diff --git a/source/emunand.c b/source/emunand.c index 7aa8ad1..25834d8 100644 --- a/source/emunand.c +++ b/source/emunand.c @@ -48,13 +48,13 @@ u32 getSDMMC(u8 *pos, u32 size) return *(u32 *)(off + 9) + *(u32 *)(off + 0xD); } -void getEmuRW(u8 *pos, u32 size, u32 *readOffset, u32 *writeOffset) +void getEmuRW(u8 *pos, u32 size, u16 **readOffset, u16 **writeOffset) { //Look for read/write code const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05}; - *readOffset = (u32)memsearch(pos, pattern, size, 4) - 6; - *writeOffset = (u32)memsearch((u8 *)(*readOffset + 0xA), pattern, 0x100, 4) - 6; + *readOffset = (u16 *)memsearch(pos, pattern, size, 4) - 3; + *writeOffset = (u16 *)memsearch((u8 *)(*readOffset + 5), pattern, 0x100, 4) - 3; } u32 *getMPU(u8 *pos, u32 size) diff --git a/source/emunand.h b/source/emunand.h index f992269..abe8e4a 100644 --- a/source/emunand.h +++ b/source/emunand.h @@ -10,6 +10,6 @@ void getEmunandSect(u32 *off, u32 *head, u32 *emuNAND); u32 getSDMMC(u8 *pos, u32 size); -void getEmuRW(u8 *pos, u32 size, u32 *readOffset, u32 *writeOffset); +void getEmuRW(u8 *pos, u32 size, u16 **readOffset, u16 **writeOffset); u32 *getMPU(u8 *pos, u32 size); void *getEmuCode(u8 *pos); \ No newline at end of file diff --git a/source/firm.c b/source/firm.c index 77ce9d2..d881ac6 100755 --- a/source/firm.c +++ b/source/firm.c @@ -332,29 +332,27 @@ static inline void patchEmuNAND(u8 *arm9Section, u8 *process9Offset, u32 process section[2].offset + (u32)section[2].address; //Add emuNAND hooks - u32 emuRead, - emuWrite; - + u16 *emuRead, + *emuWrite; getEmuRW(process9Offset, process9Size, &emuRead, &emuWrite); - *(u16 *)emuRead = nandRedir[0]; - *((u16 *)emuRead + 1) = nandRedir[1]; - *((u32 *)emuRead + 1) = branchOffset; - *(u16 *)emuWrite = nandRedir[0]; - *((u16 *)emuWrite + 1) = nandRedir[1]; - *((u32 *)emuWrite + 1) = branchOffset; + *emuRead = nandRedir[0]; + emuRead[1] = nandRedir[1]; + ((u32 *)emuRead)[1] = branchOffset; + *emuWrite = nandRedir[0]; + emuWrite[1] = nandRedir[1]; + ((u32 *)emuWrite)[1] = branchOffset; //Set MPU for emu code region u32 *mpuOffset = getMPU(arm9Section, section[2].size); *mpuOffset = mpuPatch[0]; - *(mpuOffset + 6) = mpuPatch[1]; - *(mpuOffset + 9) = mpuPatch[2]; + mpuOffset[6] = mpuPatch[1]; + mpuOffset[9] = mpuPatch[2]; } static inline void patchReboots(u8 *process9Offset, u32 process9Size, u32 process9MemAddr) { + //Calculate offset for the firmlaunch code and fOpen u32 fOpenOffset; - - //Calculate offset for the firmlaunch code void *rebootOffset = getReboot(process9Offset, process9Size, process9MemAddr, &fOpenOffset); //Copy firmlaunch code @@ -370,7 +368,6 @@ static inline void reimplementSvcBackdoor(void) u8 *arm11Section1 = (u8 *)firm + section[1].offset; u32 *exceptionsPage; - u32 *svcTable = getSvcAndExceptions(arm11Section1, section[1].size, &exceptionsPage); if(!svcTable[0x7B]) @@ -381,13 +378,14 @@ static inline void reimplementSvcBackdoor(void) memcpy(freeSpace, svcBackdoor, 40); - svcTable[0x7B] = 0xFFFF0000 + (u32)((u8 *)freeSpace - (u8 *)exceptionsPage); + svcTable[0x7B] = 0xFFFF0000 + ((u8 *)freeSpace - (u8 *)exceptionsPage); } } static inline void copySection0AndInjectLoader(void) { u8 *arm11Section0 = (u8 *)firm + section[0].offset; + u32 loaderSize; u32 loaderOffset = getLoader(arm11Section0, &loaderSize); diff --git a/source/patches.c b/source/patches.c index f3eebac..f7bdfed 100644 --- a/source/patches.c +++ b/source/patches.c @@ -104,7 +104,7 @@ u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 **exceptionsPage) { const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5}; //cpsid aif - *exceptionsPage = (u32 *)(memsearch(pos, pattern, size, 4) - 0x2C); + *exceptionsPage = (u32 *)memsearch(pos, pattern, size, 4) - 0xB; u32 svcOffset = (-(((*exceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch u32 *svcTable = (u32 *)(pos + *(u32 *)(pos + 0xFFFF0008 - svcOffset - 0xFFF00000 + 8) - 0xFFF00000); //SVC handler address