projects
/
savezelda.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f31c753
)
batman: getting rid of bptr and added further offset for RVL-RLBP-EUR-B0
author
Bernhard Urban
<lewurm@gmail.com>
Sun, 9 Jan 2011 17:53:03 +0000
(18:53 +0100)
committer
Bernhard Urban
<lewurm@gmail.com>
Wed, 12 Jan 2011 19:53:22 +0000
(20:53 +0100)
batman/exploit.s
patch
|
blob
|
history
diff --git
a/batman/exploit.s
b/batman/exploit.s
index e607aae10c473594bf30a7536243b8ee175c4077..6c0ebabdfbe9b96b73732672e8f764c690b2ffe7 100644
(file)
--- a/
batman/exploit.s
+++ b/
batman/exploit.s
@@
-4,16
+4,18
@@
# see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
.section .start,"ax"
# see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
.section .start,"ax"
+ retadr = 0x90394140
-start:
# The return addr for the nintendo loader is a bit different as for 3rd
# party loaders. In fact, it depends which value is set by the apploader at
# 0x8000002c:
# - 0x0: return address is 0x90394140 (some 3rd party loader, e.g. gecko os)
# - 0x23: return address is 0x90394000 (set by the sysmenu loader by nintendo)
# The return addr for the nintendo loader is a bit different as for 3rd
# party loaders. In fact, it depends which value is set by the apploader at
# 0x8000002c:
# - 0x0: return address is 0x90394140 (some 3rd party loader, e.g. gecko os)
# - 0x23: return address is 0x90394000 (set by the sysmenu loader by nintendo)
+ # 0B ver: 0x90394100
# to make both work, we insert some no op's here
# to make both work, we insert some no op's here
- .fill (0x1
5
0/0x4), 4, 0x60000000
+ .fill (0x1
4
0/0x4), 4, 0x60000000
+start:
# Set up a stack frame.
lis 1,0x8080 ; li 0,0 ; stwu 0,-64(1)
# Set up a stack frame.
lis 1,0x8080 ; li 0,0 ; stwu 0,-64(1)
@@
-25,8
+27,11
@@
start:
# the save file.
lis 3,main@h ; ori 3,3,main@l ; addi 5,3,-4
# the save file.
lis 3,main@h ; ori 3,3,main@l ; addi 5,3,-4
- lis 4,0x8059 ; ori 4,4,0x3f1c ; lwz 4,0(4) ; addi 4,4,-4
- addis 4,4,1 ; addi 4,4,end-start
+ lis 4,retadr@h ; ori 4,4,retadr@l-4
+ # Calculate proper offset for the loader in memory
+0: lbzu 0,4(4); cmpwi 0,0x60 ; beq 0b
+ addi 4,4,-4; addi 4,4,end-start
+
li 0,0x2000 ; mtctr 0
0: lwzu 0,4(4) ; stwu 0,4(5) ; bdnz 0b
li 0,0x2000 ; mtctr 0
0: lwzu 0,4(4) ; stwu 0,4(5) ; bdnz 0b