diff --git a/source/patches.c b/source/patches.c index af0afb5..6c27f31 100644 --- a/source/patches.c +++ b/source/patches.c @@ -341,32 +341,28 @@ void patchArm11SvcAccessChecks(u32 *arm11SvcHandler) //It's mainly Subv's code here: void patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space) { - // We have to detour a function in the ARM11 kernel because builtin modules - // are compressed in memory and are only decompressed at runtime. + //We have to detour a function in the ARM11 kernel because builtin modules + //are compressed in memory and are only decompressed at runtime. - u8 *freeSpace = *freeK11Space; - (*freeK11Space) += k11modules_size; - - // Inject our code into the free space - memcpy(freeSpace, k11modules, k11modules_size); - - // Find the code that decompresses the .code section of the builtin modules and detour it with a jump to our code + //Find the code that decompresses the .code section of the builtin modules and detour it with a jump to our code const u8 pattern[] = { 0x00, 0x00, 0x94, 0xE5, 0x18, 0x10, 0x90, 0xE5, 0x28, 0x20, 0x90, 0xE5, 0x48, 0x00, 0x9D, 0xE5 }; - u8 *off = memsearch(pos, pattern, size, 16); + u32 *off = (u32 *)memsearch(pos, pattern, size, 16); - // We couldn't find the code that decompresses the module - if (off == NULL) - return; + //We couldn't find the code that decompresses the module + if(off == NULL) return; - // Inject a jump instruction to our code at the offset we found - // Construct a jump (BL) instruction to our code - u32 offset = ((((u32)freeSpace) - ((u32)off + 8)) >> 2) & 0xFFFFFF; - u32 instruction = offset | (1 << 24) | (0x5 << 25) | (0xE << 28); + //Inject our code into the free space + memcpy(*freeK11Space, k11modules, k11modules_size); - // Write our jump - memcpy(off, &instruction, 4); + //Inject a jump instruction to our code at the offset we found + //Construct a jump (BL) instruction to our code + u32 offset = ((((u32)*freeK11Space) - ((u32)off + 8)) >> 2) & 0xFFFFFF; + + *off = offset | (1 << 24) | (0x5 << 25) | (0xE << 28); + + (*freeK11Space) += k11modules_size; } void patchP9AccessChecks(u8 *pos, u32 size)