Fix and rewrite parts of k11modules.s
This commit is contained in:
parent
802bce12a7
commit
8d5d8d2100
@ -42,86 +42,75 @@
|
|||||||
; Save the value of all registers
|
; Save the value of all registers
|
||||||
push {r0-r12}
|
push {r0-r12}
|
||||||
|
|
||||||
; Clear all the caches, just to be safe
|
|
||||||
mcr p15, 0, r6, c7, c14, 0
|
|
||||||
mcr p15, 0, r6, c7, c5, 0
|
|
||||||
|
|
||||||
ldr r0, [r0, #(0x80 - 0x7C)] ; Load the .text address
|
ldr r0, [r0, #(0x80 - 0x7C)] ; Load the .text address
|
||||||
ldr r2, [r7, #0x18] ; Load the size of the .text
|
ldr r7, [r4]
|
||||||
|
ldr r8, [r7, #0x200] ; Load the low title id of the current NCCH
|
||||||
|
ldr r2, [r7, #0x18]
|
||||||
mov r5, r0
|
mov r5, r0
|
||||||
add r11, r5, r2 ; Max bounds of the memory region
|
add r11, r5, r2 ; Max bounds of the memory region
|
||||||
|
|
||||||
ldr r9, =0x00001002 ; Low title id of the sm module
|
ldr r9, =0x00001002 ; Low title id of the sm module
|
||||||
ldr r7, [r4]
|
|
||||||
ldr r8, [r7, #0x200] ; Load the low title id of the current NCCH
|
|
||||||
cmp r8, r9 ; Compare the low title id to the id of the sm module
|
cmp r8, r9 ; Compare the low title id to the id of the sm module
|
||||||
bne fs_patch ; Skip if they're not the same
|
bne fs_patch ; Skip if they're not the same
|
||||||
|
|
||||||
ldr r7, =0xE1A01006 ; mov r1, r6
|
ldr r7, =0xE5901024 ; mov r6, r2
|
||||||
ldr r8, =0xE1A00005 ; mov r0, r5
|
ldr r8, =0xE1B02001 ; mov r7, #0
|
||||||
ldr r9, =0xE3500000 ; cmp r0, #0
|
ldr r9, =0x0A00000A ; ldr r1, [r2, #0x24]
|
||||||
ldr r10, =0xE2850004 ; add r0, r5, #4
|
ldr r10, =0xE5915014 ; movs r2, r1
|
||||||
|
|
||||||
loop:
|
loop_sm: ; patch adapted from BootNTR
|
||||||
cmp r11, r5
|
cmp r5, r11
|
||||||
blo out ; Check if we didn't go past the bounds of the memory region
|
bhs out
|
||||||
ldr r6, [r5]
|
ldr r6, [r5]
|
||||||
cmp r6, r7
|
cmp r6, r7
|
||||||
ldreq r6, [r5, #4]
|
bne loop_sm_continue
|
||||||
cmpeq r6, r8
|
ldr r6, [r5, #4]
|
||||||
ldreq r6, [r5, #12]
|
cmp r6, r8
|
||||||
cmpeq r6, r9
|
bne loop_sm_continue
|
||||||
ldreq r6, [r5, #24]
|
ldr r6, [r5, #8]
|
||||||
cmpeq r6, r10
|
cmp r6, r9
|
||||||
moveq r8, r5
|
bne loop_sm_continue
|
||||||
addne r5, r5, #4
|
ldr r6, [r5, #12]
|
||||||
bne loop
|
cmp r6, r10
|
||||||
|
bne loop_sm_continue
|
||||||
; r8 now contains the start address of the pattern we found
|
ldr r9, =0xE3A00002 ; mov r0, #2
|
||||||
|
ldr r10, =0xE12FFF1E ; bx lr
|
||||||
; Write NOPs to the four instructions we want to patch
|
str r9, [r5, #-8]
|
||||||
ldr r9, =0xE320F000 ; nop
|
str r10, [r5, #-4]
|
||||||
str r9, [r8, #8] ; Patch the bl
|
|
||||||
str r9, [r8, #12] ; Patch the cmp
|
|
||||||
str r9, [r8, #16] ; Patch the ldreq
|
|
||||||
str r9, [r8, #20] ; Patch the beq
|
|
||||||
b out
|
b out
|
||||||
|
loop_sm_continue:
|
||||||
|
add r5, r5, #4
|
||||||
|
b loop_sm
|
||||||
|
|
||||||
|
|
||||||
fs_patch: ; patch adapted from BootNTR
|
fs_patch: ; patch adapted from BootNTR
|
||||||
ldr r9, =0x00001102 ; Low title id of the fs module
|
ldr r9, =0x00001102 ; Low title id of the fs module
|
||||||
ldr r7, [r4]
|
cmp r8, r9 ; Compare the low title id to the id of the fs module
|
||||||
ldr r8, [r7, #0x200] ; Load the low title id of the current NCCH
|
|
||||||
cmp r8, r9 ; Compare the low title id to the id of the sm module
|
|
||||||
bne out ; Skip if they're not the same
|
bne out ; Skip if they're not the same
|
||||||
|
|
||||||
ldr r7, =0x4618 ; mov r0, r3
|
ldr r7, =0x4618 ; mov r0, r3
|
||||||
ldr r8, =0x3481 ; add r4, #0x81
|
ldr r8, =0x3481 ; add r4, #0x81
|
||||||
|
|
||||||
loop_fs:
|
loop_fs:
|
||||||
cmp r11, r5
|
cmp r5, r11
|
||||||
blo out
|
bhs out
|
||||||
ldrh r6, [r5]
|
ldrh r6, [r5]
|
||||||
cmp r6, r7
|
cmp r6, r7
|
||||||
ldreqh r6, [r5, #2]
|
bne loop_fs_continue
|
||||||
cmpeq r6, r8
|
ldrh r6, [r5, #2]
|
||||||
subeq r8, r5, #8
|
cmp r6, r8
|
||||||
addne r5, #2
|
bne loop_fs_continue
|
||||||
bne loop
|
|
||||||
|
|
||||||
; r8 now contains the start address of the pattern we found
|
|
||||||
|
|
||||||
ldr r9, =0x2001 ; mov r0, #1
|
ldr r9, =0x2001 ; mov r0, #1
|
||||||
ldr r10, =0x4770 ; bx lr
|
ldr r10, =0x4770 ; bx lr
|
||||||
strh r9, [r8]
|
strh r9, [r5, #-8]
|
||||||
strh r10, [r8, #2]
|
strh r10, [r5, #-6]
|
||||||
|
b out
|
||||||
|
loop_fs_continue:
|
||||||
|
add r5, #2
|
||||||
|
b loop_fs
|
||||||
|
|
||||||
out:
|
out:
|
||||||
pop {r0-r12} ; Restore the registers we used
|
pop {r0-r12} ; Restore the registers we used
|
||||||
|
|
||||||
; Clear all the caches again, just to be safe
|
|
||||||
mcr p15, 0, r6, c7, c14, 0
|
|
||||||
mcr p15, 0, r6, c7, c5, 0
|
|
||||||
|
|
||||||
ldr r0, [r4] ; Execute the instruction we overwrote in our detour
|
ldr r0, [r4] ; Execute the instruction we overwrote in our detour
|
||||||
|
|
||||||
bx lr ; Jump back to whoever called us
|
bx lr ; Jump back to whoever called us
|
||||||
|
Reference in New Issue
Block a user