Homebrew Question How to find offsets for IPS / exeFS patches?

lingi

lingi

New Member
OP
Newbie
Level 1
Joined
Dec 7, 2020
Messages
1
Trophies
0
Age
28
XP
57
Country
United States
I am trying to create an exeFS patch for Dark Souls Remastered. I extracted main from the NCAs and then converted it to an ELF with nx2elf.

The problem is, this ELF file is different from the ELF file produced by nsnsotool, hactool, or Ghidra. Which one of these produces the correct file? And do I need to add 0x100 to account for the NSO header?
 
Draxzelex

Draxzelex

Well-Known Member
Member
Level 23
Joined
Aug 6, 2017
Messages
19,011
Trophies
2
Age
29
Location
New York City
XP
13,378
Country
United States
lingi said:
I am trying to create an exeFS patch for Dark Souls Remastered. I extracted main from the NCAs and then converted it to an ELF with nx2elf.

The problem is, this ELF file is different from the ELF file produced by nsnsotool, hactool, or Ghidra. Which one of these produces the correct file? And do I need to add 0x100 to account for the NSO header?
Click to expand...
First, you can't bump your threads. Secondly, the first ELF file seems appropriate.
 
masagrator

masagrator

The patches guy
Developer
Level 22
Joined
Oct 14, 2018
Messages
6,268
Trophies
3
XP
12,035
Country
Poland
You don't need to convert them to elf (even you shouldn't because some info won't be parsed by standard elf loader). If you are using Ghidra, download ghidra switch loader.
And with main loaded via ghidra switch loader you need to get last 4 bytes of offset and add 0x100, this will be offset to use within ips32
 
Last edited by masagrator,
  • Like
Reactions: 8BitWonder
thethiny

thethiny

Well-Known Member
Member
Level 3
Joined
Jun 18, 2009
Messages
137
Trophies
0
XP
253
Country
United States
masagrator said:
You don't need to convert them to elf (even you shouldn't because some info won't be parsed by standard elf loader). If you are using Ghidra, download ghidra switch loader.
And with main loaded via ghidra switch loader you need to get last 4 bytes of offset and add 0x100, this will be offset to use within ips32
Click to expand...
Hi, sorry to bump a relatively old thread, but I cannot run Ghidra due to multiple JDK & Gradle issues, and also I don't know how to use it at all, as I'm an IDA person. I'm trying to create a pchtxt / ips patch for super mario odyssey, but I noticed that the nso header is actually 0x101 in length, and not 0x100, which is making me confused. I'm using Nintendo Switch Loader for IDA currently. I am wondering how to get the address from IDA into an IPS patch. I know about adding 100 to the offset, but I'm not sure it's the right thing, since I'm intentionally writing bad opcodes and yet the game is still booting. Example: IDA shows that at 0x710020976C there's a function called ShopItem::getPrice(int), and if I create an IPS patch / IPSwitch pchtxt at addresses 0020976C, or 0020986C, or 0020966C, the game still functions normally as if no adjustments were made. I have no way of verifying (in Yuzu) that the patch applied other than the UI showing a ✔ next to it. Any insight on this as I'm currently trying to make a simple mod just to understand how switch mods work.

my current pchtxt file:
pchtxt said:
@nsobid-B424BE150A8E7D78701CBE7A439D9EBF00000000

@flag print_values
@flag offset_shift 0x100

// Free Shop Items @ 710020976C
@enabled
0020966C 000080D2
00209670 C0035FD6
0020976C 000080D2
00209770 C0035FD6
0020986C 000080D2
00209870 C0035FD6
Click to expand...
 
  • Like
Reactions: Imancol
Imancol

Imancol

Otak Productions
Member
Level 11
Joined
Jun 29, 2017
Messages
1,375
Trophies
0
XP
2,762
Country
Colombia
thethiny said:
Hi, sorry to bump a relatively old thread, but I cannot run Ghidra due to multiple JDK & Gradle issues, and also I don't know how to use it at all, as I'm an IDA person. I'm trying to create a pchtxt / ips patch for super mario odyssey, but I noticed that the nso header is actually 0x101 in length, and not 0x100, which is making me confused. I'm using Nintendo Switch Loader for IDA currently. I am wondering how to get the address from IDA into an IPS patch. I know about adding 100 to the offset, but I'm not sure it's the right thing, since I'm intentionally writing bad opcodes and yet the game is still booting. Example: IDA shows that at 0x710020976C there's a function called ShopItem::getPrice(int), and if I create an IPS patch / IPSwitch pchtxt at addresses 0020976C, or 0020986C, or 0020966C, the game still functions normally as if no adjustments were made. I have no way of verifying (in Yuzu) that the patch applied other than the UI showing a ✔ next to it. Any insight on this as I'm currently trying to make a simple mod just to understand how switch mods work.

my current pchtxt file:
Click to expand...
I love IDA, for its intuitive interface and the most precise search. But it hurts that the module is so outdated. I am also interested in knowing how to build Main.
 
masagrator

masagrator

The patches guy
Developer
Level 22
Joined
Oct 14, 2018
Messages
6,268
Trophies
3
XP
12,035
Country
Poland
thethiny said:
but I noticed that the nso header is actually 0x101 in length,
Click to expand...
This is wrong. This happens if you are using main decompressed with tool not designed to use its output in disassembler. For example nsnsotool. Use main compressed directly or decompress it with hactool.
I don't know how pchtxt patches are working, so can't help with that.
 
thethiny

thethiny

Well-Known Member
Member
Level 3
Joined
Jun 18, 2009
Messages
137
Trophies
0
XP
253
Country
United States
masagrator said:
This is wrong. This happens if you are using main decompressed with tool not designed to use its output in disassembler. For example nsnsotool. Use main compressed directly or decompress it with hactool.
I don't know how pchtxt patches are working, so can't help with that.
Click to expand...
Yes I am using nsnsotool. Thank you I will use hactool now.
edit: been trying for a while now and cant figure out how to decompress the main using hactool. I extracted everythjing and everything is working but the main is compressed. Can u give me example on how t odecompress using hactool?
 
Last edited by thethiny,
hippy dave

hippy dave

BBMB
Member
Level 33
Joined
Apr 30, 2012
Messages
9,869
Trophies
2
XP
29,056
Country
United Kingdom
thethiny said:
Yes I am using nsnsotool. Thank you I will use hactool now.
edit: been trying for a while now and cant figure out how to decompress the main using hactool. I extracted everythjing and everything is working but the main is compressed. Can u give me example on how t odecompress using hactool?
Click to expand...
Not in front of my computer, but looks like it should be something like:

hactool -x -t nso0 --uncompressed=main.uncompressed main
 
  • Like
Reactions: thethiny

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Emulation Homebrew Tutorial  Building SM64 for Nintendo Switch from sm64ex-alo Repository

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: https://gbatemp.net/threads/nsfw-ds-homebrew.73091/