The basic theory behind Cxbx is use of HLE (High Level Emulation), and extremely efficient direct code execution. Since the Xbox 360 uses an Intel Pentium processor, a large percentage of the code (most importantly, the code that tends to eat up the CPU) can be executed directly. This means there is no need for DynaRec (Dynamic Recompilation), which saves alot of CPU and RAM. Emulators such as UltraHLE and Project64 have proven that High Level Emulation is a really great way to achieve high performance. Cxbx takes this idea and, because of the Xbox's architecture, takes it to the next level by combining it with direct code execution. The result is speed and accuracy.
Xbox Architecture Research
The first step to creating an Xbox 360 Emulator was determining the hardware and software systems used by the Xbox 360. Since the Xbox 360 is pretty much a PC dressed up like a console, the hardware component was easy enough. The software side was a bit more complicated. The Xbox 360 uses a stripped down and partially modified Windows 2000 Kernel. The Xbox 360 also only executes a single process at a time.
In order to emulate an Xbox 360 game, it is necessary to simulate the game's environment. For the Xbox 360, this means making the game believe that it is running on a very specific set of PC hardware, running a very specific operating system. The operating system is simulated by intercepting kernel function calls, and wrapping them around existing NTDLL functions within Windows 2000 and Windows XP. The specific hardware is simulated by intercepting code that is known to touch the hardware at the lowest level possible. For Direct3D, this means simulating the Direct3D API by wrapping it around the windows Direct3D API.
In order to give an Xbox 360 game the chance to execute, it must first be loaded as a new process, with specific environmental requirements. This task was accomplished by analyzing the XBE (Xbox Executable) file format, and finding a suitable conversion to the PE (Windows Exe) file format. During the time this conversion was being programmed, the XBE File Format was documented.
It is also necessary to prepend crucial initialization code at the beginning of the converted executable, in order to analyze the loaded XBE file and hijack all necessary functions. This is done by appending a special section to the executable, and altering the entry point.
The basic purpose of the Xbox 360 operating system is to provide Xbox 360 games with a stable and efficient environment to run inside of. Typically, the closest an Xbox 360 game programmer will get to the hardware is through the Xbox 360 Kernel's API interface. Cxbx takes over this interface, and mimics the expected behavior of the Xbox 360 operating system. Much of the API is wrapped almost directly around the Win2k/XP NTDLL interface. This is very efficient, and leaves very little overhead.
In addition to the Xbox 360 Kernel API interface, Xbox 360 games use statically linked libraries that directly access the NVidia chip and other hardware components. In order to allow an Xbox 360 game to run on a PC, these libraries must be located, intercepted, and emulated and/or wrapped around existing Windows API. If you are familiar with IDAPro, the concept of FLIRT libraries is very similar to the technique used by Cxbx. Taking advantage of the fact that even relocatable libraries have distinguishing characteristics, Direct3D and other APIs can be located inside of the virtual address space of a loaded XBE file, hooked, and emulated.
Direct3D is a complex system in itself. In addition to this complexity is the added optimizations provided on the Xbox 360 system. Since it is safe for the developer to assume a very specific set of hardware, many pieces of code are literally removed by an optimizing compiler. Other pieces of code have changed in significant ways from Windows Direct3D. There are also many Xbox 360 specific features which must be emulated, including hardware specific precompiled texture formats, vertex and pixel shaders, CPU optimized routines, texture swizzling, special alpha ops, etc. In order for a game to not only run but look good, these features must be accurated emulated.
No comments:
Post a Comment