WiiU AutoSplitter stuff

1. EXPORT_FUNC_C(int, OSLaunchTitlev, u64 titleId, u32 argc, char* argv[]);
2. EXPORT_FUNC_C(int, OSLaunchTitlel, u64 titleId, u32 argc, ...); //wrapped by _SYSLaunchTitleDirect --> OSLaunchTitlel with 0 argcs
3. EXPORT_FUNC_C(int, OSLaunchTitleByPathv, const char* path, u32 pathLen, u32 argc, char* argv[]);
4. EXPORT_FUNC_C(int, OSLaunchTitleByPathl, const char* path, u32 pathLen, u32 argc, ...);
5.  
6. OSLaunchTitleArgvStr everything lands here
7. LaunchTitleArgvStr, launch_title
8.  
9. EXPORT_FUNC_C(int, OSRestartGame, u32 argc, char** argv); (wrapped by SYSRelaunchTitle --> still use OSRestartGame)
10. EXPORT_FUNC_C(void, OSForceFullRelaunch, void);
11.  
12.  
13. http://rawpixels.net/
14. 1280x720
15. RGB32
16. RGBA
17. 8,8,8,8
18. Packed
19. (ignore alpha)
20.  
21.  
22. Foreground app memory (RAMPID 7): 0x50000000 to 0x8FFFFFFF (0x40000000)
23. App MEM2 region: 10000000
24.  
25. logical addresses + 0x40000000 = physical address
26.  
27. Espresso CPU:
28. 1.243125 ghz cpu --> 1243.125 MHz
29.  
30. Latte GPU:
31. 549.999755 MHz
32.  
33. Starbuck:
34. Possibly 400MHz (Starlet Wii arm processor: 243 MHz)
35.  
36. Espresso CPU timings:
37. 248625000 bus speed / 4
38. 62156250
39. 62156,248 ticks are one millisecond
40.  
41. Starbuck CPU timings:
42. -1000129 ticks are one second
43. -1000108 ticks are one second
44. -1000000 should be it
45.  
46. 1380769619131401 ticks since epoch
47. 48,717808219178082191780821917808 actual years since epoch = 17782 actual days since epoch = 1536371330 seconds
48.  
49. wiiu: 43,783917400158580669710806697108
50. 0,68767123287671232876712328767123
51.  
52. 1.1.1975: 15956-15957 (55-58 erlaubt)
53.  
54. 03:58 = 4E7CDC98BE073 = 1380770942541939
55. 04:15 = 4E7CE0657E716 = 1380771962545942
56. 1020004003 ticks in 17 min (17,000066716666666666666666666667 minuten)
57. 17 min
58.  
59.  
60.  
61. Need to build mcp, kernel and main lib in this order
62.  
63. Need:
64. MEMAllocFromDefaultHeap (mem2 allocs) --> svcAlloc, svcAllocAlign, svcFree
65.  
66. OSGetTitleID (ppc sends it over)
67.  
68. DCFlushRange --> svcFlushDCache
69.  
70. OSIsAddressValid --> int check_ppc_addr_range(void *address, u32 size) = 0x5E (syscall id) //returns -1 if wrong, 0 if good
71. OSGetTime --> int IOS_GetAbsTime64(u64 *out_buf) = 0x1D (syscall id) //returns 0 if success, current time since epoch in ticks (microseconds)
72.  
73.  
74. http://wiiubrew.org/wiki/IOSU_Syscalls (use retail ids)
75. Syscalls: 0x100 (length) for one
76. Find address with: 0xE7F000F0 + (0x100 * syscall id)
77.  
78. Initial boot (boot from HBL):
79. 1. Pack exploit and autosplitter together. Strip out h files onto sd/app folder if necessary and load them on boot
80. 2. Run exploit (no function hooks, only if exploit hasn't been run yet, if it has skip to step 3, no deinit of stuff)
81. 3. Load DBConfig (button remaps, amiibo remaps, stick axis invert, language remap)
82. 4. Softexit to System Menu
83.  
84. System Menu:
85. 5. In System Menu starts patching hooks (for language remapping etc) (maybe patch ppcExit instead of exit)
86. 6. On first ever title or menu launch when app launched == 1 (gated) issue ioctl after checking the handle exists to iosohax that connections are now allowed, otherwise IOSU instantly closes connections (block the ports regardless at all times). Send address of shared gamepadData and frameCounter Pointer as well.
87. 7. IOSU draws one red pixel in framebuffer --> gamepad and TV on boot of games (draw permanently in a separate thread)
88. 8. Input Display accepts connections as soon as the ioctl gate has been unlocked and gamepadDataPtr and frameCounterPtr address is acquired. Use sleep to achieve periodically "polling". 120 frames per second autosplitter and 60 frames for the input display
89. 9. gamepadDataPtr is set by a combination of WPADRead and VPADRead hooks (pro controller takes priority). Gxwaitforvsync hook decides what to set gamepadPtr to
90. 10. gamepadDataPtr is set to 0 on title exit (exit/ppcExit), IOSU then stops showing inputs
91.  
92. Any Title (System Menu + games):
93.  
94. 11. Whenever a title is booted ioctl send title id that was launched. Otherwise title id is 0
95. 12. Autosplitter on IOSU verifies that the title id in question is running, otherwise connection closes
96.  
97. IOSU autoSplitter max space usage: 55650 bytes (45 MB global heap, 262 kb shared data IOSU) 0x10000 = 65536 bytes (acquire using svcAlloc)
98.  
99. 13. Remaps are handled on the elf side
100. 14. On return to HBL close gate with ioctl before app unloads and reset gamepadData Pointer
101. 15. elf blocks all ports (via socket listen hook) that arent coming from the MEM2 app code block (block autosplitter, input viewer port always)
102. 16. anti cheat protection is handled in elf in gx2waitforvsync hook
103. 17. Gx2waitforvsync hook increases global frame counter on every single call in an u32* ptr address with no rese (might have to gate it to home button calls)
104.  
105. Dump finished run achievements to system slc somewhere? One file. Fourcc. 4 byte size index. 28 bytes per entry (8 byte title id, 8 byte start time absolute, 8 byte end time absolute, 4 byte total load frames). Encrypt 28 bytes with aes 256 bit public key. Allow special pc app using autosplitter port with a special handshake value to receive the file to the pc. Only I have private key for decryption
106.  
107. Add softreset combination that works in every game and forces a game reboot (VPAD/KPAD) = OSRestartGame
108. Adjust autosplitter PC app to send byte stream. Adjust autosplitter WiiU to work without std::vector (dynamically growing array instead)
109.  
110. if mem2 allocation for autosplits crash botw, need to move entire autosplitter to kernel IOSU too without using std::vector
111.  
112.  
113.  
114. OLD:
115.  
116. Perform find export for HIDStart at the beginning
117. compute offset to Hidparams
118. send to ioso via hax
119.  
120. 02000580 HIDStart
121. 020008D8 Buffered Data
122.  
123. 02000510 get params
124. 020007E8 get data
125. +0x358
126.  
127. OSDynLoad_FindExport(nsysccr_handle, 0, "CCRHIDStart", &real_addr1);
128. -0x70 = get params
129.  
130. OSDynLoad_FindExport(nsysccr_handle, 0, "CCRHIDGetBufferedData", &real_addr2);
131. -0xF0 = get data
132.  
133.  
134.  
135. vpad init: 0x02001820
136. +0x1EFC
137. =
138. vpad parser: 0x0200371C
139.  
140.  
141.  
142. vpad init: 0x02001820
143. +0x1EDC
144. =
145.  
146. RetrieveInputSectionForChannel: 0x020036FC
147.  
148. 28c
149. 358
150.  
151.  
152. 112361C
153. 1123644
154. 28
155.  
156. 10027BF8 = ptr to data where inputs get written by ncsys lib
157. 10027BFA = 16 bits all held button codes besides Sticks
158.  
159. 102EF780 = where inputs are stored in the vpad library (until 102F077F)
160.  
161. Stick offset:
162. 0x218
163. 0x27C
164.  
165.  
166. 0x278 byte
167. 0x27C word
168. 0x280 byte