API tools faq
paste
Advertisement
KazoWAR

ARM11 RAM Edit

KazoWAR
Jan 23rd, 2015
1,853
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 4.23 KB | None | 0 0
raw download clone embed print report
  1. /*
  2.  * uvloader.c - Userland Vita Loader entry point
  3.  * Copyright 2012 Yifan Lu
  4.  *
  5.  * Licensed under the Apache License, Version 2.0 (the "License");
  6.  * you may not use this file except in compliance with the License.
  7.  * You may obtain a copy of the License at
  8.  *
  9.  *    http://www.apache.org/licenses/LICENSE-2.0
  10.  *
  11.  * Unless required by applicable law or agreed to in writing, software
  12.  * distributed under the License is distributed on an "AS IS" BASIS,
  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14.  * See the License for the specific language governing permissions and
  15.  * limitations under the License.
  16.  */
  17.  
  18. #define START_SECTION __attribute__ ((section (".text.start"), naked))
  19.  
  20. // make sure code is PIE
  21. #ifndef __PIE__
  22. #error "Must compile with -fPIE"
  23. #endif
  24.  
  25. int(*IFile_Open)(void *this, const short *path, int flags) = 0x0022FE08;
  26. int(*IFile_Write)(void *this, unsigned int *written, void *src, unsigned int len) = 0x00168764;
  27. int (*GX_SetTextureCopy)(void *input_buffer, void *output_buffer, unsigned int size, int in_x, int in_y, int out_x, int out_y, int flags) = 0x0011DD48;
  28. int (*GSPGPU_FlushDataCache)(void *addr, unsigned int len) = 0x00191504;
  29. int (*svcSleepThread)(unsigned long long nanoseconds) = 0x0023FFE8;
  30.  
  31. int uvl_entry();
  32.  
  33. /********************************************//**
  34.  *  \brief Starting point from exploit
  35.  *
  36.  *  Call this from your exploit to run UVLoader.
  37.  *  It will first cache all loaded modules and
  38.  *  attempt to resolve its own NIDs which
  39.  *  should only depend on sceLibKernel.
  40.  *  \returns Zero on success, otherwise error
  41.  ***********************************************/
  42.  
  43. int START_SECTION
  44. uvl_start ()
  45. {
  46.     __asm__ volatile (".word 0xE1A00000");
  47.     uvl_entry();
  48.     __asm__ volatile ("bx lr");
  49. }
  50.  
  51. /********************************************//**
  52.  *  \brief Entry point of UVLoader
  53.  *
  54.  *  \returns Zero on success, otherwise error
  55.  ***********************************************/
  56. int
  57. uvl_entry ()
  58. {
  59.     unsigned int addr;
  60.     void *this = 0x08F10000;
  61.     int *written = 0x08F01000;
  62.     int *buf = 0x18410000;
  63.  
  64.     unsigned int offset;
  65.     int i;
  66.  
  67.     //IFile_Open(this, L"dmc:/mem-0xFFFF0000.bin", 6);
  68.     svcSleepThread(0x400000LL);
  69.  
  70.     //copy block of memory to buffer
  71.     addr = 0x17A00000;
  72.     GSPGPU_FlushDataCache(addr, 0x10000);
  73.     GX_SetTextureCopy(addr, buf, 0x10000, 0, 0, 0, 0, 8);
  74.     GSPGPU_FlushDataCache(buf, 0x10000);
  75.  
  76.     //finds the encouter data of Petalburg Woods(AS, OR untested)
  77.     offset = 0;
  78.     for (i = 0; i < 0x4000; i++)
  79.     {
  80.         if ((buf[i] == 0x01070000) && (buf[i + 1] == 0x01070404))
  81.         {
  82.             offset = i;
  83.         }
  84.     }
  85.  
  86.     //if it found somthing overwrite data
  87.     if (offset != 0)
  88.     {
  89.         buf[offset] = 0x02D10000;
  90.         for (i = (offset + 1); i < (offset + 61); i++)
  91.         {
  92.             buf[i] = 0x02D10202;
  93.         }
  94.         buf[offset + 61] = 0x00000202;
  95.     }
  96.  
  97.     //flush back to memory and also write to file for debuging
  98.     svcSleepThread(0x400000LL);
  99.     GSPGPU_FlushDataCache(buf, 0x10000);
  100.     GX_SetTextureCopy(buf, addr, 0x10000, 0, 0, 0, 0, 8);
  101.     GSPGPU_FlushDataCache(addr, 0x10000);
  102.     //IFile_Write(this, written, buf, 0x10000);
  103.     svcSleepThread(0x400000LL);
  104.  
  105.     /*// FCRAM dump
  106.     for (addr = 0x14000000; addr < 0x1A800000; addr += 0x10000)
  107.     {
  108.         //dumps a 0x10000 bytes of ram to sd card
  109.         GSPGPU_FlushDataCache(addr, 0x10000);
  110.         GX_SetTextureCopy(addr, buf, 0x10000, 0, 0, 0, 0, 8);
  111.         GSPGPU_FlushDataCache(buf, 0x10000);
  112.         svcSleepThread(0x400000LL);
  113.         IFile_Write(this, written, buf, 0x10000);
  114.  
  115.         //flashes mostly black screen on the bottom screen for a few frames, this is so i know the program is running and not frozen
  116.         GSPGPU_FlushDataCache(0x18000000, 0x00038400);
  117.         GX_SetTextureCopy(0x18000000, 0x1F48F000, 0x00038400, 0, 0, 0, 0, 8);
  118.         svcSleepThread(0x400000LL);
  119.         GSPGPU_FlushDataCache(0x18000000, 0x00038400);
  120.         GX_SetTextureCopy(0x18000000, 0x1F4C7800, 0x00038400, 0, 0, 0, 0, 8);
  121.         svcSleepThread(0x400000LL);
  122.     }*/
  123.  
  124.     return 0;
  125. }
  126.  
  127.  
  128.  
  129. /********************************************//**
  130.  *  \brief Exiting point for loaded application
  131.  *
  132.  *  This hooks on to exit() call and cleans up
  133.  *  after the application is unloaded.
  134.  *  \returns Zero on success, otherwise error
  135.  ***********************************************/
  136. int
  137. uvl_exit (int status)
  138. {
  139.     return 0;
  140. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!