MS-DOS software to find x86 emulation bugs?

Emulation of old PCs, PC hardware, or PC peripherals.

MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-6-30 @ 16:33

Anyone got some good ideas for games to run to find emulation bugs? Afaik it should be running correctly(theoretically), but various software(Windows 95 and up, Windows 3.0 in 386-enhanced mode,All Linux in general(except minix 2.0.*)) all seems to crash, probably being a CPU emulation bug.

Anyone got some good games for testing if it's running correctly?
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby leileilol » 2019-7-01 @ 05:09

Eradicator
Halloween Harry/Alien Carnage (non-freeware releases)
Heartlight PC
Lemmings
One Must Fall 2097
Oxyd
Super Star Wars (leaked after being cancelled) or Earthworm Jim 1/2 (DOS, same engine)
Trucks
Tubular Worlds
Turrican 2
Zone Raiders
by the way, DOSBox is not for running Windows 9x
User avatar
leileilol
l33t++
 
Posts: 9808
Joined: 2006-12-16 @ 18:03

Re: MS-DOS software to find x86 emulation bugs?

Postby xjas » 2019-7-01 @ 07:11

leileilol wrote:Zone Raiders


I played lots of this on DOSBox back in the 0.6x days. What does it do that's difficult to emulate?
User avatar
xjas
l33t
 
Posts: 2151
Joined: 2015-9-07 @ 02:29

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-07 @ 22:20

After a full day(12 hours) of implementing and fixing bugs with cue sheet and it's backend data files in UniPCemu(a new feature I just implemented), I'm now directly installing Earthworm Jim from a cue/bin disk image :D No more converting them over to ISO disk images anymore :D

That opens up a whole other can of worms (the 386+ emulation diagnostics software) ;p

Edit: Didn't speak a moment too soon! During it's setup, copying movie.exe (the top progress bar filled 1/3rd) it crashes back to the MS-DOS prompt, being unresponsive! It did manage to copy over a few little things, though(setup.exe and 1 or 2 other files).
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby BloodyCactus » 2019-7-07 @ 22:27

all the dos packers + scramblers that exercise all the opcode tricks you can imagine.
--/\-[ Stu : Bloody Cactus :: http://kråketær.com :: http://mega-tokyo.com ]-/\--
User avatar
BloodyCactus
Oldbie
 
Posts: 905
Joined: 2016-2-03 @ 13:34
Location: Lexington VA

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-07 @ 22:27

But this means I can now try my older games as well(Quarantine II - Roadwarrior), which couldn't be used due to being a bin/cue disk image! :D
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby BloodyCactus » 2019-7-07 @ 23:48

run soft-ice, qemm97 or netroom 3 (with the helix cloaking technology)

games -> ultima7, zone66,
--/\-[ Stu : Bloody Cactus :: http://kråketær.com :: http://mega-tokyo.com ]-/\--
User avatar
BloodyCactus
Oldbie
 
Posts: 905
Joined: 2016-2-03 @ 13:34
Location: Lexington VA

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-08 @ 05:27

Tried installing Quarantine II - Roadwarrior. The setup fails about 10% in, with a Disk read error? (It's a cue/bin disk image I ripped from my physical disk)

Is something more required to convert the 2352-byte sectors to 2048-byte sectors other than copying byte 0x10 and onwards(for a total of 2048 bytes) to the input buffer? Is more processing needed in the case of 2352-byte sectors? Perhaps the physical disk was a bit damaged through time and it needs some kind of error correction?
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-08 @ 20:56

After fixing various bugs, Road Warrior now seems to at least install without issues. :D
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-08 @ 21:23

Trying to run rw.exe(as it tells me to do after the install), it shows the Dos/4GW banner, then "MSCDEX NOT LOADED", "real buffer address: 16270" and a message about vesa support being required and to make sure to install it's video drivers, returning me to the MS-DOS prompt?

But MSCDEX is working properly afaik? I ran the CD-ROM install.exe using it, which succeeded?

Does it need something special to load mscdex properly?
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-08 @ 21:54

Harry gives a "runtime error 200 at 029c:0162" then proceeds to run properly?

Oxyd seems to start properly...

Edit: It seems to have some weird kind of effect on the bottom screen? Like some scanline rendering effect going wrong/mistimed(think 8088MPH intro rollover or raster racing effects being mistimed). I see the top part working properly, the bottom part blinking white/black screens? I'm currently running on an ET4000 emulated graphics card.

Edit: The main menu too. Switches between all white and normal bottom?
Edit: Perhaps it's the Turbo Pascal speed problem(the 200 error)? It's a 3MIPS Pentium after all?
Last edited by superfury on 2019-7-08 @ 22:18, edited 3 times in total.
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-08 @ 22:17

Btw already ran QEMM 7.0. It so far ran fine on the Pentium emulation(with V86 mode extensions turned on).

Edit: Super Star Wars seems to run properly too.
Edit: Tubular worlds... Still starting up...
Edit: Image moving into screen... Cyberlegion cadets Preparing for battle There is no way back on front...
Edit: So far so good. Pressing escape...
Edit: Scrolling in man during 1P mode, shows bits of the right border at the left border of the screen(a few pixels wide)?
Edit: Vulcan world selection(?) seems fine?
Edit: Ah, mouse controls. Worked fine. Shooting using left mouse button works. Enemies destroyed properly, score effective!
Edit: Escape gives Game over properly.
Edit: Also zooming in main menu text works.
Edit: Exit to Dos works.

Btw just ran The Elder Scrolls Arena(TES I) two days ago. When returning to MS-DOS, it seems to hang saying it returns to it on the screen(cursor at second or third row column 0)?

Edit: MS-DOS still doesn't seem to handle a disk change of the CD-ROM drive well? When changing the disk(using Dosbox's timing and rough algorithm to eject,insert,spinup,spindown) it seems to pretty muvh hang for a while executing 'dir', only after a long while complaining about the drive not being ready, after which a R)etry will read the new disk?
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-09 @ 05:44

Hmmm.. Earthworm Jim 1's setup.exe still seems to crash to the MS-DOS prompt at the opposite of MOVIE.EXE now(instead of a little bit(about 1/8) into the start of the file, it's about 1/8 from the end of the file now.
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-17 @ 13:30

Just tried using Ultimate Boot CD 5.3.8 on my 80486 emulation. Each and every application errors out when starting. It keep getting either when loading the image,
Code: Select all
failed: Error 0
linux.c32: Boot aborted!


Trying to load DiskCheck v4.3.0:
Code: Select all
Loading /boot/syslinux/memdisk... ok
Loading /ubcd/images/diskcheck.iso.gz... ok
syslinux_boot_linux() failed: Error 0
linux.c32: boot aborted!
boot:


Then after the "boot:" you an type commands or press <enter>/<carriage return> to return to the boot menu.
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-17 @ 15:05

Just tried Zone 66. It almost immediately crashes on what seems to be a #GP fault for interrupt 21 ran from V86 mode? It tries to switch stacks to a PL0 stack, which is invalid, causing a double fault, thus triple faulting eventually on that INT 21h instruction?

Edit: TR is 0x20, with a base of 0x8C and a limit of 0xFFFF? The triple fault happens at 0F88:0503 in V86 mode?

The interrupt(21h) isn't present, so it tries to throw a #GP(010A) fault to the V86 monitor.
It's a CPL 3, so it tries to switch stacks to a CPL 0 stack(new CPL 0, faults handled as external).
It reads it's CPL0 SS:ESP from the TSS at address 0x8C(the INT 23h handler?). Offset 4 of that 'TSS'(MS-DOS IVT?) contains the used SS:ESP, which is read from address 0x90 in physical memory(Paging isn't enabled) for ESP, which is 0e3a0155, then SS after that (address 0x94), which becomes 0x42E5? That's a very wrong data block being read right there? It's in the middle of the MS-DOS IVT, reading the IP,CS of vector 24h as ESP, then IP of vector 25h as SS? That cannot be correct?
Of course, since that value is so strange, loading it into SS throws a #TS(42E5), which becomes a double fault instead(remember the #GP fault for the interrupt handler?), which of course still can't switch stacks, thus triple faulting the CPU!

Edit: This is what happens:
debugger_zone66starting.7z
Zone 66 starting in MS-DOS 6.22 until triple fault reboot.
(1.99 MiB) Downloaded 3 times


Edit: Btw, Ultima VII The Black Gate seems to run without issues(only forgot to load mouse.com though, so went without mouse and only cursor keys(SLOW!) and the left Ctrl key for confirmation(and terminating the app).

Thinking about what it's reading there, it might be the main payload of the zone66.exe file?
Code: Select all
03:49:00:70.04768: Interrupt 13=0070:00000774@025A:0BEB(CD); ERRORCODE: FFFFFFFE
025a:00000be9 CD 13 int 13   RealRAM(p):00003195=51(Q); RAM(p):00003195=51(Q); Physical(p):00003195=51(Q); Paged(p):00003195=51(Q); Normal(p):00000bf5=51(Q); RealRAM(p):00003196=06(); RAM(p):00003196=06(); Physical(p):00003196=06(); Paged(p):00003196=06(); Normal(p):00000bf6=06(); RealRAM(p):00003197=1e(); RAM(p):00003197=1e(); Physical(p):00003197=1e(); Paged(p):00003197=1e(); Normal(p):00000bf7=1e(); RealRAM(p):00003198=07(); RAM(p):00003198=07(); Physical(p):00003198=07(); Paged(p):00003198=07(); Normal(p):00000bf8=07(); Paged(w):00001a8d=46(F); Physical(w):00001a8d=46(F); RAM(w):00001a8d=46(F); RealRAM(w):00001a8d=46(F); Paged(w):00001a8e=02(); Physical(w):00001a8e=02(); RAM(w):00001a8e=02(); RealRAM(w):00001a8e=02(); Paged(w):00001a8b=5a(Z); Physical(w):00001a8b=5a(Z); RAM(w):00001a8b=5a(Z); RealRAM(w):00001a8b=5a(Z); Paged(w):00001a8c=02(); Physical(w):00001a8c=02(); RAM(w):00001a8c=02(); RealRAM(w):00001a8c=02(); Paged(w):00001a89=eb(?); Physical(w):00001a89=eb(?); RAM(w):00001a89=eb(?); RealRAM(w):00001a89=eb(?); Paged(w):00001a8a=0b( ); Physical(w):00001a8a=0b( ); RAM(w):00001a8a=0b( ); RealRAM(w):00001a8a=0b( ); RealRAM(r):0000004c=74(t); RAM(r):0000004c=74(t); Physical(r):0000004c=74(t); Paged(r):0000004c=74(t); RealRAM(r):0000004d=07(); RAM(r):0000004d=07(); Physical(r):0000004d=07(); Paged(r):0000004d=07(); RealRAM(r):0000004e=70(p); RAM(r):0000004e=70(p); Physical(r):0000004e=70(p); Paged(r):0000004e=70(p); RealRAM(r):0000004f=00( ); RAM(r):0000004f=00( ); Physical(r):0000004f=00( ); Paged(r):0000004f=00( )
Registers:
EAX: 0000025d EBX: 00000000 ECX: 0000813e EDX: 00000a81
ESP: 000008af EBP: 00000002 ESI: 00000522 EDI: 0000097d
CS: 025a DS: 0070 ES: 0f88 FS: 0000 GS: 0000 SS: 011e TR: 0000 LDTR: 0000
EIP: 00000be9 EFLAGS: 00000246
CR0: 00000000 CR1: 00000000 CR2: 00000000 CR3: 00000000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 00000008f466ffff IDTR: 000000000000ffff
FLAGSINFO: 00000000000000vr0n00odItsZ0a0P1c


So, that would be address 0x400 of zone66.exe? It's loaded at physical address 0x101FD...

Hmmm... That's in the middle of said copied block, not at the top?

The offending block copy starts at F880 instead? Why isn't the destination EDI properly used? Hmmm.... It's zeroed when it starts... Strange... It's 0 instead of 97D...

It's cleared about right after the start of the INT13 CALL?
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-19 @ 13:37

Just tried Windows 95 OSR 2.5('c') on UniPCemu. It seems to hang due to a 0F03(LSL) instruction being executed in real mode? That isn't supposed to happen?

Edit: After fixing a slight bug on IRET from PL0 to PL3(Normal PM, not V86 mode) to properly use it's stack from PL0 instead of trying to access it through paging as a PL3 stack(which of course fails due to PL0 not being accessable to PL3) when popping SS off the stack(which faulted due to it being done as a PL3 read instead of a PL0 read), it continues like all other Windows 95 versions(A,B,C now all do the exact same thing): crashes into a BSOD at 0137:6622 instead of infinitely hanging at said location!
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-19 @ 16:23

Yay! Progress! After making sure enough free hard disk space is left and fixing a small POP SS bug (during IRET/RETF to a lower privilege level) to properly use the PL0 stack (instead of faulting from it, see last post), Earthworm Jim now properly installs without crashing! :D

Edit: Just tried using MOVIE.EXE from the EWJ install directory. It tells me that "Your VGA board doesn't support 640x480x256" for the ET4000 emulation???

EWJ1.EXE seems to run properly. I see no faults running it (ignoring exception 7h for FPU emulation).

I do see it trying to run CD-ROM audio commands on the CD-ROM drive(which aren't supported), which of course error out, but other than that, it's running fine :D

Edit: Other than that, Earthworm Jim seems to be running fine(as well as having fixed the installer just now). :D
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-19 @ 18:34

Tried Windows 95 setup again. Still a fault a RETF to 00E0:140C? That happens from a CPL of 3, thus faulting to the OS handler?

Is that supposed to happen?

Edit: It happens at 0367:5F92.
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: MS-DOS software to find x86 emulation bugs?

Postby TheMLGladiator » 2019-7-19 @ 19:05

leileilol wrote:Lemmings

It's surprising how difficult it is to get an original, uncracked version of Lemmings running correctly on anything but a DOS-based system because of the drm. Even the cracked versions have all kinds of flickering and color issues under DOSBox.
User avatar
TheMLGladiator
Newbie
 
Posts: 68
Joined: 2018-7-10 @ 11:43

Re: MS-DOS software to find x86 emulation bugs?

Postby superfury » 2019-7-20 @ 10:45

Interestingly enough, looking into the 'E0' case, I don't see any jump, call or IRET from segment E0 to segment 367? So there's probably something going wrong in executing segment 367?

Hmmmm... Interestingly, when searching upwards for the same ESP being used last time, I see ESP becoming said value(from 00000FEA to 00000FEC) during a 0FFF instruction(that throws a #UD)?
The invalid E0 value seems to be in paged(/physical) memory at address 0032600e?
superfury
l33t
 
Posts: 3231
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Next

Return to PC Emulation

Who is online

Users browsing this forum: No registered users and 1 guest