WiiMart/WiiMart-Patcher
1
0
Fork 0
mirror of https://wiilab.wiimart.org/wiimart/WiiMart-Patcher synced 2025-09-05 21:11:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix markdown woes

Browse Source
This commit is contained in:
Spotlight 2021-12-30 16:38:03 -06:00
parent bd625c0779
commit 88142b2269
No known key found for this signature in database
GPG Key ID: 874AA355B3209BDC
2 changed files with 32 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/README.md
View File

@ -2,6 +2,6 @@
This directory contains documentation about given patches applied.
Contents:
- [[`opcacrt6.yml`]]: A [Kaitai](https://kaitai.io) structure describing a very basic `opcacrt6.dat`.
- [`opcacrt6.yml`](opcacrt6.yml): A [Kaitai](https://kaitai.io) structure describing a very basic `opcacrt6.dat`.
It does not attempt to handle things such as client certificates or user passwords.
- [[`patch_overwrite_ec.md`]]: An explanation as to why IOS needs to be patched for our operations.
- [`patch_overwrite_ios.md`](patch_overwrite_ios.md): An explanation over why and how IOS is patched for operation of the Wii Shop Channel.

13
docs/patch_overwrite_ios.md
View File

@ -67,12 +67,14 @@ However, space constraints for our patch made this difficult. We chose to hardco
By default, the PowerPC core (Broadway) has memory protections enabled, preventing from us editing IOS's memory in MEM2.
We need to apply several patches to achieve our goal.
1. e need to obtain access to overwriting IOS memory.
---
First, we need to obtain access to overwriting IOS memory.
We set the Access Rights field in the WAD's Title Metadata (or `.tmd`) to 0x00000003, permitting memory access. We will use this with `MEM2_PROT` later.
This is thankfully a very quick fix.
2. We need to find space to put our own custom function within the binary.
---
Second, we need to find space to put our own custom function within the binary.
Via symbols within the main ARC, we find a C++ class named `textinput::EventObserver` with 4 functions in a row that
immediately `blr` - returning with no other logic:
@ -88,7 +90,8 @@ We must additionally update references to this single at two separate virtual ta
- `textinput::EventObserver` at `0x802f7a9`
- `ipl::keyboard::EventObserver` at `0x802f8418`
3. We need to devise a way to have the channel overwrite IOS memory.
---
Next, we need to devise a way to have the channel overwrite IOS memory.
We have carved out our own space at `0x80014428` to put a function.
Thankfully, the operation is fairly simple:
@ -129,8 +132,8 @@ overwriteIOSPatch:
blr
```
4. We need to determine the best way to call our custom patching function.
---
Finally, we need to determine the best way to call our custom patching function.
Using the aforementioned symbols we find `ES_InitLib`, called once during initialization to open a handle with `/dev/es`.
We insert a call to our function in its epilog, immediately before loading the previous LR from stack and branching back.