Xbox 360 Backward Compatibility
Xbox 360 Backward Compatibility is Microsofts original Xbox emulator for the Xbox 360.
The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of xboxkrnl.exe.
Modifications to xboxkrnl.exe
The IDEXPRDT section has been dropped, additionally the extra data from the MS-DOS header is gone.
Guest to host communication
The entrypoint of the kernel looks like:
80030878: 56 push %esi 80030879: 57 push %edi 8003087a: 8d 05 4c ac 02 80 lea 0x8002ac4c,%eax 80030880: 0f 3f (bad) 80030882: 04 20 80030884: 8d 05 6c ac 02 80 lea 0x8002ac6c,%eax 8003088a: 0f 3f (bad) 8003088c: 04 20 8003088e: 8d 05 8c ac 02 80 lea 0x8002ac8c,%eax 80030894: 0f 3f (bad) 80030896: 04 21 80030898: 8d 05 70 94 01 80 lea 0x80019470,%eax ...
According to this document by symantec (Page 5, Left-hand-side) the patterns
0F 3F x1 x2 and
0F C7 C8 y1 y2 are used for communication with the host.
|0x04||0x20||Seems to use eax (address) as parameter? eax points to a zero terminated list of pointers into the kernel memory [7 elements]|
|0x04||0x21||Seems to use eax (address) as parameter? " [4 elements]|
|0x04||0x22||Seems to use eax (address) as parameter? Seems to be some call to that address?!|
|0x04||0x23||Seems to use eax (address) as parameter?|
|0x04||0x24||Seems to use eax (address) as parameter?|
|0x04||0x35||Seems to use eax (address) as parameter?|
|0x04||0x50||Seems to use eax (address) as parameter? " [3 elements]|
|Cleaner list starts here [FIXME]|
|0x06||0x00||Seems to use eax (address) and ecx (size) as parameter? Memory is 0x00 filled before. location is 0x8002b420, size would be 0x3000|
|0x06||0x20||Some call or callback registration to the address pointed to by eax|
|0x06||0x23||Some call or callback registration to the address pointed to by eax|