int main()
{
initSrv();
aptInit(APPID_APPLICATION);
gspGpuInit();
hidInit(NULL);
aptSetupEventHandler();
APP_STATUS status;
while((status=aptGetStatus())!=APP_EXITING)
{
if(status==APP_RUNNING)
{
u32 PAD=hidSharedMem[7];
u32 regData=PAD|0x01000000;
GSPGPU_WriteHWRegs(NULL, 0x202A04, (u32*)®Data, 4);
renderEffect();
swapBuffers();
copyBuffer();
}
svc_sleepThread(16666666);
}
hidExit();
gspGpuExit();
aptExit();
svc_exitProcess();
return 0;
}
void _main(paramblk_t* p)
{
gspHeap = (u8*)p->linear_heap;
gspHeap_size = p->linear_size;
initSrv();
srv_RegisterClient(NULL);
gspGpuInit();
resetConsole();
print_str("hello\n");
print_str("_firm_appmemalloc "); print_hex((u32)_firm_appmemalloc); print_str("\n");
print_str("code address "); print_hex((u32)p->code_data); print_str("\n");
print_str("code size "); print_hex(p->code_size); print_str("\n");
setupStub((u8*)p->code_data);
Result ret = apply_map(&p->map, (u8*)p->code_data, HANS_LOADER_SIZE);
print_str("applied map "); print_hex(ret); print_str("\n");
ret = invalidateIcache(p->nssHandle);
ret = runStub(p->nssHandle, &p->map, (u8*)p->code_data);
print_hex(ret);
while(1);
gspGpuExit();
}
Server::Server(QWidget *parent) :
QDialog(parent),
ui(new Ui::Server)
{
ui->setupUi(this);
//将对话框大小固定为400*207
setFixedSize(400, 207);
tPort = 5555;
tSrv = new QTcpServer(this);
connect(tSrv, SIGNAL(newConnection()), this, SLOT(sndMsg()));
initSrv();
}
int main()
{
initSrv();
aptInit(APPID_APPLICATION);
gspGpuInit();
hidInit(NULL);
Handle fsuHandle;
srv_getServiceHandle(NULL, &fsuHandle, "fs:USER");
FSUSER_Initialize(fsuHandle);
Handle fileHandle;
u32 bytesRead;
FS_archive sdmcArchive=(FS_archive){0x9, (FS_path){PATH_EMPTY, 1, (u8*)""}};
FS_path filePath=(FS_path){PATH_CHAR, 10, (u8*)"/test.bin"};
FSUSER_OpenFileDirectly(fsuHandle, &fileHandle, sdmcArchive, filePath, FS_OPEN_READ, FS_ATTRIBUTE_NONE);
FSFILE_Read(fileHandle, &bytesRead, 0x0, (u32*)gspHeap, 0x46500);
FSFILE_Close(fileHandle);
aptSetupEventHandler();
while(!aptGetStatus())
{
u32 PAD=hidSharedMem[7];
renderEffect();
swapBuffers();
copyBuffer();
u32 regData=PAD|0x01000000;
GSPGPU_WriteHWRegs(NULL, 0x202A04, ®Data, 4);
svc_sleepThread(1000000000);
}
svc_closeHandle(fsuHandle);
hidExit();
gspGpuInit();
aptExit();
svc_exitProcess();
return 0;
}
void runTitle(u8 mediatype, u32* argbuf, u32 argbuflength, u32 tid_low, u32 tid_high)
{
initSrv();
gspGpuInit();
// free extra data pages if any
freeDataPages(0x14000000);
freeDataPages(0x30000000);
// allocate gsp heap
svc_controlMemory((u32*)&gspHeap, 0x0, 0x0, 0x02000000, 0x10003, 0x3);
// put new argv buffer on stack
u32 argbuffer[0x200];
u32 argbuffer_length = argbuflength;
memcpy(argbuffer, argbuf, argbuflength);
argbuffer[0]++;
memorymap_t* mmap = getMmapArgbuf(argbuffer, argbuffer_length);
// grab fs:USER handle
Handle fsuserHandle = 0x0;
int i; for(i=0; i<_serviceList.num; i++)if(!strcmp(_serviceList.services[i].name, "fs:USER"))fsuserHandle=_serviceList.services[i].handle;
if(!fsuserHandle)*(vu32*)0xCAFE0001=0;
getProcessMap(fsuserHandle, mediatype, tid_low, tid_high, mmap, (u32*)gspHeap);
argbuffer_length = (u32)((void*)mmap - (void*)argbuffer) + size_memmap(*mmap);
gspGpuExit();
exitSrv();
// free heap (has to be the very last thing before jumping to app as contains bss)
u32 out; svc_controlMemory(&out, (u32)_heap_base, 0x0, _heap_size, MEMOP_FREE, 0x0);
_changeProcess(-2, argbuffer, argbuffer_length);
}
int main()
{
initSrv();
aptInit(APPID_APPLICATION);
gspGpuInit();
hidInit(NULL);
Handle fsuHandle;
srv_getServiceHandle(NULL, &fsuHandle, "fs:USER");
FSUSER_Initialize(fsuHandle);
aptSetupEventHandler();
init_map();
int i;
int j;
int p=4;
int d=0;
int q;
int frogx = 0;
int frogy = 0;
int carx[6][9];
int logx[5][6];
// Cant use rand.
//for(d=1;d<6;d++){
// while(p>4){
// p = rand();
// }
// carx[d]=26+p;
for(d=0;d<8;d++){
carx[0][d]=26;
if(d<5){
logx[0][d]=26;
}
d++;
}
for(d=1;d<8;d++){
if(d<5){
logx[0][d]=0;
}
carx[0][d]=0;
d++;
}
for(q=0;q<8;q++){
for(d=1; d<6; d++){
if(q<5){
if(d<5){
logx[d][q]=26+p+6;
}
}
carx[d][q]=26+p +6;
p=p+6;
}
p=0;
q++;
}
p= 0;
for(q=1;q<8;q++){
for(d=1;d<5;d++){
if(q<5){
if(d<5){
logx[d][q] = p-6;
}
}
carx[d][q]=p-6;
p=p-6;
}
p=0;
q++;
}
while(!aptGetStatus()){
u32 PAD=hidSharedMem[7];
if (PAD == BUTTON_UP){
frogy+= 1;
}
else if (PAD == BUTTON_DOWN){
frogy+= -1;
}
else if (PAD == BUTTON_LEFT){
frogx+= -1;
}
else if (PAD == BUTTON_RIGHT){
frogx+=1;
}
u32 regData=PAD|0x01000000;
init_map();
for(i=0;i<6;i++){
for(j=0;j<8;j++){
draw_car(carx[i][j],15+j*15);
if(i<5){
if(j<5){
draw_logs(logx[i][j],150+j*15);
}
}
}
}
draw_frog(frogx,frogy);
//Checks Colition
for(i=0;i<6;i++){
for(j=0;j<8;j++){
if(frogy==j+1){
if(frogx==carx[i][j]){
frogy =0;
frogx =0;
}
}
}
}
//Checks if frog in poodle
if(frogy >9){
for(i=0;i<5;i++){
for(j=0;j<5;j++){
if(frogy==j+10){
if(frogx==logx[i][j] || frogx==logx[i][j]+1 || frogx==logx[i][j]+2){
frogx= frogx -1;
}
else{
frogx =0;
frogy =0;
}
}
}
}
}
//reinitialize the cars :D
// Cant use f*****g rand
//for(p=0;p<6;p++){
// if(carx[p]==0){
// d=5;
// while(d>4){
// d = rand();
// }
// carx[p]= 26+d;
// }
// else {
// carx[p]=carx[p]-1;
// }
//}
for(i=0;i<6;i++){
for(j=0;j<9;j=j+2){
if(i<5){
if(j<5){
if(logx[i][j]==0){
logx[i][j]=26;
}
else{
logx[i][j]=logx[i][j]-1;
}
}
}
if(carx[i][j]==0){
carx[i][j] =26;
}
else{
carx[i][j]=carx[i][j]-1;
}
}
}
for(i=0;i<6;i++){
for(j=1;j<9;j=j+2){
if(i<5){
if(j<5){
if(logx[i][j]==26){
logx[i][j]=0;
}
else{
logx[i][j]=logx[i][j]+1;
}
}
}
if(carx[i][j]==26){
carx[i][j]=0;
}
else{
carx[i][j]= carx[i][j]+1;
}
}
}
copyBuffer();
swapBuffers();
GSPGPU_WriteHWRegs(NULL, 0x202A04, ®Data, 4);
svc_sleepThread(220000000);
}
svc_closeHandle(fsuHandle);
hidExit();
gspGpuInit();
aptExit();
svc_exitProcess();
return 0;
}
void changeProcess(int processId, u32* argbuf, u32 argbuflength)
{
initSrv();
gspGpuInit();
// free extra data pages if any
freeDataPages(0x14000000);
freeDataPages(0x30000000);
// allocate gsp heap
svc_controlMemory((u32*)&gspHeap, 0x0, 0x0, 0x01000000, 0x10003, 0x3);
patchMenuRop(processId, argbuf, argbuflength);
// grab waitLoop stub
GSPGPU_FlushDataCache(NULL, (u8*)&gspHeap[0x00200000], 0x100);
doGspwn((u32*)(MENU_LOADEDROP_BUFADR-0x100), (u32*)&gspHeap[0x00200000], 0x100);
svc_sleepThread(20*1000*1000);
// patch it
u32* patchArea = (u32*)&gspHeap[0x00200000];
for(int i=0; i<0x100/4; i++)
{
if(patchArea[i] == 0xBABEBAD0)
{
patchArea[i-1] = patchArea[i+1];
break;
}
}
// copy it back
GSPGPU_FlushDataCache(NULL, (u8*)&gspHeap[0x00200000], 0x100);
doGspwn((u32*)&gspHeap[0x00200000], (u32*)(MENU_LOADEDROP_BUFADR-0x100), 0x100);
svc_sleepThread(20*1000*1000);
// ghetto dcache invalidation
// don't judge me
int i, j;//, k;
// for(k=0; k<0x2; k++)
for(j=0; j<0x4; j++)
for(i=0; i<0x01000000/0x4; i+=0x4)
((u32*)gspHeap)[i+j]^=0xDEADBABE;
//exit to menu
// _aptExit();
exitSrv();
// do that at the end so that release right is one of the last things to happen
{
GSPGPU_UnregisterInterruptRelayQueue(NULL);
//unmap GSP shared mem
svc_unmapMemoryBlock(gspSharedMemHandle, 0x10002000);
svc_closeHandle(gspSharedMemHandle);
svc_closeHandle(gspEvent);
//free GSP heap
svc_controlMemory((u32*)&gspHeap, (u32)gspHeap, 0x0, 0x01000000, MEMOP_FREE, 0x0);
Handle _gspGpuHandle = gspGpuHandle;
// free heap (has to be the very last thing before jumping to app as contains bss)
u32 out; svc_controlMemory(&out, (u32)_heap_base, 0x0, _heap_size, MEMOP_FREE, 0x0);
GSPGPU_ReleaseRight(&_gspGpuHandle);
svc_closeHandle(_gspGpuHandle);
}
svc_exitProcess();
}
void run3dsx(Handle executable, u32* argbuf)
{
initSrv();
gspGpuInit();
// free extra data pages if any
freeDataPages(0x14000000);
freeDataPages(0x30000000);
// reset menu ropbin (in case of a crash)
{
u32 _argbuf = 0;
svc_controlMemory((u32*)&gspHeap, 0x0, 0x0, 0x01000000, 0x10003, 0x3);
patchMenuRop(1, &_argbuf, 4);
svc_controlMemory((u32*)&gspHeap, (u32)gspHeap, 0x0, 0x01000000, MEMOP_FREE, 0x0);
}
// duplicate service list on the stack
// also add hid:SPVR as hid:USER if appropriate
// (for backwards compat as old homebrew only supports hid:USER)
u8 serviceBuffer[0x4+0xC*(_serviceList.num + 1)];
service_list_t* serviceList = (service_list_t*)serviceBuffer;
serviceList->num = _serviceList.num;
int i;
for(i=0; i<_serviceList.num; i++)
{
memcpy(serviceList->services[i].name, _serviceList.services[i].name, 8);
svc_duplicateHandle(&serviceList->services[i].handle, _serviceList.services[i].handle);
}
// handle hid:USER missing case
{
Handle hidUSER = 0;
if(srv_getServiceHandle(NULL, &hidUSER, "hid:USER") && !srv_getServiceHandle(NULL, &hidUSER, "hid:SPVR"))
{
memcpy(serviceList->services[serviceList->num].name, "hid:USER", 8);
serviceList->services[serviceList->num].handle = hidUSER;
serviceList->num++;
}else svc_closeHandle(hidUSER);
}
vu32* targetProcessIndex = &_targetProcessIndex;
if(*targetProcessIndex == -2)
{
// create local copy of process map
u32 _customProcessBuffer[0x40];
memorymap_t* const _customProcessMap = (memorymap_t*)_customProcessBuffer;
memcpy(_customProcessBuffer, customProcessBuffer, sizeof(_customProcessBuffer));
// adjust it given the information we now have such as text size, data location and size...
MemInfo minfo;
PageInfo pinfo;
// get .text info
Result ret = svc_queryMemory(&minfo, &pinfo, 0x00100000);
_customProcessMap->header.text_end = minfo.size + 0x00100000;
// get rodata info
ret = svc_queryMemory(&minfo, &pinfo, _customProcessMap->header.text_end);
_customProcessMap->header.data_address = minfo.size + _customProcessMap->header.text_end;
// get data info
ret = svc_queryMemory(&minfo, &pinfo, _customProcessMap->header.data_address);
_customProcessMap->header.data_size = minfo.size;
// setup 3dsx with custom local map
setup3dsx(executable, (memorymap_t*)_customProcessMap, serviceList, argbuf);
}else setup3dsx(executable, (memorymap_t*)app_maps[*targetProcessIndex], serviceList, argbuf);
FSFILE_Close(executable);
gspGpuExit();
exitSrv();
// grab ns:s handle
Handle nssHandle = 0x0;
for(i=0; i<_serviceList.num; i++)if(!strcmp(_serviceList.services[i].name, "ns:s"))nssHandle=_serviceList.services[i].handle;
if(!nssHandle)*(vu32*)0xCAFE0001=0;
// use ns:s to launch/kill process and invalidate icache in the process
// Result ret = NSS_LaunchTitle(&nssHandle, 0x0004013000003702LL, 0x1);
Result ret = NSS_LaunchTitle(&nssHandle, 0x0004013000002A02LL, 0x1);
if(ret)*(u32*)0xCAFE0002=ret;
svc_sleepThread(100*1000*1000);
// ret = NSS_TerminateProcessTID(&nssHandle, 0x0004013000003702LL, 100*1000*1000);
ret = NSS_TerminateProcessTID(&nssHandle, 0x0004013000002A02LL, 100*1000*1000);
if(ret)*(u32*)0xCAFE0003=ret;
// invalidate_icache();
// free heap (has to be the very last thing before jumping to app as contains bss)
u32 out; svc_controlMemory(&out, (u32)_heap_base, 0x0, _heap_size, MEMOP_FREE, 0x0);
start_execution();
}
