Injecting modules into exeDSP

Ideas and dreaming will go this forum

pjslf
Posts: 17
Joined: Sat Dec 18, 2010 7:12 pm
Location: Czech Republic

Re: Injecting modules into exeDSP

Post by pjslf »

I can confirm that channelinfo works on 2008 FW without any modification. I didn't have time to try samygoDCA, so i'll try it next time. Injectso works like a charm! Once again, thanks for this great tool.
LE40B550A5WXXH | T-CHL5DEUC-2008.0 / patched u-boot / network support
mattberlin
SamyGO Project Donor
Posts: 140
Joined: Sun Jan 24, 2010 6:18 pm
Location: Germany

Re: Injecting modules into exeDSP

Post by mattberlin »

Do you guys also have prolems when trying to launch Netsurf or PVR?
my TV: LE32B679
smartsmurf
Official SamyGO Developer
Posts: 111
Joined: Thu Jun 24, 2010 8:26 am
Location: Frankfurt, Germany

Re: Injecting modules into exeDSP

Post by smartsmurf »

deniskapu wrote:Hello Smartsmurf
The TV B550/B6000 is no SDL library Game_LIB/..
Accordingly, you can not run the game with SDL-libraries
how do you think it is possible to inject these libraries in exeDSP

Sorry for my English
Please provide more details:
(1) What do you want to achieve?
(2) What commandline do you use?
(3) What (error) results do you get?
alexandregz
Posts: 21
Joined: Mon Jan 03, 2011 11:06 am

Re: Injecting modules into exeDSP

Post by alexandregz »

Same problem with B6000 and mybuttons app.

The app have a debug log inside at file /mtd_ram/mybuttons_loader.log:

Code: Select all

# tail -f mybuttons_loader.log 

Game_Main() started
injector() started
- getting self handle
- self handle retrieved
- getting keypress function
- keypress function retrieved
- loading library:
/mtd_rwarea/apps/mybuttons/mybuttons.so
/mtd_rwarea/apps/mybuttons/mybuttons.so: undefined symbol: SDL_LoadBMP_RW




My command:

Code: Select all

# /mtd_contents/SamyGO/opt/privateer/usr/bin/injectso `pidof exeDSP` /mtd_rwarea/apps/mybuttons/loader.so Game_Main /mtd_rwarea/apps/mybuttons/

Module injector V1.2 for ARM based CPUs.
(copyleft) SmartSmurf 2010 (smartsmurf@shared-files.de)

Info: Import dlopen set at 0x004ae424
Info: Import dlsym set at 0x004ada34
Info: Import dlclose set at 0x004ad50c
Info: current register set:
R0 =0xFFFFFFFC R1 =0x00000000 R2 =0x00000001 R3 =0x00000000
R4 =0x00000001 R5 =0x02512C58 R6 =0x0200C0D8 R7 =0x000000F0
R8 =0x00000000 R9 =0x00000000 R10=0xBEC0DA78 R11=0x00000000
R12=0x00000001 SP =0xBEC0DA68 LR =0x4005DA44 PC =0x4005B008
CPSR=0x80000010

Info: new SP for inject code 0xBEC0D668
Done.
plasticassius
Posts: 61
Joined: Fri Dec 17, 2010 12:37 am

Re: Injecting modules into exeDSP

Post by plasticassius »

Hi, I've been experimenting with injectso. And, my test module works to a degree. I am having a few difficulties, though. I've modified the example module from injectso.

Code: Select all

#include <stdio.h>
#include <unistd.h>

#define LOG_FILE "/dtv/module.log"

int Highjack(int *r0, int *r1, int *r2)
{
    FILE* fp = fopen(LOG_FILE, "a+");
    fprintf(fp, "<Highjack>: hit.\n" );
    fprintf(fp, "<Highjack>: r0 = 0x%x, r1 = 0x%x, r2 = 0x%x.\n", r0, r1, r2 );
    fprintf(fp, "<Highjack>: *r0 = 0x%x 0x%x.\n", r0[0], r0[1] );
    fprintf(fp, "<Highjack>: *r1 = 0x%x 0x%x.\n", r1[0], r1[1] );
    fclose(fp);
    return 0;
}

int Inject_Main( const char * arg1 )
{
    int reg_pc,reg_fp,reg_sp;
    asm ("mov %[result],pc" : [result] "=r" (reg_pc));
    asm ("mov %[result],fp" : [result] "=r" (reg_fp));
    asm ("mov %[result],sp" : [result] "=r" (reg_sp));

    FILE* fp = fopen(LOG_FILE, "a+");
    fprintf(fp, "<Inject_Main>: module loaded.\n");
    fprintf(fp, "<Inject_Main>: arg1 = '%s'.\n", arg1);
    fprintf(fp, "<Inject_Main>: &Highjack = 0x%x.\n", &Highjack);
    int (*hp)(int *r0, int *r1, int *r2) = &Highjack;
    fprintf(fp, "<Inject_Main>: &Highjack = 0x%x.\n", hp);
    fprintf(fp, "<Inject_Main>: &Inject_Main = 0x%x, pc = 0x%x.\n", &Inject_Main, reg_pc);
    fprintf(fp, "<Inject_Main>: fp = 0x%x, sp = 0x%x.\n", reg_fp, reg_sp);
    fclose(fp);

    char data[] = "abcdefghABCDEFGH";
    hp((int*)&data[0], (int*)&data[8], (int*)5);

#if 0
    // convert to unconditional branch
    *((int*)0x4c09ec) = 0xeaffffdc; // b	0x4c0964
#endif

    return 0;
}
The code above works as I've pasted it in. But, I'm trying to patch calls to my Highjack function into exeDSP. The first problem I ran into is that when I patch exeDSP, like with the line towards the end of Inject_Main (unrelated to Highjack). Modifying this instruction causes exeDSP to exit with a fault. It faults immediately during the write, but I am able to modify the instruction with gdb. Is there a way around the write protection so I can modify exeDSP within the module? Or do I have to do it with an external program? There's really no problem with doing it externally, I just didn't try it that way yet.

My next problem, is that the injected file seems to be unloaded when Inject_Main exits. After injecting the module, I try to peek into exeDSP with gdb. And, when I look at addresses where Highjack and Inject_Main should be, there're not there. The only explanation I can think of is that when Inject_Main exits, the whole module is unloaded. Or, somehow the pointers are wrong, but I don't see how.

Post Reply

Return to “[B] Brainstorm”