Emulator Issues #9470


NeoGamma is broken since Dolphin 4.0-5450

Added by mimimi over 7 years ago. Updated over 7 years ago.

% Done:


Operating system:
Issue type:
Relates to usability:
Relates to performance:
Relates to maintainability:
Regression start:
Fixed in:


[Put Game Name here]
NeoGamma R9 b56
It's a homebrew game launcher that allows to run games with some video mode patches and cheats

[Put Game ID here]

[Put MD5 Hash here]

[Description here]
It crashes

[Reproduction steps here]
Just launch the boot.dol in Dolphin
(Enable real xfb to display anything)

[Versions here]
Dolphin 4.0-5429 works
Dolphin 4.0-5443 works
Dolphin 4.0-5445 works
Dolphin 4.0-5450 crashes
Dolphin 4.0-5458 crashes
Dolphin 4.0-5460 crashes
Dolphin 4.0-5470 crashes
Dolphin 4.0-9175 crashes

[PC specs here]
Windows 7 64 bit
Pentium G3258 @4.0Ghz
AMD Radeon HD7790

[Anything else here]
PR#1856 broke this

It's a regression, so maybe this should be fixed before 5.0

Actions #1

Updated by mimimi over 7 years ago

With panic handlers, there's a warning:
Unknown Pointer 0x01800000 PC 0x80e38aec LR 0x80e388cc

Actions #2

Updated by delroth over 7 years ago

  • Milestone set to Current
Actions #3

Updated by magumagu9 over 7 years ago

The panic generally indicates an attempt to access memory which doesn't exist. For the address 0x01800000 specifically, before 1856 we would just silently use memory which doesn't exist. Dolphin maps 32MB of memory to represent RAM, of which the last 8MB doesn't actually correspond to memory which exists on hardware. See also

I can't say exactly where this is happening without a stack trace.

Actions #4

Updated by magumagu9 over 7 years ago

Just tried it in a debugger; it appears to be crashing in CWII_IPC_HLE_Device_usb_oh1_57e_305::IOCtlV with nonsense input (trying to invoke an IOCtl which doesn't exist). Someone who knows IOS internals a bit better should probably look at this to see what the best solution is.

Actions #5

Updated by mimimi over 7 years ago

Thanks for looking into it. It's likely trying to call a function from a cIOS. Dolphin should just return the same error a proper IOS returns. Hopefully it works then. If it's really badly coded, for some reason it might think the loaded IOS is a cIOS and insists that cIOS functions work.

Actions #6

Updated by JosJuice over 7 years ago

But why would there be a cIOS function in the Wii Remote code? Don't they generally deal with USB, the disc drive, and things like that?

Actions #7

Updated by JMC4789 over 7 years ago

If it worked before by (more or less) luck, should this still be a milestone current for something with a small usecase? I mean, it sucks that it no longer works, and this is definitely the kind of issue I care about (I've actually run neogamma in Dolphin before) but is it something we want to delay the release over? Is it something that can be fixed easily?

Actions #8

Updated by Fog over 7 years ago

  • Status changed from New to Accepted
  • Milestone deleted (Current)

I agree, this shouldn't be a blocker for release.

Actions #9

Updated by mimimi over 7 years ago

I've tracked down where the problem occurs in neogamma's source. It's in bwDVD_GetCoverStatus, specifically the line:
int Ret = IOS_Ioctl(__dvd_fd, IOCTL_DI_GetCoverStatus, bufferin, 0x20, bufferout, 0x20);

My suspicion is that IOS_Ioctl is the problem not the IOCTL_DI_GetCoverStatus. If i make bwDVD_GetCoverStatus always return 0, neogamma works. Well, it only works with a gamecube controller, which should be a different issue, and it fails to obviously fails detect if no disc is inserted. If i replace IOCTL_DI_GetCoverStatus with IOCTL_DI_READID(both places) it does crash in the same way.

Edit: For most other stuff, the working stuff, it uses IOS_IoctlAsync.

Actions #10

Updated by magumagu9 over 7 years ago

I tried looking a bit more... now I see what's happening. NeoGamma opens "/dev/di", then closes it (bwDVD_LowClose), then restarts IOS, then tries to use the descriptor as if it were the DVD drive (where at this point, it's actually the Bluetooth module). So it looks like Dolphin is actually behaving correctly as far as that goes.

In terms of IOS error handling, I have no clue how that's supposed to work. I mean, as a hack you can add "if (Memory::Read_U32(_CommandAddress + 0x0C) > 0x02) return GetDefaultReply();" to CWII_IPC_HLE_Device_usb_oh1_57e_305::IOCtlV, but that's probably not correct.

Actions #11

Updated by JMC4789 over 7 years ago

I don't mind a temporary hack if it's no worse than it being totally broken like before.

Actions #12

Updated by JosJuice over 7 years ago

  • Status changed from Accepted to Fixed

Also available in: Atom PDF