Modified k052591 PMC emulation to reflect how the real programs work #11992
Conversation
spy: Confirmed projection function constants, more accurate collision check without the need for special case handling thunderx: Simplified collision check, fixed object flags updates hexion: Added special 16-byte VRAM clearing command Added comments to PMC program dumps
src/mame/konami/hexion.cpp
Outdated
| int bank = m_unkram[0] & 1; | ||
| memset(m_vram[bank], m_unkram[1], 0x2000); | ||
| m_bg_tilemap[bank]->mark_all_dirty(); | ||
| uint8_t command = m_pmcram[0]; | ||
| if (command <= 1) | ||
| { | ||
| memset(m_vram[command], m_pmcram[1], 0x2000); | ||
| m_bg_tilemap[command]->mark_all_dirty(); | ||
| } | ||
| else | ||
| { | ||
| memset(m_vram[m_pmcram[4]] + ((m_pmcram[3] << 8) + m_pmcram[2]), 0, 16); | ||
| m_bg_tilemap[m_pmcram[4]]->mark_all_dirty(); | ||
| } |
There was a problem hiding this comment.
You’ve removed the mask on the video RAM bank here – that causes a potential heap smash. You should also do a mask or bounds check on the offset when doing the 16-byte clear as there’s nothing to stop it smashing memory off the end of the area the way it is now.
| uint8_t bank = m_pmcram[4] & 1; | ||
| memset(m_vram[bank] + (get_u16le(&m_pmcram[2]) & 0x1fff), 0, 16); | ||
| m_bg_tilemap[bank]->mark_all_dirty(); |
There was a problem hiding this comment.
There’s still a potential heap smash here – consider what happens if (get_u16le(&m_pmcram[2]) & 0x1fff) is 0x1ff8.
There was a problem hiding this comment.
Fixed on my side. Should I submit a new pull request ?
| run_collisions(s0, e0, s1, e1, cm, hm); | ||
| // set flags | ||
| p1[0] = (p1[0] & 0x8f) | 0x10; | ||
| if (p1 > (uint8_t*)0xe6) // This address value is hardcoded in the PMC program |
There was a problem hiding this comment.
@furrtek this pointer comparison won't work since &m_pmcram[0] is not 0.
If I read your disasm correctly, it's (&p1[4] >= &m_pmcram[0xe6]), but then collisions don't work anymore.
There was a problem hiding this comment.
Maybe p0[4] instead of p1[4], but then I see another issue where the address value in the US version is $136 instead of $E6,
…amedev#11992) * Modified k052591 PMC emulation to reflect how the real programs work * spy: Confirmed projection function constants, more accurate collision check without the need for special case handling * thunderx: Simplified collision check, fixed object flags updates * hexion: Added special 16-byte VRAM clearing command * Added comments to PMC program dumps * Use multibyte.h functions, variable scope and type cleanup
…amedev#11992) * Modified k052591 PMC emulation to reflect how the real programs work * spy: Confirmed projection function constants, more accurate collision check without the need for special case handling * thunderx: Simplified collision check, fixed object flags updates * hexion: Added special 16-byte VRAM clearing command * Added comments to PMC program dumps * Use multibyte.h functions, variable scope and type cleanup
Small changes based on silicon reverse-engineering.
spy: Confirmed projection function constants, more accurate collision check without the need for special case handling
thunderx: Simplified collision check, fixed object flags updates
hexion: Added special 16-byte VRAM clearing command
Not sure if mentionning an URL to the documentation in comments is the right thing to do.