Need help on hooking

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

Post Reply
Cpasjuste
Posts: 214
Joined: Sun May 29, 2005 8:28 am

Need help on hooking

Post by Cpasjuste »

Hello, i spent i few hours to deal with hooking function's, and i'm having a problem that it seem's i won't be able to solve myself, i really need some help.

I'll try to explain it with my poor english :

I'm hooking an audio function like this and it work fine :

Code: Select all

int sceAudioOutputPannedBlocking_patched(int channel, int leftvol, int rightvol, void *buf)
{
        return 0;
}
	orig_funcs[0] = sctrlHENFindFunction("sceAudio_Driver", "sceAudio", 0x13F592BC);
	sctrlHENPatchSyscall(orig_funcs[0], sceAudioOutputPannedBlocking_patched);
Of course, when this function is called, it return 0, so there is no sound output.
My problem is sometime i want, inside my hooked function, return the original function. I tried something like this :

Code: Select all

int sceAudioOutputPannedBlocking_patched(int channel, int leftvol, int rightvol, void *buf)
{
        return sceAudioOutputPannedBlocking_orig(channel, leftvol, rightvol, buf);
}
	orig_funcs[0] = sctrlHENFindFunction("sceAudio_Driver", "sceAudio", 0x13F592BC);
        sctrlHENPatchSyscall((u32)sceAudioOutputPannedBlocking_orig, (void *)orig_funcs[0]);
	sctrlHENPatchSyscall(orig_funcs[0], sceAudioOutputPannedBlocking_patched);
But it's not working, there is something i must not understand ... maybe it's possible to call a function directly by it's nid ?
Any help would be great, thanks.
Top
Super Sheep
Posts: 31
Joined: Sun Mar 23, 2008 2:16 am
Contact:
Contact Super Sheep

Post by Super Sheep »

Just call the function normally (sceAudioOutputPannedBlocking). That should work assuming you aren't in usermode.
Top
Cpasjuste
Posts: 214
Joined: Sun May 29, 2005 8:28 am

Post by Cpasjuste »

Thanks for the help SuperSheep.

I tried that but i get an error depending on how i'm returning the buffer, maybe i'm doing someting wrong.

I get a "Reserved instruction" exception or a "Bus error (instr)" exception.
Maybe the problem is i'm hooking an usermode function from a kernel module.
Top
Super Sheep
Posts: 31
Joined: Sun Mar 23, 2008 2:16 am
Contact:
Contact Super Sheep

Post by Super Sheep »

Are you sure its usermode? Not just a kernel mode function being called from usermode?
Top
Cpasjuste
Posts: 214
Joined: Sun May 29, 2005 8:28 am

Post by Cpasjuste »

No i'm not sure, but since i can hook it from a kernel module does it mean it's a kernel function?

The hook is successfull, when the hooked function is called, the sound is off because i'm returning 0. The only problem is when i try to call the original function in my hooked function :/
Top
hlide
Posts: 739
Joined: Sun Sep 10, 2006 2:31 am

Post by hlide »

Cpasjuste wrote:No i'm not sure, but since i can hook it from a kernel module does it mean it's a kernel function?

The hook is successfull, when the hooked function is called, the sound is off because i'm returning 0. The only problem is when i try to call the original function in my hooked function :/
if your hooked function has an address like 0x8XXXXXXX, it's a kernel function and probably points out on the real function or on the stub function "J real_function; NOP". If not, it may indeed point on the sycall stub (but i won't see why).

Now, what does sctrlHENPatchSyscall ?
- tries to find the syscall entry referencing the old function address and patches it so it can call the new function instead ? if so, trying the first sctrlHENPatchSyscall on sceAudioOutputPannedBlocking_orig cannot work.
- replaces the two first instructions of sceAudioOutputPannedBlocking with "SYSCALL ID; JR $RA" ? it makes no sense.
- replaces the two first instructions of sceAudioOutputPannedBlocking syscall stub with "J new_func; NOP" ? if so, you need a function address which has a syscall stub to patch it : patching sceAudioOutputPannedBlocking_orig cannot work.

maybe it's something else...

First, be sure sctrlHENFindFunction returns the real address of the function (kernel address). If so, just use sctrlHENPatchSyscall to patch its stub entry with sceAudioOutputPannedBlocking_patched. If you want sceAudioOutputPannedBlocking_orig to call the real function :

Code: Select all

typdef int (*sceAudioOutputPannedBlocking_orig_t)(int channel, int leftvol, int rightvol, void *buf);
static sceAudioOutputPannedBlocking_orig_t sceAudioOutputPannedBlocking_orig;
int sceAudioOutputPannedBlocking_patched(int channel, int leftvol, int rightvol, void *buf) 
{ 
        return sceAudioOutputPannedBlocking_orig(channel, leftvol, rightvol, buf); 
} 
...
sceAudioOutputPannedBlocking_orig = (sceAudioOutputPannedBlocking_orig_t)sctrlHENFindFunction("sceAudio_Driver", "sceAudio", 0x13F592BC);
sctrlHENPatchSyscall((u32)sceAudioOutputPannedBlocking_orig, sceAudioOutputPannedBlocking_patched);
if sctrlHENFindFunction returns a stub entry like "J real_func; NOP", you need to extract real_func this way :

Code: Select all

typdef int (*sceAudioOutputPannedBlocking_orig_t)(int channel, int leftvol, int rightvol, void *buf);
static sceAudioOutputPannedBlocking_orig_t sceAudioOutputPannedBlocking_orig;
int sceAudioOutputPannedBlocking_patched(int channel, int leftvol, int rightvol, void *buf) 
{ 
        return sceAudioOutputPannedBlocking_orig(channel, leftvol, rightvol, buf); 
} 
...
int *stub = (int *)sctrlHENFindFunction("sceAudio_Driver", "sceAudio", 0x13F592BC);
sceAudioOutputPannedBlocking_orig = &#40;sceAudioOutputPannedBlocking_orig *&#41;&#40;0x80000000|&#40;&#40;*stub << 2&#41; & 0x0FFFFFFF&#41;&#41;;
sctrlHENPatchSyscall&#40;&#40;u32&#41;stub, sceAudioOutputPannedBlocking_patched&#41;;
well, I guess you need to be creative :)
Top
moonlight
Posts: 567
Joined: Wed Oct 26, 2005 7:46 pm

Post by moonlight »

sctrlHENFindFunction returns the exact original address.
Top
Post Reply

Return to “PSP Development”