The best way to debug this kind of stuff is with WinDbg/i386kd using a serial cable to a "DEVELOPMENT KIT". The "debug monitor" used to talk to Visual Studio isn't nearly as good as kd at stepping into NT kernel code. It's kinda weird how the Xbox devkits have two debuggers. The kernel debugger for Xbox is the same as the serial-based NT debugger in design. It uses COM1 (port 0x03F8) at 115200/8N1, same as the default serial settings in real NT. If you have only a retail system or a debug kit rather than a development kit, you could theoretically connect something like this to the Xbox's LPC bus to respond to COM1: http://www.ite.com.tw/EN/products_more.aspx?CategoryID=3&ID=5,119
For some unknown reason, my xbox will not load the chihiro version of HOTD 3. Every time it sends me straight back to dashboard, ive unpacked it from 2 different programs etc now using jayroxfox's way and also the old way from page 2. Both folders end up the same size. Only Chihiro game which does this for me
Would it work on top of a modchip? I'd be willing to try this out on my console if the details were worked out but my TSOP is dead and I use a Xecuter 2.6CE modchip to replace it. That's 2 boards now I've had the TSOP die on. What's up with that? Also, I have a brain fart of an idea that most likely isn't possible. what if debuuging tools for logging dumps were made to run on the console in the background while a game is playing? I'm thinking if Chihiro games will work on consoles with with the CPU upgraded then a system could be made to allow for 2 xbe files to run at the same time with a way to switch between them. Have the debugger running and fire the game up on top of it then use a button combo to switch between the game and the debugger. Memory might be an issue since it seems Chihiro games are very specific on how it's used. The CPU upgrade may not be needed if the tool is simple enough. Probably not possible or even worth it... I'll do some research and see about setting up the debug dashboard on my retail console. Perhaps then I can make some crash log dumps and such.
No. Sorry for the confusion. Rest lock up on black screen, hotd3 just boots me straight back to dashboard
Hmm, I'm not sure, actually. Someone electronically-inclined would have to answer that. Can LPC devices simply be connected in parallel and work, or is there some way that they have to be attached if there is more than one device? My guess is that you can do this by just soldering to the same LPC lines on the board that go to the LPC header you installed to connect the mod chip. The LPC bus was designed in the first place to allow low-speed devices from the DOS era to be connected as simply as possibly in as small an area as possible. It's designed to support all the COM ports, serial ports, keyboard port, BIOS ROM (obviously), CMOS NVRAM... at once, potentially all on one chip. Because of that, I think the bus is designed to just have everything sit on the bus in parallel. In fact, they usually are all on one "super I/O" chip on modern boards - if they're there at all. A lot of modern computers don't even bother with some of those things. A much more recent use of LPC is to provide a header onto which you can place a Trusted Platform Module (TPM). If the header pinout is the same, which it very well could be, you could attach it to an Xbox! I wouldn't try this until an electronics person checks it, though, and it would also be completely useless until someone programs a use for it, of course.
That sounds promising. I do remember seeing some time back a documentation some guy did of his Xbox media center project. I do remember seeing that he used an Aladdin modchip and a LCD mod stacked up on top of each other. I'm guessing if that LCD mod thing and a modchip can both work in parallel on the LPC then there wouldn't be any reason a modchip couldn't be stacked with a serial debugger. EDIT: Found the picture I was speaking of. It is indeed the classic LCD mod with an Aladdin modchip on top. Both use a Lattice controller so I don't know if that has anything to do with the parallel functionality.
Someone can help for create a log for JayFoxRox? I have the complet SDK installed in my XP partition but I dont know how to. Thanks
My crash handler works but it's not able to use kernel functions yet, so I can only flash the LED to indicate the error type. The code is also very dirty and causes tons of warnings. So no public release yet. The crash type makes me believe the Virtua Cop 3 crash is caused by a PRINT or KDPRINT related breakpoint, possibly also loading of a section. Unfortunaly I can't move the entire stdlib to the crashhandler. So I'll have to rewrite functions for kernel imports, string formating, file handling, etc. Also I have no way to keep arrays or use functions (yet). (There is also a problem on my xbox with a function which I copied 1:1 from nkpatcher and APILogger. I'm not sure why it would crash on my xbox, all I know is that it does. So if anyone knows why nkpatcher crashes on my 5838 Kernel that'd be nice. I tracked the error down to an "ljmp *(%esp)". I tried CS:EIP (2 bytes, 4 bytes above) and EIP:CS (4 bytes, 2 bytes above) but had no luck. Please PM me - not really related to thread topic.)
I put two High definition video tutorials on how to get Ghost Squad running on an Xbox with 128mb of ram up on youtube so I'm posting the videos here too for anyone that see's this thread, wants to play Ghost Squad, has an Xbox with 128mb of ram but doesn't know how to play it on their Xbox. I would think that if they have a 128mb Xbox they probably know how to do this, but just in case. Here is part#1
The scratchpad links will be gone in a couple of weeks probably - you shouldn't permalink to them. It's also rebooting to dashboard for you because you renamed the xbes. Normally it parses your boot.id and automaticly launches the game. In the future it will either be a full menu which scans for boot.id files in subdirectories of a "ROMS" folder. It might also be a small default.xbe which can be put in the games directory and instantly boots - once you start it it would then attempt to change it's XBE title. I had no idea the audio was wrong and have no idea why.. When I read about it I thought it would be a game bug - but this really looks too serve to be a game bug.
I wanted to note Ghost Squad works on xbox128mb with scart rgb cable! Virtua Cop 3 - still black screen.
The video encoder issues can probably be fixed easily. At least I'd be able to add code that tells the person which cable would work. EIP: 0x800241C8 EAX: 0x00000001 ECX: 0xD0031C38 EDX: 0x00000000 Data: 8B4D08BA00000000CD2DCC8945F88B45F8C9C204 Data: *** Fatal System Error: 0x0000000a (0x00000000,0x00000002,0x00000001,0x8001A020) My crash handler is very dirty but it works.. The second data block is the kernel crash message produced by VC3 on BACKUP DATA CLEAR. It seems to be hanging in RtlUnwind (judging from the export table, but could be somewhere else - probably RTL code though). //Edit: Unless my crash handler is crashing itself: http://msdn.microsoft.com/en-us/library/windows/hardware/ff560129(v=vs.85).aspx According to that the crash happens at 0x8001A020 because it's accessing memory address 0 at IRQL 2 for write access. 0x8001A020 would be kernel offset 0xA020. The next lower import on my kernel is: "[ 198] +base[ 199] f51f Export RVA" which is NtFreeVirtualMemory. I guess we need a proper backtrace for this :/ . //Edit: If anyone has a a collection of kernel map files that'd be great too.
Thanks Jayfoxrox, I renamed my .xbe's back and now it doesn't soft reset. I would like to try a 1gb version of ghost squad and see if the audio problem exists there as well, but I cannot get your tools to work for me. I have been trying for a while now, it's actually quite frustrating.
Works fine for me. [fox@x200t example]$ ./extract-game.sh ghostsqu/gdx-0012a.chd ghostsqu/317-0398-com.data test/ Then aborted once it was decrypting (Starting at "Swapping"): Got 970EFE79CE32AB4A as key Read 496226304 bytes from file! Swapping Process: 100% Decrypting ^C [fox@x200t example]$ ^C Then manually decrypted the 1GB image instead: [fox@x200t example]$ ./decrypt /tmp/chihiro/gdrom/VSG.1GB /tmp/chihiro/image-1gb.fatx 970EFE79CE32AB4A Then extracted the new FATX image (after moving it to my ghostsqu folder for easier access): [fox@x200t example]$ ./extract-fatx ghostsqu/image-1gb.fatx test/ Either follow the steps in my blog directly or reverse engineer your way through the code or the script I have on the block. I can't make it much easier than this at the moment. Anyone with Windows experience can feel free to write a GUI for it though - I believe Windows users don't usually seem to know how to use their terminal / command line. There are a few problems which could result in faulty files though in the tools themself! At least decrypt loads the entire file to RAM. So you need at least as much RAM as the size of your file is. I fixed one of the tools by using mmap I believe. Not sure about the rest (but I'm sure decrypt is poorly coded). Anyone who wants to improve the tools is free to do so - but please give credit and share the source, or even better: send me the new improved version so I can put it on my blog. At some point these will end up on a public repo like github anyway (which is probably even worse for Windows users though?).
I'll write a small tutorial how I did a game other day for windows users . Your right about command lines etc, I just remember some stuff from pre- windows 3.1 days when I knew dos well, I don't know shit now
That would be awesome Boomslangnz, thank you. I can almost get to the very end of extracting a 1gb Chihiro game, I just always get stuck at the part where you are suppose to use the two tools, parse-securityic, and parse-loader. A tutorial for windows users would be much appreciated
