From 598ae989120a1e5819870648a13a2ed8cc9ca3ee Mon Sep 17 00:00:00 2001
From: Maschell <Maschell@gmx.de>
Date: Sun, 5 Jun 2022 20:34:43 +0200
Subject: [PATCH] Load the root.rpx and men.rpx from the environment path

---
 Dockerfile                                | 2 +-
 README.md                                 | 7 ++++---
 source/common/ipc_defs.h                  | 1 -
 source/ios_kernel/source/kernel_patches.c | 4 ----
 source/ios_mcp/link.ld                    | 2 ++
 source/ios_mcp/source/mcp_loadfile.c      | 8 ++++++--
 6 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d6d529d..7dfbbc6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,3 @@
-FROM wiiuenv/devkitppc:20220601
+FROM wiiuenv/devkitppc:20220605
 
 WORKDIR project
\ No newline at end of file
diff --git a/README.md b/README.md
index e16a4c1..65595c7 100644
--- a/README.md
+++ b/README.md
@@ -4,11 +4,12 @@
 This a version of the [original mocha](https://github.com/dimok789/mocha) to be used with the [EnvironmentLoader](https://github.com/wiiu-env/EnvironmentLoader).
 
 ## Usage
-Place the `00_mocha.rpx` in the `[ENVIRONMENT]/modules/setup` folder and run the [EnvironmentLoader](https://github.com/wiiu-env/EnvironmentLoader).
-- Requires [PayloadFromRPX](https://github.com/wiiu-env/PayloadFromRPX) as `sd:/wiiu/root.rpx` to support returning from the system settings.
+([ENVIRONMENT] is a placeholder for the actual environment name.)
+1. Place the `00_mocha.rpx` in the `sd:/wiiu/environments/[ENVIRONMENT]/modules/setup` folder and run the [EnvironmentLoader](https://github.com/wiiu-env/EnvironmentLoader).
+2. Requires [PayloadFromRPX](https://github.com/wiiu-env/PayloadFromRPX) as `sd:/wiiu/environments/[ENVIRONMENT]/root.rpx` to support returning from the system settings.
 
 ## Patches
-- You can also place a RPX as `men.rpx` in the `sd:/wiiu` folder which will replace the Wii U Menu.
+- You can also place a RPX as `men.rpx` in the `sd:/wiiu/environments/[ENVIRONMENT]/` folder which will replace the Wii U Menu.
 - RPX redirection
 - overall sd access
 - wupserver and own IPC which can be used with [libiosuhax](https://github.com/wiiu-env/libiosuhax).
diff --git a/source/common/ipc_defs.h b/source/common/ipc_defs.h
index 7d653e6..62ed3a9 100644
--- a/source/common/ipc_defs.h
+++ b/source/common/ipc_defs.h
@@ -226,7 +226,6 @@ typedef struct {
 #define IPC_CUSTOM_START_MCP_THREAD       0xFE
 #define IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED 0xFD
 #define IPC_CUSTOM_LOAD_CUSTOM_RPX        0xFC
-#define IPC_CUSTOM_META_XML_READ          0xFB
 #define IPC_CUSTOM_START_USB_LOGGING      0xFA
 #define IPC_CUSTOM_COPY_ENVIRONMENT_PATH  0xF9
 
diff --git a/source/ios_kernel/source/kernel_patches.c b/source/ios_kernel/source/kernel_patches.c
index 7583669..82c6d0e 100644
--- a/source/ios_kernel/source/kernel_patches.c
+++ b/source/ios_kernel/source/kernel_patches.c
@@ -72,10 +72,6 @@ int kernel_syscall_0x81(u32 command, u32 arg1, u32 arg2, u32 arg3) {
             kernel_memcpy((void *) arg1, (void *) arg2, arg3);
             break;
         }
-        case KERNEL_GET_CFW_CONFIG: {
-            //kernel_memcpy((void*)arg1, &cfw_config, sizeof(cfw_config));
-            break;
-        }
         case KERNEL_READ_OTP: {
             int (*read_otp_internal)(int index, void *out_buf, u32 size) = (int (*)(int, void *, u32)) 0x08120248;
             read_otp_internal(0, (void *) (arg1), 0x400);
diff --git a/source/ios_mcp/link.ld b/source/ios_mcp/link.ld
index 7640ecd..2bd0ab5 100644
--- a/source/ios_mcp/link.ld
+++ b/source/ios_mcp/link.ld
@@ -1,5 +1,7 @@
 OUTPUT_ARCH(arm)
 
+PROVIDE(snprintf = 0x05059010);
+
 SECTIONS
 {
 	.text 0x05116000 : {
diff --git a/source/ios_mcp/source/mcp_loadfile.c b/source/ios_mcp/source/mcp_loadfile.c
index b7e24bd..798b55a 100644
--- a/source/ios_mcp/source/mcp_loadfile.c
+++ b/source/ios_mcp/source/mcp_loadfile.c
@@ -21,6 +21,7 @@
 #include "ipc_types.h"
 #include "logger.h"
 #include "svc.h"
+#include <stdio.h>
 #include <string.h>
 
 int (*const real_MCP_LoadFile)(ipcmessage *msg)                                                                                                      = (void *) 0x0501CAA8 + 1; //+1 for thumb
@@ -74,10 +75,13 @@ int _MCP_LoadFile_patch(ipcmessage *msg) {
         }
     }
     if (strncmp(request->name, "men.rpx", strlen("men.rpx")) == 0) {
-        replace_path = "wiiu/root.rpx";
+        rpxpath[0] = '\0';
         if (skipPPCSetup) {
-            replace_path = "wiiu/men.rpx";
+            snprintf(rpxpath, sizeof(rpxpath) - 1, "%s/men.rpx", &((char *) 0x05119F00)[19]); // Copy in environment path
+        } else {
+            snprintf(rpxpath, sizeof(rpxpath) - 1, "%s/root.rpx", &((char *) 0x05119F00)[19]); // Copy in environment path
         }
+
         // At startup we want to hook into the Wii U Menu by replacing the men.rpx with a file from the SD Card
         // The replacement may restart the application to execute a kernel exploit.
         // The men.rpx is hooked until the "IPC_CUSTOM_MEN_RPX_HOOK_COMPLETED" command is passed to IOCTL 0x100.