Page 1 of 1

Support developing a patch

Posted: Fri Sep 02, 2016 12:17 pm
by Neoplane
Hello everyone!

I was trying to debug some strange behaviour that I have with Internet@TV (I'm getting network interference message in almost all widgets), so I tried to modify .js files from widget manager and find out that, everytime that I modify something in widget manager, it gets reinstalled, overriding my changes. I've find out where to patch this behaviour, and I'm trying to create a patch injectable using samygoso, but I cannot find how to write the proper change on memory...

In GDB I patch by

Code: Select all

set {long int}0x016f3768 = 0xe3530001
I've create a lib that currently is able to find the proper point to patch, by:
SpoilerShow

Code: Select all

	unsigned long int *cur_addr,*addr;
	addr = (long int*)*hCTX.CNNaviAppBase_t_VerifyWM;
	log("Starting to search at: @0x%08x\n",addr);
	for(cur_addr=addr;cur_addr<addr+0x1000;cur_addr++)
	{
		if(*cur_addr == CMP_R3_0)
		{
			log("Found point to patch at: @0x%08x\n",cur_addr);
			log("Actual memory value: @0x%08x\n",*cur_addr);
			*(long int*)cur_addr = 0xE3530001; //CMP_R3_1
			log("After patch value is: @0x%08x\n",*cur_addr);
			break;
		}
	}
And the logs output that I'm getting is:
SpoilerShow

Code: Select all

[blockInfolinkUpdate] Found _ZN16CPluginInterface13GetSupportPIGEv location at: 0x01700af4
[blockInfolinkUpdate] Found _fini location at: 0x01ac19a0
[blockInfolinkUpdate] text range: @0x016f6af4 -> @0x016a6af4
[blockInfolinkUpdate] rodata range: @0x01ac19a0 -> @0x0a2c19a0
[blockInfolinkUpdate] Found t_VerifyWM at @0x016f3744
[blockInfolinkUpdate] Found _ZN13CNNaviAppBase10t_VerifyWMEv at: 0x016f3728
[blockInfolinkUpdate] _ZN13CNNaviAppBase10t_VerifyWMEv [0x16f3728].
[blockInfolinkUpdate] TV Model: C Series
[blockInfolinkUpdate] Starting to search at: @0x016f3728
[blockInfolinkUpdate] Found point to patch at: @0x016f3768
[blockInfolinkUpdate] Actual memory value: @0xe3530000
And exeDSP crashes, but I cannot find why, as dmesg gets totally filled with trash and I don't have an EXLink cable (I'll make one soon I think :lol: )...
I assume that my problem is how I'm writting to memory, maybe a problem with types... but I'm totally a noob in C thus, someone have a clue where it's my error?

Thanks!!!

Re: Support developing a patch

Posted: Fri Sep 02, 2016 10:09 pm
by sectroyer
you have to mprotect from lib :)

Re: Support developing a patch

Posted: Tue Sep 06, 2016 6:01 pm
by Neoplane
You're the man! Got it working by using mprotect.

I will clean a bit the patch and publish it soon.

Thanks for your support sectroyer!