void doArm9Hax(void)
{
#ifdef DEBUG_PROCESS
printf("Setting up Arm9\n");
#endif
int (*reboot)(int, int, int, int) = 0xFFF748C4;
__asm__ ("clrex");
CleanEntireDataCache();
InvalidateEntireInstructionCache();
// ARM9 code copied to FCRAM 0x23F00000
//memcpy(0xF3F00000, ARM9_PAYLOAD, ARM9_PAYLOAD_LEN);
// write function hook at 0xFFFF0C80
//memcpy(0xEFFF4C80, 0x9D23AC, 0x9D2580);
// write FW specific offsets to copied code buffer
*(int *)(0xEFFF4C80 + 0x60) = 0xFFFD0000; // PDN regs
*(int *)(0xEFFF4C80 + 0x64) = 0xFFFD2000; // PXI regs
*(int *)(0xEFFF4C80 + 0x68) = 0xFFF84DDC; // where to return to from hook
// patch function 0xFFF84D90 to jump to our hook
*(int *)(0xFFF84DD4 + 0) = 0xE51FF004; // ldr pc, [pc, #-4]
*(int *)(0xFFF84DD4 + 4) = 0xFFFF0C80; // jump_table + 0
// patch reboot start function to jump to our hook
*(int *)(0xFFFF097C + 0) = 0xE51FF004; // ldr pc, [pc, #-4]
*(int *)(0xFFFF097C + 4) = 0x8F028C4; // jump_table + 4
InvalidateEntireInstructionCache();
printf("test1\n");
reboot(0, 0, 2, 0); // trigger reboot
}