This linker is designed to merge object file into flat binary code, for eg, bootloader, payloads.
here is a special version for ROM hacking.
update in 0.21:
added thumbfunc+1 support. added relocation branch overflow check. (missing in 0.2)
http://filetrip.net/3ds-downloads/d...-insanelinker-for-romhacking-0-21-f33070.html
special thanks:
Steps to make ROM with patched exefs (you can found a working demo in reply #6)
1. you need decrypt exefs and exheader, then extract code.bin from exefs.
2. write patch in assembly with _il_ mark. a simple template:
_il_patch prefix used for patch exists opcodes inside code.bin. you need rename same place in IDA pro to tell me right place to overwrite.
rename like this feel:
if you need append new codes at the end of exists '.text', please use _il_addon prefix instead.
contents between _il_addon_codes and .size will append to tail of exists '.text' section. due the call from _il_patch_mid_inNNMain, we just executed extra function before original func_mayunittestfunc call.
let's add implementation for our _Z11mh4gexptestv, before .size mark:
here we used a empty BX LR for sample. sure you can reference to symbols in local assembly or original code.bin.
Warning, by the design, the end of RW data is same beginning for ZI bss, thus we can't inject additional bytes between the same point.
you can consider place it to .text, .const or .bss instead.
_il_addon in .text will append to code.bin's text, and so on.
3. once you have your .s file, assemble it with arm-linux-androideabi-as-new or other assembler you like.
4. now you may have a .o file, for eg, MH4GExporter.o, we need object file, exheader, code.bin, symbol list for code.bin to use insanelinker.
5. use exefs2elf.py (or makeelf if you havn't python&binutils installed) to generate elf and analyst by IDA. export symbols from IDA pro using InsaneSymbolExporter.py. if your .s used new symbols which your newly marked them after export, re-export before linking.
6. link with such command:
insanelinker -i code.bin -o code_insane.bin --exheader=exheader.bin --newexheader=exheader_insane.bin --symbols=idaexp.txt MH4GExporter.o
the linker will try to resolve external symbols from idaexp.txt, and use any information from exheader/object file to do statically relocation.
if you havn't see any error msg with `!!!!!` mark, the output exheader_insane.bin and code_insane.bin is ready to merge back to ROM/CXI.
if there some unsolved symbol in log, you need check you spell or you haven't renamed it in IDA pro.
7. merge code_insane.bin and exheader_insane.bin back to ROM, if you need a patched CCI ROM image. if you need a CIA fake patch, merge to CXI instead of CCI. this can be done using mergerom 0.32.
8. if you need build CIA patch, use merged CXI now. I suggest make_cia for this job.
here is the real command I used in exporter build, sure without linker, just patch in 010Editor...
mergerom ncch0_game_10_rc.cxi --exefs=exefs_rc.bin --code=..\workdir\exefs\code_exp.bin --exheader=exh_exp_upd_rc.bin
make_cia -o mh4g_down_10_rc_eximp.cia --major=1 --minor=0 --micro=7 --content0=ncch0_game_10_rc.cxi --id_0=00000004 --content1=ncch0.bin.0001.00000005 --id_1=00000005
here is a special version for ROM hacking.
update in 0.21:
added thumbfunc+1 support. added relocation branch overflow check. (missing in 0.2)
http://filetrip.net/3ds-downloads/d...-insanelinker-for-romhacking-0-21-f33070.html
special thanks:
Steps to make ROM with patched exefs (you can found a working demo in reply #6)
1. you need decrypt exefs and exheader, then extract code.bin from exefs.
2. write patch in assembly with _il_ mark. a simple template:
Code:
.syntax unified
.arch armv6
.eabi_attribute 25, 1
malloc = func_capcom_malloc
free = func_capcom_free
.text
.align 2
.code 32
_il_patch_mid_inNNMain:
BL my_func_mayunittestfunc
// need for insane linker
.size _il_patch_mid_inNNMain, . - _il_patch_mid_inNNMain
_il_patch prefix used for patch exists opcodes inside code.bin. you need rename same place in IDA pro to tell me right place to overwrite.
rename like this feel:
Code:
.text:00104708 2488 10 05 00 EB BL func_initfs_hid_cfg
.text:0010470C
.text:0010470C _il_patch_mid_inNNMain: <- press 'N' here
.text:0010470C 2488 85 00 00 EB BL func_mayunittestfunc
if you need append new codes at the end of exists '.text', please use _il_addon prefix instead.
Code:
.align 2
.hidden my_func_mayunittestfunc
.globl my_func_mayunittestfunc
.code 32
// append to end of original code
_il_addon_codes:
// before align?
.func
my_func_mayunittestfunc:
STMFD SP!, {R3-R5,LR}
BL _Z11mh4gexptestv
BL func_mayunittestfunc
LDMFD SP!, {R3-R5,PC}
.endfunc
// end of addon codes
.size _il_addon_codes, . - _il_addon_codes
contents between _il_addon_codes and .size will append to tail of exists '.text' section. due the call from _il_patch_mid_inNNMain, we just executed extra function before original func_mayunittestfunc call.
let's add implementation for our _Z11mh4gexptestv, before .size mark:
Code:
...
.endfunc
.align 2
.code 32
_Z11mh4gexptestv:
//LDR R0, = _il_addon_dummyconst
////LDR R0, = _il_addon_dummydata
//LDR R0, = _il_addon_dummybss
BX LR
.pool
// end of addon codes
...
here we used a empty BX LR for sample. sure you can reference to symbols in local assembly or original code.bin.
Warning, by the design, the end of RW data is same beginning for ZI bss, thus we can't inject additional bytes between the same point.
you can consider place it to .text, .const or .bss instead.
_il_addon in .text will append to code.bin's text, and so on.
Code:
.section .rodata
_il_addon_dummyconst:
.asciz "const"
.size _il_addon_dummyconst, . - _il_addon_dummyconst
.align 2
// .data
//_il_addon_dummydata:
// .asciz "data"
// .size _il_addon_dummydata, . - _il_addon_dummydata
// .align 2
.bss
_il_addon_dummybss:
.ds.w 1
.size _il_addon_dummybss, . - _il_addon_dummybss
.align 2
3. once you have your .s file, assemble it with arm-linux-androideabi-as-new or other assembler you like.
4. now you may have a .o file, for eg, MH4GExporter.o, we need object file, exheader, code.bin, symbol list for code.bin to use insanelinker.
5. use exefs2elf.py (or makeelf if you havn't python&binutils installed) to generate elf and analyst by IDA. export symbols from IDA pro using InsaneSymbolExporter.py. if your .s used new symbols which your newly marked them after export, re-export before linking.
6. link with such command:
insanelinker -i code.bin -o code_insane.bin --exheader=exheader.bin --newexheader=exheader_insane.bin --symbols=idaexp.txt MH4GExporter.o
the linker will try to resolve external symbols from idaexp.txt, and use any information from exheader/object file to do statically relocation.
if you havn't see any error msg with `!!!!!` mark, the output exheader_insane.bin and code_insane.bin is ready to merge back to ROM/CXI.
if there some unsolved symbol in log, you need check you spell or you haven't renamed it in IDA pro.
7. merge code_insane.bin and exheader_insane.bin back to ROM, if you need a patched CCI ROM image. if you need a CIA fake patch, merge to CXI instead of CCI. this can be done using mergerom 0.32.
8. if you need build CIA patch, use merged CXI now. I suggest make_cia for this job.
here is the real command I used in exporter build, sure without linker, just patch in 010Editor...
mergerom ncch0_game_10_rc.cxi --exefs=exefs_rc.bin --code=..\workdir\exefs\code_exp.bin --exheader=exh_exp_upd_rc.bin
make_cia -o mh4g_down_10_rc_eximp.cia --major=1 --minor=0 --micro=7 --content0=ncch0_game_10_rc.cxi --id_0=00000004 --content1=ncch0.bin.0001.00000005 --id_1=00000005