Agemo Debuger
last updated at 2006-07-20
===========================
===========
0. Credits
===========
This debugger is a mod of PCSX, open source, thanks PCSX Team.
debugger author: Agemo / agemo@163.com
===============
1. Installation
===============
. pcsx's plugins and bios is same to epsxe. my recommanded plugins:
Graphic: pete soft, windows 400x300
Sound: no sound
Keyboard: Segu Direct Input Keyboard. inactive window can input keys, very useful.
. PCSX menu
configuration-> CPU -> Enable Interpreter Cpu
if you don't check this option, all debug functions(such as break point) don't work.
the debugger is slower than normal PCSX. but is enough for debugging.
===============
2. Function List
===============
. pause/resume CPU
as it is.
. Dump
dump files to directory ".\Dump\"
ram.bin Main Memory(2MB)
vram.bin Video Memory(1MB)
bios.bin BIOS(512KB)
* before dump, you must pause cpu first.
. Load
load file ram.bin to PSX Main Memory.
* this debugger doesn't provide a build-in memory editor,
but you can dump to file, then use your favorate hex editor (I use winhex)
finally load file back to memory.
. ASM Log
log executed instructions to file ".\asm.txt"
* normally, this log function is cooperate with other function.
Clear button is clear this log file. and when debugger start, this log is cleared also.
. Break on pc =
instruction break point. specify address in right textbox,
when cpu execute to this address, break point comes.
address is in HEX format.
when you changed break point, you will see information such as:
"wait for pause on pc 80003C5D"
* to modify a break point, uncheck then re-check it.
. Break on Mem Write
when data in specified mem range is modified, break point occurs.
right two text box is range of low-bounder and high-bounder.
it can be used to monitor any address, such as DMA registers address
. Break on Mem Read
when data in specified mem range is read, break point occurs.
. Break on Mem address = value
when data in specified mem address is set to "specified value", break point occurs.
"specified value" is a single byte.
. Exec To / Exec
in this row, textbox(readonly) in most left is "total exec instrunctions counter".
I call it "total inst." for short.
load instant save(F3) will set it to 0.
the following textbox is input you value ( decimal digits ).
press button "Exec To", break point when "total inst." is equal to "textbox value".
press button "Exec", break point after exec "textbox value" instruction.
then if you set value to 1 then press Exec, it's step.
. ] VRAM Viewer
VRAM Viewer is a standlone tools, in ".\dump\vram.exe"
it can see vram.bin, and support all psx video format, and CLUT.
. GPU Upload break
when Memory data upload to VRAM, break point occurs.
you can get memory address from, and upload to where in VRAM.
it's very useful, can trace all textures in vram come from.
. GPU Chain break
log GPU draw prims to gpu.log
gpu.log format:
0CED74:48 - F3 (87, 130)-(87, 146)-(163, 146) RGB( 0, 40, 0)
0CED74: prim address in main memory
48 : prim type
following is explain. F3 is triangle, and sprite is used to draw textures
everything in screed is draw in "prims", for more information about prims,
please check gpu.txt.
. CDROM Read monitor
as it is. The output information is
cdrom $80045800 <- 64:53:06($473f7), 2048 bytes
$800B88E0 load address from cdrom (hex)
64:53:06 cdrom positon in format min:second:sector (see iso9660 standards)
$473f7 cdrom LBA, absolute sector number(hex). iso_offset = LBA * 0x930
2048 bytes read bytes, normal is one sector which is 2048 bytes.
* if you use winhex to view iso file (raw 2352 format)
from sector offset 0x18 begin, following 2048 bytes is data area.
for more information, check iso9600 documents.
. SPU Upload Bread
if something upload to SPU memory, break point
. align check
memory alignment check (for example, LH is align with 2, LW is align with 4)
if your hack code access unaligned address, emulator works, but real ps is dead.
=============
3. Example
=============
. modified PS Main memory
pause cpu->dump
use winhex to edit "dump\ram.bin"
this file offset 0 is equal to memory 0x80000000
when you done, load -> resume cpu
. trace back
for example, when some break point occured, you want to know what have been executed before,
the you need this function.
use emulator's Save(F1),load(F3)
+
debugger's "total inst."
you can do it.
1. emulator F1 then F3 (set "total inst." to 0)
2. break on mem write
3. resume
3. when break point occured, remember current "total inst." value.
4. emulator F3 (set "total inst." to 0 again)
5. use "exec" to execute to before.
then you can enable "asm log" to get all instruction
. Segu's Keboard plugin
inactive window can input keys
for example you know when you press 'Circle' button, game will read some memory area
1. emulator F1 then F3 (set "total inst." to 0)
2. break on mem read
3. press Circle button (don't release)
4. resume cpu, the break point occures
. tricks to view asm log
I use UltraEdit to view asm log.
for example you see a line asm which read memory "0003c724"
80014934 : LW 00040000 (a0), c724 (00040000 (v0)) [0003c724]
then want to know memeory 0003c724 is writed in where
UltraEdit double click "80067c01" to choose it, then Ctrl-F3 find forward
you will see this address
(if you can't find, maybe your asm log is not included that, try break on mem write to trace)
=================
4. Known Problems
=================
. memory break point doen't break in DMA read(write)
if you find some memory area is modified, but break mem write can't break it
so it maybe in DMA. if data is read from cdrom, use cdrom break point.
. in debugger's disasm window, when you step trace, maybe some error in jump code
solution is use asm log. asm log result is all correct.
|