void ExecGame(void)
{
int i;
scr_printf(" Installing Engine...\n");
u32 EngineStore = 0x80080000;
u32 EngineRead = (void*)Engine;
for (i = 0; i < sizeof(Engine); i += 4)
{
//scr_printf("A");
ee_kmode_enter();
*(u32*)EngineStore = *(u32*)EngineRead;
ee_kmode_exit();
EngineStore += 4;
EngineRead += 4;
}
ee_kmode_enter();
*(u32*)0x80081000 = 0x80081010; //Writes the initial storage of the codes
ee_kmode_exit();
waitCdReady();
scr_printf(" Loading...\n");
//for (a = 0; a < 40000000; a++)
{
}
if(strlen(bootFileName = parseSystemCnf()) <= 0)
{
scr_printf(" == Fatal Error ==\n");
SleepThread();
}
scr_printf("\n Loaded Game!\n");
u32 HookValue = (0x00080000 / 4) + 0x0C000000;
padPortClose(0, 0);
//scr_printf(" Shut down PAD, shutting down RPC\n GOODBYE!!!");
SifExitRpc();
ee_kmode_enter();
*(u32*)0x800002FC = HookValue;
ee_kmode_exit();
LoadExecPS2((const char *)bootFileName, 0, NULL);
SleepThread();
}
int PS2CamReadPacket(int handle)
{
int *ret;
int *iop_addr;
WaitSema(sem);
ret = (int *)&data[0];
ret[0] = handle;
SifCallRpc(&cdata, PS2CAM_RPC_READPACKET, 0, (void*)(&data[0]),4,(void*)(&data[0]),4*2,0,0);
if(ret[0] < 0) return ret[0];
DI();
ee_kmode_enter();
iop_addr = (int *)(0xbc000000+ret[1]);
memcpy(&campacket[0],iop_addr, ret[0]);
ee_kmode_exit();
EI();
//if i add a printf here, the ps2 will exit to sony's explorer
SignalSema(sem);
return ret[0];
}
/*
* Copy statically linked IRX files to kernel RAM.
* They will be loaded by the debugger later...
*/
void install_modules(const config_t *config)
{
ramfile_t file_tab[IRX_NUM + 1];
ramfile_t *file_ptr = file_tab;
ramfile_t *ktab = NULL;
u32 addr = IRX_ADDR;
D_PRINTF("%s: addr=%08x\n", __FUNCTION__, addr);
/*
* build RAM file table
*/
#ifdef _SMS_MODULES
if (config_get_bool(config, SET_DEBUGGER_SMS_MODULES)) {
ramfile_set(file_ptr++, "ps2ip", _ps2ip_sms_irx_start, _ps2ip_sms_irx_size);
ramfile_set(file_ptr++, "ps2smap", _ps2smap_sms_irx_start, _ps2smap_sms_irx_size);
} else {
#endif
ramfile_set(file_ptr++, "ps2ip", _ps2ip_irx_start, _ps2ip_irx_size);
ramfile_set(file_ptr++, "ps2smap", _ps2smap_irx_start, _ps2smap_irx_size);
#ifdef _SMS_MODULES
}
#endif
ramfile_set(file_ptr++, "ps2dev9", _ps2dev9_irx_start, _ps2dev9_irx_size);
ramfile_set(file_ptr++, "debugger", _debugger_irx_start, _debugger_irx_size);
ramfile_set(file_ptr++, "memdisk", _memdisk_irx_start, _memdisk_irx_size);
ramfile_set(file_ptr++, "eesync", _eesync_irx_start, _eesync_irx_size);
ramfile_set(file_ptr, NULL, NULL, 0); /* terminator */
/*
* copy modules to kernel RAM
*
* memory structure at @addr:
* |RAM file table|IRX module #1|IRX module #2|etc.
*/
DI();
ee_kmode_enter();
ktab = (ramfile_t*)addr;
addr += sizeof(file_tab);
file_ptr = file_tab;
while (file_ptr->hash) {
memcpy((u8*)addr, file_ptr->addr, file_ptr->size);
file_ptr->addr = (u8*)addr;
addr += file_ptr->size;
file_ptr++;
}
memcpy(ktab, file_tab, sizeof(file_tab));
ee_kmode_exit();
EI();
FlushCache(0);
}
u32 smem_write(void *addr, void *buf, u32 size)
{
DI();
ee_kmode_enter();
memcpy(addr + SUB_VIRT_MEM, buf, size);
ee_kmode_exit();
EI();
return size;
}
u32 smem_read(void *addr, void *buf, u32 size)
{
DI();
ee_kmode_enter();
memcpy(buf, addr + SUB_VIRT_MEM, size);
ee_kmode_exit();
EI();
return size;
}
int BinRead(char *filename)
{
int State = 0;
u32 Addr = 0x80081010;
u32 Addr2 = 0x80081014;
char result[5];
FILE *fd;
fd = fopen(filename, "r");
while ( fread(result, sizeof fd, 1, fd) == 1) {
//scr_printf(" %s\n", result);
if (State == 0) //Alternates between writing the address and writing the value
{
ee_kmode_enter();
*(u32*)Addr = *(u32*)result;
ee_kmode_exit();
State = 1;
Addr = Addr + 0x00000010;
}
else if (State == 1)
{
ee_kmode_enter();
*(u32*)Addr2 = *(u32*)result;
ee_kmode_exit();
State = 0;
Addr2 = Addr2 + 0x00000010;
}
}
fclose(fd);
return 0;
}
int sbv_patch_enable_lmb()
{
u8 buf[256];
slib_exp_lib_t *modload_lib = (slib_exp_lib_t *)buf;
smod_mod_info_t *loadfile_info = (smod_mod_info_t *)buf;
void *pStartModule, *pLoadModuleBuffer, *lf_text_start, *patch_addr;
u32 lf_rpc_dispatch, lf_jump_table, result;
int nexps, id, i;
memset(&_slib_cur_exp_lib_list, 0, sizeof(slib_exp_lib_list_t));
/* Locate the modload export library - it must have at least 16 exports. */
if ((nexps = slib_get_exp_lib("modload", modload_lib)) < 16)
return -1;
pStartModule = modload_lib->exports[8];
pLoadModuleBuffer = modload_lib->exports[10];
/* Now we need to find the loadfile module. */
memset(buf, 0, sizeof(smod_mod_info_t));
if (!(id = smod_get_mod_by_name("LoadModuleByEE", loadfile_info)))
return -1;
/* Locate the loadfile RPC dispatch code, where the first 4 instructions look like:
27bdffe8 addiu $sp, -24
2c820006 sltiu $v0, $a0, 6
14400003 bnez $v0, +12
afbf0010 sw $ra, 0x10($sp)
*/
lf_text_start = (void *)(loadfile_info->text_start + 0x400);
smem_read(lf_text_start, buf, sizeof buf);
for (i = 0; i < sizeof buf; i += 4) {
if ((*(u32 *)(buf + i) == 0x27bdffe8) &&
(*(u32 *)(buf + i + 4) == 0x2c820006) &&
(*(u32 *)(buf + i + 8) == 0x14400003) &&
(*(u32 *)(buf + i + 12) == 0xafbf0010))
break;
}
/* This is a special case: if the IOP was reset with an image that contains a
LOADFILE that supports LMB, we won't detect the dispatch routine. If we
even got this far in the code then we can return success. */
if (i >= sizeof buf)
return 0;
/* We need to extract the address of the jump table, it's only 40 bytes in. */
lf_rpc_dispatch = (u32)lf_text_start + i;
smem_read((void *)lf_rpc_dispatch, buf, 40);
lf_jump_table = (*(u16 *)(buf + 0x1c) << 16) + *(s16 *)(buf + 0x24);
/* Now we can patch our subversive LoadModuleBuffer RPC call. */
SifInitIopHeap();
if (!(patch_addr = SifAllocIopHeap(sizeof lmb_patch)))
return -1;
/* result is where the RPC return structure is stored. */
result = (u32)patch_addr + 96;
lmb_patch[5] = JAL((u32)pLoadModuleBuffer);
lmb_patch[7] = HI16(result);
lmb_patch[9] = LO16(result);
lmb_patch[15] = JAL((u32)pStartModule);
SyncDCache(lmb_patch, (void *)(lmb_patch + 24));
smem_write(patch_addr, lmb_patch, sizeof lmb_patch);
/* Finally. The last thing to do is to patch the loadfile RPC dispatch routine
so that it will jump to entry #6 in it's jump table, and to patch the jump
table itself. */
ee_kmode_enter();
*(u32 *)(SUB_VIRT_MEM + lf_rpc_dispatch + 4) = 0x2c820007;
*(u32 *)(SUB_VIRT_MEM + lf_jump_table + 0x18) = (u32)patch_addr;
ee_kmode_exit();
return 0;
}
static void * sior_rpc_server(u32 funcno, void * data, int size) {
int res = 0, c;
size_t s;
char * p;
struct init_arguments_t * i;
switch(funcno) {
case SIOR_INIT:
i = (struct init_arguments_t *) data;
sio_init(i->baudrate, i->lcr_ueps, i->lcr_upen, i->lcr_usbl, i->lcr_umode);
break;
case SIOR_PUTC:
c = *((int *) data);
res = sio_putc(c);
break;
case SIOR_GETC:
res = sio_getc();
break;
case SIOR_GETCBLOCK:
res = sio_getc_block();
break;
case SIOR_WRITE:
p = *((char **) data) + IOP_MEM;
s = *(((size_t *) data) + 1);
DI();
ee_kmode_enter();
res = sio_write(p, s);
ee_kmode_exit();
EI();
break;
case SIOR_READ:
p = *((char **) data) + IOP_MEM;
s = *(((size_t *) data) + 1);
DI();
ee_kmode_enter();
res = sio_read(p, s);
ee_kmode_exit();
EI();
break;
case SIOR_PUTS:
p = *((char **) data) + IOP_MEM;
DI();
ee_kmode_enter();
res = sio_puts(p);
ee_kmode_exit();
EI();
break;
case SIOR_PUTSN:
p = *((char **) data) + IOP_MEM;
DI();
ee_kmode_enter();
res = sio_putsn(p);
ee_kmode_exit();
EI();
break;
case SIOR_GETS:
p = *((char **) data) + IOP_MEM;
DI();
ee_kmode_enter();
(char*)res = sio_gets(p);
ee_kmode_exit();
EI();
break;
case SIOR_FLUSH:
sio_flush();
break;
}
*((int *) data) = res;
return data;
}
