Game-compatibility: Forza Motorsport [MS-110] [1.01]

_From @BiatuAutMiahn on January 14, 2017 19:50_

EmuX86 is required, i see these more than any other error in testing over 100 different games/homebrews

_From @LukeUsher on January 14, 2017 20:10_

EmuX86 errors in the current build usually mean that the HLE database is missing some symbols required for the game to run.

The issues have nothing to do with EmuX86, except for the fact it is called when a function accesses invalid memory, EmuX86 is only useful for LLE emulation, which is not yet completed. Seeing EmuX86 warnings in HLE mode (the only mode that is currently functional) usually means the game will not work until we update the HLE database

True. We're switching back and forth between working on LLE and HLE code. LLE does nothing as of yet, we're currently laying the groundwork so to speak. HLE is much more mature, but still requires much more work before a decent amount of software can be emulated.

_From @BiatuAutMiahn on January 15, 2017 21:9_

Are you planning a blended HLE/LLE emulation? Or are you thinking LLE will take precedence?

_From @LukeUsher on January 15, 2017 21:18_

We will always HLE emulate the xbox os/kernel, that way we do not need a BIOS dump or encryption keys to run, however the plan is to LLE emulate the hardware.

In addition to what Luke said, we're planning to keep the HLE code fully functional, at least until the LLE code path offers identical or better compatibility.

For now, we'll have 3 experimental flags:
1 for LLE GPU (graphics),
1 for LLE APU (sound) and
1 for LLE JIT (a speed up on LLE).

Enabling JIT without enabling GPU or APU LLE won't have any effect (this may change in the future).

To clarify even further: Cxbx contains at least four types of HLE;
1: Native code execution. The CPU is not emulated, code is executed as-is most of the time. This is a major speed benefit of Cxbx over other Xbox emulators that emulate the CPU, like xqemu and MAME
2: HLE kernel. As Luke said, Cxbx contains (and will keep using) its own implementation of the Xbox kernel (currently incomplete and largely implemented using the host Windows NT DLL). Xqemu might do this too in the future, and implementations could be shared between the projects. Cxbx has pioneered this, and currently offers a much more complete set of Xbox kernel API signatures than Open XDK and nxdk.
3: HLE graphics. Cxbx contains code that search and replaces rendering code present in an Xbox executable. This is unreliable at best and hard to maintain and extend.
4: HLE audio. Same as HLE graphics above, but for sound.

The experimental LLE modes, when enabled, will switch off the HLE part, and try to emulate the hardware accesses instead, much like what any other emulator does.

Since Cxbx does not emulate the CPU but executes code as-is, accesses to Xbox hardware cause access violations. Without the HLE patches active, the LLE mode catches such access violations, and interprets the access in order to emulate the hardware. Handling access violations costs a lot of CPU power, so will be slow.

The experimental JIT mode will try to speed up the LLE code, by replacing CPU instructions that cause access violations on-the-fly with a dynamically generated piece of replacement code that will handle hardware accesses. This prevents the instruction to cause any further access violations, which will result in a major speed up.

This approach, when running on decent hardware, can lead to emulation speeds far exceeding the speed of the original Xbox.

_From @BiatuAutMiahn on January 16, 2017 1:28_

@LukeUser, Right, that would seem to be the best approach.
@PatrickvL, Just to be sure, JIT being Just In Time, right?
@PatrickvL, Right, a long time ago digging into halo2's XBE, i has looking for string and discovered many references to window's system files, and paths like C:\ or D:\ with was beyond interesting as i figured that the xbox software was definitely window's based, upon further investigation I read that it was based on Windows 2000, however on every attempt to convert it to an exe, including blushogun's cxbx, it would never run. But what i find interesting now (which i never knew of back then) is that we can just use window's itself to exec most of the calls as the xbox actually used to use an x86 processor. And on the contrary to what most people think (emulating a console would need like x10 the processing power to achieve playable games, and with the xbox being at like 700MHz, it's impossible). The software is literally window's based, so all we really need is a wrapper for the Xbes.

@BiatuAutMiahn To some extend you're right about XBE's being somewhat like regular Windows 2000 executables, but there's more to it. For example, don't forget that Xbox-specific hardware is being addressed, which requires much more then just "a wrapper". Statements like that could be (mis)interpreted as if emulating the Xbox on Windows is an easy job. Let me assure you: it's not! Cxbx has been in development (on and of) for over 15 years already, and look at where we're now : hardly running anything, really. So please, don't misinform the masses ;)

_From @LukeUsher on January 16, 2017 9:18_

There are a few key differences between the Xbox kernel and Windows:

The Windows Kernel is a multi-tasking operating system, where the Xbox kernel can only run a single process.

The Windows Kernel has a security model preventing software from accessing hardware directly, the Xbox doesn't include this and Xbox titles are allowed to directly access hardware.

Hardware drivers and libraries such as DirectX are compiled into the games on the Xbox, rather than being part of the operating system,

Additionally, some key data structures like the PCR are slightly different, so even Kernel calls need some work, we cannot directly use the Windows functions.

_From @BiatuAutMiahn on January 17, 2017 4:7_

@PatrickvL, @LukeUsher, Right, I don't mean to mislead, and you are very correct, those were just assumptions from along time ago when I first hit the scene. One way I use to think of this was: these XBE's somehow ran in Ring 0, so lol...I attempted to run it in dos. I know very well that the Xbox is hard to emulate, just look at the maturity of the other emulators out there, they already got PS2, Wii, WiiU, PS3, and the 360. But I personally back this project more than the others. I'll stop thread-jacking

_From @jarupxx on February 3, 2017 11:53_

This software can be started with the initial version 67c37fee (Press F11 on black screen).
Apply fake kernel header comes afa9d02 fails to start.

There is a log here.
67c37fee, afa9d02 and the latest version 068386c are included.
https://github.com/jarupxx/cxbx_log/blob/master/Forza.zip

Thanks for these details. Actually, there are more commits between those two - could you find out (bisect) which exact commit caused Forza to fail?

_From @jarupxx on February 4, 2017 0:47_

I am convinced exact commit afa9d02e caused it.

I make the following supplementary exam.

3848ff6 - fail
57681ab - success

57681ab is lastest commit for Forza to success.
3848ff6 is fail, because the HLE database was deleted.

I modified commit.

3f70ed9 (one commit before afa9d02e) Added the HLE database in 3848ff6 - success
57681ab Added afa9d02e - fail

Okay, I think I understand your reasoning. I don't have Forza, so until I have a copy, someone else will have to look into this.

Or are there other games / homebrew that fail because of this same commit???

_From @jarupxx on February 5, 2017 8:14_

I read Xbe.txt and noticed that (PE) Stack Commit has 0x00020000. As far as I know this value is usually 0x00010000. Therefore, there is a possibility of assigning a fixed value.

Can Cxbx-Reloaded be set with the correct value? If not, let's squash this issue.

That sounds like a separate issue, we should treat it as such, by creating another issue with the relevant details. This way, we don't pollute issues too much, and give everyone an opportunity to fix low hanging fruits.

_From @jarupxx on February 5, 2017 9:55_

I patched Stack Commit to. Xbe file with 57681ab. Nothing changed. I was a wrong report...

_From @TotalCaesar659 on July 28, 2017 20:59_

Re-test for checking a progress.
Crash:

KrnlDebug.txt
KrnlDebug2.txt

Forza Motorsport .xbe dump: Xbe.txt

Tested on build 131ce6da (Oct 25 2017).

Crashes during boot.

Screenshot:

Kernel Debug file: KrnlDebug.txt

Nice latest update progress (650f895d). Anyone know how to skip this:

With enabled LLE GPU shows intro, and then crash

KrnlDebug.txt

This latest update is breathe taking, though.

KrnlDebug.txt
Xbe.txt

As of Build 13de4f1 (May 11 2020), the game now shows a little bit of a loading screen before giving us the damaged disc error. (On a little earlier build it just goes straight to damaged disc error)

I am not getting a damaged disc error, but I am also not getting anything beyond a black screen

KrnlDebug.txt

The title id for this one is MS-110 1.01

Hi, with latest version (5-oct-20) it is not possible to run the game. I have the screen "There's a problem with the disc you're using. It may be dirty or damaged"