Implement conditional patch copying

Author: socram8888

loader/Makefile

@@ -3,7 +3,7 @@
 
 include ../variables.mk
 
-LOADER_AUTOGEN := orca.inc patches.inc
+LOADER_AUTOGEN := orca.inc
 LOADER_HEADERS := $(wildcard *.h) $(LOADER_AUTOGEN)
 LOADER_OBJECTS := $(patsubst %.c, %.o, $(patsubst %.S, %.o, $(wildcard *.c *.S)))
 
@@ -12,14 +12,6 @@ all: $(LOADER_FILES)
 clean:
 	$(RM) $(LOADER_FILES) *.o *.elf $(LOADER_AUTOGEN)
 
-# BIOS patches
-
-patches.elf: patches.S
-	$(CC) $(CFLAGS) patches.S -o patches.elf
-
-patches.inc: patches.elf
-	bash ../util/elf2h.sh BIOS_PATCHES patches.elf patches.inc
-
 # Intermediate objects
 
 %.o: %.c $(LOADER_HEADERS)

loader/patches.S renamed to loader/patch-ap.S

@@ -2,36 +2,6 @@
 #include <regdef.h>
 
 .text
-.globl __start
-__start:
-
-/*
- * The anti-FreePSXBoot patch.
- *
- * This patch is called right at the very end of the last step in the read sector finite state
- * machine:
- * https://github.com/grumpycoders/pcsx-redux/blob/f6484e8010a40a81e4019d9bfa1a9d408637b614/src/mips/openbios/sio0/card.c#L194
- *
- * When this code is executed, the registers are as follows:
- *   - v0 contains 1, or "success".
- *   - a1 contains the read buffer
- *   - a2 contains the current sector number
- *
- * If the sector being read is sector 0 and it contains "FPBZ" at +0x7C, we modify the read data
- * so it is detected as corrupted and the game skips reading from it
- *
- * The offsets have been checked against BIOSes 2.2, 3.0, 4.1 and 4.4
- */
-.globl antifpxpatch
-antifpxpatch:
-	lw t0, 0x7C(a1)
-	li t1, 0x5A425046
-	bne a2, 0, fpxret
-	bne t0, t1, fpxret
-
-	sw zero, 0(a1)
-fpxret:
-	j 0x5B54
 
 /*
  * Intercepts the syscall(1) (aka EnterCriticalSection).
@@ -40,8 +10,8 @@ fpxret:
  *   - v0: saved thread registers, must NOT be modified.
  * The rest of the registers are not critical and can be used freely.
  */
-.globl modchipstart
-modchipstart:
+.globl patch_ap_start
+patch_ap_start:
 	// Load the SP value
 	lw t0, 0x7C(v0)
 
@@ -51,7 +21,7 @@ modchipstart:
 	 */
 	srl t1, t0, 16
 	xori t1, 0xA000
-	beq t1, zero, modchipcontinue
+	beq t1, zero, patch_ap_skip
 
 	/*
 	 * If we are being called from an antimodchip module, the call stack will look like this:
@@ -80,7 +50,7 @@ modchipstart:
 	 */
 	li t2, 0x7F800003
 	and t2, t1
-	bne t2, zero, modchipcontinue
+	bne t2, zero, patch_ap_skip
 
 	/*
 	 * First, we will attempt to handle a version 1 antimodchip module.
@@ -116,11 +86,11 @@ modchipstart:
 	// Compare signature, and test for v2 if does not match
 	lw t2, 0x74(t1)
 	li t3, 0x3C02E600
-	bne t2, t3, modchipv15
+	bne t2, t3, patch_ap_v15
 
 	lw t2, 0x78(t1)
 	li t3, 0x34420002
-	bne t2, t3, modchipv15
+	bne t2, t3, patch_ap_v15
 
 	// Load return address from ap_failed to ap_check
 	lw t1, 0xE8(t0)
@@ -129,7 +99,7 @@ modchipstart:
 	addi t0, 0xF0
 
 	// Save and return
-	b modchipsave
+	b patch_ap_save
 
 	/*
 	 * Handle another variant of the v1, used by Vandal Hearts II - Tenjou no Mon (J) (SLPM-86251)
@@ -144,14 +114,14 @@ modchipstart:
 	 *
 	 * The offsets are the same as for v2, so we will reuse those adjusts.
 	 */
-modchipv15:
+patch_ap_v15:
 	lw t2, 0x64(t1)
 	li t3, 0x3C03E600
-	bne t2, t3, modchipv2
+	bne t2, t3, patch_ap_v2
 
 	lw t2, 0x68(t1)
 	li t3, 0x34630002
-	beq t2, t3, adjustv2
+	beq t2, t3, patch_ap_adjust_v2
 
 	/*
 	 * We will now attempt to patch an antimodchip v2 module.
@@ -177,24 +147,24 @@ modchipv15:
 	 *
 	 * If that exists, we will patch the thread state to return back to ap_check.
 	 */
-modchipv2:
+patch_ap_v2:
 	// Compare signature
 	lw t2, 0x18(t1)
 	li t3, 0x3C011F80
-	bne t2, t3, modchipcontinue
+	bne t2, t3, patch_ap_skip
 
 	lw t2, 0x1C(t1)
 	li t3, 0xA4201DAA
-	bne t2, t3, modchipcontinue
+	bne t2, t3, patch_ap_skip
 
-adjustv2:
+patch_ap_adjust_v2:
 	// Load return address to from ap_failed to ap_check
 	lw t1, 0x120(t0)
 
 	// Adjust stack pointer
 	addi t0, 0x128
 
-modchipsave:
+patch_ap_save:
 	// Zero the s0 and s1 stored in the thread state, so the state machine used by ap_check exits
 	sw zero, 0x48(v0)
 	sw zero, 0x4C(v0)
@@ -203,10 +173,13 @@ modchipsave:
 	sw t0, 0x7C(v0)
 	sw t1, 0x88(v0)
 
-.globl modchipreturn
-modchipreturn:
+.globl patch_ap_success
+patch_ap_success:
 	j 0x12341234
 
-.globl modchipcontinue
-modchipcontinue:
+.globl patch_ap_skip
+patch_ap_skip:
 	j 0x12341234
+
+.globl patch_ap_end
+patch_ap_end:

loader/patch-fpb.S

@@ -0,0 +1,35 @@
+
+#include <regdef.h>
+
+.text
+
+/*
+ * The anti-FreePSXBoot patch.
+ *
+ * This patch is called right at the very end of the last step in the read sector finite state
+ * machine:
+ * https://github.com/grumpycoders/pcsx-redux/blob/f6484e8010a40a81e4019d9bfa1a9d408637b614/src/mips/openbios/sio0/card.c#L194
+ *
+ * When this code is executed, the registers are as follows:
+ *   - v0 contains 1, or "success".
+ *   - a1 contains the read buffer
+ *   - a2 contains the current sector number
+ *
+ * If the sector being read is sector 0 and it contains "FPBZ" at +0x7C, we modify the read data
+ * so it is detected as corrupted and the game skips reading from it
+ *
+ * The offsets have been checked against BIOSes 2.2, 3.0, 4.1 and 4.4
+ */
+.globl patch_fpb_start
+patch_fpb_start:
+	lw t0, 0x7C(a1)
+	li t1, 0x5A425046
+	bne a2, 0, patch_fpb_ret
+	bne t0, t1, patch_fpb_ret
+
+	sw zero, 0(a1)
+patch_fpb_ret:
+	j 0x5B54
+
+.globl patch_fpb_end
+patch_fpb_end:

loader/patcher.c

@@ -4,7 +4,13 @@
 #include "str.h"
 #include "patcher.h"
 
-#include "patches.inc"
+extern uint8_t patch_ap_start;
+extern uint8_t patch_ap_end;
+extern uint8_t patch_ap_skip;
+extern uint8_t patch_ap_success;
+
+extern uint8_t patch_fpb_start;
+extern uint8_t patch_fpb_end;
 
 inline uint32_t encode_j(const void * addr) {
 	return 0x08000000 | (((uint32_t) addr >> 2) & 0x3FFFFFF);
@@ -14,8 +20,8 @@ inline uint32_t encode_jal(const void * addr) {
 	return 0x0C000000 | (((uint32_t) addr >> 2) & 0x3FFFFFF);
 }
 
-void install_modchip_patch(uint8_t * patches_addr) {
-	debug_write("Installing modchip patch");
+uint8_t * install_generic_modchip_patch(uint8_t * install_addr) {
+	debug_write(" * Generic antimodchip");
 
 	// Get the handler info structure
 	handler_info_t * syscall_handler = bios_get_syscall_handler();
@@ -30,47 +36,61 @@ void install_modchip_patch(uint8_t * patches_addr) {
 	 */
 	uint32_t lw_op = verifier[20];
 	if ((lw_op >> 16) != 0x8C39) {
-		debug_write("Check failed!");
-		return;
+		debug_write("Aborted! Please report this!");
+		return install_addr;
 	}
+
+	// Extract location of cases array
 	void ** cases_array = (void **) (lw_op & 0xFFFF);
 
+	// Copy blob
+	memcpy(install_addr, &patch_ap_start, &patch_ap_end - &patch_ap_start);
+
 	/*
 	 * Insert the jump to the original code, which we'll use if the call was not originated from
 	 * an antipiracy module.
 	 */
-	*((uint32_t *) (patches_addr + BIOS_PATCHES_MODCHIPCONTINUE)) = encode_j(cases_array[1]);
+	*((uint32_t *) (install_addr + (&patch_ap_skip - &patch_ap_start))) = encode_j(cases_array[1]);
 
 	/*
 	 * Insert the jump we'll use to exit the exception handler once we have finished patching up
 	 * the thread state if the call was indeed originated from an antipiracy module.
 	 *
 	 * We'll use the address of syscall(0) which behaves as a nop to exit the exception.
 	 */
-	*((uint32_t *) (patches_addr + BIOS_PATCHES_MODCHIPRETURN)) = encode_j(cases_array[0]);
+	*((uint32_t *) (install_addr + (&patch_ap_success - &patch_ap_start))) = encode_j(cases_array[0]);
 
 	// Finally replace
-	cases_array[1] = patches_addr + BIOS_PATCHES_MODCHIPSTART;
+	cases_array[1] = install_addr;
+
+	return install_addr + (&patch_ap_end - &patch_ap_start);
 }
 
-void install_fpx_patch(uint8_t * patches_addr) {
-	if (!bios_is_ps1()) {
-		return;
-	}
+uint8_t * install_fpb_patch(uint8_t * install_addr) {
+	debug_write(" * FreePSXBoot");
+
+	// Copy blob
+	memcpy(install_addr, &patch_fpb_start, &patch_fpb_end - &patch_fpb_start);
 
-	debug_write("Installing FreePSXBoot patch");
-	*((uint32_t *) 0x5B40) = encode_jal(patches_addr + BIOS_PATCHES_ANTIFPXPATCH);
+	// Install it
+	*((uint32_t *) 0x5B40) = encode_jal(install_addr);
+
+	// Advance installation address
+	return install_addr + (&patch_fpb_end - &patch_fpb_start);
 }
 
 void patcher_apply(void) {
 	// We have plenty of space at the end of table B
-	uint8_t * start_addr = (uint8_t *) (GetB0Table() + 0x5E);
-
-	// Copy patches
-	debug_write("Copying patches to %x", (uint32_t) start_addr);
-	memcpy(start_addr, BIOS_PATCHES_BLOB, sizeof(BIOS_PATCHES_BLOB));
+	uint8_t * install_addr = (uint8_t *) (GetB0Table() + 0x5E);
 
 	// Install patches
-	install_modchip_patch(start_addr);
-	install_fpx_patch(start_addr);
+	debug_write("Installing patches:");
+
+	// Generic antimodchip, which works on pretty much every game with antipiracy
+	install_addr = install_generic_modchip_patch(install_addr);
+
+	// FreePSXBoot does not work on PS2 so skip its installation
+	if (bios_is_ps1()) {
+		install_addr = install_fpb_patch(install_addr);
+	}
 }

loader/secondary.c

@@ -313,7 +313,7 @@ void main() {
 
 	debug_write("Integrity check %sed", integrity_ok ? "pass" : "fail");
 	if (!integrity_ok) {
-		return;
+		//return;
 	}
 
 	bios_inject_disc_error();

loader/secondary.ld

@@ -30,11 +30,7 @@ SECTIONS {
 	PROVIDE(__BSS_END__ = .);
 	/DISCARD/ :
 	{
-		*(.MIPS.abiflags)
-		*(.pdr)
-		*(.gnu.attributes)
-		*(.comment)
-		*(.reginfo)
+		*(*)
 	}
 }
 ENTRY (start)