@@ -240,31 +240,42 @@ u32 pspXploitFindTextAddrByName(const char *modulename)
240240
241241u32 pspXploitFindFunction (const char * module , const char * library , u32 nid )
242242{
243- u32 addr = pspXploitFindTextAddrByName (module );
243+ //u32 addr = pspXploitFindTextAddrByName(module);
244+ SceModule * mod = (SceModule * )pspXploitFindModuleByName (module );
244245
245- if (addr ) {
246- u32 maxaddr = 0x88400000 ;
247- for (; addr < maxaddr ; addr += 4 ) {
248- if (strcmp (library , (const char * )addr ) == 0 ) {
246+ if (mod ) {
247+ // Fetch Export Table Start Address
248+ void * entTab = mod -> ent_top ;
249+
250+ // Iterate Exports
251+ for (int i = 0 ; i < mod -> ent_size ;)
252+ {
253+ // Cast Export Table Entry
254+ struct SceLibraryEntryTable * entry = (struct SceLibraryEntryTable * )(entTab + i );
255+
256+ // Found Matching Library
257+ if (entry -> libname != NULL && 0 == strcmp (entry -> libname , library ))
258+ {
259+ // Accumulate Function and Variable Exports
260+ unsigned int total = entry -> stubcount + entry -> vstubcount ;
249261
250- u32 libaddr = addr ;
251-
252- while (* (u32 * )(addr -= 4 ) != libaddr );
253-
254- u32 exports = (u32 )(* (u16 * )(addr + 10 ) + * (u8 * )(addr + 9 ));
255- u32 jump = exports * 4 ;
256-
257- addr = * (u32 * )(addr + 12 );
258-
259- while (exports -- ) {
260- if (* (u32 * )addr == nid ){
261- return * (u32 * )(addr + jump );
262+ // NID + Address Table
263+ unsigned int * vars = entry -> entrytable ;
264+
265+ // Exports available
266+ if (total > 0 )
267+ {
268+ // Iterate Exports
269+ for (int j = 0 ; j < total ; j ++ )
270+ {
271+ // Found Matching NID
272+ if (vars [j ] == nid ) return vars [total + j ];
262273 }
263- addr += 4 ;
264274 }
265-
266- return 0 ;
267275 }
276+
277+ // Move Pointer
278+ i += (entry -> len * 4 );
268279 }
269280 }
270281 return 0 ;
@@ -357,64 +368,6 @@ void pspXploitPatchAccurateError(u32 text_addr, u32 text_size, u16 error)
357368 }
358369}
359370
360- // qwikrazor87's trick to get any usermode import from kernel
361- u32 pspXploitResolveImport (char * lib , u32 nid , u32 version ){
362-
363- u32 ret = 0x08800E00 ;
364-
365- while (* (u32 * )ret )
366- ret += 8 ;
367-
368- memset ((void * )0x08800D00 , 0 , 8 );
369-
370- pspXploitOpenP5 (PSP_UTILITY_SAVEDATA_AUTOLOAD );
371-
372- u32 addr ;
373- for (addr = 0x08400000 ; addr < 0x08800000 ; addr += 4 ) {
374- if (strcmp ("sceVshSDAuto_Module" , (char * )addr ) == 0 )
375- break ;
376- }
377-
378- pspXploitCloseP5 ();
379-
380- addr -= 0xBC ;
381- * (u32 * )0x08800C00 = nid ;
382-
383- int qwik_trick ()
384- {
385- sceKernelDelayThread (350 );
386- u32 timer = 0 ;
387-
388- while (!* (u32 * )0x08800D00 && (timer ++ < 600 )) {
389- _sw ((u32 )lib , addr );
390- _sw (version , addr + 4 );
391- _sw (0x00010005 , addr + 8 );
392- _sw (0x08800C00 , addr + 12 );
393- _sw (0x08800D00 , addr + 16 );
394-
395- sceKernelDelayThread (0 );
396- }
397-
398- sceKernelExitThread (0 );
399- return 0 ;
400- }
401-
402- SceUID qwiktrick = sceKernelCreateThread ("qwiktrick" , qwik_trick , 8 , 512 , THREAD_ATTR_USER , NULL );
403- sceKernelStartThread (qwiktrick , 0 , NULL );
404-
405- pspXploitOpenP5 (PSP_UTILITY_SAVEDATA_AUTOLOAD );
406-
407- memcpy ((void * )ret , (const void * )0x08800D00 , 8 );
408-
409- _flush_cache ();
410-
411- pspXploitCloseP5 ();
412-
413- sceKernelDeleteThread (qwiktrick );
414-
415- return ret ;
416- }
417-
418371int pspXploitIsKernel (){
419372 u32 ra ;
420373 __asm__ volatile ("move %0, $ra;" : "=r" (ra ));
0 commit comments