Port search addr code to python script

2025-06-19 13:35:32 -04:00 · 2016-06-15 18:16:06 +09:00 · 2016-06-15 18:16:06 +09:00 · 3906b0798c
commit 3906b0798c
parent b57169e5cd
1 changed files with 57 additions and 0 deletions
--- a/auto_ntrcardhax/scripts/find_addr.py
+++ b/auto_ntrcardhax/scripts/find_addr.py
@ -0,0 +1,57 @@
 import sys
 import struct
 def search(binary, pattern, skip=0):
    pattern_len = len(pattern)
    for idx in xrange(len(binary)):
        if binary[idx : idx + pattern_len] != pattern:
            continue
        return struct.unpack('I', (binary[idx + skip: idx + skip + 4]))[0]
 def find_ntrcard_header_address(arm9bin):
    # 7C B5               PUSH    {R2-R6,LR}
    # 2C 4C               LDR     R4, =card_struct
    # 05 00               MOVS    R5, R0
    # 2A 48               LDR     R0, =ntrcard_header
    # 26 00               MOVS    R6, R4
    return search(arm9bin, '\x7c\xb5\x2c\x4c\x05\x00\x2a\x48\x26\x00', 0xb0)
 def find_rtfs_cfg_address(arm9bin):
    # 10 B5               PUSH    {R4,LR}
    # 0D 48               LDR     R0, =rtfs_cfg; dest
    # 0D 4C               LDR     R4, =ERTFS_prtfs_cfg
    # FF 22 6D 32         MOVS    R2, #0x16C; len
    # 00 21               MOVS    R1, #0; val
    # 20 60               STR     R0, [R4]
    return search(arm9bin,
                  '\x10\xb5\x0d\x48\x0d\x4c\xff\x22\x6d\x32\x00\x21\x20\x60',
                  0x38)
 def find_rtfs_handle_address(arm9bin):
    # 70 B5               PUSH    {R4-R6,LR}
    # 0B 23               MOVS    R3, #0xB
    # 0B 4A               LDR     R2, =rtfs_handle
    # 00 21               MOVS    R1, #0
    # 9B 01               LSLS    R3, R3, #6
    # C4 18               ADDS    R4, R0, R3
    addr = search(arm9bin,
                  '\x70\xb5\x0b\x23\x0b\x4a\x00\x21\x9b\x01\xc4\x18',
                  0x34)
    if addr:
        return addr + 0x10
 def hex_or_dead(addr):
    return hex(addr or 0xdeadbabe)
 if len(sys.argv) < 2:
    print '%s <native_nand_arm9.bin>' % sys.argv[0]
    raise SystemExit(1)
 with open(sys.argv[1], 'rb') as r:
    arm9bin = r.read()
    ntrcard_header_addr = find_ntrcard_header_address(arm9bin)
    rtfs_cfg_addr = find_rtfs_cfg_address(arm9bin)
    rtfs_handle_addr = find_rtfs_handle_address(arm9bin)
    print '#define NTRCARD_HEADER_ADDR %s' % hex_or_dead(ntrcard_header_addr)
    print '#define RTFS_CFG_ADDR       %s' % hex_or_dead(rtfs_cfg_addr)
    print '#define RTFS_HANDLE_ADDR    %s' % hex_or_dead(rtfs_handle_addr)