mirror of
https://github.com/wiiu-env/gx2sploit.git
synced 2024-11-01 01:05:14 +01:00
60 lines
1.9 KiB
C
60 lines
1.9 KiB
C
#ifndef KEXPLOIT_H
|
|
#define KEXPLOIT_H
|
|
|
|
#include <stdbool.h>
|
|
#include <stdint.h>
|
|
#include <stddef.h>
|
|
|
|
/* Wait times for CPU0 and CPU2 */
|
|
#define CPU0_WAIT_TIME 80
|
|
#define CPU2_WAIT_TIME 92
|
|
|
|
/* Gadget finding addresses */
|
|
#define JIT_ADDRESS 0x01800000
|
|
#define CODE_ADDRESS_START 0x0D800000
|
|
#define CODE_ADDRESS_END 0x0F848A0C
|
|
|
|
/* Kernel addresses, stolen from Chadderz */
|
|
#define KERN_HEAP 0xFF200000
|
|
#define KERN_HEAP_PHYS 0x1B800000
|
|
|
|
#define KERN_SYSCALL_TBL_1 0xFFE84C70 // unknown
|
|
#define KERN_SYSCALL_TBL_2 0xFFE85070 // works with games
|
|
#define KERN_SYSCALL_TBL_3 0xFFE85470 // works with loader
|
|
#define KERN_SYSCALL_TBL_4 0xFFEAAA60 // works with home menu
|
|
#define KERN_SYSCALL_TBL_5 0xFFEAAE60 // works with browser (previously KERN_SYSCALL_TBL)
|
|
|
|
#define KERN_CODE_READ 0xFFF023D4
|
|
#define KERN_CODE_WRITE 0xFFF023F4
|
|
#define KERN_ADDRESS_TBL 0xFFEAB7A0
|
|
#define KERN_DRVPTR (KERN_ADDRESS_TBL - 0x270)
|
|
|
|
/* Browser PFID */
|
|
#define PFID_BROWSER 8
|
|
|
|
/* Kernel heap constants */
|
|
#define STARTID_OFFSET 0x08
|
|
#define METADATA_OFFSET 0x14
|
|
#define METADATA_SIZE 0x10
|
|
|
|
/* Size of a Cafe OS thread */
|
|
#define OSTHREAD_SIZE 0x1000
|
|
|
|
void run_kexploit(uint32_t coreinit_handle);
|
|
|
|
void KernelWrite(uint32_t addr, const void *data, uint32_t length, uint32_t coreinit_handle);
|
|
|
|
void KernelWriteU32(uint32_t addr, uint32_t value, uint32_t coreinit_handle);
|
|
|
|
void KernelWriteU32FixedAddr(uint32_t addr, uint32_t value, uint32_t coreinit_handle);
|
|
|
|
extern void SC_KernelCopyData(uint32_t dst, uint32_t src, uint32_t len);
|
|
|
|
void *find_gadget(uint32_t code[], uint32_t length, uint32_t gadgets_start);
|
|
|
|
/* Arbitrary read and write syscalls */
|
|
uint32_t __attribute__ ((noinline)) kern_read(const void *addr);
|
|
void __attribute__ ((noinline)) kern_write(void *addr, uint32_t value);
|
|
|
|
#endif /* KEXPLOIT_H */
|