Browse files

Make the dev payload redirect all lv2_printf to eth.. should help dev…

…s see crash reports
  • Loading branch information...
1 parent e394a45 commit a0ce2587724d0576e984feafc1a502ccdbc3acbd @kakaroto committed Nov 28, 2010
Showing with 139 additions and 1 deletion.
  1. +32 −1 firmware_symbols.h.S
  2. +7 −0 patch_table.h.S
  3. +6 −0 payload_dev.S
  4. +94 −0 print_debug.h.S
View
33 firmware_symbols.h.S
@@ -25,6 +25,8 @@
#define pathdup_from_user 0x1b3b3c // FIXME: unsure of the name!
#define copy_from_user 0xE26C
#define copy_to_user 0xE050
+#define alloc_and_copy_from_user 0x1b3CFC
+#define strdup_from_user 0x1B8A60
#define alloc 0x62088
#define free 0x624c8
#define USBRegisterDriver 0xd22d8
@@ -57,6 +59,12 @@
#define rtoc_entry_1 0xf08
#define rtoc_entry_2 -0x6a00
+#define lv2_printf 0x28A654
+#define lv2_printf_null 0x28F050
+#define hvsc107_1 0xE5E8
+#define hvsc107_2 0xE67C
+#define hvsc107_3 0xE4B8
+
// Payload bases
#define MEM_BASE2 (0x50B3C)
@@ -296,7 +304,7 @@
#define pathdup_from_user 0x1b3d08 // FIXME: unsure of the name!
#define copy_from_user 0xE300
#define copy_to_user 0xE0FC
-#define alloc_and_copy_from_user 0x0x1b3EC8
+#define alloc_and_copy_from_user 0x1b3EC8
#define strdup_from_user 0x1B8C38
#define strlen_from_user 0x285BE4
#define alloc 0x61cf0
@@ -331,6 +339,12 @@
#define rtoc_entry_1 0xd58
#define rtoc_entry_2 -0x6b08
+#define lv2_printf 0x28A11C
+#define lv2_printf_null 0x28EB78
+#define hvsc107_1 0xE534
+#define hvsc107_2 0xE664
+#define hvsc107_3 0xE6F8
+
// Payload bases
#define MEM_BASE2 (0x50608)
@@ -528,4 +542,21 @@
#endif
+#ifndef lv2_printf
+#define lv2_printf 0
+#endif
+#ifndef lv2_printf_null
+#define lv2_printf_null 0
+#endif
+
+#ifndef hvsc107_1
+#define hvsc107_1 0
+#endif
+#ifndef hvsc107_2
+#define hvsc107_2 0
+#endif
+#ifndef hvsc107_3
+#define hvsc107_3 0
+#endif
+
#endif /* __FIRMWARE_SYMBOLS_H_S__ */
View
7 patch_table.h.S
@@ -49,6 +49,13 @@ patch_table:
#ifdef __SYSCALL_HANDLER_H_S__
PATCH_BRANCH_MEM2 (patch_syscall_func, bl, syscall_handler)
#endif
+#ifdef __PRINT_DEBUG_H_S__
+ //PATCH_BRANCH_MEM2(lv2_printf_null + 8, b, print_debug)
+ //PATCH_BRANCH_MEM2(lv2_printf_null, b, print_debug)
+ PATCH_BRANCH_MEM2(hvsc107_1, bl, print_hvsc107)
+ PATCH_BRANCH_MEM2(hvsc107_2, bl, print_hvsc107)
+ PATCH_BRANCH_MEM2(hvsc107_3, bl, print_hvsc107)
+#endif
.long 0
View
6 payload_dev.S
@@ -19,11 +19,14 @@
#include "map_open_path.h.S"
#include "memory_patching.h.S"
+#include "send_eth.h.S"
RESIDENT_AREA_START()
#include "dev_syscalls.h.S"
#include "open_hook.h.S"
#include "memory_patching_res.h.S"
+#include "send_eth_res.h.S"
+#include "print_debug.h.S"
RESIDENT_AREA_END()
// Include patch_table after all other includes so it picks up on what
@@ -46,7 +49,10 @@ payload_main:
// Allocate memory and copy PIC functions to it
LOAD_FUNC_PTR(memory_patching)
LOAD_FUNC_PTR(map_open_path)
+ LOAD_FUNC_PTR(send_eth)
+ INIT_SEND_ETH(%r30)
+ //ADD_SYSCALL (%r30, print_tty_desc, 403)
ADD_SYSCALL (%r30, syscall_peek_desc, 6)
ADD_SYSCALL (%r30, syscall_poke_desc, 7)
ADD_SYSCALL (%r30, syscall_map_open_desc, 35)
View
94 print_debug.h.S
@@ -0,0 +1,94 @@
+/*
+ * print_debug.h.s -- PL3: Print debug string to eth.
+ *
+ * Copyright (C) Youness Alaoui (KaKaRoTo)
+ *
+ * This software is distributed under the terms of the GNU General Public
+ * License ("GPL") version 3, as published by the Free Software Foundation.
+ *
+ */
+
+#ifndef __PRINT_DEBUG_H_S__
+#define __PRINT_DEBUG_H_S__
+
+#include "trace_helpers.h.S"
+
+/*
+print_tty_desc:
+ QUAD_MEM2 (print_tty)
+
+print_tty:
+ mflr %r0
+ stdu %r1, -0x90(%r1)
+ std %r24, 0x70(%r1)
+ std %r25, 0x78(%r1)
+ // 0x80(%r1) == local buffer
+ std %r0, 0xA0(%r1)
+ mr %r24, %r4
+ mr %r25, %r5
+
+ stw %r5, 0x80(%r1)
+ addi %r3, %r1, 0x80
+ mr %r4, %r6
+ li %r5, 4
+ bl ABSOLUTE_MEM2(copy_to_user) // Store 'written' = size
+
+ mr %r3, %r24
+ addi %r4, %r1, 0x80
+ mr %r5, %r25
+ bl ABSOLUTE_MEM2(alloc_and_copy_from_user) // Alloc and copy buffer
+
+ ld %r3, 0x80(%r1)
+ mr %r4, %r25
+ bl send_eth // send kernel-space buffer
+
+ ld %r3, 0x80(%r1)
+ li %r4, 0x27
+ bl ABSOLUTE_MEM2(free) // Free the allocated buffer
+
+ li %r3, 0
+ ld %r0, 0xA0(%r1)
+ ld %r24, 0x70(%r1)
+ ld %r25, 0x78(%r1)
+ addi %r1, %r1, 0x90
+ mtlr %r0
+ blr*/
+
+print_hvsc107:
+ mflr %r0
+ stdu %r1, -0x100(%r1)
+ std %r29, 0xC0(%r1)
+ std %r30, 0xC8(%r1)
+ std %r31, 0xD0(%r1)
+ std %r0, 0xF0(%r1)
+
+ bl store_regs
+ mr %r30, %r11
+ li %r12, 0x10
+ bl send_eth
+ bl load_regs
+
+ sc 1
+
+ ld %r29, 0xC0(%r1)
+ ld %r30, 0xC8(%r1)
+ ld %r31, 0xD0(%r1)
+ ld %r0, 0xF0(%r1)
+ addi %r1, %r1, 0x100
+ mtlr %r0
+ blr
+/*
+print_debug:
+ mflr %r0
+ stdu %r1, -0x70(%r1)
+ std %r0, 0x80(%r1)
+
+ bl send_eth
+
+ li %r3, 0
+ ld %r0, 0x80(%r1)
+ addi %r1, %r1, 0x70
+ mtlr %r0
+ blr
+*/
+#endif /* __PRINT_DEBUG_H_S__ */

0 comments on commit a0ce258

Please sign in to comment.