Advertising (This ad goes away for registered users. You can Login or Register)

vHBL porting with missing UtilityLoad/Unload imports

VHBL (Vita Half Byte Loader) is an open source tool to load PSP homebrews on the Playstation Vita.
VHBL can be downloaded at http://wololo.net/vhbl
frostegater
Guru
Posts: 426
Joined: Mon Jan 24, 2011 1:54 pm
Location: Russia

vHBL porting with missing UtilityLoad/Unload imports

Post by frostegater »

Hello guys. I have one exploit in a mini game. The game is cool and very cheap.
But missed sceUtilityLoadModule and sceUtilityUnloadModule. It uses in runtime_stubs.c: load_modules_for_stubs() and unload_modules_for_stubs(). If I can't just remove this functions then how I can substitute sceUtilityLoadModule and sceUtilityUnloadModule?
P.S. I have sceKernelUnloadModule.
Advertising
Our hearts will beating on 333MHz 'till we die
Acid_Snake
Retired Mod
Posts: 3100
Joined: Tue May 01, 2012 11:32 am
Location: Behind you!

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by Acid_Snake »

try hooking sceUtilityUnloadModule with sceKernelUnloadModule and sceUtilityLoadModule with sceKernelLoadModule (if it exists)
Advertising
frostegater
Guru
Posts: 426
Joined: Mon Jan 24, 2011 1:54 pm
Location: Russia

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by frostegater »

sceKernelLoadModule is missed
Our hearts will beating on 333MHz 'till we die
wololo
Site Admin
Posts: 3621
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by wololo »

Basically sceUtilityLoadModule and sceUtilityUnloadModule are prerequisites for a port of VHBL these days.
That's because it is the best way for us to load additional syscalls.

You can try to *not* define LOAD_MODULES_FOR_SYSCALLS in your exploit config and see how it goes (But most likely, it will miss essential functions...).
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!
frostegater
Guru
Posts: 426
Joined: Mon Jan 24, 2011 1:54 pm
Location: Russia

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by frostegater »

Ok. I make undef LOAD_MODULES_FOR_SYSCALLS (and make some useless things to avoid warnings), but now it crashes in creating HBL thread (eloader.c: thid = sceKernelCreateThread("HBL", start_thread, 0x18, 0x10000, 0, NULL);)
Our hearts will beating on 333MHz 'till we die
wololo
Site Admin
Posts: 3621
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by wololo »

is the function sceKernelCreateThread imported by the game?
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!
frostegater
Guru
Posts: 426
Joined: Mon Jan 24, 2011 1:54 pm
Location: Russia

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by frostegater »

Yes
Our hearts will beating on 333MHz 'till we die
wololo
Site Admin
Posts: 3621
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by wololo »

can you post the dbglog? (and remove sensitive information)
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!
frostegater
Guru
Posts: 426
Joined: Mon Jan 24, 2011 1:54 pm
Location: Russia

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by frostegater »

Code: Select all

Detected firmware version is 0x06060010
p5_get_stubs
entering savedata dialog loop
status changed from -1 to 2
status changed from 2 to 3
status changed from 3 to 0
dialog has shut down
Relocating stub addresses from 0x08414A0C to 0x09D70000
current stub: 0x08414AFC 0x00000011 0x00004001 0x00000005 0x00000006 0x08414CA4 0x08414930
relocated to: 0x09D700F0 0x09D70298 0x09D6FF24
current stub: 0x08414B0C 0x00000011 0x00004001 0x00000005 0x0000000E 0x08414CCC 0x08414980
relocated to: 0x09D70100 0x09D702C0 0x09D6FF74
current stub: 0x08414B24 0x00000011 0x00004001 0x00000005 0x00000001 0x08414CC0 0x08414968
relocated to: 0x09D70118 0x09D702B4 0x09D6FF5C
current stub: 0x08414B30 0x00000011 0x00004001 0x00000005 0x00000001 0x08414CBC 0x08414960
relocated to: 0x09D70124 0x09D702B0 0x09D6FF54
current stub: 0x08414B40 0x00000011 0x00004000 0x00000005 0x00000003 0x08414C2C 0x08414840
relocated to: 0x09D70134 0x09D70220 0x09D6FE34
current stub: 0x08414B58 0x00000011 0x00004001 0x00000005 0x00000011 0x08414BD8 0x08414798
relocated to: 0x09D7014C 0x09D701CC 0x09D6FD8C
current stub: 0x08414B70 0x00000011 0x00000001 0x00000005 0x00000004 0x08414C1C 0x08414820
relocated to: 0x09D70164 0x09D70210 0x09D6FE14
current stub: 0x08414B84 0x00000011 0x00004000 0x00000005 0x00000002 0x08414CC4 0x08414970
relocated to: 0x09D70178 0x09D702B8 0x09D6FF64
current stub: 0x08414B9C 0x00000011 0x00004001 0x00000005 0x0000001B 0x08414C38 0x08414858
relocated to: 0x09D70190 0x09D7022C 0x09D6FE4C
entering savedata dialog loop
status changed from -1 to 2
status changed from 2 to 3
status changed from 3 to 4
status changed from 4 to 0
dialog has shut down
Relocating stub addresses from 0x084C37F0 to 0x09D10000
current stub: 0x084C3944 0x00000011 0x00004001 0x00000005 0x00000003 0x084C5FD4 0x084C36E4
relocated to: 0x09D10154 0x09D127E4 0x09D0FEF4
current stub: 0x084C3954 0x00000011 0x00004001 0x00000005 0x00000008 0x084C5FFC 0x084C3734
relocated to: 0x09D10164 0x09D1280C 0x09D0FF44
current stub: 0x084C3964 0x00000011 0x00004001 0x00000005 0x00000003 0x084C5FE0 0x084C36FC
relocated to: 0x09D10174 0x09D127F0 0x09D0FF0C
current stub: 0x084C3970 0x00000011 0x00004001 0x00000005 0x00000003 0x084C5FEC 0x084C3714
relocated to: 0x09D10180 0x09D127FC 0x09D0FF24
current stub: 0x084C3980 0x00000011 0x00004001 0x00000005 0x00000001 0x084C5FF8 0x084C372C
relocated to: 0x09D10190 0x09D12808 0x09D0FF3C
current stub: 0x084C398C 0x00000011 0x00004001 0x00000005 0x00000003 0x084C6034 0x084C37A4
relocated to: 0x09D1019C 0x09D12844 0x09D0FFB4
current stub: 0x084C3998 0x00000011 0x00004001 0x00000005 0x00000006 0x084C601C 0x084C3774
relocated to: 0x09D101A8 0x09D1282C 0x09D0FF84
current stub: 0x084C39A4 0x00000011 0x00004000 0x00000005 0x00000002 0x084C5F50 0x084C35DC
relocated to: 0x09D101B4 0x09D12760 0x09D0FDEC
current stub: 0x084C39BC 0x00000011 0x00004000 0x00000005 0x00000003 0x084C5F00 0x084C353C
relocated to: 0x09D101CC 0x09D12710 0x09D0FD4C
current stub: 0x084C39D4 0x00000011 0x00004001 0x00000005 0x00000007 0x084C5F0C 0x084C3554
relocated to: 0x09D101E4 0x09D1271C 0x09D0FD64
current stub: 0x084C39EC 0x00000011 0x00000001 0x00000005 0x00000006 0x084C5F28 0x084C358C
relocated to: 0x09D101FC 0x09D12738 0x09D0FD9C
current stub: 0x084C3A00 0x00000011 0x00004001 0x00000005 0x00000004 0x084C5F40 0x084C35BC
relocated to: 0x09D10210 0x09D12750 0x09D0FDCC
current stub: 0x084C3A18 0x00000011 0x00004001 0x00000005 0x0000001C 0x084C5F58 0x084C35EC
relocated to: 0x09D10228 0x09D12768 0x09D0FDFC
current stub: 0x084C3A30 0x00000011 0x00004001 0x00000005 0x00000003 0x084C5FC8 0x084C36CC
relocated to: 0x09D10240 0x09D127D8 0x09D0FEDC
Relocating stub addresses from 0x0876DB70 to 0x09D30000
current stub: 0x0876DC3C 0x00000011 0x00000001 0x00000106 0x0000000C 0x0876DEE8 0x0876DA78
relocated to: 0x09D300CC 0x09D30378 0x09D2FF08
current stub: 0x0876DC48 0x00000011 0x00004001 0x00000005 0x00000009 0x0876DF1C 0x0876DAE0
relocated to: 0x09D300D8 0x09D303AC 0x09D2FF70
current stub: 0x0876DC54 0x00000011 0x00004001 0x00000005 0x00000001 0x0876DF18 0x0876DAD8
relocated to: 0x09D300E4 0x09D303A8 0x09D2FF68
current stub: 0x0876DC64 0x00000011 0x00004001 0x00000005 0x00000003 0x0876DEA8 0x0876D9F8
relocated to: 0x09D300F4 0x09D30338 0x09D2FE88
current stub: 0x0876DC7C 0x00000011 0x00000001 0x00000005 0x00000004 0x0876DEB4 0x0876DA10
relocated to: 0x09D3010C 0x09D30344 0x09D2FEA0
current stub: 0x0876DC90 0x00000011 0x00004000 0x00000005 0x00000002 0x0876DF40 0x0876DB28
relocated to: 0x09D30120 0x09D303D0 0x09D2FFB8
current stub: 0x0876DCA8 0x00000011 0x00004001 0x00000005 0x00000009 0x0876DEC4 0x0876DA30
relocated to: 0x09D30138 0x09D30354 0x09D2FEC0
Relocating stub addresses from 0x08775C2C to 0x09D50000
current stub: 0x08775D4C 0x00000011 0x00004001 0x00000005 0x0000000E 0x0877600C 0x08775B04
relocated to: 0x09D50120 0x09D503E0 0x09D4FED8
current stub: 0x08775D64 0x00000011 0x00000001 0x00000106 0x00000012 0x08776044 0x08775B74
relocated to: 0x09D50138 0x09D50418 0x09D4FF48
current stub: 0x08775D7C 0x00000011 0x00000001 0x00000306 0x00000057 0x08775E94 0x08775814
relocated to: 0x09D50150 0x09D50268 0x09D4FBE8
current stub: 0x08775D88 0x00000011 0x00004001 0x00000005 0x00000002 0x08775E8C 0x08775804
relocated to: 0x09D5015C 0x09D50260 0x09D4FBD8
current stub: 0x08775D98 0x00000011 0x00004001 0x00000005 0x00000004 0x08775FFC 0x08775AE4
relocated to: 0x09D5016C 0x09D503D0 0x09D4FEB8
current stub: 0x08775DA8 0x00000011 0x00004001 0x00000005 0x00000001 0x08775E88 0x087757FC
relocated to: 0x09D5017C 0x09D5025C 0x09D4FBD0
current stub: 0x08775DB4 0x00000011 0x00004001 0x00000005 0x00000003 0x08775FF0 0x08775ACC
relocated to: 0x09D50188 0x09D503C4 0x09D4FEA0
current stub: 0x08775DC4 0x00000011 0x00004000 0x00000005 0x00000001 0x08775E64 0x087757B4
relocated to: 0x09D50198 0x09D50238 0x09D4FB88
current stub: 0x08775DDC 0x00000011 0x00004001 0x00000005 0x00000006 0x08775E44 0x08775774
relocated to: 0x09D501B0 0x09D50218 0x09D4FB48
current stub: 0x08775DF4 0x00000011 0x00000001 0x00000005 0x00000002 0x08775E5C 0x087757A4
relocated to: 0x09D501C8 0x09D50230 0x09D4FB78
current stub: 0x08775E08 0x00000011 0x00004001 0x00000005 0x00000008 0x08775E68 0x087757BC
relocated to: 0x09D501DC 0x09D5023C 0x09D4FB90
p5_get_stubs DONE
Loading HBL
HBL loaded to allocated memory @ 0x09546000
Copying & resolving HBL stubs
Config file:ms0:/PSP/SAVEDATA/H/imports.dat
--> HBL imports from imports.config: 64
1. 0x109F50BC
2. 0x42EC03AC
3. 0x810C4BC3
4. 0x27EB27B8
5. 0x6A638D83
6. 0xB29DDF9C
7. 0xE3EB004C
8. 0xEB092469
9. 0x54F5FB11
10. 0x55F4717D
11. 0x779103A0
12. 0x06A70004
13. 0xD1FF982A
14. 0x2E0911AA
15. 0xD8B73127
16. 0x8F2DF740
17. 0x79D1C3FA
18. 0x3EE30821
19. 0x34B9FA9E
20. 0xCEADEB47
21. 0xF475845D
22. 0x446D8DE6
23. 0x616403BA
24. 0x809CE29B
25. 0x9FA03CD3
26. 0xEF9E4C70
27. 0xAA73C935
28. 0x68DA9E36
29. 0x82826F70
30. 0x876DBFAD
31. 0x884C9F90
32. 0xDF52098F
33. 0x293B45B8
34. 0xE81CAF8F
35. 0x3F53E640
36. 0x4E3A1105
37. 0xD6DA4BA1
38. 0x9944F31F
39. 0x75156E8F
40. 0x6D212BAC
41. 0x05572A5F
42. 0x4AC57943
43. 0x237DBD4F
44. 0x9D9A5BA1
45. 0xB6D61D02
46. 0x289D82FE
47. 0x984C27E7
48. 0x1F803938
49. 0x3A622550
50. 0xBD2BDE07
51. 0x6FC46853
52. 0xB011922F
53. 0x136CAF51
54. 0x13F592BC
55. 0x5EC81C55
56. 0xE7C27D1B
57. 0xEBD177D6
58. 0x2A2B3DE0
59. 0xE49BFE92
60. 0x67AF3428
61. 0x9A1C91D7
62. 0x95FC253B
63. 0x2AD8E239
64. 0xE47E40E4
Loading 2 stubs
ENTERING search_game_stubs() 0x0883B748
nid:0x136CAF51, address:0x0883B6DC call:0x03E00008 0x0008AC4C
nid:0x13F592BC, address:0x0883B6E4 call:0x03E00008 0x0008AC8C
nid:0x5EC81C55, address:0x0883B6EC call:0x03E00008 0x0008AE0C
nid:0x6FC46853, address:0x0883B6F4 call:0x03E00008 0x0008A7CC
nid:0xB011922F, address:0x0883B704 call:0x03E00008 0x0008A98C
nid:0x2AD8E239, address:0x0883B68C call:0x03E00008 0x0008E5CC
nid:0x67AF3428, address:0x0883B6A4 call:0x03E00008 0x0008D14C
nid:0x95FC253B, address:0x0883B6B4 call:0x03E00008 0x0008D4CC
nid:0x9A1C91D7, address:0x0883B6C4 call:0x03E00008 0x0008D54C
nid:0x42EC03AC, address:0x0883B60C call:0x03E00008 0x00084B4C
nid:0x54F5FB11, address:0x0883B614 call:0x03E00008 0x00084B8C
nid:0x6A638D83, address:0x0883B61C call:0x03E00008 0x00084CCC
nid:0x779103A0, address:0x0883B62C call:0x03E00008 0x00084D8C
nid:0x810C4BC3, address:0x0883B634 call:0x03E00008 0x00084DCC
nid:0x109F50BC, address:0x0883B65C call:0x03E00008 0x000849CC
nid:0x27EB27B8, address:0x0883B664 call:0x03E00008 0x00084A8C
nid:0x05572A5F, address:0x0883B5EC call:0x03E00008 0x0008768C
nid:0x4AC57943, address:0x0883B5F4 call:0x03E00008 0x0008774C
nid:0x2E0911AA, address:0x0883B5C4 call:0x03E00008 0x0008500C
nid:0xD1FF982A, address:0x0883B5CC call:0x03E00008 0x0008528C
nid:0xD8B73127, address:0x0883B5D4 call:0x03E00008 0x0008534C
nid:0x8F2DF740, address:0x0883B5E4 call:0x03E00008 0x0008514C
nid:0x237DBD4F, address:0x0883B584 call:0x03E00008 0x0008618C
nid:0x9D9A5BA1, address:0x0883B594 call:0x03E00008 0x0008648C
nid:0xB6D61D02, address:0x0883B59C call:0x03E00008 0x0008658C
nid:0xCEADEB47, address:0x0883B4FC call:0x03E00008 0x0008208C
nid:0xE81CAF8F, address:0x0883B50C call:0x03E00008 0x0008240C
nid:0xEF9E4C70, address:0x0883B514 call:0x03E00008 0x0008258C
nid:0xF475845D, address:0x0883B51C call:0x03E00008 0x0008264C
nid:0x293B45B8, address:0x0883B52C call:0x03E00008 0x00082CCC
nid:0x446D8DE6, address:0x0883B54C call:0x03E00008 0x0008318C
nid:0x9FA03CD3, address:0x0883B56C call:0x03E00008 0x00083FCC
nid:0xAA73C935, address:0x0883B574 call:0x03E00008 0x0008414C
nid:0x34B9FA9E, address:0x0883B4EC call:0x03E00008 0x0008700C
nid:0x3EE30821, address:0x0883B4F4 call:0x03E00008 0x000870CC
nid:0x1F803938, address:0x0883B4CC call:0x03E00008 0x0008964C
nid:0x289D82FE, address:0x0883B4AC call:0x03E00008 0x00088FCC
nid:0x984C27E7, address:0x0883B4B4 call:0x03E00008 0x00088C8C
nid:0xE47E40E4, address:0x0883B49C call:0x03E00008 0x00087D0C
ENTERING search_game_stubs() 0x088009A0
 ****STUBS SEARCHED
HBL Function missing at 0x00010028, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010030, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010038, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010048, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010058, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010080, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100B0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100B8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100D8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100E0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100E8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100F0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100F8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010110, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010118, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010120, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010128, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010130, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010138, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010180, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010188, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101B8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101C0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101C8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101D0, this could lead to trouble if syscall estimates do not work
HBL stubs copied, running eLoader
Starting HBL R162:FR http://code.google.com/p/valentine-hbl
DEBUG version
Firmware 6.6x detected
I hope this log don't have sensitive information.
upd/ I test it. It crashed on creating thread, true.
Our hearts will beating on 333MHz 'till we die
wololo
Site Admin
Posts: 3621
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: vHBL porting with missing UtilityLoad/Unload imports

Post by wololo »

Can you give the names of the functions defined in all these missing things?

HBL Function missing at 0x00010028, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010030, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010038, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010048, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010058, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010080, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100B0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100B8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100D8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100E0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100E8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100F0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100F8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010110, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010118, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010120, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010128, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010130, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010138, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010180, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010188, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101B8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101C0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101C8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101D0, this could lead to trouble if syscall estimates do not work


They are defined in the sdk_hbl.S (just match the address and give me the names).
It looks there are many functions missing... some of them might not be critical, but most of them probably are.
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!
Locked

Return to “Vita Half Byte Loader”