Getting Started - espes/xqemu GitHub Wiki

Get XQEMU

git clone https://github.com/espes/xqemu.git

Compile XQEMU

For Mac OS X

./configure --cc=clang --enable-opengl --disable-vnc --disable-user --target-list=xbox-softmmu --extra-cflags="-march=native" --enable-debug
make

For Windows

1. Install MSYS2 x86_64: Follow all the steps on http://msys2.github.io/

2. Open the "MinGW-w64 Win64 Shell" and run:

    pacman -S git python2 make autoconf automake-wrapper mingw-w64-x86_64-libtool mingw-w64-x86_64-gcc mingw-w64-x86_64-pkg-config mingw-w64-x86_64-glib2 mingw-w64-x86_64-glew mingw-w64-x86_64-SDL
    git clone https://github.com/espes/xqemu
    cd xqemu
    git submodule update --init pixman
   
    ./configure --cc=gcc --python=python2 --enable-opengl --disable-vnc --disable-user --target-list=xbox-softmmu --extra-cflags="-march=native" --enable-debug
    make
   

There's a bug with timers on Windows that makes it run much slower than it should. YOU should fix it for us

For Linux

Requirements:

• Everything QEMU requires
• OpenGL with GLX and GLEW

For Debian most build dependencies can be installed by running:

apt-get build-dep qemu
apt-get install libglew-dev libtxc-dxtn-s2tc0

Building:

./configure --python=python2 --enable-opengl --disable-vnc --disable-user --enable-kvm --disable-xen --audio-drv-list=alsa --target-list=xbox-softmmu --extra-cflags="-march=native" --disable-werror --enable-debug 
make

Run XQEMU

XQEMU is a Low-Level Emulator, so you need to find a copy of the stuff the Xbox runs when it turns on:

Xbox MCP-X boot rom

MD5 (mcpx_1.0.bin) = d49c52a4102f6df7bcf8d0617ac475ed

If your mcpx dump has an MD5 of 196a5f59a13382c185636e691d6c323d you dumped it badly and it's a couple bytes off. It should start with 0x33 0xC0 and end with 0x02 0xEE.

Xbox 1.0 compatible bios (cromwell, 3944, 4034, 4036, ...)

You can use a retail bios or a modified 'debug' bios. Just like a real xbox, running a retail bios will not boot unofficial software.

Debug BIOS

People have reported success with the 'COMPLEX 4627' modified debug bios. It's convenient to note that this bios does not necessarily require a populated hard disk image to load an application from DVD (though an empty drive still needs to be attached), so you can skip the next step in some cases.

v1.0.2 1M dump: MD5 (Complex_4627Debug.bin) = 19b5c6d3d42a707bba620634fe6d4baf

or sometimes

1MB dump: MD5 (complex_4627debug.bin) = e8dd61cc6abdbd06aac185e371312dc1

Retail BIOS

1M dump: MD5 (3944.bin) = e8b39b98cf775496c1c76e4f7756e6ed

or sometimes

256k dump: MD5 (3944.bin) = 542c62cb976a4993c8c5027dff9638ce

Xbox dashboard files on a hard disk image

Create an Xbox hard-disk image, using xboxhdm or otherwise:

• Create an xboxhdm cd-rom with the dashboard files
  • If xboxhdm doesn't work for you, try to set the included "mkisofs.exe" to run in Windows XP compatibility mode
• Create a blank hard-disk file: qemu-img create -f qcow2 xbox_harddisk.qcow2 8G
• Run xboxhdm with qemu or something: i386-softmmu/qemu-system-i386 -hda xbox_harddisk.qcow2 -cdrom linux.iso

---

Launch XQEMU with something like...

xbox-softmmu/qemu-system-xbox -cpu pentium3 -machine xbox,bootrom=mcpx_rom.bin -m 64 -drive file=xbox_harddisk.qcow2,index=0,media=disk,locked=on -drive index=1,media=cdrom -bios xbox_bios.bin -usb -device usb-hub,bus=usb-bus.0,port=3 -device usb-xbox-gamepad,bus=usb-bus.0,port=3.2

On Linux, you can use KVM by passing accel=kvm,kernel_irqchip=off to -machine. This is not yet recommended.

To skip the Xbox logo animation you can pass short_animation to the -machine option (Example: -machine xbox,short_animation,bootrom=mcpx_rom.bin).

To run a game from a Xbox DVD image you must specify a file for the DVD device

Chihiro

XQEMU includes limited emulation of the SEGA Chihiro. Currently it doesn't make it past SegaBoot.

To emulate a Chihiro, launch XQEMU with something like...

xbox-softmmu/qemu-system-xbox -cpu pentium3 -machine chihiro,mediaboard_rom=mediaboard_rom.bin -m 128 -bios chihiro_xbox_bios.bin

Debugging Tips

• QEMU can host a gdb stub! Launch with -s -S, and with gdb run target remote localhost:1234
  • Protip: You can also attach to it with IDA if you're so inclined. You can then load in a database if you export it as a IDC script!
• XQEMU can emulate a XDK serial port (which with a debug bios hosts KD, as in this and this)! Launch with something like -device lpc47m157 -serial unix:/tmp/xserial,server. With some effort you can wrestle the unix socket into a vm for with WinDbg. There's also a very barebones perl KD client in scripts/windpl
• apitrace is useful for tracking down rendering bugs.