From 1439b846869611b787adf1616c73b079a03e90fb Mon Sep 17 00:00:00 2001 From: "(no author)" <(no author)@b08762b0-b915-fc4b-9d8c-17b2551a87ff> Date: Wed, 29 Dec 2010 10:53:43 +0000 Subject: [PATCH] =?UTF-8?q?=E5=BE=AE=E5=A6=99=E3=81=ABthumb=E3=82=B3?= =?UTF-8?q?=E3=83=BC=E3=83=89=E5=AF=BE=E5=BF=9C=20thumb=E3=81=AE=E5=8B=95?= =?UTF-8?q?=E4=BD=9C=E7=A2=BA=E8=AA=8D=E3=81=BE=E3=81=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Users/lillianskinner/Downloads/platinum/twl/TwlIPL/branches/20101202_Majikon_Patch@2987 b08762b0-b915-fc4b-9d8c-17b2551a87ff --- .../boot/ARM7/include/targetCode.h | 81 ++++++- .../libraries_sysmenu/boot/ARM7/src/bootAPI.c | 197 +++++++++++------- 2 files changed, 201 insertions(+), 77 deletions(-) diff --git a/build/libraries_sysmenu/boot/ARM7/include/targetCode.h b/build/libraries_sysmenu/boot/ARM7/include/targetCode.h index 8a6f55eb..0613d491 100644 --- a/build/libraries_sysmenu/boot/ARM7/include/targetCode.h +++ b/build/libraries_sysmenu/boot/ARM7/include/targetCode.h @@ -27,13 +27,14 @@ #define MAJIKON_PATCH_ADDR 0x02fff800 #ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC -#define MAJIKON_APP_TARGET_COMMAND 0xE12FFF1E // [bx lr] 命令 +#define MAJIKON_APP_TARGET_COMMAND_ARM 0xE12FFF1E // [bx lr] 命令 +#define MAJIKON_APP_TARGET_COMMAND_THUMB 0x4718 // [bx r3] 命令 #define TARGET_ARM_CODE_MAX_SIZE 0x40 #define TARGET_THUMB_CODE_MAX_SIZE 0x80 -#define TARGET_ARM_CODE_NUM 7 +#define TARGET_ARM_CODE_NUM 8 #define TARGET_THUMB_CODE_NUM 1 #else -#define MAJIKON_APP_TARGET_COMMAND 0xE12FFF11 // [bx r1] 命令 +#define MAJIKON_APP_TARGET_COMMAND_ARM 0xE12FFF11 // [bx r1] 命令 #define TARGET__ARM_CODE_MAX_SIZE 0x48 #define TARGET_ARM_CODE_NUM 6 #endif @@ -42,6 +43,77 @@ extern "C" { #endif + +// ↓ パッチコードにジャンプするコード。処理が戻ってこなくていいのでPCの退避は行わない +u32 patch_jump_arm[] = +{ + 0xE51FF004, // ldr pc, [pc, #-4] + 0x02FFF800 // dcd 0x02fff800; +}; + +#ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC +u16 patch_jump_thumb[] = +{ + 0xFFFF, + 0xFFFF +}; +#endif + +// ↓ MCU_SetCameraLedStatus( MCU_CAMERA_LED_ON ); 相当の処理 (size 0x15c) +const u32 patch_core_arm[] = +{ +#ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC + // カメラLED点灯 + 0xE3A00000, 0xEA00004B, 0xE59F3140, 0xE5D31000, + 0xE3110080, 0x1AFFFFFC, 0xE59F2134, 0xE3A0104A, + 0xE5C21000, 0xE3A010C2, 0xE5C31000, 0xE5D21001, + 0xE3110080, 0x1AFFFFFC, 0xE5D21001, 0xE2011010, + 0xE1B01241, 0x0A00003A, 0xE59F2100, 0xE5D21000, + 0xE3110080, 0x1AFFFFFC, 0xE59F20F0, 0xE3A03000, + 0xEA000000, 0xE5D21000, 0xE3530E15, 0xE2833001, + 0xBAFFFFFB, 0xE59F20D8, 0xE3A01031, 0xE5C21000, + 0xE3A010C0, 0xE5C21001, 0xE5D21001, 0xE3110080, + 0x1AFFFFFC, 0xE5D21001, 0xE2011010, 0xE1B01241, + 0x0A000023, 0xE59F20A4, 0xE5D21000, 0xE3110080, + 0x1AFFFFFC, 0xE59F2094, 0xE3A03000, 0xEA000000, + 0xE5D21000, 0xE3530E15, 0xE2833001, 0xBAFFFFFB, + 0xE59F207C, 0xE3A01001, 0xE5C21000, 0xE3A010C0, + 0xE5C21001, 0xE5D21001, 0xE3110080, 0x1AFFFFFC, + 0xE59F2058, 0xE3A03000, 0xEA000000, 0xE5D21000, + 0xE3530E15, 0xE2833001, 0xBAFFFFFB, 0xE59F203C, + 0xE3A010C5, 0xE5C21000, 0xE5D21000, 0xE3110080, + 0x1AFFFFFC, 0xE5D21000, 0xE2011010, 0xE1B01241, + 0x1A000002, 0xE2800001, 0xE3500008, 0xBAFFFFB1, + 0xE59F0010, 0xE3A01000, 0xE1C010B0, 0xEAFFFFFE, + 0x04004501, 0x04004500, 0x04000208, +#else + // 電源LEDが赤になる + 0xE3A00000, 0xEA00004B, 0xE59F3140, 0xE5D31000, + 0xE3110080, 0x1AFFFFFC, 0xE59F2134, 0xE3A0104A, + 0xE5C21000, 0xE3A010C2, 0xE5C31000, 0xE5D21001, + 0xE3110080, 0x1AFFFFFC, 0xE5D21001, 0xE2011010, + 0xE1B01241, 0x0A00003A, 0xE59F2100, 0xE5D21000, + 0xE3110080, 0x1AFFFFFC, 0xE59F20F0, 0xE3A03000, + 0xEA000000, 0xE5D21000, 0xE3530E15, 0xE2833001, + 0xBAFFFFFB, 0xE59F20D8, 0xE3A01063, 0xE5C21000, + 0xE3A010C0, 0xE5C21001, 0xE5D21001, 0xE3110080, + 0x1AFFFFFC, 0xE5D21001, 0xE2011010, 0xE1B01241, + 0x0A000023, 0xE59F20A4, 0xE5D21000, 0xE3110080, + 0x1AFFFFFC, 0xE59F2094, 0xE3A03000, 0xEA000000, + 0xE5D21000, 0xE3530E15, 0xE2833001, 0xBAFFFFFB, + 0xE59F207C, 0xE3A01001, 0xE5C21000, 0xE3A010C0, + 0xE5C21001, 0xE5D21001, 0xE3110080, 0x1AFFFFFC, + 0xE59F2058, 0xE3A03000, 0xEA000000, 0xE5D21000, + 0xE3530E15, 0xE2833001, 0xBAFFFFFB, 0xE59F203C, + 0xE3A010C5, 0xE5C21000, 0xE5D21000, 0xE3110080, + 0x1AFFFFFC, 0xE5D21000, 0xE2011010, 0xE1B01241, + 0x1A000002, 0xE2800001, 0xE3500008, 0xBAFFFFB1, + 0xE59F0010, 0xE3A01000, 0xE1C010B0, 0xEAFFFFFE, + 0x04004501, 0x04004500, 0x04000208, +#endif +}; + + u32 target_code_list_arm[TARGET_ARM_CODE_NUM][TARGET_ARM_CODE_MAX_SIZE] = { #ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC @@ -160,7 +232,7 @@ u32 target_code_list_arm[TARGET_ARM_CODE_NUM][TARGET_ARM_CODE_MAX_SIZE] = 0x1afffff7, 0xe8bd40f8, 0xe12fff1e, 0x03809420, 0x027ffc40, 0x038070b4, }, - /* + // デバッグ用 { 0xE92D40F8, 0xE59F00E4, 0xE5900004, 0xE3500000, @@ -180,7 +252,6 @@ u32 target_code_list_arm[TARGET_ARM_CODE_NUM][TARGET_ARM_CODE_MAX_SIZE] = 0xE3500000, 0x1AFFFFF7, 0xE8BD40F8, 0xE12FFF1E, 0x0380C6A0, 0x03809EA8, 0x02FFFC3C }, - */ #else diff --git a/build/libraries_sysmenu/boot/ARM7/src/bootAPI.c b/build/libraries_sysmenu/boot/ARM7/src/bootAPI.c index 4b0ca01f..da9dc9b0 100644 --- a/build/libraries_sysmenu/boot/ARM7/src/bootAPI.c +++ b/build/libraries_sysmenu/boot/ARM7/src/bootAPI.c @@ -68,7 +68,10 @@ static void BOOTi_RebootCallback( void** entryp, void* mem_list, REBOOTTarget* t static void BOOTi_SetMainMemModeForNTR( void ); void BOOTi_SetMainMemModeForNTRCore( u32 addr ); -static u32 SearchBinary_Majikon( void ); +static u32 SearchBinaryArm( void ); +#ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC +static u32 SearchBinaryThumb( void ); +#endif // global variables-------------------------------------------------- @@ -132,7 +135,7 @@ void BOOT_Init( void ) } -static u32 SearchBinary_Majikon( void ) +static u32 SearchBinaryArm( void ) { u32 target_command_address = 0; u32 elem[TARGET_ARM_CODE_NUM]; @@ -148,7 +151,7 @@ static u32 SearchBinary_Majikon( void ) p = (u32 *)MI_CpuFind32( target_code_list_arm[i], 0x0, TARGET_ARM_CODE_MAX_SIZE * sizeof(u32) ); if( p ) { - elem[i] = (u32)(p - target_code_list_arm[i]) * 4; + elem[i] = (u32)(p - target_code_list_arm[i]) * sizeof(u32); } OS_TPrintf("code %d size is 0x%x (%d)\n", i, elem[i], elem[i]); } @@ -173,9 +176,9 @@ static u32 SearchBinary_Majikon( void ) while( *(u32 *)current == *codep ) { - hit += 4; + hit += sizeof(u32); - if( *(u32 *)current == MAJIKON_APP_TARGET_COMMAND ) + if( *(u32 *)current == MAJIKON_APP_TARGET_COMMAND_ARM ) { OS_TPrintf("*** Target Command Find!!\n"); target_command_address = current; @@ -220,10 +223,104 @@ static u32 SearchBinary_Majikon( void ) } +#ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC +static u32 SearchBinaryThumb( void ) +{ + u32 target_command_address = 0; + u32 elem[TARGET_THUMB_CODE_NUM]; + u32 i; + + OS_TPrintf("=====================================\n"); + for( i = 0; i < TARGET_THUMB_CODE_NUM; i++ ) + { + u32 count = 0; + u32 *p; + + elem[i] = 0; + p = (u32 *)MI_CpuFind32( target_code_list_thumb[i], 0x0, TARGET_THUMB_CODE_MAX_SIZE * sizeof(u16) ); + if( p ) + { + elem[i] = (u32)(p - (u32 *)target_code_list_thumb[i]) * sizeof(u16); + } + OS_TPrintf("code %d size is 0x%x (%d)\n", i, elem[i], elem[i]); + } + + for( i = 0; i < TARGET_THUMB_CODE_NUM; i++ ) + { + u32 search_size = MAJIKON_APP_ARM7_STATIC_BUFFER_SIZE; + u32 current = MAJIKON_APP_ARM7_STATIC_BUFFER; + u32 hit = 0; + BOOL isFinish = FALSE; + u16 *codep = target_code_list_thumb[i]; + + OS_TPrintf("search code %d start\n", i); + while( search_size >= elem[i] || hit ) + { + if( *(u16 *)current != *codep ) + { + current += sizeof(u16); + search_size -= sizeof(u16); + continue; + } + + while( *(u16 *)current == *codep ) + { + hit += sizeof(u16); + + if( *(u16 *)current == MAJIKON_APP_TARGET_COMMAND_THUMB ) + { + OS_TPrintf("*** Target Command Find!!\n"); + target_command_address = current; + } + + if( hit == elem[i] ) + { + isFinish = TRUE; + break; + } + + codep++; + current += sizeof(u16); + search_size -= sizeof(u16); + } + + if( isFinish ) + { + OS_TPrintf("*** Target Code Find!!\n"); + break; + } + target_command_address = 0; + hit = 0; + codep = target_code_list_thumb[i]; + } + + if( isFinish ) + { + OS_TPrintf("Match!!\n"); + break; + } + else + { + OS_TPrintf("No Match...\n"); + } + } + + OS_TPrintf("\ntarget address : 0x%08x\n", target_command_address); + OS_TPrintf("=====================================\n"); + + // [TODO] 2命令前でいいの?要確認。 + return (target_command_address - sizeof(u16)); // 埋め込むコードは2命令あるので、1つ前のアドレスを返す +} +#endif + + BOOL BOOT_WaitStart( void ) { if( (reg_PXI_MAINPINTF & 0x000f ) == 0x000f ) { - u32 target_address; + u32 target_address_arm; +#ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC + u32 target_address_thumb; +#endif // 最適化されるとポインタを初期化しただけでは何もコードは生成されません ROM_Header *th = (ROM_Header *)SYSM_APP_ROM_HEADER_BUF; // TWL拡張ROMヘッダ(キャッシュ領域、DSアプリには無い) @@ -234,78 +331,34 @@ BOOL BOOT_WaitStart( void ) REBOOTi_SetPostFinalizeCallback( BOOTi_RebootCallback ); // ARM7バッファ( 0x0238_0000 )から特定バイナリをサーチ - target_address = SearchBinary_Majikon(); + target_address_arm = SearchBinaryArm(); - if( target_address ) - { - // ↓ MCU_SetCameraLedStatus( MCU_CAMERA_LED_ON ); 相当の処理 (size 0x15c) - u32 patch_core_arm[] = - { #ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC - // カメラLED点灯 - 0xE3A00000, 0xEA00004B, 0xE59F3140, 0xE5D31000, - 0xE3110080, 0x1AFFFFFC, 0xE59F2134, 0xE3A0104A, - 0xE5C21000, 0xE3A010C2, 0xE5C31000, 0xE5D21001, - 0xE3110080, 0x1AFFFFFC, 0xE5D21001, 0xE2011010, - 0xE1B01241, 0x0A00003A, 0xE59F2100, 0xE5D21000, - 0xE3110080, 0x1AFFFFFC, 0xE59F20F0, 0xE3A03000, - 0xEA000000, 0xE5D21000, 0xE3530E15, 0xE2833001, - 0xBAFFFFFB, 0xE59F20D8, 0xE3A01031, 0xE5C21000, - 0xE3A010C0, 0xE5C21001, 0xE5D21001, 0xE3110080, - 0x1AFFFFFC, 0xE5D21001, 0xE2011010, 0xE1B01241, - 0x0A000023, 0xE59F20A4, 0xE5D21000, 0xE3110080, - 0x1AFFFFFC, 0xE59F2094, 0xE3A03000, 0xEA000000, - 0xE5D21000, 0xE3530E15, 0xE2833001, 0xBAFFFFFB, - 0xE59F207C, 0xE3A01001, 0xE5C21000, 0xE3A010C0, - 0xE5C21001, 0xE5D21001, 0xE3110080, 0x1AFFFFFC, - 0xE59F2058, 0xE3A03000, 0xEA000000, 0xE5D21000, - 0xE3530E15, 0xE2833001, 0xBAFFFFFB, 0xE59F203C, - 0xE3A010C5, 0xE5C21000, 0xE5D21000, 0xE3110080, - 0x1AFFFFFC, 0xE5D21000, 0xE2011010, 0xE1B01241, - 0x1A000002, 0xE2800001, 0xE3500008, 0xBAFFFFB1, - 0xE59F0010, 0xE3A01000, 0xE1C010B0, 0xEAFFFFFE, - 0x04004501, 0x04004500, 0x04000208, -#else - // 電源LEDが赤になる - 0xE3A00000, 0xEA00004B, 0xE59F3140, 0xE5D31000, - 0xE3110080, 0x1AFFFFFC, 0xE59F2134, 0xE3A0104A, - 0xE5C21000, 0xE3A010C2, 0xE5C31000, 0xE5D21001, - 0xE3110080, 0x1AFFFFFC, 0xE5D21001, 0xE2011010, - 0xE1B01241, 0x0A00003A, 0xE59F2100, 0xE5D21000, - 0xE3110080, 0x1AFFFFFC, 0xE59F20F0, 0xE3A03000, - 0xEA000000, 0xE5D21000, 0xE3530E15, 0xE2833001, - 0xBAFFFFFB, 0xE59F20D8, 0xE3A01063, 0xE5C21000, - 0xE3A010C0, 0xE5C21001, 0xE5D21001, 0xE3110080, - 0x1AFFFFFC, 0xE5D21001, 0xE2011010, 0xE1B01241, - 0x0A000023, 0xE59F20A4, 0xE5D21000, 0xE3110080, - 0x1AFFFFFC, 0xE59F2094, 0xE3A03000, 0xEA000000, - 0xE5D21000, 0xE3530E15, 0xE2833001, 0xBAFFFFFB, - 0xE59F207C, 0xE3A01001, 0xE5C21000, 0xE3A010C0, - 0xE5C21001, 0xE5D21001, 0xE3110080, 0x1AFFFFFC, - 0xE59F2058, 0xE3A03000, 0xEA000000, 0xE5D21000, - 0xE3530E15, 0xE2833001, 0xBAFFFFFB, 0xE59F203C, - 0xE3A010C5, 0xE5C21000, 0xE5D21000, 0xE3110080, - 0x1AFFFFFC, 0xE5D21000, 0xE2011010, 0xE1B01241, - 0x1A000002, 0xE2800001, 0xE3500008, 0xBAFFFFB1, - 0xE59F0010, 0xE3A01000, 0xE1C010B0, 0xEAFFFFFE, - 0x04004501, 0x04004500, 0x04000208, + if( !target_address_arm ) + { + target_address_thumb = SearchBinaryThumb(); + } #endif - }; - - // ↓ パッチコードにジャンプするコード。処理が戻ってこなくていいのでPCの退避は行わない - u32 patch_jump[] = - { - 0xE51FF004, // ldr pc, [pc, #-4] - 0x02FFF800 // dcd 0x02fff800; - }; - - // カメラLED光らせる処理埋め込み + + if( target_address_arm ) + { + // パッチ埋め込み MI_CpuCopy8( patch_core_arm, (u32 *)MAJIKON_PATCH_ADDR, sizeof(patch_core_arm)); - // カメラLED光らせる処理に飛ばす処理埋め込み - MI_CpuCopy8( patch_jump, (u32 *)target_address, sizeof(patch_jump)); + // パッチに飛ばす処理埋め込み + MI_CpuCopy8( patch_jump_arm, (u32 *)target_address_arm, sizeof(patch_jump_arm)); } - +#ifdef MAJIKON_APP_CHECK_BY_CARD_PULLOUT_FUNC + else if( target_address_thumb ) + { + // パッチ埋め込み + MI_CpuCopy8( patch_core_arm, (u32 *)MAJIKON_PATCH_ADDR, sizeof(patch_core_arm)); + + // パッチに飛ばす処理埋め込み + MI_CpuCopy8( patch_jump_thumb, (u32 *)target_address_thumb, sizeof(patch_jump_thumb)); + } +#endif + OS_Boot( OS_BOOT_ENTRY_FROM_ROMHEADER, mem_list, target ); } return FALSE;