jigsaw wrote:Yes I'd thought rebootex IS reboot.
OK now I understand - as below:
- the rebootex_bin contains both code for decrypting reboot, together with the encrypted and zipped reboot.
- rebootex_bin is made by psp-packer.
- PRXdecrypter is used to decrypt reboot out of rebootex_bin.
- Once we get raw reboot, we can start decompiling works
No: reboot is embedded in loadexec,as you can see from your reversed code,HEN launcher patchs loadexec to execute rebootex and then reboot;rebootex just patchs reboot,in this case (TN HEN),rebootex also contains a gzip'd copy of systemctrl
Oh,by the way,just a tip for your code;in power_callback
Code: Select all
unsigned int addr;
addr = f1("sceLoadExec");
addr += 108;
addr = *(unsigned int *) addr;
is actually the same as
Code: Select all
SceModule2 *mod = f1("sceLoadExec");
u32 addr = mod->text_addr;
Edit: oh,just now I noticed JJS already used SceModule*,but as he said,the structure in pspsdk is...f*cked up;use the correct structure from M33 SDK