diff --git a/patches/k11modules.s b/patches/k11modules.s index b3718df..8233eb0 100644 --- a/patches/k11modules.s +++ b/patches/k11modules.s @@ -37,83 +37,64 @@ ; r6: Constant 0 ; SP + 0x80 - 0x7C: Pointer to the memory location where the NCCH text was loaded - ; Save the value of sp - mov r0, sp - ; Save the value of all registers - push {r0-r12} + ; Save the value of the register we use + push {r1-r4} - ldr r0, [r0, #(0x80 - 0x7C)] ; Load the .text address - ldr r7, [r4] - ldr r2, [r7, #0x18] ; Load the size of the .text - ldr r8, [r7, #0x200] ; Load the low title id of the current NCCH - mov r5, r0 - add r11, r5, r2 ; Max bounds of the memory region + ldr r0, [sp, #20] ; Load the .text address + ldr r1, [r4] + ldr r2, [r1, #0x200] ; Load the low title id of the current NCCH + ldr r1, [r1, #0x18] ; Load the size of the .text + add r1, r0, r1 ; Max bounds of the memory region - ldr r9, =0x00001002 ; Low title id of the sm module - cmp r8, r9 ; Compare the low title id to the id of the sm module + ldr r3, =0x1002 ; Low title id of the sm module + cmp r2, r3 ; Compare the low title id to the id of the sm module bne fs_patch ; Skip if they're not the same - ldr r7, =0xE1A01006 ; mov r1, r6 - ldr r8, =0xE1A00005 ; mov r0, r5 - ldr r9, =0xE3500000 ; cmp r0, #0 - ldr r10, =0xE2850004 ; add r0, r5, #4 - + ldr r2, =0xE1A01006 ; mov r1, r6 + loop: - cmp r11, r5 - blo out ; Check if we didn't go past the bounds of the memory region - ldr r6, [r5] - cmp r6, r7 - ldreq r6, [r5, #4] - cmpeq r6, r8 - ldreq r6, [r5, #12] - cmpeq r6, r9 - ldreq r6, [r5, #24] - cmpeq r6, r10 - moveq r8, r5 - addne r5, r5, #4 + cmp r1, r0 + blo out ; Check if we didn't go past the bounds of the memory region + ldr r3, [r0] + cmp r3, r2 + ldreqh r3, [r0, #4] + cmpeq r3, #5 + addne r0, #4 bne loop - ; r8 now contains the start address of the pattern we found - - ; Write NOPs to the four instructions we want to patch - ldr r9, =0xE320F000 ; nop - str r9, [r8, #8] ; Patch the bl - str r9, [r8, #12] ; Patch the cmp - str r9, [r8, #16] ; Patch the ldreq - str r9, [r8, #20] ; Patch the beq + ; r0 now contains the start address of the pattern we found + ldr r1, =0xE3A00001 ; mov r0, #1 + str r1, [r0, #8] ; Patch the bl b out fs_patch: ; patch adapted from BootNTR - ldr r9, =0x00001102 ; Low title id of the fs module - cmp r8, r9 ; Compare the low title id to the id of the sm module - bne out ; Skip if they're not the same + ldr r3, =0x1102 ; Low title id of the fs module + cmp r2, r3 ; Compare the low title id to the id of the sm module + bne out ; Skip if they're not the same + ldr r2, =0x4618 ; mov r0, r3 + ldr r3, =0x3481 ; add r4, #0x81 - ldr r7, =0x4618 ; mov r0, r3 - ldr r8, =0x3481 ; add r4, #0x81 + loop_fs: + cmp r1, r0 + blo out + ldrh r4, [r0] + cmp r4, r2 + ldreqh r4, [r0, #2] + cmpeq r4, r3 + subeq r0, #8 + addne r0, #2 + bne loop_fs - loop_fs: - cmp r11, r5 - blo out - ldrh r6, [r5] - cmp r6, r7 - ldreqh r6, [r5, #2] - cmpeq r6, r8 - subeq r8, r5, #8 - addne r5, #2 - bne loop_fs + ; r0 now contains the start address of the pattern we found + ldr r1, =0x2001 ; mov r0, #1 + ldr r2, =0x4770 ; bx lr + strh r1, [r0] + strh r2, [r0, #2] - ; r8 now contains the start address of the pattern we found - ldr r9, =0x2001 ; mov r0, #1 - ldr r10, =0x4770 ; bx lr - strh r9, [r8] - strh r10, [r8, #2] - out: - pop {r0-r12} ; Restore the registers we used - - ldr r0, [r4] ; Execute the instruction we overwrote in our detour - - bx lr ; Jump back to whoever called us + pop {r1-r4} ; Restore the registers we used + ldr r0, [r4] ; Execute the instruction we overwrote in our detour + bx lr ; Jump back to whoever called us .pool .close \ No newline at end of file