So - it was a warm day more than a year ago. At that time I was still a freelancer-contractor working in Bordeaux, France porting some nameless game to PS3 for a big company starting with the letter U. Going through the debugger for the n-th time and looking at the assembly (actually useful thing on PS3) I realized that I'm starting to remember the numerical values the opcodes for the specific instructions :)
This soon triggered a thought - well, maybe it will be cool to write a disassembler for PS3, just for fun. Sounded like a good idea for a weekend project :) Since I was able to find much more resources for Xbox360 (and Windows) rather than PS3 I eventually decided to try doing this for that platform.
Idea was to be able to take a compiled executable for Xbox360 (however obtained :P) understand its internal structure, disassemble it into valid assembly instructions, understand them and create some kind of representation I would be able to run/emulate. The PowerPC CPU that is powering the Xbox360 is a rather simple RISC processor so I know it was on the threshold of being doable in spare time, but since I didn't do any proper feasibility study for that project I expected to hit a wall pretty soon.
So, to put it in the right perspective:
- I needed to understand the unknown and undocumented proprietary XEX format
- I need to find a way to decrypt it (yep, seemed scary)
- I needed to get to whatever is inside (I was expecting typical PE/EXE file inside)
- Write disassembler that will turn bytes into understandable instructions (500+ instructions)
- Find a way to convert those instructions into something runable or write a VM for emulator
- Reimplement kernel and other functions in the hosting environment (to mimic OS)
- Find out how is the GPU exactly working and how communication with it works
- Find out the command buffer structure that the GPU is using
- Decompile shaders and recreate them in HLSL
- Emulate enough of GPU's functionality in DX11 and finally get something on the screen.
So, after a year of sparse work on this project it finally runs good enough end-to-end.
The tool was mostly a fancy IDE where I could preview the dissasembled code but mostly I was using this tool to investigate traces from the application runs (trace file contained a history of every instruction executed by the CPU with full information about registers' values).
I hope I will be able to do more work on this and eventually run simple game (2D). I decided to share what I currently have because I believe that the whole project is interesting enough for sharing and to be honest - I require some motivation to push it forward.
I will describe each part in next posts.
I'm moving stuff from P4 to GitHub and I will make sourcecode for this public.
This soon triggered a thought - well, maybe it will be cool to write a disassembler for PS3, just for fun. Sounded like a good idea for a weekend project :) Since I was able to find much more resources for Xbox360 (and Windows) rather than PS3 I eventually decided to try doing this for that platform.
Idea was to be able to take a compiled executable for Xbox360 (however obtained :P) understand its internal structure, disassemble it into valid assembly instructions, understand them and create some kind of representation I would be able to run/emulate. The PowerPC CPU that is powering the Xbox360 is a rather simple RISC processor so I know it was on the threshold of being doable in spare time, but since I didn't do any proper feasibility study for that project I expected to hit a wall pretty soon.
So, to put it in the right perspective:
- I needed to understand the unknown and undocumented proprietary XEX format
- I need to find a way to decrypt it (yep, seemed scary)
- I needed to get to whatever is inside (I was expecting typical PE/EXE file inside)
- Write disassembler that will turn bytes into understandable instructions (500+ instructions)
- Find a way to convert those instructions into something runable or write a VM for emulator
- Reimplement kernel and other functions in the hosting environment (to mimic OS)
- Find out how is the GPU exactly working and how communication with it works
- Find out the command buffer structure that the GPU is using
- Decompile shaders and recreate them in HLSL
- Emulate enough of GPU's functionality in DX11 and finally get something on the screen.
So, after a year of sparse work on this project it finally runs good enough end-to-end.
The artifacts in the background are due to the bad EDRAM resolve (I'm working on GPU emulation ATM).
This screen although simple shows that all of the elements of the application are working (to some extent):
- XEX dissassembly, code reconstruction and recompilation, hosting app with xbox kernel emulation (threads, semaphores, events, IRQ, DPC, APC), GPU shader decompilation (although simple ATM), GPU command buffer decompilation, translation and execution using DX11 API.
Various parts are missing or plugged with fakes but all in all I'm happy with the result.
What's interesting most of the work went into debugging why stuff isn't working as expected and I ended up with quite complicated tools just to make finding bugs faster:
The tool was mostly a fancy IDE where I could preview the dissasembled code but mostly I was using this tool to investigate traces from the application runs (trace file contained a history of every instruction executed by the CPU with full information about registers' values).
I hope I will be able to do more work on this and eventually run simple game (2D). I decided to share what I currently have because I believe that the whole project is interesting enough for sharing and to be honest - I require some motivation to push it forward.
I will describe each part in next posts.
I'm moving stuff from P4 to GitHub and I will make sourcecode for this public.
DISCLAMER: This project IS NOT COMERCIAL IN ANY SENSE, it's fully done for personal fun and amusement. All the knowledge and media used in development of this project were obtained from public internet and the original references will be provided when applicable.
Brak komentarzy:
Prześlij komentarz