rewrite 6xE4 logic

2025-06-08 16:18:29 -07:00
parent 54acd931da
commit 6999694f89
10 changed files with 728 additions and 539 deletions
@@ -1,54 +0,0 @@
-# Returns the client specific_version in eax and the address of the
-# MmSetAddressProtect function pointer in edx, which is immediately followed by
-# the MmQueryAddressProtect function pointer.
-
-start:
-  mov   ecx, 0x61657244
-
-  # JP beta
-  mov   eax, 0x344F4A42
-  mov   edx, 0x00400578
-  cmp   [0x0043D460], ecx
-  je    done
-
-  # JP disc
-  mov   eax, 0x344F4A44
-  mov   edx, 0x00400918
-  cmp   [0x0043D7D0], ecx
-  je    done
-
-  # JP title update
-  mov   eax, 0x344F4A55
-  mov   edx, 0x00403E3C
-  cmp   [0x00440FE0], ecx
-  je    done
-
-  # US disc
-  mov   eax, 0x344F4544
-  mov   edx, 0x00404518
-  cmp   [0x0044174C], ecx
-  je    done
-
-  # US title update
-  mov   eax, 0x344F4555
-  mov   edx, 0x00403E3C
-  cmp   [0x00440FEC], ecx
-  je    done
-
-  # EU disc
-  mov   eax, 0x344F5044
-  mov   edx, 0x00404538
-  cmp   [0x00441768], ecx
-  je done
-
-  # EU title update
-  mov   eax, 0x344F5055
-  mov   edx, 0x0040491C
-  cmp   [0x00441AF8], ecx
-  je    done
-
-  # Unknown version
-  mov   eax, 0x344F0000
-  xor   edx, edx
-
-done:
@@ -14,5 +14,13 @@ reloc0:
  .offsetof start

 start:
-  .include VersionDetectWithPatchFunctionsXB
+  .include GetVersionInfoXB
+
+  test     eax, eax
+  jz       version_not_found
+  mov      eax, [eax]
+  ret
+
+version_not_found:
+  mov      eax, 0x344F0000
  ret
@@ -1,10 +1,10 @@
 # This file defines the following function:
-#   write_call_to_code(
-#     const void* patch_code,
-#     size_t patch_code_size,
-#     size_t call_count,
-#     void* call_opcode_address,
-#     ssize_t call_opcode_bytes,
+#   void [/std] write_call_to_code(
+#     const void* patch_code @ [esp + 0x04],
+#     size_t patch_code_size @ [esp + 0x08],
+#     size_t call_count @ [esp + 0x0C],
+#     void* call_opcode_address @ [esp + 0x10],
+#     ssize_t call_opcode_bytes @ [esp + 0x14],
 #     ...);
 # This function allocates memory for patch_code, copies patch_code to that
 # memory, then writes a call or jmp opcode to call_opcode_address that calls
@@ -1,56 +1,57 @@
 start:
-  .include VersionDetectWithPatchFunctionsXB
-
-  xor     eax, eax
-  cmp     edx, 0
-  jne     can_patch
+  .include GetVersionInfoXB
+  test     eax, eax
+  jnz      can_patch
  ret
-can_patch:

-  push    esi
-  push    edi
-  push    ebx
-  mov     edi, edx              # edi = ptr to useful kernel function ptrs
-  jmp     get_patch_data_ptr
+can_patch:
+  push     esi
+  push     edi
+  push     ebx
+  mov      edi, eax              # edi = ptr to version info struct
+  jmp      get_patch_data_ptr
 get_patch_data_ptr_ret:
-  pop     ebx                   # ebx = patch header
+  pop      ebx                   # ebx = patch header

 apply_next_patch:
-  cmp     dword [ebx + 4], 0
-  jne     copy_code_and_apply_again
-  pop     ebx
-  pop     edi
-  pop     esi
-  mov     eax, 1
+  cmp      dword [ebx + 4], 0
+  jne      copy_code_and_apply_again
+  pop      ebx
+  pop      edi
+  pop      esi
+  mov      eax, 1
  ret

 copy_code_and_apply_again:
-  push    dword [ebx]           # dest addr
-  call    [edi + 4]             # MmQueryAddressProtect
-  mov     esi, eax              # esi = prev protection flags
+  push     dword [ebx]           # dest addr
+  mov      ecx, [edi + 0x0C]
+  call     [ecx]                 # MmQueryAddressProtect
+  mov      esi, eax              # esi = prev protection flags

-  push    4                     # new protection flags
-  push    dword [ebx + 4]       # size
-  push    dword [ebx]           # base address
-  call    [edi]                 # MmSetAddressProtect
+  push     4                     # new protection flags
+  push     dword [ebx + 4]       # size
+  push     dword [ebx]           # base address
+  mov      ecx, [edi + 0x08]
+  call     [ecx]                 # MmSetAddressProtect

-  xor     ecx, ecx              # ecx = offset
-  mov     edx, [ebx]            # edx = dest addr
+  xor      ecx, ecx              # ecx = offset
+  mov      edx, [ebx]            # edx = dest addr
 copy_next_byte:
-  mov     al, [ebx + ecx + 8]   # copy one byte to dest
-  mov     [edx + ecx], al
-  inc     ecx                   # offset++
-  cmp     [ebx + 4], ecx        # check if all bytes have been copied
-  jne     copy_next_byte
+  mov      al, [ebx + ecx + 8]   # copy one byte to dest
+  mov      [edx + ecx], al
+  inc      ecx                   # offset++
+  cmp      [ebx + 4], ecx        # check if all bytes have been copied
+  jne      copy_next_byte

-  push    esi                   # new protection flags
-  push    dword [ebx + 4]       # size
-  push    dword [ebx]           # base address
-  lea     ebx, [ebx + ecx + 8]  # advance to next block
-  call    [edi]                 # MmSetAddressProtect
-  jmp     apply_next_patch
+  push     esi                   # new protection flags
+  push     dword [ebx + 4]       # size
+  push     dword [ebx]           # base address
+  lea      ebx, [ebx + ecx + 8]  # advance to next block
+  mov      ecx, [edi + 0x08]
+  call     [ecx]                 # MmSetAddressProtect
+  jmp      apply_next_patch

 get_patch_data_ptr:
-  call    get_patch_data_ptr_ret
+  call     get_patch_data_ptr_ret

 first_patch_header: