diff options
Diffstat (limited to '')
-rw-r--r-- | src/codehandler.s | 368 |
1 files changed, 368 insertions, 0 deletions
diff --git a/src/codehandler.s b/src/codehandler.s new file mode 100644 index 0000000..bf9ce13 --- /dev/null +++ b/src/codehandler.s @@ -0,0 +1,368 @@ +.text
+
+#ifndef __MWERKS__
+.set r0,0; .set r1,1; .set r2,2; .set r3,3; .set r4,4
+.set r5,5; .set r6,6; .set r7,7; .set r8,8; .set r9,9
+.set r10,10; .set r11,11; .set r12,12; .set r13,13; .set r14,14
+.set r15,15; .set r16,16; .set r17,17; .set r18,18; .set r19,19
+.set r20,20; .set r21,21; .set r22,22; .set r23,23; .set r24,24
+.set r25,25; .set r26,26; .set r27,27; .set r28,28; .set r29,29
+.set r30,30; .set r31,31; .set f0,0; .set f2,2; .set f3,3
+#endif
+
+.extern frozen_value
+.extern regbuffer
+.extern bpbuffer
+.extern command_handler__Fv
+.extern get_frozenvalue__Fv
+.extern exisendbyte__FUc
+
+.extern OSReport
+
+.globl _start
+
+gameid:
+.long 0,0
+cheatdata:
+.long frozenvalue
+.space 39*4
+
+_start:
+ stwu r1,-168(r1) # stores sp
+ stw r0,8(r1) # stores r0
+
+ mflr r0
+ stw r0,172(r1) # stores lr
+
+ mfcr r0
+ stw r0,12(r1) # stores cr
+
+ mfctr r0
+ stw r0,16(r1) # stores ctr
+
+ mfxer r0
+ stw r0,20(r1) # stores xer
+
+ stmw r3,24(r1) # saves r3-r31
+
+ mfmsr r25
+ ori r26,r25,0x2000 #enable floating point ?
+ andi. r26,r26,0xF9FF
+ mtmsr r26
+
+
+ stfd f2,152(r1) # stores f2
+ stfd f3,160(r1) # stores f3
+
+
+ lis r20, 0xCC00
+ lhz r28, 0x4010(r20)
+ ori r21, r28, 0xFF
+ sth r21, 0x4010(r20) # disable MP3 memory protection
+
+_setvalues:
+ li r21,0
+ li r22,0x19
+ li r23,0xD0
+ lis r24,0xCD00
+
+ lis r18, frozenvalue@h
+ ori r18, r18, frozenvalue@l # read buffer just store in lowmem
+ lwz r0,172(r1) # loads lr
+ stw r0,4(r18) # stores lr
+ stw r21, 0x643C(r24) # exi speed up
+
+_check_frozen:
+ lis r18, frozen_value@h
+ ori r18, r18, frozen_value@l
+ lwz r0, 0x0(r18)
+ cmpwi r0, 2
+ bne frozen
+#TESTING FOR EXECUTION
+ lis r3, stringer@h
+ ori r3, r3, stringer@l
+ bl OSReport
+
+
+frozen:
+ bl command_handler__Fv
+ cmpwi r3, 0
+ beq resumegame
+ b finish
+
+#******************************************************************
+# subroutine: bphandler
+# Data/Instruction address breakpoint handler, save context and return
+#******************************************************************
+.global bphandler
+bphandler:
+ mtsprg 0, r3
+ lis r3, regbuffer@h
+ ori r3, r3, regbuffer@l
+ stmw r4, 0x2C(r3) # Store r4 - r31
+
+ stw r0, 0x1C(r3) # Store r0
+ stw r1, 0x20(r3) # Store r1
+ stw r2, 0x24(r3) # Store r2
+ mr r4, r3
+ mfsprg r3, 0
+ stw r3, 0x28(r4) # Store r3
+
+ mfsrr1 r3
+ rlwinm r3, r3,0,22,20 # clear trace
+ stw r3, 0x18(r4) # Store SRR1
+ rlwinm r3, r3,0,24,15
+ ori r3, r3,0x2000
+# rlwinm r3, r3,0,17,15 # clear hw interrupt
+ mtsrr1 r3 # restore srr1 with hw interrupt & trace cleared
+
+ mfsrr0 r3
+ stw r3, 0x14(r4) # Store SRR0
+
+ mflr r3
+ stw r3, 0x9C(r4) # Store LR
+
+ mfcr r3
+ stw r3, 0x0(r4) # Store CR
+
+ mfxer r3
+ stw r3, 0x4(r4) # Store XER
+
+ mfctr r3
+ stw r3, 0x8(r4) # Store CTR
+
+ mfdsisr r3
+ stw r3, 0xC(r4) # Store DSISR
+
+ mfdar r3
+ stw r3, 0x10(r4) # Store DAR
+
+ lis r3, break@h
+ ori r3, r3, break@l
+ mtsrr0 r3
+ rfi
+
+break:
+ li r3, 0
+ mtspr 1010, r3 # Clear IABR
+ mtspr 1013, r3 # Clear DABR
+
+#BACKUP FPR
+ lis r4, regbuffer@h
+ ori r4, r4, regbuffer@l
+ stfs f0, 0xA0(r4)
+ stfs f1, 0xA4(r4)
+ stfs f2, 0xA8(r4)
+ stfs f3, 0xAC(r4)
+ stfs f4, 0xB0(r4)
+ stfs f5, 0xB4(r4)
+ stfs f6, 0xB8(r4)
+ stfs f7, 0xBC(r4)
+ stfs f8, 0xC0(r4)
+ stfs f9, 0xC4(r4)
+ stfs f10, 0xC8(r4)
+ stfs f11, 0xCC(r4)
+ stfs f12, 0xD0(r4)
+ stfs f13, 0xD4(r4)
+ stfs f14, 0xD8(r4)
+ stfs f15, 0xDC(r4)
+ stfs f16, 0xE0(r4)
+ stfs f17, 0xE4(r4)
+ stfs f18, 0xE8(r4)
+ stfs f19, 0xEC(r4)
+ stfs f20, 0xF0(r4)
+ stfs f21, 0xF4(r4)
+ stfs f22, 0xF8(r4)
+ stfs f23, 0xFC(r4)
+ stfs f24, 0x100(r4)
+ stfs f25, 0x104(r4)
+ stfs f26, 0x108(r4)
+ stfs f27, 0x10C(r4)
+ stfs f28, 0x110(r4)
+ stfs f29, 0x114(r4)
+ stfs f30, 0x118(r4)
+ stfs f31, 0x11C(r4)
+
+#TESTING FOR EXECUTION
+# lis r3, stringer@h
+# ori r3, r3, stringer@l
+# bl OSReport
+
+# r4=regbuffer, r=bpbuffer
+# r16=instBp, r17=dataBp, r19=lastBp
+
+#HANDLE MORE STUFF
+ lis r5, bpbuffer@h
+ ori r5, r5, bpbuffer@l
+
+ lwz r16, 0x0(r5) # inst bp
+ lwz r17, 0x4(r5) # data bp
+ lwz r19, 0xC(r5) # last break address
+
+ cmpwi r19, 0
+ beq _redobp # last break was 0. redo bp
+
+ cmpwi r19, 2
+ bne addr_1
+ lwz r9, 0x14(r4) # SRR0
+ addi r9, r19, 3
+ stw r9, 0x0(r5) # inst bp
+ stw r9, 0xC(r5) # last broken on address
+ b _executebp
+
+addr_1:
+ cmpw r16, r19
+ beq _step
+
+ cmpw r17, r19
+ beq _step
+
+ add r9, r16, r17
+ stw r9, 0xC(r5) # counter for alignment
+
+
+_alignementcheck:
+ lwz r16, 0x8(r5) # bp alignment check
+ cmpwi r16, 0
+ beq _executebp # no alignement = normal break
+
+ lwz r3, 0x10(r4) # DAR
+ cmpw r16, r3 # we check if address = aligned address
+ bne _step # if no, we need to set a bp on the next instruction
+
+ li r16, 0
+ stw r16, 0x8(r5) # if we are on the good address we clear the aligned bp check
+ b _executebp # and we break
+
+_step:
+ li r17, 0
+ stw r17, 0xC(r5) # we set last broken on address to 0
+ lwz r9, 0x18(r4)
+ ori r9, r9, 0x400
+ stw r9, 0x18(r4) # SRR1 |= 0x400
+ b _skipbp # and we don't break right now
+
+_redobp:
+ mtspr 1010, r16 # we set back the instbp with the original value
+ mtspr 1013, r17 # we set back the databp with the original value
+ li r9, 1
+ stw r9, 0xC(r5) # we set last broken on address to 1
+ b _skipbp # and we don't break
+
+_executebp:
+# lis r1, temp_stack@h
+# ori r1, r1, temp_stack@l # setup temp stack
+ lis r4, frozen_value@h
+ ori r4, r4, frozen_value@l
+ li r5, 2
+ stw r5, 0x0(r4) # Freeze once returned to let user know there is a breakpoint hit
+
+ li r3, 0x11
+ bl exisendbyte__FUc # tell the PC a bp has happened (send 0x11)
+
+ bl _start # bl mainloop, so you can set up a new breakpoint.
+
+_skipbp:
+ mfmsr r1
+ rlwinm r1,r1,0,31,29
+ rlwinm r1,r1,0,17,15
+ mtmsr r1 # we disable the interrupt so nothing interfers with the restore
+
+ lis r1, regbuffer@h
+ ori r1, r1, regbuffer@l
+
+ lwz r3,0x0(r1)
+ mtcr r3 # restores CR
+ lwz r3,0x14(r1)
+ mtsrr0 r3 # restores SRR0
+ lwz r3,0x18(r1)
+ mtsrr1 r3 # restores SRR1
+ lwz r3,0x9C(r1)
+ mtlr r3 # restores LR
+
+ lmw r2,0x24(r1) # restores r2-r31
+
+ lwz r0,0x1C(r1) # restores r0
+ lwz r1,0x20(r1) # restores r1
+
+ rfi # back to the game
+
+
+#******************************************************************
+# Finish
+# Check if the gecko has been paused. if no return to game
+#******************************************************************
+
+finish:
+ bl get_frozenvalue__Fv
+ cmpwi r3, 0 # check to see if we have frozen the game
+ bne frozen # loop around if we have
+ # (changed to return for the bp)
+
+resumegame:
+
+ sth r28,0x4010(r20) # restore memory protection value
+
+ lfd f2,152(r1) # loads f2
+ lfd f3,160(r1) # loads f3
+
+ mtmsr r25
+
+ lwz r0,172(r1)
+ mtlr r0 # restores lr
+
+ lwz r0,12(r1)
+ mtcr r0 # restores cr
+
+ lwz r0,16(r1)
+ mtctr r0 # restores ctr
+
+ lwz r0,20(r1)
+ mtxer r0 # restores xer
+
+ lmw r3,24(r1) # restores r3-r31
+
+ lwz r0,8(r1) # loads r0
+
+ addi r1,r1,168
+
+ isync
+
+ blr # return back to game
+
+#******************************************************************
+# Write branch
+# r3 - source (our mastercode location)
+# r4 - destination (lowmem area 0x80001800 address which will branch to
+#******************************************************************
+.global writebranch
+writebranch:
+ subf r6, r3, r4 # subtract r3 from r4 and place in r17
+ lis r5, 0x4800 # 0x48000000
+ rlwimi r5,r6,0,6,29
+ stw r5, 0(r3) # result in r3
+
+ dcbf r0, r3 # data cache block flush
+ sync
+ icbi r0, r3
+ isync
+
+ blr # return
+
+#==================================================================
+
+frozenvalue: #frozen value, then LR
+.long 0,0
+command:
+.byte 0,0,0,0
+
+.align 4
+.long 0
+stringer:
+.ascii "I found a codez 1\n"
+stringer2:
+.ascii "I found a codez 2\n"
+stringer3:
+.ascii "I found a codez 3\n"
+.end
+
|