Difference between revisions of "Xbox 360 Backward Compatibility"
From xboxdevwiki
m |
(→Guest to host communication) |
||
| Line 32: | Line 32: | ||
! x1 !! x2 !! Notes | ! x1 !! x2 !! Notes | ||
|- | |- | ||
| − | | 0x04 || 0x20 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x20 || Seems to use eax (address) as parameter? eax points to a zero terminated list of pointers into the kernel memory [7 elements] |
|- | |- | ||
| − | | 0x04 || 0x21 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x21 || Seems to use eax (address) as parameter? " [4 elements] |
|- | |- | ||
| − | | 0x04 || 0x22 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x22 || Seems to use eax (address) as parameter? Seems to be some call to that address?! |
|- | |- | ||
| 0x04 || 0x23 || Seems to use eax (address) as parameter? | | 0x04 || 0x23 || Seems to use eax (address) as parameter? | ||
| Line 44: | Line 44: | ||
| 0x04 || 0x35 || Seems to use eax (address) as parameter? | | 0x04 || 0x35 || Seems to use eax (address) as parameter? | ||
|- | |- | ||
| − | | 0x04 || 0x50 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x50 || Seems to use eax (address) as parameter? " [3 elements] |
|- | |- | ||
| 0x06 || 0x00 || Seems to use eax (address) and ecx (size) as parameter? | | 0x06 || 0x00 || Seems to use eax (address) and ecx (size) as parameter? | ||
| Line 58: | Line 58: | ||
| 0x06 || 0x0B || | | 0x06 || 0x0B || | ||
|} | |} | ||
| − | |||
== References and links == | == References and links == | ||
Revision as of 01:09, 30 May 2017
Xbox 360 Backward Compatibility is Microsofts original Xbox emulator for the Xbox 360.
The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of xboxkrnl.exe.
Modifications to xboxkrnl.exe
The IDEXPDTR section has been dropped, additionally the extra data from the MS-DOS header is gone.
Guest to host communication
The entrypoint of the kernel looks like:
80030878: 56 push %esi 80030879: 57 push %edi 8003087a: 8d 05 4c ac 02 80 lea 0x8002ac4c,%eax 80030880: 0f 3f (bad) 80030882: 04 20 80030884: 8d 05 6c ac 02 80 lea 0x8002ac6c,%eax 8003088a: 0f 3f (bad) 8003088c: 04 20 8003088e: 8d 05 8c ac 02 80 lea 0x8002ac8c,%eax 80030894: 0f 3f (bad) 80030896: 04 21 80030898: 8d 05 70 94 01 80 lea 0x80019470,%eax ...
According to this document by symantec (Page 5, Left-hand-side) the patterns 0F 3F x1 x2 and 0F C7 C8 y1 y2 are used for communication with the host.
| x1 | x2 | Notes |
|---|---|---|
| 0x04 | 0x20 | Seems to use eax (address) as parameter? eax points to a zero terminated list of pointers into the kernel memory [7 elements] |
| 0x04 | 0x21 | Seems to use eax (address) as parameter? " [4 elements] |
| 0x04 | 0x22 | Seems to use eax (address) as parameter? Seems to be some call to that address?! |
| 0x04 | 0x23 | Seems to use eax (address) as parameter? |
| 0x04 | 0x24 | Seems to use eax (address) as parameter? |
| 0x04 | 0x35 | Seems to use eax (address) as parameter? |
| 0x04 | 0x50 | Seems to use eax (address) as parameter? " [3 elements] |
| 0x06 | 0x00 | Seems to use eax (address) and ecx (size) as parameter? |
| 0x06 | 0x26 | |
| 0x06 | 0x27 | |
| 0x06 | 0x28 | |
| 0x06 | 0x29 | |
| 0x06 | 0x0B |
