http://bugs.winehq.org/show_bug.cgi?id=11643
Alexander Dorofeyev alexd4@inbox.lv changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alexd4@inbox.lv
--- Comment #4 from Alexander Dorofeyev alexd4@inbox.lv 2008-02-28 15:25:35 --- This was discussed on #winehackers, adding here while I still remember it, so it doesn't get lost.
After some debugging in IDA disassembler, I believe it crashes in z80_Exec routine, at z80.asm:5119 (source is available). The reason it crashes is because it accesses a NULL pointer stored in M_Z80.PC (M_Z80 is a global struct defined somewhere in C code). Probably, some correct pointer must be in M_Z80.PC, but for some reason it isn't initialized to anything correct. From what I understood from a cursory glance over the code, M_Z80.PC is a sort of instruction pointer for the emulated Z80 processor like IP/EIP on PC.
I also believe that the place where M_Z80.PC should've been initialized to correct pointer is z80_Reset routine (also z80.asm). It basically does M_Z80.PC = M_Z80.Fetch[0]. Fetch is an array of pointers to what I guess would be memory blocks of Z80 code. For some reason, there's NULL there. Looking for where Fetch array and specifically Fetch[0] is set in the code may show the real problem's location. Probably, ROM loading goes wrong somewhere.
Hopefully, this may be of help to affect or anybody else who may wish to take it further.
2 Affect: would be cool if you let me know if you are continuing to work on this issue. If that's not so, I may eventually try to finish the job, won't be immediately though as I've some other stuff planned to do and it may take a while to figure out what exactly goes wrong with M_Z80.Fetch.