本文整理汇总了C++中peekq函数的典型用法代码示例。如果您正苦于以下问题:C++ peekq函数的具体用法?C++ peekq怎么用?C++ peekq使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了peekq函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: install_payload_exploit
void install_payload_exploit(void)
{
int n;
for(n = 0; n < 80; n++) {
/* install jump to exploit */
pokeq(NEW_POKE_SYSCALL_ADDR, 0x7C6903A64E800420ULL); //mtctr %r3 // bctr /* jump to exploit addr */
pokeq(NEW_POKE_SYSCALL_ADDR + 8, 0x4E8000204E800020ULL); // blr //blr /* maybe not need it */
peekq(0x8000000000000570ULL);
usleep(5000);
}
poke_syscall = NEW_POKE_SYSCALL;
}
开发者ID:aquilino,项目名称:irismanager-4-x,代码行数:12,代码来源:payload_355.c
示例2: is_payload_loaded_355
int is_payload_loaded_355(void)
{
//1st classic syscall 36 check
u64 *tmp = (u64 *) (u64) & payload_syscall36_355_bin[0]; //syscall 36 payload
syscall_base = SYSCALL_BASE;
if(peekq(0x80000000002be4a0ULL) == *tmp)
return SYS36_PAYLOAD;
//2nd new syscall 36 - sky mod check
if(peekq(0x800000000000ef58ULL) == 0x534B313000000000ULL){ //SK10 HEADER
is_sky = 1;
return SKY10_PAYLOAD;
}
//WaninV2 CFW
if(peekq(0x8000000000079d80ULL) == 0x3880000090830000ULL) //WaninV2
return WANIN_PAYLOAD;
return ZERO_PAYLOAD;
}
开发者ID:aquilino,项目名称:irismanager-4-x,代码行数:22,代码来源:payload_355.c
示例3: remove_new_poke
void remove_new_poke(void)
{
int n;
poke_syscall = 7;
for(n = 0; n < 80; n++) {
pokeq(NEW_POKE_SYSCALL_ADDR, 0xF821FF017C0802A6ULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 8, 0xFBC100F0FBE100F8ULL);
peekq(0x8000000000000570ULL);
usleep(5000);
}
}
开发者ID:aquilino,项目名称:irismanager-4-x,代码行数:13,代码来源:payload_355.c
示例4: is_firm_470
int is_firm_470(void)
{
// TOC 4.70
u64 toc;
toc =peekq(0x8000000000003000ULL);
if(toc == 0x800000000034FB10ULL)
{
return 1;
}
else
{
return 0;
}
}
开发者ID:CaptainCPS,项目名称:IRISMAN-346,代码行数:14,代码来源:payload_470.c
示例5: is_firm_430dex
int is_firm_430dex(void)
{
// 4.30 dex
u64 dex2;
dex2 =peekq(0x8000000000365CA0ULL);
if(dex2 == 0x800000000031A998ULL)
{
return 1;
}
else
{
return 0;
}
}
开发者ID:Deversi,项目名称:HOUYAMAN-master,代码行数:14,代码来源:payload_430dex.c
示例6: is_payload_loaded_470dex
int is_payload_loaded_470dex(void)
{
u64 addr = peekq(0x80000000000004f0ULL);
syscall_base = SYSCALL_BASE;
if((addr>>32) == 0x534B3145) { // new method to detect the payload
addr&= 0xffffffff;
if(addr) {
restore_syscall8[0]= SYSCALL_BASE + 64ULL; // (sc8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
pokeq(restore_syscall8[0], 0x8000000000000000ULL + (u64) (addr + 0x20));
}
return SKY10_PAYLOAD;
}
addr = peekq((SYSCALL_BASE + 36 * 8));
addr = peekq(addr);
if(peekq(addr - 0x20) == 0x534B313000000000ULL) //SK10 HEADER
return SKY10_PAYLOAD;
return ZERO_PAYLOAD;
}
开发者ID:Estwald,项目名称:irismanager-4-x,代码行数:23,代码来源:payload_470dex.c
示例7: is_firm_450
int is_firm_450(void)
{
// 4.50 cex
u64 cex2;
cex2 =peekq(0x800000000035F0D0ULL);
if(cex2 == 0x800000000033AE48ULL)
{
return 1;
}
else
{
return 0;
}
}
开发者ID:darkjiros,项目名称:IRISMAN,代码行数:14,代码来源:payload_450.c
示例8: is_payload_loaded_355
int is_payload_loaded_355(void)
{
//1st classic syscall 36 check
syscall_base = SYSCALL_BASE;
u64 addr = peekq(0x80000000000004f0ULL);
if((addr>>32) == 0x534B3145) { // new method to detect the payload
addr&= 0xffffffff;
if(addr) {
restore_syscall8[0]= SYSCALL_BASE + 64ULL; // (8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
pokeq(restore_syscall8[0], 0x8000000000000000ULL + (u64) (addr + 0x20));
}
return SKY10_PAYLOAD;
}
if(peekq(0x80000000002be4a0ULL) == 0x2564257325303136ULL)
return SYS36_PAYLOAD;
//2nd new syscall 36 - sky mod check
if(peekq(0x800000000000ef58ULL) == 0x534B313000000000ULL){ //SK10 HEADER
return SKY10_PAYLOAD;
}
//WaninV2 CFW
if(peekq(0x8000000000079d80ULL) == 0x3880000090830000ULL) //WaninV2
return WANIN_PAYLOAD;
return ZERO_PAYLOAD;
}
开发者ID:CaptainCPS,项目名称:IRISMAN-346,代码行数:37,代码来源:payload_355.c
示例9: install_lv2_memcpy
static inline void install_lv2_memcpy()
{
int n;
restore_syscall = peekq(SYSCALL_BASE + (u64) (9 * 8));
for(n = 0; n < 50; n++) {
pokeq(0x8000000000001820ULL, 0x8000000000001830ULL);
pokeq(0x8000000000001828ULL, peekq(0x8000000000003000ULL));
pokeq(0x8000000000001830ULL, 0x282500004D820020ULL);
pokeq(0x8000000000001838ULL, 0x38A5FFFF7CC428AEULL);
pokeq(0x8000000000001840ULL, 0x7CC329AE7C0006ACULL);
pokeq(0x8000000000001848ULL, 0x7CE32A1470E80003ULL);
pokeq(0x8000000000001850ULL, 0x282500004082000CULL);
pokeq(0x8000000000001858ULL, 0x7CE838504800000CULL);
pokeq(0x8000000000001860ULL, 0x282800004082FFCCULL);
pokeq(0x8000000000001868ULL, 0x7C0038AC7C0004ACULL);
pokeq(0x8000000000001870ULL, 0x7C003FAC4C00012CULL);
pokeq(0x8000000000001878ULL, 0x4BFFFFB800000000ULL);
_poke((u32) (SYSCALL_BASE + 9 * 8), 0x8000000000001820ULL);
usleep(5000);
}
}
开发者ID:CaptainCPS,项目名称:IRISMAN-346,代码行数:24,代码来源:payload_431.c
示例10: lv2_unpatch_bdvdemu_355
static int lv2_unpatch_bdvdemu_355(void)
{
int n;
int flag = 0;
char * mem = temp_buffer;
memset(mem, 0, 0xff0);
sys8_memcpy((u64) mem, LV2MOUNTADDR_355, 0xff0);
for(n = 0; n< 0xff0; n+= 0x100)
{
if(!memcmp(mem + n, "CELL_FS_IOS:PATA0_BDVD_DRIVE", 29))
{
if(!memcmp(mem + n + 0x69, "temp_bdvd", 10))
{
sys8_memcpy(LV2MOUNTADDR_355 + n + 0x69, (u64) "dev_bdvd\0", 10);
flag++;
}
}
else if(!memcmp(mem + n, "CELL_FS_IOS:USB_MASS_STORAGE0", 29))
{
if(!memcmp(mem + n + 0x69, "dev_bdvd", 9) || !memcmp(mem + n + 0x69, "temp_usb", 9))
{
sys8_memcpy(LV2MOUNTADDR_355 + n + 0x69, (u64) (mem + n + 0x79), 11);
sys8_memset(LV2MOUNTADDR_355 + n + 0x79, 0ULL, 12);
flag+=10;
}
}
else if(!memcmp(mem + n, "CELL_FS_UTILITY:HDD0", 21))
{
if(!memcmp(mem + n + 0x69, "dev_bdvd", 9)
&& !memcmp(mem + n + 0x79, "esp_bdvd", 9)
&& peekq(0x80000000007EF028ULL)==0x494F533A50415441ULL)
{
sys8_memcpy(LV2MOUNTADDR_355 + n, 0x80000000007EF020ULL , 0xF4);
if(is_sky) _poke32(UMOUNT_SYSCALL_OFFSET, 0xFBA100E8); // UMOUNT RESTORE
pokeq(0x80000000007EF028ULL, 0ULL);
flag+=10;
}
}
}
if((mem[0] == 0) && (flag == 0))
return -1;
else
return flag;
}
开发者ID:aquilino,项目名称:irismanager-4-x,代码行数:48,代码来源:payload_355.c
示例11: remove_lv2_memcpy
void remove_lv2_memcpy()
{
int n;
poke_syscall = 7;
for(n = 0; n < 80; n++) {
/* restore syscall */
pokeq(NEW_POKE_SYSCALL_ADDR, 0xF821FF017C0802A6ULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 8, 0xFBC100F0FBE100F8ULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 16, 0xebc2fe287c7f1b78ULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 24, 0x3860032dfba100e8ULL);
peekq(0x8000000000000570ULL);
usleep(5000);
}
}
开发者ID:aquilino,项目名称:irismanager-4-x,代码行数:16,代码来源:payload_355.c
示例12: install_new_poke
void install_new_poke(void)
{
int n;
poke_syscall = 7;
for(n = 0; n < 80; n++) {
// install poke with icbi instruction
pokeq(NEW_POKE_SYSCALL_ADDR, 0xF88300007C001FACULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 8, 0x4C00012C4E800020ULL);
peekq(0x8000000000000570ULL);
usleep(5000);
}
poke_syscall = NEW_POKE_SYSCALL;
}
开发者ID:aquilino,项目名称:irismanager-4-x,代码行数:16,代码来源:payload_355.c
示例13: lv2_patch_storage_421
static int lv2_patch_storage_421(void)
{
lv1_reg regs_i, regs_o;
// test if LV1 Peek is supported
memset(®s_i, 0, sizeof(regs_i));
regs_i.reg11 = 0xB6;
sys8_lv1_syscall(®s_i, ®s_o);
if(((int) regs_o.reg3) <0) {
return -1;
}
//search bin "5F 6F 66 5F 70 72 6F 64 75 63 74 5F 6D 6F 64 65" to find
// LV2 enable syscall storage
save_lv2_storage_patch= peekq(0x80000000002E7920ULL);
pokeq32(0x80000000002E7920ULL, 0x40000000);
regs_i.reg3 = 0x16f758; regs_i.reg4 = 0x7f83e37860000000ULL;
regs_i.reg11 = 0xB6;
sys8_lv1_syscall(®s_i, ®s_o); save_lv1_storage_patches[0]= regs_o.reg4;
regs_i.reg11 = 0xB7; sys8_lv1_syscall(®s_i, ®s_o);
regs_i.reg3 = 0x16f77c; regs_i.reg4 = 0x7f85e37838600001ULL;
regs_i.reg11 = 0xB6;
sys8_lv1_syscall(®s_i, ®s_o); save_lv1_storage_patches[1]= regs_o.reg4;
regs_i.reg11 = 0xB7; sys8_lv1_syscall(®s_i, ®s_o);
regs_i.reg3 = 0x16f7f4; regs_i.reg4 = 0x7f84e3783be00001ULL;
regs_i.reg11 = 0xB6;
sys8_lv1_syscall(®s_i, ®s_o); save_lv1_storage_patches[2]= regs_o.reg4;
regs_i.reg11 = 0xB7; sys8_lv1_syscall(®s_i, ®s_o);
regs_i.reg3 = 0x16f7fc; regs_i.reg4 = 0x9be1007038600000ULL;
regs_i.reg11 = 0xB6;
sys8_lv1_syscall(®s_i, ®s_o); save_lv1_storage_patches[3]= regs_o.reg4;
regs_i.reg11 = 0xB7; sys8_lv1_syscall(®s_i, ®s_o);
is_patched = 1;
return 0;
}
开发者ID:Joonie86,项目名称:IRISMAN,代码行数:46,代码来源:payload_421.c
示例14: install_lv2_memcpy
void install_lv2_memcpy()
{
int n;
poke_syscall = 7;
for(n = 0; n < 80; n++) {
/* install memcpy */
/* This does not work on some PS3s */
pokeq(NEW_POKE_SYSCALL_ADDR, 0x4800000428250000ULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 8, 0x4182001438a5ffffULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 16, 0x7cc428ae7cc329aeULL);
pokeq(NEW_POKE_SYSCALL_ADDR + 24, 0x4bffffec4e800020ULL);
peekq(0x8000000000000570ULL);
usleep(5000);
}
}
开发者ID:aquilino,项目名称:irismanager-4-x,代码行数:17,代码来源:payload_355.c
示例15: load_payload_470dex
void load_payload_470dex (int mode)
{
/*
//Remove Lv2 memory protection, NOT needed for REBUG 4.70
lv1poke(0x370F28 + 0, 0x0000000000000001ULL); // Original: 0x0000000000351FD8ULL
lv1poke(0x370F28 + 8, 0xE0D251B556C59F05ULL); // Original: 0x3B5B965B020AE21AULL
lv1poke(0x370F28 + 16, 0xC232FCAD552C80D7ULL); // Original: 0x7D6F60B118E2E81BULL
lv1poke(0x370F28 + 24, 0x65140CD200000000ULL); // Original: 0x315D8B7700000000ULL
*/
install_lv2_memcpy();
/* WARNING!! It supports only payload with a size multiple of 8 */
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_OFFSET,
(u64) payload_sky_470dex_bin,
payload_sky_470dex_bin_size);
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_UMOUNT_OFFSET, // copy umount routine
(u64) umount_470dex_bin,
umount_470dex_bin_size);
restore_syscall8[0]= SYSCALL_BASE + 64ULL; // (sc8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
u64 id[2];
// copy the id
id[0]= 0x534B314500000000ULL | (u64) PAYLOAD_OFFSET;
id[1] = SYSCALL_BASE + 64ULL; // (sc8*8)
lv2_memcpy(0x80000000000004f0ULL, (u64) &id[0], 16);
u64 inst8 = peekq(0x8000000000003000ULL); // get TOC
lv2_memcpy(0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x28), (u64) &inst8, 8);
inst8 = 0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x20); // syscall_8_desc - sys8
lv2_memcpy(SYSCALL_BASE + (u64) (8 * 8), (u64) &inst8, 8);
usleep(1000);
remove_lv2_memcpy();
pokeq(0x80000000007EF000ULL, 0ULL);// BD Emu mount
pokeq(0x80000000007EF220ULL, 0ULL);
//patches by deank for webMAN, I left them here just in case someone wants to play with, but basically the same thing with SYS36 patches below
/*pokeq(0x800000000026D7F4ULL, 0x4E80002038600000ULL ); // fix 8001003C error Original: 0x4E80002038600000ULL // 0x800000000029E528ULL??
pokeq(0x800000000026D7FCULL, 0x7C6307B44E800020ULL ); // fix 8001003C error Original: 0x7C6307B44E800020ULL // 0x800000000029E530ULL??
pokeq(0x8000000000059F58ULL, 0x63FF003D60000000ULL ); // fix 8001003D error Original: 0x63FF003D419EFFD4ULL
pokeq(0x800000000005A01CULL, 0x3FE080013BE00000ULL ); // fix 8001003E error Original: 0x3FE0800163FF003EULL
pokeq(0x8000000000059FC8ULL, 0x419E00D860000000ULL ); // Original: 0x419E00D8419D00C0ULL
pokeq(0x8000000000059FD0ULL, 0x2F84000448000098ULL ); // Original: 0x2F840004409C0048ULL //PATCH_JUMP
pokeq(0x800000000005E0ACULL, 0x2F83000060000000ULL ); // fix 80010009 error Original: 0x2F830000419E00ACULL
pokeq(0x800000000005E0C0ULL, 0x2F83000060000000ULL ); // fix 80010009 error Original: 0x2F830000419E00ACULL
*/
pokeq(0x8000000000059BFCULL, 0x386000012F830000ULL ); // Ignore LIC.DAT check <- DO NOT REMOVE
pokeq(0x800000000022DAC8ULL, 0x38600000F8690000ULL ); // fix 0x8001002B / 80010017 errors (ported for DEX 4.70 2015-03-03)
/* BASIC PATCHES SYS36 */
// by 2 anonymous people
_poke32(0x59FCC, 0x60000000);
PATCH_JUMP(0x59FD4, 0x5A06C);
_poke32(0x5E0B0, 0x60000000);
_poke32(0x5E0C4, 0x60000000);
_poke( 0x59F58, 0x63FF003D60000000); // fix 8001003D error "ori %r31, %r31, 0x3D\n nop\n"
_poke32(0x5A020, 0x3BE00000); // fix 8001003E error -- 3.55 ok in 0x055F64 "li %r31, 0"
//Fix 0x8001003C error (incorrect version in sys_load_param) - It is present in the new game updates **/
_poke(0x26D7F8, 0x386000007C6307B4); //
_poke32(0x26D7F8 + 8, 0x4E800020); //
/*
-002c3cf0 f8 01 00 b0 7c 9c 23 78 7c 7d 1b 78 4b d8 aa 1d |....|.#x|}.xK...|
+002c3cf0 f8 01 00 b0 7c 9c 23 78 4b d4 01 88 4b d8 aa 1d |....|.#xK...K...| (openhook jump - 0x3E80)
*/
PATCH_JUMP(0x2B24A4, (PAYLOAD_OFFSET+0x30)); // patch openhook
// _poke32(0x2B2480, 0xF821FF61); // free openhook Rogero 4.30 (put "stdu %sp, -0xA0(%sp)" instead "b sub_2E9F98")
#ifdef CONFIG_USE_SYS8PERMH4
PATCH_JUMP(PERMS_OFFSET, (PAYLOAD_OFFSET+0x18));
#endif
}
开发者ID:Estwald,项目名称:irismanager-4-x,代码行数:83,代码来源:payload_470dex.c
示例16: load_payload_450dex
void load_payload_450dex(int mode)
{
//Remove Lv2 memory protection
if( file_exists("/dev_flash/ps3ita") == 0 ) // is not necessary on cfw ps3ita it don't has lv2 memory protection
{
lv1poke(0x370AA8, 0x0000000000000001ULL);
lv1poke(0x370AA8 + 8, 0xE0D251B556C59F05ULL);
lv1poke(0x370AA8 + 16, 0xC232FCAD552C80D7ULL);
lv1poke(0x370AA8 + 24, 0x65140CD200000000ULL);
}
install_lv2_memcpy();
/* WARNING!! It supports only payload with a size multiple of 8 */
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_OFFSET,
(u64) payload_sky_450dex_bin,
payload_sky_450dex_bin_size);
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_UMOUNT_OFFSET, // copy umount routine
(u64) umount_450dex_bin,
umount_450dex_bin_size);
restore_syscall8[0]= SYSCALL_BASE + 64ULL; // (8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
u64 id[2];
// copy the id
id[0]= 0x534B314500000000ULL | (u64) PAYLOAD_OFFSET;
id[1] = SYSCALL_BASE + 64ULL; // (8*8)
lv2_memcpy(0x80000000000004f0ULL, (u64) &id[0], 16);
u64 inst8 = peekq(0x8000000000003000ULL); // get TOC
lv2_memcpy(0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x28), (u64) &inst8, 8);
inst8 = 0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x20); // syscall_8_desc - sys8
lv2_memcpy(SYSCALL_BASE + (u64) (8 * 8), (u64) &inst8, 8);
usleep(1000);
remove_lv2_memcpy();
pokeq(0x80000000007EF000ULL, 0ULL);// BE Emu mount
pokeq(0x80000000007EF220ULL, 0ULL);
//Patches from webMAN
pokeq(0x8000000000275D38ULL, 0x4E80002038600000ULL ); // fix 8001003C error
pokeq(0x8000000000275D40ULL, 0x7C6307B44E800020ULL ); // fix 8001003C error
pokeq(0x8000000000059A8CULL, 0x63FF003D60000000ULL ); // fix 8001003D error
pokeq(0x8000000000059B50ULL, 0x3FE080013BE00000ULL ); // fix 8001003E error
pokeq(0x8000000000059AFCULL, 0x419E00D860000000ULL );
pokeq(0x8000000000059B04ULL, 0x2F84000448000098ULL );
pokeq(0x800000000005D4C0ULL, 0x2F83000060000000ULL );
pokeq(0x800000000005D4D4ULL, 0x2F83000060000000ULL );
/* BASIC PATCHES SYS36 */
// by 2 anonymous people
_poke32(0x59B00, 0x60000000); // done
PATCH_JUMP(0x59B08, 0x59BA0); // done
_poke32(0x5D4C4, 0x60000000); // done
_poke32(0x5D4D8, 0x60000000); // done
_poke( 0x59A8C, 0x63FF003D60000000); // fix 8001003D error "ori %r31, %r31, 0x3D\n nop\n" done
_poke32(0x59B54, 0x3BE00000); // fix 8001003E error -- 3.55 ok in 0x055F64 "li %r31, 0" done
// PATCH_JUMP(0x, 0x56098);
/** Rancid-o: Fix 0x8001003C error (incorrect version in sys_load_param) - It is present in the new game updates **/
_poke(0x275D3C, 0x386000007C6307B4); // is still patched in rebug, anyway..
_poke32(0x275D3C + 8, 0x4E800020);
/*
-002c3cf0 f8 01 00 b0 7c 9c 23 78 7c 7d 1b 78 4b d8 aa 1d |....|.#x|}.xK...|
+002c3cf0 f8 01 00 b0 7c 9c 23 78 4b d4 01 88 4b d8 aa 1d |....|.#xK...K...| (openhook jump - 0x3E80)
*/
PATCH_JUMP(0x2B820C, (PAYLOAD_OFFSET+0x30)); // patch openhook
#ifdef CONFIG_USE_SYS8PERMH4
PATCH_JUMP(PERMS_OFFSET, (PAYLOAD_OFFSET+0x18));
#endif
}
开发者ID:CaptainCPS,项目名称:IRISMAN-346,代码行数:80,代码来源:payload_450dex.c
示例17: load_payload_446
void load_payload_446(int mode)
{
//Remove Lv2 memory protection
lv1poke(0x370AA8 , 0x0000000000000001ULL);
lv1poke(0x370AA8 + 8 , 0xE0D251B556C59F05ULL);
lv1poke(0x370AA8 + 16, 0xC232FCAD552C80D7ULL);
lv1poke(0x370AA8 + 24, 0x65140CD200000000ULL);
install_lv2_memcpy();
/* WARNING!! It supports only payload with a size multiple of 8 */
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_OFFSET,
(u64) payload_sky_446_bin,
payload_sky_446_bin_size);
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_UMOUNT_OFFSET, // copy umount routine
(u64) umount_446_bin,
umount_446_bin_size);
restore_syscall8[0]= SYSCALL_BASE + (u64) (SYSCALL_SK1E * 8ULL); // (8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
u64 id[2];
// copy the id
id[0]= 0x534B314500000000ULL | (u64) PAYLOAD_OFFSET;
id[1] = SYSCALL_BASE + (u64) (SYSCALL_SK1E * 8ULL); // (8*8)
lv2_memcpy(0x80000000000004f0ULL, (u64) &id[0], 16);
u64 inst8 = peekq(0x8000000000003000ULL); // get TOC
lv2_memcpy(0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x28), (u64) &inst8, 8);
inst8 = 0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x20); // syscall_8_desc - sys8
lv2_memcpy(SYSCALL_BASE + (u64) (SYSCALL_SK1E * 8ULL), (u64) &inst8, 8);
usleep(1000);
remove_lv2_memcpy();
pokeq(0x80000000007EF000ULL, 0ULL);// BE Emu mount
pokeq(0x80000000007EF220ULL, 0ULL);
//Patches from webMAN
pokeq(0x8000000000297310ULL, 0x4E80002038600000ULL ); // fix 8001003C error
pokeq(0x8000000000297318ULL, 0x7C6307B44E800020ULL ); // fix 8001003C error
pokeq(0x80000000000560C0ULL, 0x63FF003D60000000ULL ); // fix 8001003D error
pokeq(0x8000000000056184ULL, 0x3FE080013BE00000ULL ); // fix 8001003E error
pokeq(0x8000000000056130ULL, 0x419E00D860000000ULL );
pokeq(0x8000000000056138ULL, 0x2F84000448000098ULL );
pokeq(0x8000000000059AF4ULL, 0x2F83000060000000ULL );
pokeq(0x8000000000059B08ULL, 0x2F83000060000000ULL );
/* BASIC PATCHES SYS36 */
// by 2 anonymous people
_poke32(0x56134, 0x60000000); // done
PATCH_JUMP(0x5613C, 0x561D4); // done
_poke32(0x059AF8, 0x60000000); // done
_poke32(0x059B0C, 0x60000000); // done
_poke( 0x0560C0, 0x63FF003D60000000); // fix 8001003D error "ori %r31, %r31, 0x3D\n nop\n" done
_poke32(0x056188, 0x3BE00000); // fix 8001003E error -- 3.55 ok in 0x055F64 "li %r31, 0" done
PATCH_JUMP(0x5618C, 0x56098); // Not present in rebug, anyway..
/** Rancid-o: Fix 0x8001003C error (incorrect version in sys_load_param) - It is present in the new game updates **/
_poke(0x297314, 0x386000007C6307B4); //done
_poke32(0x297314 + 8, 0x4E800020); //done
/*
-002c3cf0 f8 01 00 b0 7c 9c 23 78 7c 7d 1b 78 4b d8 aa 1d |....|.#x|}.xK...|
+002c3cf0 f8 01 00 b0 7c 9c 23 78 4b d4 01 88 4b d8 aa 1d |....|.#xK...K...| (openhook jump - 0x3E80)
*/
PATCH_JUMP(0x2C47D4, (PAYLOAD_OFFSET+0x30)); // patch openhook - done
_poke32(0x2C47B0, 0xF821FF61); // free openhook Rogero 4.30 (put "stdu %sp, -0xA0(%sp)" instead "b sub_2E9F98")
_poke(0x2C47B8, 0xFB810080FBA10088ULL); // skip stupid new Rogero patch for ToolBox }:/ (must I restore all LV2 patches to skip this shit?)
#ifdef CONFIG_USE_SYS8PERMH4
PATCH_JUMP(PERMS_OFFSET, (PAYLOAD_OFFSET+0x18));
#endif
}
开发者ID:Joonie86,项目名称:IRISMAN_v35,代码行数:81,代码来源:payload_446.c
示例18: load_payload_480
void load_payload_480(int mode)
{
//Remove Lv2 memory protection, NOT needed for REBUG 4.7x
lv1poke(0x370F28 + 0x00, 0x0000000000000001ULL); // Original: 0x0000000000351FD8ULL
lv1poke(0x370F28 + 0x08, 0xE0D251B556C59F05ULL); // Original: 0x3B5B965B020AE21AULL
lv1poke(0x370F28 + 0x10, 0xC232FCAD552C80D7ULL); // Original: 0x7D6F60B118E2E81BULL
lv1poke(0x370F28 + 0x18, 0x65140CD200000000ULL); // Original: 0x315D8B7700000000ULL
install_lv2_memcpy();
/* WARNING!! It supports only payload with a size multiple of 8 */
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_OFFSET,
(u64) payload_sky_480_bin,
payload_sky_480_bin_size);
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_UMOUNT_OFFSET, // copy umount routine
(u64) umount_480_bin,
umount_480_bin_size);
restore_syscall8[0]= SYSCALL_BASE + (u64) (SYSCALL_SK1E * 8ULL); // (8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
u64 id[2];
// copy the id
id[0]= 0x534B314500000000ULL | (u64) PAYLOAD_OFFSET;
id[1] = SYSCALL_BASE + (u64) (SYSCALL_SK1E * 8ULL); // (8*8)
lv2_memcpy(0x80000000000004f0ULL, (u64) &id[0], 16);
u64 inst8 = peekq(0x8000000000003000ULL); // get TOC
lv2_memcpy(0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x28), (u64) &inst8, 8);
inst8 = 0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x20); // syscall_8_desc - sys8
lv2_memcpy(SYSCALL_BASE + (u64) (SYSCALL_SK1E * 8ULL), (u64) &inst8, 8);
usleep(1000);
remove_lv2_memcpy();
pokeq(0x80000000007EF000ULL, 0ULL);// BD Emu mount
pokeq(0x80000000007EF220ULL, 0ULL);
//patches by deank for webMAN, I left them here just in case someone wants to play with, but basically the same thing with SYS36 patches below
pokeq(0x8000000000267144ULL, 0x4E80002038600000ULL ); // fix 8001003C error Original: 0x4E8000208003026CULL
pokeq(0x800000000026714CULL, 0x7C6307B44E800020ULL ); // fix 8001003C error Original: 0x3D201B433C608001ULL
/*
pokeq(0x800000000005688CULL, 0x63FF003D60000000ULL ); // fix 8001003D error Original: 0x63FF003D419EFFD4ULL
pokeq(0x800000000005664CULL, 0x3FE080013BE00000ULL ); // fix 8001003E error Original: 0x3FE0800163FF003EULL
pokeq(0x80000000000565F8ULL, 0x419E00D860000000ULL ); // Original: 0x419E00D8419D00C0ULL
pokeq(0x8000000000056600ULL, 0x2F84000448000098ULL ); // Original: 0x2F840004409C0048ULL //PATCH_JUMP
pokeq(0x800000000005A6DCULL, 0x2F83000060000000ULL ); // fix 80010009 error Original: 0x2F830000419E00ACULL
pokeq(0x800000000005A6F0ULL, 0x2F83000060000000ULL ); // fix 80010009 error Original: 0x2F830000419E00ACULL
*/
pokeq(0x800000000005622CULL, 0x386000012F830000ULL ); // ignore LIC.DAT check
pokeq(0x80000000002275ECULL, 0x38600000F8690000ULL ); // fix 0x8001002B / 80010017 errors
//pokeq(0x8000000000055C58ULL, 0xF821FE917C0802A6ULL ); // just restore the original
//pokeq(0x8000000000058E18ULL, 0x419E0038E8610098ULL ); // just restore the original
/* BASIC PATCHES SYS36 */
// by 2 anonymous people
_poke32(0x565FC, 0x60000000); //
PATCH_JUMP(0x56604, 0x5669C); //
_poke32(0x5A6E0, 0x60000000); // fix 80010009 error
_poke32(0x5A6F4, 0x60000000); // fix 80010019 error
_poke( 0x56588, 0x63FF003D60000000); // fix 8001003D error "ori %r31, %r31, 0x3D\n nop\n" done
_poke32(0x56650, 0x3BE00000); // fix 8001003E error -- 3.55 ok in 0x055F64 "li %r31, 0" done
//Fix 0x8001003C error (incorrect version in sys_load_param) - It is present in the new game updates **/
//_poke(0x267148, 0x386000007C6307B4); //
//_poke32(0x267148 + 0x8, 0x4E800020); //
/*
-002c3cf0 f8 01 00 b0 7c 9c 23 78 7c 7d 1b 78 4b d8 aa 1d |....|.#x|}.xK...|
+002c3cf0 f8 01 00 b0 7c 9c 23 78 4b d4 01 88 4b d8 aa 1d |....|.#xK...K...| (openhook jump - 0x3E80)
*/
PATCH_JUMP(0x297650, (PAYLOAD_OFFSET+0x30)); // patch openhook - done
//_poke32(0x29762C, 0xF821FF61); // free openhook Rogero 4.30 (put "stdu %sp, -0xA0(%sp)" instead "b sub_2E9F98")
#ifdef CONFIG_USE_SYS8PERMH4
PATCH_JUMP(PERMS_OFFSET, (PAYLOAD_OFFSET+0x18));
#endif
}
开发者ID:JuanMiguelBG,项目名称:IRISMAN_v35,代码行数:87,代码来源:payload_480.c
示例19: load_payload_355
void load_payload_355(int mode)
{
install_lv2_memcpy();
/* WARNING!! It supports only payload with a size multiple of 8 */
lv2_memcpy(0x800000000000ef48ULL,
(u64) payload_sky_355_bin,
payload_sky_355_bin_size);
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_UMOUNT_OFFSET, // copy umount routine
(u64) umount_355_bin,
umount_355_bin_size);
restore_syscall8[0]= SYSCALL_BASE + 64ULL; // (8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
u64 id[2];
// copy the id
id[0]= 0x534B314500000000ULL | (u64) PAYLOAD_OFFSET;
id[1] = SYSCALL_BASE + 64ULL; // (8*8)
lv2_memcpy(0x80000000000004f0ULL, (u64) &id[0], 16);
u64 inst8 = peekq(0x8000000000003000ULL); // get TOC
lv2_memcpy(0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x28), (u64) &inst8, 8);
inst8 = 0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x20); // syscall_8_desc - sys8
lv2_memcpy(SYSCALL_BASE + (u64) (8 * 8), (u64) &inst8, 8);
usleep(1000);
remove_lv2_memcpy();
pokeq(0x80000000007EF000ULL, 0ULL);// BE Emu mount
pokeq(0x80000000007EF220ULL, 0ULL);
/* BASIC PATCHES SYS36 */
// by 2 anonymous people
_poke32(0x55f14, 0x60000000);
_poke32(0x55f1c, 0x48000098);
_poke32(0x7af68, 0x60000000);
_poke32(0x7af7c, 0x60000000);
_poke(0x55EA0, 0x63FF003D60000000); // fix 8001003D error
_poke(0x55F64, 0x3FE080013BE00000); // fix 8001003E error
/*
-002b3290 f8 01 00 b0 7c 9c 23 78 7c 7d 1b 78 4b d9 b4 11 |....|.#x|}.xK...|
+002b3290 f8 01 00 b0 7c 9c 23 78 4b d5 bf 40 4b d9 b4 11 |....|.#[email protected]| (openhook jump - 0xF1D8)
*/
//_poke(0x2b3298, 0x4bd5bda04bd9b411ULL); //jump hook
PATCH_JUMP(0x2b3298, (PAYLOAD_OFFSET+0x30));
/** Rancid-o: Fix 0x8001003C error (incorrect version in sys_load_param) - It is present in the new game updates **/
_poke(0x28A404, 0x386000007C6307B4);
_poke32(0x28A40C, 0x4E800020);
#ifdef CONFIG_USE_SYS8PERMH4
PATCH_JUMP(PERMS_OFFSET, (PAYLOAD_OFFSET+0x18));
#endif
}
开发者ID:CaptainCPS,项目名称:IRISMAN-346,代码行数:62,代码来源:payload_355.c
示例20: load_payload_460
void load_payload_460(int mode)
{
//Remove Lv2 memory protection
/* lv1poke(0x370F28, 0x0000000000000001ULL);
lv1poke(0x370F28 + 8, 0xE0D251B556C59F05ULL);
lv1poke(0x370F28 + 16, 0xC232FCAD552C80D7ULL);
lv1poke(0x370F28 + 24, 0x65140CD200000000ULL); */
install_lv2_memcpy();
/* WARNING!! It supports only payload with a size multiple of 8 */
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_OFFSET,
(u64) payload_sky_460_bin,
payload_sky_460_bin_size);
lv2_memcpy(0x8000000000000000ULL + (u64) PAYLOAD_UMOUNT_OFFSET, // copy umount routine
(u64) umount_460_bin,
umount_460_bin_size);
restore_syscall8[0]= SYSCALL_BASE + 64ULL; // (8*8)
restore_syscall8[1]= peekq(restore_syscall8[0]);
u64 id[2];
// copy the id
id[0]= 0x534B314500000000ULL | (u64) PAYLOAD_OFFSET;
id[1] = SYSCALL_BASE + 64ULL; // (8*8)
lv2_memcpy(0x80000000000004f0ULL, (u64) &id[0], 16);
u64 inst8 = peekq(0x8000000000003000ULL); // get TOC
lv2_memcpy(0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x28), (u64) &inst8, 8);
inst8 = 0x8000000000000000ULL + (u64) (PAYLOAD_OFFSET + 0x20); // syscall_8_desc - sys8
lv2_memcpy(SYSCALL_BASE + (u64) (8 * 8), (u64) &inst8, 8);
usleep(1000);
remove_lv2_memcpy();
pokeq(0x80000000007EF000ULL, 0ULL);// BE Emu mount
pokeq(0x80000000007EF220ULL, 0ULL);
/* BASIC PATCHES SYS36 */
// by 2 anonymous people
_poke32(0x565FC, 0x60000000); // done
PATCH_JUMP(0x56604, 0x5669C); // done
_poke32(0x05A658, 0x60000000); // done
_poke32(0x05A66C, 0x60000000); // done
_poke( 0x056588, 0x63FF003D60000000); // fix 8001003D error "ori %r31, %r31, 0x3D\n nop\n" done
_poke32(0x056650, 0x3BE00000); // fix 8001003E error -- 3.55 ok in 0x055F64 "li %r31, 0" done
PATCH_JUMP(0x56654, 0x56560); // Not present in rebug, anyway..
_poke(0x26FDD8, 0x386000007C6307B4); //done
_poke32(0x26FDD8 + 8, 0x4E800020); //done
/*
-002c3cf0 f8 01 00 b0 7c 9c 23 78 7c 7d 1b 78 4b d8 aa 1d |....|.#x|}.xK...|
+002c3cf0 f8 01 00 b0 7c 9c 23 78 4b d4 01 88 4b d8 aa 1d |....|.#xK...K...| (openhook jump - 0x3E80)
*/
PATCH_JUMP(0x2A02E0, (PAYLOAD_OFFSET+0x30)); // patch openhook - done
_poke32(0x2A02BC, 0xF821FF61); // free openhook Rogero 4.30 (put "stdu %sp, -0xA0(%sp)" instead "b sub_2E9F98")
#ifdef CONFIG_USE_SYS8PERMH4
PATCH_JUMP(PERMS_OFFSET, (PAYLOAD_OFFSET+0x18));
#endif
}
开发者ID:darkjiros,项目名称:IRISMAN,代码行数:67,代码来源:payload_460.c
注:本文中的peekq函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论