A Sega Genesis Emulator similar to FCEUX

Talk about development tools here

Moderator: BigEvilCorporation

Post Reply
walker7
Interested
Posts: 45
Joined: Tue Jul 24, 2012 6:27 am

A Sega Genesis Emulator similar to FCEUX

Post by walker7 » Sat Feb 22, 2014 2:59 am

Wouldn't it be great if there was a Sega Genesis emulator that could be considered the counterpart to FCEUX for the NES?

Think of all the FCEUX features:

Cheats
RAM Search
RAM Watch
Debugger
Hex Editor
Trace Logger
Code/Data Logger
PPU/Name Table Viewer (for the Sega Genesis, it's the VDP Viewer)
Game Genie Encoder/Decoder
...and many more.

Some features for the Sega Genesis counterpart might be a YM2612 and PSG viewer, and even a Z80 viewer. Also, this emulator could support multitaps (4-Way Play and Sega Team Player), and many more features.

tomaitheous
Very interested
Posts: 256
Joined: Tue Sep 11, 2007 9:10 pm

Post by tomaitheous » Sat Feb 22, 2014 3:50 am

If you're a hacker or wanting to convert a game back into source (disassembly), CDL support is a MUST. I've used it in fceux to create complete ASM listing of two games.

Bizhawk doesn't support Genesis yet (that I've seen), but recently they added a great CDL function to the emulator. The CDL marks not only if a byte is code or data, but if it's the first byte of the opcode - which means you have a complete map to disassemble from. I let SF2 for PCE run in demo mode over night, logging to the CDL file, and I now have 86% of the rom mapped out (code/data).

And the great thing about CDL files, is that you can share them and append to the them. So multiple people can play the same rom and help with mapping it out (you have to play it in real time to map the file). Savestates and rewind doesn't effect it either.

Every emulated system needs this. From arcade to consoles.

powerofrecall
Very interested
Posts: 237
Joined: Fri Apr 17, 2009 7:35 pm
Location: USA

Post by powerofrecall » Sat Feb 22, 2014 4:49 am

It's frustrating because there are genesis emus that have a few of these features but not others. I run linux these days but most windows genesis emulators run fine in Wine so I use a few.

Regen (debugger version) has some of these. It has a simple 68k debugger with disassembly, register view, breakpoints, tracing/logging, various RAM viewers, simple Z80 disassembler, simple VDP viewer. It has some RAM functions aimed at cheats but not really thorough. It is also sort of buggy, but I use it a lot.

BlastEm has a simple step/breakpoint debugger with the normal features & GDB debugging and it can log addresses that are sent to its code translator. The side effect of this is you can take the list of addresses outputted and adapt it to an IDA Pro script that can be pretty useful in disassembly. It works nicely.

DGen/SDL on linux at least has a nice little debugger. It is a poor emulator, however.

I have used Kega Fusion's cheat finding functions in the past to track down memory addresses to aid in disassembly. The code finder functions work great if you know how to use them. Unfortunately it doesn't have any other useful functions here.

Gens/GS has the old stuff that Gens had. It has one very useful feature--you can hit Ctrl-Backspace to flip the current instruction word at any time. This will almost always cause an exception. A small, kind of silly feature but would be great to trigger exceptions in other emus.

The new Gens Kmod has a lot of useful features and is probably overall the best debug/hacking emulator right now. It probably has the best chance to be "like FCEUX." It has remote GDB and some debug/hack oriented features. It would be a good starting point to build a hacking or developer emulator IMO. Gens has been around and it seems like everyone's hacked on it.

Exodus is definitely the closest to what you are wanting and it is very accurate. It is, however, also very slow. It's like the old saying--if you want to eat elephant, you have to pay the freight. It is accurate, has awesome debugging and basically all the peeping features you'd want, the active disassembly is super great. All it is missing is supporting gdb or the ability to import watchers or some kind of symbols for debugging.

powerofrecall
Very interested
Posts: 237
Joined: Fri Apr 17, 2009 7:35 pm
Location: USA

Post by powerofrecall » Sat Feb 22, 2014 4:52 am

tomaitheous wrote: Bizhawk
How have I never heard about this?

I'd love to hear more info about this CDL thing.

walker7
Interested
Posts: 45
Joined: Tue Jul 24, 2012 6:27 am

Post by walker7 » Sat Feb 22, 2014 5:35 am

With what method is the screen drawn in FCEUX? Is it done by DirectX, or something else? And what does Gens use?

Mask of Destiny
Very interested
Posts: 594
Joined: Thu Nov 30, 2006 6:30 am

Post by Mask of Destiny » Sat Feb 22, 2014 8:05 am

BlastEm does have some basic VDP debugging features as well. Pressing the [ key will cycle through VDP debug modes. There were 3, but 2 got temporarily removed when I was reworking things in preparation for OpenGL support. The one that is currently working will show what layers different parts of the display come from. Background pixels are grey, plane A pixels are red, window pixels are blue, plane b pixels are green and sprite pixels are purple. Shadow pixels are darkened and highlight pixels are brightened in this mode.

The two that are currently missing but will be reintroduced when I have the time display tile data from RAM and the current palette entries.

Additionally, there are some basic VDP debugging commands available from the 68K debugger. vr will print the value of most VDP registers along with an explanation of what the current settings do. vs will print the current sprite list.

I'm open to requests for further debugging features. Watchpoints and tracepoints are on my todo list since they're needed for full GDB support and I rather miss watchpoints in my own usage. Support for time travel debugging which would allow you to reverse the execution of the program while debugging is also something I would like to experiment with at some point.

r57shell
Very interested
Posts: 478
Joined: Sun Dec 23, 2012 1:30 pm
Location: Russia
Contact:

Re: A Sega Genesis Emulator similar to FCEUX

Post by r57shell » Sat Feb 22, 2014 1:44 pm

walker7 wrote:Think of all the FCEUX features:
Check out my "Gens-rerecording r57shell Mod". Also, here is my translation: http://i.imgur.com/DkCeEfm.png
v - supports, x - not supports, ? - see comment

v Cheats (Game-Genie/PAR with Right-Mouse-Click remove which is really useful)
v RAM Search
v RAM Watch
v Debugger
? Hex Editor (only Hex Dump)
v Trace Logger
v Code/Data Logger (code only)
x PPU/Name Table Viewer (for the Sega Genesis, it's the VDP Viewer)
x Game Genie Encoder/Decoder
v VRAM (VDP tiles set)
v VDP Sprites
v VDP Layers Toggle
x VDP Registers
v Lua Scripts (with breakpoint from script feature)
v Z80 Debug (a little buggy)
x YM2612 Viewer
x PSG Viewer

It exists a few years, but popular only in Russian Romhacking, because I don't take any effort to run across the internet and yell Check Out My Cool Emulator.

More exactly, First release was 22 Marсh 2010, and it was Gens-rr 11a with M68k Debug with: breakpoints (without callstack), registers, and code only. And with RAM Dump.
Latest is 13 February 2013.
Mask of Destiny wrote:BlastEm does have some basic VDP debugging features as well.
Is there windows version available?
Image

tomaitheous
Very interested
Posts: 256
Joined: Tue Sep 11, 2007 9:10 pm

Post by tomaitheous » Sat Feb 22, 2014 3:25 pm

powerofrecall wrote:
tomaitheous wrote: Bizhawk
How have I never heard about this?

I'd love to hear more info about this CDL thing.
It's a very simple idea and execution. The emulator creates a large Byte array, that's equal to the size of the rom. Each byte in the array corresponds to a byte in the rom address. So it's a map of the rom. Each bit in the byte represents how that data was accessed. For instance, D0= code, D1=data, D8= first byte of opcode. Other bits can represent how the data was accessed; directly, indirectly, indirectly for a jump table, etc.

The CDL is mapped in real time, so you need to play the rom in an emulator from start to finish, to map it out. You need to do as much as possible; dieing, alternate paths, 2 players, etc - whatever.

The CDL format needs to be specific for the target system. Things like how the data was accessed in length, would be essential for Genesis IMO (so instead of just 1 bit for data, use 2 bits - so you can know if the data was accessed as a byte, word, or long). Stuff like that.

Bizhawk actually has an option to write a disassembly output for you, of the current CDL state (in case you don't want to write your own app to do this). CDL is different than simply trace logging, in that you just care about how the rom is mapped out and a disassembly of it. Where as a trace logger is to give you an insight into what the registers and such, contain at the time of logging the disassembly.


r57shell: You wrote that? I pretty sure that's what I used, a few years back for Genesis debugging stuffs.

tryphon
Very interested
Posts: 316
Joined: Sat Aug 17, 2013 9:38 pm
Location: France

Post by tryphon » Sat Feb 22, 2014 3:49 pm

It's more or less what Exodus' Active Disassembly does, isn't it ?

With the advantage that Exodus' output is usable with IDA IIRC.

It's indeed a great feature.

Exodus is by far the best Genesis emulator for hacking purposes that I ever used. Its defaults so far :

- too slow (because of accuracy, which isn't really needed for hacking)
- perfectible ergonomy (we should be able to define "Perspectives" that open several tools at once)
- some bugs
- some unsupported games (Psy-O-Blade, Ninja Burai Densetsu, Street Fighter 2,...)
- not compatible with Gens saves (widepsread over the Internet)
- not open source (which prevents fixing this list bugs without bothering Nemesis too much :) )

r57shell
Very interested
Posts: 478
Joined: Sun Dec 23, 2012 1:30 pm
Location: Russia
Contact:

Post by r57shell » Sat Feb 22, 2014 5:11 pm

tomaitheous wrote:r57shell: You wrote that? I pretty sure that's what I used, a few years back for Genesis debugging stuffs.
If you speak about my mod...
I wrote not emulator, I wrote debug features for it.
Image

Mask of Destiny
Very interested
Posts: 594
Joined: Thu Nov 30, 2006 6:30 am

Re: A Sega Genesis Emulator similar to FCEUX

Post by Mask of Destiny » Sat Feb 22, 2014 9:42 pm

r57shell wrote:
Mask of Destiny wrote:BlastEm does have some basic VDP debugging features as well.
Is there windows version available?
Not yet, but there's a reasonable chance that there will be for the next release. 32-bit CPU support is partially done (emulator is working with the Z80 disabled) which is one of the things I wanted to finish before adding Windows support.

powerofrecall
Very interested
Posts: 237
Joined: Fri Apr 17, 2009 7:35 pm
Location: USA

Post by powerofrecall » Sat Feb 22, 2014 10:19 pm

tomaitheous wrote:
powerofrecall wrote:
tomaitheous wrote: Bizhawk
How have I never heard about this?

I'd love to hear more info about this CDL thing.
bizhawk
It sounds a lot like Exodus' active disasm but probably more usable. My problem with Exodus is I'm on an older Core 2 and it only gets about 20fps at best. So it's hard to sit down and play a game to try to get it to go through as much of its code path as possible if the game is running at 1/3 speed. :)

CDL sounds like it would be simple to hack into other emulators like Gens. Hell, MoD, would it be possible (well, by that, I mean not too difficult) to add this to BlastEm? Even a raw dump of a CDL table could be useful to me.

Mask of Destiny
Very interested
Posts: 594
Joined: Thu Nov 30, 2006 6:30 am

Post by Mask of Destiny » Sun Feb 23, 2014 9:05 am

powerofrecall wrote:. Hell, MoD, would it be possible (well, by that, I mean not too difficult) to add this to BlastEm? Even a raw dump of a CDL table could be useful to me.
Recording what size date is accessed as would be pretty straightforward. Tracking jump table data is a bit messier. I'm not sure I see knowing whether a certain address contains an extension word is useful since that's easy to figure out once you have instruction start addresses.

r57shell
Very interested
Posts: 478
Joined: Sun Dec 23, 2012 1:30 pm
Location: Russia
Contact:

Post by r57shell » Sun Feb 23, 2014 11:09 am

powerofrecall wrote:CDL sounds like it would be simple to hack into other emulators like Gens.
Did you see my post? My mod supports it.
Also, you can play replay (full walkthrough) for this purpose.
Mask of Destiny wrote:Recording what size date is accessed as would be pretty straightforward.
Yes, but it's not easy to interpret correctly. Many games using different access to same data. For example read long to read two words (for example coordinates x, y).
Image

powerofrecall
Very interested
Posts: 237
Joined: Fri Apr 17, 2009 7:35 pm
Location: USA

Post by powerofrecall » Sun Feb 23, 2014 3:58 pm

r57shell wrote:
powerofrecall wrote:CDL sounds like it would be simple to hack into other emulators like Gens.
Did you see my post? My mod supports it.
Also, you can play replay (full walkthrough) for this purpose.
So it does! Very good.

Post Reply