- Joined
- Jul 21, 2007
- Messages
- 3,225
- Trophies
- 1
- Age
- 43
- Location
- somewhere
- Website
- spinalcode.co.uk
- XP
- 3,380
- Country
I'm guessing we'd have to memcpy over a return address to get ARM 11 to jump to the code we copied via ARM 9 but I'd have to dissemble RAM dumps first to see where to do it.Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.
ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.
Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!
Teoretically, to lauch ARM11 code using the DS profile hack, you have to start with ARM9 code, copy ARM11 code in a proper memory location, then start a new process running on ARM11 at the entry point of new code.
ARM9 can do this, what I don't know is how to do it (some ideas, but a lot more to study), and if the process whe are using has rights to do it. If not you need a second exploit.
Look simple, but it's not. If you have time to spend, why don't you help us to understand how to access GPU? A little step for coders, but a big step for 3DS Homebrew!!!
Some people here have taken the time to look through the obfuscated ROP chains of the Gateway launcher. But they're generally more concerned about elitism than progress in the homebrew community.Anyone know where the Gateway inject the ARM11 code ?
this define haha.A pain in the ass.
I wrote Breakout after just about a week of studying C... I'm just learning a lot by just looking at the source and trying to decipher what it means (especially the inline ASM commands).So I know you guys learn most of the things you know on-the-fly, but do you know of any resources for someone who has only basic C knowledge to learn more? At this point I just know basic console stuff not far past hello world, but I'd like to write homebrew games once the 3ds has a better library. (And hopefully ARM11)
Well.. we have the C Inline ASM, if you use the Jump instruction to a region of memory and write a code assembly(to copy the ARM11 code), maybe that's work.
Anyone know where the Gateway inject the ARM11 code ?
Gateway uses 0x1FFF4000 which is part of the exception vectors.
Gateway uses 0x1FFF4000 which is part of the exception vectors.
Hello guys, sorry double post, anyone know the address where launcher.dat is injected ?(ARM9)
Regards, St4rk.
asm("b 0x1FFF4000;"
"mov r0, #0x080C3EE0;");
Okay, i'm thinking on a way to acess the ARM11, here is my theory:
Write and compile the launcher.dat with an C Inline ASM, example:
Code:asm("b 0x1FFF4000;" "mov r0, #0x080C3EE0;");
but it is a shot in the wild, i don't know if the ARM11 will read this code or no :s
But if the ARM11 read this region of memory is probably will read that code, no ?
I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.
I don't really know ARM architecture, but from what I understood from what everyone said so far, the ROPLoader exploit leaves 3DS in ARM9 only mode, kinda like if ARM11 was pretty much 'off' and ignoring everything.
Arm11 is still pretty much on, anyway arm11 code exec is not the magic promised land ^^