Example #1
0
int PatchInit(int (* module_bootstart)(SceSize, void *), void *argp)
{
	init_addr = ((u32)module_bootstart) - 0x1A54;

	MAKE_JUMP(init_addr + 0x1C5C, sceKernelStartModulePatched);

	ClearCaches();

	return module_bootstart(4, argp);
}
Example #2
0
/**
 * Remember you have to export the hooker function if using syscall hook
 */
int hook_import_bynid(SceModule *pMod, char *library, unsigned int nid, void *func, int syscall)
{
    PspModuleImport *pImp;
    void *stubTab;
    int stubLen;
    int i = 0;

    if(pMod == NULL)
        return -1;

    stubTab = pMod->stub_top;
    stubLen = pMod->stub_size;

    while(i<stubLen) {
        pImp = (PspModuleImport*)(stubTab+i);

        if((pImp->name) && (strcmp(pImp->name, library) == 0)) {
            int j;

            for(j=0; j<pImp->funcCount; j++) {
                if(pImp->fnids[j] == nid) {
                    void *addr = (void*)(&pImp->funcs[j*2]);

                    if(syscall) {
                        u32 syscall_num;

                        syscall_num = sctrlKernelQuerySystemCall(func);

                        if(syscall_num == (u32)-1) {
                            printk("%s: cannot find syscall in %s_%08X\n", __func__, library, nid);

                            return -1;
                        }

                        _sw(0x03E00008, (u32)addr);
                        _sw(MAKE_SYSCALL(syscall_num), (u32)(addr + 4));
                    } else {
                        _sw(MAKE_JUMP(func), (u32)addr);
                        _sw(NOP, (u32)(addr + 4));
                    }

                    sceKernelDcacheWritebackInvalidateRange(addr, 8);
                    sceKernelIcacheInvalidateRange(addr, 8);
                }
            }
        }

        i += (pImp->entLen * 4);
    }

    return 0;
}
Example #3
0
// 0x000003D8
int myKernelStartThread(SceUID thid, SceSize arglen, void *argp)
{
	if(g_SceNpUmdMount_thid == thid) {
		SceModule2 *pMod;

		pMod = (SceModule2*) sceKernelFindModuleByName("sceNp9660_driver");
		g_sceNp9660_driver_text_addr = pMod->text_addr;

		// 6.30: 0x00003C34
		// 6.20: move to 0x00003BD8: jal InitForKernel_29DAA63F
		_sw(0x3C028000, g_sceNp9660_driver_text_addr + g_offs->InitForKernelCall); // jal InitForKernel_23458221 to lui $v0, 0x00008000
		// 6.30: 0x00003C4C
		// 6.20: move to 0x00003BF0: jal sub_00000000
		_sw(MAKE_CALL(sub_00000588), g_sceNp9660_driver_text_addr + g_offs->Func1);
		// 6.30: 0x000043B4
		// 6.20: move to 0x00004358: jal sub_00004388
		_sw(MAKE_CALL(sub_00000054), g_sceNp9660_driver_text_addr + g_offs->Func2); // jal sub_3948 to jal sub_00000054
		// 6.30: 0x0000590C
		// 6.20: move to 0x0000582C: jal sub_00004388
		_sw(MAKE_CALL(sub_00000054), g_sceNp9660_driver_text_addr + g_offs->Func3); // jal sub_3948 to jal sub_00000054
		// 6.30: 0x00007D08
		// 6.20: move to 0x00007C28
		_sw(MAKE_JUMP(sub_00000514), g_sceNp9660_driver_text_addr + g_offs->sceIoClose); // hook sceIoClose import

		// 6.30: 0x00003680
		// 6.20: move to 0x00003624
		g_func_1200 = pMod->text_addr + g_offs->Func4;
		printk("g_func_1200 0x%08X\n", (uint)g_func_1200); // sub_2f30
		// 6.30: 0x00004F8C
		// 6.20: move to 0x00004EAC
		g_func_1208 = pMod->text_addr + g_offs->Func5;
		printk("g_func_1208 0x%08X\n", (uint)g_func_1208); // sub_4494
		// 6.30: 0x00004FFC
		// 6.20: move to 0x00004F1C
		g_func_121C = pMod->text_addr + g_offs->Func6;
		printk("g_func_121C 0x%08X\n", (uint)g_func_121C); // sub_44ec

		clear_cache();
	}

	return sceKernelStartThread(thid, arglen, argp);
}
Example #4
0
File: main.c Project: smiky/psvdev 
void kernel_function()
{
	/* Set k1 */
	asm("move $k1, $0\n");

	/* Repair sysmem */
	_sw(0x0200D821, 0x8800F714);
	_sw(0x3C038801, 0x8800F718);
	_sw(0x8C654384, 0x8800F71C);

	/* Patch loadexec */
	SceModule2 *mod = _sceKernelFindModuleByName("sceLoadExec");
	u32 text_addr = mod->text_addr;

	MAKE_JUMP(text_addr + 0x2E30, Reboot_Entry);

	/* Allow LoadExecVSH in whatever user level */
	_sh(0x1000, text_addr + 0x241E);
	_sw(0, text_addr + 0x2460);

	_sceKernelIcacheInvalidateAll();
	_sceKernelDcacheWritebackInvalidateAll();

	MakeFileList();

	/* Load Eboot */
	int (* LoadExecVSH)(int apitype, const char *file, struct SceKernelLoadExecVSHParam *param, int unk2) = (void *)text_addr + 0x23D0;

	char program[64];
	strcpy(program, rebootex_config.savedata_path);
	strcat(program, "/MENU.PBP");

	struct SceKernelLoadExecVSHParam param;

	memset(&param, 0, sizeof(param));
	param.size = sizeof(param);
	param.argp = program;
	param.args = strlen(param.argp) + 1;
	param.key = "game";

	LoadExecVSH(PSP_INIT_APITYPE_MS2, program, &param, 0x10000);
}
Example #5
0
void * patchLoadExecVSHCommon( void * func )
{
	tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceLoadExec" );
	if ( fw_version == FW_371 )
		LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x0000121c; //same in standare/slim
	else if ( fw_version == FW_380 || fw_version == FW_390 )
		LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x000014cc; //same in standare/slim
	else if ( fw_version == FW_401 )
		LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x00001E1C; //same in standare/slim
	else if ( fw_version == FW_500 )
		LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x00001E58; //verified in phat
	else if ( fw_version == FW_550 )
		LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x00001F3C; //same on slim & phat
	LoadExecVSHCommon_ori[1].addr = LoadExecVSHCommon_ori[0].addr + 4;
	LoadExecVSHCommon_ori[0].val = _lw( LoadExecVSHCommon_ori[0].addr );
	LoadExecVSHCommon_ori[1].val = _lw( LoadExecVSHCommon_ori[1].addr );
	MAKE_JUMP( LoadExecVSHCommon_ori[0].addr, func );
	_sw( NOP, LoadExecVSHCommon_ori[1].addr );
	sceKernelIcacheInvalidateAll();
	sceKernelDcacheWritebackInvalidateAll();
	return ( void * )LoadExecVSHCommon_ori[0].addr;
}