memdump

1. /*
2.  * uvloader.c - Userland Vita Loader entry point
3.  * Copyright 2012 Yifan Lu
4.  *
5.  * Licensed under the Apache License, Version 2.0 (the "License");
6.  * you may not use this file except in compliance with the License.
7.  * You may obtain a copy of the License at
8.  *
9.  *    http://www.apache.org/licenses/LICENSE-2.0
10.  *
11.  * Unless required by applicable law or agreed to in writing, software
12.  * distributed under the License is distributed on an "AS IS" BASIS,
13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14.  * See the License for the specific language governing permissions and
15.  * limitations under the License.
16.  */
17.  
18. #define START_SECTION __attribute__ ((section (".text.start"), naked))
19.  
20. // make sure code is PIE
21. #ifndef __PIE__
22. #error "Must compile with -fPIE"
23. #endif
24.  
25. int(*IFile_Open)(void *this, const short *path, int flags) = 0x0022FE08;
26. int(*IFile_Write)(void *this, unsigned int *written, void *src, unsigned int len) = 0x00168764;
27. int (*GX_SetTextureCopy)(void *input_buffer, void *output_buffer, unsigned int size, int in_x, int in_y, int out_x, int out_y, int flags) = 0x0011DD48;
28. int (*GSPGPU_FlushDataCache)(void *addr, unsigned int len) = 0x00191504;
29. int (*svcSleepThread)(unsigned long long nanoseconds) = 0x0023FFE8;
30.  
31. int uvl_entry();
32.  
33. /********************************************//**
34.  *  \brief Starting point from exploit
35.  *
36.  *  Call this from your exploit to run UVLoader.
37.  *  It will first cache all loaded modules and
38.  *  attempt to resolve its own NIDs which
39.  *  should only depend on sceLibKernel.
40.  *  \returns Zero on success, otherwise error
41.  ***********************************************/
42.  
43. int START_SECTION
44. uvl_start ()
45. {
46.     __asm__ volatile (".word 0xE1A00000");
47.     uvl_entry();
48.     __asm__ volatile ("bx lr");
49. }
50.  
51. /********************************************//**
52.  *  \brief Entry point of UVLoader
53.  *
54.  *  \returns Zero on success, otherwise error
55.  ***********************************************/
56. int
57. uvl_entry ()
58. {
59.     unsigned int addr;
60.     void *this = 0x08F10000;
61.     int *written = 0x08F01000;
62.     int *buf = 0x18410000;
63.        
64.     IFile_Open(this, L"dmc:/mem-0xFFFF0000.bin", 6);
65.     svcSleepThread (0x400000LL);
66.     for (addr = 0x14000000; addr < 0x1A800000; addr += 0x10000)
67.     {
68.                 //dumps a 0x10000 bytes of ram to sd card
69.                 GSPGPU_FlushDataCache(addr, 0x10000);
70.                 GX_SetTextureCopy(addr, buf, 0x10000, 0, 0, 0, 0, 8);
71.                 GSPGPU_FlushDataCache(buf, 0x10000);
72.                 svcSleepThread(0x400000LL);
73.                 IFile_Write(this, written, buf, 0x10000);
74.  
75.                 //flashes mostly black screen on the bottom screen for a few frames, this is so i know the program is running and not frozen
76.                 GSPGPU_FlushDataCache(0x18000000, 0x00038400);
77.                 GX_SetTextureCopy(0x18000000, 0x1F48F000, 0x00038400, 0, 0, 0, 0, 8);
78.                 svcSleepThread(0x400000LL);
79.                 GSPGPU_FlushDataCache(0x18000000, 0x00038400);
80.                 GX_SetTextureCopy(0x18000000, 0x1F4C7800, 0x00038400, 0, 0, 0, 0, 8);
81.                 svcSleepThread(0x400000LL);
82.     }
83.  
84.     return 0;
85. }
86.  
87.  
88.  
89. /********************************************//**
90.  *  \brief Exiting point for loaded application
91.  *
92.  *  This hooks on to exit() call and cleans up
93.  *  after the application is unloaded.
94.  *  \returns Zero on success, otherwise error
95.  ***********************************************/
96. int
97. uvl_exit (int status)
98. {
99.     return 0;
100. }