Looking for a lot of testers for Wii Mod Memory Mapping Project

Discussion in 'Wii - Hacking' started by jskyboo, Apr 7, 2012.

  1. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    Hey everyone as some of you may know Wii Mod has problems launching from certain app loaders. This causes people to ask repeatedly "Why doesn't Wii Mod work with ____?". Well I've decided its time to do something about it so we can know what is the optimum Wii Mod can be, so I've decided to map the memory out. To help me with this though I need a LOT of testers. I'm first going to release a small test pack, inside is some slightly different versions of Wii Mod. What I need people to do is download this pack and then test each version with various app loaders. This includes HBC, bb, Disc loaders, the Wii Mod forwarder, as well as loading these while in different versions of sneek. At the moment I am only concerned with loading from sd as that would multiply the amount of results I get. Also I know I did not list all app loaders so if you have other favorite loaders please mention them hear so I can add them to the list. When you test it please report back also with what system menu you are running and under which loaders and nands you tested. I only need you to test if Wii Mod loads, you do not need to test any advanced functions of Wii Mod so there should be little to no risk. Also when describing the loader that you used try to be specific, for instance for bb please include the specific bb version just v1 or v2 is NOT enough. Hopefully with this information I can map out the problem locations and Wii Mod will be able to load with a greater percentage of cases.

    Here is the small pack: http://www.mediafire.com/?h6oxks29blqu6zx

    Based on the results of this pack there will likely be larger packs later.
     


  2. giantpune

    Member giantpune GBAtemp Addict

    Joined:
    Apr 10, 2009
    Messages:
    2,860
    Country:
    United States
    you can use "wit DUMP blablabla.dol" and it will tell you the memory layout for each dol. you can also take the wiixplorer approach. when you tell it to launch a dol, it will copy that dol to some spot in mem2. that it will copy another little app to anyther spot in mem2. then it runs this second little app which copies the dol to the appropriate spots and runs it. this basically makes sure that the program being launched is not overwriting wiixplorer itself.

    then theres the loadmii approach. loadsmii is a dol wrapped in another dol. when you run it, the first dol simply copies the second one (the main one) to mem2 and thats where it runs. since the main executable is running in mem2, it can copy programs and other dols all over mem1 without overwriting itself. i would suggest this approach, but instead of mem2, i would put my main executable in the HBC spot around 0x81330000. hbc will refuse to start any program that runs directly from that location, so you are pretty much guaranteed that your loader will be able to load anything on wiibrew and homebrew browser.
     
  3. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    Yeah pune, I know most of this stuff(the wiixplorer sounds interesting I might check that out later) the app loader in Wii Mod is loadmii so I do know. This doesn't address things like disc loaders, bb, and how things load while in *neeks. As for 0x81330000, HBC won't launch anything in the range of 0x81330000 - 0x81800000. While it would be correct for me to use that range as an app loader, I can't since I want it to load from HBC. There are some other ranges I do know about. The question is about a ~16mb range that is mostly unknown. I have tried a few over the past year I want to map it to know much more precisely.
     
  4. giantpune

    Member giantpune GBAtemp Addict

    Joined:
    Apr 10, 2009
    Messages:
    2,860
    Country:
    United States
    what i was suggesting is that you wrap your program in something that will copy it to HBC's spot. then hbc will happily boot that little wrapper.
     
  5. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    Right but then where does the wrapper run? It's the same question even though the wrapper would be smaller and fit in smaller holes the question still remains where works best.
     
  6. giantpune

    Member giantpune GBAtemp Addict

    Joined:
    Apr 10, 2009
    Messages:
    2,860
    Country:
    United States
    you make the wrapper run from almost anywhere you want. 0x80004000 is a fine place. all the wrapper needs to do is memcpy your actual dol sections into place, DCFlush, ICInvalidate, and execute it.
     
  7. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    I would rather not go with the wrapper but if that ends up being the best solution I will. I look at the idea of having another loader as part of the normal launch process for Wii Mod as being overly complex. But your assertion that "0x80004000 is a fine place", why? Have you tested it out? That's exactly what I want to get to the bottom of. Too many times what has seemed like a fine place ends up having a problem with some obscure setup. I can't test every situation myself so I am calling out for help testing. If you don't want to help testing, that's fine.

    Also using the wrapper technique I would be left with ~4.8MB max. If I don't go with 0x81330000 I could potentially go larger. I'm not saying Wii Mod will get that large but there was a time when people said you would never need more than 1 MB on your computer.
     
  8. giantpune

    Member giantpune GBAtemp Addict

    Joined:
    Apr 10, 2009
    Messages:
    2,860
    Country:
    United States
    adding a wrapper to a program doesnt add too much complexity to the startup process. you can fit the entire wrapper in less than 200 bytes. actually, you can get it so small, then the elf2dol converter in devkitpro will say it is too small to be a dol section. you will have to either leave it as an elf, or add padding to make the dol converter accept it as a valid section.
     
  9. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    pune I appreciate your input but as I have said it is not my prefered solution. It's not about the size of the wrapper. When talking about complexity 2 dols = 1 dol too much complexity. I just would rather not use that route. I would like to see that 200 byte loader though that would be pretty cool. Thanks but really I have thought a lot about this and I feel mapping the memory like this is the best way to know.
     
  10. giantpune

    Member giantpune GBAtemp Addict

    Joined:
    Apr 10, 2009
    Messages:
    2,860
    Country:
    United States
    http://www.mediafire.com/?7950c9bj29mf6c0
    which disassembles to the following code. from the start at 0x80004000 until the end where it executes the payload dol, it is 0xc8 bytes, which is exactly 200 :D . you could definitely get it a lot smaller if you wanted to. recent libogc apps zero their own bss section, so if you remove that part, it gets this little wrapper down to 160 bytes.

    Warning: Spoilers inside!
     
  11. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    Nice. Might make for a nice backup plan.
     
  12. tueidj

    Member tueidj I R Expert

    Joined:
    Jan 8, 2009
    Messages:
    2,569
    Country:
    Ummm... MMU setup? Cache initialization? Disabling interrupts? I wouldn't recommend using that code for anything that is expected to be launched by exploits.
     
  13. JoostinOnline

    Member JoostinOnline Certified Crash Test Dummy

    Joined:
    Apr 2, 2011
    Messages:
    10,834
    Location:
    The Twilight Zone
    Country:
    United States
    Okay, I've just finished testing all 5 dols and elfs with both Bannerbomb v2 and the HBC (through wiiload). I have 4.1U (pretty sure everyone on this forum knows that though ;)).

    The only one that didn't work was test 1 boot.elf using BB2. What's strange is the test 1 boot.dol DID work using BB2.
     
  14. mauifrog

    Member mauifrog DA KINE WiiHacker

    Joined:
    Jan 21, 2010
    Messages:
    1,585
    Country:
    United States
    So it did and did not work with BB2, or it failed with BB2 and worked with BB1, or failed with BB1 and worked with BB2?
     
  15. JoostinOnline

    Member JoostinOnline Certified Crash Test Dummy

    Joined:
    Apr 2, 2011
    Messages:
    10,834
    Location:
    The Twilight Zone
    Country:
    United States
    I never tried BB1. I'm saying the elf file didn't work, but the dol did.
     
  16. mauifrog

    Member mauifrog DA KINE WiiHacker

    Joined:
    Jan 21, 2010
    Messages:
    1,585
    Country:
    United States
    Oh, I see that now. This is the shit that happens when you drink and post.
     
    1 person likes this.
  17. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    Hmm that is some odd behavior. Thanks for testing it for me Joostin.

    I need more testers if anyone is willing to help. It's easy and mostly painless excep for some slightly deadly neurotoxin. I'm afraid I can't pay any of you testers but here's what I will do, I'll enter every tester into a raffle and then the winner of the raffle will win ....... cake!
     
    2 people like this.
  18. JoostinOnline

    Member JoostinOnline Certified Crash Test Dummy

    Joined:
    Apr 2, 2011
    Messages:
    10,834
    Location:
    The Twilight Zone
    Country:
    United States
    Do you want me to test any other exploits? BB1 and Letterbomb would be pretty easy for me to test. I really want that cake. ;)
     
  19. jskyboo
    OP

    Member jskyboo GBAtemp Regular

    Joined:
    Sep 12, 2009
    Messages:
    288
    Country:
    United States
    If you have the time to test other exploits sure, although I must tell you only one raffle entry per tester otherwise you could hold out on the data. :evil: Anyway, this cake is great. It's so delicious and moist.
     
  20. JoostinOnline

    Member JoostinOnline Certified Crash Test Dummy

    Joined:
    Apr 2, 2011
    Messages:
    10,834
    Location:
    The Twilight Zone
    Country:
    United States
    LOL! What kind of cake are we talking about? :rofl2:
     

Share This Page