import inofficial 1.0.4pre by joshua

2012-06-23 14:19:47 +02:00 · 2012-06-23 14:19:47 +02:00 · 9859b44888
parent 29076d4cef
commit 9859b44888
9 changed files with 615 additions and 558 deletions
--- a/12
+++ b/12
@ -45,19 +45,20 @@ all of the following and much more:
  Wave pattern memory corruption when sound channel 3 is played.
  Pad, timer, divide counter, and other basic hardware registers.
  CGB double-speed CPU mode.
+  Sorting sprites by X coordinate in DMG mode.
+  HALT instruction skipping in DMG mode.
+  CPU stalls during HDMA and GDMA.
+  Configurable color filters to provide more authentic LCD look.

 Aspects not emulated at this time include:

 * Serial IO (link cable).
  Undocumented 'extra' ram in OAM space on Gameboy Color.
-  All Super Gameboy extensions.
+* All Super Gameboy extensions.
 * GBC, HuC1, and HuC3 IR ports.
 * Obscure mappers such as TAMA5.
-  Sorting sprites by X coordinate in DMG mode.
-  HALT instruction skipping in DMG mode.
-  CPU stalls during HDMA and GDMA.

-Only the two marked by * are known to affect the playability of
+Only the ones marked by * are known to affect the playability of
 actual games or demos; the rest are just listed for completeness'
 sake.

@ -128,7 +129,6 @@ Here's a brief list of what may appear in gnuboy in the future:
  Super Gameboy support.
  Serial link over the internet.
  Serial link to a real Gameboy with a custom cable.
-  Configurable color filters to provide more authentic LCD look.
  Custom colorization of DMG games on a per-tile basis.
  Support for more colorspaces in the hardware scaler.
  Recording audio.
--- a/cpucore.h
+++ b/cpucore.h
@ -7,7 +7,7 @@ const static byte cycles_table[256] =
 	1, 3, 2, 2, 1, 1, 2, 1, 5, 2, 2, 2, 1, 1, 2, 1,
 	1, 3, 2, 2, 1, 1, 2, 1, 3, 2, 2, 2, 1, 1, 2, 1,
 	3, 3, 2, 2, 1, 1, 2, 1, 3, 2, 2, 2, 1, 1, 2, 1,
-	3, 3, 2, 2, 1, 3, 3, 3, 3, 2, 2, 2, 1, 1, 2, 1,
+	3, 3, 2, 2, 3, 3, 3, 1, 3, 2, 2, 2, 1, 1, 2, 1,
 	
 	1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 2, 1,
 	1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 2, 1,
--- a/docs/CHANGES
+++ b/docs/CHANGES
@ -9,6 +9,22 @@ GNUBOY CHANGES FILE -- detailed list of all changes made
  For an easy-to-read user-oriented list of major changes in each
  release, please refer to the file WHATSNEW.

+1.0.4-cvs
+fixed a possible out-of-bounds access which could allow a hacked savestate to
+crash gnuboy and possibly run arbitrary code on the host machine. Challenge:
+try to find a way to exploit it
+removed an incorrect restriction on when LY=LYC interrupts can occur, which
+broke at least one game and several PD roms. (extra special thanks to beware
+for helping us track this down!)
+fixed an SDL keymap issue which prevented the keypad '5' key from working when
+num-lock was off
+replaced the channel 4 PRNG tables with a computer-generated PRNG output table,
+as opposed to an approximation based on wavefiles
+fixed the HDMA behavior (properly?), several pinball games developed by 'Left
+Field Productions' now work correctly (thanks to beware for pointing us in the
+right direction)
+fixed GDMA so it consumes cpu cycles properly, now the intro to Magical Drop
+works correctly

 1.0.3
 fixed a typo in the SDL keymap file that kept . from working
--- a/docs/WHATSNEW
+++ b/docs/WHATSNEW
@ -8,6 +8,32 @@



+CVS 1.0.4
+
+Fixed a possible out-of-bounds access which could allow a hacked savestate to
+crash gnuboy and possibly run arbitrary code on the host machine. Challenge:
+try to find a way to exploit it
+
+Removed an incorrect restriction on when LY=LYC interrupts can occur (from 
+0.9.13, possibly to fix montezuma's return or pokemon yellow, though both games
+work fine now without it) which broke at least one commercial game and several
+PD roms. (extra special thanks to beware for helping us track this down!)
+
+Fixed an SDL keymap issue which prevented the keypad '5' key from working when
+num-lock was off
+
+Replaced the channel 4 PRNG tables with a shifter-generated PRNG output table,
+as opposed to the old approximations based on wavefiles
+
+Fixed the HDMA timing behavior (properly?), several pinball games developed by
+'Left Field Productions' now work correctly (thanks to beware for pointing us
+in the right direction)
+
+Fixed the GDMA behavior so it consumes cpu cycles as it should. This fixes the
+intro scene animation in 'Magical Drop'
+
+
+
 RELEASE 1.0.3

 All ANSI C incompatibilities should be fixed. Please report any that
--- a/hw.c
+++ b/hw.c
@ -54,37 +54,12 @@ void hw_dma(byte b)
 		lcd.oam.mem[i] = readb(a);
 }

-
-
-void hw_hdma_cmd(byte c)
-{
-	int cnt;
-	addr sa;
-	int da;
-
-	/* Begin or cancel HDMA */
-	if ((hw.hdma|c) & 0x80)
-	{
-		hw.hdma = c;
-		R_HDMA5 = c & 0x7f;
-		return;
-	}
-	
-	/* Perform GDMA */
-	sa = ((addr)R_HDMA1 << 8) | (R_HDMA2&0xf0);
-	da = 0x8000 | ((int)(R_HDMA3&0x1f) << 8) | (R_HDMA4&0xf0);
-	cnt = ((int)c)+1;
-	/* FIXME - this should use cpu time! */
-	/*cpu_timers(102 * cnt);*/
-	cnt <<= 4;
-	while (cnt--)
-		writeb(da++, readb(sa++));
-	R_HDMA1 = sa >> 8;
-	R_HDMA2 = sa & 0xF0;
-	R_HDMA3 = 0x1F & (da >> 8);
-	R_HDMA4 = da & 0xF0;
-	R_HDMA5 = 0xFF;
-}
+/* COMMENT A:
+ * Beware was pretty sure that this HDMA implementation was incorrect, as when
+ * he used it in bgb, it broke Pokemon Crystal (J). I tested it with this and
+ * it seems to work fine, so until I find any problems with it, it's staying.
+ * (Lord Nightmare)
+ */


 void hw_hdma()
@ -98,6 +73,7 @@ void hw_hdma()
 	cnt = 16;
 	while (cnt--)
 		writeb(da++, readb(sa++));
+	cpu_timers(16); /* SEE COMMENT A ABOVE */
 	R_HDMA1 = sa >> 8;
 	R_HDMA2 = sa & 0xF0;
 	R_HDMA3 = 0x1F & (da >> 8);
@ -107,6 +83,40 @@ void hw_hdma()
 }


+void hw_hdma_cmd(byte c)
+{
+	int cnt;
+	addr sa;
+	int da;
+
+	/* Begin or cancel HDMA */
+	if ((hw.hdma|c) & 0x80)
+	{
+		hw.hdma = c;
+		R_HDMA5 = c & 0x7f;
+		if ((R_STAT&0x03) == 0x00) hw_hdma(); /* SEE COMMENT A ABOVE */
+		return;
+	}
+	
+	/* Perform GDMA */
+	sa = ((addr)R_HDMA1 << 8) | (R_HDMA2&0xf0);
+	da = 0x8000 | ((int)(R_HDMA3&0x1f) << 8) | (R_HDMA4&0xf0);
+	cnt = ((int)c)+1;
+	/* FIXME - this should use cpu time! */
+	/*cpu_timers(102 * cnt);*/
+	cpu_timers((460>>cpu.speed)+cnt*16); /*dalias*/
+	/*cpu_timers(228 + (16*cnt));*/ /* this should be right according to no$ */
+	cnt <<= 4;
+	while (cnt--)
+		writeb(da++, readb(sa++));
+	R_HDMA1 = sa >> 8;
+	R_HDMA2 = sa & 0xF0;
+	R_HDMA3 = 0x1F & (da >> 8);
+	R_HDMA4 = da & 0xF0;
+	R_HDMA5 = 0xFF;
+}
+
+
 /*
 * pad_refresh updates the P1 register from the pad states, generating
 * the appropriate interrupts (by quickly raising and lowering the
--- a/lcdc.c
+++ b/lcdc.c
@ -23,10 +23,10 @@

 void stat_trigger()
 {
-	static const int condbits[4] = { 0x08, 0x30, 0x20, 0x00 };
+	static const int condbits[4] = { 0x08, 0x10, 0x20, 0x00 };
 	int flag = 0;

-	if ((R_LY < 0x91) && (R_LY == R_LYC))
+	if (R_LY == R_LYC)
 	{
 		R_STAT |= 0x04;
 		if (R_STAT & 0x40) flag = IF_STAT;
--- a/mem.c
+++ b/mem.c
@ -31,6 +31,9 @@ void mem_updatemap()
 	int n;
 	byte **map;
 	
+	mbc.rombank &= (mbc.romsize - 1);
+	mbc.rambank &= (mbc.ramsize - 1);
+	
 	map = mbc.rmap;
 	map[0x0] = rom.bank[0];
 	map[0x1] = rom.bank[0];
@ -157,6 +160,9 @@ void ioreg_write(byte r, byte b)
 		}
 		R_SC = b; /* & 0x7f; */
 		break;
+	case RI_SB:
+		REG(r) = b;
+		break;
 	case RI_DIV:
 		REG(r) = 0;
 		break;
@ -428,8 +434,6 @@ void mbc_write(int a, byte b)
 		}
 		break;
 	}
-	mbc.rombank &= (mbc.romsize - 1);
-	mbc.rambank &= (mbc.ramsize - 1);
 	/* printf("%02X\n", mbc.rombank); */
 	mem_updatemap();
 }
--- a/noise.h
+++ b/noise.h
--- a/sound.c
+++ b/sound.c
@ -134,14 +134,14 @@ void sound_off()
 	R_NR30 = 0x7F;
 	R_NR31 = 0xFF;
 	R_NR32 = 0x9F;
-	R_NR33 = 0xBF;
+	R_NR34 = 0xBF;
 	R_NR41 = 0xFF;
 	R_NR42 = 0x00;
 	R_NR43 = 0x00;
 	R_NR44 = 0xBF;
 	R_NR50 = 0x77;
 	R_NR51 = 0xF3;
-	R_NR52 = 0xF1;
+	R_NR52 = 0x70;
 	sound_dirty();
 }

@ -153,6 +153,7 @@ void sound_reset()
 	memcpy(WAVE, hw.cgb ? cgbwave : dmgwave, 16);
 	memcpy(ram.hi+0x30, WAVE, 16);
 	sound_off();
+	R_NR52 = 0xF1;
 }