I have a problem with PID patching with bootstrap and spider.
The bootstrap part (taken effectively 1:1 from https://gbatemp.net/threads/how-to-...eshop-and-more-on-new-3ds-and-old-3ds.386591/) appears to work. That way, svcBackdoor is acquired, probably. I cannot seem to verify if any code actually runs in svcBackdoor, but any crashes or failures happen in parts after svcBackdoor and accessing SVC calls that one does not have access to would usually cause a crash; that is why I am reasonably sure it works.
After that, the PID is patched by executing patch_pid via svcBackdoor. patch_pid dereferences 0xFFFF9004 (current KProcess), then adds 0xB4 to the result of that (offset of PID in the current KProcess) to get where the PID should be. That new pointer is dereferenced and set to 0 to patch the PID to 0. This entire process happens after disabling interrupts via cpsid aif.
Then, once that returns, I call svcGetProcessId for the current process (handle 0xFFFF8001), but get the old PID instead of 0. I have been unable to figure this issue out so far. The code where the new PID is detected is marked with "XXX" in the comment.
The svc* functions not defined as function pointers at the top of the code are in svc.s and copied from ctrulib.
Target 3DS: O3DS@sysNAND/9.2.0-20E.
I am completely stumped and unable to pinpoint the issue whatsoever. Any hints would be greatly appreciated.
EDIT: My pointer arithmetic was off because I looked at the wrong KProcess struct for 9.2.
The bootstrap part (taken effectively 1:1 from https://gbatemp.net/threads/how-to-...eshop-and-more-on-new-3ds-and-old-3ds.386591/) appears to work. That way, svcBackdoor is acquired, probably. I cannot seem to verify if any code actually runs in svcBackdoor, but any crashes or failures happen in parts after svcBackdoor and accessing SVC calls that one does not have access to would usually cause a crash; that is why I am reasonably sure it works.
After that, the PID is patched by executing patch_pid via svcBackdoor. patch_pid dereferences 0xFFFF9004 (current KProcess), then adds 0xB4 to the result of that (offset of PID in the current KProcess) to get where the PID should be. That new pointer is dereferenced and set to 0 to patch the PID to 0. This entire process happens after disabling interrupts via cpsid aif.
Then, once that returns, I call svcGetProcessId for the current process (handle 0xFFFF8001), but get the old PID instead of 0. I have been unable to figure this issue out so far. The code where the new PID is detected is marked with "XXX" in the comment.
The svc* functions not defined as function pointers at the top of the code are in svc.s and copied from ctrulib.
Target 3DS: O3DS@sysNAND/9.2.0-20E.
I am completely stumped and unable to pinpoint the issue whatsoever. Any hints would be greatly appreciated.
EDIT: My pointer arithmetic was off because I looked at the wrong KProcess struct for 9.2.
Last edited by ecc0,
