Thursday, November 8, 2012

Update on the tables

As I said in previous posts, the tool is ready and ready to be released anytime, the big problem are the tables that are needed and that tell the CPS3 Tool what is code and what is data.

I have choosen a very tiny format for the table. The range of memory to which the table refers goes from 0x06000000 to 0x06ffffff. that means a range of address of 16Mb. One efficient way to do it, is by creating a table of 2Mb in which each bit, represents if a byte is code (1) or data (0).

As I know that in the SH2 instructions are executed in pairs of 2 bytes, I've splited the table on half and now each bit, means if two bytes are data or code, what leaves with a table of 1Mb.

Moreover, I've found that in SF3-NG the range of code goes from 0 to 0x3d0000 what means that a table of 250k would be enough. I haven't analysed in detail any other game yet, so I won't squeeze the table before being sure that it works.

Regarding the bot, I've decided to use a combined effor, creating 4 different 'tiny' programs.

The first one, will take a several Gigs file generated with MAME's commmand 'trace' and will update the table.

I have created several of these files so I have to make several passes.

Playing a game, when the trace command is on, is almost impossible, luckily I have the Special version of ElSemi (thanks mate).

The second version of the tool will update an existing table with the table that generate the program of ElSemi. Again several passes are needed as I have several tables generated

The third tool is the robot, which will basically analyze the code of the game and will look for all conditional branches (BF, BFS, BT, BTS) and if "we are over one instruccion that it's code" and "the destination branch is not marked as code" then we launch a exploring subroutine that will explore this specific branch.

As you will understand when you are inside a branch, you have to check instruction by instruction until you find something that will stop the lineal execution, which basically means a jmp, a subrutine, a BT, a BF, a RTE, etc. This has a small inconvenient, because the robot sometimes can't determine i.e. the address to which 'JMP R14' is pointing to, so several JMPs, BSRs, JSRs,etc. have to be manually checked with the MAME debugger.

Evern with all that I only got like 70% of the code validated. so I generated a 4th tool that will look through all the memory and will look for all the addresses marked as data that point to any adrress in the range of 06000000-063d0000. At this moment this means 2500 branches that I have to analyze by hand (looking at the dissasembled code) and if they are really code, then include them in a file called "manual.txt" that will use the robot of the 3rd tool to manually analyze those areas.

I hope you all understand the lack of updates due to the long process that this takes. Luckily now I seem to have a procedure and the right tools.

I'll try to get several tables ready before christmas as a present you all CPS3 lovers.

Expect more news soon.