hax/FreeDVDBoot-PS2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update notes

Browse source
This commit is contained in:
CTurt 2020-06-29 10:59:16 +01:00
parent c0ce07b726
commit fc3cd0ec93
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
porting notes.txt
View file

@ -1,4 +1,4 @@
3.11J 3.11J (English language)
make memory dump for EE (PCSX2 save state, rename to zip extract, eeMemory.bin) make memory dump for EE (PCSX2 save state, rename to zip extract, eeMemory.bin)
search DVDVIDEO-VMG = 0x014331c8 search DVDVIDEO-VMG = 0x014331c8
@ -15,9 +15,8 @@ note the base of the function pointer array, in this case 0x003b3050
dump the memory from base till 0x003b3050 + 4 * 0xffff = 0x3F304C, group into 4 bytes and search for jump targets that fit within overflow range dump the memory from base till 0x003b3050 + 4 * 0xffff = 0x3F304C, group into 4 bytes and search for jump targets that fit within overflow range
eg: searching for "14352... " I see some results eg: searching for "14352... " I see some results
must also be 4 byte aligned must also be 4 byte aligned
3.11 is actually pretty good, there are quite a few results that should work 3.11 is actually pretty good, there are quite a few results that should work, if not you can try switching languages and there will be different jump targets to check
0x01522944 looks pretty good, it's at 0x3E4A74, so index would be (0x3E4A74-0x003b3050)/4 = 0xC689 0x01522944 looks pretty good, it's at 0x3E4A74, so index would be (0x3E4A74-0x003b3050)/4 = 0xC689
// a backup incase that didn't work would be 0x14431114 (at 0x3B8164)
ok, we have everything we need - let's make the IFO exploit file ok, we have everything we need - let's make the IFO exploit file
the copy size should be at the same offset since that's part of the spec, so no need to change that the copy size should be at the same offset since that's part of the spec, so no need to change that
now run and break at the copy (0x257564), v1 is 0xffff so we're triggering the bug :) now run and break at the copy (0x257564), v1 is 0xffff so we're triggering the bug :)