From 03bdecc8994784f358f9103171087503f6ccead6 Mon Sep 17 00:00:00 2001 From: zeromus Date: Sun, 11 Aug 2013 20:38:40 +0000 Subject: [PATCH] clean up fake bios definition (add some asm comments and merge old codepaths); fix SWI3 patch on arm7; fix disassembler to be able to view arm7 bios (bios protection logic had crept in to interfere) --- desmume/src/MMU.cpp | 17 ++++++------ desmume/src/MMU.h | 18 +++++++++++++ desmume/src/NDSSystem.cpp | 45 +++++++++++++++---------------- desmume/src/windows/disView.cpp | 4 +-- desmume/src/windows/resources.rc | Bin 231682 -> 231760 bytes 5 files changed, 50 insertions(+), 34 deletions(-) diff --git a/desmume/src/MMU.cpp b/desmume/src/MMU.cpp index c52a22466..c9afa713e 100644 --- a/desmume/src/MMU.cpp +++ b/desmume/src/MMU.cpp @@ -4410,7 +4410,7 @@ void FASTCALL _MMU_ARM7_write16(u32 adr, u16 val) // Removed the &0xFF as they are implicit with the adr&0x0FFFFFFF [shash] T1WriteWord(MMU.MMU_MEM[ARMCPU_ARM7][adr>>20], adr&MMU.MMU_MASK[ARMCPU_ARM7][adr>>20], val); -} +} //================================================= MMU ARM7 write 32 void FASTCALL _MMU_ARM7_write32(u32 adr, u32 val) { @@ -4526,10 +4526,9 @@ u8 FASTCALL _MMU_ARM7_read08(u32 adr) if (adr < 0x4000) { - //u32 prot = T1ReadLong_guaranteedAligned(MMU.MMU_MEM[ARMCPU_ARM7][0x40], 0x04000308 & MMU.MMU_MASK[ARMCPU_ARM7][0x40]); - //if (prot) INFO("MMU7 read 08 at 0x%08X (PC 0x%08X) BIOSPROT address 0x%08X\n", adr, NDS_ARM7.R[15], prot); - - //How accurate is this? our R[15] may not be exactly what the hardware uses (may use something less by up to 0x08) + //the ARM7 bios can't be read by instructions outside of itself. + //TODO - use REG_BIOSPROT + //How accurate is this? our instruct_adr may not be exactly what the hardware uses (may use something +/- 0x08 or so) //This may be inaccurate at the very edge cases. if (NDS_ARM7.instruct_adr > 0x3FFF) return 0xFF; @@ -4596,8 +4595,6 @@ u16 FASTCALL _MMU_ARM7_read16(u32 adr) if (adr < 0x4000) { - //u32 prot = T1ReadLong_guaranteedAligned(MMU.MMU_MEM[ARMCPU_ARM7][0x40], 0x04000308 & MMU.MMU_MASK[ARMCPU_ARM7][0x40]); - //if (prot) INFO("MMU7 read 16 at 0x%08X (PC 0x%08X) BIOSPROT address 0x%08X\n", adr, NDS_ARM7.R[15], prot); if (NDS_ARM7.instruct_adr > 0x3FFF) return 0xFFFF; } @@ -4696,8 +4693,10 @@ u32 FASTCALL _MMU_ARM7_read32(u32 adr) if (adr < 0x4000) { - //u32 prot = T1ReadLong_guaranteedAligned(MMU.MMU_MEM[ARMCPU_ARM7][0x40], 0x04000308 & MMU.MMU_MASK[ARMCPU_ARM7][0x40]); - //if (prot) INFO("MMU7 read 32 at 0x%08X (PC 0x%08X) BIOSPROT address 0x%08X\n", adr, NDS_ARM7.R[15], prot); + //the ARM7 bios can't be read by instructions outside of itself. + //TODO - use REG_BIOSPROT + //How accurate is this? our instruct_adr may not be exactly what the hardware uses (may use something +/- 0x08 or so) + //This may be inaccurate at the very edge cases. if (NDS_ARM7.instruct_adr > 0x3FFF) return 0xFFFFFFFF; } diff --git a/desmume/src/MMU.h b/desmume/src/MMU.h index a3e8d94f1..062ce1eca 100644 --- a/desmume/src/MMU.h +++ b/desmume/src/MMU.h @@ -655,6 +655,12 @@ FORCEINLINE u8 _MMU_read08(const int PROCNUM, const MMU_ACCESS_TYPE AT, const u3 { CheckMemoryDebugEvent(DEBUG_EVENT_READ,AT,PROCNUM,addr,8,0); + //special handling to un-protect the ARM7 bios during debug reading + if(PROCNUM == ARMCPU_ARM7 && AT == MMU_AT_DEBUG && addr<0x00004000) + { + return T1ReadByte(MMU.ARM7_BIOS, addr); + } + //special handling for DMA: read 0 from TCM if(PROCNUM==ARMCPU_ARM9 && AT == MMU_AT_DMA) { @@ -684,6 +690,12 @@ FORCEINLINE u16 _MMU_read16(const int PROCNUM, const MMU_ACCESS_TYPE AT, const u { CheckMemoryDebugEvent(DEBUG_EVENT_READ,AT,PROCNUM,addr,16,0); + //special handling to un-protect the ARM7 bios during debug reading + if(PROCNUM == ARMCPU_ARM7 && AT == MMU_AT_DEBUG && addr<0x00004000) + { + return T1ReadWord_guaranteedAligned(MMU.ARM7_BIOS, addr); + } + //special handling for DMA: read 0 from TCM if(PROCNUM==ARMCPU_ARM9 && AT == MMU_AT_DMA) { @@ -726,6 +738,12 @@ FORCEINLINE u32 _MMU_read32(const int PROCNUM, const MMU_ACCESS_TYPE AT, const u { CheckMemoryDebugEvent(DEBUG_EVENT_READ,AT,PROCNUM,addr,32,0); + //special handling to un-protect the ARM7 bios during debug reading + if(PROCNUM == ARMCPU_ARM7 && AT == MMU_AT_DEBUG && addr<0x00004000) + { + return T1ReadLong_guaranteedAligned(MMU.ARM7_BIOS, addr); + } + //special handling for DMA: read 0 from TCM if(PROCNUM==ARMCPU_ARM9 && AT == MMU_AT_DMA) { diff --git a/desmume/src/NDSSystem.cpp b/desmume/src/NDSSystem.cpp index 1e5a59567..24cc6b35b 100644 --- a/desmume/src/NDSSystem.cpp +++ b/desmume/src/NDSSystem.cpp @@ -2235,7 +2235,10 @@ static void PrepareBiosARM7() //if we used routines from bios, apply patches if (CommonSettings.PatchSWI3) - _MMU_write16(0x00002F08, 0x4770); + { + //[3801] SUB R0, #1 -> [4770] BX LR + T1WriteWord(MMU.ARM7_BIOS,0x2F08, 0x4770); + } } else NDS_ARM7.swi_tab = ARM_swi_tab[ARMCPU_ARM7]; @@ -2248,25 +2251,20 @@ static void PrepareBiosARM7() { //fake bios content, critical to normal operations, since we dont have a real bios. -#if 0 - //someone please document what is in progress here - // TODO - T1WriteLong(MMU.ARM7_BIOS, 0x0000, 0xEAFFFFFE); // loop for Reset !!! - T1WriteLong(MMU.ARM7_BIOS, 0x0004, 0xEAFFFFFE); // loop for Undef instr expection - T1WriteLong(MMU.ARM7_BIOS, 0x0008, 0xEA00009C); // SWI - T1WriteLong(MMU.ARM7_BIOS, 0x000C, 0xEAFFFFFE); // loop for Prefetch Abort - T1WriteLong(MMU.ARM7_BIOS, 0x0010, 0xEAFFFFFE); // loop for Data Abort - T1WriteLong(MMU.ARM7_BIOS, 0x0014, 0x00000000); // Reserved - T1WriteLong(MMU.ARM7_BIOS, 0x001C, 0x00000000); // Fast IRQ -#endif - T1WriteLong(MMU.ARM7_BIOS, 0x0000, 0xE25EF002); - T1WriteLong(MMU.ARM7_BIOS, 0x0018, 0xEA000000); - T1WriteLong(MMU.ARM7_BIOS, 0x0020, 0xE92D500F); - T1WriteLong(MMU.ARM7_BIOS, 0x0024, 0xE3A00301); - T1WriteLong(MMU.ARM7_BIOS, 0x0028, 0xE28FE000); - T1WriteLong(MMU.ARM7_BIOS, 0x002C, 0xE510F004); - T1WriteLong(MMU.ARM7_BIOS, 0x0030, 0xE8BD500F); - T1WriteLong(MMU.ARM7_BIOS, 0x0034, 0xE25EF004); + T1WriteLong(MMU.ARM7_BIOS, 0x0000, 0xEAFFFFFE); //B 00000000 (reset: infinite loop) (originally: 0xE25EF002 - SUBS PC, LR, #2 + T1WriteLong(MMU.ARM7_BIOS, 0x0004, 0xEAFFFFFE); //B 00000004 (undefined instruction: infinite loop) + T1WriteLong(MMU.ARM7_BIOS, 0x0008, 0xEAFFFFFE); //B 00000280 (SWI: infinite loop [since we will be HLEing the SWI routines]) + T1WriteLong(MMU.ARM7_BIOS, 0x000C, 0xEAFFFFFE); //B 0000000C (prefetch abort: infinite loop) + T1WriteLong(MMU.ARM7_BIOS, 0x0010, 0xEAFFFFFE); //B 00000010 (data abort: infinite loop) + T1WriteLong(MMU.ARM7_BIOS, 0x0018, 0xEA000000); //B 00000020 (IRQ: branch to handler) + T1WriteLong(MMU.ARM7_BIOS, 0x001C, 0xEAFFFFFE); //B 0000001C (FIQ vector: infinite loop) + //IRQ handler + T1WriteLong(MMU.ARM7_BIOS, 0x0020, 0xE92D500F); //STMDB SP!, {R0-R3,R12,LR} + T1WriteLong(MMU.ARM7_BIOS, 0x0024, 0xE3A00301); //MOV R0, #4000000 + T1WriteLong(MMU.ARM7_BIOS, 0x0028, 0xE28FE000); //ADD LR, PC, #0 + T1WriteLong(MMU.ARM7_BIOS, 0x002C, 0xE510F004); //LDR PC, [R0, -#4] + T1WriteLong(MMU.ARM7_BIOS, 0x0030, 0xE8BD500F); //LDMIA SP!, {R0-R3,R12,LR} + T1WriteLong(MMU.ARM7_BIOS, 0x0034, 0xE25EF004); //SUBS PC, LR, #4 } } @@ -2291,8 +2289,9 @@ static void PrepareBiosARM9() NDS_ARM9.swi_tab = 0; //if we used routines from bios, apply patches + //[3801] SUB R0, #1 -> [4770] BX LR if (CommonSettings.PatchSWI3) - _MMU_write16(0xFFFF07CC, 0x4770); + T1WriteWord(MMU.ARM9_BIOS, 0x07CC, 0x4770); } else NDS_ARM9.swi_tab = ARM_swi_tab[ARMCPU_ARM9]; @@ -2334,12 +2333,12 @@ static void PrepareBiosARM9() //copy the logo content into the bios - Pokemon Platinum uses this in Pal Park trade //it compares the logo from the arm9 bios to the logo in the GBA header. - //NOTE: we could solve this by patching the rom of a mounted GBA game with whatever's here, even if its all zeroes. + //NOTE: we could MAYBE solve this by patching the rom of a mounted GBA game with whatever's here, even if its all zeroes. for (int t = 0; t < 0x9C; t++) MMU.ARM9_BIOS[t + 0x20] = logo_data[t]; //... and with that we are at 0xBC: - //(now what goes in this gap??) + //(now what goes in this gap?? nothing we need, i guess) //IRQ handler: get dtcm address and jump to a vector in it T1WriteLong(MMU.ARM9_BIOS, 0x0274, 0xE92D500F); //STMDB SP!, {R0-R3,R12,LR} diff --git a/desmume/src/windows/disView.cpp b/desmume/src/windows/disView.cpp index f5bb1e33b..c310b7f08 100644 --- a/desmume/src/windows/disView.cpp +++ b/desmume/src/windows/disView.cpp @@ -90,7 +90,7 @@ LRESULT DisViewBox_OnPaint(HWND hwnd, disview_struct *win, WPARAM wParam, LPARAM for(i = 0; i < nbligne; ++i) { - u32 ins = MMU_read32(win->cpu->proc_ID, adr); + u32 ins = _MMU_read32(win->cpu->proc_ID, MMU_AT_DEBUG, adr); des_arm_instructions_set[INDEX(ins)](adr, ins, txt); sprintf(text, "%04X:%04X %08X %s", (int)(adr>>16), (int)(adr&0xFFFF), (int)ins, txt); DrawText(mem_dc, text, -1, &rect, DT_TOP | DT_LEFT | DT_NOPREFIX); @@ -124,7 +124,7 @@ LRESULT DisViewBox_OnPaint(HWND hwnd, disview_struct *win, WPARAM wParam, LPARAM for(i = 0; i < nbligne; ++i) { - u32 ins = MMU_read16(win->cpu->proc_ID, adr); + u32 ins = _MMU_read16(win->cpu->proc_ID, MMU_AT_DEBUG, adr); des_thumb_instructions_set[ins>>6](adr, ins, txt); sprintf(text, "%04X:%04X %04X %s", (int)(adr>>16), (int)(adr&0xFFFF), (int)ins, txt); DrawText(mem_dc, text, -1, &rect, DT_TOP | DT_LEFT | DT_NOPREFIX); diff --git a/desmume/src/windows/resources.rc b/desmume/src/windows/resources.rc index 0293b370d231d12585d9e84eb84b9058c8c6e58f..366d20eb7e27ffd9a3f8200b387267acc4ef0641 100644 GIT binary patch delta 142 zcmZpg#CKs5--dTP6%`mX81flP7%~`A8HyOn88R7)fh-*c1qKfW9|l(j&Bt5 zQZf0%0k+L?yHXgLjTtN_C+?D-{9tzqyCG1i5rg66Mmgch2HQ0zx9ySP1c@0kSTYz) uc9ck+EU;H=ve5*a$z^+AFq<=2Zcg0ypNG+~Iq`IR;%Ub1iKm$s?gap8+b_BR delta 108 zcmV-y0F(dFk`98B4zTXIlOVPXlN`Ddm&6_dPLq(f1hcHVWB~&-05g-Xx*L~}c>yAm zP`p9~HvlXEGM7=30u_@mw