From 5f8a61201b6e0774236cc2cb09e920c0fcdaa5a9 Mon Sep 17 00:00:00 2001 From: TuxSH Date: Sun, 19 Feb 2017 03:39:54 +0100 Subject: [PATCH] Apparently this halves the amount of stuttering with some games, on 11.3 --- source/firm.c | 1 + source/patches.c | 28 ++++++++++++++++++++++++++++ source/patches.h | 1 + 3 files changed, 30 insertions(+) diff --git a/source/firm.c b/source/firm.c index 8b8ccb6..201480c 100755 --- a/source/firm.c +++ b/source/firm.c @@ -177,6 +177,7 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, boo { //Stub svc 0x59 ret += stubSvcRestrictGpuDma(arm11Section1, arm11SvcTable, baseK11VA); + ret += stubTimerQueueSanityCheck(arm11Section1, firm->section[1].size); } ret += implementSvcGetCFWInfo(arm11Section1, arm11SvcTable, baseK11VA, &freeK11Space, isSafeMode); diff --git a/source/patches.c b/source/patches.c index def865d..4dd667e 100644 --- a/source/patches.c +++ b/source/patches.c @@ -294,6 +294,34 @@ u32 stubSvcRestrictGpuDma(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA) return 0; } +u32 stubTimerQueueSanityCheck(u8 *pos, u32 size) +{ + const u8 pattern[] = {0xF0, 0x41, 0x2D, 0xE9, 0x00, 0x60, 0xA0, 0xE1, 0x00, 0x70, + 0xA0, 0xE3, 0x20, 0x00, 0x86, 0xE2}; + +/* pattern2[] = {0x01, 0x20, 0xB0, 0xE1, 0xF5, 0xFF, 0xFF, 0x1A}, + pattern3[] = {0x02, 0x00, 0x51, 0xE1, 0x01, 0x00, 0x00, 0x1A}; +*/ + u32 *off = (u32 *)memsearch(pos, pattern, size, sizeof(pattern)); + if(off == NULL) return 1; + *off = 0xE12FFF1E; + return 0; + +/* +This results in UAFs, rip.. I could do patterns for all of the incref/decref code they added, but this is a PITA +The idea was to tell the make stuff think the timer was always in the queue and that the refcount shouldn't be incremented. +That was worth trying, though. + + off = (u32 *)memsearch(pos, pattern2, size, sizeof(pattern2)); + if(off == NULL) return 1; + off[8] = 0xE3A00000; + + off = (u32 *)memsearch(pos, pattern3, size, sizeof(pattern3)); + if(off == NULL) return 1; + off[4] = 0xE3A00001; +*/ +} + u32 implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space, bool isSafeMode) { if(*(u32 *)(*freeK11Space + svcGetCFWInfo_bin_size - 4) != 0xFFFFFFFF) return 1; diff --git a/source/patches.h b/source/patches.h index a4f0382..4672d13 100644 --- a/source/patches.h +++ b/source/patches.h @@ -47,6 +47,7 @@ u32 patchNandNcchEncryptionCheck(u8 *pos, u32 size); u32 patchCheckForDevCommonKey(u8 *pos, u32 size); u32 reimplementSvcBackdoor(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space); u32 stubSvcRestrictGpuDma(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA); +u32 stubTimerQueueSanityCheck(u8 *pos, u32 size); u32 implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space, bool isSafeMode); u32 patchArm9ExceptionHandlersInstall(u8 *pos, u32 size); u32 getInfoForArm11ExceptionHandlers(u8 *pos, u32 size, u32 *codeSetOffset);