Finding memory boundaries quickly

Discussion in 'Wii U - Hacking & Backup Loaders' started by BullyWiiPlaza, Aug 24, 2016.

  1. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,770
    1,439
    Aug 2, 2014
    Germany
    As you guys know it can be annoying to freeze if you access a bad memory range and you don't know how big the App MEM2 region is? Wrong! This can be prevented quite easily by tracking down the boundaries with the OSEffectriveToPhysical() function. I'll just leave this JGecko U Java code here for anyone who is enlightened by this binary search implementation :P

    Code:
    private static int getMemoryBoundary(int startingAddress, int lastAddress, boolean convergeDownwards) throws IOException
    {
        int middle = (lastAddress - startingAddress) / 2 + startingAddress;
        int physicalAddress = CoreInit.getEffectiveToPhysical(middle);
    
        while (true)
        {
            // Is it mapped?
            if ((physicalAddress != 0 && convergeDownwards)
                    || (physicalAddress == 0 && !convergeDownwards))
            {
                lastAddress = middle;
    
            } else
            {
                startingAddress = middle;
            }
    
            int previousMiddle = middle;
            middle = (lastAddress - startingAddress) / 2 + startingAddress;
    
            // The middle does no longer update, algorithm terminates
            if (previousMiddle == middle)
            {
                break;
            }
    
            physicalAddress = CoreInit.getEffectiveToPhysical(middle);
        }
    
        return middle;
    }
    For Mario Kart 8 for example the output of this code...
    Code:
    Connector.getInstance().connect("192.168.178.35");
    
    int boundary = getMemoryBoundary(0x10000000, 0x50000000, false);
    System.out.println("Upper Bound: " + Integer.toHexString(boundary).toUpperCase());
    boundary = getMemoryBoundary(0x01800000, 0x10000000, true);
    System.out.println("Lower Bound: " + Integer.toHexString(boundary).toUpperCase());
    
    Connector.getInstance().closeConnection();
    ... is the following:
    Code:
    Upper Bound: 4E11FFFF
    Lower Bound: E17FFFF
    Indeed, these are the last readable address boundaries. It took 29 iterations to find the first one so it's not too slow (about 2 seconds).

    This is how NWPlayer123 did it but it's not very efficient how it seems.

    Note:
    This will be a feature in Gecko U so just in case you're worried that this is too nerdy and hard for you to make use of, you're pretty much covered.
     
    Last edited by BullyWiiPlaza, Aug 24, 2016
    OriginalHamster and oldsk00l like this.
  2. wj44

    wj44 GBAtemp Fan

    Member
    477
    354
    Jun 18, 2015
    Gambia, The
  3. BullyWiiPlaza
    OP

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,770
    1,439
    Aug 2, 2014
    Germany