in the boot ROM of the SCPH-10000 and SCPH-15000. |
BIN
|
PS1VERJ |
0x40F50 |
|
BIN
|
PS1VERA |
0x40F60 |
|
BIN
|
PS1VERE |
0x40F70 |
|
BIN
|
PS1VERC |
0x40F80 |
|
BIN
|
PS1VERH |
0x40F90 |
|
BIN
|
OSDSYS |
0x40FA0 |
The browser |
BIN
|
- |
0x40FB0 |
|
BIN
|
RDRAM |
0x41000 |
Provides a RDRAM test for the EE at power-on. This is run from RESET. |
BIN
|
EELOADCNF |
0x43D50 |
Contains the IOP boot configuration file for EELOAD. |
BIN
|
SIFCMD |
0x43F00 |
SIF command module. Contains the SIF command and SIF RPC functions. |
ELF
|
REBOOT |
0x46140 |
The reboot service. Receives IOP reset packets from the EE, from across the SIF. |
ELF
|
LOADFILE |
0x46910 |
The RPC server for MODLOAD |
ELF
|
EECONF |
0x49070 |
Loads part of the system configuration from the MECHACON EEPROM. Also configures and resets some peripherals, depending on the model version. In slimlines, and possibly on PS3 EECONF will also load the MAC address. |
ELF
|
- |
0x49FF0 |
|
BIN
|
IOPBOOT |
0x4A000 |
IOP bootup program |
BIN
|
- |
0x4B160 |
|
BIN
|
TBIN |
0x4B800 |
The PS1 monitor program. Seems to be the PS1 BIOS. This is started by RESET, when the IOP is in PS1 mode. |
BIN
|
XSHA1 |
0x59770 |
sha1 - this only present in PS3. It is used as additional antipiracy check. It seems that it calculate disc main elf checksum and compares it with some database. Config related? |
ELF
|
XLOADFILE |
0x5A740 |
Updated module |
ELF
|
SIO2MAN |
0x5D7F0 |
SIO2 manager. Provides access to the SIO2 interface. |
ELF
|
- |
0x5F420 |
|
BIN
|
MCSERV |
0x61340 |
RPC server for MCMAN. |
ELF
|
- |
0x63040 |
|
BIN
|
KROMG |
0x64000 |
|
BIN
|
- |
0x65CC0 |
|
BIN
|
KROM |
0x66000 |
Kanji ROM? Not sure where this is used. |
BIN
|
- |
0x7FE70 |
|
BIN
|
ROMVER |
0x7FF00 |
ROM version. |
BIN
|
- |
0x7FF10 |
|
BIN
|
VERSTR |
0x7FF30 |
Version string. Probably PS1 ROM will use this because that this string is also present in PlayStation consoles. |
BIN
|
- |
0x7FF90 |
|
BIN
|
ROMGSCRT |
0x80000 |
|
BIN
|
NCDVDMAN |
0x82D30 |
It seems to be a heavily stripped-down CDVDMAN module, with no support for some S-command functions like sceCdRI. |
ELF
|
SECRMAN |
0x8F770 |
Security Manager. Signing is NOT done with the one in ROM, but with a special version that comes with the utility discs. Looks like PS3 units have a different SECRMAN module from retail sets, similar to PS2 TOOL one. |
ELF
|
MCMAN |
0x93C30 |
Memory Card Manager. |
ELF
|
PADMAN |
0xA30C0 |
Pad manager. |
ELF
|
CDVDMAN |
0xAC810 |
The CD/DVD manager. |
ELF
|
CDVDFSV |
0xB4BC0 |
The RPC server for CDVDMAN. |
ELF
|
FILEIO |
0xBCF80 |
RPC server for IOMAN. Sony has greatly changed the semantics and design of FILEIO after some point. Connecting an old FILEIO EE RPC client to a newer server will result in a severe IOP crash. |
ELF
|
CLEARSPU |
0xBF080 |
Seems to clear/reset the SPU, but is known to cause crashes under some conditions. Not sure if it's buggy or not. Only used by the OSDSYS of the SCPH-10000 and SCPH-15000, probably retained for backward-compatibility. |
ELF
|
UDNL |
0xC0CC0 |
It is responsible for selecting the modules and starting the IOP, during the final phase of the IOP reset where the desired modules are to be loaded into the IOP. |
ELF
|
IGREETING |
0xC2BC0 |
Displays boot information (i.e. IOP boot type, EBOOTP, IBOOTP, switch positions for DSW602 and the type of DSW602 board installed |
ELF
|
EELOAD |
0xC3C20 |
The EE ELF loader, which is loaded by LoadExecPS2() to 0x00082000 in PS2 for loading ELFs. |
BIN
|
XCDVDMAN |
0xD2DA0 |
cdvd_driver - Updated module |
ELF
|
XCDVDFSV |
0xE1B30 |
cdvd_ee_driver - Updated module |
ELF
|
OSDSND |
0xEFF60 |
OSD sound library. This is actually the tentative sound driver, which is called "librspu2" in the Sony SDK. |
ELF
|
PS2LOGO |
0x11ABB0 |
Displays the PlayStation 2 logo from the inserted disc. For newer consoles, if the logo cannot be decrypted properly, it will fall back to the browser. Not actually required to boot games, but the Sony OSDSYS boots PS2 games through this program. |
ELF
|
XPARAM2 |
0x137500 |
File store per title settings for IOP emulation (XPARAM available also in real PS2 since 750XX where Deckard powerPC was introduced) |
ELF
|
OSDSYS |
0x139A00 |
The browser |
BIN
|
PIOPRP |
0x177880 |
Present in the PS3 ps2_(gx/soft/net)emu; contains version 3.1.0 of the IOP software (compared to version 1.3.4 on the root). |
BIN
|
KERNEL |
0x1BB7E0 |
The EE kernel |
BIN
|
Description source: https://gist.github.com/uyjulian/25291080f083987d3f3c134f593483c5
Game_ID/DiscID in PS20220WD20050620.crack
There are 193 titleIDs listed inside XPARAM2.ELF file of PS2 Bios included in PS20220WD20050620.crack. XPARAM2.ELF is called by OSDSYS, then ID check is performed. If titleID match to one of included in the table, different IOP emulation settings are applied. This include blacklisting for some specific titles.
Original PS2 bios from models with emulated IOP, include similar list file called XPARAM.ELF. Title IDs there are not the same, although some of them exist on both lists.
Command |
Name
|
0x00 |
TITLE_MASK
|
0x01 |
SIO2_MASK
|
0x02 |
DEV9_MASK
|
0x03 |
USB_MASK
|
0x04 |
SIF_DMA_SYNC
|
0x05 |
SIF_DMA_LOAD
|
0x06 |
DMAC_CH10_INT_DELAY
|
0x07 |
MECHA_RECOGTIME
|
0x08 |
CPU_DELAY
|
0x09 |
DEV5_INT_SPEED
|
0x0A |
CDVD_READ_DELAY
|
0x0B |
SPU2_BEHAVIOR
|
ID |
Title |
Command |
Value |
Remarks
|
PBPX_952.01 |
DVD Utility Disc Version 1.00 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.02 |
DVD Utility Disc Version 1.01 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.03 |
DVD Utility Disc Version 1.01 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.06 |
DVD Player (Version 2.01) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.07 |
DVD Player (Version 2.10) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.08 |
DVD Player (Version 2.10) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.09 |
DVD Player (Version 2.10) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.10 |
DVD Utility Disc Version 2.10 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.11 |
DVD Utility Disc Version 1.00 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.21 |
DVD Player (Version 2.12) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.22 |
DVD Player (Version 2.14) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.24 |
DVD Player (Version 2.16) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.28 |
|
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.35 |
|
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_952.39 |
Online Start Up Disc v3.0 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_955.01 |
Linux for PS2 Beta Release 1 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_955.07 |
Playstation 2 Linux Runtime Environment v1.0 (Disc 1) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_955.09 |
Linux for PS2 Release 1.0 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PBPX_955.18 |
|
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PDPX_991.09 |
DVD Player (Version 3.04) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PSXC_002.01 |
PSX Update Disc 1.10 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PSXC_002.02 |
PSX Update Disc 1.20 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PSXC_002.03 |
PSX Update Disc 1.31 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
PTPX_970.38 |
|
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCAJ_201.25 |
Tekken 5 |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SCAJ_201.26 |
Tekken 5 |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SCES_532.02 |
Tekken 5 |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SCKA_200.49 |
Tekken 5 |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SCPM_621.15 |
|
0x00 |
0x1000000 |
TITLE_MASK
|
SCPM_621.16 |
|
0x00 |
0x1000000 |
TITLE_MASK
|
SCPN_601.01 |
PlayStation BB Navigator (Version 0.10) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCPN_601.30 |
PlayStation BB Navigator (Version 0.20) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCPN_601.40 |
PlayStation BB Navigator (Version 0.30) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCPN_601.50 |
PlayStation BB Navigator (Version 0.31) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCPN_601.60 |
PlayStation BB Navigator (Version 0.32) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCPS_110.01 |
I.Q. Remix |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCPS_110.10 |
Yoake no Mariko (Performance Pack Edition) |
0x01 |
0x1800 |
SIO2_MASK
|
SCPS_110.18 |
Yoake no Mariko |
0x01 |
0x1800 |
SIO2_MASK
|
SCPS_110.21 |
Yoake no Mariko 2nd Act (Limited Edition) |
0x01 |
0x1800 |
SIO2_MASK
|
SCPS_110.22 |
Yoake no Mariko 2nd Act |
0x01 |
0x1800 |
SIO2_MASK
|
SCPS_150.38 |
Lifeline |
0x0A |
0x80300 |
CDVD_READ_DELAY
|
SCPS_150.39 |
Lifeline |
0x0A |
0x80300 |
CDVD_READ_DELAY
|
SCPS_170.01 |
Gran Turismo 4 |
0x0B |
0x10000000 |
SPU2_BEHAVIOR
|
SCPS_175.01 |
Linux (for PlayStation2) Release 1.0 |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SCPS_200.39 |
|
0x00 |
0x4000000 |
TITLE_MASK
|
SCUS_971.67 |
PaRappa the Rapper 2 |
0x04 |
0x2000 |
SIF_DMA_SYNC
|
SCUS_972.69 |
Final Fantasy XI [Disc 2] |
0x02 |
0xB |
DEV9_MASK
|
SLES_500.48 |
Donald Duck: Quack Attack |
0x01 |
0x800 |
SIO2_MASK
|
SLES_500.62 |
Orphen: Scion of Sorcery |
0x08 |
0xC1C |
CPU_DELAY
|
SLES_503.64 |
City Crisis |
0x0A |
0x80BB8 |
CDVD_READ_DELAY
|
SLES_504.46 |
Shadow Man 2: The Second Coming |
0x0A |
0x80600 |
CDVD_READ_DELAY
|
SLES_505.40 |
Simpsons: Road Rage |
0x01 |
0x800 |
SIO2_MASK
|
SLES_506.08 |
Shadow Man 2: The Second Coming |
0x0A |
0x80600 |
CDVD_READ_DELAY
|
SLES_506.28 |
Simpsons: Road Rage |
0x01 |
0x800 |
SIO2_MASK
|
SLES_507.28 |
Tiger Woods PGA Tour 2002 |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLES_507.29 |
|
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLES_512.82 |
Tiger Woods PGA Tour 2003 |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLES_514.79 |
Def Jam Vendetta |
0x01 |
0x802 |
SIO2_MASK
|
SLES_518.41 |
SpyHunter 2 |
0x01 |
0x800 |
SIO2_MASK
|
SLES_518.44 |
Time Crisis 3 |
0x01 |
0x800 |
SIO2_MASK
|
SLES_519.97 |
SWAT: Global Strike Team |
0x01 |
0x800 |
SIO2_MASK
|
SLES_520.97 |
SWAT: Global Strike Force |
0x01 |
0x800 |
SIO2_MASK
|
SLES_530.37 |
Super Monkey Ball Deluxe |
0x01 |
0x802 |
SIO2_MASK
|
SLES_536.68 |
Micro Machines v4 |
0x01 |
0x801 |
SIO2_MASK
|
SLES_537.55 |
Castlevania: Curse of Darkness |
0x04 |
0x10 |
SIF_DMA_SYNC
|
SLES_537.96 |
FIFA Street 2 |
0x01 |
0x1800 |
SIO2_MASK
|
SLPM_620.42 |
Kurogane no Houkou: Warship Commander |
0x01 |
0x3000 |
SIO2_MASK
|
SLPM_620.62 |
Gitaroo Man One |
0x0A |
0x80540 |
CDVD_READ_DELAY
|
SLPM_621.05 |
Taikou Risshiden IV |
0x09 |
0x2B47000A |
DEV5_INT_SPEED
|
SLPM_621.24 |
Ready 2 Rumble Boxing: Round 2 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_621.25 |
Gauntlet: Dark Legacy |
0x08 |
0xC1C |
CPU_DELAY
|
SLPM_621.25 |
Gauntlet: Dark Legacy |
0x09 |
0x2B470005 |
DEV5_INT_SPEED
|
SLPM_621.35 |
Final Fantasy: XI (Beta Version) |
0x00 |
0xA0000000 |
TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag
|
SLPM_621.54 |
DDRMAX Dance Dance Revolution 6thMix |
0x08 |
0x1A5E |
CPU_DELAY
|
SLPM_622.39 |
Supercar Street Challenge |
0x0A |
0x80300 |
CDVD_READ_DELAY
|
SLPM_623.69 |
Karaoke Revolution: J-Pop Vol.1 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_623.79 |
Karaoke Revolution: J-Pop Vol.2 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_623.80 |
Karaoke Revolution: J-Pop Vol.3 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_623.81 |
Karaoke Revolution: J-Pop Vol.4 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_623.82 |
Karaoke Revolution: Love & Ballad |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_623.83 |
Karaoke Revolution: Night Selection 2003 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.14 |
Karaoke Revolution: Dreams & Memories |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.37 |
Suisui Sweet: Amai Ai no Mitsukekata |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SLPM_624.50 |
Karaoke Revolution: Anime Song Selection |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.51 |
Karaoke Revolution: J-Pop Vol.5 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.54 |
Karaoke Revolution: J-Pop Vol.6 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.55 |
Karaoke Revolution: J-Pop Vol.7 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.56 |
Karaoke Revolution: J-Pop Vol.8 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.57 |
Karaoke Revolution: Snow & Party |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.64 |
Pop'n Taisen Pazurudame Online |
0x08 |
0x1F40 |
CPU_DELAY
|
SLPM_624.79 |
Karaoke Revolution: J-Pop Vol.9 |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_624.91 |
Mega Man: The Power Battle |
0x04 |
0x2000 |
SIF_DMA_SYNC
|
SLPM_624.92 |
Karaoke Revolution: Kids Song Selection |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_625.28 |
Karaoke Revolution: Kazoku Idol Sengen (Bundle Edition) |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_625.29 |
Karaoke Revolution: Kazoku Idol Sengen |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_650.86 |
A Visual Mix: Ayumi Hamasaki Dome Tour 2001 (Disc 1) |
0x08 |
0x1450 |
CPU_DELAY
|
SLPM_650.87 |
A Visual Mix: Ayumi Hamasaki Dome Tour 2001 (Disc 2) |
0x08 |
0x1450 |
CPU_DELAY
|
SLPM_650.90 |
Spy Hunter |
0x01 |
0x1800 |
SIO2_MASK
|
SLPM_651.97 |
Nobunaga's Ambition Online |
0x02 |
0xB |
DEV9_MASK
|
SLPM_652.09 |
Star Ocean: Till the End of Time |
0x0B |
0x20014 |
SPU2_BEHAVIOR
|
SLPM_654.38 |
Star Ocean: Till the End of Time (Director's Cut) (Disc 1) |
0x0B |
0x20014 |
SPU2_BEHAVIOR
|
SLPM_654.39 |
Star Ocean: Till the End of Time (Director's Cut) (Disc 2) |
0x0B |
0x20014 |
SPU2_BEHAVIOR
|
SLPM_654.88 |
Grand Theft Auto: Vice City |
0x0A |
0x300 |
CDVD_READ_DELAY
|
SLPM_654.88 |
Grand Theft Auto: Vice City |
0x09 |
0x36000200 |
DEV5_INT_SPEED
|
SLPM_656.33 |
I Love Baseball: Pro Yakyu wo Koyonaku |
0x08 |
0xFA0 |
CPU_DELAY
|
SLPM_656.98 |
Love Songs: ADV Futaba Riho 14-sai Natsu |
0x0A |
0x80380 |
CDVD_READ_DELAY
|
SLPM_657.05 |
Final Fantasy XI: Chains of Promathia (Expansion Disc) |
0x02 |
0xB |
DEV9_MASK
|
SLPM_657.06 |
Final Fantasy XI: Chains of Promathia (All-In-One Edition) |
0x02 |
0xB |
DEV9_MASK
|
SLPM_657.19 |
Burnout 3: Takedown |
0x01 |
0x1C00 |
SIO2_MASK
|
SLPM_657.83 |
Nobunaga no Yabou Online: Tappi no Shou |
0x02 |
0xB |
DEV9_MASK
|
SLPM_658.94 |
Winning Post 6: 2005 Version |
0x01 |
0x2400 |
SIO2_MASK
|
SLPM_659.34 |
Maple Colors |
0x0A |
0x80300 |
CDVD_READ_DELAY
|
SLPM_659.53 |
Final Fantasy: XI (Entry Disc 2005) |
0x02 |
0xB |
DEV9_MASK
|
SLPM_659.84 |
Grand Theft Auto: San Andreas |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPM_660.33 |
The Sword of Etheria |
0x08 |
0xC1C |
CPU_DELAY
|
SLPM_660.33 |
The Sword of Etheria |
0x00 |
0x2000000 |
TITLE_MASK
|
SLPM_660.48 |
The Sword of Etheria |
0x08 |
0xC1C |
CPU_DELAY
|
SLPM_660.48 |
The Sword of Etheria |
0x00 |
0x2000000 |
TITLE_MASK
|
SLPM_660.57 |
Taito Memories Vol.1 |
0x08 |
0xCE4 |
CPU_DELAY
|
SLPM_661.56 |
Marheaven: Arm Fight Dream |
0x01 |
0x1800 |
SIO2_MASK
|
SLPM_661.75 |
Akumajo Dracula: Yami no Juin |
0x08 |
0x60 |
CPU_DELAY
|
SLPM_661.75 |
Akumajo Dracula: Yami no Juin |
0x0B |
0x2001C |
SPU2_BEHAVIOR
|
SLPM_663.93 |
Final Fantasy XI: Treasures of Aht Urhgan (All-In-One Edition) |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPM_663.93 |
Final Fantasy XI: Treasures of Aht Urhgan (All-In-One Edition) |
0x09 |
0x2B47000A |
DEV5_INT_SPEED
|
SLPM_663.93 |
Final Fantasy XI: Treasures of Aht Urhgan (All-In-One Edition) |
0x02 |
0xB |
DEV9_MASK
|
SLPM_663.94 |
Final Fantasy XI: Treasures of Aht Urhgan |
0x02 |
0xB |
DEV9_MASK
|
SLPM_664.36 |
Aria the Natural |
0x01 |
0x1800 |
SIO2_MASK
|
SLPM_664.36 |
Aria the Natural |
0x00 |
0xA000000 |
TITLE_MASK
|
SLPM_665.39 |
Nobunaga no Yabou Online: Haten no Shou |
0x02 |
0xB |
DEV9_MASK
|
SLPM_665.58 |
Tomb Raider: Legend |
0x08 |
0x3E8 |
CPU_DELAY
|
SLPM_665.74 |
Detective Evangelion |
0x00 |
0x2000000 |
TITLE_MASK
|
SLPM_680.07 |
Karaoke Revolution (Trial) |
0x08 |
0x1388 |
CPU_DELAY
|
SLPM_680.10 |
|
0x08 |
0x1388 |
CPU_DELAY
|
SLPS_200.08 |
Morita Shogi |
0x08 |
0x1388 |
CPU_DELAY
|
SLPS_200.20 |
FIFA 2000 World Championship |
0x04 |
0x2001 |
SIF_DMA_SYNC
|
SLPS_200.37 |
Go Go Golf |
0x09 |
0x2B47000A |
DEV5_INT_SPEED
|
SLPS_200.38 |
Grappler Baki: Baki Saidai no Tournament |
0x08 |
0x1194 |
CPU_DELAY
|
SLPS_200.53 |
Tenshi no Present: Marle Oukoku Monogatari (Limited Edition) |
0x0B |
0x20000000 |
SPU2_BEHAVIOR
|
SLPS_200.66 |
Tenshi no Present: Marle Oukoku Monogatari |
0x0B |
0x20000000 |
SPU2_BEHAVIOR
|
SLPS_201.01 |
City Crisis |
0x0A |
0x80BB8 |
CDVD_READ_DELAY
|
SLPS_201.11 |
Magical Sports Pro Baseball 2001 |
0x09 |
0x2B47000A |
DEV5_INT_SPEED
|
SLPS_201.72 |
Koushien: Konpeki no Sora |
0x09 |
0x2B47000A |
DEV5_INT_SPEED
|
SLPS_201.73 |
Hard Hitter 2 |
0x0A |
0x80300 |
CDVD_READ_DELAY
|
SLPS_201.97 |
Surfing Air Show with RatBoy |
0x09 |
0x2B47000A |
DEV5_INT_SPEED
|
SLPS_201.99 |
F1 2002 |
0x0B |
0x20005 |
SPU2_BEHAVIOR
|
SLPS_202.00 |
Final Fantasy XI |
0x02 |
0xB |
DEV9_MASK
|
SLPS_204.04 |
Rakushou! Pachi-Slot Sengen 2 |
0x0A |
0x80300 |
CDVD_READ_DELAY
|
SLPS_204.29 |
Hissatsu Pachi-Slot Evolution: Ninja Hattori-Kun V |
0x08 |
0x1B58 |
CPU_DELAY
|
SLPS_204.55 |
Simple 2000 Series Vol.94: The Aka-Champion - Come on Baby |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SLPS_250.08 |
Sorcerous Stabber Orphen |
0x08 |
0xC1C |
CPU_DELAY
|
SLPS_250.71 |
A Visual Mix: Ayumi Hamasaki Dome Tour 2001 |
0x08 |
0x1450 |
CPU_DELAY
|
SLPS_250.72 |
A Visual Mix: Ayumi Hamasaki Dome Tour 2001 |
0x08 |
0x1450 |
CPU_DELAY
|
SLPS_250.81 |
Saishuu Densha |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPS_251.36 |
Kuon no Kizuna Sairin Mikotonori |
0x0A |
0x805DC |
CDVD_READ_DELAY
|
SLPS_251.42 |
Tiger Woods PGA Tour 2002 |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPS_251.50 |
Only You |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SLPS_252.37 |
Only You |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SLPS_252.75 |
Def Jam: Vendetta |
0x01 |
0x802 |
SIO2_MASK
|
SLPS_252.78 |
Memories Off: Mix |
0x0A |
0x80300 |
CDVD_READ_DELAY
|
SLPS_252.90 |
Time Crisis 3 |
0x01 |
0x800 |
SIO2_MASK
|
SLPS_253.15 |
One Piece: Grand Battle 3 |
0x01 |
0x1800 |
SIO2_MASK
|
SLPS_253.57 |
3-Nen B-Gumi Kinpachi Sensei: Densetsu no Kyoudan ni Tate! |
0x01 |
0x1800 |
SIO2_MASK
|
SLPS_253.79 |
Tokyo Majin Gakuen: Kaihoujyou Kefurokou |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPS_254.06 |
Hitman: Contracts |
0x08 |
0xDAC |
CPU_DELAY
|
SLPS_254.18 |
Ace Combat 5: The Unsung War |
0x0A |
0x500000 |
CDVD_READ_DELAY
|
SLPS_255.10 |
Tekken 5 |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SLPS_255.85 |
Monster Farm 5: Circus Caravan |
0x07 |
5 |
MECHA_RECOGTIME
|
SLPS_255.86 |
Tales of the Abyss |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPS_256.04 |
Ar tonelico Qoga: Knell of Ar Ciel |
0x00 |
0xA000000 |
TITLE_MASK
|
SLPS_256.67 |
Daito Giken Premium Pachi-Slot Collection: Yoshimune |
0x01 |
0x1800 |
SIO2_MASK
|
SLPS_256.98 |
Fatal Fury Battle Archives Volume 2 |
0x00 |
0xA000000 |
TITLE_MASK
|
SLPS_257.08 |
The Familiar of Zero (Limited Edition) |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPS_257.09 |
The Familiar of Zero |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLPS_257.21 |
HimeHibi - Princess Days |
0x0B |
0x8000000 |
SPU2_BEHAVIOR
|
SLPS_257.22 |
Routes PE (Limited Edition) |
0x08 |
0x3E8 |
CPU_DELAY
|
SLPS_257.27 |
Routes PE |
0x08 |
0x3E8 |
CPU_DELAY
|
SLPS_732.49 |
Ar tonelico Qoga: Knell of Ar Ciel (Platinum) |
0x00 |
0xA000000 |
TITLE_MASK
|
SLUS_200.11 |
Orphen: Ocion of Sorcery |
0x08 |
0x1388 |
CPU_DELAY
|
SLUS_200.11 |
Orphen: Ocion of Sorcery |
0x09 |
0x8000010 |
DEV5_INT_SPEED
|
SLUS_200.77 |
Donald Duck: Go'in Quackers |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_202.74 |
City Crisis |
0x0A |
0x80BB8 |
CDVD_READ_DELAY
|
SLUS_203.05 |
Simpsons: Road Rage |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_203.64 |
Tiger Woods PGA Tour 2002 |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLUS_204.13 |
Shadowman 2 |
0x0A |
0x80600 |
CDVD_READ_DELAY
|
SLUS_204.33 |
SWAT: Global Strike Team |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_204.88 |
Star Ocean: Til the end of Time [Disc 1] |
0x08 |
0x1388 |
CPU_DELAY
|
SLUS_205.72 |
Tiger Woods PGA Tour 2003 |
0x0A |
0x803E8 |
CDVD_READ_DELAY
|
SLUS_205.90 |
Spyhunter 2 |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_206.35 |
Muppets Party Cruise |
0x01 |
0x801 |
SIO2_MASK
|
SLUS_206.39 |
Def Jam Vendetta |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_206.86 |
Splashdown: Rides Gone Wild |
0x0A |
0x80400 |
CDVD_READ_DELAY
|
SLUS_208.38 |
All-Star Baseball 2005 |
0x01 |
0x802 |
SIO2_MASK
|
SLUS_208.51 |
Ace Combat 5: The Unsung War |
0x0A |
0x500000 |
CDVD_READ_DELAY
|
SLUS_208.91 |
Star Ocean: Til the end of Time [Disc 2] |
0x08 |
0x1388 |
CPU_DELAY
|
SLUS_209.18 |
Super Monkey Ball: Deluxe |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_210.59 |
Tekken 5 |
0x0B |
0x40000000 |
SPU2_BEHAVIOR
|
SLUS_210.70 |
Final Fantasy XI: Chains of Promathia |
0x02 |
0xB |
DEV9_MASK
|
SLUS_210.89 |
Karaoke Revolution Vol.3 |
0x08 |
0x1388 |
CPU_DELAY
|
SLUS_213.31 |
Sonic Riders |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_213.39 |
Puzzle Challenge |
0x01 |
0x800 |
SIO2_MASK
|
SLUS_214.04 |
Final Fantasy XI: Treasures of Aht Urhgan |
0x02 |
0xB |
DEV9_MASK
|
SLUS_214.52 |
Valkyrie Profile 2: Silmeria |
0x08 |
0x1388 |
CPU_DELAY
|
Folder/File layout
Example: Max Payne Classic
├── config-emu-ps4.txt
├── docs
│ └── revision.h
├── eboot.bin
├── feature_data
│ └── SLES-50326_features.lua
├── formatted.card
├── image
│ └── disc01.iso
├── lua_include
│ ├── ee-cpr0-alias.lua
│ ├── ee-gpr-alias.lua
│ ├── ee-hwaddr.lua
│ ├── language.lua
│ ├── pad-and-key.lua
│ ├── ps2.lua
│ └── utils.lua
├── patches
│ └── SLES-50326_cli.conf
├── PS20220WD20050620.crack
├── ps2-emu-compiler.self
├── sce_companion_httpd
│ └── html
│ ├── BackCover.jpg
│ ├── base
│ │ ├── arrow_up.png
│ │ └── sprites.png
│ ├── css
│ │ ├── default-skin.png
│ │ └── styles.min.css
│ ├── index.html
│ ├── js
│ │ └── app.min.js
│ ├── large
│ │ ├── Box01.jpg
│ │ ├── Box04.jpg
│ │ ├── landscape
│ │ │ ├── Box01.jpg
│ │ │ ├── Box04.jpg
│ │ │ ├── Page01.jpg From 01 to 59
│ │ │ └── Page59.jpg
│ │ ├── Page01.jpg From 01 to 116
│ │ └── Page116.jpg
│ ├── medium
│ │ ├── Box01.jpg
│ │ ├── Box04.jpg
│ │ ├── landscape
│ │ │ ├── Box01.jpg
│ │ │ ├── Box04.jpg
│ │ │ ├── Page01.jpg From 01 to 59
│ │ │ └── Page59.jpg
│ │ ├── Page01.jpg from 01 to 116
│ │ └── Page116.jpg
│ ├── small
│ │ ├── Box01.jpg from 01 to 04
│ │ ├── Box04.jpg
│ │ ├── landscape
│ │ │ ├── Box01.jpg from 01 to 04
│ │ │ ├── Box04.jpg
│ │ │ ├── Page01.jpg From 01 to 59
│ │ │ └── Page59.jpg
│ │ ├── Page01.jpg From 01 to 116
│ │ └── Page116.jpg
│ └── thumbnails
│ ├── BoxThumb01.jpg
│ ├── BoxThumb04.jpg
│ ├── landscape
│ │ ├── BoxThumb01.jpg
│ │ ├── BoxThumb04.jpg
│ │ ├── Thumb01.jpg from 01 to 59
│ │ └── Thumb59.jpg
│ ├── Thumb01.jpg From 01 to 116
│ └── Thumb116.jpg
├── sce_module
│ ├── libc.prx
│ └── libSceFios2.prx
├── sce_sys
│ ├── about
│ │ └── right.sprx
│ └── keystone
└── trophy_data
└── SLES-50326_trophies.lua
LUA include files
Files that the lua requires to be inside of the lua_include folder.
ee-cpr0-alias.lua
cpr = {}
cpr.index = 0
cpr.random = 1
cpr.entrylo0 = 2
cpr.entrylo1 = 3
cpr.context = 4
cpr.pagemask = 5
cpr.wired = 6
cpr.badvaddr = 8
cpr.count = 9
cpr.entryhi = 10
cpr.compare = 11
cpr.status = 12
cpr.cause = 13
cpr.epc = 14
cpr.prid = 15
cpr.config = 16
cpr.badpaddr = 23
cpr.hwbk = 24
cpr.pccr = 25
cpr.taglo = 28
cpr.taghi = 29
cpr.errorepc = 30
return cpr
ee-gpr-alias.lua
-- Recommended method to import this module:
-- local gpr = require("ee-gpr-alias")
--
-- Using the global 'lang' variable is depreciated. This will change to a local-scope variable after
-- the depreciation period has expired in April 2016.
gpr = {}
gpr.zero = 0
gpr.at = 1
gpr.v0 = 2
gpr.v1 = 3
gpr.a0 = 4
gpr.a1 = 5
gpr.a2 = 6
gpr.a3 = 7
gpr.t0 = 8
gpr.t1 = 9
gpr.t2 = 10
gpr.t3 = 11
gpr.t4 = 12
gpr.t5 = 13
gpr.t6 = 14
gpr.t7 = 15
gpr.s0 = 16
gpr.s1 = 17
gpr.s2 = 18
gpr.s3 = 19
gpr.s4 = 20
gpr.s5 = 21
gpr.s6 = 22
gpr.s7 = 23
gpr.t8 = 24
gpr.t9 = 25
gpr.k0 = 26
gpr.k1 = 27
gpr.gp = 28
gpr.sp = 29
gpr.fp = 30
gpr.ra = 31
return gpr
ee-hwaddr.lua
gif_hw = {}
vif0_hw = {}
vif1_hw = {}
gif_hw.CHCR = 0x1000A000
gif_hw.MADR = 0x1000A010
gif_hw.QWC = 0x1000A020
gif_hw.TADR = 0x1000A030
gif_hw.ASR0 = 0x1000A040
gif_hw.ASR1 = 0x1000A050
gif_hw.SADR = 0x1000A080
vif0_hw.CHCR = 0x10008000
vif0_hw.MADR = 0x10008010
vif0_hw.QWC = 0x10008020
vif0_hw.TADR = 0x10008030
vif0_hw.ASR0 = 0x10008040
vif0_hw.ASR1 = 0x10008050
vif0_hw.SADR = 0x10008080
vif1_hw.CHCR = 0x10009000
vif1_hw.MADR = 0x10009010
vif1_hw.QWC = 0x10009020
vif1_hw.TADR = 0x10009030
vif1_hw.ASR0 = 0x10009040
vif1_hw.ASR1 = 0x10009050
vif1_hw.SADR = 0x10009080
return gif_hw, vif0_hw, vif1_hw, nil
language.lua
-- Recommended method to import this module:
-- local lang = require("language")
--
-- Using the global 'lang' variable is depreciated. This will change to a local-scope variable after
-- the depreciation period has expired in April 2016.
lang = {}
lang.japanese = 0
lang.english = 1
lang.french = 2
lang.spanish = 3
lang.german = 4
lang.italian = 5
lang.dutch = 6
lang.portuguese = 7
lang.russian = 8
lang.korean = 9
lang.chinese_traditional = 10
lang.chinese_simplified = 11
lang.finnish = 12
lang.swedish = 13
lang.danish = 14
lang.norwegian = 15
lang.polish = 16
lang.portuguese_brazil = 17
lang.english_gb = 18
lang.turkish = 19
lang.spanish_la = 20
lang.arabic = 21
lang.french_canada = 22
return lang
pad-and-key.lua
pad = {}
-- Left Side
pad.LU = 0x0010 -- Up
pad.LD = 0x0040 -- Down
pad.LL = 0x0080 -- Left
pad.LR = 0x0020 -- Right
-- Right Side
pad.RU = 0x1000 -- Up (Triangle)
pad.RD = 0x4000 -- Down (Cross)
pad.RL = 0x8000 -- Left (Square)
pad.RR = 0x2000 -- Right (Circle)
-- aliases
pad.UP = 0x0010 -- LU
pad.DOWN = 0x0040 -- LD
pad.LEFT = 0x0080 -- LL
pad.RIGHT = 0x0020 -- LR
pad.TRIANGLE= 0x1000
pad.CROSS = 0x4000
pad.SQUARE = 0x8000
pad.CIRCLE = 0x2000
pad.L1 = 0x0400
pad.L2 = 0x0100
pad.L3 = 0x0002
pad.R1 = 0x0800
pad.R2 = 0x0200
pad.R3 = 0x0004
pad.SELECT = 0x0001
pad.START = 0x0008
keyboard = {}
keyboard.ESCAPE = 0x1000
keyboard.SLASH = 0x1001
keyboard.SEPARATOR = 0x1002 -- backslash or pipe (\|)
keyboard.BACKQUOTE = 0x1003
keyboard.PAGEDOWN = 0x1004
keyboard.PAGEUP = 0x1005
keyboard.F1 = 0x1006
keyboard.F2 = 0x1007
keyboard.F3 = 0x1008
keyboard.F4 = 0x1009
keyboard.F5 = 0x100a
keyboard.F6 = 0x100b
keyboard.F7 = 0x100c
keyboard.F8 = 0x100d
keyboard.F9 = 0x100e
keyboard.F10 = 0x100f
keyboard.F11 = 0x1010
keyboard.F12 = 0x1011
ps2.lua
require("ee-gpr-alias")
require("utils")
MipsInsn = {}
MipsInsn.IsAddi = function(insn) return (insn & 0xfc000000) == 0x20000000 end -- addi rt,rs,simm
MipsInsn.IsAddiu = function(insn) return (insn & 0xfc000000) == 0x24000000 end -- addiu rt,rs,simm
MipsInsn.IsBeq = function(insn) return (insn & 0xfc000000) == 0x10000000 end -- beq rs,rt,off
MipsInsn.IsJ = function(insn) return (insn & 0xfc000000) == 0x08000000 end -- j target
MipsInsn.IsJal = function(insn) return (insn & 0xfc000000) == 0x0c000000 end -- jal target
MipsInsn.IsJr = function(insn) return (insn & 0xfc1fffff) == 0x00000008 end -- jr rs
MipsInsn.IsLq = function(insn) return (insn & 0xfc000000) == 0x78000000 end -- lq rt,simm(rs)
MipsInsn.IsLd = function(insn) return (insn & 0xfc000000) == 0xdc000000 end -- ld rt,simm(rs)
MipsInsn.IsLw = function(insn) return (insn & 0xfc000000) == 0x8c000000 end -- lw rt,simm(rs)
MipsInsn.IsSq = function(insn) return (insn & 0xfc000000) == 0x7c000000 end -- sq rt,simm(rs)
MipsInsn.IsSd = function(insn) return (insn & 0xfc000000) == 0xfc000000 end -- sd rt,simm(rs)
MipsInsn.IsSw = function(insn) return (insn & 0xfc000000) == 0xac000000 end -- sw rt,simm(rs)
MipsInsn.IsEnd = function(insn) return (insn & 0xfc00003f) == 0x0000000d end
MipsInsn.GetRt = function(insn) return (insn >> 16) & 0x1f end
MipsInsn.GetRs = function(insn) return (insn >> 21) & 0x1f end
MipsInsn.GetSimm = function(insn) return ((insn << 48) >> 48) end
MipsInsn.GetOff = function(insn) return MipsInsn.GetSimm(insn) end
MipsInsn.GetTarget = function(insn) return insn & 0x3ffffff end
-- return FIFO queue of stack trace
-- the queue item is { caller-addr, return-from }
--
-- example:
-- print("=== stack trace ===")
-- local stack_trace = MipsStackTrace(eeObj, eeObj.GetPc()+4, eeObj.GetGpr(gpr.ra), eeObj.GetGpr(gpr.sp))
-- while not stack_trace:isEmpty() do
-- local caller = stack_trace:dequeue()
-- print( string.format(" 0x%08x [will return from : %x]", caller[1], caller[2]) )
-- end
--
-- NOTE: you must +4 against GetPc() if you in a EE/IOP hook.
-- Because EE/IOP jit executed the instruction at the address already and it might affect $sp or $ra.
--
-- obj : eeObj or iopObj
-- pc : current pc (from GetPC or readout from thread context)
-- ra : current ra (from GetGpr or readout from thread context)
-- sp : current sp (from GetGpr or readout from thread context)
MipsStackTrace = function (obj, pc, ra, sp, depth)
local max_depth = depth or 10 -- max trace depth
local n_j = 1
local jmax = {}
local depth = 0
local bdl_count = 0
local new_pc = 0
local icount = 0
local result = Queue.new()
local pushed_ra = Queue.new()
while depth < max_depth and icount < 2048 do
-- TODO: error checks
if (pc & 3) ~= 0 then
return result
end
pc = pc & 0x01ffffff
sp = sp & 0x01ffffff
local insn = obj.ReadMem32(pc)
-- print(string.format("trace .. pc=%x insn=%x", pc, insn))
-- result:enqueue( { pc, insn } )
if MipsInsn.IsJr(insn) and MipsInsn.GetRs(insn) == gpr.ra then
bdl_count = 1
depth = depth + 1
new_pc = ra
-- print(string.format("jr ra : ra=%x", ra))
icount = 0
-- print(string.format("enqueue caller pc=%x ret addr=%x", new_pc-8, pc))
result:enqueue( {new_pc-8, pc} ) -- {return-addr, where-from}
elseif MipsInsn.IsAddiu(insn) and MipsInsn.GetRt(insn) == gpr.sp and MipsInsn.GetRs(insn) == gpr.sp then
sp = sp + MipsInsn.GetSimm(insn) -- ((insn<<48) >>48)
-- print(string.format("addiu sp,sp,** : new sp = %x", sp))
elseif MipsInsn.IsLq(insn) or MipsInsn.IsLd(insn) or MipsInsn.IsLw(insn) then
if MipsInsn.GetRt(insn) == gpr.ra and MipsInsn.GetRs(insn) == gpr.sp then
-- the code might push $ra on the stack after start pc.
-- in such case, we must not retrieve $ra value from the memory.
if pushed_ra:isEmpty() then
local imm = MipsInsn.GetSimm(insn) -- ((insn<<48) >>48)
-- print(string.format("retrieve ra from stack(%x) : sp=%x imm=%x", sp+imm, sp, imm))
ra = obj.ReadMem32(sp + imm)
-- print(string.format("load ra,%x(sp) : sp = %x+%x, ra = %x", imm, sp, imm, ra))
else
-- print(string.format("retrieve ra from pushed one"))
pushed_ra:dequeue()
end
end
elseif MipsInsn.IsSq(insn) or MipsInsn.IsSd(insn) or MipsInsn.IsSw(insn) then
if MipsInsn.GetRt(insn) == gpr.ra and MipsInsn.GetRs(insn) == gpr.sp then
pushed_ra:enqueue(pc);
end
elseif MipsInsn.IsJ(insn) then -- j **
local imm = MipsInsn.GetTarget(insn)
imm = imm << 2
if pc == imm then
-- jump to self? maybe we can ignore it.
else
new_pc = imm
-- print(string.format("j ** : new_pc = %x", new_pc))
bdl_count = 1
for t=1, n_j do
if jmax[t] == new_pc then
return result -- closed loop
end
end
if n_j > 1024 then
return result -- jump buffer overflow
end
jmax[n_j] = new_pc
n_j = n_j + 1
end
elseif MipsInsn.IsBeq(insn) and MipsInsn.GetRs(insn) == gpr.zero then -- beq zero,**
local offset = MipsInsn.GetOff(insn) -- ((insn<<48) >> 48)
offset = offset << 2
new_pc = pc + 4 + offset
if pc == new_pc then
-- jump to self? maybe we can ignore it
else
-- print(string.format("beq zero,** : new_pc=%x", new_pc))
bdl_count = 1
for t = 1, n_j do
if jmax[t] == new_pc then
return result
end
end
if n_j > 1024 then
return result
end
jmax[n_j] = new_pc
n_j = n_j + 1
end
elseif MipsInsn.IsEnd(insn) then -- end
-- print(string.format("end"))
return result
elseif MipsInsn.IsJal(insn) then -- jal **
local imm = insn & 0x03ffffff
imm = imm << 2
-- print(string.format("jal ** : addr = %x", imm))
-- call
end
icount = icount + 1
pc = pc + 4
-- -- print(string.format("bdl_count=%d", bdl_count))
if bdl_count > 0 then
if bdl_count == 2 then
pc = new_pc
bdl_count = 0
else
bdl_count = bdl_count + 1
end
end
end
return result
end
PS2 = {}
PS2.GetCurrentThread = function(eeObj) return eeObj.ReadMem32(0x12fac) end
PS2.GetThreads = function(eeObj)
local EE_THREAD_BASE = 0x18000
local EE_NUM_THREADS = 0x100
local th = EE_THREAD_BASE
local result = Queue.new()
for t = 0, EE_NUM_THREADS-1 do
-- 0 : node_prev
-- 4 : node_next
-- 8 : status
-- 12: pc
-- 16: sp
-- 20: gp
-- 24: init_pri
-- 26: curr_pri
-- 28: wstat
-- 32: waitId
-- 36: wakeupCount
-- 40: attr
-- 44: option
-- 48: func
-- 52: argc
-- 56: args
-- 60: stack
-- 64: size
-- 68: root
-- 72: endOfHeap
local status = eeObj.ReadMem32(th + 8)
if status ~= 0 then
local id = t
local pri = eeObj.ReadMem16(th + 26)
local gp = eeObj.ReadMem32(th + 20)
local pc = eeObj.ReadMem32(th + 12)
local sp = eeObj.ReadMem32(th + 16)
result:enqueue( {id=id, status=status, pri=pri, gp=gp, pc=pc, sp=sp} )
end
th = th + 76
end
return result
end
utils.lua
-- utility classes/functions
-- Stack
-- ex:
-- my_stack = Stack.new()
-- my_stack:push( val )
-- print( my_stack:pop( val ) )
Stack = {}
function Stack.new()
local obj = { buff = {} }
return setmetatable(obj, {__index = Stack})
end
function Stack:push(x)
table.insert(self.buff, x)
end
function Stack:pop()
return table.remove(self.buff)
end
function Stack:top()
return self.buff[#self.buff]
end
function Stack:isEmpty()
return #self.buff == 0
end
-- Queue
-- ex:
-- my_queue = Queue.new()
-- my_queue:enqueue( val )
-- print( my_queue:dequeue(val) )
Queue = {}
function Queue.new()
local obj = { buff = {} }
return setmetatable(obj, {__index = Queue})
end
function Queue:enqueue(x)
table.insert(self.buff, x)
end
function Queue:dequeue()
return table.remove(self.buff, 1)
end
function Queue:top()
if #self.buff > 0 then
return self.buff[1]
end
end
function Queue:isEmpty()
return #self.buff == 0
end
Links