From 373579cd6f9ee180ec15516b98e0ae6fb0b46357 Mon Sep 17 00:00:00 2001 From: Maschell Date: Sun, 17 May 2020 13:14:19 +0200 Subject: [PATCH] Inital support for patching the OSDynload_Acquire and OSDynload_FindExport --- relocator/Makefile | 2 +- relocator/src/entry.cpp | 20 +- relocator/src/hooks_patcher_static.cpp | 25 ++ relocator/src/hooks_patcher_static.h | 18 + relocator/src/kernel/kernel.s | 40 ++ relocator/src/kernel/kernel_defs.h | 20 + relocator/src/kernel/kernel_utils.c | 91 ++++ relocator/src/kernel/kernel_utils.h | 26 ++ relocator/src/utils/function_patcher.cpp | 550 +++++++++++++++++++++++ relocator/src/utils/function_patcher.h | 87 ++++ relocator/src/utils/imports.h | 1 + 11 files changed, 877 insertions(+), 3 deletions(-) create mode 100644 relocator/src/hooks_patcher_static.cpp create mode 100644 relocator/src/hooks_patcher_static.h create mode 100644 relocator/src/kernel/kernel.s create mode 100644 relocator/src/kernel/kernel_defs.h create mode 100644 relocator/src/kernel/kernel_utils.c create mode 100644 relocator/src/kernel/kernel_utils.h create mode 100644 relocator/src/utils/function_patcher.cpp create mode 100644 relocator/src/utils/function_patcher.h diff --git a/relocator/Makefile b/relocator/Makefile index 927bbce..eda32b2 100644 --- a/relocator/Makefile +++ b/relocator/Makefile @@ -31,7 +31,7 @@ export OBJCOPY := $(PREFIX)objcopy TARGET := relocator BUILD := build BUILD_DBG := $(TARGET)_dbg -SOURCES := src src/utils +SOURCES := src src/utils src/kernel DATA := data diff --git a/relocator/src/entry.cpp b/relocator/src/entry.cpp index caf5f4d..f104592 100644 --- a/relocator/src/entry.cpp +++ b/relocator/src/entry.cpp @@ -5,6 +5,8 @@ #include #include #include +#include +#include #include "../../source/common/dynamic_linking_defines.h" #include "../../source/common/module_defines.h" #include "../../source/module/RelocationData.h" @@ -12,12 +14,16 @@ #include "ModuleDataPersistence.h" #include "ElfUtils.h" #include "../../source/common/relocation_defines.h" +#include "kernel/kernel_utils.h" +#include "hooks_patcher_static.h" #include "utils/logger.h" #include "utils/dynamic.h" #define gModuleData ((module_information_t *) (0x00880000)) +uint8_t gFunctionsPatched __attribute__((section(".data"))) = 0; + extern "C" void doStart(int argc, char **argv); // We need to wrap it to make sure the main function is called AFTER our code. // The compiler tries to optimize this otherwise and calling the main function earlier @@ -33,16 +39,21 @@ extern "C" int _start(int argc, char **argv) { } bool doRelocation(std::vector &relocData, relocation_trampolin_entry_t * tramp_data, uint32_t tramp_length) { + std::map moduleCache; for (auto const& curReloc : relocData) { std::string functionName = curReloc.getName(); std::string rplName = curReloc.getImportRPLInformation().getName(); int32_t isData = curReloc.getImportRPLInformation().isData(); OSDynLoad_Module rplHandle = 0; - OSDynLoad_Acquire(rplName.c_str(), &rplHandle); - + if(moduleCache.count(rplName) == 0){ + OSDynLoad_Acquire(rplName.c_str(), &rplHandle); + moduleCache[rplName] = rplHandle; + } + rplHandle = moduleCache.at(rplName); uint32_t functionAddress = 0; OSDynLoad_FindExport(rplHandle, isData, functionName.c_str(), (void**) &functionAddress); if(functionAddress == 0) { + DEBUG_FUNCTION_LINE("Failed to find function\n"); return false; } if(!ElfUtils::elfLinkOne(curReloc.getType(), curReloc.getOffset(), curReloc.getAddend(), (uint32_t) curReloc.getDestination(), functionAddress, tramp_data, tramp_length, RELOC_TYPE_IMPORT)) { @@ -84,6 +95,11 @@ bool ResolveRelocations() { } extern "C" void doStart(int argc, char **argv) { + if(!gFunctionsPatched){ + gFunctionsPatched = 1; + kernelInitialize(); + PatchInvidualMethodHooks(method_hooks_hooks_static, method_hooks_size_hooks_static, method_calls_hooks_static); + } DEBUG_FUNCTION_LINE("Resolve relocations\n"); DEBUG_FUNCTION_LINE("Number of modules %d\n", gModuleData->number_used_modules); ResolveRelocations(); diff --git a/relocator/src/hooks_patcher_static.cpp b/relocator/src/hooks_patcher_static.cpp new file mode 100644 index 0000000..becd749 --- /dev/null +++ b/relocator/src/hooks_patcher_static.cpp @@ -0,0 +1,25 @@ +#include "utils/logger.h" +#include "utils/function_patcher.h" +#include +#include + +DECL(OSDynLoad_Error, OSDynLoad_Acquire, char const *name, OSDynLoad_Module *outModule) { + DEBUG_FUNCTION_LINE("%s\n", name); + return real_OSDynLoad_Acquire(name, outModule); +} + +DECL(OSDynLoad_Error, OSDynLoad_FindExport, OSDynLoad_Module module, BOOL isData, char const *name, void **outAddr) { + DEBUG_FUNCTION_LINE("%s\n", name); + return real_OSDynLoad_FindExport(module,isData, name, outAddr); +} + +hooks_magic_t method_hooks_hooks_static[] __attribute__((section(".data"))) = { + MAKE_MAGIC(OSDynLoad_Acquire, LIB_CORE_INIT, STATIC_FUNCTION), + MAKE_MAGIC(OSDynLoad_FindExport, LIB_CORE_INIT, STATIC_FUNCTION) +}; + +uint32_t method_hooks_size_hooks_static __attribute__((section(".data"))) = sizeof(method_hooks_hooks_static) / sizeof(hooks_magic_t); + +//! buffer to store our instructions needed for our replacements +volatile uint32_t method_calls_hooks_static[sizeof(method_hooks_hooks_static) / sizeof(hooks_magic_t) * FUNCTION_PATCHER_METHOD_STORE_SIZE] __attribute__((section(".data"))); + diff --git a/relocator/src/hooks_patcher_static.h b/relocator/src/hooks_patcher_static.h new file mode 100644 index 0000000..16ea7ad --- /dev/null +++ b/relocator/src/hooks_patcher_static.h @@ -0,0 +1,18 @@ +#ifndef _HOOKS_STATIC_FUNCTION_PATCHER_H +#define _HOOKS_STATIC_FUNCTION_PATCHER_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +extern hooks_magic_t method_hooks_hooks_static[]; +extern uint32_t method_hooks_size_hooks_static; +extern volatile uint32_t method_calls_hooks_static[]; + +#ifdef __cplusplus +} +#endif + +#endif /* _HOOKS_STATIC_FUNCTION_PATCHER_H */ diff --git a/relocator/src/kernel/kernel.s b/relocator/src/kernel/kernel.s new file mode 100644 index 0000000..2e6eac7 --- /dev/null +++ b/relocator/src/kernel/kernel.s @@ -0,0 +1,40 @@ + +.global SCKernelCopyData +SCKernelCopyData: + // Disable data address translation + mfmsr %r6 + li %r7, 0x10 + andc %r6, %r6, %r7 + mtmsr %r6 + + // Copy data + addi %r3, %r3, -1 + addi %r4, %r4, -1 + mtctr %r5 +SCKernelCopyData_loop: + lbzu %r5, 1(%r4) + stbu %r5, 1(%r3) + bdnz SCKernelCopyData_loop + + // Enable data address translation + ori %r6, %r6, 0x10 + mtmsr %r6 + blr + +.global KernelCopyData +KernelCopyData: + li %r0, 0x2500 + sc + blr + +.globl SC0x36_KernelReadSRs +SC0x36_KernelReadSRs: + li %r0, 0x3600 + sc + blr + + .globl SC0x0A_KernelWriteSRs +SC0x0A_KernelWriteSRs: + li %r0, 0x0A00 + sc + blr diff --git a/relocator/src/kernel/kernel_defs.h b/relocator/src/kernel/kernel_defs.h new file mode 100644 index 0000000..04d7aa2 --- /dev/null +++ b/relocator/src/kernel/kernel_defs.h @@ -0,0 +1,20 @@ +#ifndef __KERNEL_DEFS_H_ +#define __KERNEL_DEFS_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define KERN_SYSCALL_TBL1 0xFFE84C70 //Unknown +#define KERN_SYSCALL_TBL2 0xFFE85070 //Games +#define KERN_SYSCALL_TBL3 0xFFE85470 //Loader +#define KERN_SYSCALL_TBL4 0xFFEAAA60 //Home menu +#define KERN_SYSCALL_TBL5 0xFFEAAE60 //Browser + +#ifdef __cplusplus +} +#endif + +#endif // __KERNEL_DEFS_H_ diff --git a/relocator/src/kernel/kernel_utils.c b/relocator/src/kernel/kernel_utils.c new file mode 100644 index 0000000..058902c --- /dev/null +++ b/relocator/src/kernel/kernel_utils.c @@ -0,0 +1,91 @@ +#include "kernel_utils.h" +#include "kernel_defs.h" +#include +#include + + +extern void SCKernelCopyData(uint32_t dst, uint32_t src, uint32_t len); + +void KernelWrite(uint32_t addr, const void *data, uint32_t length) { + uint32_t dst = (uint32_t) OSEffectiveToPhysical(addr); + uint32_t src = (uint32_t) OSEffectiveToPhysical((uint32_t) data); + KernelCopyData(dst, src, length); + DCFlushRange((void *) addr, length); + ICInvalidateRange((void *) addr, length); +} + +void KernelWriteU32(uint32_t addr, uint32_t value) { + uint32_t dst = (uint32_t) OSEffectiveToPhysical(addr); + uint32_t src = (uint32_t) OSEffectiveToPhysical((uint32_t) &value); + KernelCopyData(dst, src, 4); + DCFlushRange((void *) addr, 4); + ICInvalidateRange((void *) addr, 4); +} + +/* Write a 32-bit word with kernel permissions */ +void __attribute__ ((noinline)) kern_write(void *addr, uint32_t value) { + asm volatile ( + "li 3,1\n" + "li 4,0\n" + "mr 5,%1\n" + "li 6,0\n" + "li 7,0\n" + "lis 8,1\n" + "mr 9,%0\n" + "mr %1,1\n" + "li 0,0x3500\n" + "sc\n" + "nop\n" + "mr 1,%1\n" + : + : "r"(addr), "r"(value) + : "memory", "ctr", "lr", "0", "3", "4", "5", "6", "7", "8", "9", "10", + "11", "12" + ); +} + +/* Read a 32-bit word with kernel permissions */ +uint32_t __attribute__ ((noinline)) kern_read(const void *addr) { + uint32_t result; + asm volatile ( + "li 3,1\n" + "li 4,0\n" + "li 5,0\n" + "li 6,0\n" + "li 7,0\n" + "lis 8,1\n" + "mr 9,%1\n" + "li 0,0x3400\n" + "mr %0,1\n" + "sc\n" + "nop\n" + "mr 1,%0\n" + "mr %0,3\n" + : "=r"(result) + : "b"(addr) + : "memory", "ctr", "lr", "0", "3", "4", "5", "6", "7", "8", "9", "10", + "11", "12" + ); + + return result; +} + +void PatchSyscall(int index, uint32_t addr) { + //DEBUG_FUNCTION_LINE("Patching Syscall 0x%02X\n",index); + kern_write((void *) (KERN_SYSCALL_TBL1 + index * 4), addr); + kern_write((void *) (KERN_SYSCALL_TBL2 + index * 4), addr); + kern_write((void *) (KERN_SYSCALL_TBL3 + index * 4), addr); + kern_write((void *) (KERN_SYSCALL_TBL4 + index * 4), addr); + kern_write((void *) (KERN_SYSCALL_TBL5 + index * 4), addr); +} + +void kernelInitialize() { + static uint8_t ucSyscallsSetupRequired = 1; + if (!ucSyscallsSetupRequired){ + return; + } + + ucSyscallsSetupRequired = 0; + + PatchSyscall(0x25, (uint32_t) SCKernelCopyData); +} diff --git a/relocator/src/kernel/kernel_utils.h b/relocator/src/kernel/kernel_utils.h new file mode 100644 index 0000000..dbfc261 --- /dev/null +++ b/relocator/src/kernel/kernel_utils.h @@ -0,0 +1,26 @@ +#ifndef __KERNEL_UTILS_H_ +#define __KERNEL_UTILS_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "kernel_defs.h" + +extern void KernelCopyData(uint32_t dst, uint32_t src, uint32_t len); + +void kern_write(void *addr, uint32_t value); + +uint32_t kern_read(const void *addr); + +void KernelWrite(uint32_t addr, const void *data, uint32_t length); + +void KernelWriteU32(uint32_t addr, uint32_t value); + +void kernelInitialize(); + +#ifdef __cplusplus +} +#endif + +#endif // __KERNEL_UTILS_H_ diff --git a/relocator/src/utils/function_patcher.cpp b/relocator/src/utils/function_patcher.cpp new file mode 100644 index 0000000..0f4a00c --- /dev/null +++ b/relocator/src/utils/function_patcher.cpp @@ -0,0 +1,550 @@ +/**************************************************************************** + * Copyright (C) 2016 Maschell + * With code from chadderz and dimok + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + ****************************************************************************/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "kernel/kernel_utils.h" +#include "function_patcher.h" +#include "logger.h" + +#define LIB_CODE_RW_BASE_OFFSET 0xC1000000 +#define CODE_RW_BASE_OFFSET 0x00000000 +#define DEBUG_LOG_DYN 0 + +OSDynLoad_Module acp_handle_internal = 0; +OSDynLoad_Module aoc_handle_internal = 0; +OSDynLoad_Module sound_handle_internal = 0; +OSDynLoad_Module sound_handle_internal_old = 0; +OSDynLoad_Module libcurl_handle_internal = 0; +OSDynLoad_Module gx2_handle_internal = 0; +OSDynLoad_Module nfp_handle_internal = 0; +OSDynLoad_Module nn_act_handle_internal = 0; +OSDynLoad_Module nn_nim_handle_internal = 0; +OSDynLoad_Module nn_save_handle_internal = 0; +OSDynLoad_Module ntag_handle_internal = 0; +OSDynLoad_Module coreinit_handle_internal = 0; +OSDynLoad_Module padscore_handle_internal = 0; +OSDynLoad_Module proc_ui_handle_internal = 0; +OSDynLoad_Module nsysnet_handle_internal = 0; +OSDynLoad_Module sysapp_handle_internal = 0; +OSDynLoad_Module syshid_handle_internal = 0; +OSDynLoad_Module vpad_handle_internal = 0; +OSDynLoad_Module vpadbase_handle_internal = 0; + +/* +* Patches a function that is loaded at the start of each application. Its not required to restore, at least when they are really dynamic. +* "normal" functions should be patch with the normal patcher. Current Code by Maschell with the help of dimok. Orignal code by Chadderz. +*/ +void PatchInvidualMethodHooks(hooks_magic_t method_hooks[], int32_t hook_information_size, volatile uint32_t dynamic_method_calls[]) { + resetLibs(); + + DEBUG_FUNCTION_LINE("Patching %d given functions", hook_information_size); + /* Patch branches to it. */ + volatile uint32_t *space = &dynamic_method_calls[0]; + + int32_t method_hooks_count = hook_information_size; + + uint32_t skip_instr = 1; + uint32_t my_instr_len = 6; + uint32_t instr_len = my_instr_len + skip_instr; + uint32_t flush_len = 4 * instr_len; + for (int32_t i = 0; i < method_hooks_count; i++) { + DEBUG_FUNCTION_LINE("Patching %s ...", method_hooks[i].functionName); + if (method_hooks[i].functionType == STATIC_FUNCTION && method_hooks[i].alreadyPatched == 1) { + if (isDynamicFunction((uint32_t) OSEffectiveToPhysical(method_hooks[i].realAddr))) { + DEBUG_FUNCTION_LINE("The function %s is a dynamic function. Please fix that <3", method_hooks[i].functionName); + method_hooks[i].functionType = DYNAMIC_FUNCTION; + } else { + DEBUG_FUNCTION_LINE("Skipping %s, its already patched", method_hooks[i].functionName); + space += instr_len; + continue; + } + } + + uint32_t physical = 0; + uint32_t repl_addr = (uint32_t) method_hooks[i].replaceAddr; + uint32_t call_addr = (uint32_t) method_hooks[i].replaceCall; + + uint32_t real_addr = GetAddressOfFunction(method_hooks[i].functionName, method_hooks[i].library); + + if (!real_addr) { + DEBUG_FUNCTION_LINE("\n"); + DEBUG_FUNCTION_LINE("OSDynLoad_FindExport failed for %s", method_hooks[i].functionName); + space += instr_len; + continue; + } + + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("%s is located at %08X!", method_hooks[i].functionName, real_addr); + } + + physical = (uint32_t) OSEffectiveToPhysical(real_addr); + if (!physical) { + DEBUG_FUNCTION_LINE("Error. Something is wrong with the physical address\n"); + space += instr_len; + continue; + } + + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("%s physical is located at %08X!", method_hooks[i].functionName, physical); + } + + *(volatile uint32_t *) (call_addr) = (uint32_t) (space) - CODE_RW_BASE_OFFSET; + + + uint32_t targetAddr = (uint32_t) space; + if (targetAddr < 0x00800000 || targetAddr >= 0x01000000) { + targetAddr = (uint32_t) OSEffectiveToPhysical(targetAddr); + } else { + targetAddr = targetAddr + 0x30800000 - 0x00800000; + } + + KernelCopyData(targetAddr, physical, 4); + + ICInvalidateRange((void *) (space), 4); + DCFlushRange((void *) (space), 4); + space++; + + //Only works if skip_instr == 1 + if (skip_instr == 1) { + // fill the restore instruction section + method_hooks[i].realAddr = real_addr; + method_hooks[i].restoreInstruction = *(space - 1); + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("method_hooks[i].realAddr = %08X!", method_hooks[i].realAddr); + } + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("method_hooks[i].restoreInstruction = %08X!", method_hooks[i].restoreInstruction); + } + } else { + DEBUG_FUNCTION_LINE("Error. Can't save %s for restoring!\n", method_hooks[i].functionName); + } + + //adding jump to real function thx @ dimok for the assembler code + /* + 90 61 ff e0 stw r3,-32(r1) + 3c 60 12 34 lis r3,4660 + 60 63 56 78 ori r3,r3,22136 + 7c 69 03 a6 mtctr r3 + 80 61 ff e0 lwz r3,-32(r1) + 4e 80 04 20 bctr*/ + *space = 0x9061FFE0; + space++; + *space = 0x3C600000 | (((real_addr + (skip_instr * 4)) >> 16) & 0x0000FFFF); // lis r3, real_addr@h + space++; + *space = 0x60630000 | ((real_addr + (skip_instr * 4)) & 0x0000ffff); // ori r3, r3, real_addr@l + space++; + *space = 0x7C6903A6; // mtctr r3 + space++; + *space = 0x8061FFE0; // lwz r3,-32(r1) + space++; + *space = 0x4E800420; // bctr + space++; + DCFlushRange((void *) (space - instr_len), flush_len); + ICInvalidateRange((unsigned char *) (space - instr_len), flush_len); + + //setting jump back + uint32_t replace_instr = 0x48000002 | (repl_addr & 0x03fffffc); + DCFlushRange(&replace_instr, 4); + + KernelCopyData(physical, (uint32_t) OSEffectiveToPhysical((uint32_t) &replace_instr), 4); + ICInvalidateRange((void *) (real_addr), 4); + + method_hooks[i].alreadyPatched = 1; + DEBUG_FUNCTION_LINE("done!\n"); + + } + DEBUG_FUNCTION_LINE("Done with patching given functions!"); +} + +/* ****************************************************************** */ +/* RESTORE ORIGINAL INSTRUCTIONS */ +/* ****************************************************************** */ +void RestoreInvidualInstructions(hooks_magic_t method_hooks[], int32_t hook_information_size) { + resetLibs(); + DEBUG_FUNCTION_LINE("Restoring given functions!"); + int32_t method_hooks_count = hook_information_size; + for (int32_t i = 0; i < method_hooks_count; i++) { + DEBUG_FUNCTION_LINE("Restoring %s... ", method_hooks[i].functionName); + if (method_hooks[i].restoreInstruction == 0 || method_hooks[i].realAddr == 0) { + DEBUG_FUNCTION_LINE("I dont have the information for the restore =( skip\n"); + continue; + } + + uint32_t real_addr = GetAddressOfFunction(method_hooks[i].functionName, method_hooks[i].library); + + if (!real_addr) { + DEBUG_FUNCTION_LINE("OSDynLoad_FindExport failed for %s", method_hooks[i].functionName); + continue; + } + + uint32_t physical = (uint32_t) OSEffectiveToPhysical(real_addr); + if (!physical) { + DEBUG_FUNCTION_LINE("Something is wrong with the physical address\n"); + continue; + } + + if (isDynamicFunction(physical)) { + DEBUG_FUNCTION_LINE("Its a dynamic function. We don't need to restore it!\n", method_hooks[i].functionName); + } else { + physical = (uint32_t) OSEffectiveToPhysical(method_hooks[i].realAddr); //When its an static function, we need to use the old location + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("Restoring %08X to %08X", (uint32_t) method_hooks[i].restoreInstruction, physical); + } + uint32_t targetAddr = (uint32_t) &method_hooks[i].restoreInstruction; + if (targetAddr < 0x00800000 || targetAddr >= 0x01000000) { + targetAddr = (uint32_t) OSEffectiveToPhysical(targetAddr); + } else { + targetAddr = targetAddr + 0x30800000 - 0x00800000; + } + + KernelCopyData(physical, targetAddr, 4); + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("ICInvalidateRange %08X", (void *) method_hooks[i].realAddr); + } + ICInvalidateRange((void *) method_hooks[i].realAddr, 4); + DEBUG_FUNCTION_LINE("done\n"); + } + method_hooks[i].alreadyPatched = 0; // In case a + } + + DEBUG_FUNCTION_LINE("Done with restoring given functions!"); +} + +int32_t isDynamicFunction(uint32_t physicalAddress) { + if ((physicalAddress & 0x80000000) == 0x80000000) { + return 1; + } + return 0; +} + +uint32_t GetAddressOfFunction(const char *functionName, uint32_t library) { + uint32_t real_addr = 0; + + OSDynLoad_Module rpl_handle = 0; + if (library == LIB_CORE_INIT) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_CORE_INIT", functionName); + } + if (coreinit_handle_internal == 0) { + OSDynLoad_Acquire("coreinit.rpl", &coreinit_handle_internal); + } + if (coreinit_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_CORE_INIT failed to acquire"); + return 0; + } + rpl_handle = coreinit_handle_internal; + } else if (library == LIB_NSYSNET) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_NSYSNET", functionName); + } + if (nsysnet_handle_internal == 0) { + OSDynLoad_Acquire("nsysnet.rpl", &nsysnet_handle_internal); + } + if (nsysnet_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_NSYSNET failed to acquire"); + return 0; + } + rpl_handle = nsysnet_handle_internal; + } else if (library == LIB_GX2) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_GX2", functionName); + } + if (gx2_handle_internal == 0) { + OSDynLoad_Acquire("gx2.rpl", &gx2_handle_internal); + } + if (gx2_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_GX2 failed to acquire"); + return 0; + } + rpl_handle = gx2_handle_internal; + } else if (library == LIB_AOC) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_AOC", functionName); + } + if (aoc_handle_internal == 0) { + OSDynLoad_Acquire("nn_aoc.rpl", &aoc_handle_internal); + } + if (aoc_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_AOC failed to acquire"); + return 0; + } + rpl_handle = aoc_handle_internal; + } else if (library == LIB_AX) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_AX", functionName); + } + if (sound_handle_internal == 0) { + OSDynLoad_Acquire("sndcore2.rpl", &sound_handle_internal); + } + if (sound_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_AX failed to acquire"); + return 0; + } + rpl_handle = sound_handle_internal; + } else if (library == LIB_AX_OLD) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_AX_OLD", functionName); + } + if (sound_handle_internal_old == 0) { + OSDynLoad_Acquire("snd_core.rpl", &sound_handle_internal_old); + } + if (sound_handle_internal_old == 0) { + DEBUG_FUNCTION_LINE("LIB_AX_OLD failed to acquire"); + return 0; + } + rpl_handle = sound_handle_internal_old; + } else if (library == LIB_FS) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_FS", functionName); + } + if (coreinit_handle_internal == 0) { + OSDynLoad_Acquire("coreinit.rpl", &coreinit_handle_internal); + } + if (coreinit_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_FS failed to acquire"); + return 0; + } + rpl_handle = coreinit_handle_internal; + } else if (library == LIB_OS) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_OS", functionName); + } + if (coreinit_handle_internal == 0) { + OSDynLoad_Acquire("coreinit.rpl", &coreinit_handle_internal); + } + if (coreinit_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_OS failed to acquire"); + return 0; + } + rpl_handle = coreinit_handle_internal; + } else if (library == LIB_PADSCORE) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_PADSCORE", functionName); + } + if (padscore_handle_internal == 0) { + OSDynLoad_Acquire("padscore.rpl", &padscore_handle_internal); + } + if (padscore_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_PADSCORE failed to acquire"); + return 0; + } + rpl_handle = padscore_handle_internal; + } else if (library == LIB_SOCKET) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_SOCKET", functionName); + } + if (nsysnet_handle_internal == 0) { + OSDynLoad_Acquire("nsysnet.rpl", &nsysnet_handle_internal); + } + if (nsysnet_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_SOCKET failed to acquire"); + return 0; + } + rpl_handle = nsysnet_handle_internal; + } else if (library == LIB_SYS) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_SYS", functionName); + } + if (sysapp_handle_internal == 0) { + OSDynLoad_Acquire("sysapp.rpl", &sysapp_handle_internal); + } + if (sysapp_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_SYS failed to acquire"); + return 0; + } + rpl_handle = sysapp_handle_internal; + } else if (library == LIB_VPAD) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_VPAD", functionName); + } + if (vpad_handle_internal == 0) { + OSDynLoad_Acquire("vpad.rpl", &vpad_handle_internal); + } + if (vpad_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_VPAD failed to acquire"); + return 0; + } + rpl_handle = vpad_handle_internal; + } else if (library == LIB_NN_ACP) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_NN_ACP", functionName); + } + if (acp_handle_internal == 0) { + OSDynLoad_Acquire("nn_acp.rpl", &acp_handle_internal); + } + if (acp_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_NN_ACP failed to acquire"); + return 0; + } + rpl_handle = acp_handle_internal; + } else if (library == LIB_SYSHID) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_SYSHID", functionName); + } + if (syshid_handle_internal == 0) { + OSDynLoad_Acquire("nsyshid.rpl", &syshid_handle_internal); + } + if (syshid_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_SYSHID failed to acquire"); + return 0; + } + rpl_handle = syshid_handle_internal; + } else if (library == LIB_VPADBASE) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_VPADBASE", functionName); + } + if (vpadbase_handle_internal == 0) { + OSDynLoad_Acquire("vpadbase.rpl", &vpadbase_handle_internal); + } + if (vpadbase_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_VPADBASE failed to acquire"); + return 0; + } + rpl_handle = vpadbase_handle_internal; + } else if (library == LIB_PROC_UI) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_PROC_UI", functionName); + } + if (proc_ui_handle_internal == 0) { + OSDynLoad_Acquire("proc_ui.rpl", &proc_ui_handle_internal); + } + if (proc_ui_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_PROC_UI failed to acquire"); + return 0; + } + rpl_handle = proc_ui_handle_internal; + } else if (library == LIB_NTAG) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_NTAG", functionName); + } + if (ntag_handle_internal == 0) { + OSDynLoad_Acquire("ntag.rpl", &ntag_handle_internal); + } + if (ntag_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_NTAG failed to acquire"); + return 0; + } + rpl_handle = ntag_handle_internal; + } else if (library == LIB_NFP) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_NFP", functionName); + } + if (nfp_handle_internal == 0) { + OSDynLoad_Acquire("nn_nfp.rpl", &nfp_handle_internal); + } + if (nfp_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_NFP failed to acquire"); + return 0; + } + rpl_handle = nfp_handle_internal; + } else if (library == LIB_SAVE) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_SAVE", functionName); + } + if (nn_save_handle_internal == 0) { + OSDynLoad_Acquire("nn_save.rpl", &nn_save_handle_internal); + } + if (nn_save_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_SAVE failed to acquire"); + return 0; + } + rpl_handle = nn_save_handle_internal; + } else if (library == LIB_ACT) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_ACT", functionName); + } + if (nn_act_handle_internal == 0) { + OSDynLoad_Acquire("nn_act.rpl", &nn_act_handle_internal); + } + if (nn_act_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_ACT failed to acquire"); + return 0; + } + rpl_handle = nn_act_handle_internal; + } else if (library == LIB_NIM) { + if (DEBUG_LOG_DYN) { + DEBUG_FUNCTION_LINE("FindExport of %s! From LIB_NIM", functionName); + } + if (nn_nim_handle_internal == 0) { + OSDynLoad_Acquire("nn_nim.rpl", &nn_nim_handle_internal); + } + if (nn_nim_handle_internal == 0) { + DEBUG_FUNCTION_LINE("LIB_NIM failed to acquire"); + return 0; + } + rpl_handle = nn_nim_handle_internal; + } + + if (!rpl_handle) { + DEBUG_FUNCTION_LINE("Failed to find the RPL handle for %s", functionName); + return 0; + } + + OSDynLoad_FindExport(rpl_handle, 0, functionName, (void **) &real_addr); + + if (!real_addr) { + OSDynLoad_FindExport(rpl_handle, 1, functionName, (void **) &real_addr); + if (!real_addr) { + DEBUG_FUNCTION_LINE("OSDynLoad_FindExport failed for %s", functionName); + return 0; + } + } + + if ((library == LIB_NN_ACP) && (uint32_t) (*(volatile uint32_t *) (real_addr) & 0x48000002) == 0x48000000) { + uint32_t address_diff = (uint32_t) (*(volatile uint32_t *) (real_addr) & 0x03FFFFFC); + if ((address_diff & 0x03000000) == 0x03000000) { + address_diff |= 0xFC000000; + } + real_addr += (int32_t) address_diff; + if ((uint32_t) (*(volatile uint32_t *) (real_addr) & 0x48000002) == 0x48000000) { + return 0; + } + } + + return real_addr; +} + +void resetLibs() { + acp_handle_internal = 0; + aoc_handle_internal = 0; + sound_handle_internal = 0; + sound_handle_internal_old = 0; + libcurl_handle_internal = 0; + gx2_handle_internal = 0; + nfp_handle_internal = 0; + nn_act_handle_internal = 0; + nn_nim_handle_internal = 0; + nn_save_handle_internal = 0; + ntag_handle_internal = 0; + coreinit_handle_internal = 0; + padscore_handle_internal = 0; + proc_ui_handle_internal = 0; + nsysnet_handle_internal = 0; + sysapp_handle_internal = 0; + syshid_handle_internal = 0; + vpad_handle_internal = 0; + vpadbase_handle_internal = 0; +} diff --git a/relocator/src/utils/function_patcher.h b/relocator/src/utils/function_patcher.h new file mode 100644 index 0000000..b9046ef --- /dev/null +++ b/relocator/src/utils/function_patcher.h @@ -0,0 +1,87 @@ +/**************************************************************************** + * Copyright (C) 2016-2020 Maschell + * With code from chadderz and dimok + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + ****************************************************************************/ + +#ifndef _FUNCTION_HOOKS_H_ +#define _FUNCTION_HOOKS_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Macros for libs */ +#define LIB_CORE_INIT 0 +#define LIB_NSYSNET 1 +#define LIB_GX2 2 +#define LIB_AOC 3 +#define LIB_AX 4 +#define LIB_FS 5 +#define LIB_OS 6 +#define LIB_PADSCORE 7 +#define LIB_SOCKET 8 +#define LIB_SYS 9 +#define LIB_VPAD 10 +#define LIB_NN_ACP 11 +#define LIB_SYSHID 12 +#define LIB_VPADBASE 13 +#define LIB_AX_OLD 14 +#define LIB_PROC_UI 15 +#define LIB_NTAG 16 +#define LIB_NFP 17 +#define LIB_SAVE 18 +#define LIB_ACT 19 +#define LIB_NIM 20 + +// functions types +#define STATIC_FUNCTION 0 +#define DYNAMIC_FUNCTION 1 + +//Orignal code by Chadderz. +#define DECL(res, name, ...) \ + res (* real_ ## name)(__VA_ARGS__) __attribute__((section(".data"))); \ + res my_ ## name(__VA_ARGS__) + +#define FUNCTION_PATCHER_METHOD_STORE_SIZE 7 + +typedef struct { + const uint32_t replaceAddr; + const uint32_t replaceCall; + const uint32_t library; + const char functionName[50]; + uint32_t realAddr; + uint32_t restoreInstruction; + uint8_t functionType; + uint8_t alreadyPatched; +} hooks_magic_t; + +void PatchInvidualMethodHooks(hooks_magic_t hook_information[], int32_t hook_information_size, volatile uint32_t dynamic_method_calls[]); +void RestoreInvidualInstructions(hooks_magic_t hook_information[], int32_t hook_information_size); +uint32_t GetAddressOfFunction(const char *functionName, uint32_t library); +int32_t isDynamicFunction(uint32_t physicalAddress); +void resetLibs(); + +//Orignal code by Chadderz. +#define MAKE_MAGIC(x, lib, functionType) { (uint32_t) my_ ## x, (uint32_t) &real_ ## x, lib, # x,0,0,functionType,0} +#define MAKE_MAGIC_NAME(x, y, lib, functionType) { (uint32_t) my_ ## x, (uint32_t) &real_ ## x, lib, # y,0,0,functionType,0} + +#ifdef __cplusplus +} +#endif + +#endif /* _FS_H */ diff --git a/relocator/src/utils/imports.h b/relocator/src/utils/imports.h index 98de8c4..87d1d73 100644 --- a/relocator/src/utils/imports.h +++ b/relocator/src/utils/imports.h @@ -8,6 +8,7 @@ IMPORT(ICInvalidateRange); IMPORT(OSGetSystemInfo); IMPORT(MEMGetSizeForMBlockExpHeap); IMPORT(OSSleepTicks); +IMPORT(OSEffectiveToPhysical); IMPORT(OSFatal); IMPORT_END();