PS2 Emulation
Description
PlayStation 2 emulation on the PlayStation 4 is handled with little difference to the PlayStation 3. Some issues on PS3's PS2 emulator were left unfixed on the PlayStation 4. Consequently, the PS4 inherited some of PS3's emulation glitches, while introducing new ones. The new issues came as a result of PS4's weakness with emulation, which likely resulted in the trade of accuracy for performance. Each PS2ONPS4 package file (.pkg) includes the emulator itself. The ps4 does not have a native built-in emulator in its firmware, but it does a few PS2 emulator specific features, like the functions sceLncUtilIsPs2Emu, sceShellCoreUtilGetImposeMenuFlagForPs2Emu, sceSystemServiceAddLocalProcessForPs2Emu, and sceSystemServiceShowImposeMenuForPs2Emu. Emulators are programmed to be accurate for the games they were designed to emulate. In turn, this makes accurate emulation challenging, as emulators include per title patches and different default settings. The Playstation 2 hardware is a complex system to emulate; any small change in configuration can make or break a game. Currently the most commonly used emulator is Jakv2 as it is the most compatible one out there. When game crashes are concerned, RECVX is typically used, whereas for VU accuracy it is roguev1. The PS2 BIOS is included in the game's pkg, the same one used on the ps2_netemu. The lack of encryption mechanism for PS2 game disc image file is also important. This time it is a plain ISO file, but the emulator still supports LIMG sector that allows the usage of non-2048 sector size discs. Moreover, memory cards are also decrypted, but the emulator checks the CRC of some of the regions to ensure that the memory card was not modified. This PS2 Emulator also supports LUA scripting by "Lua Bridge", which is a powerful interface that may prove exceptionally handy in fixing games. This is first time that Sony has ever cared about floats in its emulators. Compared to the PS3 CPU, x86-64 is doing a worse job in mimicking FPU and VU floats calculation behavior. This is resolved by clamping, accurate math used per memory offset, and/or converting floats to double precision. The emulator uses openCL for GS, and likely other components as well.
Emulator Configuration
The emulator can be configured through 4 files.
Files
- config-emu-ps4.txt - Stores paths, basic video/audio settings in official packages. But unofficially can be also used for advanced settings for global effect in multi disc .pkg with all commands originally used in cli.conf file.
- XXXX-YYYYY_cli.conf - Stores per disc advanced settings. GS, VU, EE, IOP, FPU, COP2 emulation settings, are here. Also hacks, and hooks.
- XXXX-YYYYY_config.lua - Used for per disc advanced scripts. Patching EE/IOP memory, Conditional hooks.
- disc-swap-cli.conf - Stores info of multi disc games.
Commands
The rest of the CLI and LUA commands can all be found inside of any emulator's Eboot.bin file.
config-emu-ps4.txt commands
Command | Values | Notes | Usage |
---|---|---|---|
Misc | |||
--config-local-lua | --config-local-lua="" | ||
--lopnor-config | 0,1 | Enables limited PS3's PS2 config support | --lopnor-config=1 |
--load-tooling-lua | --load-tooling-lua=0 | ||
--max-console-spam | |||
--path-snaps | dir/folder | Path to savestates folder | --path-snaps="/tmp/snapshots" |
--path-recordings | dir/folder | --path-recordings="/tmp/recordings" | |
--path-memcards | dir/folder | ||
--path-vmc | dir/folder | --path-vmc="/tmp/vmc" | |
--emulog-file | 0, 1 | Creates a log file with information that is rarely useful | --emulog-file=1 |
--path-emulog | dir/folder | Sets the directory of the emulog file. Requires --emulog-file=1 command | --path-emulog="/tmp/recordings" |
--path-manual | dir/folder | ||
--path-patches | dir/folder | Path to patches folder | --path-patches="/app0/patches" |
--path-trophydata | dir/folder | --path-trophydata="/app0/trophy_data" | |
--path-featuredata | dir/folder | Path to folder with XXXX-YYYYY_features.lua file | --path-featuredata="/app0/feature_data" |
--path-postproc | dir/folder | Post-processing (shaders?) | |
--path-toolingscript | dir/folder | --path-toolingscript="/app0/patches" | |
--snapshot-name | |||
--snapshot-datafile | |||
--snapshot-restore | |||
--snapshot-save | frameId(?) | ||
--snapshot-mcd-files | |||
--snapshot-repeat | repeat_count | ||
--snapshot-modulo | |||
--host-keyboard | slot [0-7] | --host-keyboard=4 | |
--host-window-scale | scale/float | --host-window-scale=0.5 | |
--host-window-pos | x,y | ||
--host-display-mode | normal,full,4:3,16:9 | Set display mode | --host-display-mode=full |
--host-graph | fps | Debug option that requires an unleaked debug ps2 bios | --host-graph=fps |
--host-osd | verbose, minimal | --host-osd=0 | |
--host-vsync | 0, 1 | Enable or disable vsync | --host-vsync=1 |
--host-trophy-support | |||
--rtc-epoch | unix_time (seconds since epoch) | --rtc-epoch=1523776362 | |
--framelimiter | 0, 1 | Enable or disable Frame limiting | --framelimiter=1 |
--framelimit-fps | FPS/float | framelimiter | --framelimit-fps=0.8 |
--framelimit-scalar | scalar/float | Scalar must be between 0.1 and 5.0 | --framelimit-scalar=3.2 |
--framelimit-mode | slowest,slower,slow,normal,fast,fastest,turbo | A Standalone framelimiter | --framelimit-mode=fast |
--ps2-lang | system | Sets language. Might seem like a useless command, but a tiny number of games refuse to boot without a selected language. | --ps2-lang=system |
--ps2-title-id | XXXX-YYYYY Example: (SLUS-21515) | Sets title-id for patches. Requires the game's region code as value | --ps2-title-id=SLES-50366 |
--gs-uprender | none, 2x2 | Internal resolution upscaler. | --gs-uprender=2x2 |
--gs-upscale | none, gpu, edgesmooth, motionvec, point, motionvector, smooth, motion | upscaling type | --gs-upscale=EdgeSmooth |
CDVD | |||
--max-disc-num | 1-5 | numbers of discs in package (maximum=5) | --max-disc-num=1 |
--boot-disc-id | 1-5 | sets boot disc for multi-disc pkg | --boot-disc-id=0 |
--switch-disc-reset | 1 = Enables resetting the game upon disc swap, 0 = Disables resetting the game upon disc swap | 0 Can be used to prevent resetting the game when switching multiple discs. Useful for games like Samurai warriors 2 that include an import data feature. Sadly this command isn't supported by many emulators, but jakv2 is confirmed to support it | --switch-disc-reset=1 |
--cdvd-sector-read-cycles | 0.1 = Fastest, 80000 = Slowest | Set DVD reading speed. Higher values are slower, lower values are faster. Kinetica uses 40000, Psychonauts 4000, Red dead revolver 5000, Rise of kasai 31000. Some games require moderate speed, too slow or too fast could cause audio problems. | --cdvd-sector-read-cycles=40000 |
--cdvd-sector-seek-cycles | 0.1 = Fastest, 80000 = Slowest | Set the speed at which the emulated CDVD spins. Higher values are slower,
lower values are faster. Fixes boot-up sometimes. More info here [1]. || --cdvd-sector-seek-cycles=1 | |
--verbose-cdvd-reads | 0, 1 | Might improve disc reading if set to 1 | --verbose-cdvd-reads=0 |
Audio | |||
--host-audio-latency | msec/float | Audio latency must be between 0.010 and 4.0 | --host-audio-latency=1.5 |
--path-audio-images | dir/folder | ||
--record-audio | |||
--record-audio-img | |||
--record-audio-image | |||
--record-audio-ext | |||
--host-audio | 1,0,on,off,mono | --host-audio=1 | |
--mute-audio | all,none,main,bgm | --mute-audio=all | |
--mute-streaming-audio | all,none,main,bgm | --mute-streaming-audio=all | |
Controllers | |||
--ds4-deadzone-adjust | |||
--ds4-diagonal-adjust | |||
--host-pad-loses-focus | --host-pad-loses-focus=1 | ||
--host-gamepads | 0, 1 | --host-gamepads=1 | |
--pad-record | 0, 1 | Enables logging pad info in emulog | |
--pad-analog-to-digital | 0, 1 | Eternel ring emu uses the value 0 | --pad-analog-to-digital=0 |
--mtap1 | Disabled, Always, ByHost | Multitap switch. The values are correct but the multitap only works in certain games. | --mtap1=always |
--mtap2 | Disabled, Always, ByHost | Multitap switch. Some games require multitap to be selected only on second port (1, 2-a, 2-b, 2-c layout). To achieve that, we need to disable the first mtap. In some cases, the emulator can be flawed in how it handles multi-tap when it involves "--mtap2". All functions for 2A, 2B, 2C, 2D must be redirected to ports on multi-tap 1 by using memory patches. | --mtap2=always |
XXXX-YYYYY_cli.conf commands
These commands work in config-emu-ps4.txt, but the official way to use them is through the CLI file (It is also needed for multi-disc packages). Additionally, some commands are still not discovered, and known commands might be missing their values.
All commands are pre-made. Creating new CLI commands is impossible. The values of the commands are also pre-defined by Sony and/or have a set of possible values or ranges. Some CLI commands have no effect, as they were added to the eboot.bin without being programmed. Some useful commands were removed or added in or from different emu revisions, or their effects were changed. In some emulators, CLI configurations can be found in the ram at SceLibcHeap[0]-3-881004000.
EmotionEngine (MIPS-IV)
EE
Commands for the emulated Emotion Engine. These commands may improve performance, prevent crashes, or provide better core sync.
Command | Values | Notes | Usage |
---|---|---|---|
Speedhacks / Desync Fixes | |||
--ee-cycle-scalar | Accelerate EE cycles: (0.99 => 0.1) Decelerate EE cycles: (1.01 => 5.00) |
Can benefit core sync or performance (too much deceleration can cause stuttery fmvs.) The default value for most emulators is ~1.0. It is highly sensitive, as any slight change may break or fix the game. (Possibly divides 100 with the entered value and sets the result as EE's clock speed percentage % .) | --ee-cycle-scalar=1.0 |
--ee-context-switch-cycles | Accelerate cycles (360 => 0) Decelerate cycles (361 => ∞ ) |
Its effects are mysterious, but likely affect COP0. Does not work on Jak emulators. Default value is 360. Seems to be useful for Bee Movie and Metal Gear Solid 3. | --ee-context-switch-cycles=2700? |
--ee-hook | AdvanceClock FastForwardClock Mfifodrain |
Runs the specified feature every time a selected EE offset is reached. FastForwardClock stalls the EE for an unknown, non-changeable number of cycles. Unlike AdvanceClock, it does not compensate the EE for the cycles it missed, making it a tool for permanently wasting cycles. AdvanceClock pauses the EE for an allocated number of cycles, pushing DMA channels and other micro-processors ahead of the EE. After the number of cycles is reached, the inverse occurs, meaning it is temporary. It mostly helps fix core sync issues, but can be used as a speedhack. Mfifodrain is still unknown. For more examples | --ee-hook=0x0025A9F2,AdvanceClock,,500 --ee-hook=0x0019F0AD,FastForwardClock |
Game fixes | |||
--ee-jit-pagefault-threshold | 0-254 | Ignore JIT pagefaults, usually caused by data placed right after code. JIT try to recompile it, and obviously hit some bad opcodes. This command reduces the occurrence of crashes the higher it is. | --ee-jit-pagefault-threshold=40 |
--ee-regalloc-scalar | 0,none,ReadOnly,WriteOnly,RW | Register allocation setting. Setting it to 0 may prevent crashes. | |
--ee-block-validation | PageProt, PageProtection, Hash, Full, none | way of validating that block been modified, and require recompilation. [Some info about PageProt way] | --ee-block-validation=None |
--ee-shorthash-len | inst_count/integer | Length of shorthash in instruction/opcode count. Require --ee-block-validation=Hash | |
--ee-const-folding | None,Gpr,Fpu,All | EE constant folding. "All" seems to be the default option. | --ee-const-folding=none |
--ee-ignore-segfault | none, read, write, readwrite | Ignore segmentation fault. Ignore rw from/to unmapped memory, known in pcsx2 as TLB miss (load.store) | --ee-ignore-segfault=readwrite |
--ee-native-function | memset, memcpy, strlen, strcmp, strcasecmp, litodp, dptoli, floatdidf, fptoui, fptodp, dptofp, fabs, fabsf, ieee754_atan2f, ieee754_asinf, ieee754_acosf, ieee754_sinf, ieee754_cosf, ieee754_sqrtf, asinf, acosf, sinf, cosf, sqrtf. | Hook mips function with HLE x64 native version. Much faster, but tricky to keep correct timings on ps2 VM. | --ee-native-function=memcpy,0x11e328 |
Other | |||
--ee-jit-disasm | 0 or 1 for mips and 2 for x86 | Emotion engine Just in Time disassembler mode (Likely a debug log option) | --ee-jit-disasm=1 |
--ee-ignore-break | 0, 1 | Turns a BREAK instruction into a NOP Instruction. | |
--ee-break-as-nop | 0, 1 | Turns a BREAK instruction into a NOP Instruction. | --ee-break-as-nop=1 |
--ee-jit-opt-debug | 0, 1 | ||
--ee-pc-coherency | 0, 1 | Flush PC register to memory on every mips opcode. Result in more accurate EE PC reg reads. | |
--ee-insn-flush-pc | 0, 1 | Flush PC register to memory on every mips opcode. Result in more accurate EE PC reg reads. | |
--ee-inst-marking | 0,1? | ||
--ee-insn-marking | 0,1? | ||
--ee-kernel-hle | 0, 1 | High-level emulation kernel. Apply HLE patches (used in mast1c0re part 2 Vulnerability 2). Apply EE kernel patches which run previously prepared x64 code instead of recompiling real code part. | |
--ee-injection-kernel | 0, 1 | Just like --ee-kernel-hle, except using a different name. | |
--ee-injection-title | 0, 1 | Apply HLE patches (used in mast1c0re part 2 Vulnerability 2). Apply per title patches which run previously prepared x64 code instead of recompiling real code part. | |
--ee-validate-kernel | 0, 1 | ||
--ee-regalloc-simd | readwrite, writeonly, readonly | register allocation setting | |
--ee-regalloc-preserve-scalar | LoadOnly, LO, StoreOnly, SO, LoadStore, LS | EE JIT Scalar/Int Regalloc Mode | --ee-regalloc-preserve-scalar=LoadStore |
--ee-regalloc-preserve-simd | ReadOnly, RO, WriteOnly WO, RW | EE JIT SIMD/XMM Regalloc Mode | --ee-regalloc-preserve-simd=RW |
--ee-static-block-links | options Type,Type,... [Branch,Branches,JAL,COP2,All] | --ee-static-block-links=JAL,COP2 | |
--vtune-ee | |||
--ee-live32 | 0,1? | ||
--ee-cache-breaks-block | 0,1 | End recompiler block on r5900 cache opcode. | |
--ee-evt-check-full | 0, 1 | Perform more accurate EE event check | |
--ee-peephole | 0, 1? | ||
--ee-load-rewrites | 0,1? | ||
--ee-store-rewrites | 0,1? | ||
--ee-precompile-trace | |||
--ee-penalize-short-blocks | 0, 1 | Add cycles to short recompiled blocks? | |
--ee-mem-check-eob | EE memory check end of block | ||
--ee-insn-callmark | |||
--ee-inline-limit-full | insn_count/integer | ||
--ee-inline-limit-partial | |||
--ee-stlf-cycle-threshold | ? | ? | |
--detect-idle-ee | 0, 1 | --detect-idle-ee=1 |
FPU
The FPU is a fast single-precision unit that typically serves the EE by calculating in-game physics. It mostly controls the accuracy of the movement of in-game objects, or the game's gravity as a whole. In some cases, it is best to use COP2 commands with the FPU's to ensure the accuracy of the game's geometrical calculations.
Command | Values | Notes | Usage |
---|---|---|---|
Game fixes | |||
--fpu-no-clamping | 1 = Extra + preserve sign 0 = Extra |
Changes the clamping behavior of the FPU. Might fix freezing issues, or misplaced characters/items (Inaccuracies with in-game physics) | --fpu-no-clamping=0 |
--fpu-custom-min-max | 0, 1 | Custom Max/Mini logic for denormals. Enabled by default. Disabling it might break some games | --fpu-custom-min-max=0 |
--fpu-accurate-range | start,end offset (0x0 - 0x1FFFFFF) | Accurate Mul/Div/Add/Sub Math instructions for the FPU by using software floats rather than hardware floats. Can be used for full EE/FPU Mathematical accuracy in the specified range. | --fpu-accurate-range=0x1acce0,0x2acce0 |
--fpu-no-clamp-range | start,end offset (0x0 - 0x1FFFFFF) | Per-range clamping for the FPU in the selected memory range. | --fpu-no-clamp-range=0x1acce0,0x2acce0 |
--fpu-accurate-muldiv | 0 = Disabled 1 = Enabled |
Allows the FPU to accurately Divide/Multiply by 0 for all offsets by using software floats rather than hardware floats. (Extremely slow) | --fpu-accurate-muldiv=1 |
--fpu-accurate-addsub | 0 = Disabled 1 = Enabled |
Allows the FPU to accurately Add/Subtract for all offsets by using software floats rather than hardware floats. (Extremely slow) | --fpu-accurate-addsub=1 |
--fpu-accurate-muldiv-range | start,end offset (0x0 - 0x1FFFFFF) | Allows the FPU to accurately Divide/Multiply by 0 in the specified ee memory range by using software floats rather than hardware floats. | --fpu-accurate-muldiv-range=0x1acce0,0x2acce0 |
--fpu-accurate-addsub-range | start,end offset (0x0 - 0x1FFFFFF) | Allows the FPU to accurately Add/Subtract in the specified ee memory range by using software floats rather than hardware floats. | --fpu-accurate-addsub-range=0x1acce0,0x2acce0 |
Speedhacks | |||
--fpu-rsqrt-fast-estimate | 0, 1 | Decreases RSQRT's accuracy. Enabled by default, disabling it helps with achieving full FPU accuracy. | --fpu-rsqrt-fast-estimate=1 |
--fpu-accurate-mul-fast | 0, 1 | Speedhack for FPU muldiv commands. | --fpu-accurate-mul-fast=1 |
Other | |||
--fpu-custom-fused-madd | 0, 1 | Custom FMA (fused multiply-add). Disabled by default. | --fpu-custom-fused-madd=0 |
--fpu-to-double | 0, 1 | Converts floats to doubles (Accurate) | --fpu-to-double=1 |
--fpu-clamp-operands | 0, 1 | Affects the fpu's clamping behavior | --fpu-clamp-operands=1 |
--fpu-clamp-results | 0, 1 | Affects the fpu's clamping behavior | --fpu-clamp-results=1 |
COP2
VU0 Macro-mode. These commands assist the FPU.
Command | Values | Notes | Usage |
---|---|---|---|
Speedhacks | |||
--cop2-opt-flags | 0, 1 ,2 | Optimize flags upon recompilation (1 is safe, 2 update sticky, and mac flag on every status flag update) setting it to 0 can in some cases improve FPU accuracy. More Info | --cop2-opt-flags=1 |
--cop2-opt-vf00 | 0, 1, 2 | Optimization for the vf00 register. | --cop2-opt-vf00=1 |
--cop2-const-prop | 0, 1 | Disables or enables constant propagation. Can Be Used as speedhack for COP2 hungry games when set to 1 More info | --cop2-const-prop=1 |
--cop2-di-bits | 0, 1 | 0 to skip setting invalid, and div by Zero flags in status register, and therefore improve performance. Can be used as a speedhack to skip costly calculations. | --cop2-di-bits=0 |
Game fixes | |||
--cop2-no-clamping | 1 = Extra + preserve sign 0 = Extra |
Changes the clamping behavior of the COP2. The default emulator's behavior is none of the included values and cannot be set by CLI commands. | --cop2-no-clamping=0 |
--cop2-accurate-range | start,end offset (0x0 - 0x1FFFFFF) | Accurate Mul/Div/Add/Sub math instructions for the COP2 by using software floats rather than hardware floats. Can be used for full COP2 mathematical accuracy in the specified range. | --cop2-accurate-range=0x123456,0x134567 |
--cop2-no-clamp-range | start,end offset (0x0 - 0x1FFFFFF) | Per-range clamping for COP2. | --cop2-no-clamp-range=0x123456,0x134567 |
--cop2-accurate-mul-range | start,end offset (0x0 - 0x1FFFFFF) | Accurate multiplication instructions for the COP2 in the specified range by using software floats rather than hardware floats | --cop2-accurate-mul-range=0x123456,0x134567 |
--cop2-accurate-mul | 1 = Enabled 0 = Disabled |
Allows the COP2 to accurately multiply for all offsets by using software floats rather than hardware floats. (Extremely slow) | --cop2-accurate-mul=1 |
--cop2-accurate-addsub | 1 = Enabled 0 = Disabled |
Allows the COP2 to accurately Add/Subtract for all offsets by using software floats rather than hardware floats. (Extremely slow) | --cop2-accurate-addsub=1 |
--cop2-accurate-addsub-range | start,end offset (0x0 - 0x1FFFFFF) | Allows the COP2 to accurately Add/Sub in the specified ee memory range by using software floats rather than hardware floats. | --cop2-accurate-addsub-range=0x123456,0x134567 |
Other | |||
--cop2-regalloc | 0, 1 ? | PCSX2 seems to have this enabled by default. Uknown function, might be a speechack. | |
--cop2-inst-q | 0, 1 | instant Q, no stalling on VWAITQ, or instances of Q. Crashes some games when enabled. | |
--cop2-inst-p | 0, 1 | instant P, no stalling on VWAITP, or instances of P. | |
--cop2-use-rcp | 0, 1 | Enables SSE RCP. Disabled by default | |
--cop2-use-rsqrt | 0, 1 | Enables SSE RSQRT | --cop2-use-rsqrt=0 |
--cop2-clamp-operands | 0, 1 | Affects the COP2's clamping behavior | --cop2-clamp-operands=1 |
--cop2-clamp-results | 0, 1 | Affects the COP2's clamping behavior | --cop2-clamp-results=1 |
Vector Units (VU)
VU
Custom DSPs used to process vertex data, physics calculations, and other related tasks. Settings found here affect VU1, VU0, and COP2. They fix broken or missing geometry, black screens, and crashes.
Command | Values | Notes | Usage |
---|---|---|---|
Graphical fixes | |||
--vu-xgkick-delay | Limit is between (0 => 31) | Delay xgkick instruction execution. PCSX2 uses 6 cycles, PS3 uses 2-8 cycles depending on the game. Can be used to restore missing graphics, with 0 being the most compatible. Useful for games with GIF issues | --vu-xgkick-delay=8 |
--vu-custom-min-max | 0, 1 | Custom Max/Mini logic for denormals. Disabled on pcsx2 by default but enabled by default on a couple of emus such as jakv2. Disabling it could potentially restore missing graphics by speeding up the vector units. | --vu-custom-min-max=0 |
Game fixes | |||
--vu-hack-triace | 0, 1 | A hack designed specifically for games developed by Tri Ace. Corrects the VU's addi calculation. Without it, the result will be one bit off, which is enough to break the game's decryption algo. | --vu-hack-triace=1 |
--vu-branch-hazard | 0, 1 | Disabling it managed to prevent "Batman - Rise of Sin Tzu" from crashing | --vu-branch-hazard=0 |
--vu-evil-branches | 0, 1 | Take in count branch in delay slot, or not. More Info | |
--vu-to-double | 0, 1 | Converts floats to double. Enabling it is the accurate option. | --vu-to-double=1 |
--vu-custom-fused-madd | 0, 1 | Custom FMA (fused multiply-add). Disabled by default | --vu-custom-fused-madd=1 |
Speedhacks | |||
--vu-opt-sf-check | 0, 1 | Updates status flags only on blocks which will read them. Known in pcsx2 as mVU flag hack. Won't work with most emulators, but will work on Arc Twilight of the Spirits™ | --vu-opt-sf-check=1 |
--vu-opt-jr-caching | 0, 1 | Optimize Jump Register caching. (vi15). Won't work with most emulators but will work on Arc Twilight of the Spirits™ | --vu-opt-jr-caching=1 |
Other | |||
--vu-d-bit | 0, 1 | Debug break. Halts the VU and sends an interrupt to the EE. | --vu-d-bit=0 |
--vu-t-bit | 0, 1 | Debug halt. Acts similarly to D-bit | --vu-t-bit=0 |
--vu-inst-mflag | 0, 1 | Instant macflag? | --vu-inst-mflag=1 |
--vu-inst-cflag | 0, 1 | Instant cflag? | --vu-inst-cflag=1 |
--vtune-vu | ? | ? | |
--vu-jit-disasm | 0, 1, 2 | ? | --vu-jit-disasm=1 |
--vu-range-merge | vu_inst_cnt | ? |
VU1
VU1 is the GS’s alternate processing unit. Commands here typically improve performance, prevent crashes, and fix SPS (graphical glitches).
Command | Values | Notes | Usage |
---|---|---|---|
Speedhacks | |||
--vu1-mpg-cycles | 0 - 400000 | Set initial speed for VU1 Micro-programs. 100 is the default value. If VU1 requirements were a bottleneck, increasing it will result in better performance while decreasing it will result in the opposite. Increasing it can be beneficial for MTVU sensitive games. | --vu1-mpg-cycles=1000 |
--vu1-di-bits | 0, 1 | 0 Skips setting invalid, and Divides by zero flags in status register. Can be used as a speedhack as it can skip costly calculations. But at the same time, it can cause issues such as broken geometry. | --vu1-di-bits=0 |
--vu1-const-prop | 0, 1 | Enabled by default. 0 will disable it and cause performance issues.More info | --vu1-const-prop=1 |
--vu1-opt-flags | 0, 1, 2 | Optimize flags upon recompilation (1 is safe, 2 update sticky, and mac flag on every status flag update) More Info | --vu1-opt-flags=0 |
--vu1-opt-vf00 | 0, 1, 2 | Optimization for the vf00 register. | --vu1-opt-vf00=2 |
--vu1-jr-cache-policy | newprog, sameprog, auto, new, same | PCSX2 uses newprog as default setting. Setting it into newprog has been proven to fix some crashes Info | --vu1-jr-cache-policy=newprog |
--vu1-jalr-cache-policy | newprog, sameprog, auto, new, same | PCSX2 uses newprog as default setting. Setting it into newprog has been proven to fix some crashes Info | --vu1-jalr-cache-policy=newprog |
Game fixes / Graphical fixes | |||
--vu1 | jit-sync | Selector between IR/JIT and it modes. Jit-sync works similarly to disabling MTVU. jit, trans, and jit-async are unimplemented functions that do not change anything. | --vu1=jit-sync |
--vu1-no-clamping | 0,1 | Changes the clamping behavior of the VU1. Setting specific to ps4 emulators, unimplemented in pcsx2. The default emulator's behavior cannot be set by CLI commands. | --vu1-no-clamping=0 |
--vu1-clamp-range | vu1 memory offset start,end (0x0 - 0x7FF) | Values must not exceed 0x7FF | |
--vu1-accurate-addsub-range | vu1 memory offset start,end (0x0 - 0x7FF) | Allows the VU1 to accurately add/subtract in the specified ee memory range by using software floats rather than hardware floats. | --vu1-accurate-addsub-range=0x0000,0x0600 |
--vu1-mul0fix-range | vu1 memory offset start,end (0x0 - 0x7FF) | Allows the VU1 to accurately multiply by 0 in the specified ee memory range by using software floats rather than hardware floats. | --vu1-mul0fix-range=0x123,0x123 |
--vu1-injection | 0, 1 | unknown | --vu1-injection=1 |
--vu1-native-patch | 0, 1 | Use native patches from recompiler, not compatible with jak emus. Sony uses it for their official release of Primal | --vu1-native-patch=1 |
Other | |||
--vu1-inst-p | 0, 1 | instant P, no stalling on WAITP, or instances of P | --vu1-inst-p=1 |
--vu1-use-rcp | 0, 1 | Use SSE/AVX RCP. Speedhack. Likely used only in EFU pipeline, due to rare use, its really not worth to enable it. Speed improvement will be marginally/unnoticeable. Disabled by default | |
--vu1-use-rsqrt | 0, 1 | Use SSE/AVX rsqrt instead of doing sqrt and then div. Speedhack, rather safe to use on VU1. | |
--vu1-clamp-operands | 0, 1 | Clamp operands before mathematical operation. | --vu1-clamp-operands=1 |
--vu1-clamp-results | 0, 1 | Clamp result after mathematical operation. | --vu1-clamp-results=1 |
--vu1-inst-q | 0, 1 | instant Q, no stalling on WAITQ, or instances of Q. | --vu1-inst-q=1 |
--assert-path1-ad | 0, 1 | Path 1 is how the GIF takes data from VU1 via XGKICK instruction. It's unknown what this command does but it's related to VU1, and helps prevent crashes in VU1 sensitive games when enabled. | --assert-path1-ad=1 |
VU0
VU0 is the Emotion Engine’s alternate processing unit. It is sometimes referred to as "micro-mode". Commands here prevent crashes, and fix SPS (graphical glitches).
Command | Values | Notes | Usage |
---|---|---|---|
Speedhacks | |||
--vu0-mpg-cycles | 0 - 400000 | Set initial cycle speed for VU0 Micro-programs. 100 is the default value. | --vu0-mpg-cycles=1000 |
--vu0-di-bits | 0, 1 | 0 to skip setting invalid, and Div by zero flags in status register. Can be used as speedhack as it skips costly calculations, but at the same time can cause issues like broken geometry, and weird physics behavior. Depending per game. | --vu0-di-bits=0 |
--vu0-const-prop | 0, 1 | Constant propagation, can Be used as speedhack for VU0 hungry games when set to 1 More info | --vu0-const-prop=1 |
--vu0-opt-vf00 | 0, 1, 2 | Optimization for the vf00 register. | --vu0-opt-vf00=1 |
--vu0-opt-flags | 0, 1, 2 | Optimize flags upon recompilation (1 is safe, 2 update sticky, and mac flag on every status flag update) More Info | --vu0-opt-flags=1 |
--vu0-jr-cache-policy | newprog, sameprog, auto, new, same | PCSX2 use newprog as default setting Info | --vu0-jr-cache-policy=sameprog |
--vu0-jalr-cache-policy | newprog, sameprog, auto, new, same | PCSX2 use newprog as default setting Info | --vu0-jalr-cache-policy=sameprog |
Game fixes | |||
--vu0-clamp-range | start, end offset (0x0 - 0x1FF) | per range clamping for VU0 | --vu0-clamp-range=0x100,0x120 |
--vu0-no-clamping | 0,1 | Changes the clamping behavior of the VU0. Setting specific to ps4 emulators, unimplemented in pcsx2. The default emulator's behavior cannot be set by CLI commands. | --vu0-no-clamping=0 |
--vu0-accurate-addsub-range | offset (0x0 - 0x1FF) | Allows the VU0 to accurately Add/Subtract in the specified ee memory range by using software floats rather than hardware floats. | |
--vu0-mul0fix-range | vu0 memory offset start,end (0x0 - 0x1FF) | Allows the VU0 to accurately Multiply by 0 in the specified ee memory range by using software floats rather than hardware floats | |
Other | |||
--vu0-injection | 0, 1 | Unknown usage. | --vu0-injection=1 |
--vu0-inst-q | 0, 1 | instant Q, no stalling on WAITQ, or instances of Q | --vu0-inst-q=1 |
--vu0-inst-p | 0, 1 | instant P, no stalling on WAITP, or instances of P | --vu0-inst-p=1 |
--vu0-use-rcp | 0, 1 | Use SSE/AVX RCP. Speedhack. Not sure why it is even available for VU0. Disabled by default | --vu0-use-rcp=1 |
--vu0-use-rsqrt | 0, 1 | Use SSE/AVX rsqrt instead of doing sqrt and then div. Speedhack, rather unsafe to use on VU0. | --vu0-use-rsqrt=1 |
--vu0-clamp-operands | 0, 1 | Clamp operands before mathematical operation. | --vu0-clamp-operands=1 |
--vu0-clamp-results | 0, 1 | Clamp result after mathematical operation. | --vu0-clamp-results=1 |
DMA Channels
VIF
The VIF decompresses vector data, uploads microprograms to the VUs, and sends graphical data to the GIF. Its commands are often used to fix freezing.
Command | Values | Notes | Usage |
---|---|---|---|
VIF | Game fixes | ||
--vif-ignore-invalid-cmd | 0, 1 | Ignore invalid vif commands. In some cases, setting it to 1 can fix games that freeze while showing the same frame. | --vif-ignore-invalid-cmd=1 |
--vif-thread-chunk-size | 0, 1024 | Slows down both VIFS the lower it is, and speeds them up the higher it is. 1024 is the limit, with 112 being the default value. | --vif-thread-chunk-size=100 |
--detect-idle-vif | 0, 1 | Enabled by default. Unknown function | --detect-idle-vif=0 |
VIF1 | Game fixes | ||
--vif1-ignore-cmd-ints | 0, 1 | Set to 1 to ignore command interrupt bit. (info , explanation of int bit is right before command list). Can in some cases fix games that freeze while showing the same frame if set to 1. Games likes "Men in Black II - Alien Escape" and "Test Drive Unlimited" Will always need it. | --vif1-ignore-cmd-ints=1 |
--vif1-instant-xfer | 1 = Instant VIF1 0 = Delayed VIF1 |
Changes VIF1 timing. 0 slows its timing and is the compatible option for most games, while 1 speeds up its timing, and being more compatible with a small fraction of games. It can be used to fix graphical glitches or potentially prevent games from freezing. | --vif1-instant-xfer=0 |
SIF
The SIF is how the EE and IOP communicate with each other. SIF has some mailbox hardware registers that the CPUs can use to pass values to each other, which happens during SIF initialization. However, once both sides have booted, they use the SIF0 (IOP->EE) and SIF1 (EE->IOP) DMA channels to communicate. Despite common belief, these commands have no effect on performance, and are rarely ever useful.
Command | Values | Notes | Usage |
---|---|---|---|
SIF1 (IOP) | |||
--iop-sif1-cycle-scalar | Accelerate SIF cycles: (0.99 => 0.1) Decelerate SIF cycles: (1.1 => ∞ ) |
Controls the speed at which the IOP receives from the EE | --iop-sif1-cycle-scalar=0.1 |
--ee-sif1-cycle-scalar | Accelerate SIF cycles: (0.99 => 0.1) Decelerate SIF cycles: (1.1 => ∞ ) |
Controls the speed at which the EE sends to the IOP | --ee-sif1-cycle-scalar=0.1 |
SIF0 (EE) | |||
--iop-sif0-cycle-scalar | Accelerate SIF cycles: (0.99 => 0.1) Decelerate SIF cycles: (1.1 => ∞ ) |
Controls the speed at which the IOP sends to the EE | --iop-sif0-cycle-scalar=0.1 |
--ee-sif0-cycle-scalar | Accelerate SIF cycles: (0.99 => 0.1) Decelerate SIF cycles: (1.1 => ∞ ) |
Controls the speed at which the EE receives from the IOP | --ee-sif0-cycle-scalar=0.1 |
GS
"GS" stands for Graphics Synthesizer. It's the PlayStation®2's co-processor that's responsible for rendering the graphics (but is also used by some games for additional calculations and other purposes)
Command | Values | Notes | Usage |
---|---|---|---|
Speedhacks | |||
--gs-optimize-30fps | 0, 1 | Speedhack for GS hungry games. | --gs-optimize-30fps=1 |
--gs-adaptive-frameskip | 0, 1 | Speedhack. Skips frames when the gs demands more resources than there are available. doesn't work on all emulators. It does however, work on jak emulators | --gs-adaptive-frameskip=1 |
--gs-h2l-list-opt | 0, 1 | Setting it to 1 improves GS performance | --gs-h2l-list-opt=1 |
GS features | |||
--gs-use-mipmap | 0, 1 | Enables mipmapping support. Can be used to fix graphics. | --gs-use-mipmap=1 |
--gs-use-deferred-l2h | 0, 1 | Delay option for L2H (local to host, GS to EE). | --gs-use-deferred-l2h=1 |
--gs-use-clut-merge | 0, 1 | Color lookup table(?). It could possibly solve graphical issues or improve the quality of the colors. | --gs-use-clut-merge=1 |
--gs-flush-ad-xyz | always, safe, safeZwrite, off, 0 | Force a primitive flush when a framebuffer is also an input texture. This fixes some processing effects, but it can sometimes be heavy on the GS in terms of performance. GTA: SA, and Jak 3 use this command. | --gs-flush-ad-xyz=safe |
Gs settings / Behaviour | |||
--gs-uprender | none,2x2 | Internal resolution upscaler. | --gs-uprender=2x2 |
--gs-upscale | none, gpu, edgesmooth, smooth, motion, motionvec, motionvector, point | Upscaling type Selector | --gs-upscale=EdgeSmooth |
--gs-kernel-cl-up | "DarkCloud2" "fantavision" "h2lpool2x2", "OptRightTri", "clutmerge2x2", "mipmap2x2", "up2x2simple", "up2x2skipinterp", "up2x2tc", "up2x2", default | Kernel Variant Color lookup Upscaler (?), mipmap and clutmerge and h2l need to be enabled before their options become usable | --gs-kernel-cl-up="clutmerge2x2" |
--gs-override-small-tri-area | 0, 1 | Small triangle rejection. Could potentially restore missing text in some games. | --gs-override-small-tri-area=1 |
--gs-dirty-page-policy | 0, 1 | --gs-dirty-page-policy=1 | |
--gs-ignore-dirty-page-border | 0, 1 | ? | --gs-ignore-dirty-page-border=1 |
--gs-ignore-rect-correction | 0, 1 | Setting it to 1 is known to fix graphical glitches in far distances | --gs-ignore-rect-correction=1 |
--gs-opt-frbuff-switch | 0, 1 | --gs-opt-frbuff-switch=0 | |
--gs-kernel-cl | h2lpool, clutmerge, mipmap, DarkCloud2, fantavision, Mipmap and clutmerge and h2l need to be enabled before their options become usable | Kernel Variant Color lookup(?). Options included here can be upscaling if --gs-kernel-cl-up were to be used along with it | --gs-kernel-cl="clutmerge" |
--force-frame-blend | 0, 1 | Enables blend (Deinterlacing?). Should be used to fix games with shaking screens. | --force-frame-blend=1 |
--force-pal-60hz | 0, 1 | Enables 60hz PAL mode. | --force-pal-60hz=1 |
--gs-progressive | 0, 1 | Enables progressive scan. Can fix graphical glitches/double screen issues. | |
--gs-vert-precision | 8, 16 | 3D rendering vertex precision. The emu expects the values of 8 or 16, any other values are not permitted. | --gs-vert-precision=8 |
--gs-force-bilinear | 0, 1 | Forces bilinear filtering, can fix ghosting problems in some cases. Not recommended for games that use 2D images, as it could possibly break games that rely on nearest filtering. | --gs-force-bilinear=1 |
--gs-skip-dirty-flush-on-mipmap | 0, 1 | Skip flushing textures marked as dirty from cache when enabled. It does, however, require mipmap to be enabled first. | --gs-skip-dirty-flush-on-mipmap=1 |
--gs-packed15-fmv-opt | 0, 1 | --gs-packed15-fmv-opt=1 | |
--gs-fieldswap-delay | 0, 254 | Wait longer than usual to change field. Reduces sharpness. (Trilinear filtering??) | |
--gs-uv-shift-pointsampling | 0, 1 | Can be used on games like manhunt that have issues with UV light rendering | --gs-uv-shift-pointsampling=1 |
--gs-render-tile-threshold | 0, 3000000 | --gs-render-tile-threshold=300000 | |
--threaded-gs | 0, 1 | Multi-threaded-gs ? | --threaded-gs=1 |
--gs-aspect-ratio | aspect/float (default=0.81) | --gs-aspect-ratio=0.65 | |
--gs-frontend-opt-mode | 0, 1, 2 | ? | --gs-frontend-opt-mode=1 |
--gs-motion-factor | 25, 50 | --gs-motion-factor=25 | |
--gs-scanout-delay | 0, 200 | --gs-scanout-delay=200 | |
--gs-check-trans-rejection | 0, 1 | Check transfer rejection ? | --gs-check-trans-rejection=1 |
--gs-check-trans-rejection68 | 0, 1 | --gs-check-trans-rejection68=1 | |
--l2h-2d-params | TRXREG,BITBLTBUF,height | --l2h-2d-params=0x0000000800000001,0x000000003a0a2300,512,2 | |
--gs-h2l-accurate-hash | 0, 1 | --gs-h2l-accurate-hash=1 | |
Aspect ratio | |||
--gs-scanout-offsetx | relative offset/ignored | A zoom in setting in the x direction | --gs-scanout-offsetx=27 |
--gs-scanout-offsety | relative offset/ignored | A zoom in setting in the y direction | --gs-scanout-offsety=27 |
--safe-area-min | area/float (range 0.9 to 1.0) any other values outside of that range will be rejected by the emulator | An overscan setting | --safe-area-min=0.9 |
Other | |||
--framelimit-mode | slowest,slower,slow,normal,fast,fastest,turbo | Standalone Framelimiter | --framelimit-mode=fast |
--gs-hdr-support | 0, 1? | ? |
IOP
The emulated I/O Processor (IOP) settings. Commands here are rarely useful, as very few games will require them. The IOP controls the emulated DEV9, SPU2, USB, Memory cards, CDVD, Firewire, along with other input/output devices
Command | Values | Notes | Usage |
---|---|---|---|
Game fixes | |||
--iop-cycle-scalar | Accelerate IOP cycles: (0.99 => 0.1) Decelerate IOP cycles: (1.1 => 5.0) |
Not a performance speedhack. It impacts the speed of loading times and input latency. The default value for most emulators is ~1.0. | --iop-cycle-scalar=1.0 |
--iop-const-folding | None,Gpr,All | IOP constant folding More info | --iop-const-folding=All |
--iop-tight-slice-count | 0, 2000 | Seems to slow down the iop the higher the value, Can be used in games such as the godfather or gran turismo 4 to solve stuttering fmvs due to very fast iop cycles | --iop-tight-slice-count=12 |
--iop-hook | AdvanceClock, FastForwardClock | IOP native hook, Sony uses it on their official release of Red dead revolver | --iop-hook=0x0086ac,FastForwardClock |
--iop-block-validation | IsC, ShortHash, Hash | Way of validating that block been modified, and require recompilation. Other Possible values include PageProt, None, PageProtection | --iop-block-validation=IsC |
Other | |||
--iop-validate-kernel | 0, 1 | ||
--iop-shorthash-len | inst_count/integer | Length of shorthash in instruction/opcode count. Require --iop-block-validation=ShortHash | |
--iop-pc-coherency | 0, 1 | ||
--iop-inst-marking | 0, 1? | ||
--detect-idle-iop | 0, 1 | Enabled by default. | --detect-idle-iop=0 |
--iop-jit-disasm | |||
--iop-evt-check-full | 0, 1 ? |
Misc
Command | Values | Notes | Usage |
---|---|---|---|
--idec-cycles-per-qwc | int/multiplier | Multiply how many cycles IDEC command take per whole currently worked on QWC. | --idec-cycles-per-qwc=768 |
--mfifo-manual-drain | 0.1/5.0 | A command for changing the functionality of --ee-hook=0x0,Mfifodrain | --mfifo-manual-drain=0.30 |
--mfifo-chunk-drain-cycles | 1/400000 | A command for changing the functionality of --ee-hook=0x0,Mfifodrain | --mfifo-chunk-drain-cycles=210000 |
--pcr0-delta-hack | 0.1 , 400000.0 | Modify delta of pcr0 when reading it from MFC0. Some games rely on good performance counters accuracy (Spyro ANB cutscenes), and since emulator don't implement most events, hack it is. | --pcr0-delta-hack=1.0 |
--jitproc-use-aslr | Disables compiler process ASLR, useful for easier debugging, as the compiler process will be always on fixed address. Theoretically useful for mast1c0re, but to change it you need to be already in... | --jitproc-use-aslr=0 | |
--detect-idle-intc | 0, 1 | Enabled by default, 0 disables it | --detect-idle-intc=0 |
--detect-idle-chcr | 0, 1 | Enabled by default, 0 disables it | --detect-idle-chcr=0 |
--rom | location of the bios that's inside of the fpkg | Could allow to use custom bios, though still not working | --rom="PS20220WD20050620.crack" or --rom="/roms/PS20220WD20050620.crack" |
--cop2 | jit, trans | ? | |
--vu0 | jit, trans | ? | |
--r30 | jit, trans | ? |
PCSX2's gameindex
PCSX2's commands on the PS4
PCSX2 | PS4 | Notes |
---|---|---|
XGKickHack | --vu-xgkick-delay=0 | Limit is between
(0 => 31) |
VuAddSubHack | --vu-hack-triace=1 | Required for every single game developed by TriAce |
vuClampMode: 2 | --vu1-no-clamping=0 --vu0-no-clamping=0 |
|
vuClampMode: 3 | --vu1-no-clamping=1 --vu0-no-clamping=1 |
|
vu0ClampMode: 2 | --vu0-no-clamping=0 | |
vu0ClampMode: 3 | --vu0-no-clamping=1 | |
vu1ClampMode: 2 | --vu1-no-clamping=0 | |
vu1ClampMode: 3 | --vu1-no-clamping=1 | |
eeClampMode: 2 | --fpu-no-clamping=0 --cop2-no-clamping=0 |
|
eeClampMode: 3 | --fpu-no-clamping=1 --cop2-no-clamping=1 |
|
eeCycleRate: | --ee-cycle-scalar= | "Potential" equivalent values: PCSX2 - PS4: 300% --> 0.33 180% --> 0.55 130% -->0.77 100% --> 1.0 75% --> 1.33 60% --> 1.66 50% --> 2 |
FpuNegDivHack FpuMulHack |
--fpu-accurate-muldiv=1 | |
cpuCLUTRender: 1 | --gs-uv-shift-pointsampling=1 | |
MTVUSpeedHack: 0 | --vu1=jit-sync | Some games will also require --vu1-mpg-cycles= to be between "6000 - 19000" |
mergeSprite alignSprite |
--gs-kernel-cl-up="up2x2simple" | Note: works similarly but not the equivalent |
cpuSpriteRenderBW: 4 | --gs-opt-frbuff-switch=1 | Note: works similarly but not the equivalent |
mipmap | --gs-use-mipmap=1 | |
autoFlush | --gs-flush-ad-xyz=safe | Possible values include always, safe, off, 0 |
VIF1StallHack | --vif1-instant-xfer=0 | If that doesn't work, the lua command eeObj.SchedulerDelayEvent("vif1.dma", 0x9000) might assist. |
wildArmsHack | --gs-kernel-cl-up="DarkCloud2" | |
deinterlace | --force-frame-blend=1 |
Emulators
Every emulator is programmed differently. Sometimes choosing the right emulator is the only way to fix a game. Emulators are not provided pre-installed on the ps4, they have to be unpacked from an official Sony made PS2CLASSICS pkg. This list includes the typical usage of those emulators.
Emulator name | Typical usage - Info | API Version | Similar emulators |
---|---|---|---|
2018 | |||
The King of Fighters '98: Ultimate Match | The only known emulator where Mojin-ribbon is playable. Commonly known as "KOF98" | 2.0 | |
2017 | |||
Jak and Daxter: The Precursor Legacy | Good compatibility with most ps2 games. It has a very high api version which means more LUA commands are supported. In addition, Jak emus are one of the few emus that can use the --gs-adaptive-frameskip=1 command. It is often referred to as "Jak v2" | 2.2 | JakX, Jak 2, Jak 3, |
Art of Fighting Anthology | Similar to RECVX. It was successful in fixing "Coraline." Sometimes called "AOFA" | 2.0 | |
Resident Evil – Code: Veronica | Fixes games like Jackie chan Adventures, SpongeBob SquarePants: Creature From the Krust Krab, Pac-man World 3, Yu-Gi-Oh: Capsule monsters, SpongeBob's Atlantis SquarePantis freezing at a black/splash screen. Additionally, it fixes many games requiring OPL's mode 2. Often referred to as "RECVX" | 1.7 | Fatal Fury, Redfaction, AOFA. |
Fatal Fury Battle Archives: Volume 2 | The emulator with the closest VU0-EE sync on the PS4; setting eecyclescalar to 5 on this emulator will enable some VU0 sync demanding games to run on the PS4. | ||
2016 | |||
Redfaction | It is prominently used to fix games that are VU1 sensitive. It was used to fix Tony Hawk games suddenly crashing, and to fix MTVU sensitive games such as Star Wars Battlefront II. | 1.6 | Max payne |
Forbidden Siren | The only emulator that was able fix Ice age 2 being stuck at splash screen by using it in conjunction with patches. It also fixed Gran turismo 4 running EXTREMELY slow. | 0.1 | |
King of Fighters 2000 | Seemingly the emulator with closest VU0-EE sync on the PS4. Fixes graphical issues and sps in games such as Crash Twinsanity, Rayman 3, Crazy Frog Racer, and prevents Koei tecmo games from suddenly freezing when battle starts. Likely the only emulator where Batman Begins does not crash. Often referred to as "KOF2000" | 1.2 | Roguev1, KOF98, Okage |
Destroy All Humans! | Fixed Tenchu: Fatal Shadows crashing. | 0.1 | |
Destroy All Humans! 2 | 0.7 | ||
Rise of the Kasai | Fixed most of the Harry potter games. Often referred to as "rotk" | 0.2 | |
2015 | |||
War of the monsters v1 | The emulator that's used in PS2CLASSICSGUI, and the best one around for GS/GIF accuracy. | 0.1 | Rogue v1 and v2, Arc the Lad, Star Wars Jedi Starfighter |
GTA 3 | Fixed the pal version of Genji: Dawn of the Samurai | 0.6 | |
Parappa 2 | The only emulator that was able to boot Spyro: A Hero's Tail | 0.1 | |
Star Wars Racer Revenge | Seems to be the most similar emulator to the ps3. Useful for debugging games as it also shows useful information such as pagefault | 0.4 |
XXXX-YYYYY_config.lua
It is the most powerful configuration on the emulator, it allows for direct patching of EE/IOP/VU memory, hooks registers, hook dma. Almost Everything can be done here.
If needed it can hook registers by using register names from alias files. Alias files (ee-cpr0-alias.lua, ee-gpr-alias.lua, ee-hwaddr.lua) are stored in lua_include folder, and can be included to config by using require ( "alias file name" ).
Examples
Known functions:
Require cleanup.
ApiRequest
The most important part of the lua. The lua will crash the game if it were used without it.
Command | Usage | Notes |
---|---|---|
apiRequest | apiRequest(0.1) | apiRequest(<api version>)
Different emu versions support different highest api. Calling api is mandatory. some commands require higher version. Highest known version is 2.3 api from JAK 2,3,X game emulator. |
(Emulator) EmuObject
Commands for the emulator
Command | Usage | Notes |
---|---|---|
Object calling class | ||
getEmuObject | local emuObj = getEmuObject() | Required for all functions using emuObj, that include: LoadConfig SaveConfig GetPad AddVsyncHook RemoveVsyncHook AddEntryPointHook RemoveEntryPointHook AddLoginHook RemoveLoginHook AddLogoutHook RemoveLogoutHook CheckEntitlement AddImageHook AddGifTagHook SwapMemCard SetFormattedCard OpenDiscTray CloseDiscTray SwitchDisc EnableImposeMenu GetDiscId GetDiscTitleId AddSectorReadHook AddMCWriteHook ShowDiscSwitchInfo GetPs4SystemLang SetPs2Lang ThrottleNorm ThrottleFast ThrottleMax AddAssertionHook SetGsTitleFix SetDeinterlace SetDisplayAspectWide SetDisplayAspectNormal ForceRefreshRate LoadFsShader SetDisplaySafeArea PadSetLightBar AddPadHook PadPressureStickRemap SetVolumes GetVolumes SetAudioRoute GetAudioRoute AddSnapshotLoadedHook RemoveSnapshotLoadedHook IsNeoMode IsToolingVerbose emuMediaPatch |
Hooks | ||
AddVsyncHook | emuObj.AddVsyncHook(<task to be done every vsync>) | emuObj.AddVsyncHook(my_function)
my_function can be anything, from simple patches, to extensive hook. Example usage can be found in SLUS-21550 features file. some games are not compatible with it and will crash upon startup. |
RemoveVsyncHook | emuObj.RemoveVsyncHook(<previously added task to be removed>) | emuObj.RemoveVsyncHook(my_function) |
AddEntryPointHook | emuObj.AddEntryPointHook(<task>) | Task to be done at ps2 game main elf entry point (right where game is loaded). |
RemoveEntryPointHook | ||
AddLoginHook | ||
RemoveLoginHook | ||
AddLogoutHook | ||
RemoveLogoutHook | ||
AddImageHook | ||
AddGifTagHook | ||
AddSectorReadHook | emuObj.AddSectorReadHook(<sector, unk, task>) | Hook to do task when disc image sector is read. Not all values are known (ex. emuObj.AddSectorReadHook(776480, 32, <task/function>) ) |
AddMCWriteHook | emuObj.AddMCWriteHook() | |
AddAssertionHook | emuObj.AddAssertionHook() | |
AddSnapshotLoadedHook | ||
RemoveSnapshotLoadedHook | ||
AddPadHook | emuObj.AddPadHook() | |
Audio | ||
SetVolumes | emuObj.SetVolumes('global', 'main', 'bgm') | Set volume, usually setting global is enough. Example: emuObj.SetVolumes(0.31, 1.0, 1.0) values, in floats 1.0 = 100% |
GetVolumes | emuObj.GetVolumes() | Return current volume levels for ('global', 'main', 'bgm') in floating point values. |
SetAudioRoute | ||
GetAudioRoute | ||
Game loading speed | ||
ThrottleNorm | emuObj.ThrottleNorm() | Enable default framelimiter (50/60 fps depend on region). |
ThrottleFast | emuObj.ThrottleFast() | Faster than default, but exact value is unknown. |
ThrottleMax | emuObj.ThrottleMax() | Disable framelimiter during loading screens. |
CDVD | ||
OpenDiscTray | ||
CloseDiscTray | ||
SwitchDisc | emuObj.SwitchDisc(<disc ID>) | ID can be provided as is, or for example read from memory or register when needed. |
GetDiscId | emuObj.GetDiscId() | Return DiscId in XXXX_YYY.ZZ format |
GetDiscTitleId | ||
ShowDiscSwitchInfo | emuObj.ShowDiscSwitchInfo() | |
Other | ||
EnableImposeMenu | emuObj.EnableImposeMenu(<true/false>) | EnableImposeMenu(false) |
LoadConfig | emuObj.LoadConfig( 0 or 1 ) | emuObj.LoadConfig(0) |
SaveConfig | emuObj.LoadConfig( 0 or 1 ) | emuObj.LoadConfig(0) |
GetPad | emuObj.GetPad(<gamepad button by bits>) | example usage for reading input:
local CheckInputs = function() local pad_bits = emuObj.GetPad() local UP = pad_bits & 0x0010 local DOWN = pad_bits & 0x0040 local LEFT = pad_bits & 0x0080 local RIGHT = pad_bits & 0x0020 local Triangle = pad_bits & 0x1000 local Cross = pad_bits & 0x4000 local Square = pad_bits & 0x8000 local Circle = pad_bits & 0x2000 local L1 = pad_bits & 0x0400 local L2 = pad_bits & 0x0100 local L3 = pad_bits & 0x0002 local R1 = pad_bits & 0x0800 local R2 = pad_bits & 0x0200 local R3 = pad_bits & 0x0004 local Select = pad_bits & 0x0001 local Start = pad_bits & 0x0008 if (L2 ~= 0) then <here function that should be done when L2 is pushed> end end emuObj.AddVsyncHook(CheckInputs) <to trigger check at every vsync> |
SwapMemCard | ||
SetFormattedCard | emuObj.SetFormattedCard(<"file name">) | emuObj.SetFormattedCard("custom_formatted.card")
Allow to use custom memory card. |
GetPs4SystemLang | emuObj.GetPs4SystemLang() | Return PS4 system language (in unknown format). |
SetPs2Lang | emuObj.SetPs2Lang(<Lang ID>) | Set emulated PS2 language, correct Lang IDs are 0-18. In some cases, games will hang on a black screen with some other language settings (eg Japanese) - Example for usage: emuObj.SetPs2Lang(1)
0 - japanese 1 - english 2 - french 3 - spanish 4 - german 5 - italian 6 - dutch 7 - portuguese 8 - russian 9 - korean 10 - traditonal-chinese 11 - simplified-chinese 12 - finnish 13 - swedish 14 - danish 15 - norwegian 16 - polish 17 - portuguese-brazil 18 - english-uk |
PadSetLightBar | emuObj.PadSetLightBar(<port, red, green, blue>) | Set DS4 light bar color. The correct port values are 0-3, correct light values are 0-255. |
PadPressureStickRemap | emuObj.PadPressureStickRemap() | |
IsNeoMode | emuObj.IsNeoMode() | Check that PS4 run in NEO (PRO) mode. Return 1/0 |
IsToolingVerbose | ||
CheckEntitlement | ||
emuMediaPatch | emuMediaPatch(disc sector, 12/24 + offset, { original data }, { replace data }) | Replace 4 bytes from loaded iso file. For unknown reason we always need to add 12 to real offset for DVD game, and 24 for CD game. |
GS related | ||
CountFrameOnPS2 | emuObj.CountFrameOnPS2() | updates FRAPS/Actual FPS reading in olympus |
SetGsTitleFix | emuObj.SetGsTitleFix() | More info |
SetDisplayAspectWide | emuObj.SetDisplayAspectWide() | Force display area to 16:9 (If game not support widescreen, it will be stretched). |
SetDisplayAspectNormal | emuObj.SetDisplayAspectNormal() | Force display area to 4:3. |
ForceRefreshRate | emuObj.ForceRefreshRate(<hz>) | emuObj.ForceRefreshRate(50) correct values are 0, 50, 60 where 0 = default. |
LoadFsShader | emuObj.LoadFsShader(<slot?>, "<path>") | Shaders must be loaded right after GS has been initialized. Example: Global_InitGpuResources = function() emuObj.LoadFsShader(1, "./shader.sb") end That only load Fragment Shader to program memory, to use it we need BindFragmentShader, and if depend on shader SetShaderParams. |
SetDisplaySafeArea |
(EE) EEObject
Commands for the emulated Emotion Engine
Command | Usage | Notes |
---|---|---|
Object calling class | ||
getEEObject | local eeObj = getEEObject() | Required for all functions using eeObj |
Memory editing | ||
ReplaceMem64 | eeObj.ReplaceMem64(<address>, <value>) | |
ReplaceMem32 | eeObj.ReplaceMem32(<address>, <value>) | Permanently replace an offset without needing addvsynchook? |
ReplaceMem16 | eeObj.ReplaceMem16(<address>, <value>) | |
ReplaceMem8 | eeObj.ReplaceMem8(<address>, <value>) | |
ReadMemFloat | eeObj.ReadMemFloat(<address>) | eeObj.ReadMemFloat(0x258c3c) |
WriteMemFloat | eeObj.WriteMemFloat(<address>, <value>) | eeObj.WriteMemFloat(0x365364, 1.3333333) |
ReadMem128 | eeObj.ReadMem128(<ee memory offset>) |
Read 16 bytes from offset, examples: eeObj.ReadMem128(0x100198) |
ReadMemFloat128 | eeObj.ReadMemFloat128(<ee memory offset>) |
return 16 bytes from offset in float form |
WriteMem128 | ||
WriteMemFloat128 | ||
ReadMem64 | eeObj.ReadMem64(<ee memory offset>) |
Read 8 bytes from offset, examples: eeObj.ReadMem64(0x100198) |
WriteMem64 | eeObj.WriteMem64(<ee memory offset>, <data>) |
|
ReadMem32 | eeObj.ReadMem32(<ee memory offset>) |
Read 4 bytes from offset, examples: eeObj.ReadMem32(0x100198)
eeObj.ReadMem32(gp - 31348) |
WriteMem32 | eeObj.WriteMem32(<ee memory offset>, <data>) |
Write 4 bytes to offset, example: eeObj.WriteMem32(0x2c89ac, 0x001b70f0) |
ReadMem16 | eeObj.ReadMem16(<ee memory offset>) |
Read 2 bytes from offset, example: eeObj.ReadMem16(0x100198) |
WriteMem16 | eeObj.WriteMem16(<ee memory offset>, <data>) |
Write 2 bytes to offset, example: eeObj.WriteMem16(0x2c89ac, 0x70f0) |
ReadMem8 | eeObj.ReadMem8(<ee memory offset>) |
Read 1 byte from offset, example: eeObj.ReadMem8(0x100198) |
WriteMem8 | eeObj.WriteMem8(<ee memory offset>, <data>) |
Write 1 byte to offset, example: eeObj.WriteMem8(0x2c89ac, 0xf0) |
ReadMemStr | eeObj.ReadMemStr(address/register) | Read string from address until null terminator |
WriteMemStr | eeObj.WriteMemStr(address, string) | |
WriteMemStrZ | eeObj.WriteMemStrZ(string pointer, string) . Pointer can be read from GPR | |
GPR require (Necessary for register related commands) | ||
local gpr = require( "ee-gpr-alias" ) | ||
GetGpr64 | eeObj.GetGPR64(<gpr register>) | example: eeObj.GetGPR64(t3) |
SetGpr64 | ||
GetGprFloat | Get gpr value as float value | |
SetGprFloat | Set gpr value as float value | |
GetGpr | eeObj.GetGPR(<gpr register>) | eeObj.GetGPR(t3) |
SetGpr | eeObj.SetGPR(<gpr register> ,<value>) | example: eeObj.SetGPR(gpr.a3 ,1)
Require defined getEEObject() as eeObj |
GetFprHex | eeObj.GetFprHex(<FPU register (0-31)>) | Get/return floating point register value as hex string |
SetFprHex | eeObj.SetFprHex(<FPU register (0-31), value (u32)>) | Set floating point register value as hex string |
GetFpr | eeObj.GetFpr(<register number>) | example eeObj.GetFpr(14) |
SetFpr | eeObj.SetFpr(<fpr register number>, <value>) | Simple example eeObj.SetFpr(14, 50.0) will set frp 14 to 50.0
But we can also combine commands to add/sub from registers eeObj.SetFpr(14, eeObj.GetFpr(14) + 50.0) this will add 50.0 to current fpr 14 value |
GetPc | eeObj.GetPc() | This command is very helpful as it will return to you the current EE address that's being read. Can be used also with additional var. like eeObj.GetPc()+4 |
SetPc | eeObj.SetPC(<PC>) | eeObj.SetPC(0x266B80) |
GetCPR0 | eeObj.GetCPR0(<COP0 register>) | |
SetCPR0 | eeObj.SetCPR0(<COP0 register>) | |
Hooks | ||
AddHook | eeObj.AddHook(<ee offset>, <original opcode>, <definied hook name>) | example: local W1 = function() emuObj.SetDisplayAspectNormal() end local ws1 = eeObj.AddHook(0x1c9840, 0xaf808c78, W1) |
RemoveHook | ||
AddPreHook | ||
AddPostHook | ||
RemovePreHook | ||
RemovePostHook | ||
AddJitResetHook | ||
RemoveJitResetHook | ||
AddHookJT | eeObj.AddHookJT(Offset, offset opcode, function) | Seems be a hook related to the jit |
Dma | ||
DmaAddHook | eeobj.DmaAddHook(channel=%d key=%x) |
Possible Dma channel numbers (?)
GIF = 0 VIF0 = 1 VIF1 = 2 SIF0 = 4 SIF1 = 5 IPU0 = 6 IPU1 = 7 Possible values for hooks DmaTransfer [VIF0/VIF1], RaiseIntc [VIF0/VIF1], NormalTransfer [SIF0/SIF1]. |
DmaRemoveHook | ||
Speedhacks | ||
FastForwardClock | eeObj.FastForwardClock() | Skip Emotion Engine cycles? |
AdvanceClock | eeObj.AdvanceClock() | it is still unknown how to use this command. Check Psychonauts lua for more details. |
GetClock | eeObj.GetClock() | Returns the value of how many cycles the EE is ahead of normal clock (?) |
Vu1MpgCycles | eeObj.Vu1MpgCycles(<cycles>) | Works just like the cli command --vu1-mpg-cycles= |
Other | ||
CallPredicate | ||
SchedulerDelayEvent | eeObj.SchedulerDelayEvent("event", cycles) Example: eeObj.AddHook(0x0033A4DC,0xAC430000, function() eeObj.SchedulerDelayEvent("gif.dma", 0x10500) end) |
Parrapa use eeObj.SchedulerDelayEvent("vif1.dma", 0x6500) other events are gif.dma, vif0.dma, vif1.dma, sif0.dma, Sif0-NormalTransfer, sif1.dma, Sif1-NormalTransfer, ipu0.dma, ipu1.dma . This command allows for the delayment of certain DMA transfer by cycles. |
WaitVu1 | eeObj.WaitVu1() | Likely to be the lua equivalent of "--vu1=jit-sync". |
GetPcRingBuffer | ||
Precompile | Requires unknown values | |
CalcInsnHash | ||
getOverlayObject | eeObj.getOverlayObject() | local eeOverlay = eeObj.getOverlayObject() |
GetVif1Cycles | eeObj.GetVif1Cycles() | local vif1_cycles = eeObj.GetVif1Cycles() create vif_cycles value that can be used later. You can rename it as you wish. |
SetGsTitleFix
One of the most important commands in lua, allows to change the GS's behavior. Part of EmuObject() class. Used frequently in official configs.
Examples
-- fix vision logo (Wild Arms 3) local thresholdArea = 0 -- ignore alls items : fix #112276 emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , { texType = 3, cbp = 0x2390, tbp = 0x288000} ) ------------------------------------------------------------------------------------------------------ -- Ignore up-render shift for triangles when writing mask = write alpha only . Will fix shadows (bug# 6724). emuObj.SetGsTitleFix( "ignoreUpShiftTri", "reserved" , { fbmask = 0x00FFFFFF } ) ------------------------------------------------------------------------------------------------------ -- Performance fix ( bug# 9474 ) if 0 then -- emuObj.IsNeoMode() then -- neo mode check disabled, due to bug #10442 emuObj.SetGsTitleFix( "globalSet", "reserved", { workLoadThreshold = 125000} ) else emuObj.SetGsTitleFix( "globalSet", "reserved", { workLoadThreshold = 100000} ) end ------------------------------------------------------------------------------------------------------ -- bug# 9972 emuObj.SetGsTitleFix( "ignoreSubBuffCov", "reserved", { } ) ------------------------------------------------------------------------------------------------------ -- Bully bug 9392 -- Performace fix local thresholdArea = 600 emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80000044 , zmsk=1 , tw=4, th=4 } ) ------------------------------------------------------------------------------------------------------ -- Bug#9174 - emuObj.SetGsTitleFix( "ignoreSubBuffCov", "reserved", { } ) ------------------------------------------------------------------------------------------------------ -- Bug#9240 (Light maps uprender) -- Copy z-buffer for future use with light maps. psm = SCE_GS_PSMZ24 (49) emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {tw=9, th=9, psm=49, zmsk=1 } ) ------------------------------------------------------------------------------------------------------ -- Apply light maps texMode=2 (bilinear) psm= SCE_GS_PSMCT32 (0) emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {tw=8, th=8, psm=0, ztst=1, texMode=2 } ) ------------------------------------------------------------------------------------------------------ -- Performace fix (bug #9785 ) emuObj.SetGsTitleFix( "globalSet", "reserved", { waveThreshold = 90000} ) emuObj.SetGsTitleFix( "ignoreAreaUpdate", 0, { } ) ------------------------------------------------------------------------------------------------------ -- Accumulate fill area only when conditions are met emuObj.SetGsTitleFix( "includeAreaUpdate", "reserved" , {alphaIsNot = 0, zmsk = 1, tw = 6, th = 6 , tbp = 0x00302000} ) emuObj.SetGsTitleFix( "ignoreUpRender", 130 , { totalArea= 700} ) ------------------------------------------------------------------------------------------------------ -- Fix shadow emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", { texMode=1 } ) ------------------------------------------------------------------------------------------------------ -- Reduce flush count emuObj.SetGsTitleFix( "SetSelfRender", "reserved", { fbmask= 0x00FFFFFF , renderSelf=1 , zmsk=1 , alpha=0 , texMode=1 } ) ------------------------------------------------------------------------------------------------------ -- Disable post-processing emuObj.SetGsTitleFix( "ignoreSprite", "reserved", { texType=1 , tw=5 , th=8, zmsk=1 , alpha=0x80000044 } ) ------------------------------------------------------------------------------------------------------ -- Small triangle rejection. Works in conjunction with CLI setting gs-override-small-tri-area=1 -- keep default area for texture 256x256 ( no blend) (Anakin face) emuObj.SetGsTitleFix( "setRejectionArea", 500,{twIsNot=8, thIsNot=8 } ) ------------------------------------------------------------------------------------------------------ -- Set triangle rejection area= 1000 when alpha blend is not 0 ( i.e blend is On) emuObj.SetGsTitleFix( "setRejectionArea", 1000, {alphaIsNot=0 } ) ------------------------------------------------------------------------------------------------------ -- Performace fix local thresholdArea = 600 emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80008068 , zmsk=1 } ) ------------------------------------------------------------------------------------------------------ -- Performace fix local thresholdArea = 700 emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80000044 , zmsk=1 } ) ------------------------------------------------------------------------------------------------------ -- Disable uprender on the draw command which samples the framebuffer (0x3200) using bilinear sampling (texMode=2) -- All lighting effects use TriFan prim type, so use that as well to filter against. emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {prim=5, texMode=2, tbp=0x320000} )
Commands
Command | Example | Notes | Values |
---|---|---|---|
globalSet | emuObj.SetGsTitleFix( "globalSet", "reserved", { packedRegsLo = 0x42,packedRegsHi = 0, packedRegsNum = 2, packedFlags = 3, packedPrim = 5}) | used with workLoadThreshold or waveThreshold or loadThreshold | |
reserved | |||
ignoreSubBuffCov | ignore ? buffer coverage | ||
ignoreUpRenderTimeout | emuObj.SetGsTitleFix( "globalSet", "reserved", {ignoreUpRenderTimeout=2} ) | ||
ignoreAreaUpdate | emuObj.SetGsTitleFix( "ignoreAreaUpdate", 0, { alpha=0x80000048 } ) | ||
ignoreSprite | emuObj.SetGsTitleFix( "ignoreSprite", "reserved", { texType=1 , tw=5 , th=8, zmsk=1 , alpha=0x80000044 } ) | ||
ignoreUpShiftTri | emuObj.SetGsTitleFix( "ignoreUpShiftTri", "reserved", {psm=0} ) | ||
clipScissors | emuObj.SetGsTitleFix( "clipScissors", "reserved", {alpha = 0 , frameW = 4 , psm = 0} ) | ||
trianglesAsParticles | emuObj.SetGsTitleFix( "trianglesAsParticles", "reserved", { hasClut=1,zmsk=1 } ) | ||
SetSelfRender | emuObj.SetGsTitleFix( "SetSelfRender", "reserved", { fbmask= 0x00FFFFFF , renderSelf=1 , zmsk=1 , alpha=0 , texMode=1 } ) | ||
forceBiLinear | |||
forcePoint | emuObj.SetGsTitleFix( "forcePoint", "reserved", {mipIsGt=0, mmin=0} ) | ||
forceSimpleFetch | emuObj.SetGsTitleFix( "forceSimpleFetch", "reserved", {psm=0} ) | Used frequently to fix graphical corruptions | |
forcePointSampling | emuObj.SetGsTitleFix( "forcePointSampling", "reserved", {alpha = 0x80000048, twIsLess=5, thIsLess=5 } ) | ||
setRejectionArea | emuObj.SetGsTitleFix( "setRejectionArea", 1000, { } ) | ||
ignoreUpRender | emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , { texType = 3, cbp = 0x2390, tbp = 0x288000} ) | Ignore uprender for texture type described in params | |
includeAreaUpdate | |||
fetchFromCurrBuff | emuObj.SetGsTitleFix( "fetchFromCurrBuff", "reserved", {psm=0} ) | ||
skipPacked | emuObj.SetGsTitleFix( "skipPacked", "reserved", { alpha = 0x80000044, tbp = 0x3a4000 , zmsk=1 }) | ||
changeAlpha |
Arguments/variables
Argument | Usage | Notes |
---|---|---|
Variable | ||
alpha_mask | ||
texType | {texType = 3} | (1-3, more? ) |
texMode | 1 - Point? , 2 - bilinear | |
Argument | ||
alphaIsNot | alpha - is not X | |
twIsLess | texture width - is less than X | |
thIsLess | texture height - is less than X | |
twIsNot | texture width - is not X | |
thIsNot | texture width - is not X | |
psmIsNot | texture pixel storage format - is not X
PSMCT32 = 0 PSMT4HL = 36 PSMCT24 = 1 PSMT4HH = 44 PSMCT16 = 2 PSMZ32 = 48 PSMCT16S = 10 PSMZ24 = 49 PSMT8 = 19 PSMZ16 = 50 PSMT4 = 20 PSMZ16S = 58 PSMT8H = 27 | |
primIsNot | GS primitive type - is not
Point = 0 Line = 1 LineStrip = 2 Triangle = 3 TriangleStrip = 4 TriangleFan = 5 Sprite = 6 | |
mipIsGt | mip level is grater than X (?) | |
Needs wikify | ||
zmsk | Z (depth) draw mask
update Z buffer = 0 don't update Z buffer = 1 When 1 depth test result will be ignored | |
tw | texture width | |
th | texture height | |
ztst | Z (depht) test method
ZNOUSE = 0 ZALWAYS = 1 ZGEQUAL = 2 ZGREATER = 3 0 - All pixels fail 1 - All pixels pass 2 - Pass if Z grater or equal to Z buffer 3 - Pass if Z grater than Z buffer | |
mmin | MMIN flag
NEAREST = 0 LINEAR = 1 NEAREST_MIPMAP_NEAREST = 2 NEAREST_MIPMAP_LINEAR = 3 LINEAR_MIPMAP_NEAREST = 4 LINEAR_MIPMAP_LINEAR = 5 | |
prim | GS primitive type
Point = 0 Line = 1 LineStrip = 2 Triangle = 3 TriangleStrip = 4 TriangleFan = 5 Sprite = 6 | |
fillArea | ||
frameW | ||
renderSelf | ||
hasClut | ||
alphaTest | ||
primTest | ||
workLoadThreshold | ||
alpha | example: alpha=0x80000044 alpha=0 | |
tbp | texture base pointer | |
cbp | {cbp = 0x2390} | CLUT buffer base pointer |
psm | {psm=0} | texture pixel storage format
PSMCT32 = 0 PSMT4HL = 36 PSMCT24 = 1 PSMT4HH = 44 PSMCT16 = 2 PSMZ32 = 48 PSMCT16S = 10 PSMZ24 = 49 PSMT8 = 19 PSMZ16 = 50 PSMT4 = 20 PSMZ16S = 58 PSMT8H = 27 |
mxl | maximum mip level (0-6) | |
fbmask | { fbmask= 0x00FFFFFF} | Framebuffer mask(?) |
totalArea | ||
packedRegs | ||
packedRegsLo | ||
packedRegsHi | ||
packedRegsNum | ||
packedFlags | ||
packedPrim | ||
areaNumFrames | ||
waveThreshold | ||
loadThreshold | ||
fixSpriteDivTab |
(IOP) IOPObject
Commands for the emulated input-output processor
Command | Usage | Notes |
---|---|---|
Object calling class | ||
getIOPObject | local iopObj = getIOPObject() | Required for all functions using iopObj, that include: ReplaceMem64 ReplaceMem32 ReplaceMem16 ReplaceMem8 ReadMemFloat WriteMemFloat WriteMem64 WriteMem32 WriteMem16 WriteMem8 ReadMemStr AddHook RemoveHook GetGpr SetGpr GetPc SetPc GetCPR0 SetCPR0 |
Memory editing | ||
ReplaceMem64 | iopObj.ReplaceMem64(<address>, <value>) | |
ReplaceMem32 | iopObj.ReplaceMem32(<address>, <value>) | |
ReplaceMem16 | iopObj.ReplaceMem16(<address>, <value>) | |
ReplaceMem8 | iopObj.ReplaceMem8(<address>, <value>) | |
ReadMemFloat | iopObj.ReadMemFloat(<address>) | iopObj.ReadMemFloat(0x28c3c) |
WriteMemFloat | iopObj.WriteMemFloat(<address>, <value>) | iopObj.WriteMemFloat(0x65364, 1.3333333) |
ReadMem128 | iopObj.ReadMem128(<iop memory offset>) | |
WriteMem128 | iopObj.WriteMem128(<iop memory offset>, <value>) | |
ReadMemFloat128 | iopObj.ReadMemFloat128(<iop memory offset>) | |
WriteMemFloat128 | iopObj.WriteMemFloat128(<iop memory offset>, <value>) | |
ReadMem64 | iopObj.ReadMem64(<iop memory offset>) |
Read 8 Bytes From offset |
WriteMem64 | iopObj.WriteMem64(<iop memory offset>, <data>) |
Write 8 Bytes From offset |
ReadMem32 | iopObj.ReadMem32(<iop memory offset>) |
Read 4 bytes from offset, examples: iopObj.ReadMem32(0x1198)
iopObj.ReadMem32(gp - 348) |
WriteMem32 | iopObj.WriteMem32(<iop memory offset>, <data>) |
Write 4 bytes to offset, example: iopObj.WriteMem32(0x89ac, 0x001b70f0) |
ReadMem16 | iopObj.ReadMem16(<iop memory offset>) |
Read 2 bytes from offset, example: iopObj.ReadMem16(0x1198) |
WriteMem16 | iopObj.WriteMem16(<iop memory offset>, <data>) |
Write 2 bytes to offset, example: iopObj.WriteMem16(0x89ac, 0x70f0) |
ReadMem8 | iopObj.ReadMem8(<iop memory offset>) |
Read 1 byte from offset, example: iopObj.ReadMem8(0x1198) |
WriteMem8 | iopObj.WriteMem8(<iop memory offset>, <data>) |
Write 1 byte to offset, example: iopObj.WriteMem8(0x89ac, 0xf0) |
ReadMemStr | ||
GetGpr | iopObj.GetGPR(<gpr register>) | iopObj.GetGPR(a1) |
SetGpr | iopObj.SetGPR(<gpr register> ,<value>) | example: iopObj.SetGPR(gpr.v0 ,3) |
GetPc | iopObj.GetPc() | can be used also with additional var. like iopObj.GetPc()+8 |
SetPc | iopObj.SetPC(<PC>) | iopObj.SetPC(0x6B80) |
GetCPR0 | iopObj.GetCPR0(<COP0 register>) | |
SetCPR0 | iopObj.SetCPR0(<COP0 register>) | |
Clock speed | ||
FastForwardClock | iopObj.FastForwardClock() | |
AdvanceClock | iopObj.AdvanceClock() | |
GetClock | iopObj.GetClock() | Returns the value of cycles the iop is ahead of (?) |
Hooks | ||
AddHook | iopObj.AddHook() | |
RemoveHook | iopObj.RemoveHook() |
(GS) GsObject
Commands for the emulated Graphics synthesizer
Command | Usage | Notes |
---|---|---|
Object calling class | ||
getGsObject | local gsObj = getGsObject() | |
Graphical fixes / Improvement | ||
SetL2HMode | gsObj.SetL2HMode(true) | (true) and (false) are only known options |
SetUprenderMode | gsObj.SetUprenderMode(1) | Set uprender mode. Overrides CLI, 0=none, 1=2x2 |
SetUpscaleMode | gsObj.SetUpscaleMode("EdgeSmooth") | Sets upscale mode. Overrides CLI |
GetFramesInQueue | gsObj.GetFramesInQueue() | Returns the value of the frames that are still in queue |
SetFrameSkipping | gsObj.SetFrameSkipping(true) | false and true are the values. |
SetDeinterlaceShift | gsObj.SetDeinterlaceShift(0) | The values are 1 and 0, Enable or disable interlacing, requires emulators with high api |
Does not require Object calling or Uknown
Command | Usage | Notes |
---|---|---|
eeInsnReplace | eeInsnReplace(EE memory offset, Original opcode (BE), Replace opcode (BE)) | Replace 4 bytes opcode in ee memory, correct memory range is 0x0 to 0x1FFFFFFF |
vuInsnReplace | vuInsnReplace(vu 0/1, vu memory offset divided by 8, (original opcode<<32) | original opcode, (replace opcode<<32) | replace opcode) |
Replace 2 x 4 bytes in VU memory, correct memory range depend on selected VU, left shift by 32 is used for VU lower opcodes. Command will fail if size is above 254. example: vuInsnReplace(0, 0x167, (0x000002ff << 32) | 0x520507ff,(0x000002ff << 32) | 0x8000033c) Replace 64 bits of VU0 at offset 0xB38 |
iopInsnReplace | iopInsnReplace(IOP memory offset, Original opcode, opcode replacement) | Replace 4 bytes in iop memory, correct memory range is 0x0 to 0x1FFFFF, iopInsnReplace(0x1FFFFF, 0x0, 0x0803fff0) |
eeNativeFunction | eeNativeFunction(<ee offset>, <original opcode>, <function>) | eeNativeFunction(0x11fa9c, 0x0080402d, 'memcpy')
Different emulators can have different functions included, vide SO3. Require api 1.4 or higher. But functions from this list should be available in every emu: ieee754_acosf ieee754_asinf ieee754_sqrtf fabs cosf fabsf sinf acosf asinf sqrtf fptoui fptodp litodp dptoli dptofp memcpy memset strlen |
eeNativeHook | eeNativeHook(<ee ofset>, <original opcode>, <action>) | eeNativeHook require apiRequest(1.4) or higher. |
GsCustomShader | ||
Unlock | ||
IsUnlocked | ||
InsnOverlay | InsnOverlay({<opcode, opcode, opcode...>}) | example: InsnOverlay({ 0x27bdfff0, -- addiu $sp, -0x10 0xffbf0000, -- sd $ra, 0(sp) 0xffb00008, -- sd $s0, 8(sp) 0x3c05000f, -- lui $a1, 0x000f 0x34a57000, -- ori $a1, 0x7000 0x0c0db8b6, -- jal Script::State::DoString 0x0080802d, -- move $s0, $a0 0x24050001, -- li $a1, 1 0x0c0dba4c, -- jal Script::State::IsNull(int) 0x0200202d, -- move $a0, $s0 0xdfb00008, -- ld $s0, 8(sp) 0xdfbf0000, -- ld $ra, 0(sp) 0x03e00008, -- jr ra 0x27bd0010 -- addiu $sp, 0x10 }) |
eeDebugBreak | ||
CsBindShader | ||
CsSetParamInt32 | ||
CsSetParamFloat | ||
CsResetContext | ||
CsPrintContext | ||
PsBindShader | ||
PsSetParamInt32 | ||
PsSetParamFloat | ||
PsResetContext | ||
PsPrintContext |
Note: eeObj, emuObj, gsObj, etc are described as required, this is not really true. You can set functions locals they use as whatever you want, but due to specify of that emulator it will be better to keep official naming used in official configs.
Other objects
Command | Usage | Notes |
---|---|---|
getGLSObject class | ||
getGLSObject | ||
Enable | ||
EnableServerRecording | ||
Pause | ||
getAudioObject class | ||
getAudioObject | ||
muteStreamingAll | ||
muteStreamingMain | ||
muteStreamingBGM | ||
getRemotePlayObject class | ||
getRemotePlayObject | ||
Enable | ||
getVideoRecordingObject class | ||
getVideoRecordingObject | ||
Enable | ||
getSharePlayObject class | ||
getSharePlayObject | ||
Enable | ||
getSpriteObject group | ||
getSpriteObject | ||
Enable | ||
Disable | ||
BindFragmentShader | ||
SetShaderParams | Is not clear that params depend on shader, or are somehow hardcoded. Example usage: local sprite0 = getSpriteObject(0) local scanlineParams = { 240.0, -- float scanlineCount 0.7, -- float scanlineHeight; 1.5, -- float scanlineBrightScale; 0.5, -- float scanlineAlpha; 0.5 -- float vignetteStrength; } sprite0.SetShaderParams(scanlineParams) | |
BindTexture | ||
SetPosXY | ||
SetSizeXY | ||
SetPosUV | ||
SetSizeUV | ||
PrintContext | ||
SetBlendColor | sprite<X>.SetBlendColor(<R,G,B,A>) in floats, max val. 1.0 | local sprite0 = getSpriteObject(0) sprite0.SetBlendColor(1.0,1.0,1.0,1.0) |
getTrophyObject | local trophyObj = getTrophyObject() | Required for all functions using trophyObj |
getDmaObject | local dmaObj = getDmaObject() | Depreciated API - use EE:DmaAddHook / EE:DmaRemoveHook instead. Is not clear when it was depreciated, JAK emu don't use it. |
getScreenShotObject |
Registers for hook
Registers defined in alias files.
GetGpr/SetGpr
gpr.zero gpr.at gpr.v0 gpr.v1 gpr.a0 gpr.a1 gpr.a2 gpr.a3 gpr.t0 gpr.t1 gpr.t2 gpr.t3 gpr.t4 gpr.t5 gpr.t6 gpr.t7 gpr.s0 gpr.s1 gpr.s2 gpr.s3 gpr.s4 gpr.s5 gpr.s6 gpr.s7 gpr.t8 gpr.t9 gpr.k0 gpr.k1 gpr.gp gpr.sp gpr.fp gpr.ra gpr.lo gpr.hi gpr.sa example: eeObj.GetGpr(gpr.a1)
GetCPR0/SetCPR0
cpr.index cpr.pagemask cpr.random cpr.wired cpr.entrylo0 cpr.badvaddr cpr.entrylo1 cpr.count cpr.context cpr.entryhi cpr.compare cpr.config cpr.taglo cpr.status cpr.badpaddr cpr.taghi cpr.cause cpr.hwbk cpr.errorepc cpr.epc cpr.pccr cpr.prid example: eeObj.GetCPR0(cpr.status)
Official examples
You can find the rest of them here
Canis Canem Edit
SLES 535.61
LUA
require( "ee-gpr-alias" ) -- you can access EE GPR by alias (gpr.a0 / gpr["a0"]) apiRequest(0.1) -- EA sports cricket 07 bug 9392 -- Performance fix local emuObj = getEmuObject() local thresholdArea = 600 emuObj.SetGsTitleFix( "ignoreUpRender", thresholdArea , {alpha=0x80000044 , zmsk=1 , tw=4, th=4 } )
Custom config.lua examples
Here is the first custom lua config created by the community:
apiRequest(0.1) -- Fix black screen SLUS-20064 eeInsnReplace(0x1CF3CC, 0x4100ffff, 0x00000000) -- bc0f 0x1CF3CC to nop
This is a very basic command to replace a part of the EE memory with another instruction.
- apiRequest(0.1) - Is required for every config. Used version depend on your original eboot highest supported api. 0.1 seems to be enough for basic patches like here. 2.3 is highest known for now.
- -- Fix black screen SLUS-20064 is comment
- eeInsnReplace(0x1CF3CC, 0x4100ffff, 0x00000000) is our true command here. We are replacing the value 0x4100FFFF to 0x00000000 at the offset of 0x1CF3CC . Like you can see we need to add what opcode is replaced. Not only patch, and memory offset.
- -- bc0f 0x1CF3CC to nop is just another comment, in this case explaining what is changed
Other custom configurations made by users can be found here
Memory Mapping
Name | From | To |
---|---|---|
EE Flat Memory (4gb) | 0x0000008000000000 | 0x0000008100000000 |
IOP Flat Memory (4gb) | 0x0000009000000000 | 0x0000009100000000 |
R59 Binary Cache | 0x0000000914B10000 | 0x0000000916B10000 |
R30 Binary Cache | 0x0000000916B14000 | 0x0000000917314000 |
jitVU0 | 0x0000000917318000 | 0x0000000917B18000 |
jitVU1 | 0x0000000917B1C000 | 0x0000000918B1C000 |
Host's EE Memory Map | ||
EE RAM - Kernel | 0x0000008000000000 | 0x0000008000080000 |
EE RAM - Debug | 0x0000008000078000 | 0x0000008000080000 |
EE RAM - User | 0x0000008000080000 | 0x0000008002000000 |
EE Hw Devices | 0x0000008010000000 | 0x0000008010010000 |
EE ROM | 0x000000801FC00000 | 0x000000801FFE0000 |
EE RAM - Uncached | 0x0000008020080000 | 0x0000008022000000 |
EE RAM - UncachedAccel | 0x0000008030100000 | 0x0000008032000000 |
EE Scratchpad | 0x0000008070000000 | 0x0000008070004000 |
EE Debug | 0x00000080FFFF8000 | 0x0000008100000000 |
Host's IOP Memory Map | ||
IOP RAM | 0x0000009000000000 | 0x0000009000200000 |
IOP RAM (mirror 1) | 0x0000009000200000 | 0x0000009000400000 |
IOP RAM (mirror 2) | 0x0000009000400000 | 0x0000009000600000 |
IOP RAM (mirror 3) | 0x0000009000600000 | 0x0000009000800000 |
IOP Scratchpad | 0x000000901F800000 | 0x000000901F801000 |
IOP HW | 0x000000901F801000 | 0x000000901F810000 |
IOP ROM | 0x000000901FC00000 | 0x000000901FFE0000 |
Registers Map
EE-IOP
This list of registers is yet to be completed. Some registers are incorrectly named or include incorrect offsets. 0x1000000xxx base is not guaranteed in different emu revisions, but layout should be the same regardless. Assuming base is different (Like on kof2000), simply reduce these offsets by 8 hex values (IOP, VU0, and VU1 registers' offsets are static in all emulators).
List was designed for Jak v2 Eboot md5:c644f6879af225a6e5a70233fc4625a3
GPR-EE | Address | FPR | Address | CP0 | Address | GPR-IOP | Address | |||
---|---|---|---|---|---|---|---|---|---|---|
zero | 0x1000000000 | f00 | 0x1000000230 | Index | 0x10000002D0 | zero | 0x1020000000 | |||
at | 0x1000000010 | f01 | 0x1000000234 | Random | 0x10000002D4 | at | 0x1020000004 | |||
v0 | 0x1000000020 | f02 | 0x1000000238 | EntryLo0 | 0x10000002D8 | v0 | 0x1020000008 | |||
v1 | 0x1000000030 | f03 | 0x100000023C | EntryLo1 | 0x10000002DC | v1 | 0x102000000C | |||
a0 | 0x1000000040 | f04 | 0x1000000240 | Context | 0x10000002E0 | a0 | 0x1020000010 | |||
a1 | 0x1000000050 | f05 | 0x1000000244 | PageMask | 0x10000002E4 | a1 | 0x1020000014 | |||
a2 | 0x1000000060 | f06 | 0x1000000248 | Wired | 0x10000002E8 | a2 | 0x1020000018 | |||
a3 | 0x1000000070 | f07 | 0x100000024C | rsvd7 | 0x10000002EC | a3 | 0x102000001C | |||
t0 | 0x1000000080 | f08 | 0x1000000250 | BadVAddr | 0x10000002F0 | t0 | 0x1020000020 | |||
t1 | 0x1000000090 | f09 | 0x1000000254 | Count | 0x10000002F4 | t1 | 0x1020000024 | |||
t2 | 0x10000000A0 | f10 | 0x1000000258 | EntryHi | 0x10000002F8 | t2 | 0x1020000028 | |||
t3 | 0x10000000B0 | f11 | 0x100000025C | Compare | 0x10000002FC | t3 | 0x102000002C | |||
t4 | 0x10000000C0 | f12 | 0x1000000260 | Status | 0x1000000300 | t4 | 0x1020000030 | |||
t5 | 0x10000000D0 | f13 | 0x1000000264 | Cause | 0x1000000304 | t5 | 0x1020000034 | |||
t6 | 0x10000000E0 | f14 | 0x1000000268 | EPC | 0x1000000308 | t6 | 0x1020000038 | |||
t7 | 0x10000000F0 | f15 | 0x100000026C | PRid | 0x100000030C | t7 | 0x102000003C | |||
s0 | 0x1000000100 | f16 | 0x1000000270 | Config | 0x1000000310 | s0 | 0x1020000040 | |||
s1 | 0x1000000110 | f17 | 0x1000000274 | Iab | 0x1000000314 | s1 | 0x1020000044 | |||
s2 | 0x1000000120 | f18 | 0x1000000278 | Iabm | 0x1000000318 | s2 | 0x1020000048 | |||
s3 | 0x1000000130 | f19 | 0x100000027C | Dab | 0x100000031C | s3 | 0x102000004C | |||
s4 | 0x1000000140 | f20 | 0x1000000280 | Dabm | 0x1000000320 | s4 | 0x1020000050 | |||
s5 | 0x1000000150 | f21 | 0x1000000284 | Dvm | 0x1000000324 | s5 | 0x1020000054 | |||
s6 | 0x1000000160 | f22 | 0x1000000288 | Dvbm | 0x1000000328 | s6 | 0x1020000058 | |||
s7 | 0x1000000170 | f23 | 0x100000028C | BadPAddr | 0x100000032C | s7 | 0x102000005C | |||
t8 | 0x1000000180 | f24 | 0x1000000290 | Debug | 0x1000000330 | t8 | 0x1020000060 | |||
t9 | 0x1000000190 | f25 | 0x1000000294 | Perf | 0x1000000334 | t9 | 0x1020000064 | |||
k0 | 0x10000001A0 | f26 | 0x1000000298 | Pcr0 | 0x1000000338 | k0 | 0x1020000068 | |||
k1 | 0x10000001B0 | f27 | 0x100000029C | Pcr1 | 0x100000033C | k1 | 0x102000006C | |||
gp | 0x10000001C0 | f28 | 0x10000002A0 | TagLo | 0x1000000340 | gp | 0x1020000070 | |||
sp | 0x10000001D0 | f29 | 0x10000002A4 | TagHi | 0x1000000344 | sp | 0x1020000074 | |||
fp | 0x10000001E0 | f30 | 0x10000002A8 | ErrorEPC | 0x1000000348 | fp | 0x1020000078 | |||
ra | 0x10000001F0 | f31 | 0x10000002AC | Rsvd31 | 0x100000034C | ra | 0x102000007C | |||
hi/hi1 (2x 64bit) | 0x1000000200 | fACC | 0x10000002B0 | COP0 additional registers | pc | 0x102000008C | ||||
lo/lo1 (2x 64bit) | 0x1000000210 | FPU CTRL (FCR) | real Pcr0 | 0x1000000350 | hi | 0x1020000090 ?? | ||||
sa | 0x1000000220 | cp1cond | 0x10000002B4 | real Pcr1 | 0x1000000358 | lo | 0x1020000094 ?? | |||
fpu ver | 0x10000002B8 | |||||||||
fpu sticky | 0x10000002BC | |||||||||
fpu ctrl | 0x10000002C0 | |||||||||
2CF unknown | 0x10000002C4 |
"Fake" registers | Address | Notes |
---|---|---|
(?) | 0x1000000360 | Locking the value seems to cause a crash. |
Current PC (4 Bytes) |
0x1000000368 | Shows the current offset that's being executed by the EE. Updated only on branch/jump tests, unless commands such as --ee-pc-coherency or --ee-insn-flush-pc are used. |
(?) | 0x100000036C |
Updated on branch/jump instructions, emulator seems to use it to store next address that will be executed. At least in recompiler to interpreter fallback mode. During tests it shows 0x80000184 |
Delta counter | 0x1000000370 | (Passed cycles, likely decrementer). Evt check is performed on branch test when 0. Fastforwardclock set this to 0, advanceclock subtract value from this fake reg) |
Cycles | 0x1000000378 | |
(?) | 0x1000000384 | Address when last exception occurred on r5900. This register most of times will hold last executed syscall address, sometimes last tlb miss or break(if "as nop" is disabled). Unlike the pc, this one doesn't change after a crash and has much lower latency. Thus meaning it's better at diagnosing problems. |
VU0 Registers
Register | W | Z | Y | X | Register | W | Z | Y | X | |
---|---|---|---|---|---|---|---|---|---|---|
vf00 | 0x103000000C | 0x1030000008 | 0x1030000004 | 0x1030000000 | vf17 | 0x103000011C | 0x1030000118 | 0x1030000114 | 0x1030000110 | |
vf01 | 0x103000001C | 0x1030000018 | 0x1030000014 | 0x1030000010 | vf18 | 0x103000012C | 0x1030000128 | 0x1030000124 | 0x1030000120 | |
vf02 | 0x103000002C | 0x1030000028 | 0x1030000024 | 0x1030000020 | vf19 | 0x103000013C | 0x1030000138 | 0x1030000134 | 0x1030000130 | |
vf03 | 0x103000003C | 0x1030000038 | 0x1030000034 | 0x1030000030 | vf20 | 0x103000014C | 0x1030000148 | 0x1030000144 | 0x1030000140 | |
vf04 | 0x103000004C | 0x1030000048 | 0x1030000044 | 0x1030000040 | vf21 | 0x103000015C | 0x1030000158 | 0x1030000154 | 0x1030000150 | |
vf05 | 0x103000005C | 0x1030000058 | 0x1030000054 | 0x1030000050 | vf22 | 0x103000016C | 0x1030000168 | 0x1030000164 | 0x1030000160 | |
vf06 | 0x103000006C | 0x1030000068 | 0x1030000064 | 0x1030000060 | vf23 | 0x103000017C | 0x1030000178 | 0x1030000174 | 0x1030000170 | |
vf07 | 0x103000007C | 0x1030000078 | 0x1030000074 | 0x1030000070 | vf24 | 0x103000018C | 0x1030000188 | 0x1030000184 | 0x1030000180 | |
vf08 | 0x103000008C | 0x1030000088 | 0x1030000084 | 0x1030000080 | vf25 | 0x103000019C | 0x1030000198 | 0x1030000194 | 0x1030000190 | |
vf09 | 0x103000009C | 0x1030000098 | 0x1030000094 | 0x1030000090 | vf26 | 0x10300001AC | 0x10300001A8 | 0x10300001A4 | 0x10300001A0 | |
vf10 | 0x10300000AC | 0x10300000A8 | 0x10300000A4 | 0x10300000A0 | vf27 | 0x10300001BC | 0x10300001B8 | 0x10300001B4 | 0x10300001B0 | |
vf11 | 0x10300000BC | 0x10300000B8 | 0x10300000B4 | 0x10300000B0 | vf28 | 0x10300001CC | 0x10300001C8 | 0x10300001C4 | 0x10300001C0 | |
vf12 | 0x10300000CC | 0x10300000C8 | 0x10300000C4 | 0x10300000C0 | vf29 | 0x10300001DC | 0x10300001D8 | 0x10300001D4 | 0x10300001D0 | |
vf13 | 0x10300000DC | 0x10300000D8 | 0x10300000D4 | 0x10300000D0 | vf30 | 0x10300001EC | 0x10300001E8 | 0x10300001E4 | 0x10300001E0 | |
vf14 | 0x10300000EC | 0x10300000E8 | 0x10300000E4 | 0x10300000E0 | vf31 | 0x10300001FC | 0x10300001F8 | 0x10300001F4 | 0x10300001F0 | |
vf15 | 0x10300000FC | 0x10300000F8 | 0x10300000F4 | 0x10300000F0 | ACC | 0x103000020C | 0x1030000208 | 0x1030000204 | 0x1030000200 | |
vf16 | 0x103000010C | 0x1030000108 | 0x1030000104 | 0x1030000100 |
Register | Address | Register | Address | |
---|---|---|---|---|
vi00 | 0x1030000210 | Status | 0x1030000310?? | |
vi01 | 0x1030000220 | MACflag | 0x1030000320?? | |
vi02 | 0x1030000230 | Clipflag | 0x1030000330?? | |
vi03 | 0x1030000240 | c2c19 | 0x1030000340?? | |
vi04 | 0x1030000250 | R | 0x1030000350?? | |
vi05 | 0x1030000260 | I | 0x1030000360 | |
vi06 | 0x1030000270 | Q | 0x1030000590 | |
vi07 | 0x1030000280 | c2c23 | 0x1030000380?? | |
vi08 | 0x1030000290 | c2c24 | 0x1030000390?? | |
vi09 | 0x10300002A0 | c2c25 | 0x10300003A0?? | |
vi10 | 0x10300002B0 | TPC | 0x10300003B0 | |
vi11 | 0x10300002C0 | CMSAR0 | 0x10300003C0?? | |
vi12 | 0x10300002D0 | FBRST | 0x10300003D0 | |
vi13 | 0x10300002E0 | VPU-STAT | 0x10300003E0?? | |
vi14 | 0x10300002F0 | CMSAR1 | 0x10300003F0?? | |
vi15 | 0x1030000300 | c2c30 | 0x1030000400?? |
VU1 Registers
Register | W | Z | Y | X | Register | W | Z | Y | X | |
---|---|---|---|---|---|---|---|---|---|---|
vf00 | 0x104000000C | 0x1040000008 | 0x1040000004 | 0x1040000000 | vf17 | 0x104000011C | 0x1040000118 | 0x1040000114 | 0x1040000110 | |
vf01 | 0x104000001C | 0x1040000018 | 0x1040000014 | 0x1040000010 | vf18 | 0x104000012C | 0x1040000128 | 0x1040000124 | 0x1040000120 | |
vf02 | 0x104000002C | 0x1040000028 | 0x1040000024 | 0x1040000020 | vf19 | 0x104000013C | 0x1040000138 | 0x1040000134 | 0x1040000130 | |
vf03 | 0x104000003C | 0x1040000038 | 0x1040000034 | 0x1040000030 | vf20 | 0x104000014C | 0x1040000148 | 0x1040000144 | 0x1040000140 | |
vf04 | 0x104000004C | 0x1040000048 | 0x1040000044 | 0x1040000040 | vf21 | 0x104000015C | 0x1040000158 | 0x1040000154 | 0x1040000150 | |
vf05 | 0x104000005C | 0x1040000058 | 0x1040000054 | 0x1040000050 | vf22 | 0x104000016C | 0x1040000168 | 0x1040000164 | 0x1040000160 | |
vf06 | 0x104000006C | 0x1040000068 | 0x1040000064 | 0x1040000060 | vf23 | 0x104000017C | 0x1040000178 | 0x1040000174 | 0x1040000170 | |
vf07 | 0x104000007C | 0x1040000078 | 0x1040000074 | 0x1040000070 | vf24 | 0x104000018C | 0x1040000188 | 0x1040000184 | 0x1040000180 | |
vf08 | 0x104000008C | 0x1040000088 | 0x1040000084 | 0x1040000080 | vf25 | 0x104000019C | 0x1040000198 | 0x1040000194 | 0x1040000190 | |
vf09 | 0x104000009C | 0x1040000098 | 0x1040000094 | 0x1040000090 | vf26 | 0x10400001AC | 0x10400001A8 | 0x10400001A4 | 0x10400001A0 | |
vf10 | 0x10400000AC | 0x10400000A8 | 0x10400000A4 | 0x10400000A0 | vf27 | 0x10400001BC | 0x10400001B8 | 0x10400001B4 | 0x10400001B0 | |
vf11 | 0x10400000BC | 0x10400000B8 | 0x10400000B4 | 0x10400000B0 | vf28 | 0x10400001CC | 0x10400001C8 | 0x10400001C4 | 0x10400001C0 | |
vf12 | 0x10400000CC | 0x10400000C8 | 0x10400000C4 | 0x10400000C0 | vf29 | 0x10400001DC | 0x10400001D8 | 0x10400001D4 | 0x10400001D0 | |
vf13 | 0x10400000DC | 0x10400000D8 | 0x10400000D4 | 0x10400000D0 | vf30 | 0x10400001EC | 0x10400001E8 | 0x10400001E4 | 0x10400001E0 | |
vf14 | 0x10400000EC | 0x10400000E8 | 0x10400000E4 | 0x10400000E0 | vf31 | 0x10400001FC | 0x10400001F8 | 0x10400001F4 | 0x10400001F0 | |
vf15 | 0x10400000FC | 0x10400000F8 | 0x10400000F4 | 0x10400000F0 | ACC | 0x104000020C | 0x1040000208 | 0x1040000204 | 0x1040000200 | |
vf16 | 0x104000010C | 0x1040000108 | 0x1040000104 | 0x1040000100 |
Register | Address | Register | Address | |
---|---|---|---|---|
vi00 | 0x1040000210 | vi16 | 0x1040000310?? | |
vi01 | 0x1040000220 | vi17 | 0x1040000320?? | |
vi02 | 0x1040000230 | vi18 | 0x1040000330?? | |
vi03 | 0x1040000240 | vi19 | 0x1040000340?? | |
vi04 | 0x1040000250 | vi20 | 0x1040000350?? | |
vi05 | 0x1040000260 | vi21 | 0x1040000360 | |
vi06 | 0x1040000270 | vi22 | 0x1040000370?? | |
vi07 | 0x1040000280 | vi23 | 0x1040000380?? | |
vi08 | 0x1040000290 | vi24 | 0x1040000390?? | |
vi09 | 0x10400002A0 | vi25 | 0x10400003A0?? | |
vi10 | 0x10400002B0 | vi26 | 0x10400003B0 | |
vi11 | 0x10400002C0 | vi27 | 0x10400003C0?? | |
vi12 | 0x10400002D0 | vi28 | 0x10400003D0 | |
vi13 | 0x10400002E0 | vi29 | 0x10400003E0?? | |
vi14 | 0x10400002F0 | vi30 | 0x10400003F0?? | |
vi15 | 0x1040000300 | vi31 | 0x1040000400?? |
Open CL and Floats
PS4 native Floating point support and OpenCL info, for both CPU and GPU. The understanding of floating point conversion is very important for emulating the PS2.
Info found below came from this: gist
There you can find more info about PS4's OpenCL.
CPU
Info | Value |
---|---|
Device Name | CXD90026AG - DG1002FGF84HT |
Device Vendor | AuthenticAMD |
Device Vendor ID | 0x1022 |
Device OpenCL C Version | OpenCL C 1.2 pocl |
Device Type | CPU |
Max compute units | 8 |
Max work item dimensions | 3 |
Max work item sizes | 4096x4096x4096 |
Max work group size | 4096 |
Preferred work group size multiple | 8 |
Half-precision Floating-point support | (n/a) |
Single-precision Floating-point support | (core) |
Denormals | Yes |
Infinity and NANs | Yes |
Round to nearest | Yes |
Round to zero | Yes |
Round to infinity | Yes |
IEEE754-2008 fused multiply-add | No |
Support is emulated in software | No |
Correctly-rounded divide and sqrt operations | Yes |
Double-precision Floating-point support | (cl_khr_fp64) |
Denormals | Yes |
Infinity and NANs | Yes |
Round to nearest | Yes |
Round to zero | Yes |
Round to infinity | Yes |
IEEE754-2008 fused multiply-add | Yes |
Support is emulated in software | No |
Execution capabilities | |
Run OpenCL kernels | Yes |
Run native kernels | Yes |
SPIR versions | 1.2 |
Device Extensions | cl_khr_byte_addressable_store cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_3d_image_writes cl_khr_spir cl_khr_fp64 cl_khr_int64_base_atomics cl_khr_int64_extended_atomics |
GPU
Info | Values |
---|---|
Device Name | AMD LIVERPOOL |
Device Vendor | AMD |
Device Vendor ID | 0x1002 |
Device Version | OpenCL 1.1 |
Device OpenCL C Version | OpenCL C 1.1 |
Device Type | GPU |
Max compute units | 18 |
Max work item dimensions | 3 |
Max work item sizes | 256x256x256 |
Max work group size | 256 |
Compiler Available | Yes |
Preferred work group size multiple | 64 |
Half-precision Floating-point support | (cl_khr_fp16) |
Denormals | No |
Infinity and NANs | Yes |
Round to nearest | Yes |
Round to zero | No |
Round to infinity | No |
IEEE754-2008 fused multiply-add | No |
Support is emulated in software | No |
Single-precision Floating-point support | (core) |
Denormals | No |
Infinity and NANs | Yes |
Round to nearest | Yes |
Round to zero | No |
Round to infinity | No |
IEEE754-2008 fused multiply-add | No |
Support is emulated in software | No |
Correctly-rounded divide and sqrt operations | No |
Double-precision Floating-point support | (cl_khr_fp64) |
Denormals | Yes |
Infinity and NANs | Yes |
Round to nearest | Yes |
Round to zero | Yes |
Round to infinity | Yes |
IEEE754-2008 fused multiply-add | Yes |
Support is emulated in software | No |
Execution capabilities | |
Run OpenCL kernels | Yes |
Run native kernels | No |
Device Extensions | cl_khr_byte_addressable_store cl_khr_byte_addressable_store cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_int64_base_atomics cl_khr_int64_extended_atomics cl_khr_fp64 cl_khr_fp16 |
PS3 Config support
The emulator supports configurations in the format known from ps2_netemu/ps2classic that came from the PS3. This feature was officially used in Arc the Lad Twilight of the Spirits ps2-ps4 classic. To enable ps3 style config add this to config-emu-ps4.txt: --lopnor-config=1 --ps2-title-id=TITLE-ID Config file need to be in folder ...'''/patches/{TITLE-ID}/''' and file need to have name '''{TITLE-ID}_lopnor.cfgbin'''. title id need to be in XXXX-YYYYY format (ex. SLUS-12345). Example path: /patches/SLUS-12345/SLUS-12345_lopnor.cfgbin Tester confirmed that configs work like that. We don't even need to edit them, they work as is.
Please keep in mind that not all commands are recognized, only 0x01 (can depend upon emu revision), 0x09, 0x0A, 0x0B, 0x0F, 0x10, 0x26, 0x27, 0x42. For example Rayman 3 config Does not work due to the command being unsupported Command 0x07 is NOT recognized, but can be manually translated to cli config (to: --vu-xgkick-delay=value). Same goes for 0x11 (--vu0-accurate-addsub-range can be used).
- Configs explained in text form: https://github.com/Zarh/Get_CONFIG/blob/master/log.txt
- More about PS3 style configs/commands: https://www.psdevwiki.com/ps3/PS2_Emulation#Game_CONFIG
- Log from loading that kind of config: https://pastebin.com/ZpUyU8DE
Known issues
Issue | Games affected | Solution | Description |
---|---|---|---|
Inaccurate GIF timing | The Matrix: Path of Neo, Tenchu - Fatal Shadows, Genji dawn of the samurai, Batman begins, Dragon ball z budokai tenkaichi 1, and possibly many more! | LUA patches, or hooking schedulerdelayevent on an affected offset | |
No support for EE Cache | Ice Age 2, DOA2: Extreme, Nascar 2009, Barnyard, Others | Lua patches to the EE memory and picking the right emulator | |
Missing COP2 pipeline emulation. | other games affected by COP2 timing | Rearranging code through lua patches. | While COP2 is a part of EE, in terms of emulation it's a separate processor that can run on its own. Consequently, some operations take a long time while EE still minds own its business. Some games abuse this and do their own thing, knowing that COP2 calculation takes an expected number of cycles. On this emu, every COP2 opcode is instant, which break games that expect it to take some time. |
VU0 is not running in sync with EE core | 24 The Game, ATV Quad Power Racing 2, Ghosthunter, Rayman Arena, Rayman 3, Largo winch, Ratchet and clank games. All games using M-bit. | EE hook AdvanceClock or fastforwardclock commands on affected addresses to push VU0 ahead while stalling EE, setting the value of 5 to ee cycle scalar, and patches to rearrange code. Most of the time, it will be CTC2/QMTC2 instructions with interlock that are affected. | Emulator kickstarts VU0 for 256 cycles, while reporting that 512 cycles passed. Yup, we are out of sync right from the start of VU0 mpg because people working for $ony don't know that VU0 run at EE MHz, not at EE bus MHz. Not to mention, that a 256 cycles kickstart is too much even on the correct speed. Later things just got worse. This issue can be partially replicated on Pcsx2 if you overclock the EE by +3 |
FPU/VU math inaccuracies. | Koun, Tony hawk games, Devil may cry 3, Gun, TY the Tasmanian Tiger 3, Beyond Good & Evil, MTX Mototrax, Max payne, Bully, Jackie chan adventures, Wild arms 3, Pac-man World 3, Gran turismo 4, Many others | Lua patches to the EE memory, accurate math commands. | PS2 use really obscure floating point math, only one guard bit is used in calculations. PCSX2 hack it with different rounding modes, emu on ps4 fix it with soft floats, usually applied per offset. Sometime with patches directly to affected code (THPS engine).
|
M-Bit support is broken | Every game that uses M-Bit. Totally Spies! Totally Party, Mike Tyson Heavyweight Boxing, My Street, Crash Twinsanity, Marvel Nemesis, Panzer Elite Action - Fields of Glory, Super Monkey Ball Adventure, most Eko Software games, and many more. [2] | Lua patches to the EE memory | While emulator respect m-bit, way that VU0 work on it make it broken most of times (check "VU0 is not running in sync with EE core" issue). |
Wrong disc read speed for some games | Shadowman(Textures), God of war (Music), Ratchet and clank size matters (Music), every game that's listed to require CDVD_READ_DELAY. and many other affected games | Try your luck with IOP and CDVD CLI commands. | Also known in sony's bios as CDVD_READ_DELAY |
Inaccurate VU0/VU1/COP2 emulation | Sly cooper games, Crash twinsanity, Crazy frog racer, Klonoa 2, others. | Choosing a VU accurate emulator such as Roguev1 or Kof2000 with the right clamping commands | The issue leads to SPS and graphical issues and sometimes freezing. |
Multitap doesn't support all games | Urban reign, others | Lua patches | Emulator expect PS4 to be able to use 8 controllers (well, who doesn't? Even PS1 can do it...). That cause all kind of mess with controller detection when game expect multitap in second port. |
DMA writes when busy signal is engaged | Ratchet and clank games, Metal gear solid 2, others | None yet | AKA eetiminghack |
VIF1 runs too fast | Urban reign, Avatar, Parappa 2, Eternal Poison, Soul Calibur 2, Soul Calibur 3, Others | Using LUA's SchedulerDelayEvent command or Using CLI'S vif1-instant-xfer command | Sony wanted to improve the performance, which is the reason VIF1 is instant. The lua's command can be customizable to set the delay period, the cli can't, therefore lua's command is much more compatible |
Reading VU TPC registers returns wrong values | Street Fighter 3 EX(VU0), R: Racing Revolution(VU0), Spiderman 3 (VU0, in T-Bit handler...), Edge of Reality games(VU1) | Patches in lua. | In this emu TPC stores full addresses, which is wrong. Real hardware keep there addr >> 3. Worth noting that EoR games read VU1 TPC in a nasty way, accessing 0x43A0(VU1 TPC) from COP2 code. |
VIF command interrupts handled before VIFn_CODE is updated. | Onimusha Blade Warriors | Fixed by patch in intr handler. | This is very specific case because Onimusha check VIFn_CODE register in interrupt handler and do nothing if code is not 0x80 (NOP with I). But VIFn_CODE seems to be updated after interrupt is handled. This practically makes everything out of sync later as interrupts are happening, but handler does nothing about them. |
IPU emulation inaccuracy | Burnout 3, Tony Hawk's Underground, Onimusha Dawn of Dreams | ? | |
CDVD register 0x1F402038 (KeysValid) return wrong result. | Every "SCCS" game | Patches in lua. | Likely specific to NTSC-C releases, because that region uses special SDK. This issue makes cdvdman become stuck on any request because it thinks that the cdvd key is invalid. |
Lack of CDVD error handling | Demon Chaos, Spyro A new Beginning, Silent Hill 2 Black Ribbon, games from pcsx2 #5174 PR. | Patches in lua if needed. | One correctly supported error is SCECdErABRT, rest is just not handled or what's worst trigger emu panic on purpose like SCECdErILI (but not for 0 sector request - Spyro). Some affected games can still work if error is just accidental and not checked by game code. |
Corrupted SIF0 transfer when not full QW is send by IOP | True Crime: LA, PDC DC 2008, Street Racing Syndicate(1.03) | Patches in lua. | IOP is able to send words by SIF0, EE DMAC can only transfer Quadwords. When IOP send not full QW real hardware use whatever was in buffer from previous transfer for missing words (only words that are requested by iop are overwritten in transfer buffer). Emu probably memset 0 that part. |
PS2 Bios
Description
The PS2 bios is the file PS20220WD20050620.crack included in every PS2 game .pkg. It is the same BIOS used by Sony in PS3's ps2_netemu.self. The lack of many X modules here means that homebrew compatibility is limited, as many of those need to be recompiled to use non X versions of modules, or need to load open source versions of them through MC/CDVD. An important non X module that is missing is LIBSD, therefore, homebrews that require it will likely fail to boot, or cause an error.
Bios is known to blacklist some titles, and refuse to boot them. This includes all titles with 00000000 000000A0 flag from that list (click here)
More about the bios
The version of the bios seems to be developement v2.20 from the Japanese region (22/01/2007), and is not limited to booting only NTSC-J games. Emulator not support USB peripherals, but this seems to be not limitation of BIOS, as it is used also in CECH C/E PS3 consoles. There are signs that different bios version exist, named PS20190AC20030623_nordram_miniOSD.bin. This bios has included handy extensions for debugging, and can debug print with "debug osd verbosity" from CLI set to "verbose". The most noticeable difference for both bios files seems to be the special RDRAM module. While PS3 patches its bios to preferred regions, PS4 uses a so called CallHook which is better known for pcsx2 users as fastboot. No need to describe this patch here, just look at PCSX2 fastboot code. It's the same code, but the only difference is that PS4 emus don't have patches for different bios revisions.
Bios file information:
File name: PS20220WD20050620.crack MD5: 83AD2B530C9C102A561BA1CDC6D996D5
Files inside ROM image
File | Offset in exported bin | Description | File type (exportable) |
---|---|---|---|
RESET | 0x00 | Bootstrap code for the EE and IOP. | BIN |
ROMDIR | 0x2780 | The ROMDIR part of the ROM image, which provides information on the location and name of files contained in the image. | BIN |
EXTINFO | 0x2CC0 | Contains the "EXTINFO" for all files in the ROM image. | BIN |
SBIN | 0x3330 | Seems to be the pad controller library for the PS1 monitor. | BIN |
LOGO | 0xA2D0 | PS1 logo? | BIN |
IOPBTCONF | 00x1EA20 | Boot configuration file for the IOP, during the final phase of the IOP reset. If no UDNL module is specified, the IOP will only have a single IOP reset in the reboot process, with the modules listed in IOPBTCONF. | BIN |
IOPBTCON2 | 0x1EB10 | Boot configuration file for the IOP, for the first phase of the IOP reset (before UDNL is loaded). | BIN |
SYSMEM | 0x1EBE0 | System Memory Manager. | ELF |
LOADCORE | 0x1FE00 | The core of IOP module loading. Provides the lowest level of IOP module loading functions. Also handles the startup of the IOP. | ELF |
EXCEPMAN | 0x22380 | Exception manager. | ELF |
INTRMANP | 0x22F60 | Interrupt Manager. According to wisi, it is for PS mode. | ELF |
INTRMANI | 0x24970 | Interrupt Manager. According to wisi, it is for IOP mode. | ELF |
SSBUSC | 0x267B0 | SSBUS Controller library. The SSBUS seems to be the bus that all peripherals get connected to. It seems to have the power to control the mapping of the device registers, as well as access timing. | ELF |
TIMEMANP | 0x26F20 | Timer Manager (PS mode) | ELF |
TIMEMANI | 0x27B00 | Timer Manager (IOP mode) | ELF |
DMACMAN | 0x28730 | DMA Controller Manager. | ELF |
SYSCLIB | 0x2BE30 | System C Library. | ELF |
HEAPLIB | 0x2E590 | Memory HEAP LIBrary (i.e. thvpool, thfpool) | ELF |
THREADLIB | 0x2F290 | Multi_Thread_Manager | ELF |
VBLANK | 0x38020 | V-Blank management | ELF |
IOMAN | 0x38DB0 | IO Manager | ELF |
MODLOAD | 0x3AD20 | IOP module loader. | ELF |
ROMDRV | 0x3D070 | ROM driver. Provides access to the boot ROM (rom0). | ELF |
ADDDRV | 0x3DF60 | Adds support for the DVD ROM (rom1:), via ROMDRV. | ELF |
STDIO | 0x3D3C0 | Standard I/O library. | ELF |
SIFMAN | 0x3EFB0 | SIF manager. | ELF |
SIFINIT | 0x40550 | Initializes the SIF. | ELF |
EESYNC | 0x40970 | For synchronizing with the EE, at the end of IOP resets. EESYNC from DNAS images are evil; they also perform a memory wipe of the region from 0x00084000 to .0x00100000. | ELF |
EENULL | 0x40E10 | The idle thread (id #0) module, in ps2 loaded to 0x00081FC0. | BIN |
PS1ID | 0x40E50 | Only found in newer boot ROMs | BIN |
LIBFI | 0x40E60 | Not present in the boot ROM of the SCPH-10000 and SCPH-15000. | BIN |
PS1VERJ | 0x40F50 | BIN | |
PS1VERA | 0x40F60 | BIN | |
PS1VERE | 0x40F70 | BIN | |
PS1VERC | 0x40F80 | BIN | |
PS1VERH | 0x40F90 | BIN | |
OSDSYS | 0x40FA0 | The browser | BIN |
- | 0x40FB0 | BIN | |
RDRAM | 0x41000 | Provides a RDRAM test for the EE at power-on. This is run from RESET. | BIN |
EELOADCNF | 0x43D50 | Contains the IOP boot configuration file for EELOAD. | BIN |
SIFCMD | 0x43F00 | SIF command module. Contains the SIF command and SIF RPC functions. | ELF |
REBOOT | 0x46140 | The reboot service. Receives IOP reset packets from the EE, from across the SIF. | ELF |
LOADFILE | 0x46910 | The RPC server for MODLOAD | ELF |
EECONF | 0x49070 | Loads part of the system configuration from the MECHACON EEPROM. Also configures and resets some peripherals, depending on the model version. In slimlines, and possibly on PS3 EECONF will also load the MAC address. | ELF |
- | 0x49FF0 | BIN | |
IOPBOOT | 0x4A000 | IOP bootup program | BIN |
- | 0x4B160 | BIN | |
TBIN | 0x4B800 | The PS1 monitor program. Seems to be the PS1 BIOS. This is started by RESET, when the IOP is in PS1 mode. | BIN |
XSHA1 | 0x59770 | sha1 - this only present in PS3. It is used as additional antipiracy check. It seems that it calculate disc main elf checksum and compares it with some database. Config related? | ELF |
XLOADFILE | 0x5A740 | Updated module | ELF |
SIO2MAN | 0x5D7F0 | SIO2 manager. Provides access to the SIO2 interface. | ELF |
- | 0x5F420 | BIN | |
MCSERV | 0x61340 | RPC server for MCMAN. | ELF |
- | 0x63040 | BIN | |
KROMG | 0x64000 | BIN | |
- | 0x65CC0 | BIN | |
KROM | 0x66000 | Kanji ROM? Not sure where this is used. | BIN |
- | 0x7FE70 | BIN | |
ROMVER | 0x7FF00 | ROM version. | BIN |
- | 0x7FF10 | BIN | |
VERSTR | 0x7FF30 | Version string. Probably PS1 ROM will use this because that this string is also present in PlayStation consoles. | BIN |
- | 0x7FF90 | BIN | |
ROMGSCRT | 0x80000 | BIN | |
NCDVDMAN | 0x82D30 | It seems to be a heavily stripped-down CDVDMAN module, with no support for some S-command functions like sceCdRI. | ELF |
SECRMAN | 0x8F770 | Security Manager. Signing is NOT done with the one in ROM, but with a special version that comes with the utility discs. Looks like PS3 units have a different SECRMAN module from retail sets, similar to PS2 TOOL one. | ELF |
MCMAN | 0x93C30 | Memory Card Manager. | ELF |
PADMAN | 0xA30C0 | Pad manager. | ELF |
CDVDMAN | 0xAC810 | The CD/DVD manager. | ELF |
CDVDFSV | 0xB4BC0 | The RPC server for CDVDMAN. | ELF |
FILEIO | 0xBCF80 | RPC server for IOMAN. Sony has greatly changed the semantics and design of FILEIO after some point. Connecting an old FILEIO EE RPC client to a newer server will result in a severe IOP crash. | ELF |
CLEARSPU | 0xBF080 | Seems to clear/reset the SPU, but is known to cause crashes under some conditions. Not sure if it's buggy or not. Only used by the OSDSYS of the SCPH-10000 and SCPH-15000, probably retained for backward-compatibility. | ELF |
UDNL | 0xC0CC0 | It is responsible for selecting the modules and starting the IOP, during the final phase of the IOP reset where the desired modules are to be loaded into the IOP. | ELF |
IGREETING | 0xC2BC0 | Displays boot information (i.e. IOP boot type, EBOOTP, IBOOTP, switch positions for DSW602 and the type of DSW602 board installed | ELF |
EELOAD | 0xC3C20 | The EE ELF loader, which is loaded by LoadExecPS2() to 0x00082000 in PS2 for loading ELFs. | BIN |
XCDVDMAN | 0xD2DA0 | cdvd_driver - Updated module | ELF |
XCDVDFSV | 0xE1B30 | cdvd_ee_driver - Updated module | ELF |
OSDSND | 0xEFF60 | OSD sound library. This is actually the tentative sound driver, which is called "librspu2" in the Sony SDK. | ELF |
PS2LOGO | 0x11ABB0 | Displays the PlayStation 2 logo from the inserted disc. For newer consoles, if the logo cannot be decrypted properly, it will fall back to the browser. Not actually required to boot games, but the Sony OSDSYS boots PS2 games through this program. | ELF |
XPARAM2 | 0x137500 | File store per title settings for IOP emulation (XPARAM available also in real PS2 since 750XX where Deckard powerPC was introduced) | ELF |
OSDSYS | 0x139A00 | The browser | BIN |
PIOPRP | 0x177880 | Present in the PS3 ps2_(gx/soft/net)emu; contains version 3.1.0 of the IOP software (compared to version 1.3.4 on the root). | BIN |
KERNEL | 0x1BB7E0 | The EE kernel | BIN |
Description source: https://gist.github.com/uyjulian/25291080f083987d3f3c134f593483c5
Game_ID/DiscID in PS20220WD20050620.crack
There are 193 titleIDs listed inside XPARAM2.ELF file of PS2 Bios included in PS20220WD20050620.crack. XPARAM2.ELF is called by OSDSYS, then ID check is performed. If titleID match to one of included in the table, different IOP emulation settings are applied. This include blacklisting for some specific titles. Original PS2 bios from models with emulated IOP, include similar list file called XPARAM.ELF. Title IDs there are not the same, although some of them exist on both lists.
Command | Name |
---|---|
0x00 | TITLE_MASK |
0x01 | SIO2_MASK |
0x02 | DEV9_MASK |
0x03 | USB_MASK |
0x04 | SIF_DMA_SYNC |
0x05 | SIF_DMA_LOAD |
0x06 | DMAC_CH10_INT_DELAY |
0x07 | MECHA_RECOGTIME |
0x08 | CPU_DELAY |
0x09 | DEV5_INT_SPEED |
0x0A | CDVD_READ_DELAY |
0x0B | SPU2_BEHAVIOR |
ID | Title | Command | Value | Remarks |
---|---|---|---|---|
PBPX_952.01 | DVD Utility Disc Version 1.00 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.02 | DVD Utility Disc Version 1.01 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.03 | DVD Utility Disc Version 1.01 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.06 | DVD Player (Version 2.01) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.07 | DVD Player (Version 2.10) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.08 | DVD Player (Version 2.10) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.09 | DVD Player (Version 2.10) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.10 | DVD Utility Disc Version 2.10 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.11 | DVD Utility Disc Version 1.00 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.21 | DVD Player (Version 2.12) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.22 | DVD Player (Version 2.14) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.24 | DVD Player (Version 2.16) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_952.28 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag | |
PBPX_952.35 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag | |
PBPX_952.39 | Online Start Up Disc v3.0 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_955.01 | Linux for PS2 Beta Release 1 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_955.07 | Playstation 2 Linux Runtime Environment v1.0 (Disc 1) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_955.09 | Linux for PS2 Release 1.0 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PBPX_955.18 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag | |
PDPX_991.09 | DVD Player (Version 3.04) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PSXC_002.01 | PSX Update Disc 1.10 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PSXC_002.02 | PSX Update Disc 1.20 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PSXC_002.03 | PSX Update Disc 1.31 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
PTPX_970.38 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag | |
SCAJ_201.25 | Tekken 5 | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SCAJ_201.26 | Tekken 5 | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SCES_532.02 | Tekken 5 | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SCKA_200.49 | Tekken 5 | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SCPM_621.15 | 0x00 | 0x1000000 | TITLE_MASK | |
SCPM_621.16 | 0x00 | 0x1000000 | TITLE_MASK | |
SCPN_601.01 | PlayStation BB Navigator (Version 0.10) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SCPN_601.30 | PlayStation BB Navigator (Version 0.20) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SCPN_601.40 | PlayStation BB Navigator (Version 0.30) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SCPN_601.50 | PlayStation BB Navigator (Version 0.31) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SCPN_601.60 | PlayStation BB Navigator (Version 0.32) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SCPS_110.01 | I.Q. Remix | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SCPS_110.10 | Yoake no Mariko (Performance Pack Edition) | 0x01 | 0x1800 | SIO2_MASK |
SCPS_110.18 | Yoake no Mariko | 0x01 | 0x1800 | SIO2_MASK |
SCPS_110.21 | Yoake no Mariko 2nd Act (Limited Edition) | 0x01 | 0x1800 | SIO2_MASK |
SCPS_110.22 | Yoake no Mariko 2nd Act | 0x01 | 0x1800 | SIO2_MASK |
SCPS_150.38 | Lifeline | 0x0A | 0x80300 | CDVD_READ_DELAY |
SCPS_150.39 | Lifeline | 0x0A | 0x80300 | CDVD_READ_DELAY |
SCPS_170.01 | Gran Turismo 4 | 0x0B | 0x10000000 | SPU2_BEHAVIOR |
SCPS_175.01 | Linux (for PlayStation2) Release 1.0 | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SCPS_200.39 | 0x00 | 0x4000000 | TITLE_MASK | |
SCUS_971.67 | PaRappa the Rapper 2 | 0x04 | 0x2000 | SIF_DMA_SYNC |
SCUS_972.69 | Final Fantasy XI [Disc 2] | 0x02 | 0xB | DEV9_MASK |
SLES_500.48 | Donald Duck: Quack Attack | 0x01 | 0x800 | SIO2_MASK |
SLES_500.62 | Orphen: Scion of Sorcery | 0x08 | 0xC1C | CPU_DELAY |
SLES_503.64 | City Crisis | 0x0A | 0x80BB8 | CDVD_READ_DELAY |
SLES_504.46 | Shadow Man 2: The Second Coming | 0x0A | 0x80600 | CDVD_READ_DELAY |
SLES_505.40 | Simpsons: Road Rage | 0x01 | 0x800 | SIO2_MASK |
SLES_506.08 | Shadow Man 2: The Second Coming | 0x0A | 0x80600 | CDVD_READ_DELAY |
SLES_506.28 | Simpsons: Road Rage | 0x01 | 0x800 | SIO2_MASK |
SLES_507.28 | Tiger Woods PGA Tour 2002 | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLES_507.29 | 0x0A | 0x803E8 | CDVD_READ_DELAY | |
SLES_512.82 | Tiger Woods PGA Tour 2003 | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLES_514.79 | Def Jam Vendetta | 0x01 | 0x802 | SIO2_MASK |
SLES_518.41 | SpyHunter 2 | 0x01 | 0x800 | SIO2_MASK |
SLES_518.44 | Time Crisis 3 | 0x01 | 0x800 | SIO2_MASK |
SLES_519.97 | SWAT: Global Strike Team | 0x01 | 0x800 | SIO2_MASK |
SLES_520.97 | SWAT: Global Strike Force | 0x01 | 0x800 | SIO2_MASK |
SLES_530.37 | Super Monkey Ball Deluxe | 0x01 | 0x802 | SIO2_MASK |
SLES_536.68 | Micro Machines v4 | 0x01 | 0x801 | SIO2_MASK |
SLES_537.55 | Castlevania: Curse of Darkness | 0x04 | 0x10 | SIF_DMA_SYNC |
SLES_537.96 | FIFA Street 2 | 0x01 | 0x1800 | SIO2_MASK |
SLPM_620.42 | Kurogane no Houkou: Warship Commander | 0x01 | 0x3000 | SIO2_MASK |
SLPM_620.62 | Gitaroo Man One | 0x0A | 0x80540 | CDVD_READ_DELAY |
SLPM_621.05 | Taikou Risshiden IV | 0x09 | 0x2B47000A | DEV5_INT_SPEED |
SLPM_621.24 | Ready 2 Rumble Boxing: Round 2 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_621.25 | Gauntlet: Dark Legacy | 0x08 | 0xC1C | CPU_DELAY |
SLPM_621.25 | Gauntlet: Dark Legacy | 0x09 | 0x2B470005 | DEV5_INT_SPEED |
SLPM_621.35 | Final Fantasy: XI (Beta Version) | 0x00 | 0xA0000000 | TITLE_MASK, 0xA0000000 = Blacklist, boot after removing flag |
SLPM_621.54 | DDRMAX Dance Dance Revolution 6thMix | 0x08 | 0x1A5E | CPU_DELAY |
SLPM_622.39 | Supercar Street Challenge | 0x0A | 0x80300 | CDVD_READ_DELAY |
SLPM_623.69 | Karaoke Revolution: J-Pop Vol.1 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_623.79 | Karaoke Revolution: J-Pop Vol.2 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_623.80 | Karaoke Revolution: J-Pop Vol.3 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_623.81 | Karaoke Revolution: J-Pop Vol.4 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_623.82 | Karaoke Revolution: Love & Ballad | 0x08 | 0x1388 | CPU_DELAY |
SLPM_623.83 | Karaoke Revolution: Night Selection 2003 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.14 | Karaoke Revolution: Dreams & Memories | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.37 | Suisui Sweet: Amai Ai no Mitsukekata | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SLPM_624.50 | Karaoke Revolution: Anime Song Selection | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.51 | Karaoke Revolution: J-Pop Vol.5 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.54 | Karaoke Revolution: J-Pop Vol.6 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.55 | Karaoke Revolution: J-Pop Vol.7 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.56 | Karaoke Revolution: J-Pop Vol.8 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.57 | Karaoke Revolution: Snow & Party | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.64 | Pop'n Taisen Pazurudame Online | 0x08 | 0x1F40 | CPU_DELAY |
SLPM_624.79 | Karaoke Revolution: J-Pop Vol.9 | 0x08 | 0x1388 | CPU_DELAY |
SLPM_624.91 | Mega Man: The Power Battle | 0x04 | 0x2000 | SIF_DMA_SYNC |
SLPM_624.92 | Karaoke Revolution: Kids Song Selection | 0x08 | 0x1388 | CPU_DELAY |
SLPM_625.28 | Karaoke Revolution: Kazoku Idol Sengen (Bundle Edition) | 0x08 | 0x1388 | CPU_DELAY |
SLPM_625.29 | Karaoke Revolution: Kazoku Idol Sengen | 0x08 | 0x1388 | CPU_DELAY |
SLPM_650.86 | A Visual Mix: Ayumi Hamasaki Dome Tour 2001 (Disc 1) | 0x08 | 0x1450 | CPU_DELAY |
SLPM_650.87 | A Visual Mix: Ayumi Hamasaki Dome Tour 2001 (Disc 2) | 0x08 | 0x1450 | CPU_DELAY |
SLPM_650.90 | Spy Hunter | 0x01 | 0x1800 | SIO2_MASK |
SLPM_651.97 | Nobunaga's Ambition Online | 0x02 | 0xB | DEV9_MASK |
SLPM_652.09 | Star Ocean: Till the End of Time | 0x0B | 0x20014 | SPU2_BEHAVIOR |
SLPM_654.38 | Star Ocean: Till the End of Time (Director's Cut) (Disc 1) | 0x0B | 0x20014 | SPU2_BEHAVIOR |
SLPM_654.39 | Star Ocean: Till the End of Time (Director's Cut) (Disc 2) | 0x0B | 0x20014 | SPU2_BEHAVIOR |
SLPM_654.88 | Grand Theft Auto: Vice City | 0x0A | 0x300 | CDVD_READ_DELAY |
SLPM_654.88 | Grand Theft Auto: Vice City | 0x09 | 0x36000200 | DEV5_INT_SPEED |
SLPM_656.33 | I Love Baseball: Pro Yakyu wo Koyonaku | 0x08 | 0xFA0 | CPU_DELAY |
SLPM_656.98 | Love Songs: ADV Futaba Riho 14-sai Natsu | 0x0A | 0x80380 | CDVD_READ_DELAY |
SLPM_657.05 | Final Fantasy XI: Chains of Promathia (Expansion Disc) | 0x02 | 0xB | DEV9_MASK |
SLPM_657.06 | Final Fantasy XI: Chains of Promathia (All-In-One Edition) | 0x02 | 0xB | DEV9_MASK |
SLPM_657.19 | Burnout 3: Takedown | 0x01 | 0x1C00 | SIO2_MASK |
SLPM_657.83 | Nobunaga no Yabou Online: Tappi no Shou | 0x02 | 0xB | DEV9_MASK |
SLPM_658.94 | Winning Post 6: 2005 Version | 0x01 | 0x2400 | SIO2_MASK |
SLPM_659.34 | Maple Colors | 0x0A | 0x80300 | CDVD_READ_DELAY |
SLPM_659.53 | Final Fantasy: XI (Entry Disc 2005) | 0x02 | 0xB | DEV9_MASK |
SLPM_659.84 | Grand Theft Auto: San Andreas | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPM_660.33 | The Sword of Etheria | 0x08 | 0xC1C | CPU_DELAY |
SLPM_660.33 | The Sword of Etheria | 0x00 | 0x2000000 | TITLE_MASK |
SLPM_660.48 | The Sword of Etheria | 0x08 | 0xC1C | CPU_DELAY |
SLPM_660.48 | The Sword of Etheria | 0x00 | 0x2000000 | TITLE_MASK |
SLPM_660.57 | Taito Memories Vol.1 | 0x08 | 0xCE4 | CPU_DELAY |
SLPM_661.56 | Marheaven: Arm Fight Dream | 0x01 | 0x1800 | SIO2_MASK |
SLPM_661.75 | Akumajo Dracula: Yami no Juin | 0x08 | 0x60 | CPU_DELAY |
SLPM_661.75 | Akumajo Dracula: Yami no Juin | 0x0B | 0x2001C | SPU2_BEHAVIOR |
SLPM_663.93 | Final Fantasy XI: Treasures of Aht Urhgan (All-In-One Edition) | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPM_663.93 | Final Fantasy XI: Treasures of Aht Urhgan (All-In-One Edition) | 0x09 | 0x2B47000A | DEV5_INT_SPEED |
SLPM_663.93 | Final Fantasy XI: Treasures of Aht Urhgan (All-In-One Edition) | 0x02 | 0xB | DEV9_MASK |
SLPM_663.94 | Final Fantasy XI: Treasures of Aht Urhgan | 0x02 | 0xB | DEV9_MASK |
SLPM_664.36 | Aria the Natural | 0x01 | 0x1800 | SIO2_MASK |
SLPM_664.36 | Aria the Natural | 0x00 | 0xA000000 | TITLE_MASK |
SLPM_665.39 | Nobunaga no Yabou Online: Haten no Shou | 0x02 | 0xB | DEV9_MASK |
SLPM_665.58 | Tomb Raider: Legend | 0x08 | 0x3E8 | CPU_DELAY |
SLPM_665.74 | Detective Evangelion | 0x00 | 0x2000000 | TITLE_MASK |
SLPM_680.07 | Karaoke Revolution (Trial) | 0x08 | 0x1388 | CPU_DELAY |
SLPM_680.10 | 0x08 | 0x1388 | CPU_DELAY | |
SLPS_200.08 | Morita Shogi | 0x08 | 0x1388 | CPU_DELAY |
SLPS_200.20 | FIFA 2000 World Championship | 0x04 | 0x2001 | SIF_DMA_SYNC |
SLPS_200.37 | Go Go Golf | 0x09 | 0x2B47000A | DEV5_INT_SPEED |
SLPS_200.38 | Grappler Baki: Baki Saidai no Tournament | 0x08 | 0x1194 | CPU_DELAY |
SLPS_200.53 | Tenshi no Present: Marle Oukoku Monogatari (Limited Edition) | 0x0B | 0x20000000 | SPU2_BEHAVIOR |
SLPS_200.66 | Tenshi no Present: Marle Oukoku Monogatari | 0x0B | 0x20000000 | SPU2_BEHAVIOR |
SLPS_201.01 | City Crisis | 0x0A | 0x80BB8 | CDVD_READ_DELAY |
SLPS_201.11 | Magical Sports Pro Baseball 2001 | 0x09 | 0x2B47000A | DEV5_INT_SPEED |
SLPS_201.72 | Koushien: Konpeki no Sora | 0x09 | 0x2B47000A | DEV5_INT_SPEED |
SLPS_201.73 | Hard Hitter 2 | 0x0A | 0x80300 | CDVD_READ_DELAY |
SLPS_201.97 | Surfing Air Show with RatBoy | 0x09 | 0x2B47000A | DEV5_INT_SPEED |
SLPS_201.99 | F1 2002 | 0x0B | 0x20005 | SPU2_BEHAVIOR |
SLPS_202.00 | Final Fantasy XI | 0x02 | 0xB | DEV9_MASK |
SLPS_204.04 | Rakushou! Pachi-Slot Sengen 2 | 0x0A | 0x80300 | CDVD_READ_DELAY |
SLPS_204.29 | Hissatsu Pachi-Slot Evolution: Ninja Hattori-Kun V | 0x08 | 0x1B58 | CPU_DELAY |
SLPS_204.55 | Simple 2000 Series Vol.94: The Aka-Champion - Come on Baby | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SLPS_250.08 | Sorcerous Stabber Orphen | 0x08 | 0xC1C | CPU_DELAY |
SLPS_250.71 | A Visual Mix: Ayumi Hamasaki Dome Tour 2001 | 0x08 | 0x1450 | CPU_DELAY |
SLPS_250.72 | A Visual Mix: Ayumi Hamasaki Dome Tour 2001 | 0x08 | 0x1450 | CPU_DELAY |
SLPS_250.81 | Saishuu Densha | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPS_251.36 | Kuon no Kizuna Sairin Mikotonori | 0x0A | 0x805DC | CDVD_READ_DELAY |
SLPS_251.42 | Tiger Woods PGA Tour 2002 | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPS_251.50 | Only You | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SLPS_252.37 | Only You | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SLPS_252.75 | Def Jam: Vendetta | 0x01 | 0x802 | SIO2_MASK |
SLPS_252.78 | Memories Off: Mix | 0x0A | 0x80300 | CDVD_READ_DELAY |
SLPS_252.90 | Time Crisis 3 | 0x01 | 0x800 | SIO2_MASK |
SLPS_253.15 | One Piece: Grand Battle 3 | 0x01 | 0x1800 | SIO2_MASK |
SLPS_253.57 | 3-Nen B-Gumi Kinpachi Sensei: Densetsu no Kyoudan ni Tate! | 0x01 | 0x1800 | SIO2_MASK |
SLPS_253.79 | Tokyo Majin Gakuen: Kaihoujyou Kefurokou | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPS_254.06 | Hitman: Contracts | 0x08 | 0xDAC | CPU_DELAY |
SLPS_254.18 | Ace Combat 5: The Unsung War | 0x0A | 0x500000 | CDVD_READ_DELAY |
SLPS_255.10 | Tekken 5 | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SLPS_255.85 | Monster Farm 5: Circus Caravan | 0x07 | 5 | MECHA_RECOGTIME |
SLPS_255.86 | Tales of the Abyss | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPS_256.04 | Ar tonelico Qoga: Knell of Ar Ciel | 0x00 | 0xA000000 | TITLE_MASK |
SLPS_256.67 | Daito Giken Premium Pachi-Slot Collection: Yoshimune | 0x01 | 0x1800 | SIO2_MASK |
SLPS_256.98 | Fatal Fury Battle Archives Volume 2 | 0x00 | 0xA000000 | TITLE_MASK |
SLPS_257.08 | The Familiar of Zero (Limited Edition) | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPS_257.09 | The Familiar of Zero | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLPS_257.21 | HimeHibi - Princess Days | 0x0B | 0x8000000 | SPU2_BEHAVIOR |
SLPS_257.22 | Routes PE (Limited Edition) | 0x08 | 0x3E8 | CPU_DELAY |
SLPS_257.27 | Routes PE | 0x08 | 0x3E8 | CPU_DELAY |
SLPS_732.49 | Ar tonelico Qoga: Knell of Ar Ciel (Platinum) | 0x00 | 0xA000000 | TITLE_MASK |
SLUS_200.11 | Orphen: Ocion of Sorcery | 0x08 | 0x1388 | CPU_DELAY |
SLUS_200.11 | Orphen: Ocion of Sorcery | 0x09 | 0x8000010 | DEV5_INT_SPEED |
SLUS_200.77 | Donald Duck: Go'in Quackers | 0x01 | 0x800 | SIO2_MASK |
SLUS_202.74 | City Crisis | 0x0A | 0x80BB8 | CDVD_READ_DELAY |
SLUS_203.05 | Simpsons: Road Rage | 0x01 | 0x800 | SIO2_MASK |
SLUS_203.64 | Tiger Woods PGA Tour 2002 | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLUS_204.13 | Shadowman 2 | 0x0A | 0x80600 | CDVD_READ_DELAY |
SLUS_204.33 | SWAT: Global Strike Team | 0x01 | 0x800 | SIO2_MASK |
SLUS_204.88 | Star Ocean: Til the end of Time [Disc 1] | 0x08 | 0x1388 | CPU_DELAY |
SLUS_205.72 | Tiger Woods PGA Tour 2003 | 0x0A | 0x803E8 | CDVD_READ_DELAY |
SLUS_205.90 | Spyhunter 2 | 0x01 | 0x800 | SIO2_MASK |
SLUS_206.35 | Muppets Party Cruise | 0x01 | 0x801 | SIO2_MASK |
SLUS_206.39 | Def Jam Vendetta | 0x01 | 0x800 | SIO2_MASK |
SLUS_206.86 | Splashdown: Rides Gone Wild | 0x0A | 0x80400 | CDVD_READ_DELAY |
SLUS_208.38 | All-Star Baseball 2005 | 0x01 | 0x802 | SIO2_MASK |
SLUS_208.51 | Ace Combat 5: The Unsung War | 0x0A | 0x500000 | CDVD_READ_DELAY |
SLUS_208.91 | Star Ocean: Til the end of Time [Disc 2] | 0x08 | 0x1388 | CPU_DELAY |
SLUS_209.18 | Super Monkey Ball: Deluxe | 0x01 | 0x800 | SIO2_MASK |
SLUS_210.59 | Tekken 5 | 0x0B | 0x40000000 | SPU2_BEHAVIOR |
SLUS_210.70 | Final Fantasy XI: Chains of Promathia | 0x02 | 0xB | DEV9_MASK |
SLUS_210.89 | Karaoke Revolution Vol.3 | 0x08 | 0x1388 | CPU_DELAY |
SLUS_213.31 | Sonic Riders | 0x01 | 0x800 | SIO2_MASK |
SLUS_213.39 | Puzzle Challenge | 0x01 | 0x800 | SIO2_MASK |
SLUS_214.04 | Final Fantasy XI: Treasures of Aht Urhgan | 0x02 | 0xB | DEV9_MASK |
SLUS_214.52 | Valkyrie Profile 2: Silmeria | 0x08 | 0x1388 | CPU_DELAY |
Folder/File layout
Example: Max Payne Classic
├── config-emu-ps4.txt ├── docs │ └── revision.h ├── eboot.bin ├── feature_data │ └── SLES-50326_features.lua ├── formatted.card ├── image │ └── disc01.iso ├── lua_include │ ├── ee-cpr0-alias.lua │ ├── ee-gpr-alias.lua │ ├── ee-hwaddr.lua │ ├── language.lua │ ├── pad-and-key.lua │ ├── ps2.lua │ └── utils.lua ├── patches │ └── SLES-50326_cli.conf ├── PS20220WD20050620.crack ├── ps2-emu-compiler.self ├── sce_companion_httpd │ └── html │ ├── BackCover.jpg │ ├── base │ │ ├── arrow_up.png │ │ └── sprites.png │ ├── css │ │ ├── default-skin.png │ │ └── styles.min.css │ ├── index.html │ ├── js │ │ └── app.min.js │ ├── large │ │ ├── Box01.jpg │ │ ├── Box04.jpg │ │ ├── landscape │ │ │ ├── Box01.jpg │ │ │ ├── Box04.jpg │ │ │ ├── Page01.jpg From 01 to 59 │ │ │ └── Page59.jpg │ │ ├── Page01.jpg From 01 to 116 │ │ └── Page116.jpg │ ├── medium │ │ ├── Box01.jpg │ │ ├── Box04.jpg │ │ ├── landscape │ │ │ ├── Box01.jpg │ │ │ ├── Box04.jpg │ │ │ ├── Page01.jpg From 01 to 59 │ │ │ └── Page59.jpg │ │ ├── Page01.jpg from 01 to 116 │ │ └── Page116.jpg │ ├── small │ │ ├── Box01.jpg from 01 to 04 │ │ ├── Box04.jpg │ │ ├── landscape │ │ │ ├── Box01.jpg from 01 to 04 │ │ │ ├── Box04.jpg │ │ │ ├── Page01.jpg From 01 to 59 │ │ │ └── Page59.jpg │ │ ├── Page01.jpg From 01 to 116 │ │ └── Page116.jpg │ └── thumbnails │ ├── BoxThumb01.jpg │ ├── BoxThumb04.jpg │ ├── landscape │ │ ├── BoxThumb01.jpg │ │ ├── BoxThumb04.jpg │ │ ├── Thumb01.jpg from 01 to 59 │ │ └── Thumb59.jpg │ ├── Thumb01.jpg From 01 to 116 │ └── Thumb116.jpg ├── sce_module │ ├── libc.prx │ └── libSceFios2.prx ├── sce_sys │ ├── about │ │ └── right.sprx │ └── keystone └── trophy_data └── SLES-50326_trophies.lua
LUA include files
Files that some official pkgs use in order for the lua files to be separate.
pad-connect-type.lua
local PadConnectType = {} PadConnectType.DS4 = 0 PadConnectType.HID = 1 -- any 3rd party USB controller (fight stick, turbo controller, etc), always local. PadConnectType.REMOTE_DS4 = 2 -- remote DS4 should behave just like regular DS4 PadConnectType.REMOTE_VITA = 3 -- remote VITA lacks analog L2/R2 return PadConnectType
sprite.lua
local kFilterMode = {} kFilterMode.Point = 0x00000000 -- < Sample the one texel nearest to the sample point. kFilterMode.Bilinear = 0x00000001 -- < Sample the four texels nearest the sample point, and blend linearly. local kWrapMode = {} kWrapMode.Wrap = 0x00000000 -- < The integer portion of the input coordinate is discarded, and the fractional portion is used instead. <c>U=U-floorf(U);</c> kWrapMode.Mirror = 0x00000001 -- < The input coordinate is "reflected" across the texture boundary. This reflection may occur multiple times until the coordinate falls within the <c>[0..1]</c> range. <c>U=isOdd(floorf(U)) ? 1-fracf(U) : fracf(U)</c> kWrapMode.ClampLastTexel = 0x00000002 -- < The input coordinate is clamped to the range <c>[0..1]</c>. <c>U=max(0,min(1,U));</c> kWrapMode.MirrorOnceLastTexel = 0x00000003 -- < The input coordinate is reflected at most one time and then clamped to the range <c>[0..1]</c>. <c>U=abs(max(-1,min(1,U));</c> kWrapMode.ClampHalfBorder = 0x00000004 -- < Similar to kWrapModeClampLastTexel, but if clamping is necessary, the output color will be the border color specified by the Sampler. For this mode, coordinates that are not within half a pixel of the border are considered clamped. kWrapMode.MirrorOnceHalfBorder = 0x00000005 -- < Similar to kWrapModeMirrorOnceLastTexel, but if clamping is necessary, the output color will be the border color specified by the Sampler. For this mode, coordinates that are not within half a pixel of the border are considered clamped. kWrapMode.ClampBorder = 0x00000006 -- < Similar to kWrapModeClampLastTexel, but if clamping is necessary, the output color will be the border color specified by the Sampler. For this mode, coordinates that are outside the range <c>[0..1]</c> are considered clamped. kWrapMode.MirrorOnceBorder = 0x00000007 -- < Similar to kWrapModeMirrorOnceLastTexel, but if clamping is necessary, the output color will be the border color specified by the Sampler. For this mode, coordinates that are outside the range <c>[0..1]</c> are considered clamped. local kBlendMultiplier = {} kBlendMultiplier.Zero = 0x00000000 -- < Multiply the associated input by zero. kBlendMultiplier.One = 0x00000001 -- < Multiply the associated input by one. kBlendMultiplier.SrcColor = 0x00000002 -- < Multiply the associated input by the fragment color. kBlendMultiplier.OneMinusSrcColor = 0x00000003 -- < Multiply the associated input by one minus the fragment color. kBlendMultiplier.SrcAlpha = 0x00000004 -- < Multiply the associated input by the fragment alpha. kBlendMultiplier.OneMinusSrcAlpha = 0x00000005 -- < Multiply the associated input by one minus the fragment alpha. kBlendMultiplier.DestAlpha = 0x00000006 -- < Multiply the associated input by the render target alpha. kBlendMultiplier.OneMinusDestAlpha = 0x00000007 -- < Multiply the associated input by one minus the render target alpha. kBlendMultiplier.DestColor = 0x00000008 -- < Multiply the associated input by the render target color. kBlendMultiplier.OneMinusDestColor = 0x00000009 -- < Multiply the associated input by one minus the render target color. kBlendMultiplier.SrcAlphaSaturate = 0x0000000a -- < Multiply the associated input by the minimum of 1 or fragment alpha. kBlendMultiplier.ConstantColor = 0x0000000d -- < Multiply the associated input by the constant color. @see DrawCommandBuffer::setBlendColor() kBlendMultiplier.OneMinusConstantColor = 0x0000000e -- < Multiply the associated input by one minus the constant color. @see DrawCommandBuffer::setBlendColor() kBlendMultiplier.Src1Color = 0x0000000f -- < Multiply the associated input by a secondary fragment color. kBlendMultiplier.InverseSrc1Color = 0x00000010 -- < Multiply the associated input by one minus a secondary fragment color. kBlendMultiplier.Src1Alpha = 0x00000011 -- < Multiply the associated input by a secondary fragment alpha. kBlendMultiplier.InverseSrc1Alpha = 0x00000012 -- < Multiply the associated input by one minus a secondary fragment alpha. kBlendMultiplier.ConstantAlpha = 0x00000013 -- < Multiply the associated input by the constant color alpha. @see DrawCommandBuffer::setBlendColor() kBlendMultiplier.OneMinusConstantAlpha = 0x00000014 -- < Multiply the associated input by one minus the constant color alpha. @see DrawCommandBuffer::setBlendColor() local kBlendFunc = {} kBlendFunc.Add = 0x00000000 -- < The source value is added to the destination value. kBlendFunc.Subtract = 0x00000001 -- < The destination value is subtracted from the source value. kBlendFunc.Min = 0x00000002 -- < The minimum of the source and destination values is selected. kBlendFunc.Max = 0x00000003 -- < The maximum of the source and destination values is selected. kBlendFunc.ReverseSubtract = 0x00000004 -- < The source value is subtracted from the destination value. -- Default blending mode, ideal for typical alpha channel embedded into a PNG image. blendDefaultEquation = { kBlendMultiplier.SrcAlpha, -- src multiplier kBlendFunc.Add, -- blend function kBlendMultiplier.OneMinusSrcAlpha, -- dest multiplier } blendConstFadeEquation = { kBlendMultiplier.ConstantAlpha, -- src multiplier kBlendFunc.Add, -- blend function kBlendMultiplier.OneMinusConstantAlpha, -- dest multiplier } return kFilterMode, kWrapMode, kBlendMultiplier, kBlendFunc
MipsInsn.lua
MipsInsn = {} MipsInsn.IsAddi = function(insn) return (insn & 0xfc000000) == 0x20000000 end -- addi rt,rs,simm MipsInsn.IsAddiu = function(insn) return (insn & 0xfc000000) == 0x24000000 end -- addiu rt,rs,simm MipsInsn.IsDaddu = function(insn) return (insn & 0xfc0007ff) == 0x0000002d end -- daddu rd,rs,rt MipsInsn.IsAddu = function(insn) return (insn & 0xfc0007ff) == 0x00000021 end -- addu rd,rs,rt MipsInsn.IsBeq = function(insn) return (insn & 0xfc000000) == 0x10000000 end -- beq rs,rt,off MipsInsn.IsJ = function(insn) return (insn & 0xfc000000) == 0x08000000 end -- j target MipsInsn.IsJal = function(insn) return (insn & 0xfc000000) == 0x0c000000 end -- jal target MipsInsn.IsJr = function(insn) return (insn & 0xfc1fffff) == 0x00000008 end -- jr rs MipsInsn.IsLq = function(insn) return (insn & 0xfc000000) == 0x78000000 end -- lq rt,simm(rs) MipsInsn.IsLd = function(insn) return (insn & 0xfc000000) == 0xdc000000 end -- ld rt,simm(rs) MipsInsn.IsLw = function(insn) return (insn & 0xfc000000) == 0x8c000000 end -- lw rt,simm(rs) MipsInsn.IsSq = function(insn) return (insn & 0xfc000000) == 0x7c000000 end -- sq rt,simm(rs) MipsInsn.IsSd = function(insn) return (insn & 0xfc000000) == 0xfc000000 end -- sd rt,simm(rs) MipsInsn.IsSw = function(insn) return (insn & 0xfc000000) == 0xac000000 end -- sw rt,simm(rs) MipsInsn.IsEnd = function(insn) return (insn & 0xfc00003f) == 0x0000000d end -- break [code] MipsInsn.GetRt = function(insn) return (insn >> 16) & 0x1f end MipsInsn.GetRs = function(insn) return (insn >> 21) & 0x1f end MipsInsn.GetRd = function(insn) return (insn >> 11) & 0x1f end --MipsInsn.GetSimm = function(insn) return ((insn << 48) >> 48) end -- this can't create a negative value correctly MipsInsn.GetSimm = function(insn) -- Lua5.3 shifts are all logical (WHY!?). threfore (insn<<48)>>48 cannot extend the sign. -- Instead of using shift, do following local bit = 16 -- sign bit place. local v = insn & 0xffff local m = 1 << (bit - 1) v = v & ((1 << bit) - 1) return (v ~ m) - m -- '~' is xor in Lua... how strange it is. end MipsInsn.GetOff = function(insn) return MipsInsn.GetSimm(insn) end MipsInsn.GetTarget = function(insn) return insn & 0x3ffffff end return MipsInsn
ee-cpr0-alias.lua
cpr = {} cpr.index = 0 cpr.random = 1 cpr.entrylo0 = 2 cpr.entrylo1 = 3 cpr.context = 4 cpr.pagemask = 5 cpr.wired = 6 cpr.badvaddr = 8 cpr.count = 9 cpr.entryhi = 10 cpr.compare = 11 cpr.status = 12 cpr.cause = 13 cpr.epc = 14 cpr.prid = 15 cpr.config = 16 cpr.badpaddr = 23 cpr.hwbk = 24 cpr.pccr = 25 cpr.taglo = 28 cpr.taghi = 29 cpr.errorepc = 30 return cpr
ee-gpr-alias.lua
-- Recommended method to import this module: -- local gpr = require("ee-gpr-alias") -- -- Using the global 'lang' variable is depreciated. This will change to a local-scope variable after -- the depreciation period has expired in April 2016. gpr = {} gpr.zero = 0 gpr.at = 1 gpr.v0 = 2 gpr.v1 = 3 gpr.a0 = 4 gpr.a1 = 5 gpr.a2 = 6 gpr.a3 = 7 gpr.t0 = 8 gpr.t1 = 9 gpr.t2 = 10 gpr.t3 = 11 gpr.t4 = 12 gpr.t5 = 13 gpr.t6 = 14 gpr.t7 = 15 gpr.s0 = 16 gpr.s1 = 17 gpr.s2 = 18 gpr.s3 = 19 gpr.s4 = 20 gpr.s5 = 21 gpr.s6 = 22 gpr.s7 = 23 gpr.t8 = 24 gpr.t9 = 25 gpr.k0 = 26 gpr.k1 = 27 gpr.gp = 28 gpr.sp = 29 gpr.fp = 30 gpr.ra = 31 return gpr
ee-hwaddr.lua
gif_hw = {} vif0_hw = {} vif1_hw = {} gif_hw.CHCR = 0x1000A000 gif_hw.MADR = 0x1000A010 gif_hw.QWC = 0x1000A020 gif_hw.TADR = 0x1000A030 gif_hw.ASR0 = 0x1000A040 gif_hw.ASR1 = 0x1000A050 gif_hw.SADR = 0x1000A080 vif0_hw.CHCR = 0x10008000 vif0_hw.MADR = 0x10008010 vif0_hw.QWC = 0x10008020 vif0_hw.TADR = 0x10008030 vif0_hw.ASR0 = 0x10008040 vif0_hw.ASR1 = 0x10008050 vif0_hw.SADR = 0x10008080 vif1_hw.CHCR = 0x10009000 vif1_hw.MADR = 0x10009010 vif1_hw.QWC = 0x10009020 vif1_hw.TADR = 0x10009030 vif1_hw.ASR0 = 0x10009040 vif1_hw.ASR1 = 0x10009050 vif1_hw.SADR = 0x10009080 return gif_hw, vif0_hw, vif1_hw, nil
language.lua
-- Recommended method to import this module: -- local lang = require("language") -- -- Using the global 'lang' variable is depreciated. This will change to a local-scope variable after -- the depreciation period has expired in April 2016. lang = {} lang.japanese = 0 lang.english = 1 lang.french = 2 lang.spanish = 3 lang.german = 4 lang.italian = 5 lang.dutch = 6 lang.portuguese = 7 lang.russian = 8 lang.korean = 9 lang.chinese_traditional = 10 lang.chinese_simplified = 11 lang.finnish = 12 lang.swedish = 13 lang.danish = 14 lang.norwegian = 15 lang.polish = 16 lang.portuguese_brazil = 17 lang.english_gb = 18 lang.turkish = 19 lang.spanish_la = 20 lang.arabic = 21 lang.french_canada = 22 return lang
pad-and-key.lua
pad = {} -- Left Side pad.LU = 0x0010 -- Up pad.LD = 0x0040 -- Down pad.LL = 0x0080 -- Left pad.LR = 0x0020 -- Right -- Right Side pad.RU = 0x1000 -- Up (Triangle) pad.RD = 0x4000 -- Down (Cross) pad.RL = 0x8000 -- Left (Square) pad.RR = 0x2000 -- Right (Circle) -- aliases pad.UP = 0x0010 -- LU pad.DOWN = 0x0040 -- LD pad.LEFT = 0x0080 -- LL pad.RIGHT = 0x0020 -- LR pad.TRIANGLE= 0x1000 pad.CROSS = 0x4000 pad.SQUARE = 0x8000 pad.CIRCLE = 0x2000 pad.L1 = 0x0400 pad.L2 = 0x0100 pad.L3 = 0x0002 pad.R1 = 0x0800 pad.R2 = 0x0200 pad.R3 = 0x0004 pad.SELECT = 0x0001 pad.START = 0x0008 keyboard = {} keyboard.ESCAPE = 0x1000 keyboard.SLASH = 0x1001 keyboard.SEPARATOR = 0x1002 -- backslash or pipe (\|) keyboard.BACKQUOTE = 0x1003 keyboard.PAGEDOWN = 0x1004 keyboard.PAGEUP = 0x1005 keyboard.F1 = 0x1006 keyboard.F2 = 0x1007 keyboard.F3 = 0x1008 keyboard.F4 = 0x1009 keyboard.F5 = 0x100a keyboard.F6 = 0x100b keyboard.F7 = 0x100c keyboard.F8 = 0x100d keyboard.F9 = 0x100e keyboard.F10 = 0x100f keyboard.F11 = 0x1010 keyboard.F12 = 0x1011
ps2.lua
require("ee-gpr-alias") require("utils") MipsInsn = {} MipsInsn.IsAddi = function(insn) return (insn & 0xfc000000) == 0x20000000 end -- addi rt,rs,simm MipsInsn.IsAddiu = function(insn) return (insn & 0xfc000000) == 0x24000000 end -- addiu rt,rs,simm MipsInsn.IsBeq = function(insn) return (insn & 0xfc000000) == 0x10000000 end -- beq rs,rt,off MipsInsn.IsJ = function(insn) return (insn & 0xfc000000) == 0x08000000 end -- j target MipsInsn.IsJal = function(insn) return (insn & 0xfc000000) == 0x0c000000 end -- jal target MipsInsn.IsJr = function(insn) return (insn & 0xfc1fffff) == 0x00000008 end -- jr rs MipsInsn.IsLq = function(insn) return (insn & 0xfc000000) == 0x78000000 end -- lq rt,simm(rs) MipsInsn.IsLd = function(insn) return (insn & 0xfc000000) == 0xdc000000 end -- ld rt,simm(rs) MipsInsn.IsLw = function(insn) return (insn & 0xfc000000) == 0x8c000000 end -- lw rt,simm(rs) MipsInsn.IsSq = function(insn) return (insn & 0xfc000000) == 0x7c000000 end -- sq rt,simm(rs) MipsInsn.IsSd = function(insn) return (insn & 0xfc000000) == 0xfc000000 end -- sd rt,simm(rs) MipsInsn.IsSw = function(insn) return (insn & 0xfc000000) == 0xac000000 end -- sw rt,simm(rs) MipsInsn.IsEnd = function(insn) return (insn & 0xfc00003f) == 0x0000000d end MipsInsn.GetRt = function(insn) return (insn >> 16) & 0x1f end MipsInsn.GetRs = function(insn) return (insn >> 21) & 0x1f end MipsInsn.GetSimm = function(insn) return ((insn << 48) >> 48) end MipsInsn.GetOff = function(insn) return MipsInsn.GetSimm(insn) end MipsInsn.GetTarget = function(insn) return insn & 0x3ffffff end -- return FIFO queue of stack trace -- the queue item is { caller-addr, return-from } -- -- example: -- print("=== stack trace ===") -- local stack_trace = MipsStackTrace(eeObj, eeObj.GetPc()+4, eeObj.GetGpr(gpr.ra), eeObj.GetGpr(gpr.sp)) -- while not stack_trace:isEmpty() do -- local caller = stack_trace:dequeue() -- print( string.format(" 0x%08x [will return from : %x]", caller[1], caller[2]) ) -- end -- -- NOTE: you must +4 against GetPc() if you in a EE/IOP hook. -- Because EE/IOP jit executed the instruction at the address already and it might affect $sp or $ra. -- -- obj : eeObj or iopObj -- pc : current pc (from GetPC or readout from thread context) -- ra : current ra (from GetGpr or readout from thread context) -- sp : current sp (from GetGpr or readout from thread context) MipsStackTrace = function (obj, pc, ra, sp, depth) local max_depth = depth or 10 -- max trace depth local n_j = 1 local jmax = {} local depth = 0 local bdl_count = 0 local new_pc = 0 local icount = 0 local result = Queue.new() local pushed_ra = Queue.new() while depth < max_depth and icount < 2048 do -- TODO: error checks if (pc & 3) ~= 0 then return result end pc = pc & 0x01ffffff sp = sp & 0x01ffffff local insn = obj.ReadMem32(pc) -- print(string.format("trace .. pc=%x insn=%x", pc, insn)) -- result:enqueue( { pc, insn } ) if MipsInsn.IsJr(insn) and MipsInsn.GetRs(insn) == gpr.ra then bdl_count = 1 depth = depth + 1 new_pc = ra -- print(string.format("jr ra : ra=%x", ra)) icount = 0 -- print(string.format("enqueue caller pc=%x ret addr=%x", new_pc-8, pc)) result:enqueue( {new_pc-8, pc} ) -- {return-addr, where-from} elseif MipsInsn.IsAddiu(insn) and MipsInsn.GetRt(insn) == gpr.sp and MipsInsn.GetRs(insn) == gpr.sp then sp = sp + MipsInsn.GetSimm(insn) -- ((insn<<48) >>48) -- print(string.format("addiu sp,sp,** : new sp = %x", sp)) elseif MipsInsn.IsLq(insn) or MipsInsn.IsLd(insn) or MipsInsn.IsLw(insn) then if MipsInsn.GetRt(insn) == gpr.ra and MipsInsn.GetRs(insn) == gpr.sp then -- the code might push $ra on the stack after start pc. -- in such case, we must not retrieve $ra value from the memory. if pushed_ra:isEmpty() then local imm = MipsInsn.GetSimm(insn) -- ((insn<<48) >>48) -- print(string.format("retrieve ra from stack(%x) : sp=%x imm=%x", sp+imm, sp, imm)) ra = obj.ReadMem32(sp + imm) -- print(string.format("load ra,%x(sp) : sp = %x+%x, ra = %x", imm, sp, imm, ra)) else -- print(string.format("retrieve ra from pushed one")) pushed_ra:dequeue() end end elseif MipsInsn.IsSq(insn) or MipsInsn.IsSd(insn) or MipsInsn.IsSw(insn) then if MipsInsn.GetRt(insn) == gpr.ra and MipsInsn.GetRs(insn) == gpr.sp then pushed_ra:enqueue(pc); end elseif MipsInsn.IsJ(insn) then -- j ** local imm = MipsInsn.GetTarget(insn) imm = imm << 2 if pc == imm then -- jump to self? maybe we can ignore it. else new_pc = imm -- print(string.format("j ** : new_pc = %x", new_pc)) bdl_count = 1 for t=1, n_j do if jmax[t] == new_pc then return result -- closed loop end end if n_j > 1024 then return result -- jump buffer overflow end jmax[n_j] = new_pc n_j = n_j + 1 end elseif MipsInsn.IsBeq(insn) and MipsInsn.GetRs(insn) == gpr.zero then -- beq zero,** local offset = MipsInsn.GetOff(insn) -- ((insn<<48) >> 48) offset = offset << 2 new_pc = pc + 4 + offset if pc == new_pc then -- jump to self? maybe we can ignore it else -- print(string.format("beq zero,** : new_pc=%x", new_pc)) bdl_count = 1 for t = 1, n_j do if jmax[t] == new_pc then return result end end if n_j > 1024 then return result end jmax[n_j] = new_pc n_j = n_j + 1 end elseif MipsInsn.IsEnd(insn) then -- end -- print(string.format("end")) return result elseif MipsInsn.IsJal(insn) then -- jal ** local imm = insn & 0x03ffffff imm = imm << 2 -- print(string.format("jal ** : addr = %x", imm)) -- call end icount = icount + 1 pc = pc + 4 -- -- print(string.format("bdl_count=%d", bdl_count)) if bdl_count > 0 then if bdl_count == 2 then pc = new_pc bdl_count = 0 else bdl_count = bdl_count + 1 end end end return result end PS2 = {} PS2.GetCurrentThread = function(eeObj) return eeObj.ReadMem32(0x12fac) end PS2.GetThreads = function(eeObj) local EE_THREAD_BASE = 0x18000 local EE_NUM_THREADS = 0x100 local th = EE_THREAD_BASE local result = Queue.new() for t = 0, EE_NUM_THREADS-1 do -- 0 : node_prev -- 4 : node_next -- 8 : status -- 12: pc -- 16: sp -- 20: gp -- 24: init_pri -- 26: curr_pri -- 28: wstat -- 32: waitId -- 36: wakeupCount -- 40: attr -- 44: option -- 48: func -- 52: argc -- 56: args -- 60: stack -- 64: size -- 68: root -- 72: endOfHeap local status = eeObj.ReadMem32(th + 8) if status ~= 0 then local id = t local pri = eeObj.ReadMem16(th + 26) local gp = eeObj.ReadMem32(th + 20) local pc = eeObj.ReadMem32(th + 12) local sp = eeObj.ReadMem32(th + 16) result:enqueue( {id=id, status=status, pri=pri, gp=gp, pc=pc, sp=sp} ) end th = th + 76 end return result end
utils.lua
-- utility classes/functions -- Stack -- ex: -- my_stack = Stack.new() -- my_stack:push( val ) -- print( my_stack:pop( val ) ) Stack = {} function Stack.new() local obj = { buff = {} } return setmetatable(obj, {__index = Stack}) end function Stack:push(x) table.insert(self.buff, x) end function Stack:pop() return table.remove(self.buff) end function Stack:top() return self.buff[#self.buff] end function Stack:isEmpty() return #self.buff == 0 end -- Queue -- ex: -- my_queue = Queue.new() -- my_queue:enqueue( val ) -- print( my_queue:dequeue(val) ) Queue = {} function Queue.new() local obj = { buff = {} } return setmetatable(obj, {__index = Queue}) end function Queue:enqueue(x) table.insert(self.buff, x) end function Queue:dequeue() return table.remove(self.buff, 1) end function Queue:top() if #self.buff > 0 then return self.buff[1] end end function Queue:isEmpty() return #self.buff == 0 end
Links
- Ps2 Hardware Documentation
- GS title fix guide
- PS3 custom configs
- A place for research and sharing successful configurations for the emulator
- Configuration examples
- PS2DIS, a very helpful tool for debugging executables
- A thread filled with patches for ps2 games
|