[
example run ]
Here's a quick rundown on how to use both PS2PC and IR5KTE. This should be used as a brief tutorial to get you familiar with the programs.
To start, we'll need some x86 code. You can grab this file which contains the following x86 code:
mov eax, 1234FFFFh
inc ax
jmp +$0The end result should be EAX=12340000h. Let's send this through PS2PC first:
5:14 c:\msvc5\projects\ps2pc>PS2PC.exe test.bin out.bin
PS2PC: An Intel x86 emulator for MIPS R5900 (Sony PS2).
Coded by Mike Tedder / breakpoint - http://ps2pc.parodius.comPS2PC: Parsing command line...
PS2PC: Loading code from test.bin...
PS2PC: Compiling code...
PS2PC: Hit a branch, done compiling.
PS2PC: Xlated 10 bytes of x86 opcodes, resultant R5900 size is 28 bytes
PS2PC: Writing output code to out.bin...
PS2PC: Done!Now we have compiled the above code into R5900 form. Let's load it into IR5KTE and see if it really worked.
5:15 c:\msvc5\projects\ps2pc>ir5kte.exe
IR5KTE: An Interactive R5900 Tiny Emulator.
Coded by Mike Tedder / breakpoint - http://ps2pc.parodius.comIR5KTE: Allocated 4Mb of RAM, mapped at 80000000h.
IR5KTE: Reset complete.
>Enter in the "LOAD" command to IR5KTE. Place the code at 80000000h.
> load out.bin 80000000
IR5KTE: Loaded 'out.bin' at 80000000h (28 bytes).
>Dissassemble it and see what you have...
> di
80000000: 34 12 08 3C lui T0, 1234h
80000004: FF FF 08 35 ori T0, T0, FFFFh
80000008: 01 00 10 25 addiu S0, T0, 0001h
8000000C: FF FF 11 32 andi S1, S0, FFFFh
80000010: FF FF 10 3C lui S0, FFFFh
80000014: 24 40 10 01 and T0, T0, S0
80000018: 25 40 11 01 or T0, T0, S1
8000001C: 00 00 00 00 nop
80000020: 00 00 00 00 nop
80000024: 00 00 00 00 nop
80000028: 00 00 00 00 nop
8000002C: 00 00 00 00 nop
80000030: 00 00 00 00 nop
[ .. cropped .. ]Your code should look like this. The first 2 instructions are "mov eax, 1234FFFFh", and the next 5 are "inc ax". Note that T0 is used as the EAX register. Let's set a breakpoint where the code ends.
> br 8000001c
IR5KTE: Enabled breakpoint at 8000001Ch.
>Dissassemble at 80000000h once again to see where the breakpoint is...
> di 80000000
80000000: 34 12 08 3C lui T0, 1234h
80000004: FF FF 08 35 ori T0, T0, FFFFh
80000008: 01 00 10 25 addiu S0, T0, 0001h
8000000C: FF FF 11 32 andi S1, S0, FFFFh
80000010: FF FF 10 3C lui S0, FFFFh
80000014: 24 40 10 01 and T0, T0, S0
80000018: 25 40 11 01 or T0, T0, S1
8000001C: 00 00 00 00 nop <BRK>
80000020: 00 00 00 00 nop
80000024: 00 00 00 00 nop
80000028: 00 00 00 00 nop
8000002C: 00 00 00 00 nop
80000030: 00 00 00 00 nop
[ .. cropped .. ]Looks good. Let's dump the registers and make sure everything is ready to test.
> pr
R0 = 00000000h AT = 00000000h V0 = 00000000h V1 = 00000000h
A0 = 00000000h A1 = 00000000h A2 = 00000000h A3 = 00000000h
T0 = 00000000h T1 = 00000000h T2 = 00000000h T3 = 00000000h
T4 = 00000000h T5 = 00000000h T6 = 00000000h T7 = 00000000h
S0 = 00000000h S1 = 00000000h S2 = 00000000h S3 = 00000000h
S4 = 00000000h S5 = 00000000h S6 = 00000000h S7 = 00000000h
T8 = 00000000h T9 = 00000000h K0 = 00000000h K1 = 00000000h
GP = 00000000h SP = 00000000h FP = 00000000h RA = 00000000h
PC = 80000000h
>All set. Fire off execution!
> run
IR5KTE: Beginning execution at 80000000h...
IR5KTE: Execution complete (7 instructions).
>If all went well, our T0 register should have 12340000h in it...
> pr t0
T0 = 12340000h (305397760)
>And there you have it. Have fun!