Memory in mem2 above 93400000?

hetoan2 · December 22, 2010, 11:42:41 PM

So I was hacking call of duty black ops and I came across this oddity.

When I did a breakpoint on the address it said that it was loading the value from 935B80C0

The instruction was actually: lwz r0,40(r31)

r31 contained 935B8080

and it consistently pulled out a value of 708 for one gun, and F3C for another. I tried to view the memory even with search protection off, but it wasn't there.

I know that there must be some memory there, just I can't get to it. ._.

Also ram writes dont work, i.e.

Code Select


42000000 92000000
055B80C0 00000000
E0000000 80008000

but yea whats up with that? I dont want to use ASM to achieve a ram write, but eh.

Any reasons as to why?

James0x57 · December 23, 2010, 04:08:17 AM

Is it blank in the uncached area for that memory? (I don't remember the range off-hand)

megazig · December 23, 2010, 04:22:05 AM

memory above 0x93400000 is often thought of as reserved for ARM.

you can check the Arenas though to see what the actual top range available is. PPC will be able to read up to there. past that should have been marked off by ARM as innaccessible by the PPC. though, with MEMPROT you can enable reading of the whole range

giantpune · December 27, 2010, 08:51:38 AM

you can start the game without the debugger and geckoDotNet running, but instead enable the fwrite patch and have a terminal/geckoreader or similar running. it will give you some of the game's official debug output....

Code Select


<< RVL_SDK - EXI 	release build: Sep  7 2006 07:16:20 (0x4200_60422) >>
<< RVL_SDK - SI 	release build: Sep  7 2006 07:20:53 (0x4200_60422) >>

Revolution OS
Kernel built : Sep 21 2006 14:32:13
Console Type : Emulation platform (10000002)
Firmware     : 9.255.255 (3/3/2016)
Memory 88 MB
MEM1 Arena : 0x80550c00 - 0x817e78e0
MEM2 Arena : 0x90000800 - 0x933e0000
<< RVL_SDK - OS 	release build: Sep 21 2006 14:32:13 (0x4200_60422) >>
<< RVL_SDK - SC 	release build: Sep  7 2006 07:22:06 (0x4200_60422) >>
<< RVL_SDK - NAND 	release build: Sep 22 2006 02:01:36 (0x4200_60422) >>
<< RVL_SDK - DVD 	release build: Sep 28 2006 18:57:56 (0x4200_60422) >>
original arenaLo = 0x90000800 arenaHi = 0x933e0000
original arenaLo = 0x80550c18 arenaHi = 0x817e78e0
ARInit : Dummy ARAM enabled (RVL), area 0x90000000 -> 0x91100000 (size 0x1100000)
<< RVL_SDK - VI 	release build: Sep 26 2006 17:27:57 (0x4200_60422) >>
<< RVL_SDK - GX 	release build: Sep  7 2006 18:30:54 (0x4200_60422) >>
<< RVL_SDK - PAD 	release build: Sep  7 2006 07:20:50 (0x4200_60422) >>
<< RVL_SDK - CARD 	release build: Sep  7 2006 18:26:19 (0x4200_60422) >>
<< RVL_SDK - DSP 	release build: Sep 20 2006 22:25:51 (0x4200_60422) >>
<< RVL_SDK - WPAD 	release build: Oct  3 2006 03:58:38 (0x4200_60422) >>
<< RVL_SDK - KPAD 	release build: Oct  4 2006 11:56:50 (0x4199_60726) >>
setupAramHeap 4000, 4000, b00000
<< RVL_SDK - AI 	release build: Sep  7 2006 18:26:03 (0x4200_60422) >>
DSP InitCallback 
D-Wait end
Table Setup
Finish 1

there you can see the "MEM2 Arena : 0x90000800 - 0x933e0000". just do this for your game and see what it says.

hetoan2 · December 27, 2010, 01:38:03 PM

I know for a fact that it's over the normal mem2 area, what I'm asking is how can i read/write to it?

If you want a log here it is: http://pastie.org/private/auqhgu2xshbqrkn497pyw

but what i was asking is how can I read this memory? I know i cant write with a codetype, but assembly really isn't a big deal.

BTW it goes until 935E0000

megazig · December 27, 2010, 07:40:49 PM

you can remove MEMPROT

you need an IOS exploit or AHBPROT from the launcher. then you patch IOS to remove memory protection

WiiRd forum

News:

Memory in mem2 above 93400000?

hetoan2

James0x57

megazig

giantpune

hetoan2

megazig