-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocs.txt
More file actions
123 lines (90 loc) · 3.5 KB
/
docs.txt
File metadata and controls
123 lines (90 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
================================ Static Patching ================================
C/C++:
Patching jumps and calls can be done through function tags (not stackable)
ncp_jump(int address, [int overlay])
ncp_call(int address, [int overlay])
ncp_hook(int address, [int overlay])
Example:
ncp_jump(0x02000000)
void MyFunction1() {
// A jump to this function will be placed at 0x02000000
}
ncp_call(0x02010000, 0)
void MyFunction2() {
// A call to this function will be placed at 0x02010000 in overlay 0
}
or through labels (stackable)
ncp_set_jump(int address, [int overlay], void* function)
ncp_set_call(int address, [int overlay], void* function)
ncp_set_hook(int address, [int overlay], void* function)
Example:
void MyFunction() {}
ncp_set_jump(0x02000000, MyFunction) // A jump to MyFunction will be placed at 0x02000000
ncp_set_jump(0x02000004, MyFunction) // A jump to MyFunction will be placed at 0x02000004
ncp_set_call(0x02010000, 0, MyFunction) // A call to MyFunction will be placed at 0x02010000 in overlay 0
ncp_set_call(0x02010004, 0, MyFunction) // A call to MyFunction will be placed at 0x02010004 in overlay 0
Patching chunks of data can be done using
ncp_over(int address, [int overlay])
ncp_repl(int address, [int overlay], char assembly[])
Example:
ncp_over(0x02000000)
void MyFunction() {} // This function will be placed at 0x02000000
ncp_over(0x02010000, 4)
int MyArray[] = {}; // This array will be placed at 0x02010000 in overlay 0
ncp_repl(0x02000000, "MOV R0, R0") // This instruction will be placed at 0x02000000
ncp_repl(0x02010000, 0, R"(
MOV R0, R0
BX LR
.int 0
.int 0
)") // This assembly code will be placed at 0x02010000 in overlay 0
Assembly:
Patching in assembly is done with labels
ncp_jump_address[_ovXX]
ncp_call_address[_ovXX]
ncp_hook_address[_ovXX]
ncp_over_address[_ovXX]
ncp_over_address[_ovXX]_end
Example:
ncp_jump_0x02000000: // A jump to MyFunction will be placed at 0x02000000
ncp_jump_0x02000004: // A jump to MyFunction will be placed at 0x02000004
ncp_jump_0x02010000_ov0: // A call to MyFunction will be placed at 0x02010000 in overlay 0
MyFunction:
BX LR
ncp_over_0x02000000: // Places the following code at 0x02000000
MOV R0, #1
MOV R1, R0
BX LR
ncp_over_0x02000000_end:
================================ Real Time Patching ================================
C/C++:
void ncprt_set(int address, int value);
void ncprt_set_jump(int address, void* function);
void ncprt_set_call(int address, void* function);
void ncprt_repl(int address, char name[]);
ncprt_repl_type(name)
Example:
class MyClass
{
public:
static void MyFunction(); // Function must be static, otherwise it can't be used as pointer
}
void MyFunction() {}
void MyClass::MyFunction() {}
ncprt_repl_type(patch0) // Must be a unique name for each patch
void MyPatch()
{
asm(R"(
MOV R0, #0
BX LR
)");
}
void MyPatcher()
{
ncprt_set(0x02000000, 0); // Sets the value at 0x02000000 to 0
ncprt_set_jump(0x02000004, MyFunction); // Sets the value at 0x02000004 to a jump to MyFunction
ncprt_set_call(0x02000008, MyClass::MyFunction); // Sets the value at 0x02000008 to a jump to MyClass::MyFunction
ncprt_repl(0x0200000C, patch0); // Writes the contents of patch0 (MyPatch) to 0x0200000C
}
Assembly:
Not supported.