mirror of
https://github.com/wiiu-env/haxchi.git
synced 2024-11-29 03:14:17 +01:00
Switch to Mii Maker after calling the payload.
This commit is contained in:
parent
d765d2530c
commit
fc0b05ab9d
@ -1,6 +1,7 @@
|
|||||||
|
|
||||||
; constants for position calcs
|
; constants for position calcs
|
||||||
COREINIT_OFFSET equ (- 0xFE3C00)
|
COREINIT_OFFSET equ (- 0xFE3C00)
|
||||||
|
SYSAPP_OFFSET equ (0x01B75D00)
|
||||||
|
|
||||||
; coreinit gadgets
|
; coreinit gadgets
|
||||||
MTCTR_R30_MR_R8R21_R7R29_R6R28_R5R27_R4R25_R3R24_BCTRL equ (COREINIT_OFFSET + 0x02002968)
|
MTCTR_R30_MR_R8R21_R7R29_R6R28_R5R27_R4R25_R3R24_BCTRL equ (COREINIT_OFFSET + 0x02002968)
|
||||||
@ -17,3 +18,5 @@ IC_INVALIDATERANGE equ (0x02007CB0 + COREINIT_OFFSET)
|
|||||||
OSSAVESDONE_READYTORELEASE equ (0x0201D5B8 + COREINIT_OFFSET)
|
OSSAVESDONE_READYTORELEASE equ (0x0201D5B8 + COREINIT_OFFSET)
|
||||||
OSRELEASEFOREGROUND equ (0x0201D5BC + COREINIT_OFFSET)
|
OSRELEASEFOREGROUND equ (0x0201D5BC + COREINIT_OFFSET)
|
||||||
OSFATAL equ (0x02015218 + COREINIT_OFFSET)
|
OSFATAL equ (0x02015218 + COREINIT_OFFSET)
|
||||||
|
_EXIT equ (0x02000980 + COREINIT_OFFSET)
|
||||||
|
_SYSLaunchMiiStudio equ (0x020019D4 + SYSAPP_OFFSET)
|
||||||
|
15
haxchi_rop.s
15
haxchi_rop.s
@ -118,10 +118,8 @@ rop_hook_start:
|
|||||||
.arm.big
|
.arm.big
|
||||||
|
|
||||||
rop_start:
|
rop_start:
|
||||||
; do hachihachi cleanups so we can use everything safely
|
; quit out of GX2 so we can re-use it in core 0
|
||||||
call_func HACHI_APPLICATION_SHUTDOWNANDDESTROY, HACHI_APPLICATION_PTR, 0, 0, 0
|
|
||||||
call_func NERD_FASTWIIU_SHUTDOWN, 0, 0, 0, 0
|
call_func NERD_FASTWIIU_SHUTDOWN, 0, 0, 0, 0
|
||||||
call_func CORE_SHUTDOWN, 0, 0, 0, 0
|
|
||||||
|
|
||||||
; set up hbl_loader in core 0
|
; set up hbl_loader in core 0
|
||||||
call_func_6args NERD_CREATETHREAD, NERD_THREAD0OBJECT, LWZ_R0xAFC_MTLR_R0_ADDI_R1xAF8_BLR, 0x1007E7A8, thread0_param, 0x0, 0x0
|
call_func_6args NERD_CREATETHREAD, NERD_THREAD0OBJECT, LWZ_R0xAFC_MTLR_R0_ADDI_R1xAF8_BLR, 0x1007E7A8, thread0_param, 0x0, 0x0
|
||||||
@ -200,6 +198,13 @@ rop_start:
|
|||||||
call_func NERD_STARTTHREAD, NERD_THREAD0OBJECT, 0x0, 0x0, 0x0
|
call_func NERD_STARTTHREAD, NERD_THREAD0OBJECT, 0x0, 0x0, 0x0
|
||||||
call_func NERD_JOINTHREAD, NERD_THREAD0OBJECT, 0x0, 0x0, 0x0
|
call_func NERD_JOINTHREAD, NERD_THREAD0OBJECT, 0x0, 0x0, 0x0
|
||||||
|
|
||||||
|
; clean up the rest of hachihachi
|
||||||
|
call_func HACHI_APPLICATION_SHUTDOWNANDDESTROY, HACHI_APPLICATION_PTR, 0, 0, 0
|
||||||
|
call_func CORE_SHUTDOWN, 0, 0, 0, 0
|
||||||
|
|
||||||
|
; on exit we want to go into mii studio directly
|
||||||
|
call_func _SYSLaunchMiiStudio, 0x0, 0x0, 0x0, 0x0
|
||||||
|
|
||||||
; prepare system for foreground release
|
; prepare system for foreground release
|
||||||
call_func OSSAVESDONE_READYTORELEASE, 0, 0, 0, 0
|
call_func OSSAVESDONE_READYTORELEASE, 0, 0, 0, 0
|
||||||
|
|
||||||
@ -214,7 +219,7 @@ rop_start:
|
|||||||
call_func OSRELEASEFOREGROUND, 0, 0, 0, 0
|
call_func OSRELEASEFOREGROUND, 0, 0, 0, 0
|
||||||
|
|
||||||
; launch mii studio app
|
; launch mii studio app
|
||||||
.word _START_EXIT
|
.word _EXIT
|
||||||
|
|
||||||
core0rop:
|
core0rop:
|
||||||
; switch codegen to RW
|
; switch codegen to RW
|
||||||
@ -257,7 +262,7 @@ rop_start:
|
|||||||
.halfword 0x0004 ; thread affinity (core2)
|
.halfword 0x0004 ; thread affinity (core2)
|
||||||
|
|
||||||
hbl_loader:
|
hbl_loader:
|
||||||
.incbin "hbl_loader.bin"
|
.incbin "code550.bin"
|
||||||
hbl_loader_end:
|
hbl_loader_end:
|
||||||
|
|
||||||
.Close
|
.Close
|
||||||
|
Loading…
Reference in New Issue
Block a user