Main patch system.
More...
|
| int | patches_init (void) |
| | Initializes the patch system. More...
|
| |
| void | patches_deinit (void) |
| | Cleans up the patch system. More...
|
| |
| void | cache_flush (SceUID pid, uintptr_t vma, size_t len) |
| | Flush L1 and L2 cache for an address. More...
|
| |
| int | tai_memcpy_to_kernel (SceUID src_pid, void *dst, const char *src, size_t size) |
| | Memcpy from a process to kernel. More...
|
| |
| SceUID | tai_hook_func_abs (tai_hook_ref_t *p_hook, SceUID pid, void *dest_func, const void *hook_func) |
| | Inserts a hook given an absolute address and PID of the function. More...
|
| |
| int | tai_hook_release (SceUID uid, tai_hook_ref_t hook_ref) |
| | Removes a hook and restores original function if chain is empty. More...
|
| |
| SceUID | tai_inject_abs (SceUID pid, void *dest, const void *src, size_t size) |
| | Inserts a raw data injection given an absolute address and PID of the address space. More...
|
| |
| int | tai_inject_release (SceUID uid) |
| | Removes an injection and restores the original data. More...
|
| |
| int | tai_try_cleanup_process (SceUID pid) |
| | Called on process exist to force remove private hooks. More...
|
| |
Main patch system.
Modify read-only and executable memory
There are two kinds of patches. Injections are raw modifications to any memory address (including read-only) memory. Once an injection is inserted, nobody else can inject that memory address for that process. The original data is saved and when the injection is released, the it is written back. Hooks are handled by substitute and one function can have multiple hooks chained together. This allows many plugins to hook the same function. Function hooks allow the plugin to run any code before and after a function is called.
§ tai_patch_type_t
§ cache_flush()
| void cache_flush |
( |
SceUID |
pid, |
|
|
uintptr_t |
vma, |
|
|
size_t |
len |
|
) |
| |
Flush L1 and L2 cache for an address.
For thread safety, interrupts may be disabled for the duration of this call. That plus the act of cache flushing itself makes this an expensive operation.
- Parameters
-
| [in] | pid | The pid |
| [in] | vma | The vma |
| [in] | len | The length |
Definition at line 170 of file patches.c.
§ patches_deinit()
| void patches_deinit |
( |
void |
| ) |
|
Cleans up the patch system.
Should be called before exit.
Definition at line 125 of file patches.c.
§ patches_init()
| int patches_init |
( |
void |
| ) |
|
Initializes the patch system.
Requires proc_map_init to be called first! Should be called on startup.
- Returns
- Zero on success, < 0 on error
Definition at line 90 of file patches.c.
§ tai_hook_func_abs()
| SceUID tai_hook_func_abs |
( |
tai_hook_ref_t * |
p_hook, |
|
|
SceUID |
pid, |
|
|
void * |
dest_func, |
|
|
const void * |
hook_func |
|
) |
| |
Inserts a hook given an absolute address and PID of the function.
- Parameters
-
| [out] | p_hook | Outputs a reference object if successful |
| [in] | pid | PID of the address space to hook |
| dest_func | The destination function |
| [in] | hook_func | The hook function |
- Returns
- UID for the hook on success, < 0 on error
Definition at line 498 of file patches.c.
§ tai_hook_release()
Removes a hook and restores original function if chain is empty.
- Parameters
-
| [in] | uid | The uid reference |
| [in] | hook_ref | The hook |
- Returns
- Zero on success, < 0 on error
Definition at line 595 of file patches.c.
§ tai_inject_abs()
| SceUID tai_inject_abs |
( |
SceUID |
pid, |
|
|
void * |
dest, |
|
|
const void * |
src, |
|
|
size_t |
size |
|
) |
| |
Inserts a raw data injection given an absolute address and PID of the address space.
- Parameters
-
| [in] | pid | The pid of the src and dest pointers address space |
| dest | The destination |
| [in] | src | The source |
| [in] | size | The size |
- Returns
- UID for the injection on success, < 0 on error
- TAI_ERROR_PATCH_EXISTS if a hook or injection is already inserted
Definition at line 646 of file patches.c.
§ tai_inject_release()
| int tai_inject_release |
( |
SceUID |
uid | ) |
|
Removes an injection and restores the original data.
- Parameters
-
- Returns
- Zero on success, < 0 on error
Definition at line 710 of file patches.c.
§ tai_memcpy_to_kernel()
| int tai_memcpy_to_kernel |
( |
SceUID |
src_pid, |
|
|
void * |
dst, |
|
|
const char * |
src, |
|
|
size_t |
size |
|
) |
| |
Memcpy from a process to kernel.
- Parameters
-
| [in] | src_pid | The source process (can be kernel) |
| dst | The target address |
| [in] | src | The source |
| [in] | size | The size |
- Returns
- Zero on success, < 0 on error
Definition at line 364 of file patches.c.
§ tai_try_cleanup_process()
| int tai_try_cleanup_process |
( |
SceUID |
pid | ) |
|
Called on process exist to force remove private hooks.
It is the caller's responsibilty to clean up before it terminates! However in the case where that doesn't happen, we try to salvage the situation by manually freeing all patches for a PID. This is a dirty free that does not attempt to write back the original data, so it should only be used at process termination. THIS NOT NOTE FREE PUBLIC HOOKS! There is no free way of keeping track of which PIDs have handles to a public hook internally, so we assume that public hooks stay resident forever unless the release call is made by the caller.
- Parameters
-
- Returns
- Zero always
Definition at line 765 of file patches.c.
