This is just a general question to the developers: What's the plan of
attack regarding Prefetch Emulation? As you may or may not know, the
'Emulator Detection' routines present in the NES Classic series, are
based on self-modifying code which exploit the prefetch 'feature' in
the processor (or lack thereof, in emulators). From NEiMOD's Tutorial:
-> 06000264 e28fe008 add lr, pc, #0x8
-> 06000268 e51f0010 ldr r0, [$06000260] (=$e3a01000)
-> 0600026c e58e0000 str r0, [lr]
-> 06000270 e3a010ff mov r1, #0xff
-> 06000274 e3a010ff mov r1, #0xff
The code changes itself to
-> 06000274 e3a01000 mov r1, #0x00
When the emulator reaches this point, it will read the instruction as
mov r1,#0x00. However, an actual GBA will have already fetched this
instruction, prior to the str at 0600026c, and will execute the
original mov r1,#0xff. Obviously a cmp will follow this, and if it is
equal to 0 then it will realise that it isn't running on hardware.
I guess emulating it correctly would result in a slowdown which may be
significant, so it wouldn't be a priority, but if these sorts of
routines are more common it could become problematic (ending up in
directing users to the patches from the various groups out there, who
I doubt you would want to openly associate with).
Anyway, just something to think about for the time being.
-Labmaster
lab...@gm...
|
