Hacking Finding memory boundaries quickly

BullyWiiPlaza

BullyWiiPlaza

Nintendo Hacking <3
OP
Member
Level 11
Joined
Aug 2, 2014
Messages
1,932
Trophies
0
XP
2,477
Country
Germany
As you guys know it can be annoying to freeze if you access a bad memory range and you don't know how big the App MEM2 region is? Wrong! This can be prevented quite easily by tracking down the boundaries with the OSEffectriveToPhysical() function. I'll just leave this JGecko U Java code here for anyone who is enlightened by this binary search implementation :P

Code: 
private static int getMemoryBoundary(int startingAddress, int lastAddress, boolean convergeDownwards) throws IOException
{
    int middle = (lastAddress - startingAddress) / 2 + startingAddress;
    int physicalAddress = CoreInit.getEffectiveToPhysical(middle);

    while (true)
    {
        // Is it mapped?
        if ((physicalAddress != 0 && convergeDownwards)
                || (physicalAddress == 0 && !convergeDownwards))
        {
            lastAddress = middle;

        } else
        {
            startingAddress = middle;
        }

        int previousMiddle = middle;
        middle = (lastAddress - startingAddress) / 2 + startingAddress;

        // The middle does no longer update, algorithm terminates
        if (previousMiddle == middle)
        {
            break;
        }

        physicalAddress = CoreInit.getEffectiveToPhysical(middle);
    }

    return middle;
}
For Mario Kart 8 for example the output of this code...
Code: 
Connector.getInstance().connect("192.168.178.35");

int boundary = getMemoryBoundary(0x10000000, 0x50000000, false);
System.out.println("Upper Bound: " + Integer.toHexString(boundary).toUpperCase());
boundary = getMemoryBoundary(0x01800000, 0x10000000, true);
System.out.println("Lower Bound: " + Integer.toHexString(boundary).toUpperCase());

Connector.getInstance().closeConnection();
... is the following:
Code: 
Upper Bound: 4E11FFFF
Lower Bound: E17FFFF
Indeed, these are the last readable address boundaries. It took 29 iterations to find the first one so it's not too slow (about 2 seconds).

This is how NWPlayer123 did it but it's not very efficient how it seems.

Note:
This will be a feature in Gecko U so just in case you're worried that this is too nerdy and hard for you to make use of, you're pretty much covered.
 
Last edited by BullyWiiPlaza,
  • Like
Reactions: OriginalHamster and oldsk00l

Site & Scene News

Go to forum More news

Popular threads in this forum

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Hacking Hardware  Wii U No Display (Logs dumped)

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Super Mario Maker Save Collection (All Event and Staff Courses Preserved, 3DS Mario Challenge Port, and More)

Watch videos on Wii U, offline, saved on SD?

Can you hack your wii u with something other than sd card

Pretendo not working with updated games?!

Hacking Hardware  Broken WII U, MLC replaced with an SD card De_fuse 0.8 not working

General chit-chat
Help Users
  • No one is chatting at the moment.
    AncientBoi @ AncientBoi: I just Luv having CEX :)