Injecting modules into exeDSP
Re: Injecting modules into exeDSP
I can confirm that channelinfo works on 2008 FW without any modification. I didn't have time to try samygoDCA, so i'll try it next time. Injectso works like a charm! Once again, thanks for this great tool.
LE40B550A5WXXH | T-CHL5DEUC-2008.0 / patched u-boot / network support
-
- SamyGO Project Donor
- Posts: 140
- Joined: Sun Jan 24, 2010 6:18 pm
- Location: Germany
Re: Injecting modules into exeDSP
Do you guys also have prolems when trying to launch Netsurf or PVR?
my TV: LE32B679
-
- Official SamyGO Developer
- Posts: 111
- Joined: Thu Jun 24, 2010 8:26 am
- Location: Frankfurt, Germany
Re: Injecting modules into exeDSP
Please provide more details:deniskapu wrote:Hello Smartsmurf
The TV B550/B6000 is no SDL library Game_LIB/..
Accordingly, you can not run the game with SDL-libraries
how do you think it is possible to inject these libraries in exeDSP
Sorry for my English
(1) What do you want to achieve?
(2) What commandline do you use?
(3) What (error) results do you get?
-
- Posts: 21
- Joined: Mon Jan 03, 2011 11:06 am
Re: Injecting modules into exeDSP
Same problem with B6000 and mybuttons app.
The app have a debug log inside at file /mtd_ram/mybuttons_loader.log:
My command:
The app have a debug log inside at file /mtd_ram/mybuttons_loader.log:
Code: Select all
# tail -f mybuttons_loader.log
Game_Main() started
injector() started
- getting self handle
- self handle retrieved
- getting keypress function
- keypress function retrieved
- loading library:
/mtd_rwarea/apps/mybuttons/mybuttons.so
/mtd_rwarea/apps/mybuttons/mybuttons.so: undefined symbol: SDL_LoadBMP_RW
My command:
Code: Select all
# /mtd_contents/SamyGO/opt/privateer/usr/bin/injectso `pidof exeDSP` /mtd_rwarea/apps/mybuttons/loader.so Game_Main /mtd_rwarea/apps/mybuttons/
Module injector V1.2 for ARM based CPUs.
(copyleft) SmartSmurf 2010 (smartsmurf@shared-files.de)
Info: Import dlopen set at 0x004ae424
Info: Import dlsym set at 0x004ada34
Info: Import dlclose set at 0x004ad50c
Info: current register set:
R0 =0xFFFFFFFC R1 =0x00000000 R2 =0x00000001 R3 =0x00000000
R4 =0x00000001 R5 =0x02512C58 R6 =0x0200C0D8 R7 =0x000000F0
R8 =0x00000000 R9 =0x00000000 R10=0xBEC0DA78 R11=0x00000000
R12=0x00000001 SP =0xBEC0DA68 LR =0x4005DA44 PC =0x4005B008
CPSR=0x80000010
Info: new SP for inject code 0xBEC0D668
Done.
-
- Posts: 61
- Joined: Fri Dec 17, 2010 12:37 am
Re: Injecting modules into exeDSP
Hi, I've been experimenting with injectso. And, my test module works to a degree. I am having a few difficulties, though. I've modified the example module from injectso.
The code above works as I've pasted it in. But, I'm trying to patch calls to my Highjack function into exeDSP. The first problem I ran into is that when I patch exeDSP, like with the line towards the end of Inject_Main (unrelated to Highjack). Modifying this instruction causes exeDSP to exit with a fault. It faults immediately during the write, but I am able to modify the instruction with gdb. Is there a way around the write protection so I can modify exeDSP within the module? Or do I have to do it with an external program? There's really no problem with doing it externally, I just didn't try it that way yet.
My next problem, is that the injected file seems to be unloaded when Inject_Main exits. After injecting the module, I try to peek into exeDSP with gdb. And, when I look at addresses where Highjack and Inject_Main should be, there're not there. The only explanation I can think of is that when Inject_Main exits, the whole module is unloaded. Or, somehow the pointers are wrong, but I don't see how.
Code: Select all
#include <stdio.h>
#include <unistd.h>
#define LOG_FILE "/dtv/module.log"
int Highjack(int *r0, int *r1, int *r2)
{
FILE* fp = fopen(LOG_FILE, "a+");
fprintf(fp, "<Highjack>: hit.\n" );
fprintf(fp, "<Highjack>: r0 = 0x%x, r1 = 0x%x, r2 = 0x%x.\n", r0, r1, r2 );
fprintf(fp, "<Highjack>: *r0 = 0x%x 0x%x.\n", r0[0], r0[1] );
fprintf(fp, "<Highjack>: *r1 = 0x%x 0x%x.\n", r1[0], r1[1] );
fclose(fp);
return 0;
}
int Inject_Main( const char * arg1 )
{
int reg_pc,reg_fp,reg_sp;
asm ("mov %[result],pc" : [result] "=r" (reg_pc));
asm ("mov %[result],fp" : [result] "=r" (reg_fp));
asm ("mov %[result],sp" : [result] "=r" (reg_sp));
FILE* fp = fopen(LOG_FILE, "a+");
fprintf(fp, "<Inject_Main>: module loaded.\n");
fprintf(fp, "<Inject_Main>: arg1 = '%s'.\n", arg1);
fprintf(fp, "<Inject_Main>: &Highjack = 0x%x.\n", &Highjack);
int (*hp)(int *r0, int *r1, int *r2) = &Highjack;
fprintf(fp, "<Inject_Main>: &Highjack = 0x%x.\n", hp);
fprintf(fp, "<Inject_Main>: &Inject_Main = 0x%x, pc = 0x%x.\n", &Inject_Main, reg_pc);
fprintf(fp, "<Inject_Main>: fp = 0x%x, sp = 0x%x.\n", reg_fp, reg_sp);
fclose(fp);
char data[] = "abcdefghABCDEFGH";
hp((int*)&data[0], (int*)&data[8], (int*)5);
#if 0
// convert to unconditional branch
*((int*)0x4c09ec) = 0xeaffffdc; // b 0x4c0964
#endif
return 0;
}
My next problem, is that the injected file seems to be unloaded when Inject_Main exits. After injecting the module, I try to peek into exeDSP with gdb. And, when I look at addresses where Highjack and Inject_Main should be, there're not there. The only explanation I can think of is that when Inject_Main exits, the whole module is unloaded. Or, somehow the pointers are wrong, but I don't see how.