Difference between revisions of "Xbox 360 Backward Compatibility"

From xboxdevwiki
Jump to: navigation, search
m
m (Just added some clarity and fixed a typo)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Xbox 360 Backward Compatibility is Microsofts original Xbox emulator for the Xbox 360.
+
Xbox 360 Backward Compatibility, also known as '''FU''' or '''Fusion''' is Microsoft's original Xbox emulator for the Xbox 360.
  
 
The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of [[Kernel|xboxkrnl.exe]].
 
The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of [[Kernel|xboxkrnl.exe]].
Line 5: Line 5:
 
=== Modifications to xboxkrnl.exe ===
 
=== Modifications to xboxkrnl.exe ===
  
The IDEXPDTR section has been dropped, additionally the extra data from the MS-DOS header is gone.
+
The IDEXPRDT section has been dropped, additionally the extra data from the MS-DOS header is gone.
  
 
==== Guest to host communication ====
 
==== Guest to host communication ====
Line 27: Line 27:
 
</pre>
 
</pre>
  
According to [https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf this document by symantec] (Page 5, Left-hand-side) the patterns <code>0F 3F x1 x2</code> and <code>0F C7 C8 y1 y2</code> are used for communication with the host.
+
According to [https://web.archive.org/web/20070216172548/https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf this document by symantec] (Page 5, Left-hand-side) the patterns <code>0F 3F x1 x2</code> and <code>0F C7 C8 y1 y2</code> are used for communication with the host.
  
 
{| class="wikitable"
 
{| class="wikitable"
 
! x1 !! x2 !! Notes
 
! x1 !! x2 !! Notes
 
|-
 
|-
| 0x04 || 0x20 || Seems to use eax (address) as parameter?
+
| 0x04 || 0x20 || Seems to use eax (address) as parameter? eax points to a zero terminated list of pointers into the kernel memory [7 elements]
 
|-
 
|-
| 0x04 || 0x21 || Seems to use eax (address) as parameter?
+
| 0x04 || 0x21 || Seems to use eax (address) as parameter? " [4 elements]
 
|-
 
|-
| 0x04 || 0x22 || Seems to use eax (address) as parameter?
+
| 0x04 || 0x22 || Seems to use eax (address) as parameter? Seems to be some call to that address?!
 
|-
 
|-
 
| 0x04 || 0x23 || Seems to use eax (address) as parameter?
 
| 0x04 || 0x23 || Seems to use eax (address) as parameter?
Line 44: Line 44:
 
| 0x04 || 0x35 || Seems to use eax (address) as parameter?
 
| 0x04 || 0x35 || Seems to use eax (address) as parameter?
 
|-
 
|-
| 0x04 || 0x50 || Seems to use eax (address) as parameter?
+
| 0x04 || 0x50 || Seems to use eax (address) as parameter? " [3 elements]
 
|-
 
|-
| 0x06 || 0x00 || Seems to use eax (address) and ecx (size) as parameter?
+
| colspan="3" | Cleaner list starts here {{FIXME}}
 
|-
 
|-
| 0x06 || 0x26 ||
+
| 0x04 || 0x20 ||  
 
|-
 
|-
| 0x06 || 0x27 ||
+
| 0x04 || 0x20 ||  
 
|-
 
|-
| 0x06 || 0x28 ||
+
| 0x04 || 0x21 ||  
 
|-
 
|-
| 0x06 || 0x29 ||
+
| 0x04 || 0x22 ||  
 
|-
 
|-
| 0x06 || 0x0B ||
+
| 0x04 || 0x23 ||
 +
|-
 +
| 0x04 || 0x24 ||
 +
|-
 +
| 0x04 || 0x35 ||
 +
|-
 +
| 0x04 || 0x50 ||
 +
|-
 +
| 0x06 || 0x00 || Seems to use eax (address) and ecx (size) as parameter? Memory is 0x00 filled before. location is 0x8002b420, size would be 0x3000
 +
|-
 +
| 0x06 || 0x02 ||
 +
|-
 +
| 0x06 || 0x20 || Some call or callback registration to the address pointed to by eax
 +
|-
 +
| 0x06 || 0x21 ||
 +
|-
 +
| 0x06 || 0x22 ||
 +
|-
 +
| 0x06 || 0x23 || Some call or callback registration to the address pointed to by eax
 +
|-
 +
| 0x06 || 0x24 ||
 +
|-
 +
| 0x06 || 0x25 ||
 +
|-
 +
| 0x06 || 0x26 ||
 +
|-
 +
| 0x06 || 0x27 ||
 +
|-
 +
| 0x06 || 0x28 ||
 +
|-
 +
| 0x06 || 0x29 ||
 +
|-
 +
| 0x06 || 0x40 ||
 
|}
 
|}
 
  
 
== References and links ==
 
== References and links ==
 
* [http://support.xbox.com/en-US/legacy-devices/original-console/play-original-games Official compatibility list by Microsoft]
 
* [http://support.xbox.com/en-US/legacy-devices/original-console/play-original-games Official compatibility list by Microsoft]
* [http://michaelbrundage.com/project/xbox-360-emulator/ Michael Brundages page about the original Xbox emulator in the Xbox 360]
+
* [http://michaelbrundage.com/project/xbox-360-emulator/ Michael Brundages (Microsoft) page about the original Xbox emulator in the Xbox 360]
 
** [http://michaelbrundage.com/note/2005/05/15/xbox-360-emulator/ More information about the original Xbox emulator in the Xbox 360]
 
** [http://michaelbrundage.com/note/2005/05/15/xbox-360-emulator/ More information about the original Xbox emulator in the Xbox 360]
 +
* [https://randomascii.wordpress.com/2019/03/20/exercises-in-emulation-xbox-360s-fma-instruction/ Blog post about FMA math emulation by Bruce Dawson (Microsoft)]
 +
* [https://www.youtube.com/watch?v=Da_ont-2AG0 Modern Vintage Gamer: Revisiting Original Xbox Backward Compatibility on the Xbox 360]

Latest revision as of 12:51, 22 June 2022

Xbox 360 Backward Compatibility, also known as FU or Fusion is Microsoft's original Xbox emulator for the Xbox 360.

The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of xboxkrnl.exe.

Modifications to xboxkrnl.exe

The IDEXPRDT section has been dropped, additionally the extra data from the MS-DOS header is gone.

Guest to host communication

The entrypoint of the kernel looks like:

80030878:	56                   	push   %esi
80030879:	57                   	push   %edi
8003087a:	8d 05 4c ac 02 80    	lea    0x8002ac4c,%eax
80030880:	0f 3f                	(bad)  
80030882:	04 20
80030884:	8d 05 6c ac 02 80    	lea    0x8002ac6c,%eax
8003088a:	0f 3f                	(bad)  
8003088c:	04 20
8003088e:	8d 05 8c ac 02 80    	lea    0x8002ac8c,%eax
80030894:	0f 3f                	(bad)  
80030896:	04 21
80030898:	8d 05 70 94 01 80    	lea    0x80019470,%eax
...

According to this document by symantec (Page 5, Left-hand-side) the patterns 0F 3F x1 x2 and 0F C7 C8 y1 y2 are used for communication with the host.

x1 x2 Notes
0x04 0x20 Seems to use eax (address) as parameter? eax points to a zero terminated list of pointers into the kernel memory [7 elements]
0x04 0x21 Seems to use eax (address) as parameter? " [4 elements]
0x04 0x22 Seems to use eax (address) as parameter? Seems to be some call to that address?!
0x04 0x23 Seems to use eax (address) as parameter?
0x04 0x24 Seems to use eax (address) as parameter?
0x04 0x35 Seems to use eax (address) as parameter?
0x04 0x50 Seems to use eax (address) as parameter? " [3 elements]
Cleaner list starts here [FIXME]
0x04 0x20
0x04 0x20
0x04 0x21
0x04 0x22
0x04 0x23
0x04 0x24
0x04 0x35
0x04 0x50
0x06 0x00 Seems to use eax (address) and ecx (size) as parameter? Memory is 0x00 filled before. location is 0x8002b420, size would be 0x3000
0x06 0x02
0x06 0x20 Some call or callback registration to the address pointed to by eax
0x06 0x21
0x06 0x22
0x06 0x23 Some call or callback registration to the address pointed to by eax
0x06 0x24
0x06 0x25
0x06 0x26
0x06 0x27
0x06 0x28
0x06 0x29
0x06 0x40

References and links