Hacking [IDEA] Incorporate cIOS reloading patch into Preloader

WB3000

Well-Known Member
OP
Member
Joined
Apr 5, 2007
Messages
670
Trophies
0
Website
wb3000.co.nr
XP
239
Country
United States
Currently, for those with Preloader installed, Waninkoko's MenuPatcher gives a code dump. Either MenuPatcher needs to be altered, or the patch from MenuPatcher needs to be configured into the hacks.ini format.

If this could be done, then the System Menu would load every time with complete disc compatibility thanks to cIOS.

Here is the current code from MenuPatcher which tells the System Menu to reloadIOS...

Code:
void Sysmenu_PatchIOSReload(u8 *dol, u32 len)
{
ÂÂÂÂconst u8 oldcode[] = { 0x7F, 0x06, 0xC3, 0x78, 0x7F, 0x25, 0xCB, 0x78, 0x38, 0x7E, 0x02, 0xC0, 0x4C, 0xC6, 0x31, 0x82 };
ÂÂÂÂconst u8 newcode[] = { 0x3B, 0x20, 0x00, 0x01, 0x3B, 0x00, 0x00, 0xF9, 0x38, 0x7E, 0x02, 0xC0, 0x4C, 0xC6, 0x31, 0x82 };

ÂÂÂÂ/* Patch IOS reload */
ÂÂÂÂ__Sysmenu_PatchApply(dol, len, oldcode, newcode, sizeof(oldcode));
}

Patches are done differently than in Preloader. Waninkoko searches first for a value, and then if it is found, a different set of values are put in its place. In order to write a hacks.ini compatible code, the oldcode[] array values need to be found in the System Menu, and then the offsets located. Once they are found, the values of newcode[] can be replaced.
 

Don Killah

Well-Known Member
Member
Joined
Nov 21, 2002
Messages
1,171
Trophies
0
Age
46
Website
Visit site
XP
600
Country
France
Yep you're righy Silver, but i guess that it exactly what the previous hack does.
Just look at the 1st part of the poke:
$3B2000013B0000F9 (F9 means 249, remember what you told earlier?)

We just need to know what the leading opcodes means.
Once figured we can try to implement it into PL Hacks. I guess that we can even improve a loader i've seen lurking on the forum that dumps the adress of a certain value if found im memory.

All we then got to do is try this adress/value dumper on several Wii to check if the value is always the same. If ever, then bingo: we just have to apply the patch!

Anyone knows where i can get a Wii's debugger, so i put my cracking/hacking/reverser talents in action?
 

Don Killah

Well-Known Member
Member
Joined
Nov 21, 2002
Messages
1,171
Trophies
0
Age
46
Website
Visit site
XP
600
Country
France
mad.gif
i don't have one...
Does the devkit comes with a debugger?
 

WiiCrazy

Be water my friend!
Member
Joined
May 8, 2008
Messages
2,395
Trophies
0
Location
Istanbul
Website
www.tepetaklak.com
XP
386
Country
That patch is already converted to hacks.ini format... that's not sufficient for system menu to see the backup in disc channel... since with a simple patch you can't change the ios system menu is booted with...

Much more complex patch needed if that to be done with system menu patching...

Above patch is solely for disc launching code so that system menu boots the game and the game uses custom ios (not system menu)
 

Don Killah

Well-Known Member
Member
Joined
Nov 21, 2002
Messages
1,171
Trophies
0
Age
46
Website
Visit site
XP
600
Country
France
Ok Crazy, i'm with you.
But what we want to do, is to hack Waninkoko's MenuPatcher in order to boot with Preloader installed, as it does all the job.

So i'm still trying to figure where can i get a working debugger for the Wii.
And also a snapshot or a text version of a code dump generated by MP in order to see which adr were faulty.
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
The problem with preloader is that the built-in dol loader is very basic and doesn't work with most .dols. Once you work around that (by adding a proper loader in the .dol you want preloader to launch) it's easy enough to make menupatcher load the correct .app for the sysmenu (look at the boot title in the .tmd, logical OR it with 0x10000000).
The instructions in the IOS hack load 1 into reg %25 and 249 into reg %24 (IOS 249 is title 00000001-000000F9). Personally I think it's better to modify the existing value of reg %24 so a cIOS suitable for the game in question is loaded.
 

WiiCrazy

Be water my friend!
Member
Joined
May 8, 2008
Messages
2,395
Trophies
0
Location
Istanbul
Website
www.tepetaklak.com
XP
386
Country
tueidj said:
The problem with preloader is that the built-in dol loader is very basic and doesn't work with most .dols. Once you work around that (by adding a proper loader in the .dol you want preloader to launch) it's easy enough to make menupatcher load the correct .app for the sysmenu (look at the boot title in the .tmd, logical OR it with 0x10000000).
The instructions in the IOS hack load 1 into reg %25 and 249 into reg %24 (IOS 249 is title 00000001-000000F9). Personally I think it's better to modify the existing value of reg %24 so a cIOS suitable for the game in question is loaded.

Well the value in the tmd is the index of the file in the tmd, after preloader replaces the dol now that index is pointing to the preloader dol's content file... So none of the ES_****Content calls can access the moved system menu dol since now it's not listed in the tmd... You should use either raw isfs calls to read the dol there which what preloader does probably or read the dol from sd card...

That's not a problem actually, there is already a modified menu patcher that works with preloader... but it has issues...
And actually there is no need to do patching when you can convert the patches and have the preloader do the actual patching...

The most significant thing done by menu patcher is reloading ios to custom ios so when system menu booted it uses this custom ios... this is the tricky part and it's the second reason stock menu patcher throwing exceptions... and it's not related to preloader's dol loading at all... this can be possibly fixed but I've not seen any information regarding this or someone successful in doing this....
 

tueidj

I R Expert
Member
Joined
Jan 8, 2009
Messages
2,569
Trophies
0
Website
Visit site
XP
999
Country
WiiCrazy said:
Well the value in the tmd is the index of the file in the tmd, after preloader replaces the dol now that index is pointing to the preloader dol's content file... So none of the ES_****Content calls can access the moved system menu dol since now it's not listed in the tmd... You should use either raw isfs calls to read the dol there which what preloader does probably or read the dol from sd card...Right, you use the boot index to look up the content ID, logical OR it with 0x10000000 and load the .app with ISFS calls.

QUOTE said:
That's not a problem actually, there is already a modified menu patcher that works with preloader... but it has issues...
And actually there is no need to do patching when you can convert the patches and have the preloader do the actual patching...If you use preloader to load menupatcher, preloader's hacks for the system menu aren't used because it's not booting the sysmenu directly. Any hacks have to be built into the menupatcher.dol.

QUOTE
The most significant thing done by menu patcher is reloading ios to custom ios so when system menu booted it uses this custom ios... this is the tricky part and it's the second reason stock menu patcher throwing exceptions... and it's not related to preloader's dol loading at all... this can be possibly fixed but I've not seen any information regarding this or someone successful in doing this....
ES_LaunchTitle works from preloader, right? IOSReload() is just ES_LaunchTitle with some extra clean-up/initialization code. Check the libogc source code (libogc/ios.c). Trust me, it works.
 

WiiCrazy

Be water my friend!
Member
Joined
May 8, 2008
Messages
2,395
Trophies
0
Location
Istanbul
Website
www.tepetaklak.com
XP
386
Country
tueidj said:
WiiCrazy said:
Well the value in the tmd is the index of the file in the tmd, after preloader replaces the dol now that index is pointing to the preloader dol's content file... So none of the ES_****Content calls can access the moved system menu dol since now it's not listed in the tmd... You should use either raw isfs calls to read the dol there which what preloader does probably or read the dol from sd card...Right, you use the boot index to look up the content ID, logical OR it with 0x10000000 and load the .app with ISFS calls.

QUOTE said:
That's not a problem actually, there is already a modified menu patcher that works with preloader... but it has issues...
And actually there is no need to do patching when you can convert the patches and have the preloader do the actual patching...If you use preloader to load menupatcher, preloader's hacks for the system menu aren't used because it's not booting the sysmenu directly. Any hacks have to be built into the menupatcher.dol.

QUOTE
The most significant thing done by menu patcher is reloading ios to custom ios so when system menu booted it uses this custom ios... this is the tricky part and it's the second reason stock menu patcher throwing exceptions... and it's not related to preloader's dol loading at all... this can be possibly fixed but I've not seen any information regarding this or someone successful in doing this....
ES_LaunchTitle works from preloader, right? IOSReload() is just ES_LaunchTitle with some extra clean-up/initialization code. Check the libogc source code (libogc/ios.c). Trust me, it works.

Well yes, the problem possibly in the startup / cleanup side... and it could be related to the preloader itself too seeing new preloader version fixed the shutdown bug from power button... I didn't say it's impossible...

About the preloader patches, they should work when you issue return to menu from the autoboot dol otherwise there is no meaning of preloader patches... but... just tested and you're right they are not persistent at all
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Dark_Phoras @ Dark_Phoras: I know those moments