Use ipc call to start mcp thread immediately

2024-09-30 00:28:34 +02:00 · 2021-04-04 22:33:22 +02:00 · 2021-04-04 22:33:22 +02:00 · 38625d2efe
commit 38625d2efe
parent 0de8f77c71
7 changed files with 10 additions and 19 deletions
--- a/source/common/ipc_defs.h
+++ b/source/common/ipc_defs.h
@ -227,5 +227,6 @@ typedef struct {
 #define IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED   0xFD
 #define IPC_CUSTOM_LOAD_CUSTOM_RPX          0xFC
 #define IPC_CUSTOM_META_XML_READ            0xFB
+#define IPC_CUSTOM_START_MCP_THREAD         0xFA

 #define LOAD_FILE_TARGET_SD_CARD            0
--- a/source/ios_kernel/source/instant_patches.c
+++ b/source/ios_kernel/source/instant_patches.c
@ -64,9 +64,7 @@ void instant_patches_setup(void) {
    // fix 10 minute timeout that crashes MCP after 10 minutes of booting
    *(volatile u32 *) (0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF;    // NEW_TIMEOUT

-    // start our MCP thread directly on first title change
    kernel_memset((void *) (0x050BD000 - 0x05000000 + 0x081C0000), 0, 0x3000);
-    *(volatile u32 *) (0x05054D6C - 0x05000000 + 0x081C0000) = ARM_B(0x05054D6C, _startMainThread);

    // allow custom bootLogoTex and bootMovie.h264
    *(volatile u32 *) (0xE0030D68 - 0xE0000000 + 0x12900000) = 0xE3A00000;    // mov r0, #0
--- a/source/ios_kernel/source/ios_mcp_patches.c
+++ b/source/ios_kernel/source/ios_mcp_patches.c
@ -41,8 +41,6 @@ void mcp_run_patches(u32 ios_elf_start) {
    section_write_bss(ios_elf_start, _bss_start, _bss_end - _bss_start);
    section_write(ios_elf_start, _text_start, (void *) mcp_get_phys_code_base(), _text_end - _text_start);

-    section_write_word(ios_elf_start, 0x05056718, ARM_BL(0x05056718, _text_start));
-
    u32 patch_count = (u32) (((u8 *) mcp_patches_table_end) - ((u8 *) mcp_patches_table)) / sizeof(patch_table_t);
    patch_table_entries(ios_elf_start, mcp_patches_table, patch_count);

--- a/source/ios_mcp/link.ld
+++ b/source/ios_mcp/link.ld
@ -4,7 +4,6 @@ SECTIONS
 {
 	.text 0x05116000 : {
 		_text_start = .;
-		build/crt0.o(.init)
 		*(.text*)
 		*(.rodata*)
 	}
--- a/source/ios_mcp/source/crt0.s
+++ b/source/ios_mcp/source/crt0.s
@ -1,14 +0,0 @@
-.section ".init"
-.arm
-.align 4
-
-.extern _startMainThread
-.type _startMainThread, %function
-
-mcpMainThread_hook:
-    mov r11, r0
-    push {r0-r11,lr}
-
-    bl _startMainThread
-
-    pop {r0-r11,pc}
--- a/source/ios_mcp/source/mcp_loadfile.c
+++ b/source/ios_mcp/source/mcp_loadfile.c
@ -217,6 +217,8 @@ int _MCP_ReadCOSXml_patch(uint32_t u1, uint32_t u2, MCPPPrepareTitleInfo *xmlDat
    return res;
 }

+extern int _startMainThread(void);
+
 /*  RPX replacement! Call this ioctl to replace the next loaded RPX with an arbitrary path.
    DO NOT RETURN 0, this affects the codepaths back in the IOSU code */
 int _MCP_ioctl100_patch(ipcmessage *msg) {
@ -294,6 +296,10 @@ int _MCP_ioctl100_patch(ipcmessage *msg) {
                }
                return 1;
            }
+            case IPC_CUSTOM_START_MCP_THREAD: {
+                _startMainThread();
+                return 1;
+            }
            default: {
            }
        }
--- a/source/main.cpp
+++ b/source/main.cpp
@ -28,7 +28,10 @@ int main(int argc, char **argv) {
    if (mcpFd >= 0) {
        int in = 0xFD;//IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED;
        int out = 0;
+        IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));

+        in = 0xFA;//IPC_CUSTOM_START_MCP_THREAD;
+        out = 0;
        IOS_Ioctl(mcpFd, 100, &in, sizeof(in), &out, sizeof(out));
        IOS_Close(mcpFd);
    }