void patchMemPartitionInfo()
{
if ( model == PSP_MODEL_STANDARD ) sceKernelSetDdrMemoryProtection( ( void * )0x88300000, 0x00100000, 0xf );
else sceKernelSetDdrMemoryProtection( ( void * )0x88600000, 0x00200000, 0xf );
tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceSystemMemoryManager" );
// 0x02001021 move $v0 $s0
int offset = 0x00001304;
if ( fw_version == FW_371 || fw_version == FW_380 || fw_version == FW_390 )
{
offset = 0x00001304; //for 3.71, 3.80, 3.90
}
else if ( fw_version == FW_401 )
{
offset = 0x00003A68; //for 4.01
}
else if ( fw_version == FW_500 || fw_version == FW_550 )
{
offset = 0x00003AA8; //for 5.00
}
_sw( 0x02001021, pMod->text_addr + offset );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
PspSysmemPartitionInfo info;
memset( &info, 0, sizeof( PspSysmemPartitionInfo ) );
info.size = sizeof( PspSysmemPartitionInfo );
PspSysmemPartitionInfo * p_info = ( PspSysmemPartitionInfo * )sceKernelQueryMemoryPartitionInfo( 4, &info );
if ( model == PSP_MODEL_STANDARD ) p_info->startaddr = 0x08300000;
else p_info->startaddr = 0x08600000;
p_info->attr = 0xf;
//restore
_sw( 0x00001021, pMod->text_addr + offset );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
}
// 0x00000168
int clear_cache(void)
{
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
return 0;
}
void wifiModulesPatch2()
{
if ( fw_version == FW_550 ) {
//module renamed to sceNet_Service in 5.50
tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceNet_Service" );
//a2 partid = 4 of ifhandle
_sw( 0x34050004, pMod->text_addr + 0x000014D8 ); //for 5.50
} else {
tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceNetInterface_Service" );
_sw( 0x34050004, pMod->text_addr + 0x00001440 ); //for 3.71, 3.80, 3.90, 4.01, 5.00
}
tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceNet_Library" );
unsigned int net_offset = 0;
if ( fw_version == FW_371 || fw_version == FW_380 || fw_version == FW_390 )
net_offset = 0x00001800;
else if ( fw_version == FW_401 )
net_offset = 0x00002320;
else if ( fw_version == FW_500 || fw_version == FW_550 )
net_offset = 0x00002348;
_sw( 0x34020002, pMod->text_addr + net_offset );
_sw( 0xAFA20000, pMod->text_addr + net_offset + 0x4 );
_sw( 0x3C020000, pMod->text_addr + net_offset + 0xC );
pMod = ( tSceModule * )sceKernelFindModuleByName( "sceModuleManager" );
//a3 stack size 0x10000 -> 0x4000
_sw( 0x34074000, pMod->text_addr + modulemgr_offset );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
}
void wifiModulesPatch1()
{
tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceThreadManager" );
//a0 = 4, change partition id to 4
if ( fw_version == FW_371 )
threadman_offset = 0x00010B30;
else if ( fw_version == FW_380 || fw_version == FW_390 )
threadman_offset = 0x00010CB8;
else if ( fw_version == FW_401 )
threadman_offset = 0x00012154;
else if ( fw_version == FW_500 || fw_version == FW_550 )
threadman_offset = 0x000121E0;
_sw( 0x34040004, pMod->text_addr + threadman_offset );
pMod = ( tSceModule * )sceKernelFindModuleByName( "sceModuleManager" );
//a3 stack size 0x40000 -> 0x10000
if ( fw_version == FW_371 )
modulemgr_offset = 0x000076A0;
else if ( fw_version == FW_380 || fw_version == FW_390 )
modulemgr_offset = 0x00007C9C;
else if ( fw_version == FW_401 )
modulemgr_offset = 0x00007C50;
else if ( fw_version == FW_500 )
modulemgr_offset = 0x00007C84;
//added for 5.50
else if ( fw_version == FW_550 )
modulemgr_offset = 0x00007F80;
_sw( 0x3C070001, pMod->text_addr + modulemgr_offset );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
}
void restoreLoadExecVSHCommon()
{
_sw( LoadExecVSHCommon_ori[0].val, LoadExecVSHCommon_ori[0].addr );
_sw( LoadExecVSHCommon_ori[1].val, LoadExecVSHCommon_ori[1].addr );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
}
int parseDiff( const char * file, tSceModule * mod )
{
int off = inCtf( file );
if ( off < 0 )
{
log( "there's no patch for %s\n", file );
return 0;
}
int ctf = sceIoOpen( cxmb_theme_file, PSP_O_RDONLY, 0644 );
if ( ctf < 0 )
{
log( "no ctf file found!\n" );
return -1;
}
sceIoLseek( ctf, ctf_header[off].start, PSP_SEEK_SET );
log( "patch %s!\nstart: %08x\nsize: %08x\n", file, ctf_header[off].start, ctf_header[off].size );
unsigned int attr[2];
int i = 0;
while( i < ctf_header[off].size )
{
sceIoRead( ctf, attr, 8 );
sceIoRead( ctf, ( void * )( mod->text_addr + attr[0] ), attr[1] );
i ++;
}
sceIoClose( ctf );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
log( "%s patched!\n", file );
return 0;
}
static int MainThread( SceSize args, void *argp )
{
hookDisplay();
sceKernelDcacheWritebackInvalidateAll();
sceKernelIcacheInvalidateAll();
unsigned int paddata_old = 0;
SceCtrlData paddata;
sceKernelDelayThread(10000);
while(1)
{
sceCtrlPeekBufferPositive(&paddata, 1);
if(paddata.Buttons != paddata_old)
{
//press "note" button and magick begin
if(paddata.Buttons & PSP_CTRL_NOTE)
{
//can parse command list
can_parse = 1;
}
}
paddata_old = paddata.Buttons;
sceKernelDelayThread(10000);
}
return( 0 );
}
/* Must be called from KERNEL thread */
int pspAdhocLoadDrivers()
{
_net_adhoc_matching_start = 0;
_net_adhoc_matching_create = 0;
_net_adhoc_matching_init = 0;
_net_adhoc_pdp_create = 0;
_net_adhoc_ctl_connect = 0;
_net_adhoc_ctl_init = 0;
_net_adhoc_init = 0;
_net_init = 0;
#if (_PSP_FW_VERSION < 200)
int modID;
modID = pspSdkLoadStartModule("flash0:/kd/ifhandle.prx",
PSP_MEMORY_PARTITION_KERNEL);
if (modID < 0) return modID;
modID = pspSdkLoadStartModule("flash0:/kd/memab.prx",
PSP_MEMORY_PARTITION_KERNEL);
if (modID < 0) return modID;
modID = pspSdkLoadStartModule("flash0:/kd/pspnet_adhoc_auth.prx",
PSP_MEMORY_PARTITION_KERNEL);
if (modID < 0) return modID;
modID = pspSdkLoadStartModule("flash0:/kd/pspnet.prx",
PSP_MEMORY_PARTITION_USER);
if (modID < 0) return modID;
else pspSdkFixupImports(modID);
modID = pspSdkLoadStartModule("flash0:/kd/pspnet_adhoc.prx",
PSP_MEMORY_PARTITION_USER);
if (modID < 0) return modID;
else pspSdkFixupImports(modID);
modID = pspSdkLoadStartModule("flash0:/kd/pspnet_adhocctl.prx",
PSP_MEMORY_PARTITION_USER);
if (modID < 0) return modID;
else pspSdkFixupImports(modID);
modID = pspSdkLoadStartModule("flash0:/kd/pspnet_adhoc_matching.prx",
PSP_MEMORY_PARTITION_USER);
if (modID < 0) return modID;
else pspSdkFixupImports(modID);
sceKernelDcacheWritebackAll();
sceKernelIcacheInvalidateAll();
#else
sceUtilityLoadNetModule(PSP_NET_MODULE_COMMON);
sceUtilityLoadNetModule(PSP_NET_MODULE_ADHOC);
#endif
return 1;
}
void wifiModulesPatch3()
{
tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceModuleManager" );
//restore
_sw( 0x02403821, pMod->text_addr + modulemgr_offset );
pMod = ( tSceModule * )sceKernelFindModuleByName( "sceThreadManager" );
//restore
_sw( 0x02402021, pMod->text_addr + threadman_offset );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
}
int hook_global_module_jal(SceModule2 * mod, uint32_t oldcall, uint32_t newcall)
{
// Invalid Arguments
if(mod == NULL)
return -1;
// Hook Counter
int counter = 0;
// Machine Code of Module
uint32_t * asmtext = (uint32_t *)mod->text_addr;
// Machine Code Segment Size
uint32_t asmsize = mod->text_size;
// ASM Iterator
uint32_t i = 0;
// Iterate Machine Code
for(; i < asmsize / 4; i ++)
{
// Get Instruction
uint32_t inst = asmtext[i];
// JAL Instruction
if((inst & 0xFC000000) == 0x0C000000)
{
// Matching JAL found
if(GET_CALL_ADDR(inst) == oldcall)
{
// Overwrite JAL
asmtext[i] = MAKE_CALL(newcall);
// Log Overwrite
counter++;
}
}
}
// Hooked Calls
if(counter > 0)
{
// Synchronize Cache
sceKernelDcacheWritebackAll();
sceKernelIcacheInvalidateAll();
}
// Return Hook Counter
return counter;
}
int OnModuleStart( tSceModule * mod )
{
log( "on module %s start\n", mod->modname );
if ( strcmp( mod->modname, "scePaf_Module" ) == 0 )
{
parseDiff("/vsh/module/paf.prx", mod );
}
else if ( strcmp( mod->modname, "sceVshCommonGui_Module" ) == 0 )
{
parseDiff("/vsh/module/common_gui.prx", mod );
}
else if ( strcmp( mod->modname, "vsh_module" ) == 0 )
{
parseDiff("/vsh/module/vshmain.prx", mod );
}
else if ( strcmp( mod->modname, "sysconf_plugin_module" ) == 0 )
{
unsigned int offset = getSysconfOffset();
if ( fw_version == FW_500 )
{
unsigned int addr = mod->text_addr + offset;
char *sfx = (char *)addr;
sfx[0] = 'C';
}
else
{
unsigned int h_addr = _lw( mod->text_addr + offset );
unsigned int l_addr = _lw( mod->text_addr + offset + 0xC );
unsigned int addr = ( ( h_addr & 0xFFFF ) << 16 ) | ( l_addr & 0xFFFF );
char * sfx = "CTF";
_sw( *( unsigned int * )sfx, addr );
}
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
log( "patched sysconf\n" );
}
if ( !previous )
return 0;
return previous( mod );
}
void * patchLoadExecVSHCommon( void * func )
{
tSceModule * pMod = ( tSceModule * )sceKernelFindModuleByName( "sceLoadExec" );
if ( fw_version == FW_371 )
LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x0000121c; //same in standare/slim
else if ( fw_version == FW_380 || fw_version == FW_390 )
LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x000014cc; //same in standare/slim
else if ( fw_version == FW_401 )
LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x00001E1C; //same in standare/slim
else if ( fw_version == FW_500 )
LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x00001E58; //verified in phat
else if ( fw_version == FW_550 )
LoadExecVSHCommon_ori[0].addr = pMod->text_addr + 0x00001F3C; //same on slim & phat
LoadExecVSHCommon_ori[1].addr = LoadExecVSHCommon_ori[0].addr + 4;
LoadExecVSHCommon_ori[0].val = _lw( LoadExecVSHCommon_ori[0].addr );
LoadExecVSHCommon_ori[1].val = _lw( LoadExecVSHCommon_ori[1].addr );
MAKE_JUMP( LoadExecVSHCommon_ori[0].addr, func );
_sw( NOP, LoadExecVSHCommon_ori[1].addr );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
return ( void * )LoadExecVSHCommon_ori[0].addr;
}
static int MainThread( SceSize args, void *argp )
{
hookDisplay();
sceKernelDcacheWritebackInvalidateAll();
sceKernelIcacheInvalidateAll();
//scePowerTick( 0 );
unsigned int paddata_old = 0;
char file[64], flag = 0, size = 0;
int x, y, fd, count = 0, thread_count_start, thread_count_now;
SceUID thread_buf_start[MAX_THREAD], thread_buf_now[MAX_THREAD], myThread = sceKernelGetThreadId();
SceCtrlData paddata;
sceKernelDelayThread(10000);
sceKernelGetThreadmanIdList(SCE_KERNEL_TMID_Thread, thread_buf_start, MAX_THREAD, &thread_count_start);
while(1)
{
sceCtrlPeekBufferPositive(&paddata, 1);
if(paddata.Buttons != paddata_old)
{
//press "note" button and magick begin
if(paddata.Buttons & PSP_CTRL_NOTE)
{
// IdList Now
sceKernelGetThreadmanIdList(SCE_KERNEL_TMID_Thread, thread_buf_now, MAX_THREAD, &thread_count_now);
//hold all threads for a moment
for(x = 0; x < thread_count_now; x++)
{
// thread id match 0 or 1
unsigned char match = 0;
SceUID tmp_thid = thread_buf_now[x];
for(y = 0; y < thread_count_start; y++)
{
if((tmp_thid == thread_buf_start[y]) || (tmp_thid == myThread))
{
match = 1;
y = thread_count_start;
}
}
if(thread_count_start == 0) match = 1;
if(match == 0)
{
sceKernelSuspendThread(tmp_thid);
}
}
//can parse command list
can_parse = 1;
//resume all threads
for(x = 0; x < thread_count_now; x++)
{
// thread id match 0 or 1
unsigned char match = 0;
SceUID tmp_thid = thread_buf_now[x];
for(y = 0; y < thread_count_start; y++)
{
if((tmp_thid == thread_buf_start[y]) || (tmp_thid == myThread))
{
match = 1;
y = thread_count_start;
}
}
if(thread_count_start == 0) match = 1;
if(match == 0)
{
sceKernelResumeThread(tmp_thid);
}
}
}
}
paddata_old = paddata.Buttons;
sceKernelDelayThread(10000);
}
return( 0 );
}
int install_cxmb( void )
{
int fd = sceIoOpen( CXMB_CONF_FILE, PSP_O_RDONLY, 0644 );
if ( fd < 0 )
{
log( "no conf file found!\n" );
fd = sceIoOpen( CXMB_CONF_FILE, PSP_O_RDWR | PSP_O_CREAT | PSP_O_TRUNC, 0777 );
if ( fd < 0 )
{
log( "failed in creating conf file!\n" );
return -1;
}
strcpy( theme_file, CXMB_DEFAULT_THEME );
sceIoWrite( fd, theme_file, strlen( theme_file ) + 1 );
}
readLine( fd, theme_file, 64 );
if ( truncpath( theme_file, ".ctf" ) < 0 )
{
if ( truncpath( theme_file, ".CTF" ) < 0 )
{
strcpy( theme_file, CXMB_DEFAULT_THEME );
}
}
sceIoClose( fd );
if ( endwithistr( theme_file, "random.ctf" ) )
{
log( "random\n" );
randomCtf( theme_file );
}
sprintf( cxmb_theme_file, "ms0:%s", theme_file );
log( "Theme file: %s\n", theme_file );
#if _CXMB_LITE == 0
makeCxmbThemeFile( cxmb_magic, cxmb_theme_file );
#endif
lflash_drv = findDriver( "flashfat" );
fatms_drv = findDriver( "fatms" );
if ( !lflash_drv || !fatms_drv )
return -1;
msIoOpen = fatms_drv->funcs->IoOpen;
msIoGetstat = fatms_drv->funcs->IoGetstat;
IoOpen = lflash_drv->funcs->IoOpen;
IoRead = lflash_drv->funcs->IoRead;
IoLseek = lflash_drv->funcs->IoLseek;
IoIoctl = lflash_drv->funcs->IoIoctl;
IoClose = lflash_drv->funcs->IoClose;
IoGetstat = lflash_drv->funcs->IoGetstat;
int intr = sceKernelCpuSuspendIntr();
fatms_drv->funcs->IoOpen = msIoOpen_new;
fatms_drv->funcs->IoGetstat = msIoGetstat_new;
lflash_drv->funcs->IoOpen = IoOpen_new;
lflash_drv->funcs->IoRead = IoRead_new;
lflash_drv->funcs->IoLseek = IoLseek_new;
lflash_drv->funcs->IoIoctl = IoIoctl_new;
lflash_drv->funcs->IoClose = IoClose_new;
lflash_drv->funcs->IoGetstat= IoGetstat_new;
sceKernelCpuResumeIntr( intr );
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
sceIoOpen( "ms0:/dummy.prx", PSP_O_RDONLY, 0644 );
log( "redirected io_driver!\n" );
log( "ms_drv_arg: %08x\n", ( unsigned int )ms_drv );
previous = setStartModuleHandler( OnModuleStart );
log("startModuleHandler setup!\n");
fd = sceIoOpen( cxmb_theme_file, PSP_O_RDONLY, 0644 );
if ( fd < 0 )
{
log( "no ctf file found!\n" );
return 0;
}
mem_id = sceKernelCreateHeap( 2, 1024 * 5 , 1, "cxmb_heap");
if ( mem_id < 0 )
{
log( "failed in creating cxmb_heap!\n" );
sceIoClose( fd );
return -1;
}
unsigned int magic;
sceIoLseek( fd, 0x10, PSP_SEEK_SET );
sceIoRead( fd, &magic, 4 );
if ( magic != cxmb_magic )
{
log( "magic not match!\n" );
sceIoClose( fd );
return -1;
}
sceIoRead( fd, &ctf_sig, 4 );
sceIoRead( fd, &header_size, 4 );
log( "header size: %d\n", header_size );
ctf_header = sceKernelAllocHeapMemory( mem_id, sizeof( CtfHeader ) * header_size );
int offset = - sizeof( CtfHeader ) * header_size;
sceIoLseek( fd, offset, PSP_SEEK_END );
sceIoRead( fd, ctf_header, sizeof( CtfHeader ) * header_size );
sceIoClose( fd );
log( "read ctf_header!\n" );
ctf_handler = sceKernelAllocHeapMemory( mem_id, sizeof( CtfHandler ) * 32 );
memset( ctf_handler, 0, sizeof( CtfHandler ) * 32 );
return 0;
}
