void gspGpuExit()
{
GSPGPU_UnregisterInterruptRelayQueue(NULL);
//unmap GSP shared mem
svc_unmapMemoryBlock(gspSharedMemHandle, 0x10002000);
svc_closeHandle(gspSharedMemHandle);
svc_closeHandle(gspEvent);
gspExit();
//free GSP heap
svc_controlMemory((u32*)&gspHeap, (u32)gspHeap, 0x0, 0x2000000, MEMOP_FREE, 0x0);
}
void HB_SetupBootloader(u32* cmdbuf)
{
if(!cmdbuf)return;
if(cmdbuf[0] != 0x20042 || cmdbuf[2] != 0)
{
//send error
cmdbuf[0]=0x00020040;
cmdbuf[1]=0xFFFFFFFF;
return;
}
const u32 memBlockAdr=cmdbuf[1];
const Handle processHandle=cmdbuf[3];
// map block to pre-0x00100000 address
// TODO : make first half RX and second half RW
// svc_controlProcessMemory(processHandle, 0x000F0000, memBlockAdr, 0x00008000, MEMOP_MAP, 0x7);
svc_controlProcessMemory(processHandle, 0x00100000, 0x0, 0x00008000, MEMOP_PROTECT, 0x7);
// extend .text/rodata/data/bss area...
int i;
for(i=0;i<CN_ADDPAGES;i++)
{
Result ret=svc_controlProcessMemory(processHandle, 0x00100000+(CN_TOTALPAGES+i)*0x1000, CN_ALLOCPAGES_ADR+0x1000*i, 0x1000, MEMOP_MAP, 0x7);
if(ret)*(u32*)NULL=ret;
}
if(targetProcessHandle)svc_closeHandle(targetProcessHandle);
targetProcessHandle=processHandle;
//response
cmdbuf[0]=0x00020040;
cmdbuf[1]=0x00000000;
}
void HB_SendHandle(u32* cmdbuf)
{
if(!cmdbuf)return;
if(cmdbuf[0] != 0x300C2)
{
//send error
cmdbuf[0]=0x00030040;
cmdbuf[1]=0xFFFFFFFF;
return;
}
const u32 handleIndex=cmdbuf[1];
const Handle sentHandle=cmdbuf[5];
if(((cmdbuf[5] != 0) && (cmdbuf[4] != 0)) || handleIndex>=HB_NUM_HANDLES)
{
//send error
cmdbuf[0]=0x00030040;
cmdbuf[1]=0xFFFFFFFE;
return;
}
if(sentHandleTable[handleIndex].handle)svc_closeHandle(sentHandleTable[handleIndex].handle);
sentHandleTable[handleIndex].name[0]=cmdbuf[2];
sentHandleTable[handleIndex].name[1]=cmdbuf[3];
sentHandleTable[handleIndex].handle=sentHandle;
//response
cmdbuf[0]=0x00030040;
cmdbuf[1]=0x00000000;
}
void HB_Load3dsx(u32* cmdbuf)
{
if(!cmdbuf)return;
if(cmdbuf[0] != 0x50042 || cmdbuf[2] != 0)
{
//send error
cmdbuf[0]=0x00050040;
cmdbuf[1]=0xFFFFFFFF;
return;
}
// const void* baseAddr=(void*)cmdbuf[1];
const void* baseAddr=(void*)CN_3DSX_LOADADR;
const Handle fileHandle=cmdbuf[3];
u32 heapAddr=cmdbuf[1];
Result ret;
ret=svc_mapProcessMemory(targetProcessHandle, 0x00100000, 0x02000000);
if(!ret) {
memset((void*)CN_3DSX_LOADADR, 0x00, (0x00100000+CN_NEWTOTALPAGES*0x1000)-CN_3DSX_LOADADR);
ret=Load3DSX(fileHandle, targetProcessHandle, (void*)baseAddr, heapAddr);
svc_unmapProcessMemory(targetProcessHandle, 0x00100000, 0x02000000);
}
svc_closeHandle(fileHandle);
cmdbuf[0]=0x00050040;
cmdbuf[1]=ret;
}
void aptInit()
{
Handle aptuHandle;
//initialize APT stuff, escape load screen
srv_getServiceHandle(srvHandle, &aptuHandle, "APT:U");
APT_GetLockHandle(aptuHandle, 0x0, NULL);
svc_closeHandle(aptuHandle);
svc_sleepThread(0x50000);
srv_getServiceHandle(srvHandle, &aptuHandle, "APT:U");
APT_Initialize(aptuHandle, 0x300, &APTevents[0], &APTevents[1]);
svc_closeHandle(aptuHandle);
svc_sleepThread(0x50000);
srv_getServiceHandle(srvHandle, &aptuHandle, "APT:U");
APT_Enable(aptuHandle, 0x0);
svc_closeHandle(aptuHandle);
svc_sleepThread(0x50000);
}
u32 copyRemoteMemory(Handle hDst, void* ptrDst, Handle hSrc, void* ptrSrc, u32 size) {
u32 dmaConfig[20] = {0};
u32 hdma = 0;
u32 state, i, ret;
ret = svc_flushProcessDataCache(hSrc, (u32)ptrSrc, size);
if (ret != 0) {
return ret;
}
ret = svc_flushProcessDataCache(hDst, (u32)ptrDst, size);
if (ret != 0) {
return ret;
}
ret = svc_startInterProcessDma(&hdma, hDst, ptrDst, hSrc, ptrSrc, size, dmaConfig);
if (ret != 0) {
return ret;
}
state = 0;
if (g_ntrConfig.InterProcessDmaFinishState == 0) {
ret = svc_getDmaState(&state, hdma);
svc_sleepThread(1000000000);
ret = svc_getDmaState(&state, hdma);
g_ntrConfig.InterProcessDmaFinishState = state;
printf("InterProcessDmaFinishState: %08x\n", state);
} else {
for (i = 0; i < 10000; i++ ) {
state = 0;
ret = svc_getDmaState(&state, hdma);
if (state == g_ntrConfig.InterProcessDmaFinishState) {
break;
}
svc_sleepThread(1000000);
}
if (i >= 10000) {
printf("readRemoteMemory time out %08x\n", state);
return RESULT_ERROR;
}
}
svc_closeHandle(hdma);
ret = svc_invalidateProcessDataCache(hDst, (u32)ptrDst, size);
if (ret != 0) {
return ret;
}
return 0;
}
int _main(Result ret, int currentHandleIndex)
{
int i; for(i=0;i<HB_NUM_HANDLES;i++)sentHandleTable[i].handle=0;
targetProcessHandle=0x0;
while(1)
{
if(ret==0xc920181a)
{
//close session handle
svc_closeHandle(sessionHandles[currentHandleIndex]);
sessionHandles[currentHandleIndex]=sessionHandles[*numSessionHandles];
sessionHandles[*numSessionHandles]=0x0;
currentHandleIndex=(*numSessionHandles)--; //we want to have replyTarget=0x0
}else{
switch(currentHandleIndex)
{
case 0:
svc_exitProcess();
break;
case 1:
{
// receiving new session
svc_acceptSession(&sessionHandles[*numSessionHandles], sessionHandles[currentHandleIndex]);
(*numSessionHandles)++;
currentHandleIndex = *numSessionHandles;
sessionHandles[currentHandleIndex] = 0; //we want to have replyTarget=0x0
}
break;
default:
{
//receiving command from ongoing session
u32* cmdbuf=getThreadCommandBuffer();
u8 cmdIndex=cmdbuf[0]>>16;
if(cmdIndex<=NUM_CMD && cmdIndex>0)
{
commandHandlers[cmdIndex-1](cmdbuf);
}
else
{
cmdbuf[0] = (cmdbuf[0] & 0x00FF0000) | 0x40;
cmdbuf[1] = 0xFFFFFFFF;
}
}
break;
}
}
ret=svc_replyAndReceive((s32*)¤tHandleIndex, sessionHandles, *numSessionHandles, sessionHandles[currentHandleIndex]);
}
return 0;
}
int main()
{
initSrv();
aptInit(APPID_APPLICATION);
gspGpuInit();
hidInit(NULL);
Handle fsuHandle;
srv_getServiceHandle(NULL, &fsuHandle, "fs:USER");
FSUSER_Initialize(fsuHandle);
Handle fileHandle;
u32 bytesRead;
FS_archive sdmcArchive=(FS_archive){0x9, (FS_path){PATH_EMPTY, 1, (u8*)""}};
FS_path filePath=(FS_path){PATH_CHAR, 10, (u8*)"/test.bin"};
FSUSER_OpenFileDirectly(fsuHandle, &fileHandle, sdmcArchive, filePath, FS_OPEN_READ, FS_ATTRIBUTE_NONE);
FSFILE_Read(fileHandle, &bytesRead, 0x0, (u32*)gspHeap, 0x46500);
FSFILE_Close(fileHandle);
aptSetupEventHandler();
while(!aptGetStatus())
{
u32 PAD=hidSharedMem[7];
renderEffect();
swapBuffers();
copyBuffer();
u32 regData=PAD|0x01000000;
GSPGPU_WriteHWRegs(NULL, 0x202A04, ®Data, 4);
svc_sleepThread(1000000000);
}
svc_closeHandle(fsuHandle);
hidExit();
gspGpuInit();
aptExit();
svc_exitProcess();
return 0;
}
void HB_FlushInvalidateCache(u32* cmdbuf)
{
if(!cmdbuf)return;
if(cmdbuf[0] != 0x10042 || cmdbuf[2] != 0)
{
//send error
cmdbuf[0]=0x00010040;
cmdbuf[1]=0xFFFFFFFF;
return;
}
const Handle processHandle=cmdbuf[3];
Result rc = svc_mapProcessMemory(processHandle, 0x00100000, 0x00200000);
if(rc == 0)
svc_unmapProcessMemory(processHandle, 0x00100000, 0x00200000);
svc_closeHandle(processHandle);
//response
cmdbuf[0]=0x00010040;
cmdbuf[1]=0x00000000;
}
Result exitSrv()
{
if(srvHandle)svc_closeHandle(srvHandle);
}
void hidExit()
{
svc_unmapMemoryBlock(hidMemHandle, (u32)hidSharedMem);
svc_closeHandle(hidMemHandle);
svc_closeHandle(hidHandle);
}
int main()
{
initSrv();
aptInit(APPID_APPLICATION);
gspGpuInit();
hidInit(NULL);
Handle fsuHandle;
srv_getServiceHandle(NULL, &fsuHandle, "fs:USER");
FSUSER_Initialize(fsuHandle);
aptSetupEventHandler();
init_map();
int i;
int j;
int p=4;
int d=0;
int q;
int frogx = 0;
int frogy = 0;
int carx[6][9];
int logx[5][6];
// Cant use rand.
//for(d=1;d<6;d++){
// while(p>4){
// p = rand();
// }
// carx[d]=26+p;
for(d=0;d<8;d++){
carx[0][d]=26;
if(d<5){
logx[0][d]=26;
}
d++;
}
for(d=1;d<8;d++){
if(d<5){
logx[0][d]=0;
}
carx[0][d]=0;
d++;
}
for(q=0;q<8;q++){
for(d=1; d<6; d++){
if(q<5){
if(d<5){
logx[d][q]=26+p+6;
}
}
carx[d][q]=26+p +6;
p=p+6;
}
p=0;
q++;
}
p= 0;
for(q=1;q<8;q++){
for(d=1;d<5;d++){
if(q<5){
if(d<5){
logx[d][q] = p-6;
}
}
carx[d][q]=p-6;
p=p-6;
}
p=0;
q++;
}
while(!aptGetStatus()){
u32 PAD=hidSharedMem[7];
if (PAD == BUTTON_UP){
frogy+= 1;
}
else if (PAD == BUTTON_DOWN){
frogy+= -1;
}
else if (PAD == BUTTON_LEFT){
frogx+= -1;
}
else if (PAD == BUTTON_RIGHT){
frogx+=1;
}
u32 regData=PAD|0x01000000;
init_map();
for(i=0;i<6;i++){
for(j=0;j<8;j++){
draw_car(carx[i][j],15+j*15);
if(i<5){
if(j<5){
draw_logs(logx[i][j],150+j*15);
}
}
}
}
draw_frog(frogx,frogy);
//Checks Colition
for(i=0;i<6;i++){
for(j=0;j<8;j++){
if(frogy==j+1){
if(frogx==carx[i][j]){
frogy =0;
frogx =0;
}
}
}
}
//Checks if frog in poodle
if(frogy >9){
for(i=0;i<5;i++){
for(j=0;j<5;j++){
if(frogy==j+10){
if(frogx==logx[i][j] || frogx==logx[i][j]+1 || frogx==logx[i][j]+2){
frogx= frogx -1;
}
else{
frogx =0;
frogy =0;
}
}
}
}
}
//reinitialize the cars :D
// Cant use f*****g rand
//for(p=0;p<6;p++){
// if(carx[p]==0){
// d=5;
// while(d>4){
// d = rand();
// }
// carx[p]= 26+d;
// }
// else {
// carx[p]=carx[p]-1;
// }
//}
for(i=0;i<6;i++){
for(j=0;j<9;j=j+2){
if(i<5){
if(j<5){
if(logx[i][j]==0){
logx[i][j]=26;
}
else{
logx[i][j]=logx[i][j]-1;
}
}
}
if(carx[i][j]==0){
carx[i][j] =26;
}
else{
carx[i][j]=carx[i][j]-1;
}
}
}
for(i=0;i<6;i++){
for(j=1;j<9;j=j+2){
if(i<5){
if(j<5){
if(logx[i][j]==26){
logx[i][j]=0;
}
else{
logx[i][j]=logx[i][j]+1;
}
}
}
if(carx[i][j]==26){
carx[i][j]=0;
}
else{
carx[i][j]= carx[i][j]+1;
}
}
}
copyBuffer();
swapBuffers();
GSPGPU_WriteHWRegs(NULL, 0x202A04, ®Data, 4);
svc_sleepThread(220000000);
}
svc_closeHandle(fsuHandle);
hidExit();
gspGpuInit();
aptExit();
svc_exitProcess();
return 0;
}
void changeProcess(int processId, u32* argbuf, u32 argbuflength)
{
initSrv();
gspGpuInit();
// free extra data pages if any
freeDataPages(0x14000000);
freeDataPages(0x30000000);
// allocate gsp heap
svc_controlMemory((u32*)&gspHeap, 0x0, 0x0, 0x01000000, 0x10003, 0x3);
patchMenuRop(processId, argbuf, argbuflength);
// grab waitLoop stub
GSPGPU_FlushDataCache(NULL, (u8*)&gspHeap[0x00200000], 0x100);
doGspwn((u32*)(MENU_LOADEDROP_BUFADR-0x100), (u32*)&gspHeap[0x00200000], 0x100);
svc_sleepThread(20*1000*1000);
// patch it
u32* patchArea = (u32*)&gspHeap[0x00200000];
for(int i=0; i<0x100/4; i++)
{
if(patchArea[i] == 0xBABEBAD0)
{
patchArea[i-1] = patchArea[i+1];
break;
}
}
// copy it back
GSPGPU_FlushDataCache(NULL, (u8*)&gspHeap[0x00200000], 0x100);
doGspwn((u32*)&gspHeap[0x00200000], (u32*)(MENU_LOADEDROP_BUFADR-0x100), 0x100);
svc_sleepThread(20*1000*1000);
// ghetto dcache invalidation
// don't judge me
int i, j;//, k;
// for(k=0; k<0x2; k++)
for(j=0; j<0x4; j++)
for(i=0; i<0x01000000/0x4; i+=0x4)
((u32*)gspHeap)[i+j]^=0xDEADBABE;
//exit to menu
// _aptExit();
exitSrv();
// do that at the end so that release right is one of the last things to happen
{
GSPGPU_UnregisterInterruptRelayQueue(NULL);
//unmap GSP shared mem
svc_unmapMemoryBlock(gspSharedMemHandle, 0x10002000);
svc_closeHandle(gspSharedMemHandle);
svc_closeHandle(gspEvent);
//free GSP heap
svc_controlMemory((u32*)&gspHeap, (u32)gspHeap, 0x0, 0x01000000, MEMOP_FREE, 0x0);
Handle _gspGpuHandle = gspGpuHandle;
// free heap (has to be the very last thing before jumping to app as contains bss)
u32 out; svc_controlMemory(&out, (u32)_heap_base, 0x0, _heap_size, MEMOP_FREE, 0x0);
GSPGPU_ReleaseRight(&_gspGpuHandle);
svc_closeHandle(_gspGpuHandle);
}
svc_exitProcess();
}
void run3dsx(Handle executable, u32* argbuf)
{
initSrv();
gspGpuInit();
// free extra data pages if any
freeDataPages(0x14000000);
freeDataPages(0x30000000);
// reset menu ropbin (in case of a crash)
{
u32 _argbuf = 0;
svc_controlMemory((u32*)&gspHeap, 0x0, 0x0, 0x01000000, 0x10003, 0x3);
patchMenuRop(1, &_argbuf, 4);
svc_controlMemory((u32*)&gspHeap, (u32)gspHeap, 0x0, 0x01000000, MEMOP_FREE, 0x0);
}
// duplicate service list on the stack
// also add hid:SPVR as hid:USER if appropriate
// (for backwards compat as old homebrew only supports hid:USER)
u8 serviceBuffer[0x4+0xC*(_serviceList.num + 1)];
service_list_t* serviceList = (service_list_t*)serviceBuffer;
serviceList->num = _serviceList.num;
int i;
for(i=0; i<_serviceList.num; i++)
{
memcpy(serviceList->services[i].name, _serviceList.services[i].name, 8);
svc_duplicateHandle(&serviceList->services[i].handle, _serviceList.services[i].handle);
}
// handle hid:USER missing case
{
Handle hidUSER = 0;
if(srv_getServiceHandle(NULL, &hidUSER, "hid:USER") && !srv_getServiceHandle(NULL, &hidUSER, "hid:SPVR"))
{
memcpy(serviceList->services[serviceList->num].name, "hid:USER", 8);
serviceList->services[serviceList->num].handle = hidUSER;
serviceList->num++;
}else svc_closeHandle(hidUSER);
}
vu32* targetProcessIndex = &_targetProcessIndex;
if(*targetProcessIndex == -2)
{
// create local copy of process map
u32 _customProcessBuffer[0x40];
memorymap_t* const _customProcessMap = (memorymap_t*)_customProcessBuffer;
memcpy(_customProcessBuffer, customProcessBuffer, sizeof(_customProcessBuffer));
// adjust it given the information we now have such as text size, data location and size...
MemInfo minfo;
PageInfo pinfo;
// get .text info
Result ret = svc_queryMemory(&minfo, &pinfo, 0x00100000);
_customProcessMap->header.text_end = minfo.size + 0x00100000;
// get rodata info
ret = svc_queryMemory(&minfo, &pinfo, _customProcessMap->header.text_end);
_customProcessMap->header.data_address = minfo.size + _customProcessMap->header.text_end;
// get data info
ret = svc_queryMemory(&minfo, &pinfo, _customProcessMap->header.data_address);
_customProcessMap->header.data_size = minfo.size;
// setup 3dsx with custom local map
setup3dsx(executable, (memorymap_t*)_customProcessMap, serviceList, argbuf);
}else setup3dsx(executable, (memorymap_t*)app_maps[*targetProcessIndex], serviceList, argbuf);
FSFILE_Close(executable);
gspGpuExit();
exitSrv();
// grab ns:s handle
Handle nssHandle = 0x0;
for(i=0; i<_serviceList.num; i++)if(!strcmp(_serviceList.services[i].name, "ns:s"))nssHandle=_serviceList.services[i].handle;
if(!nssHandle)*(vu32*)0xCAFE0001=0;
// use ns:s to launch/kill process and invalidate icache in the process
// Result ret = NSS_LaunchTitle(&nssHandle, 0x0004013000003702LL, 0x1);
Result ret = NSS_LaunchTitle(&nssHandle, 0x0004013000002A02LL, 0x1);
if(ret)*(u32*)0xCAFE0002=ret;
svc_sleepThread(100*1000*1000);
// ret = NSS_TerminateProcessTID(&nssHandle, 0x0004013000003702LL, 100*1000*1000);
ret = NSS_TerminateProcessTID(&nssHandle, 0x0004013000002A02LL, 100*1000*1000);
if(ret)*(u32*)0xCAFE0003=ret;
// invalidate_icache();
// free heap (has to be the very last thing before jumping to app as contains bss)
u32 out; svc_controlMemory(&out, (u32)_heap_base, 0x0, _heap_size, MEMOP_FREE, 0x0);
start_execution();
}
void _aptCloseSession()
{
svc_closeHandle(_aptuHandle);
svc_releaseMutex(_aptLockHandle);
}