void patch_sceUSB_Driver(u32 text_addr)
{
sceUsbStartOrig = (void*)sctrlHENFindFunction("sceUSB_Driver", "sceUsb", 0xAE5DE6AF);
sctrlHENPatchSyscall(sceUsbStartOrig, &_sceUsbStart);
sceUsbStopOrig = (void*)sctrlHENFindFunction("sceUSB_Driver", "sceUsb", 0xC2464FA0);
sctrlHENPatchSyscall(sceUsbStopOrig, &_sceUsbStop);
}
int nodrm_get_npdrm_functions(void)
{
_sceNpDrmRenameCheck = (void*)sctrlHENFindFunction("scePspNpDrm_Driver", "scePspNpDrm_user", 0x275987D1);
_sceNpDrmEdataSetupKey = (void*)sctrlHENFindFunction("scePspNpDrm_Driver", "scePspNpDrm_user", 0x08D98894);
_sceNpDrmEdataGetDataSize = (void*)sctrlHENFindFunction("scePspNpDrm_Driver", "scePspNpDrm_user", 0x219EF5CC);
_sceKernelLoadModuleNpDrm = (void*)sctrlHENFindFunction("sceModuleManager", "ModuleMgrForUser", 0xF2D8D1B4);
if (_sceNpDrmRenameCheck == NULL) return -1;
if (_sceNpDrmEdataSetupKey == NULL) return -2;
if (_sceNpDrmEdataGetDataSize == NULL) return -3;
if (_sceKernelLoadModuleNpDrm == NULL) return -4;
return 0;
}
static int popcorn_patch_chain(SceModule2 *mod)
{
printk("%s: %s\n", __func__, mod->modname);
if (0 == strcmp(mod->modname, "pops")) {
u32 text_addr = mod->text_addr;
printk("%s: patching pops\n", __func__);
if(g_is_custom_ps1) {
patch_decompress_data(text_addr);
}
if(g_icon0_status) {
patch_icon0_size(text_addr);
}
sceMeAudio_67CD7972 = (void*)sctrlHENFindFunction("scePops_Manager", "sceMeAudio", g_offs->pops_patch.sceMeAudio_67CD7972_NID);
hook_import_bynid((SceModule*)mod, "sceMeAudio", g_offs->pops_patch.sceMeAudio_67CD7972_NID, _sceMeAudio_67CD7972, 1);
_sw(0x24020001, text_addr + g_offs->pops_patch.manualNameCheck[psp_model]);
sync_cache();
}
if( conf.noanalog ) {
patch_analog_imports((SceModule*)mod);
}
if(g_previous)
return g_previous(mod);
return 0;
}
// trust - 0
// crash - 1
int confirm_usage_right(void)
{
u8 shabuf[20];
u8 psid[16];
int i;
memset(psid, 0, sizeof(psid));
_sceOpenPSIDGetOpenPSID = (void*)sctrlHENFindFunction("sceOpenPSID_Service", "sceOpenPSID_driver", 0xC69BEBCE);
(*_sceOpenPSIDGetOpenPSID)(psid);
printk("Dumping PSID:\n");
printk( "%02X%02X%02X%02X"
"%02X%02X%02X%02X"
"%02X%02X%02X%02X"
"%02X%02X%02X%02X\n", psid[0], psid[1], psid[2], psid[3], psid[4], psid[5], psid[6], psid[7], psid[8], psid[9], psid[10], psid[11], psid[12], psid[13], psid[14], psid[15]);
memset(shabuf, 0, sizeof(shabuf));
sceKernelUtilsSha1Digest(psid, sizeof(psid), shabuf);
for(i=0; i<512-1; ++i) {
sceKernelUtilsSha1Digest(shabuf, sizeof(shabuf), shabuf);
}
return !is_trusted_user(shabuf);
}
int load_module_get_function(void)
{
_sceKernelLoadModule = (void*)sctrlHENFindFunction("sceModuleManager", "ModuleMgrForUser", 0x977DE386);
if (_sceKernelLoadModule == NULL) return -5;
return 0;
}
int snw_save(SceUtilitySavedataParam *params) {
if (sceUtilitySavedataInitStart_func == NULL) {
u32 k1 = pspSdkSetK1(0);
sceUtilitySavedataInitStart_func = (void *)sctrlHENFindFunction("sceUtility_Driver", "sceUtility", 0x50C4CD57);
pspSdkSetK1(k1);
}
params->base.language = PSP_SYSTEMPARAM_LANGUAGE_ENGLISH;
return sceUtilitySavedataInitStart_func(params);
}
unsigned int kernel_sctrlHENFindFunction(char* modname, char* libname, unsigned int nid)
{
u32 k1;
k1 = pspSdkSetK1(0);
int result = sctrlHENFindFunction(modname, libname, nid);
pspSdkSetK1(k1);
return result;
}
void patch_sceChkreg(void)
{
u32 fp;
// sceChkregGetPsCode
fp = sctrlHENFindFunction("sceChkreg", "sceChkreg_driver", 0x59F8491D);
if (fp && conf.fakeregion) {
REDIRECT_FUNCTION(_sceChkregGetPsCode, fp);
}
}
static void patch_scePops_Manager(void)
{
SceModule2 *mod;
u32 text_addr;
size_t i;
mod = (SceModule2*) sceKernelFindModuleByName("scePops_Manager");
text_addr = mod->text_addr;
for(i=0; i<NELEMS(g_io_hooks); ++i) {
hook_import_bynid((SceModule*)mod, "IoFileMgrForKernel", g_io_hooks[i].nid, g_io_hooks[i].fp, 0);
}
if(g_offs->popsman_patch.get_rif_path != 0xDEADBEEF) {
_get_rif_path = (void*)(text_addr + g_offs->popsman_patch.get_rif_path);
_sw(MAKE_CALL(&get_rif_path), text_addr + g_offs->popsman_patch.get_rif_path_call1);
_sw(MAKE_CALL(&get_rif_path), text_addr + g_offs->popsman_patch.get_rif_path_call2);
}
sceNpDrmGetVersionKey = (void*)sctrlHENFindFunction("scePspNpDrm_Driver", "scePspNpDrm_driver", 0x0F9547E6);
scePspNpDrm_driver_9A34AC9F = (void*)sctrlHENFindFunction("scePspNpDrm_Driver", "scePspNpDrm_driver", 0x9A34AC9F);
if(g_offs->popsman_patch.sceNpDrmGetVersionKeyCall != 0xDEADBEEF) {
_sw(MAKE_CALL(_sceNpDrmGetVersionKey), text_addr + g_offs->popsman_patch.sceNpDrmGetVersionKeyCall);
}
if(g_offs->popsman_patch.scePspNpDrm_driver_9A34AC9F_Call != 0xDEADBEEF) {
_sw(MAKE_CALL(_scePspNpDrm_driver_9A34AC9F), text_addr + g_offs->popsman_patch.scePspNpDrm_driver_9A34AC9F_Call);
}
// remove the check in scePopsManLoadModule that only allows loading module below the FW 3.XX
if(g_offs->popsman_patch.scePopsManLoadModuleCheck != 0xDEADBEEF) {
_sw(NOP, text_addr + g_offs->popsman_patch.scePopsManLoadModuleCheck);
}
if (g_is_custom_ps1) {
for(i=0; i<NELEMS(g_amctrl_hooks); ++i) {
hook_import_bynid((SceModule*)mod, "sceAmctrl_driver", g_amctrl_hooks[i].nid, g_amctrl_hooks[i].fp, 0);
}
}
}
static void setup_psx_fw_version(u32 fw_version)
{
int (*_SysMemUserForUser_315AD3A0)(u32 fw_version);
_SysMemUserForUser_315AD3A0 = (void*)sctrlHENFindFunction("sceSystemMemoryManager", "SysMemUserForUser", 0x315AD3A0);
if (_SysMemUserForUser_315AD3A0 == NULL) {
printk("_SysMemUserForUser_315AD3A0 not found\n");
reboot_vsh_with_error(0x80000001);
}
_SysMemUserForUser_315AD3A0(fw_version);
}
int module_start( SceSize args, void *argp )
{
SceUID file = sceIoOpen("ms0:/seplugins/language.bin", PSP_O_RDONLY, 0777);
if (!file)
{
return 0;
}
sceIoRead(file, &languagePatch, 1);
sceIoClose(file);
if ((languagePatch < 0) || (languagePatch > 11))
{
return 0;
}
u32 functionAddress = sctrlHENFindFunction("sceUtility_Driver", "sceUtility", 0xA5DA2406);
sceUtilityGetSystemParamInt = (void *)functionAddress;
sctrlHENPatchSyscall(functionAddress, sceUtilityGetSystemParamInt_patched);
sceKernelDcacheWritebackAll();
sceKernelIcacheClearAll();
return 0;
}
void patch_sceLoaderCore(void)
{
//find module
SceModule2 * loadcore = (SceModule2 *)sctrlKernelFindModuleByName("sceLoaderCore");
//patch sceKernelCheckExecFile (sub_0C10)
_sw((unsigned int)_sceKernelCheckExecFile, loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFilePtr);
_sw(MAKE_CALL(_sceKernelCheckExecFile), loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFileCall1);
_sw(MAKE_CALL(_sceKernelCheckExecFile), loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFileCall2);
_sw(MAKE_CALL(_sceKernelCheckExecFile), loadcore->text_addr + g_offs->loadercore_patch.sceKernelCheckExecFileCall3);
//6.35 relocation fix for rt7
//fake relocation type 7 to be treated like 0
//patches handler table so jr $t5 returns properly on type 7 ;)
u32 faketype = 0;
u32 origtype = 7;
_sw(*(u32 *)(loadcore->text_addr + g_offs->loadercore_patch.ReloactionTable + faketype * 4), loadcore->text_addr + g_offs->loadercore_patch.ReloactionTable + origtype * 4);
//patch ProbeExec1 (sub_001AC)
ProbeExec1 = (void*)loadcore->text_addr + g_offs->loadercore_patch.ProbeExec1; //dword_6248
_sw(MAKE_CALL(_ProbeExec1), loadcore->text_addr + g_offs->loadercore_patch.ProbeExec1Call);
//patch ProbeExec2 (sub_004E8)
ProbeExec2 = (void*)loadcore->text_addr + g_offs->loadercore_patch.ProbeExec2; //dword_6364
_sw(MAKE_CALL(_ProbeExec2), loadcore->text_addr + g_offs->loadercore_patch.ProbeExec2Call1);
_sw(MAKE_CALL(_ProbeExec2), loadcore->text_addr + g_offs->loadercore_patch.ProbeExec2Call2);
//enable syscall exports (?)
_sw(0x3C090000, loadcore->text_addr + g_offs->loadercore_patch.EnableSyscallExport);
//undo check #1
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck1); //bnez
//undo check #2
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck2); //beqzl
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck2 + 4); //lui (likely branch instruction)
//undo check #3
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck3); //beqzl
_sw(0, loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreCheck3 + 4); //lui (likely branch instruction)
// pops version check
_sw(0x1000FFCB, loadcore->text_addr + g_offs->loadercore_patch.pops_version_check); // b loc_000075B4
//undo rebootex patches
void * memlmd_323366CA = (void*)sctrlHENFindFunction("sceMemlmd", "memlmd", g_offs->loadercore_patch.memlmd_323366CA_NID);
_sw(MAKE_CALL(memlmd_323366CA), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo1Call1);
_sw(MAKE_CALL(memlmd_323366CA), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo1Call2);
_sw(MAKE_CALL(memlmd_323366CA), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo1Call3);
void * memlmd_7CF1CD3E = (void*)sctrlHENFindFunction("sceMemlmd", "memlmd", g_offs->loadercore_patch.memlmd_7CF1CD3E_NID);
_sw(MAKE_CALL(memlmd_7CF1CD3E), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo2Call1);
_sw(MAKE_CALL(memlmd_7CF1CD3E), loadcore->text_addr + g_offs->loadercore_patch.LoaderCoreUndo2Call2);
/* undo my own patches */
_sw(0x1040002C, loadcore->text_addr + 0x58E0);
_sw(0x0040F809, loadcore->text_addr + 0x58E8);
void * sub_3E80 = (void*)loadcore->text_addr + 0x3E80;
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x3E00);
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x3F58);
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x58F8);
_sw(MAKE_CALL(sub_3E80), loadcore->text_addr + 0x5908);
_sw(0x10400009, loadcore->text_addr + 0x5944);
_sw(0x0040F809, loadcore->text_addr + 0x5950);
setup_nid_resolver();
#ifdef DEBUG
hook_import_bynid((SceModule*)loadcore, "KDebugForKernel", 0x84F370BC, printk, 0);
#endif
patch_sceKernelStartModule(loadcore->text_addr);
}