void patch_drm(SceModule2 *module) {
kprintf("Patching scePspNpDrm_user\n");
sceNpDrmSetLicenseeKey_func = NULL;
// sceNpDrmSetLicenseeKey
if(hook_import_bynid(module, "scePspNpDrm_user", 0xA1336091, np_setkey, 1) < 0) {
kprintf(">> hook to sceNpDrmSetLicenseeKey failed\n");
// sceNpDrmEdataSetupKey
sceNpDrmEdataSetupKey_func = NULL;
if(hook_import_bynid(module, "scePspNpDrm_user", 0x08D98894, np_setup, 1) >= 0) {
lolwut_found = 1;
kprintf("lolwut? using npdrm without initializing the drm seed??\n");
kprintf(">> hook to sceNpDrmEdataSetupKey succeeded\n");
}
}
}
static int popcorn_patch_chain(SceModule2 *mod)
{
printk("%s: %s\n", __func__, mod->modname);
if (0 == strcmp(mod->modname, "pops")) {
u32 text_addr = mod->text_addr;
printk("%s: patching pops\n", __func__);
if(g_is_custom_ps1) {
patch_decompress_data(text_addr);
}
if(g_icon0_status) {
patch_icon0_size(text_addr);
}
sceMeAudio_67CD7972 = (void*)sctrlHENFindFunction("scePops_Manager", "sceMeAudio", g_offs->pops_patch.sceMeAudio_67CD7972_NID);
hook_import_bynid((SceModule*)mod, "sceMeAudio", g_offs->pops_patch.sceMeAudio_67CD7972_NID, _sceMeAudio_67CD7972, 1);
_sw(0x24020001, text_addr + g_offs->pops_patch.manualNameCheck[psp_model]);
sync_cache();
}
if( conf.noanalog ) {
patch_analog_imports((SceModule*)mod);
}
if(g_previous)
return g_previous(mod);
return 0;
}
void patch_drm_imports(SceModule *mod)
{
u32 i;
for(i=0; i<NELEMS(g_nodrm_hook_map); ++i) {
hook_import_bynid(mod, g_nodrm_hook_map[i].libname, g_nodrm_hook_map[i].nid, g_nodrm_hook_map[i].hook_addr, 1);
}
}
void patch_module_for_version_spoof(SceModule *mod1)
{
u32 text_addr;
SceModule2 *mod = (SceModule2*)mod1;
if (mod == NULL) {
return;
}
text_addr = mod->text_addr;
if(text_addr & 0x80000000) {
// kernel module
hook_import_bynid((SceModule*)mod, "sceResmgr_driver", 0x9DC14891, (void*)versionspoofer, 0);
} else {
// user module (hooking requires 0x4001 export in exports.exp)
hook_import_bynid((SceModule*)mod, "sceResmgr", 0x9DC14891, (void*)versionspoofer, 1);
}
}
static void patch_scePops_Manager(void)
{
SceModule2 *mod;
u32 text_addr;
size_t i;
mod = (SceModule2*) sceKernelFindModuleByName("scePops_Manager");
text_addr = mod->text_addr;
for(i=0; i<NELEMS(g_io_hooks); ++i) {
hook_import_bynid((SceModule*)mod, "IoFileMgrForKernel", g_io_hooks[i].nid, g_io_hooks[i].fp, 0);
}
if(g_offs->popsman_patch.get_rif_path != 0xDEADBEEF) {
_get_rif_path = (void*)(text_addr + g_offs->popsman_patch.get_rif_path);
_sw(MAKE_CALL(&get_rif_path), text_addr + g_offs->popsman_patch.get_rif_path_call1);
_sw(MAKE_CALL(&get_rif_path), text_addr + g_offs->popsman_patch.get_rif_path_call2);
}
sceNpDrmGetVersionKey = (void*)sctrlHENFindFunction("scePspNpDrm_Driver", "scePspNpDrm_driver", 0x0F9547E6);
scePspNpDrm_driver_9A34AC9F = (void*)sctrlHENFindFunction("scePspNpDrm_Driver", "scePspNpDrm_driver", 0x9A34AC9F);
if(g_offs->popsman_patch.sceNpDrmGetVersionKeyCall != 0xDEADBEEF) {
_sw(MAKE_CALL(_sceNpDrmGetVersionKey), text_addr + g_offs->popsman_patch.sceNpDrmGetVersionKeyCall);
}
if(g_offs->popsman_patch.scePspNpDrm_driver_9A34AC9F_Call != 0xDEADBEEF) {
_sw(MAKE_CALL(_scePspNpDrm_driver_9A34AC9F), text_addr + g_offs->popsman_patch.scePspNpDrm_driver_9A34AC9F_Call);
}
// remove the check in scePopsManLoadModule that only allows loading module below the FW 3.XX
if(g_offs->popsman_patch.scePopsManLoadModuleCheck != 0xDEADBEEF) {
_sw(NOP, text_addr + g_offs->popsman_patch.scePopsManLoadModuleCheck);
}
if (g_is_custom_ps1) {
for(i=0; i<NELEMS(g_amctrl_hooks); ++i) {
hook_import_bynid((SceModule*)mod, "sceAmctrl_driver", g_amctrl_hooks[i].nid, g_amctrl_hooks[i].fp, 0);
}
}
}
void patch_load_module(SceModule *mod)
{
hook_import_bynid(mod, "ModuleMgrForUser", 0x977DE386, &myKernelLoadModule, 1);
}
static void patch_sceUmdMan_driver(SceModule* mod)
{
if(is_homebrews_runlevel()) {
hook_import_bynid(mod, "InitForKernel", 0x27932388, _sceKernelBootFromForUmdMan, 0);
}
}
static int syspatch_module_chain(SceModule2 *mod)
{
int apitype;
apitype = sceKernelInitApitype();
#ifdef DEBUG
printk("Starting %s Apitype: 0x%X\n", mod->modname, apitype);
hook_import_bynid((SceModule*)mod, "KDebugForKernel", 0x84F370BC, printk, 0);
#endif
if (is_system_booted()) {
if(0 == strcmp(mod->modname, "sceNpSignupPlugin_Module")) {
patch_npsignup(mod->text_addr);
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "sceVshNpSignin_Module")) {
patch_npsignin(mod->text_addr);
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "sceNp")) {
patch_np(mod->text_addr, 9, 90);
sync_cache();
goto exit;
}
if(conf.usbversion && 0 == strcmp(mod->modname, "sceUSB_Stor_Ms_Driver")) {
patch_sceUSB_Stor_Ms_Driver((SceModule*)mod);
goto exit;
}
system_booted_action();
patch_module_for_version_spoof((SceModule*)mod);
goto exit;
}
if(0 == strcmp(mod->modname, "sceLoadExec")) {
u32 key_config;
key_config = sceKernelApplicationType();
if (key_config == PSP_INIT_KEYCONFIG_GAME) {
if(PSP_1000 != psp_model) {
prepatch_partitions();
sync_cache();
}
}
goto exit;
}
if(0 == strcmp(mod->modname, "sceSYSCON_Driver")) {
resolve_syscon_driver((SceModule*)mod);
goto exit;
}
// load after lflash
if(0 == strcmp(mod->modname, "sceDisplay_Service")) {
load_config();
patch_sceLoadExec();
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "sceMediaSync")) {
patch_sceMediaSync(mod->text_addr);
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "sceUmdMan_driver")) {
patch_sceUmdMan_driver((SceModule*)mod);
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "sceUmdCache_driver")) {
patch_umdcache(mod->text_addr);
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "sceWlan_Driver")) {
patch_sceWlan_Driver(mod->text_addr);
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "scePower_Service")) {
patch_scePower_Service(mod->text_addr);
sync_cache();
goto exit;
}
if(0 == strcmp(mod->modname, "sceMesgLed")) {
patch_mesgled((SceModule*)mod);
sync_cache();
goto exit;
}
if (0 == strcmp(mod->modname, "sceImpose_Driver")) {
patch_sceChkreg();
disable_PauseGame(mod->text_addr);
usb_charge();
sync_cache();
goto exit;
}
if(psp_model == PSP_GO && 0 == strcmp(mod->modname, "pspMarch33_Driver")) {
patch_pspMarch33_Driver(mod->text_addr);
sync_cache();
goto exit;
}
#ifdef DEBUG
if(0 == strcmp(mod->modname, "sceKernelLibrary")) {
printk_sync();
printk("printk synchronized\n");
goto exit;
}
#endif
exit:
if (previous)
return (*previous)(mod);
return 0;
}
void patch_sceLoaderCore(void)
{
//find module
SceModule2 * loadcore = (SceModule2 *)sctrlKernelFindModuleByName("sceLoaderCore");
//patch sceKernelCheckExecFile (sub_0C10)
_sw((unsigned int)_sceKernelCheckExecFile, loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFilePtr);
_sw(MAKE_CALL(_sceKernelCheckExecFile), loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFileCall1);
_sw(MAKE_CALL(_sceKernelCheckExecFile), loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFileCall2);
_sw(MAKE_CALL(_sceKernelCheckExecFile), loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFileCall3);
//6.35 relocation fix for rt7
//fake relocation type 7 to be treated like 0
//patches handler table so jr $t5 returns properly on type 7 ;)
u32 faketype = 0;
u32 origtype = 7;
_sw(*(u32 *)(loadcore->text_addr + g_offs->loadercore_patch.ReloactionTable + faketype * 4), loadcore->text_addr + g_offs->loadercore_patch.ReloactionTable + origtype * 4);
//patch ProbeExec1 (sub_001AC)
ProbeExec1 = (void*)loadcore->text_addr + g_offs->loadercore_patch.ProbeExec1; //dword_6248
_sw(MAKE_CALL(_ProbeExec1), loadcore->text_addr + g_offs->loadercore_patch.ProbeExec1Call);
//patch ProbeExec2 (sub_004E8)
ProbeExec2 = (void*)loadcore->text_addr + g_offs->loadercore_patch.ProbeExec2; //dword_6364
_sw(MAKE_CALL(_ProbeExec2), loadcore->text_addr + g_offs->loadercore_patch.ProbeExec2Call1);
_sw(MAKE_CALL(_ProbeExec2), loadcore->text_addr + g_offs->loadercore_patch.ProbeExec2Call2);
//enable syscall exports (?)
_sw(0x3C090000, loadcore->text_addr + g_offs->loadercore_patch.EnableSyscallExport);
//undo check #1
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck1); //bnez
//undo check #2
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck2); //beqzl
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck2 + 4); //lui (likely branch instruction)
//undo check #3
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck3); //beqzl
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck3 + 4); //lui (likely branch instruction)
// pops version check
_sw(0x1000FFCB, loadcore->text_addr + g_offs->loadercore_patch.pops_version_check); // b loc_000075B4
//undo rebootex patches
void * memlmd_323366CA = (void*)sctrlHENFindFunction("sceMemlmd", "memlmd", g_offs->loadercore_patch.memlmd_323366CA_NID);
_sw(MAKE_CALL(memlmd_323366CA), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo1Call1);
_sw(MAKE_CALL(memlmd_323366CA), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo1Call2);
_sw(MAKE_CALL(memlmd_323366CA), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo1Call3);
void * memlmd_7CF1CD3E = (void*)sctrlHENFindFunction("sceMemlmd", "memlmd", g_offs->loadercore_patch.memlmd_7CF1CD3E_NID);
_sw(MAKE_CALL(memlmd_7CF1CD3E), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo2Call1);
_sw(MAKE_CALL(memlmd_7CF1CD3E), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo2Call2);
/* undo my own patches */
_sw(0x1040002C, loadcore->text_addr + 0x58E0);
_sw(0x0040F809, loadcore->text_addr + 0x58E8);
void * sub_3E80 = (void*)loadcore->text_addr + 0x3E80;
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x3E00);
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x3F58);
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x58F8);
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x5908);
_sw(0x10400009, loadcore->text_addr + 0x5944);
_sw(0x0040F809, loadcore->text_addr + 0x5950);
setup_nid_resolver();
#ifdef DEBUG
hook_import_bynid((SceModule*)loadcore, "KDebugForKernel", 0x84F370BC, printk, 0);
#endif
patch_sceKernelStartModule(loadcore->text_addr);
}
