Just tried Pinball Illusions on UniPCemu. It gives a stack fault(stack exception in the description) instead:
The attachment 541-Pinball Illusions stack exception.jpg is no longer available
This is on my Compaq Deskpro 386 emulation(80386 processor).
Simplified common emulator log:
The attachment debugger_pinballillusions_stackfault_UniPCemu20180518_1927.zip is no longer available
It even looks like it's throwing multiple stack faults after each other(fault handling throwing stack fault?)
Edit: Looking further up the log, there's a #GP fault(#GP(0)) which eventually throws a stack fault. Said #GP fault is a address-size overridden XLAT using the CS segment(instruction bytes 2E 67 D7)?
So it's executing a XLAT CS:[EBX+AL], where EBX=0x2AC7, AL=0x69. So it's reading a byte at CS:2B30?
Looking at the interrupt cause(internal emulator flag for verifying the kind of fault that's the cause of the exception when accessing memory parameters), it says the cause is cause 3, which is a system segment access rights breach(Code, execute-only(w/(w/o)conforming) being read by the instruction as data. CS has access rights 0x9B, which means code, nonconforming, executable and readable, not accessed and valid.
So there's definitely a problem with my emulator's protection handling there. It shouldn't do that on reads, since it's executable and readable?
Edit: It seems the protection module itself works fine. It's the XLAT instructions(both 16-bit and 32-bit versions) that were faulty: it was checking memory against a write(for the memory operand) instead of a proper read.
Edit: Now I see it continuing until loading offset 0x48B4E(Which according to the screen is the value of EDI)? I see it's faulting on a MOV instruction. Odd...
The attachment 544-Pinball Illusions GP fault.jpg is no longer available
Edit: It seems to be using FS:EDI to address the MOV to write. It's an 8-bit MOV. The instruction that's decoded is 0x64 67 88 07. According to onlinedisassembler.com, it's an MOV BYTE PTR FS:[EDI],AL instruction. The cause of the fault is a limit violation(cause #6). The FS descriptor contains 0004933b74a08b4b(little endian format of the 64-bit descriptor that's loaded). So the limit is 0x48B4B. The EDI registers contains 0x48b4e, so a clear limit violation. Now the question: why is EDI 3 higher than the limit? Some substraction going wrong? Or too much added somewhere?
The attachment 546-Pinball Illusions GP fault.jpg is no longer available