aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheFloW2018-03-07 21:28:32 +0100
committerReiko Asakura2018-03-07 21:28:32 +0100
commitd2015675cbbd9e07d72a0465365812fbf7b1c599 (patch)
treece914dca29ed0855289750eb6b733e36cb943453
parentWrap firmware dependent functions (diff)
downloadtaihen-d2015675cbbd9e07d72a0465365812fbf7b1c599.tar.gz
Added compatiblity for 3.65/3.67
-rw-r--r--hen.c51
1 files changed, 50 insertions, 1 deletions
diff --git a/hen.c b/hen.c
index 595afd3..eb58bdf 100644
--- a/hen.c
+++ b/hen.c
@@ -115,8 +115,11 @@ static tai_hook_ref_t g_nid_poison_hook;
/** Hook reference to `unload_process` */
static tai_hook_ref_t g_unload_process_hook;
+/** Hook reference to `is_cex` */
+static tai_hook_ref_t g_is_cex_hook;
+
/** References to the hooks */
-static SceUID g_hooks[11];
+static SceUID g_hooks[12];
/** Is the current decryption a homebrew? */
static int g_is_homebrew;
@@ -306,6 +309,16 @@ static int package_check_2_patched(void) {
}
/**
+ * @brief Patch to bypass 0x8080004C error on 3.60+
+ *
+ * @return 1 if CEX, 0 otherwise
+ */
+static int is_cex_patched(void) {
+ TAI_CONTINUE(int, g_is_cex_hook);
+ return 0;
+}
+
+/**
* @brief Patch to disable NID poisoning
*
* This function is actually a memset of 32-bit width.
@@ -457,6 +470,14 @@ int hen_add_patches(void) {
0xC445FA63, // SceModulemgrForKernel
0x432DCC7A,
start_preloaded_modules_patched);
+ if (g_hooks[8] < 0) {
+ g_hooks[8] = taiHookFunctionExportForKernel(KERNEL_PID,
+ &g_start_preloaded_modules_hook,
+ "SceKernelModulemgr",
+ 0x92C9FFC2, // SceModulemgrForKernel
+ 0x998C7AE9,
+ start_preloaded_modules_patched);
+ }
if (g_hooks[8] < 0) goto fail;
LOG("start_preloaded_modules_patched added");
g_hooks[9] = taiHookFunctionImportForKernel(KERNEL_PID,
@@ -465,6 +486,14 @@ int hen_add_patches(void) {
0x63A519E5, // SceSysmemForKernel
0xECF9435A,
nid_poison_patched);
+ if (g_hooks[9] < 0) {
+ g_hooks[9] = taiHookFunctionImportForKernel(KERNEL_PID,
+ &g_nid_poison_hook,
+ "SceKernelModulemgr",
+ 0x02451F0F, // SceSysmemForKernel
+ 0xFCB5745A,
+ nid_poison_patched);
+ }
if (g_hooks[9] < 0) goto fail;
LOG("nid_poison_patched added");
g_hooks[10] = taiHookFunctionImportForKernel(KERNEL_PID,
@@ -473,8 +502,24 @@ int hen_add_patches(void) {
0xC445FA63, // SceModulemgrForKernel
0x0E33258E,
unload_process_patched);
+ if (g_hooks[10] < 0) {
+ g_hooks[10] = taiHookFunctionImportForKernel(KERNEL_PID,
+ &g_unload_process_hook,
+ "SceProcessmgr",
+ 0x92C9FFC2, // SceModulemgrForKernel
+ 0xE71530D7,
+ unload_process_patched);
+ }
if (g_hooks[10] < 0) goto fail;
LOG("unload_process_patched added");
+ g_hooks[11] = taiHookFunctionImportForKernel(KERNEL_PID,
+ &g_is_cex_hook,
+ "SceAppMgr",
+ 0xFD00C69A, // SceSblAIMgrForDriver
+ 0xD78B04A2,
+ is_cex_patched);
+ if (g_hooks[11] < 0) goto fail;
+ LOG("is_cex_patched added");
return TAI_SUCCESS;
fail:
@@ -511,6 +556,9 @@ fail:
if (g_hooks[10] >= 0) {
taiHookReleaseForKernel(g_hooks[10], g_unload_process_hook);
}
+ if (g_hooks[11] >= 0) {
+ taiHookReleaseForKernel(g_hooks[11], g_is_cex_hook);
+ }
return TAI_ERROR_SYSTEM;
}
@@ -533,5 +581,6 @@ int hen_remove_patches(void) {
ret |= taiHookReleaseForKernel(g_hooks[8], g_start_preloaded_modules_hook);
ret |= taiHookReleaseForKernel(g_hooks[9], g_nid_poison_hook);
ret |= taiHookReleaseForKernel(g_hooks[10], g_unload_process_hook);
+ ret |= taiHookReleaseForKernel(g_hooks[11], g_is_cex_hook);
return ret;
}