Next Generation Emulation banner

1 - 11 of 11 Posts

·
Registered
Joined
·
80 Posts
Discussion Starter #1 (Edited)
I'm seeking thoughts on the best design of the 'shims' that provide for the Ke* family of kernel mode exports exposed by the xboxkrnl.

Unlike Nt* exports for instance, given the Cxbx operates in user mode in the host Windows environment, we can't simply pass the xboxkrnl Ke* call through to the host ntoskrnl Ke* call. We are unable to call the host Windows environment Ke* call given user mode restrictions.

For background, some description from the OpenXDK project:

The kernel is often referred to as xboxkrnl.exe. The kernel provides a number of functions that you can call (such as NtCreateFile, ExAllocatePool, etc) and from an execution perspective, you can essentially pretend that there is a system DLL called xboxkrnl.exe that exports these functions. Then when you run your application, it imports those function symbols just as though they were accessed from a normal Windows DLL.
In my continued Cxbx development work, there's a few of the Ke* exports that are coming up, these include:

  • KeSetTimer
  • KeSetTimerEx
  • KeDelayExecutionThread*
A full listing of the ~70 Ke* calls can be found here: http://hte.sourceforge.net/doxygenized-0.8.0pre1/htxbeimp_8cc-source.html. Not all are going to be readily called.

It is of note that certain of these, such as KeDelayExecutionThread, can be reasonably rewritten using only user mode calls. This has already taken place in cxbx, but is not readily possible for other Ke* calls.

Do other developers have a view on possible ways forward? i.e.
  • move CxbxKrnl.dll into kernel mode via a rewrite as a driver?
  • implement the troublesome Ke* calls in usermode as best as possible? - As Dxbx has
  • something else?
 

·
Registered
Joined
·
34 Posts
Would be interesting to keep a running list of what kernel functions called directly from games. There is a few causes that I remember from when I was working on CXBX that some of the kernel functions could be avoided simply by emulating the API function the game originally called.
 

·
Linux's worst nightmare..
Joined
·
1,510 Posts
Moving CxbxKrnl.dll into kernel mode via a rewrite as a driver sounds like the best option but Ive gotta wonder why patrickvl and Caustik didnt go that route...
 

·
Registered
Joined
·
80 Posts
Discussion Starter #6
We're seeing these Ke* class of calls most frequently in the utility-style Xbe's. While not readily used within games, emulating these utility tools correctly is important as they are the most unforgiving if the low level memory model and kernel structures are not setup as expected.

From improvements in this area it is possible to ensure greater conformance in our emulator.
 

·
Registered
Joined
·
34 Posts
We're seeing these Ke* class of calls most frequently in the utility-style Xbe's. While not readily used within games, emulating these utility tools correctly is important as they are the most unforgiving if the low level memory model and kernel structures are not setup as expected.

From improvements in this area it is possible to ensure greater conformance in our emulator.
I would love to agree, but I believe the focus should be only on kernel functions that are called by retail games.

I'm currently working on a new method of detecting symbols with an almost 100% detection rate on XDKs we have. Really looking forward to doing a complete write up on this once completed. Though it's crunch time at work so it may be a few weeks until it's completed. Anyways.. Afterwards I had planned to start indexing XBEs and try to come with some statistics, one of those being kernel calls from game code.

Glad you're working on kernel functions in general though, don't get me wrong.. In regards to KeSetTimerEx though, could you possible use SetWaitableTimerEx?
 

·
Registered
Joined
·
196 Posts
Wouldn't it be more useful (long term) to implement it in user-space? Because you'll lock yourself into one single OS (and likely only one or two versions of that OS)...
 

·
Registered
Joined
·
80 Posts
Discussion Starter #9
LoveMHz -- thanks for the pointer to SetWaitableTimerEx. I'll review the similarity on MSDN, but initially I think we can at best use the more basic SetWaitableTimer.

SetWaitableTimerEx is available in Windows 7 on wards.
Even SetWaitableTimer is a Windows XP feature -- so we'd be dropping support for Win2k (probably a reasonable concession now).

Looking forward to hearing more on your symbol detection developments.
 

·
Premium Member
Joined
·
423 Posts
I'm currently working on a new method of detecting symbols with an almost 100% detection rate on XDKs we have. Really looking forward to doing a complete write up on this once completed.
Like Echelon9, I'd love to read more about this!
 

·
Premium Member
Joined
·
6,071 Posts
As I've stated many times in the past, why bother emulating KeSetTimer?

As long as you have a signatures for the functions that call those (i.e. XapiInitProcess ), then you don't have to emulate it.
 
1 - 11 of 11 Posts
Top