Over the past few months, I've been tinkering with trying to get the leaked xbox xdk alpha kit running in a virtual machine. At first, I had read over several attempts to get the software running on systems of the era (2000-2001). Most issues had to do with the graphics board needing to be a specific device. First, I acquired the ISO for build 3146, which is somewhat easy to find on the internet. I went about creating a virtual machine, setup with 128MB ram, like the original dev systems. I tried booting the ISO, like you normally would with any other ISO. Initially, I got a wonderful black screen with a cursor. At least that's something. I then configured the VM with a virtual serial port. I then piped the output from the virtual serial port into WinDbg, just to see if any debug output came out of the virtual machine. Sure enough, it connects just fine, and gives some output on what's going on. Ok, so we can start debugging the kernel, right? No, not really. Sure, this gives some insight as to what's wrong, but not much - by this point, the kernel has entered a bugcheck, and cannot get out (as far as I understand it, anyway). The next step to figuring out how to 'boot' the kernel was to load the xboxkrnl.exe kernel into a dis-assembler. I personally use IDA, since it makes following the dis-assembly easy, and since I don't already know Assembly, and I'm not a programmer. At this stage, I found that the kernel initiates a check very early on to verify that the video card is an nVidia device, by comparing the vendor ID of the card in the system to 0xDE10, which is, incidentally, nVidia's PCI Vendor ID. If this condition is not met, the kernel enters a bugcheck (BSOD on Windows). I found that I could effectivley jump over this detection code, and force the kernel to load even if the device doesn't match. It's at this point that I started delving deeper into the kernel, deeper into the loops that run while booting, to load drivers. It's at this point that I'm now stuck. Some of my notes from when I was deciphering the asm for the first bit - So, to get other users up to the point that I've gotten, I've got a handful of patches that seem to bypass the checks that the kernel performs - At this point, the bugcheck occurs later on in the driver init code (as far as I've gotten, anyway). During the driver init code, however, there is ANOTHER check for the video device - I'm mainly posting this to help fuel me in my pursuit, and also as a means of backing up my work, making it public, and maybe to inspire others to try where others have failed. I'm no ASM master, and have a lackluster grasp on programming, at best. This past weekend was the most productive time I've had with this project. I should note here - the kernel itself seems to be expecting to see two system files in the system root, nv4.sys, and coverage.sys, of which do not exist in the ISO file on the server here, nor anywhere else. It seems that those two files are either not needed, or, if they are, are the reason for the failure I'm having in the first place. Also, the ISO cannot be modified by any normal means - no editor seems to work right, as it corrupts the CDBOOT functionality - I've ended up having to edit the files by hand in a hex editor (see code section "(ISO Instructions") above). If I need to inject driver files into the ISO, I will need to add the files directly into the ISO's TOC by hand, and point to the data tacked on to the end of the iso (since I'm not sure how to go about inserting such data into the ISO in the first place). So, that's where I'm at with this. Anyone else want to help get this running? I feel that if we get it running, we may be able to find a way to eventually emulate xbox games on PC.
You shouldnt need any other files than what is on the disk, in terms of getting it to boot on a normal alpha environment anyway. There aren't any missing files or anything of that sort, I dumped the CD myself and have installed it on clean harddrives without issue.
That's the thing - I don't have the hardware, nor do I want the hardware I'm taking this to the next level - virtualizing the software more-so than the hardware; I've looked into creating fake devices, but there doesn't seem to be any real documentation regarding this on the various virtualization options out in the wild. I started on vbox, and moved everything over to vmware - specifically a vmware 4.x environment (albeit, running in vmware 10). The idea is to be able to run the xdk samples within a virtual machine, in a semi-native xbox mode. There's currently a fork of Qemu, called xqemu, which is able to boot the xbox rtm bios - this project I've gotten myself into is to sort of bridge the gap between the alpha xbox software and the final rtm software. It's also a great way to learn x86 assembly (especially since I have no idea what I am doing in that arena). Great to verify that there's no missing files, since the kernel references those files, but they aren't in the ISO in the first place (at least, not in .sys format - they do appear to be loaded from the .data section of the kernel).
I'll have to look at my notes when I get home later, if I have time. I'm quite busy lately ... When I rebuilt the alpha my first debugging was also done using a VM and kernel debugger. IIRC it ended up not loading very far because of the chipset that was being emulated.
From what I've read up on the work of getting Xbox games to run on a PC the main problem is in the video driver. Most if not all of the security checks have either been removed or faked to pass. The emulation always seems to have some sort of video related problems. Getting the kernel to run isn't hard either since the structure is pretty close if not just like a x86 PC. I could be wrong since it has been a long time ago I checked into this...
Ah sorry if I came off a bit hostile. Thanks for confirming my suspicions. I've got to dig into the .data section of the kernel and try to see what exactly it's loading as a driver, if not just a simple vga driver. I suspect that's the case, and all the checks in place are just to ensure that developers didn't share the alpha recovery software with people that didn't have the rights to it in the first place.
What may help you - depending on the recovery version, check out the ISO's El torito boot sector. Later versions are an entire xbox bios image loaded into ram.
Not yet. I've actually gone back to see how Microsoft's boot image works within the ISO, so I can try and install the contents of the Cd to a hard drive image, which will make these patches a lot easier to apply. I'm basically starting from no background in programming or assembly, so it's gonna take a while before I get further. As for this particular build of the alphakit kernel, it seems to be the simpleist - no proper 3d acceleration, or at least everything seems to be hard-coded - no video drivers aside from instructions in the .data section of the kernel. I want to try and extract those instructions before going any further, so I can determine if there's a way to push in my 'driver' for the virtualized 3d acceleration to work.
I over thought this. Just today, on a whim, I replaced the bytes in the ISO that identify the vendor id of the video card from 'DE10' to 'FFFF', and the kernel gets as far as initializing the filesystem drivers before crashing. It even initializes some DirectX code, along with processing texture data Now to find a way to get it to display something in the vm screen. At least windbg leaves me hoping for more.
Nice bump from the past. Perhaps the others who are working on getting Xbox on the PC might be helpful for your project. Try contacting JayFoxRox. He has made the Chihiro arcade Ghost Squad run full game on the Xbox with his Chihiro loader tool. He is also interested in getting a successful Xbox emulator going in MAME. Perhaps his wisdom might be of help.
