"BS Fuurai no Shiren: Surara wo Sukue! Dai-2-wa" crash.

[KiddoCabbusses]

This particular one crashes as soon as you try to get it to load from the BS-X.

As it's one that's very difficult to emulate (To the best of my knowledge only SNES9XPP XE emulates it), it's understandable, but... well, yeah.

[mrehkopf]

I'm on to something. The game disables the flash pak because it needs to jump to a BIOS routine that nocash calls search_channel_map - if that functions returns without success (carry set) the game returns to ROM code without first re-enabling the ROM, jumping to a meaningless address in the BIOS and crashing there very soon (first thing that happens is a branch to open-bus). Same happens in bsnes-plus. When I fudge the result of search_channel_map, the game fixes its memory mapping before returning to ROM and the game runs fine. I'll need to check with Seru-Kun to see what search_channel_map does and what can be done about it.

tl;dr: this game never worked without a very alive connection to sattelite. ;)

[devinacker]

I'm curious - since Kiddo mentioned that SNES9XPP XE emulates it, does it actually emulate search_channel_map correctly, or just fake it enough to make games boot? (I suspect the latter...)

[mrehkopf]

I think SNES9XPP XE has a lot of game specific hacks but it's hard to tell because it's closed source and has no debugger. It might as well provide a sufficient channel map :)

[LuigiBlood]

search_channel_map... pretty sure it might be looking for the Time Channel. No idea which one it uses, but perhaps it has to do with my shitty default bsxpage.bin which is actually faulty. Try this bsxpage.bin file: https://bsxproj.superfamicom.org/download/bsxpage_new2.bin (EDIT: fixed stutter) If it fixes it, well, problem gone.

Though there's still that issue with the Memory Map, of course.

[mrehkopf]

Well that bsxpage.bin adds a lot of nice stuff but it doesn't seem to help with the issue. ^^; Also I noticed that the character moves very slowly, maybe too many things enabled?

I looked at search_channel_map again: The routine expects a 16-bit search value in $13b3. The game loads it with #$0201. The routine seems to scan a channel list prepared by the BIOS starting at $7e9bf4. Number of channels is probably stored in $7e9bf2, that value is used as a countdown value after which the search terminates. Each entry appears to consist of three bytes of header followed by payload. First two bytes are the tentative channel number - this value is compared with the parameter passed via $13b3. Third byte appears to be a length, the next search offset is determined by old offset+13*($9bee,x)+3, suggesting a packet length of 13*length + 3 bytes header. @LuigiBlood, do you know of such a structure? What is channel $0201 and does the bsxpage.bin provide it?

[LuigiBlood]

Yeah I enabled too much stuff, specifically the frogs. That's my fault there.

If you want to know more about the channel map: http://problemkaputt.de/fullsnes.htm#snescartsatellaviewchannelsandchannelmap 0201 is most likely 1.2.x.x. Old bsxpage.bin did it wrong for those. The new one provides 1.2.x.x, but I guess this game does not look for any of the ones I've listed in it which is 1.2.0.48 and another one I've not really used in it, left as an experiment.

But what I need is the x.x so I can direct it to the proper channel with the time since that's what soundlink games are looking for. I guess I'll take a look.

[mrehkopf]

Thanks! It looks like the game is looking for software channel 1.2.0.48 (considering endianness - it writes $01 $02 $00 $30 to $13b3..$13b6) so apparently that channel isn't properly provided. I'll need to check how the BIOS actually creates the map at $7e9bec.

[LuigiBlood]

This is weird because 1.2.0.48 is part of the new bsxpage. Check it on the file itself, the channel map is literally just a download from that file.

[mrehkopf]

False alarm! The BIOS does provide channel 1.2.0.48 in the expected location with the new bsxpage.bin. The game crashed/stopped because I coincidentally ran it near the end of the hour. Using a time setting of xx:05 or similar works very well. Thank you!

[mrehkopf]

Integrated in v0.1.7d