wololo.net/talk

Posted: **Thu Mar 22, 2012 5:53 pm**

hey

I was wondering, would there really be no way to fix function calls to hardcoded nids inside program resources ?
for instance it seems I'm getting a crash on Dosbox because of that

Exception - Bus error (instr)
Thread ID - 0x054DB07D
Th Name - user_main
EPC - 0x08031850
Cause - 0x10000018
BadVAddr - 0x5DEDFDFC
Status - 0x60088613
zr:0x00000000 at:0x00000001 v0:0x00000001 v1:0x00000001
a0:0x054C583B a1:0xDEADBEEF a2:0xDEADBEEF a3:0xDEADBEEF
t0:0xDEADBEEF t1:0xDEADBEEF t2:0xDEADBEEF t3:0xDEADBEEF
t4:0x882F9700 t5:0x60088613 t6:0x00004000 t7:0x08031850
s0:0x09CACB30 s1:0x08A37680 s2:0x0000F100 s3:0x00000640
s4:0x08A30000 s5:0x09CC1030 s6:0x00000000 s7:0x09FEC8D8
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FEDB00 k1:0x00000000
gp:0x08A3F180 sp:0x09FEC6B8 fp:0x09CCB2AC ra:0x089909A8
disasm 0x08990990 0x20
0x08990998: 0x8FBF0004 '....' - lw $ra, 4($sp)
0x0899099C: 0x8E0C0000 '....' - lw $t4, 0($s0)
0x089909A0: 0x0180F809 '....' - jalr $t4
0x089909A4: 0x8E100004 '....' - lw $s0, 4($s0)
0x089909A8: 0x5600FFFD '...V' - bnezl $s0, 0x089909A0

and I couldn't happen to find any complete source code of dosbox for psp yet so .. >.>

Posted: **Thu Mar 22, 2012 6:39 pm**

I don't understand the question. Also, a user mode application cannot jump to a kernel address like 0x882F9700. If that's how the homebrew works, that probably means it requires kernel permissions to execute properly.

EDIT: ok, after re-reading it, do you mean modifying the game/app resources to make the $t4 register point somewhere else?

Posted: **Thu Mar 22, 2012 7:19 pm**

m0skit0 wrote:I don't understand the question. Also, a user mode application cannot jump to a kernel address like 0x882F9700. If that's how the homebrew works, that probably means it requires kernel permissions to execute properly.

EDIT: ok, after re-reading it, do you mean modifying the game/app resources to make the $t4 register point somewhere else?

yeah, I mean it may be some simple missing syscall to fix or smthg, but since it just gets directly loaded from $t4 I guess HBL just doesn't see it

Posted: **Thu Mar 22, 2012 7:36 pm**

Yes, HBL doesn't see it. But I insist: DosBox is trying to call kernel code from user mode code using a jump. AFAIK this is only possible if the user mode code was called from kernel mode, which can't be on HBL.

Posted: **Thu Mar 22, 2012 7:51 pm**

m0skit0 wrote:Yes, HBL doesn't see it. But I insist: DosBox is trying to call kernel code from user mode code using a jump. AFAIK this is only possible if the user mode code was called from kernel mode, which can't be on HBL.

ok so it really can't be loaded in user mode I guess then
gonna try signing it just to see haha

Edit: Well it works in user mode too when signed

Posted: **Thu Mar 22, 2012 11:02 pm**

Kernel mode homebrews cannot be signed?

Posted: **Thu Mar 22, 2012 11:50 pm**

yes they can, it's just that the kernel functions they use won't work, I know, but at least it's loading, so I guess it could at least be possible to at least start it too on hbl

wololo.net/talk

jalr calling hardcoded nids on hbl

jalr calling hardcoded nids on hbl

Re: jalr calling hardcoded nids on hbl

Re: jalr calling hardcoded nids on hbl

Re: jalr calling hardcoded nids on hbl

Re: jalr calling hardcoded nids on hbl

Re: jalr calling hardcoded nids on hbl

Re: jalr calling hardcoded nids on hbl