The Linux kernel is a messy complicated codebase that totals nearly 28 million lines of code1 as of December 2023. Of course this is incredibly daunting for anyone who wants to poke around the kernel internals (for whatever reasons )) or anyone who wants to get started with contributing to the development of the Linux kernel. While there are multiple ways to get acquainted with this monolithic codebase (one of the best being the book Linux Device Drivers, now freely available under the CC BY-SA 2.0 license), we’re going to start by writing a (somewhat mischievous) Linux kernel module.
Important note: I do not encourage you to use any potential knowledge you gleam here for nefarious purposes, nor am I responsible for what happens should you decide to do so. These blog posts are purely for educational purposes.
So what are kernel modules, exactly? Taken from the Arch Wiki, “Kernel Modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system.” Being able to modify the functionality of the kernel at runtime is a tasty ability indeed. With this you could make the kernel do… pretty much anything you want. You can hide files, directories, processes, open ports, other kernel modules, give yourself a backdoor to root, and a million other useful things. Of course the simple “rootkit” we make in this series won’t be anything particularly fancy, and will primarily just be for demonstration and educational purposes, mainly because I don’t want to go to jail.
Rootkits
Ok, so what is a rootkit then? Taken from Wikipedia, “A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.” Knowing this you can see how kernel modules are a perfect fit for this type of software, though there are other ways one can potentially make a rootkit. There are rootkits that take advantage of the dynamic linker, rootkits that take advantage of firmware, rootkits that take advantage of DKOM, hypervisor rootkits, eBPF rootkits, and probably many others2.
Rootkits don’t even necessarily have to run with kernel level privileges either. You could very possibly make a rootkit that operates perfectly fine within userland (though doing so does make it less “root”, doesn’t it?). After all most functions of a kernel level rootkit are possible within userland. Doing so does give one significantly less power, however. Still, often times that power is unecessary.
A particularly interesting type of rootkit is one that extends beyond even the kernel and lives right in the boot process. These so called “bootkits” are incredibly powerful pieces of software which are unimaginably pesky to deal with, but they go far beyond the scope of this small and simple series. Still, if one is interested in the topic it is incredibly fascinating to look into.
Ftrace
Alright, so we know what rootkits are and the technique that we’re going to use to make one, but how exactly will our kernel module modify the Linux kernel to make it do what we want? This is where a fun little Linux utility called ftrace comes it.
Ftrace is a tracing framework released in 2008 for the purpose of helping developers find out what’s going on inside the Linux kernel. Although it’s name literally means “function tracer”, ftrace’s capabilities extend far beyond that and cover a much broader range of the kernel’s internal operations. Using ftrace we can hook particular system calls (more on that in the next post) such as open, read, write, close, etc. and replace them with out own custom code. How we do this exactly is a little complicated so we’ll save it for the next post, but it is all rather interesting believe me.
Now it’s important to note that ftrace is a utility, and not an inherent piece of the kernel. It can be disabled in the kernel configuration since it isn’t critical for any of the system’s functioning, leaving our little rootkit dead in the water if it is. Luckily for us however in practice many popular Linux distros keep ftrace enabled, as it doesn’t significantly affect system performance and can be quite useful for debugging purposes. Still it’s important to keep in mind that this technique may not work everywhere, so be sure to check if it’s supported beforehand.
Also keep in mind that ftrace isn’t the only way to modify the kernel to our wants and needs. There are many other ways to go about it, but they tend to be more complicated so for the sake of simplicity we’re going to go with ftrace.
Project Setup
Before we can move on to actually developing our rootkit we need to setup an environment to run it in. Any old Linux environment with ftrace enabled should do, so you could use VirtualBox, VMWare, anything really, even a real machine if you’re so inclined (though this is not advised). I however will be using a nifty piece of software called Vagrant. If you already have VirtualBox installed Vagrant will automatically use it for virtualization, without any configuration needed.
Getting started with Vagrant is dead simple:
mkdir Ubuntu
cd Ubuntu
vagrant init generic-x64/ubuntu2204
vagrant up
vagrant sshCode language:Bash(bash)
And just like that we have a working virtual environment for developing our rootkit. Of course we’re gonna need a couple more things to compile our code, so (if you’re following along entirely and using Ubuntu) just run these couple commands within the virtual machine:
Note: if you’d prefer to program the rootkit on your host system (which is fair since your host system will probably have a much better text editor than the guest system) you can add:
to the Vagrantfile before calling vagrant up (if you already called vagrant up you can simply call vagrant halt and call vagrant up again, or simply call vagrant reload) to create a folder that’s shared between the guest and host. This way you can create and edit files on your host system but compile them inside of the guest system with ease. It’s what I’ll be doing in this series.
Compiling Kernel Modules
With our environment setup all that’s left to do is create a basic kernel module. Create a Makefile and insert this simple code:
This is perhaps the simplest kernel module that one could make. It’s fairly self-explanatory, but I’ll go over it quickly anyway.
At the top of the file is simply our includes. These includes give us access the the data structures and functions needed to interact with the kernel. After that is just a few macros that give some information about our kernel module.
After all that comes the two actually interesting functions, rootkit_initand rootkit_exit. The rootkit_init function is called when the module is loaded, and inversely rootkit_exit is called when the module is unloaded. rootkit_init will be perhaps the most important function in the entire codebase, after all it’s the entry point of our kernel module and sets up all of our hooks.
The module_init and module_exit functions both tell the kernel about the entry and exit functions (rootkit_init and rootkit_exit) respectively.
With all of that done you should be able to run make and find yourself with a shiny rootkit.ko file, which is our kernel module file. You can load that file into the kernel using sudo insmod rootkit.ko and unload it with sudo rmmod rootkit. Upon doing so and checking the kernel output buffer using sudo dmesg you should see the messages “Hello world” and “Goodbye world”. If you do then congratulations, you’ve successfully made your first kernel module.
Conclusion
In this post we created a simple kernel module as well as an environment to run it in. In the next post we’ll go over system calls, ftrace, and create a basic hook for the mkdir system call.
Okok admittedly this is a bit misleading. While the entirety of the Linux kernel codebase does in fact have nearly 28 million lines of code, most of that doesn’t belong to the actual Linux kernel and instead represents the combined total code for drivers, architecture, and miscellaneous other things. ↩︎
If there’s significant demand for any of these other techniques — or I just end up getting curious of and tinkering with them myself — I may just write another series of blog posts on said technique. ↩︎
Writing an emulator is a good way to get more acquainted both with the more technical details of programming and the language you decide to write said emulator in. Zig is a young up-and-coming programming language that already makes a mighty fine alternative to various other systems-level programming languages such as C, Go, Rust, Etc. And so what better way to get acquainted with this new contender than to write an emulator?
Emulators are at their heart fairly basic things, but for more complex systems they can get rather, well, complex. For this reason we’ll start of this emulation series by emulating the CHIP-8 system using Zig and SDL2. CHIP-8 itself is a specification for a simple virtual machine for 2D games designed in the 1970s. It’s virtual because CHIP-8 was never implemented in hardware, only software (which I suppose makes this more of an interpreter instead of an emulator, but that’s neither here nor there).
CHIP-8 was designed so that different implementations of the virtual machine made on different hardware could all still run the same games, regardless of the different environments. That means that by the end of this guide you’ll be able to run games made all the way back in the 1970s, neat eh? All in all it’s rather primitive — especially by modern standards — but still a good place to get started for the topic of emulation.
This guide will have everything you’ll need to get a CHIP-8 emulator up and running, but keep in mind that it’s light on the details and explanations. The project shouldn’t take much longer than a day if you hack away at the whole thing.
Keep in mind that this guide is not a beginner’s programmer tutorial or an SDL2 tutorial. It is merely an introduction to the Zig programming language via implementing the CHIP-8 specification.
CHIP-8 Specifications
CHIP-8 has the following components:
Memory: 4 kilobytes of RAM
Display: 64 x 32 pixel monochrome display
Program Counter (PC): points to the current instruction in memory
Index (I): 16-bit index register used to point to locations in memory
Stack: A stack for 16-bit addresses, which is used to call functions and return from them
Delay Timer: An 8-bit timer which is decremented at a rate of 60 Hz until it reaches 0
Sound Timer: An 8-bit timer which functions like the delay timer, but which also gives off a beeping sound as long as it’s not 0
Registers: 16 8-bit general-purpose variable registers numbered 0 through F in hexadecimal, called V0 through VF
Note that the VF register is also called the flag register, and many instructions use it to signify various things, such as overflow in an addition operation.
Setup
If you haven’t already, go ahead and install Zig and create a new project. We’ll be using version 0.11.0 in this project.
To start all we need to do is link SDL2 to the project. Many languages make linking or wrapping C libraries an absolute pain but Zig makes it an absolute breeze, a joy even. It has built-in support for importing C header files (which I’ve found don’t even need to be modified at all unless you’re using obscure C features) and the build system itself uses Zig for logic, meaning we don’t have to fiddle with the likes of Make or CMake or Ninja or any other pain in the ass build system to get SDL2 up and running in our project.
Matter of fact if you’re on Linux you only need to do two things to get SDL2 linked to our project. First go to your build.zig file and add this snippet of code somewhere.
And then create a new file in the project source called c.zig and insert this code:
// usingnamespace marks that everything in the cImport// is brought into the namespace of the file and// pub marks that everything brought in by our// usingnamespace in public
pub usingnamespace @cImport({
@cInclude("SDL2/SDL.h");
});Code language:JavaScript(javascript)
And that’s literally it. Well, you’ll also have to install your system-specific SDL2 dev packages, but besides that we’re done, SDL2 is linked to our project.
If you’re on Windows, uhhhhh, good luck figure it out yourself. ¯\_(ツ)_/¯
(There’s an SDL2 zig package on GitHub that should’ve made Windows setup easy, but I couldn’t get it working. It should still be pretty easy to set up on Windows though. All you should have to do is download the SDL2 dev DLLs and headers, add them somewhere in your project folder, and point Zig towards them. Poke around the Zig std docs to figure out how.)
Basic Display
Before we get started with the actual emulator we’re gonna need a display to draw things to. Obviously SDL is what we’ll be using for the display, as well as input and audio. To get started create a new source file called display.zig and insert this boilerplate code:
const std = @import("std"); // We'll be using this laterconst c = @import("c.zig");
// pub marks the struct as public
pub const Display = struct {
const Self = @This();
};Code language:JavaScript(javascript)
Zig is much like C in that everything is rather simple. There are no classes, there are no objects, no templates, no borrow checker or garbage collector, nothing of that nature. Pretty much everything is either a primitive, a function, or a struct, with some nice syntactic sugar that makes things easier to read and write.
Along the way we’ll see some code that looks somewhat object oriented, but keep in mind that’s just syntactic sugar. There is no inheritance or polymorphism (at least of the OOP kind) in Zig. This simplicity of things is what makes Zig so C-like and much less of a nightmare than either C++ or Rust.
Anyway, on to creating the actual display. Modify the display.zig file to look like this:
const std = @import("std");
const c = @import("c.zig");
pub const Display = struct {
constSelf = @This();
window: *c.SDL_Window,
open: bool,
// These functions are that nice// syntactic sugar I was talking about
pub fn create(
title: [*]const u8, // The string type in Zig
width: i32,height: i32
) !Self {
}
pub fn free(self: *Self) void {
}
};
Code language:PHP(php)
You can see that we added some fields for the SDL window and for keeping track of if the display is still open. Below that are some helper functions that will create and free our display struct.
You’ll notice an exclamation next to the return type of the create function. That signifies that the function is capable of returning an error, and that the caller of the function must handle it should it do so. We’ll see how that’s done later, for now let’s actually get these functions working
The entirety of the create function for now will look like this:
Pretty basic, all we’re doing is initializing SDL and creating a window. But you can see a few interesting things here. First is how easy Zig makes it to use C libraries. When we imported the SDL header file the Zig compiler automatically wrapped all of the structs, functions, and macros for us, ready to use.
Second is how Zig handles null values. Unless specifically specified, pointers in Zig can’t have null values, and if you’re dealing with a function that can potentially return a null value but your variable isn’t marked as being nullable you’ll have to handle that somehow. We do so by adding an “orelse” statement after our function which will be automatically called in the case SDL_CreateWindow fails for some reason and returns null.
Third is the error handling in Zig. At a glance it seems similar to the traditional try/catch kind of error handling but in reality it’s more akin to Rust’s style of error handling with enums and whatnot. That’s all just hidden behind syntactic sugar and compiler trickery however.
Moving on to the free function. We initialized SDL and created a window, so all we have to do is destroy the window and cleanup SDL.
Having just a create and free function isn’t enough though, I mean we’re gonna actually want to use our window, which with SDL involves setting up a loop and checking for input. To do that we’ll add one more function.
The input function loops through and handles SDL’s queue of events. Currently the only event we’re handling is the SDL_QUIT event, but we’ll add a couple more later. But for now we have enough to get a display working so head on over to the main.zig file, clear it out, and add this code:
const std = @import("std"); // We'll be using this laterconst Display = @import("display.zig").Display;
pub fn main() !void {
var display = try Display.create("CHIP-8", 800,400);
defer display.free();
// Display loopwhile(display.open) {
display.input();
}
}Code language:JavaScript(javascript)
The code should be mostly self explanatory. You should notice however the “try” and “defer” keywords. The try keyword tries to call a function that’s capable of throwing an error and passes the error on to the next call stack if it happens. The defer keyword is another little fun feature of Zig that allows us to defer a function call to the end of a code block. It makes freeing resources in instances like these a bit neater. But anyway with this we should have a working display upon running the program.
Drawing to the Display
We have a display, but it’s not really useful if we can’t draw anything to it. Luckily for us SDL has a built-in rendering API, but we’re gonna have to set up some other stuff before getting to that first. What we’re gonna do is instead of drawing to the screen directly and having to fumble around with SDL’s stuff to get things working exactly right we’re gonna instead create an intermediary Bitmap struct which will be what our CHIP-8 emulator actually draws to and from and from which our SDL display just copies the pixel data from. Create a new source file called bitmap.zig and add this boilerplate:
Two things stand out here, first is std.mem.Allocator. Allocating memory in Zig is interesting, in other languages such as C you can just call malloc and get some memory but in Zig you have to use intermediary allocators provided to you by the standard library. The reason for this is so that you can choose precisely how allocations are done in functions in the standard library. It can be a little annoying to have to move allocator structs around all the time but the flexibility it provides can be life-saving.
The other thing which stands out is the setPixel function. The pixel display in CHIP-8 is a bit wonky. There are no instructions to directly set a pixel value in CHIP-8, only instructions to XOR the value at a particular pixel. Why it was built like this I don’t know — probably has something to do with it being made in the 1970s — but it’s how it works so we’re rolling with it. The setPixel function will XOR the value in the pixel array at the specified coordinates, and return true if the value was set to 0 (if a pixel was erased essentially) and return false otherwise.
The entirety of the Bitmap struct’s methods will look like this:
// Create Bitmap
pub fn create(allocator: std.mem.Allocator, width: u8,height: u8) !Self {
// Allocate pixel arrayvar pixels = try allocator.alloc(u1, @as(u16, width) * @as(u16, height));
@memset(pixels, 0);
returnSelf {
// We save the allocator so we can free our allocated data with it later
.allocator = allocator,
.width = width,
.height = height,
.pixels = pixels,
};
}
// Free Bitmap
pub fn free(self: *Self) void {
// Free allocated data with allocatorself.allocator.free(self.pixels);
}
// Clear Bitmap to specified value
pub fn clear(self: *Self, value: u1) void {
@memset(self.pixels, value);
}
// Set pixel value at x,y coordinate
pub fn setPixel(self: *Self, x: u8,y: u8) bool {
// Return if x or y is invalidif(x >= self.width or y >= self.height) returnfalse;
var index: u16 = @as(u16, x) + @as(u16, y) * @as(u16, self.width);
self.pixels[index] ^= 1;
return (self.pixels[index] == 0);
}
// Get pixel value at x,y coordinate
pub fn getPixel(self: *Self, x: u8,y: u8) u1 {
// Return if x or y is invalidif(x >= self.width or y >= self.height) return0;
var index: u16 = @as(u16, x) + @as(u16, y) * @as(u16, self.width);
returnself.pixels[index];
}Code language:PHP(php)
The only real notable thing is all of the @as things everywhere. Zig’s typecasting is a bit wonky and complicated but for now just know that all it’s doing is typecasting the variables to the correct integer types for the multiplication of large numbers.
In the main.zig file add this code to the beginning of the main function:
All we’ve done here is add an SDL renderer and texture to our struct. We’re going to copy the pixel data from our bitmap to our SDL texture and then render that texture to the display using the SDL renderer.
In display.zig create a new function called draw:
pub fn draw(self: *Self, bitmap: *Bitmap) void {
if(bitmap.width != self.framebuffer_width) return;
if(bitmap.height != self.framebuffer_height) return;
// You can use whatever colors you wantconst clear_value = c.SDL_Color {
.r = 0,
.g = 0,
.b = 0,
.a = 255,
};
const color_value = c.SDL_Color {
.r = 255,
.g = 255,
.b = 255,
.a = 255,
};
var pixels: ?*anyopaque = null;
var pitch: i32 = 0;
// Lock framebuffer so we can write pixel data to itif(c.SDL_LockTexture(self.framebuffer, null, &pixels, &pitch) != 0) {
c.SDL_Log("Failed to lock texture: %s\n", c.SDL_GetError());
return;
}
// Cast pixels pointer so that we can use offsetsvar upixels: [*]u32 = @ptrCast(@alignCast(pixels.?));
// Copy pixel loopvar y:u8 = 0;
while(y < self.framebuffer_height) : (y += 1) {
var x:u8 = 0;
while(x < self.framebuffer_width) : (x += 1) {
var index: usize = @as(usize, y) * @divExact(@as(usize, @intCast(pitch)), @sizeOf(u32)) + @as(usize, x);
var color = if(bitmap.getPixel(x,y) == 1) color_value else clear_value;
// It would probably be better to// use SDL_MapRGBA here but it was// giving me errors for some reason// and I'm too lazy to figure it outvar r: u32 = @as(u32, color.r) << 24;
var g: u32 = @as(u32, color.g) << 16;
var b: u32 = @as(u32, color.b) << 8;
var a: u32 = @as(u32, color.a) << 0;
upixels[index] = r | g | b | a;
}
}
_ = c.SDL_UnlockTexture(self.framebuffer);
_ = c.SDL_RenderClear(self.renderer);
_ = c.SDL_RenderCopy(self.renderer, self.framebuffer, null,null);
_ = c.SDL_RenderPresent(self.renderer);
}Code language:PHP(php)
The draw function is a lot longer and slightly more complicated than the others, but all it’s really doing is locking the SDL texture, getting a pointer to its pixel data, converting the data in our bitmap to the proper pixel data and setting it in the texture data, and then rendering the texture.
You might be wondering what those _ = bits are doing there. In Zig every value that an expression creates has to be used or at the very least acknowledged. All of those SDL functions return values but we don’t want/need to use them so we simply use the _ = to acknowledge that they exist.
With that done we’re now finally able to actually draw stuff to the screen. Head on over to the main.zig file and change it to look like this:
And with that you should have a single pixel displaying on the screen.
Loading ROMs
Alright so we’re almost ready to start work on the actual emulator itself, but we have two more things we have to do before that, the first up being setting up ROM loading. Plenty of CHIP-8 ROMs can be found free around the internet or on GitHub so don’t be afraid to look around. I’ll personally be using the blitz.rom ROM from this repository: https://github.com/badlogic/chip8/tree/master/roms.
To start create a new source file called device.zig and insert this boilerplate:
This struct will serve as a sort of abstract “device” for our emulator, a device which contains the actual memory of the emulator and is capable of loading ROMs from the filesystem. Despite how important that may sound nothing particularly fancy will be happening here except for file loading.
You may be wondering about that big DEFAULT_FONT array at the top. CHIP-8 is expected to have a default font loaded into memory for games to use, so we’ve just added that default font at the top there and will load it into memory upon device creation.
// Create the device
pub fn create(allocator: std.mem.Allocator) !Self {
var memory = try allocator.alloc(u8, 4096);
@memcpy(memory[0x000..0x050], DEFAULT_FONT[0..80]);
returnSelf {
.allocator = allocator,
.memory = memory,
};
}
// Free the device
pub fn free(self: *Self) void {
self.allocator.free(self.memory);
}
// Load raw ROM data into memory
pub fn loadProgramIntoMemory(self: *Self, program: []u8) void {
@memcpy(self.memory[0x200..0x200 + program.len], program[0..program.len]);
}
// Load the ROM data from a file
pub fn loadROM(self: *Self, path: []const u8) bool {
var file = std.fs.cwd().openFile(path, .{}) catchreturnfalse;
defer file.close();
var stat = file.stat() catchreturnfalse;
if(stat.size > self.memory.len - 0x200) returnfalse;
var buffer = self.allocator.alloc(u8, stat.size) catchreturnfalse;
defer self.allocator.free(buffer);
file.reader().readNoEof(buffer) catchreturnfalse;
self.loadProgramIntoMemory(buffer);
returntrue;
}Code language:PHP(php)
Nothing particularly interesting is happening in the code, except for the use of Zig’s slices. Slices in Zig are a special kind of pointer that reference a contiguous subset of elements in a sequence. In English and (mostly) in practice that just means that they’re pointers to data in arrays with additional useful information (such as length) added to them. They’re used all around in the standard library and are rather flexible. You can have a slice pointing to data stored in an array, you can have a slice pointing to data stored in another slice, and you can create slices on-the-fly by using that [start_index..end_index] syntax as shown above. Like I said they’re used all the time in the standard library so that’s why they’re littered throughout the code.
With just that little bit of code we already have ROM loading done and ready, so go back to the main.zig and and this snippet somewhere near the beginning of the main function:
var device = try Device.create(allocator);
defer device.free();
if(!device.loadROM("./roms/blitz.rom")) {
std.debug.print("Failed to load CHIP-8 ROM\n", .{});
return;
}Code language:PHP(php)
Not forgetting to import the Device struct at the beginning of the file:
Alright, the last thing we have to do before getting to the actual emulator is to setup keyboard input. CHIP-8 has a simple 16 key input, with each key being valued 0x0…0xF. Luckily SDL makes input for us a breeze. We’ll use scancodes instead of keycodes so that anyone can use the emulator regardless of keyboard layout.
We’ll be using all of the left-most keys on the keyboard to represent the 16 key input.
Creating the Emulator
Finally, after all that setup we’re ready to make the actual honest-to-God emulator. For other types of emulators this would easily be the most time-consuming part, but luckily for us the CHIP-8 instruction set only has 35 opcodes.
Since the main focus of this section is the implementation of the instruction set, I’ll just give you all of the boilerplate and helper functions that we use from the get-go. Create a new file called cpu.zig and insert this code:
This one’s a little more complex. Instead of just wrapping around during an overflow the CHIP-8 spec says instead that if an addition is greater than 8 bits the VF register is set to 1 and only the lowest 8 bits of the result are to be kept. Some quirkery with CHIP-8 also requires that the VF register is set at specific times during an instruction, which we’ll see more of in some other instructions.
8xy5 – SUB Vx, Vy
Set Vx to the value of Vx – Vy and set VF to 1 if Vx > Vy, 0 otherwise.
I know the implementation of this may seem a bit wonky but we implement it this way to apply to the CHIP-8 specs. In most instructions the VF flag is usually set after a calculation takes place. This is because the VF flag itself could be used in a calculation and setting it beforehand would ruin said calculation, so we do it after.
8xy6 – SHR Vx {, Vy}
Set Vx to the value of Vy SHR 1. If the least significant bit of Vy is 1 set VF to 1, 0 otherwise.
Generate a random number from 0 to 255, AND it with the value kk, and store the result in Vx.
0xC000 => {
// Get the operating system// to generate a random seedvar seed: u64 = 11111;
std.os.getrandom(std.mem.asBytes(&seed)) catch {};
// Generate a random numbervar rnd = std.rand.DefaultPrng.init(seed);
var num = rnd.random().int(u8);
// AND and storeself.v[x] = num & (@as(u8, @truncate(opcode)) & 0xFF);
},Code language:PHP(php)
Dxyn – DRW Vx, Vy, nibble
Display an n-byte sprite starting at memory location I at pixel location (Vx, Vy), set VF = collision.
The interpreter reads n bytes from memory, starting at the address stored in I. These bytes are then displayed as sprites on the screen at coordinates (Vx, Vy). Sprites are XORed onto the existing screen. If this causes any pixels to be erased, VF is set to 1, 0 otherwise. If a sprite’s x or y is positioned outside of the screen, it wraps around to the opposite side of the screen. This behavior however does not apply to the coordinates of the individual pixels in the sprite.
0xD000 => {
var width: u16 = 8; // ALL sprite are 8 widevar height = (opcode & 0xF);
// One of the few instructions// where it's fine to set this firstself.v[0xF] = 0;
var row: u8 = 0;
while(row < height) : (row += 1) {
var sprite = self.memory.*[self.i + row];
var col: u8 = 0;
while(col < width) : (col += 1) {
// Wrap the x and y around// the screen if outside// the boundsvar px = self.v[x] % self.bitmap.width;
var py = self.v[y] % self.bitmap.height;
// We don't wrap pixels that// are outside of the boundsif(px + col >= self.bitmap.width) continue;
if(py + row >= self.bitmap.height) continue;
// If the bit (sprite) is not 0// render/erase the pixelif((sprite & 0x80) > 0) {
// If setPixel returns true// a pixel was erased, so set// VF to 1if(self.bitmap.setPixel(px + col,py + row)) {
self.v[0xF] = 1;
}
}
// Shift the sprite left 1 and// move the next col/bit of the// sprite into the first position
sprite <<= 1;
}
}
},Code language:PHP(php)
Ex9E – SKP Vx
Skip the next instruction if the key with the value of Vx is pressed.
Astute readers may have observed some of these values being referenced earlier in the code. The functionality for this instruction was already setup in the boilerplate, so we don’t have to worry about adding anything more.
Phew, and just like that we’ve implemented all of the CHIP-8 instructions. But we’re still not done quite yet! There’s one last little wrinkle to iron out: timing.
Timing
CHIP-8 expects to run at a rate of 60 Hz a second. Modern computers run, uhhhh, a helluva lot faster than that, so we’re gonna have to artificially limit how many times we cycle the CPU. We can easily do this by using Zig’s built-in time methods.
For the last time, head on over to main.zig. Remove this line:
_ = bitmap.setPixel(5,5);
And then rewrite the display loop to look like this:
And with that, our CHIP-8 emulator is done. I hope you enjoyed this little introduction to the Zig programming language. I’ll potentially make more stuff like this such as a NES or Gameboy emulator in the future. Or I might make a DOOM renderer. ¯\_(ツ)_/¯
Regardless, you can find more details about the more technical aspects of CHIP-8 in the resources down below. You can also find the full source code for the project at https://github.com/HandleHHandle/CHIP8Tutorial.
Till next time.
[Psssst, you may have noticed that we failed to implement the playSound function. Because I’m lazy I’ve decided to leave that as an exercise for the reader ;)]
