XboxHacker BBS
 
Home Help Search Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		May 25, 2013, 08:59:09 PM


Login with username, password and session length


XboxHacker BBS > Xbox 360 > XboxHacking - General (Moderators: SiliconIce, Arakon, Redline99) > HV Syscall table?
Pages: 1
« previous next »
  Print  
Author Topic: HV Syscall table?  (Read 1324 times)
Oscar
Newbie
*
Posts: 8


View Profile
« on: June 05, 2011, 05:51:28 PM »
I'm wondering if anyone has any info on the syscall table in the hypervisor. I'm trying to add two new syscalls to the table and I'm using the DashLaunch flasher to update the FreeBOOT patches

This is what I have at the moment
Code:
# ============================================================================
#   Hypervisor peek + poke patches
# ============================================================================

.set HvxPeekDword, 0x00025000 # 0x76
.set HvxPokeDword, 0x00025500 # 0x77

# ============================================================================
#   Expand syscall table
# ============================================================================

.long 0x00001D78
.long (9f - 0f) / 4

0:
.long HvxPeekDword
.long HvxPokeDword

# Fix the func prolog
mflr    %r12
std     %r12, -8(%sp)
9:

# Fix the branch to compensate for the 2
# instructions that were removed
.long 0x000029E8
.long (9f - 0f) / 4

0:
.long 0x4BFFF399
9:

# ============================================================================
#   HvxPeekDword
# ============================================================================

.long HvxPeekDword
.long (9f - 0f) / 4

0:
lwz %r3, 0(%r3)
blr
9:

# ============================================================================
#   HvxPokeDword
# ============================================================================

.long HvxPokeDword
.long (9f - 0f) / 4

0:
stw %r4, 0(%r3)
blr
9:


The  patches install fine, and the Xbox boots up without any signs of error but when I try and call the exports it doesn't return anything.
Code:
DWORD __declspec(naked) HvxPeekDword(QWORD address)
{
_asm
{
li r0, 0x76
sc
blr
}
}

Pretty much all of this so far was guess work and I have no idea if this is even possible but does anyone know if it's something I'm missing?
Thanks in advance
Logged
TheFallen93
Master Hacker
****
Posts: 177


View Profile
« Reply #1 on: June 06, 2011, 07:25:06 PM »
You are gunna have to change the max syscall number in the syscall handler. It should compare the syscall number, %r0, to 0x76, and if its greater than or equal it will fail and return. Change it to 0x78 and you should be good. Also peek/poke are the same thing, just with src and dst switched, might wanna make 1 syscall instead of 2.
Logged
Oscar
Newbie
*
Posts: 8


View Profile
« Reply #2 on: June 11, 2011, 10:13:10 AM »
Quote from: TheFallen93 on June 06, 2011, 07:25:06 PM
You are gunna have to change the max syscall number in the syscall handler. It should compare the syscall number, %r0, to 0x76, and if its greater than or equal it will fail and return. Change it to 0x78 and you should be good. Also peek/poke are the same thing, just with src and dst switched, might wanna make 1 syscall instead of 2.

Thanks for the help, I didn't think of checking the handler. This worked for me (for anyone who's wondering):
Code:
.long 0x00001420
.long (9f - 0f) / 4

0:
cmplwi  %r0, 0x80
9:
Logged
Pages: 1
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM