From 9ea3bc51bed68fbc36c3f26663b648abd1c415e8 Mon Sep 17 00:00:00 2001
From: Rajko Stojadinovic <admin@rajko.info>
Date: Tue, 12 Dec 2017 04:47:25 +0100
Subject: [PATCH] Add LWZX crash workaround to the repo because people update
 graphic packs more often than they check cemuhook zip

---
 .../BreathOfTheWild_LwzxNullCheck/patches.txt | 296 ++++++++++++++++++
 .../BreathOfTheWild_LwzxNullCheck/rules.txt   |   4 +
 2 files changed, 300 insertions(+)
 create mode 100644 Workaround/BreathOfTheWild_LwzxNullCheck/patches.txt
 create mode 100644 Workaround/BreathOfTheWild_LwzxNullCheck/rules.txt

diff --git a/Workaround/BreathOfTheWild_LwzxNullCheck/patches.txt b/Workaround/BreathOfTheWild_LwzxNullCheck/patches.txt
new file mode 100644
index 00000000..fdcaed56
--- /dev/null
+++ b/Workaround/BreathOfTheWild_LwzxNullCheck/patches.txt
@@ -0,0 +1,296 @@
+[BotwPlsNoCrashV33]
+moduleMatches = 0xD91A406D 
+#restore the 2 instructions possibly overwritten by cemu itself
+0x03721B00 = stwu r1, -0x28(r1)
+0x03721B04 = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x03721CA8 = bla _lwzxCheck
+0x03721CB4 = bla _lwzCheck
+
+0x03721D20 = bla _lwzxCheck
+0x03721D2C = bla _lwzCheck
+
+[BotwPlsNoCrashV48]
+moduleMatches = 0x0F748D9C
+#restore the 2 instructions possibly overwritten by cemu itself
+0x03721F0C = stwu r1, -0x28(r1)
+0x03721F10 = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x037220B4 = bla _lwzxCheck
+0x037220C0 = bla _lwzCheck
+
+0x0372212C = bla _lwzxCheck
+0x03722138 = bla _lwzCheck
+
+[BotwPlsNoCrashV64]
+moduleMatches = 0x9A61FF4C
+#restore the 2 instructions possibly overwritten by cemu itself
+0x037235F4 = stwu r1, -0x28(r1)
+0x037235F8 = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x0372379C = bla _lwzxCheck
+0x037237A8 = bla _lwzCheck
+
+0x03723814 = bla _lwzxCheck
+0x03723820 = bla _lwzCheck
+
+[BotwPlsNoCrashV80]
+moduleMatches = 0x8E3324A9
+#restore the 2 instructions possibly overwritten by cemu itself
+0x03744368 = stwu r1, -0x28(r1)
+0x0374436C = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x03744510 = bla _lwzxCheck
+0x0374451C = bla _lwzCheck
+
+0x03744588 = bla _lwzxCheck
+0x03744594 = bla _lwzCheck
+
+[BotwPlsNoCrashV97]
+moduleMatches = 0xD71D859D
+#restore the 2 instructions possibly overwritten by cemu itself
+0x03799E3C = stwu r1, -0x28(r1)
+0x03799E40 = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x03799FE4 = bla _lwzxCheck
+0x03799FF0 = bla _lwzCheck
+
+0x0379A05C = bla _lwzxCheck
+0x0379A068 = bla _lwzCheck
+
+[BotwPlsNoCrashV112]
+moduleMatches = 0x6FD41A61
+#restore the 2 instructions possibly overwritten by cemu itself
+0x0379AF6C = stwu r1, -0x28(r1)
+0x0379AF70 = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x0379B114 = bla _lwzxCheck
+0x0379B120 = bla _lwzCheck
+
+0x0379B18C = bla _lwzxCheck
+0x0379B198 = bla _lwzCheck
+
+[BotwPlsNoCrashV144]
+moduleMatches = 0x9A2CA0C7
+#restore the 2 instructions possibly overwritten by cemu itself
+0x037CF648 = stwu r1, -0x28(r1)
+0x037CF64C = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x037CF7F0 = bla _lwzxCheck
+0x037CF7FC = bla _lwzCheck
+
+0x037CF868 = bla _lwzxCheck
+0x037CF874 = bla _lwzCheck
+
+[BotwPlsNoCrashV160]
+moduleMatches = 0x29DBB52A
+#restore the 2 instructions possibly overwritten by cemu itself
+0x037CF514 = stwu r1, -0x28(r1)
+0x037CF518 = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x037CF6BC = bla _lwzxCheck
+0x037CF6C8 = bla _lwzCheck
+
+0x037CF734 = bla _lwzxCheck
+0x037CF740 = bla _lwzCheck
+
+[BotwPlsNoCrashV176]
+moduleMatches = 0xFD091F9F
+#restore the 2 instructions possibly overwritten by cemu itself
+0x038E3A30 = stwu r1, -0x28(r1)
+0x038E3A34 = mflr r0
+
+#null check functions
+codeCaveSize = 0x40
+
+_lwzxCheck = 0x00000000		; null checked version of 'lwzx r31, r9, r0'
+0x00000000 = add r30, r9, r0
+0x00000004 = xor r31, r31, r31
+0x00000008 = cmpwi r30, 0
+0x0000000C = beq .+0x8
+0x00000010 = lwzx r31, r9, r0
+0x00000014 = blr
+
+_lwzCheck = 0x00000020		; null checked version of 'lwz r8, 0(r31)'
+0x00000020 = xor  r8, r8, r8
+0x00000024 = oris r8, r8, 0xD15A
+0x00000028 = ori  r8, r8, 0xB1ED
+0x0000002C = cmpwi r31, 0
+0x00000030 = beq .+0x8
+0x00000034 = lwz r8, 0(r31)
+0x00000038 = blr
+
+#replace simple loads with calls to these funcs
+0x038E3BD8 = bla _lwzxCheck
+0x038E3BE4 = bla _lwzCheck
+
+0x038E3C50 = bla _lwzxCheck
+0x038E3C5C = bla _lwzCheck
\ No newline at end of file
diff --git a/Workaround/BreathOfTheWild_LwzxNullCheck/rules.txt b/Workaround/BreathOfTheWild_LwzxNullCheck/rules.txt
new file mode 100644
index 00000000..6f4c38f8
--- /dev/null
+++ b/Workaround/BreathOfTheWild_LwzxNullCheck/rules.txt
@@ -0,0 +1,4 @@
+[Definition]
+titleIds = 00050000101C9300,00050000101C9400,00050000101C9500
+name = "The Legend of Zelda: Breath of the Wild - LWZX Crash workaround"
+version = 2
\ No newline at end of file