David Haywood's Homepage
MAME work and other stuff

New Legend

November 15, 2017 Haze Categories: General News. 40 Comments on New Legend

Internal Rom was dumped for Knights of Valour 2 New Legend

KOV2NL KOV2NL
KOV2NL KOV2NL
KOV2NL KOV2NL
KOV2NL KOV2NL
KOV2NL KOV2NL
KOV2NL

looks like it might need sprite zoom adding for characters in grass.

*edit* Added zooming etc. also optimized the driver, which is now faster than that stupid dangerous hack-emu too.

haven’t played much of the game to see if it crashes at all yet.

Go to article.. »

Progress Post

November 7, 2017 Haze Categories: General News. 38 Comments on Progress Post

fixed up some bugs in the ARM core, identified IRQ controller, located palette…

Warning

other layers aren’t yet emulated, but you can already see the palette uploads for what is running eg. the IGS logo
IGS Logo Palette

If you wait a while you get the ingame HUD for attract mode
HUD

located the background tilemap data, not added to video mixing yet, but can see tilemap RAM content in tilemap viewer
background

found sprite list. sprites use 1 rom for ‘mask’ (1bpp shape) and another for colour (5? bpp palette) Similar to PGM1, but not the same as the offsets to both are in the sprite list this time. hooked up the 1bpp mask data for now.
sprites
sprites
sprites
sprites
sprites
sprites

started hooking up colour data to the sprites, giving them detail, not quite right yet

sprites
sprites
sprites
sprites
sprites

worked out the slight scramble on the colour data

sprites
sprites
sprites
sprites
sprites
sprites
sprites

improved various things about the sprites, still some issues with y-flipped sprites tho
sprites
sprites
sprites
sprites
sprites
sprites

Metallic added preliminary sound, as I can’t demonstrate this in screenshots here’s a quick video

started adding in the background layer (priority still wrong) and fixed the y-flipped sprites. still the odd sprite issue (actually looks like the badly coloured sprite in the 2nd to last screenshot should just be hidden by the bg and never seen) sprite zoom not yet implemented either. Metallic also made further sound improvements.

sprites
sprites
sprites
sprites
sprites
sprites

emulated sprite priorities, fixed a few other sprite bugs. most (all?) the features of the video needed by Oriental Legend 2 are now emulated, so it’s looking pretty good. made a new video

added linescroll effects

linescroll sprites
linescroll sprites
linescroll sprites
linescroll sprites
linescroll sprites

although annoyingly the game still seems to crash at this point.. even with no hacks etc. I’ve seen videos of the hacked build doing this too, so bit of a mystery at this point, maybe another ARM bug?

linescroll

While I came up with a crude hack to work around the above crash (which probably isn’t safe) I’ve been unable to find a real solution yet, although the game is playable past this point with the hack.

PGM2 dumping is likely to resume on Wednesday, maybe having proper dumps of some of the other titles will throw more light on the issue.

Go to article.. »

Doing things properly…

November 6, 2017 Haze Categories: General News. 6 Comments on Doing things properly…

Morten Shearman Kirkegaard and Peter Wilhelmsen built an FPGA based board that plugs into the program ROM socket on a PGM2 board.

Doing this allows direct control over what the IGS036 CPU reads, and allows us to monitor all bus signals to and from the external ROM.

The hardware setup they created looks like this


PGM2 hardware setup

With this, and existing knowledge of the encryption scheme they were able to modify the code running on the board while it was running, thus allowing their own code to be injected. Code was added to read the internal ROM space at 0x0000 to 0x3fff, as we didn’t know how the video hardware worked at this point the value read was then used as an offset to read into external rom, the bus signals were monitored meaning we could translate our external rom read offset back into the byte value for each address in the internal rom. This proved successful. Surprisingly, unlike the later PGM1 games there wasn’t even an Execute Only area on the PGM2 CPU being read (Oriental Legend 2) so they managed to get a complete dump.

All the actual dumping was done without the PGM2 board hooked up to monitor / display, but instead simply by looking at what the FPGA was sending back. (Earlier testing to get the setup built obviously did make use of an actual monitor)

Anyway, it was easy enough to see some of the startup strings in the internal ROM.



Hooking this up to MAME revealed a few things, first of all the internal ROM code really doesn’t like the ARM7/ARM9 MMU implementation; it could be different here, so for the time being I’ve disabled it if the CPU type is IGS036. That allowed a few basic devices to be hooked up, which gave the following




After that the code rather jumped into the weeds, clearly there are other ARM9 bugs in MAME, as the code flow below shows



Obviously it shouldn’t be jumping straight back into the middle of a BL (HI) / BLX (LO) combo. This one seems relatively easy to fix, it was simply adding 4 to an address where it should add 2.

Even with that fixed, the code ends up going off the rails tho. More investigation is needed, but this is a good start.

btw, if anybody has “Jigsaw World Arena” or “Puzzle of Ocha / Ochainu No Pazuru” we could do with borrowing them. They used to sell for dirt cheap relative to the other PGM2 titles at the time (around $250 – $300) but lately they haven’t been showing up for anything like that. They’re single board PGM2 games that were only distributed in Japan to the best of our knowledge. The internal ROM is different for every game, so they will need dumping using the methods outlined here. Apart from those 2 boards we have access to at least one of each other game (although AFAIK only the China regions – internal ROM controls the region)

Further note, please don’t post links to that ghastly hack of MAME with badly hacked in PGM2 support, it’s loaded with anti-debugger nasties, has no source and it doesn’t seem safe to run (it blew up my VM image) and is entirely the wrong way of going about things. The point of the work being done here is to actually get it done as it should have been done.

Go to article.. »

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close