Difference between revisions of "Xbox 360 Backward Compatibility"
From xboxdevwiki
m |
m (Just added some clarity and fixed a typo) |
||
(6 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | Xbox 360 Backward Compatibility is | + | Xbox 360 Backward Compatibility, also known as '''FU''' or '''Fusion''' is Microsoft's original Xbox emulator for the Xbox 360. |
The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of [[Kernel|xboxkrnl.exe]]. | The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of [[Kernel|xboxkrnl.exe]]. | ||
Line 5: | Line 5: | ||
=== Modifications to xboxkrnl.exe === | === Modifications to xboxkrnl.exe === | ||
− | The | + | The IDEXPRDT section has been dropped, additionally the extra data from the MS-DOS header is gone. |
==== Guest to host communication ==== | ==== Guest to host communication ==== | ||
Line 27: | Line 27: | ||
</pre> | </pre> | ||
− | According to [https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf this document by symantec] (Page 5, Left-hand-side) the patterns <code>0F 3F x1 x2</code> and <code>0F C7 C8 y1 y2</code> are used for communication with the host. | + | According to [https://web.archive.org/web/20070216172548/https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf this document by symantec] (Page 5, Left-hand-side) the patterns <code>0F 3F x1 x2</code> and <code>0F C7 C8 y1 y2</code> are used for communication with the host. |
{| class="wikitable" | {| class="wikitable" | ||
! x1 !! x2 !! Notes | ! x1 !! x2 !! Notes | ||
|- | |- | ||
− | | 0x04 || 0x20 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x20 || Seems to use eax (address) as parameter? eax points to a zero terminated list of pointers into the kernel memory [7 elements] |
|- | |- | ||
− | | 0x04 || 0x21 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x21 || Seems to use eax (address) as parameter? " [4 elements] |
|- | |- | ||
− | | 0x04 || 0x22 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x22 || Seems to use eax (address) as parameter? Seems to be some call to that address?! |
|- | |- | ||
| 0x04 || 0x23 || Seems to use eax (address) as parameter? | | 0x04 || 0x23 || Seems to use eax (address) as parameter? | ||
Line 44: | Line 44: | ||
| 0x04 || 0x35 || Seems to use eax (address) as parameter? | | 0x04 || 0x35 || Seems to use eax (address) as parameter? | ||
|- | |- | ||
− | | 0x04 || 0x50 || Seems to use eax (address) as parameter? | + | | 0x04 || 0x50 || Seems to use eax (address) as parameter? " [3 elements] |
|- | |- | ||
− | | | + | | colspan="3" | Cleaner list starts here {{FIXME}} |
|- | |- | ||
− | | | + | | 0x04 || 0x20 || |
|- | |- | ||
− | | | + | | 0x04 || 0x20 || |
|- | |- | ||
− | | | + | | 0x04 || 0x21 || |
|- | |- | ||
− | | | + | | 0x04 || 0x22 || |
|- | |- | ||
− | | 0x06 || | + | | 0x04 || 0x23 || |
+ | |- | ||
+ | | 0x04 || 0x24 || | ||
+ | |- | ||
+ | | 0x04 || 0x35 || | ||
+ | |- | ||
+ | | 0x04 || 0x50 || | ||
+ | |- | ||
+ | | 0x06 || 0x00 || Seems to use eax (address) and ecx (size) as parameter? Memory is 0x00 filled before. location is 0x8002b420, size would be 0x3000 | ||
+ | |- | ||
+ | | 0x06 || 0x02 || | ||
+ | |- | ||
+ | | 0x06 || 0x20 || Some call or callback registration to the address pointed to by eax | ||
+ | |- | ||
+ | | 0x06 || 0x21 || | ||
+ | |- | ||
+ | | 0x06 || 0x22 || | ||
+ | |- | ||
+ | | 0x06 || 0x23 || Some call or callback registration to the address pointed to by eax | ||
+ | |- | ||
+ | | 0x06 || 0x24 || | ||
+ | |- | ||
+ | | 0x06 || 0x25 || | ||
+ | |- | ||
+ | | 0x06 || 0x26 || | ||
+ | |- | ||
+ | | 0x06 || 0x27 || | ||
+ | |- | ||
+ | | 0x06 || 0x28 || | ||
+ | |- | ||
+ | | 0x06 || 0x29 || | ||
+ | |- | ||
+ | | 0x06 || 0x40 || | ||
|} | |} | ||
− | |||
== References and links == | == References and links == | ||
* [http://support.xbox.com/en-US/legacy-devices/original-console/play-original-games Official compatibility list by Microsoft] | * [http://support.xbox.com/en-US/legacy-devices/original-console/play-original-games Official compatibility list by Microsoft] | ||
− | * [http://michaelbrundage.com/project/xbox-360-emulator/ Michael Brundages page about the original Xbox emulator in the Xbox 360] | + | * [http://michaelbrundage.com/project/xbox-360-emulator/ Michael Brundages (Microsoft) page about the original Xbox emulator in the Xbox 360] |
** [http://michaelbrundage.com/note/2005/05/15/xbox-360-emulator/ More information about the original Xbox emulator in the Xbox 360] | ** [http://michaelbrundage.com/note/2005/05/15/xbox-360-emulator/ More information about the original Xbox emulator in the Xbox 360] | ||
+ | * [https://randomascii.wordpress.com/2019/03/20/exercises-in-emulation-xbox-360s-fma-instruction/ Blog post about FMA math emulation by Bruce Dawson (Microsoft)] | ||
+ | * [https://www.youtube.com/watch?v=Da_ont-2AG0 Modern Vintage Gamer: Revisiting Original Xbox Backward Compatibility on the Xbox 360] |
Latest revision as of 12:51, 22 June 2022
Xbox 360 Backward Compatibility, also known as FU or Fusion is Microsoft's original Xbox emulator for the Xbox 360.
The emulator binary is called xefu.xex. The first resource is xb1krnl which is a modified version of xboxkrnl.exe.
Modifications to xboxkrnl.exe
The IDEXPRDT section has been dropped, additionally the extra data from the MS-DOS header is gone.
Guest to host communication
The entrypoint of the kernel looks like:
80030878: 56 push %esi 80030879: 57 push %edi 8003087a: 8d 05 4c ac 02 80 lea 0x8002ac4c,%eax 80030880: 0f 3f (bad) 80030882: 04 20 80030884: 8d 05 6c ac 02 80 lea 0x8002ac6c,%eax 8003088a: 0f 3f (bad) 8003088c: 04 20 8003088e: 8d 05 8c ac 02 80 lea 0x8002ac8c,%eax 80030894: 0f 3f (bad) 80030896: 04 21 80030898: 8d 05 70 94 01 80 lea 0x80019470,%eax ...
According to this document by symantec (Page 5, Left-hand-side) the patterns 0F 3F x1 x2
and 0F C7 C8 y1 y2
are used for communication with the host.
x1 | x2 | Notes |
---|---|---|
0x04 | 0x20 | Seems to use eax (address) as parameter? eax points to a zero terminated list of pointers into the kernel memory [7 elements] |
0x04 | 0x21 | Seems to use eax (address) as parameter? " [4 elements] |
0x04 | 0x22 | Seems to use eax (address) as parameter? Seems to be some call to that address?! |
0x04 | 0x23 | Seems to use eax (address) as parameter? |
0x04 | 0x24 | Seems to use eax (address) as parameter? |
0x04 | 0x35 | Seems to use eax (address) as parameter? |
0x04 | 0x50 | Seems to use eax (address) as parameter? " [3 elements] |
Cleaner list starts here [FIXME] | ||
0x04 | 0x20 | |
0x04 | 0x20 | |
0x04 | 0x21 | |
0x04 | 0x22 | |
0x04 | 0x23 | |
0x04 | 0x24 | |
0x04 | 0x35 | |
0x04 | 0x50 | |
0x06 | 0x00 | Seems to use eax (address) and ecx (size) as parameter? Memory is 0x00 filled before. location is 0x8002b420, size would be 0x3000 |
0x06 | 0x02 | |
0x06 | 0x20 | Some call or callback registration to the address pointed to by eax |
0x06 | 0x21 | |
0x06 | 0x22 | |
0x06 | 0x23 | Some call or callback registration to the address pointed to by eax |
0x06 | 0x24 | |
0x06 | 0x25 | |
0x06 | 0x26 | |
0x06 | 0x27 | |
0x06 | 0x28 | |
0x06 | 0x29 | |
0x06 | 0x40 |