IBM Casino Games booter crashes DosBox-X

darkstar commented 3 years ago

Code of Conduct & Contributing Guidelines

[X] I agree to follow the code of conduct and the contributing guidelines.

Have you checked that no other similar bug report(s) already exists?

[X] I have searched and didn't find any similar issues.

What operating system(s) this bug have occurred on?

Windows 7

What version(s) of DOSBox-X have this bug?

0.83.18 SDL2 64bit

Describe the bug

When booting the IBM casino games booter, after starting the game, DosBox-X immediately crashes after playing the first few notes of the title tune. I attached the game here. casino.zip

DosBox-X closes too fast to copy out the console log

Expected behavior

No response

Steps to reproduce the behaviour

Boot the attached IMG file: boot casino.img
Press 1 or 2 to selecto color or b/w
Press ENTER on the adjustment screen
Press ENTER on the IBM logo
watch DosBox-X crash

Used configuration

[sdl]
fullscreen        = false
fulldouble        = false
fullresolution    = desktop
windowresolution  = 1280x960
windowposition    =
display           = 0
output            = opengl
videodriver       =
transparency      = 0
maximize          = false
autolock          = false
clip_mouse_button = right
clip_key_modifier = shift
clip_paste_bios   = default
clip_paste_speed  = 30
sensitivity       = 100
usesystemcursor   = false
mouse_emulation   = locked
mouse_wheel_key   = -1
waitonerror       = true
priority          = higher,normal
mapperfile        = mapper.txt
usescancodes      = auto
titlebar          =
showbasic         = true
showdetails       = false
showmenu          = true

[log]
logfile     =
debuggerrun = debugger

[dosbox]
language                  =
title                     =
fastbioslogo              = false
startbanner               = true
bannercolortheme          = default
dpi aware                 = auto
quit warning              = auto
working directory option  = default
working directory default =
show advanced options     = false
resolve config path       = true
hostkey                   = mapper
mapper send key           = ctrlaltdel
ime                       = auto
synchronize time          = false
machine                   = svga_s3
captures                  = capture
autosave                  =
saveslot                  = 1
savefile                  =
saveremark                = true
forceloadstate            = false
a20                       = mask
memsize                   = 16
nocachedir                = false
freesizecap               = cap

[render]
frameskip      = 0
aspect         = true
char9          = true
euro           = -1
doublescan     = true
scaler         = normal3x
glshader       = none
pixelshader    = none
autofit        = true
monochrome_pal = green

[pc98]
pc-98 BIOS copyright string     = false
pc-98 fm board                  = auto
pc-98 enable 256-color          = true
pc-98 enable 16-color           = true
pc-98 enable grcg               = true
pc-98 enable egc                = true
pc-98 bus mouse                 = true
pc-98 force ibm keyboard layout = auto
pc-98 try font rom              = true
pc-98 anex86 font               =

[dosv]
dosv        = off
getsysfont  = true
fontxsbcs   =
fontxsbcs16 =
fontxdbcs   =
fontxdbcs14 =
gbk         = false
yen         = false
fepcontrol  = both

[video]
vmemsize                = -1
vmemsizekb              = 0
high intensity blinking = true

[vsync]
vsyncmode = off
vsyncrate = 75

[cpu]
core       = normal
fpu        = true
cputype    = 386
cycles     = 8000
cycleup    = 500
cycledown  = 500
turbo      = false
apmbios    = true
isapnpbios = true

[keyboard]
aux                     = true
allow output port reset = true
controllertype          = auto
auxdevice               = intellimouse

[ttf]
font         =
fontbold     =
fontital     =
fontboit     =
colors       =
outputswitch = auto
winperc      = 60
ptsize       = 0
lins         = 0
cols         = 0
wp           =
bold         = true
italic       = true
underline    = true
strikeout    = false
printfont    = true
blinkc       = true

[voodoo]
voodoo_card   = auto
voodoo_maxmem = true
glide         = false
lfb           = full_noaux
splash        = true

[mixer]
nosound         = false
sample accurate = false
swapstereo      = false
rate            = 44100
blocksize       = 2048
prebuffer       = 10

[midi]
mpu401          = intelligent
mpubase         = 0
mididevice      = default
midiconfig      = 0
samplerate      = 44100
mpuirq          = -1
mt32.romdir     =
mt32.model      = auto
fluid.driver    = default
fluid.soundfont =

[sblaster]
sbtype                       = sb16
sbbase                       = 220
irq                          = 7
dma                          = 1
hdma                         = 5
enable speaker               = false
sbmixer                      = true
oplmode                      = auto
oplemu                       = compat
oplrate                      = 44100
oplport                      =
retrowave_bus                = serial
retrowave_port               =
hardwarebase                 = 220
goldplay                     = true
blaster environment variable = true

[gus]
gus               = false
gusrate           = 44100
gusmemsize        = -1
gus master volume = 0.00
gusbase           = 240
gusirq            = 5
gusdma            = 3
gustype           = classic
ultradir          = C:\ULTRASND

[innova]
innova     = false
samplerate = 22050
sidbase    = 280
quality    = 0

[speaker]
pcspeaker    = true
pcrate       = 44100
tandy        = auto
tandyrate    = 44100
disney       = true
ps1audio     = off
ps1audiorate = 22050

[joystick]
joysticktype = auto
timed        = true
autofire     = false
swap34       = false
buttonwrap   = true

[mapper]
joy1deadzone0- = 0.60
joy1deadzone0+ = 0.60
joy1deadzone1- = 0.60
joy1deadzone1+ = 0.60
joy1deadzone2- = 0.60
joy1deadzone2+ = 0.60
joy1deadzone3- = 0.60
joy1deadzone3+ = 0.60
joy1deadzone4- = 0.60
joy1deadzone4+ = 0.60
joy1deadzone5- = 0.60
joy1deadzone5+ = 0.60
joy1deadzone6- = 0.60
joy1deadzone6+ = 0.60
joy1deadzone7- = 0.60
joy1deadzone7+ = 0.60
joy2deadzone0- = 0.60
joy2deadzone0+ = 0.60
joy2deadzone1- = 0.60
joy2deadzone1+ = 0.60
joy2deadzone2- = 0.60
joy2deadzone2+ = 0.60
joy2deadzone3- = 0.60
joy2deadzone3+ = 0.60
joy2deadzone4- = 0.60
joy2deadzone4+ = 0.60
joy2deadzone5- = 0.60
joy2deadzone5+ = 0.60
joy2deadzone6- = 0.60
joy2deadzone6+ = 0.60
joy2deadzone7- = 0.60
joy2deadzone7+ = 0.60

[serial]
serial1       = dummy
serial2       = dummy
serial3       = disabled
serial4       = disabled
serial5       = disabled
serial6       = disabled
serial7       = disabled
serial8       = disabled
serial9       = disabled
phonebookfile = phonebook-dosbox-x.txt

[parallel]
parallel1 = printer
parallel2 = disabled
parallel3 = disabled
parallel4 = disabled
parallel5 = disabled
parallel6 = disabled
parallel7 = disabled
parallel8 = disabled
parallel9 = disabled
dongle    = false

[printer]
printer     = true
dpi         = 360
width       = 85
height      = 110
printoutput = png
multipage   = false
device      = -
docpath     = .
fontpath    = FONTS
openwith    =
openerror   =
printdbcs   = auto
shellhide   = false
timeout     = 0

[dos]
xms                             = true
xms handles                     = 0
shell configuration as commands = false
hma                             = true
hard drive data rate limit      = -1
ansi.sys                        = true
log console                     = false
share                           = true
file access tries               = 0
network redirector              = true
minimum mcb free                = 0
ems                             = true
umb                             = true
quick reboot                    = false
ver                             =
shellhigh                       = auto
lfn                             = auto
automount                       = true
automountall                    = false
mountwarning                    = true
autofixwarning                  = true
startcmd                        = false
starttranspath                  = false
startwait                       = true
startquiet                      = false
int33                           = true
keyboardlayout                  = gr
customcodepage                  =
dbcs                            = true
dos clipboard device enable     = false
dos clipboard device name       = CLIP$
dos clipboard api               = true

[ipx]
ipx = false

[ne2000]
ne2000  = false
nicbase = 300
nicirq  = 3
macaddr = AC:DE:48:88:99:AA
backend = auto

[ethernet, pcap]
realnic = list
timeout = default

[ethernet, slirp]
ipv4_network    = 10.0.2.0
ipv4_netmask    = 255.255.255.0
ipv4_host       = 10.0.2.2
ipv4_nameserver = 10.0.2.3
ipv4_dhcp_start = 10.0.2.15

[ide, primary]
enable = true
pnp    = true

[ide, secondary]
enable = true
pnp    = true

[ide, tertiary]
enable = false
pnp    = true

[ide, quaternary]
enable = false
pnp    = true

[ide, quinternary]
enable = false
pnp    = true

[ide, sexternary]
enable = false
pnp    = true

[ide, septernary]
enable = false
pnp    = true

[ide, octernary]
enable = false
pnp    = true

[fdc, primary]
enable = false
pnp    = true
mode   = ps2

[4dos]
rem = This section is the 4DOS.INI file, if you use 4DOS as the command shell

[config]
rem         = This section is DOS's CONFIG.SYS file, not all CONFIG.SYS options supported
break       = off
numlock     =
shell       =
dos         = high, umb
fcbs        = 100
files       = 200
country     =
lastdrive   = a
set path    = Z:\;Z:\SYSTEM;Z:\BIN;Z:\DOS;Z:\4DOS;Z:\DEBUG;Z:\TEXTUTIL
set prompt  = $P$G
set temp    =
install     =
installhigh =
device      =
devicehigh  =

[autoexec]
keyb de 437
mount c d:\games\dosbox\drive_c
c:

Emulator log

No response

Additional context

No response

rderooy commented 3 years ago

From what I quickly find online, it seems this may require the IBM BASIC ROM to be present?

In any case, I tried running it with the latest DOSBox-X build as such:

dosbox-x -set machine=cga -set cputype=8086 -c "boot Casino.img"

And after a few choices, it started playing PC speaker music for a brief moment and then gave a black screen with a stream of errors as such in the log:

LOG:   58084944 ERROR CPU:Write 0 to rom at f074d
LOG:   58108862 ERROR CPU:Write 0 to rom at f27b5
LOG:   58132780 ERROR CPU:Write 0 to rom at f6885
LOG:   58180366 ERROR CPU:Write 0 to rom at eea21
LOG:   58204230 ERROR CPU:Write 0 to rom at eed5d
LOG:   58228148 ERROR CPU:Write 6e to rom at ef3d5
LOG:   58251994 ERROR CPU:Write 2bb to rom at f00c5
LOG:   58275668 ERROR CPU:Write 0 to rom at f00c3
LOG:   58299534 ERROR CPU:Write 0 to rom at f00c1
LOG:   58323236 ERROR CPU:Write 0 to rom at f1a9d
LOG:   58346940 ERROR CPU:Write 0 to rom at f1a9b
LOG:   58370642 ERROR CPU:Write 0 to rom at f4e51
LOG:   58394464 ERROR CPU:Write 3500 to rom at fb5bd
LOG:   58418166 ERROR CPU:Write 0 to rom at f8495
LOG:   58442030 ERROR CPU:Write 0 to rom at f2245
LOG:   58465722 ERROR CPU:Write c600 to rom at f2243
LOG:   58489544 ERROR CPU:Write c600 to rom at f5da1
LOG:   58513246 ERROR CPU:Write 0 to rom at fd45d
LOG:   58537068 ERROR CPU:Write 700 to rom at fc1d5
LOG:   58560748 ERROR CPU:Write 3600 to rom at fc1d3

rderooy commented 3 years ago

Thy pc booter version also hangs in dosbox-staging.

There is another version of this game on archive.org which does work: https://archive.org/details/msdos_Casino_Games_1982

I downloaded it and checked it out, and it is not a PC booter, but rather a GWBasic executable with some .BAS and .EXE files.

darkstar commented 3 years ago

The booter version also has basica.com and a couple of (scrambled) BAS files on it

Allofich commented 3 years ago

Things seem to go wrong here

057A:00003D8A  call 00000986 ($-3407)                                 EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003C32 EDI:0000081D EBP:0000FFFE ESP:0000FFFE DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000986  mov  bp,4C79                                           EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003C32 EDI:0000081D EBP:0000FFFE ESP:0000FFFC DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000989  jmp  short 00000979 ($-12)      (up)                   EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003C32 EDI:0000081D EBP:00004C79 ESP:0000FFFC DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000979  jmp  00000203 ($-779)           (up)                   EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003C32 EDI:0000081D EBP:00004C79 ESP:0000FFFC DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000203  pop  si                                                EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003C32 EDI:0000081D EBP:00004C79 ESP:0000FFFC DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000204  push cs                                                EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003D8D EDI:0000081D EBP:00004C79 ESP:0000FFFE DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000205  push si                                                EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003D8D EDI:0000081D EBP:00004C79 ESP:0000FFFC DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000206  mov  si,4C9A                                           EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00003D8D EDI:0000081D EBP:00004C79 ESP:0000FFFA DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:00000209  push si                                                EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00004C9A EDI:0000081D EBP:00004C79 ESP:0000FFFA DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:0000020A  mov  si,F600                                           EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:00004C9A EDI:0000081D EBP:00004C79 ESP:0000FFF8 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:0000020D  push si                                                EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:0000F600 EDI:0000081D EBP:00004C79 ESP:0000FFF8 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:0000020E  push bp                                                EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:0000F600 EDI:0000081D EBP:00004C79 ESP:0000FFF6 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
057A:0000020F  retf                                                   EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:0000F600 EDI:0000081D EBP:00004C79 ESP:0000FFF4 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
F600:00004C79  add  [bx+si],al                 ds:[F67F]=0000         EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:0000F600 EDI:0000081D EBP:00004C79 ESP:0000FFF8 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
F600:00004C7B  add  [bx+si],al                 ds:[F67F]=0000         EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:0000F600 EDI:0000081D EBP:00004C79 ESP:0000FFF8 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
F600:00004C7D  add  [bx+si],al                 ds:[F67F]=0000         EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:0000F600 EDI:0000081D EBP:00004C79 ESP:0000FFF8 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0
F600:00004C7F  add  [bx+si],al                 ds:[F67F]=0000         EAX:0000F000 EBX:0000007F ECX:000007D3 EDX:00000000 ESI:0000F600 EDI:0000081D EBP:00004C79 ESP:0000FFF8 DS:099C ES:099C FS:0000 GS:0000 SS:099C CF:0 ZF:1 SF:0 OF:0 AF:0 PF:1 IF:0

Allofich commented 3 years ago

Yeah it has IBMDOS.COM, etc. as files in the .img.

Allofich commented 3 years ago

@darkstar, the game will close very quickly as you said if using 8000 cycles as you are. Try a much lower value, like 350, and it should at least play through the intro music.

For me the music is choppy if using output=opengl like you have in your .conf. With output=default the music is smooth.

Allofich commented 3 years ago

It works in MAME. At the F600:00004C79 point it runs ROM code.

From what I quickly find online, it seems this may require the IBM BASIC ROM to be present?

You're probably correct.

joncampbell123 commented 3 years ago

Is the ROM BASIC entry point consistent?

I can think of two things that might help:

A stub at that address that prints "ROM BASIC NOT PRESENT" on the screen, and halts. Same sort of stub already added in PC-98 mode for games that jump to N88 ROM BASIC.
Support for loading a ROM BIOS image of that ROM BASIC to segment F600 where original IBM hardware placed it (https://www.pcjs.org/machines/pcx86/ibm/5150/rom/) so such games can run.

Allofich commented 3 years ago

For this program anyway, it appears to be hard-coded to enter at F600:4C79. You can see the hex values for it in BASICA.COM, which is executed by the AUTOEXEC.BAT file in the .img.

joncampbell123 commented 3 years ago

Interesting... Is this consistent with BASICA.COM across MS-DOS 1.x, MS-DOS 2.x, MS-DOS 3.x, etc.?

Allofich commented 3 years ago

Don't know, but the BASICA.COM in casino.zip above is identical to the one at https://github.com/microsoft/MS-DOS/blob/master/v1.25/bin/BASICA.COM.

Allofich commented 3 years ago

It might only be hard-coded like that in the BASICA.COM of MS-DOS 1.x. I did a quick look through some of the many MS-DOS images. I didn't see BASICA.COM or similar in a MS-DOS 3.31 image. In MS-DOS 2.x images, when there was a BASIC.COM, BASICA.COM or BASICA.EXE, I didn't find hex values 79 4C in them. So, certainly not an exhaustive search or investigation, but it seems like maybe it's only MS-DOS 1.x BASICA.COM.

joncampbell123 commented 3 years ago

MS-DOS 2.1 BASIC.COM and BASICA.COM appear to do the same RETF, but to F600:2DB0.

MS-DOS 3.3 replaces them with GWBASIC.EXE.

By the way, if you ever construct a bootable disk image and GWBASIC.EXE complains that "you cannot SHELL to basic", GWBASIC.EXE checks a byte value in segment 0x0050 (something like 0050:0008?) that is NORMALLY zero, however if you made the disk image using Linux tools like mkdosfs and mtools, or mounted the image using Linux's vfat driver, segment 0x0050 will have nonzero values because the MS-DOS boot code uses that segment as a scratch area for the root directory. Certain formerly "reserved" fields of the directory entry later used by "long file names" in Windows 95 are normally zero and happen to overlap GWBASIC.EXE's "I am running" flag. It just so happens that if Linux, Windows, or anything write the newer "creation" and "accessed" timestamps added by Windows 95, those timestamps left over in memory can confuse GWBASIC.EXE.

darkstar commented 3 years ago

Why does the intro and music start to play if the game requires ROM BASIC? Isn't this a red herring, because if the game really required ROM BASIC to be present, one would expect it to crash/halt earlier on already...

RNMB15 commented 3 years ago

If you could change the code of DOSBOX-X so that DOSBOX-X searches for a BASIC rom image file and then starts BASIC from the BASIC rom image file.

These are the BASIC rom files PC98 Backup-of-Ce2-Bios.zip IBMPC ibmpc.zip

:

joncampbell123 commented 3 years ago

I'll try adding support to load the IBM ROM BASIC image.

I tried adding support for loading the N88 ROM BASIC image some time back. Maybe it was the particular BIOS image I tried, but the ROM BASIC part seems to call directly into other parts of the ROM BIOS so I can't just load part of it and expect it to work.

Allofich commented 3 years ago

Why does the intro and music start to play if the game requires ROM BASIC? Isn't this a red herring, because if the game really required ROM BASIC to be present, one would expect it to crash/halt earlier on already...

If you take a look inside casino.img, it has an AUTOEXEC.BAT file. That file gets run when you boot the image. It contains commands to run INTRO.EXE, DRAWING.EXE, then BASICA.COM with the parameter "start". INTRO.EXE and DRAWING.EXE apparently don't need ROM BASIC and show the options and intro. (Intro and music don't just start to play, they play all the way through if you lower your cycles count) But BASICA.COM tries to use the ROM BASIC, expecting it to be there.

joncampbell123 commented 3 years ago

New code has been added to load the IBM ROM BASIC into segment F600:0000.

INT 18h processing was updated to jump to ROM BASIC if an image was provided.

BASICA.COM seems able to work with it well enough.

rderooy commented 3 years ago

Two things.

First of all the path to the ROM does not seem to accept a ~ in the path. I had to give the fully expanded path for it to work. Probably the same with relative paths.
There does not seem to be any way to boot directly into cassette basic?

joncampbell123 commented 3 years ago

There's no command yet, but here's how you can do it.

Run DEBUG.EXE

Type "a" hit enter

Then type "INT 18h" and hit enter

Hit enter again

Type "g" to execute it.

The latest commit changes INT 18h handling to run ROM BASIC instead of a reboot handler.

rderooy commented 3 years ago

@joncampbell123

The "INT 18h" gives an error on the "h" part.

In any case, I did a quick test. I booted PC DOS 1.1 and I was able to successfully run BASIC.COM and BASICA.COM with the ROM BIOS loaded.

Without the ROM you get the error "IBM ROM BASIC NOT IMPLEMENTED", but now with the ROM it starts BASIC or BASICA successfully.

edit running BASIC.COM or BASICA.COM directly from the dosbox-x shell also works

rderooy commented 3 years ago

Got it working, just had to drop the 'h'.

DEBUG
-a
0DAB:0100 INT 18
0DAB:0102
-g

joncampbell123 / dosbox-x