GoldenEye Spectrum Emulation Unlocked GoldenEye Spectrum Emulation Unlocked



Little benownst to the world all this time, GoldenEye (N64) has a fully-functional ZX Spectrum 48x emulator built into it. By feeding it a proper Spectrum monitor program and calling menu 25 to load a snapshot, any Spectrum 48x program can be run.



The emulator started life as a side project to see if Spectrum emulation was possible on N64 and was hooked into GE, the current game in development. It was supposed to be removed before release but was only made inaccessible and inoperable. All the registers, dependancies, and script required to run the emulator still reside in retail GoldenEye carts.



The original list of games were previous Rare titles, then known as Ultimate Play the Game. The embedded filelist is, in order:

Code: em/data/sabre.seg.rz Sabre Wulf em/data/atic.seg.rz Atic Atac em/data/jetpac.seg.rz Jetpac em/data/jetman.seg.rz Lunar Jetman em/data/alien8.seg.rz Alien 8 em/data/gunfright.seg.rz Gun Fright em/data/under.seg.rz Underwurlde em/data/knightlore.seg.rz Knight Lore em/data/pssst.seg.rz Pssst em/data/cookie.seg.rz Cookie em/data/spec_rom.seg.rz Spectrum 16k monitor program



Originally, the emulator was run much the same way that stages are run. Unlike stages which run by switching to menu 11, the emulator runs by switching to menu 25. When initialized, it reads what buttons are held on controller 3. Depending on the button held is which game would be loaded. From there, the monitor program and selected snapshot file are loaded from ROM, and if necessary these files are decompressed.

Only controller 1 is detected. This is mapped as a Kempston joystick on port 31. Necessary buttons to start each game (usually keyboard '0') and any additional keys to play the game are mapped to the keyboard port 254 halfwords. These are set on a per-game basis, but general controls are A/B to start a game, Z for the 'action' button, and L to unload the emulator and return to gameplay.

Each emulation cycle lasts 69888 Spectrum cycles. Each opcode consumes a certain amount of this cycle count. At the end, the screen is drawn to the Spectrum screen buffer, and this is displayed like an image using usual N64 microcode. Emulation continues as long as menu 25 is called.



+_+



Why a Patch Is Required



In its pre-patched state the emulator has some peculiar issues, probably due to the different versions of included files used to compile the retail game.

For instance, the ten games listed above were not all selectable. The initializer only has button masks for eight games, defaulting to SabreWulf. The snapshot loader restricts this list to only the first five. The controller mapping function, however, redirects buttons for all ten titles.



Interestingly, the ROM file table leaves only ten spaces for the ten different snapshot files blank. These are completely blank, without any data or indicies until the final file placeholder. As previously mentioned, the monitor was not supposed to be included but is requested by the snapshot loader. Otherwise, the list would require eleven spaces.



The 'unloader' does not, in fact, work properly. It copies NULLs over the program manager. This, obviously, will cause any number of fatal errors to the current game and make it impossible to return to normal gameplay. Also, there is no capacity to reset the screen registers to default.



+_+



The Patch



The patch will reactivate full emulation support in GoldenEye.

The patch should be applied only to an uneditted, unbyteswapped (big-endian) North American GoldenEye ROM (NGEE). The GoldenEye Setup Editor can apply and byteswap the ROM for you, as well as recalculate the checksum. (Yes, that was a shameless plug.) It should run properly on hardware. Probably ;*)



You can download the patch via mediafire:

http://www.mediafire.com/download.php?6bnashajw41n5p5



Don't pirate ROMs! In most countries you can legally make a backup copy of a cartridge and apply the patch to that. No direct links to ROMs of any kind, patched or otherwise. Respect the Fuzz!



Emulation can be triggered from the folder select screen after the Eye and title screens by pressing L+R on controller 3. To access each game, hold the button noted below on controller 3 as you press L+R. If no buttons are held or an invalid combination is used it will default to Cookie. For best results, hold the button for the game you want as you press L+R.

Code: c left Sabre Wulf c right Atic Atac c up Jetpac c down Luna Jetman + left Alien 8 + right Gun Fright + up Underwurlde + down Knight Lore A button Pssst (default) Cookie



Here's a link to a video of the thing in action. Please keep in mind Nemu's running with some pretty shotty plugins to get the recording rate fairly high.

http://www.youtube.com/watch?v=ONJtqf2lIIM



+_+



For those interested in how much code the patch affected, here's a brief summary. To hook the emulator in, eight lines were added into menu 5's interface to test for controller three. Room was allocated by condensing the usual control stick tests. A 2-byte fix was used to allow access to ROM filelist entry 0x2DF. This bug was only present in NGEE and corrected in later versions. ROM filelist entries were added for each snapshot and the program monitor. Since the monitor is necessary in this iteration of the emulator but is commandeering a snapshot entry, the unused text file LwaxJ has been overwritten with cookie.seg.rz. All other entries fill blank, unused placeholders. As previously mentioned, the file loader was limitted to the first five titles. This test was changed into a simple invalidity test. Changes were made in-place (crudely) and affect a total of five lines. Menu 25's initializer, used to determine which of the games should be loaded by testing the held buttons on controller 3, has been completely rewritten. Games are no longer had-coded to masks but use a table. A final NULL entry indicates the end of the list and simultaneously the index of the default snapshot. The masks used are identical to those used by Rare, with the exception of the default entry being overridden with the unregistered game Cookie. One line was also added to stop the main menu music. Within the controller mappings, L's assigned function no longer nullifies the program manager. It now calls the title object, returning to the previously-loaded menu 05 (folder select). This consists of four lines, replacing a loop and shortening the code generally. Although unneccessary, the Start button was mapped to mirror the A/B start game option for all titles.

Everything else is untouched, including all aspects of actual emulation. You are playing Rare's actual embedded Spectrum emulator and nothing else.



+_+



As always, disassemblies and disertations are always available. Comments, queries, and quirks can be reported either by email or at the Shooters Forever forums:



-Zoinkity Little benownst to the world all this time, GoldenEye (N64) has a fully-functional ZX Spectrum 48x emulator built into it. By feeding it a proper Spectrum monitor program and calling menu 25 to load a snapshot, any Spectrum 48x program can be run.The emulator started life as a side project to see if Spectrum emulation was possible on N64 and was hooked into GE, the current game in development. It was supposed to be removed before release but was only made inaccessible and inoperable. All the registers, dependancies, and script required to run the emulator still reside in retail GoldenEye carts.The original list of games were previous Rare titles, then known as Ultimate Play the Game. The embedded filelist is, in order:In actual fact, the emulator was supposed to run without the aid of the monitor program. Critical subroutines were copied out or hardcoded. In its current state, however, the monitor is required.Originally, the emulator was run much the same way that stages are run. Unlike stages which run by switching to menu 11, the emulator runs by switching to menu 25. When initialized, it reads what buttons are held on controller 3. Depending on the button held is which game would be loaded. From there, the monitor program and selected snapshot file are loaded from ROM, and if necessary these files are decompressed.Only controller 1 is detected. This is mapped as a Kempston joystick on port 31. Necessary buttons to start each game (usually keyboard '0') and any additional keys to play the game are mapped to the keyboard port 254 halfwords. These are set on a per-game basis, but general controls are A/B to start a game, Z for the 'action' button, and L to unload the emulator and return to gameplay.Each emulation cycle lasts 69888 Spectrum cycles. Each opcode consumes a certain amount of this cycle count. At the end, the screen is drawn to the Spectrum screen buffer, and this is displayed like an image using usual N64 microcode. Emulation continues as long as menu 25 is called.+_+In its pre-patched state the emulator has some peculiar issues, probably due to the different versions of included files used to compile the retail game.For instance, the ten games listed above were not all selectable. The initializer only has button masks for eight games, defaulting to SabreWulf. The snapshot loader restricts this list to only the first five. The controller mapping function, however, redirects buttons for all ten titles.Interestingly, the ROM file table leaves only ten spaces for the ten different snapshot files blank. These are completely blank, without any data or indicies until the final file placeholder. As previously mentioned, the monitor was not supposed to be included but is requested by the snapshot loader. Otherwise, the list would require eleven spaces.The 'unloader' does not, in fact, work properly. It copies NULLs over the program manager. This, obviously, will cause any number of fatal errors to the current game and make it impossible to return to normal gameplay. Also, there is no capacity to reset the screen registers to default.+_+The patch will reactivate full emulation support in GoldenEye.The patch should be applied only to an uneditted, unbyteswapped (big-endian) North American GoldenEye ROM (NGEE). The GoldenEye Setup Editor can apply and byteswap the ROM for you, as well as recalculate the checksum. (Yes, that was a shameless plug.) It should run properly on hardware. Probably ;*)You can download the patch via mediafire:Don't pirate ROMs! In most countries you can legally make a backup copy of a cartridge and apply the patch to that. No direct links to ROMs of any kind, patched or otherwise. Respect the Fuzz!Emulation can be triggered from the folder select screen after the Eye and title screens by pressing L+R on controller 3. To access each game, hold the button noted below on controller 3 as you press L+R. If no buttons are held or an invalid combination is used it will default to Cookie. For best results, hold the button for the game you want as you press L+R.To end emulation at any time, simply press L on controller 1. It should return you to the folder select screen and allow you to continue to play normally. This also conveniently allows you to select another Spectrum game if you wish.Here's a link to a video of the thing in action. Please keep in mind Nemu's running with some pretty shotty plugins to get the recording rate fairly high.+_+For those interested in how much code the patch affected, here's a brief summary.Everything else is untouched, including all aspects of actual emulation. You are playing Rare's actual embedded Spectrum emulator and nothing else.+_+As always, disassemblies and disertations are always available. Comments, queries, and quirks can be reported either by email or at the Shooters Forever forums: http://www.shootersforever.com/forums_message_boards -Zoinkity

