Fix fs patch to work on old FIRMs

patches/k11modules.s

@@ -35,66 +35,70 @@
     ; Register contents:
     ; r4: Pointer to a pointer to the exheader of the current NCCH
     ; r6: Constant 0
-    ; SP + 0x80 - 0x7C: Pointer to the memory location where the NCCH text was loaded
+    ; SP + 4: Pointer to the memory location where the NCCH text was loaded
+
+    ; Execute the instruction we overwrote in our detour
+    ldr r0, [r4]
 
     ; Save the value of the register we use
-    push {r1-r4}
+    push {r0-r4}
 
-    ldr r0, [sp, #20]    ; Load the .text address
+    ldr r1, [sp, #24]    ; Load the .text address
-    ldr r1, [r4]
+    ldr r2, [r0, #0x200] ; Load the low title id of the current NCCH
-    ldr r2, [r1, #0x200] ; Load the low title id of the current NCCH
+    ldr r0, [r0, #0x18]  ; Load the size of the .text
-    ldr r1, [r1, #0x18]  ; Load the size of the .text
+    add r0, r1, r0       ; Max bounds of the memory region
-    add r1, r0, r1       ; Max bounds of the memory region
 
-    ldr r3, =0x1002      ; Low title id of the sm module
+    ldr r3, =0x1002 ; Low title id of the sm module
-    cmp r2, r3           ; Compare the low title id to the id of the sm module
+    cmp r2, r3 ; Compare the low title id to the id of the sm module
-    bne fs_patch         ; Skip if they're not the same
+    bne fs_patch ; Skip if they're not the same
 
-    ldr r2, =0xE1A01006  ; mov r1, r6
+    ldr r2, =0xE1A01006 ; mov r1, r6
 
     loop:
-        cmp r1, r0
+        cmp r0, r1
-        blo out          ; Check if we didn't go past the bounds of the memory region
+        blo die ; Check if we didn't go past the bounds of the memory region
-        ldr r3, [r0]
+        ldr r3, [r1]
         cmp r3, r2
-        ldreqh r3, [r0, #4]
+        ldreqh r3, [r1, #4]
         cmpeq r3, #5
-        addne r0, #4
+        addne r1, #4
         bne loop
 
-    ; r0 now contains the start address of the pattern we found
+    ; r1 now contains the start address of the pattern we found
-    ldr r1, =0xE3A00001   ; mov r0, #1
+    ldr r0, =0xE3A00001 ; mov r0, #1
-    str r1, [r0, #8]      ; Patch the bl
+    str r0, [r1, #8] ; Patch the bl
     b out
 
     fs_patch: ; patch adapted from BootNTR
         ldr r3, =0x1102 ; Low title id of the fs module
-        cmp r2, r3      ; Compare the low title id to the id of the sm module
+        cmp r2, r3 ; Compare the low title id to the id of the sm module
-        bne out         ; Skip if they're not the same
+        bne out ; Skip if they're not the same
-        ldr r2, =0x4618 ; mov r0, r3
+        ldr r2, =0x7401 ; strb r1, [r0, #16]
-        ldr r3, =0x3481 ; add r4, #0x81
+        ldr r3, =0x2000 ; movs r0, #0
 
         loop_fs:
-            cmp r1, r0
+            cmp r0, r1
-            blo out
+            blo die
-            ldrh r4, [r0]
+            ldrh r4, [r1]
             cmp r4, r2
-            ldreqh r4, [r0, #2]
+            ldreqh r4, [r1, #2]
             cmpeq r4, r3
-            subeq r0, #8
+            addeq r1, #8
-            addne r0, #2
+            addne r1, #2
             bne loop_fs
 
-        ; r0 now contains the start address of the pattern we found
+        ; r1 now contains the start address of the pattern we found
-        ldr r1, =0x2001 ; mov r0, #1
+        ldr r0, =0x2001 ; mov r0, #1
         ldr r2, =0x4770 ; bx lr
-        strh r1, [r0]
+        strh r0, [r1]
-        strh r2, [r0, #2]
+        strh r2, [r1, #2]
 
     out:
-        pop {r1-r4}  ; Restore the registers we used
+        pop {r0-r4} ; Restore the registers we used
-        ldr r0, [r4] ; Execute the instruction we overwrote in our detour
+        bx lr ; Jump back to whoever called us
-        bx lr        ; Jump back to whoever called us
+
+    die:
+        b die
 
 .pool
 .close