Release MultiMAN 04.20.03 UPD Released

storm shadow · Mar 4, 2013

multiMAN 04.20.03 update is available online and in the WEB column.

multiMAN ver 04.20.03 UPD (20130303).zip (7.97MB)
http://www.sendspace.com/file/at0tkc

* Added support for 4.30DEX CFW (REBUG) (TBA)
* Added support for PS1 BIN+CUE (using ps1_emu/netemu) for 3.55DEX, 4.21DEX and 4.30DEX

* Added DynaRec support: New option in Settings "Enable DYNAREC"
* DYNAREC support for 3.55CEX/DEX, 4.21CEX/DEX, 4.30CEX/DEX, 4.31CEX
* Fixed few minor issues in 4x2 and 8x4 modes (refreshing the game title when insert/ejecting a PS3 game disc)
* Fixed a very rare bug in mmOS when icon names/texts are getting corrupted
Click to expand...

DYNAREC support tested on 4.21REX and 4.30ROGERO with ps3sx_Beta.pkg which is enough to assume that the implementation is proper. Thanks to Ing. Pereira for the htab info and PeteUK for the testing. All offsets can be found in my source below so Ing. Pereira can port his app for other firmwares, too. Also there is an easier way to detect all CFW firmwares and I posted about it at the end of this post.

=============================================

Here is a slightly modified PS3SX:
* You can install it on any mM supported firmware (3.55CEX/DEX, 4.21CEX/DEX, 4.30CEX/DEX, 4.31CEX)
* The configuration file is USRDIR/CF.ini
* Comes with bios and all paths set properly where the default ROM path is /dev_hdd0/PSXISO
* EBOOT.BIN calls RELOAD.SELF so you can boot PS3SX directly from multiMAN
* It has VERY POOR compatibility but shows that dynarec is working on all firmwares.
Click to expand...

PS3SX [BETA].pkg (5.95MB)
http://www.sendspace.com/file/h0dsht

You can enable DynaRec in mM's settings and directly load PS3SX from mM's GAME column. Thanks to aldostools for the cover. Developers can use this dynarec option in mM if they wish to test their apps in this environment.

=============================================
The implementation in mM is different than IngPereira's approach, because it doesn't use the 0x700000 area for the payload and the patches, there are no issues with PKG files and works on all firmwares. Still the kammy data for the hvsc redirections is used, but dynarec's usage is greatly simplified by an "On/Off" option in mM.

I'm just saying this because some morons will go again with their idiotic comments about copy/pasting. Parts of the mM code is here, along with info how to make it work on all firmwares.
Click to expand...

Dean

It is as simple as that:
Click to expand...

Code (C):

/* (c) 2010-2013 multiMAN, Dynarec Enabler
(c) 2013 Ing Pereira
*/
#define HTAB_BASE 0x800000000f000000ULL

#define HTAB_LV2_START_421 (0x01000000ULL)
#define HTAB_LV2_START_421D (0x08000000ULL)
#define HTAB_LV2_START_430 (0x01000000ULL)

// base_addr = address of mM's payload
// base_addr + 0x100 = address of htab payload

void dynarec_payload()
{
u64 base_addr=0;
u64 patch_htab1=0;
u64 patch_htab2=0;
u64 patch_htab3=0;
HTAB_LV2_START=0;

if(c_firmware==3.55f && !dex_mode)
{
base_addr=0x2BE0D0;
patch_htab1=0x59944;
patch_htab2=0x5A37C;
patch_htab3=0x5A844;
}
else if(c_firmware==3.55f && dex_mode)
{
base_addr=0x2D5B20;
patch_htab1=0x5D230;
patch_htab2=0x5DC68;
patch_htab3=0x5E130;
}
else if(c_firmware==4.21f && !dex_mode)
{
base_addr=0x2D0C98;
patch_htab1=0x5CCA4;
patch_htab2=0x5D6DC; //+A38
patch_htab3=0x5DBA4; //+4C8

}
else if(c_firmware==4.21f && dex_mode)
{
base_addr=0x2EB418;
patch_htab1=0x605BC;
patch_htab2=0x60FF4;
patch_htab3=0x614BC;
}
else if(c_firmware==4.30f && !dex_mode)
{
base_addr=0x2D2418; //0x6ff000; to test htab
patch_htab1=0x5CDF4;
patch_htab2=0x5D82C;
patch_htab3=0x5DCF4;
}
else if(c_firmware==4.30f && dex_mode)
{
base_addr=0x2ECB48;
patch_htab1=0x6070C;
patch_htab2=0x61144;
patch_htab3=0x6160C;
}
else if(c_firmware==4.31f && !dex_mode)
{
base_addr=0x2D2428;
patch_htab1=0x5CDF8;
patch_htab2=0x5D830;
patch_htab3=0x5DCF8;
}
else return;

base_addr|=0x8000000000000000ULL;
patch_htab1|=0x8000000000000000ULL;
patch_htab2|=0x8000000000000000ULL;
patch_htab3|=0x8000000000000000ULL;

if(patch_htab1 && HTAB_LV2_START)
{

Lv2Syscall2(7, base_addr + 0x100, 0x7C0802A6F8010010ULL);
Lv2Syscall2(7, base_addr + 0x108, 0xF821FF81F8410070ULL);
Lv2Syscall2(7, base_addr + 0x110, 0x3C40800060420000ULL);

Lv2Syscall2(7, base_addr + 0x118, 0x784207C664420000ULL | ( ((base_addr+0x198)>>16)&0xFFFF) );
Lv2Syscall2(7, base_addr + 0x120, 0x60420000E8020000ULL | ( ((base_addr+0x198))&0xFFFF)<<32 );

Lv2Syscall2(7, base_addr + 0x128, 0xE84200087C0903A6ULL);
Lv2Syscall2(7, base_addr + 0x130, 0x4E800421E8410070ULL);

Lv2Syscall2(7, base_addr + 0x138, 0x38210080E8010010ULL);// BCTR <htab_write_caller> desc
Lv2Syscall2(7, base_addr + 0x140, 0x7C0803A64E800020ULL);
Lv2Syscall2(7, base_addr + 0x148, 0x78C607647C0802A6ULL);// <htab_write_caller>
Lv2Syscall2(7, base_addr + 0x150, 0xF801001060C60002ULL);
Lv2Syscall2(7, base_addr + 0x158, 0xF821FF914800001DULL);// -> BL <lv1_write_htab>
Lv2Syscall2(7, base_addr + 0x160, 0x6000000038210070ULL);
Lv2Syscall2(7, base_addr + 0x168, 0x7C6307B4E8010010ULL);
Lv2Syscall2(7, base_addr + 0x170, 0x7C0803A64E800020ULL);
Lv2Syscall2(7, base_addr + 0x178, 0x7C0802A6F8010010ULL);// <lv1_write_htab>
Lv2Syscall2(7, base_addr + 0x180, 0x3960000144000022ULL);
Lv2Syscall2(7, base_addr + 0x188, 0x7C6307B4E8010010ULL);
Lv2Syscall2(7, base_addr + 0x190, 0x7C0803A64E800020ULL);
Lv2Syscall2(7, base_addr + 0x198, (base_addr + 0x148)); // htab _Custom call desc
Lv2Syscall2(7, base_addr + 0x1A0, 0x8000000000700000ULL);

/* enable full r/w/x access */
uint64_t pte0, pte1;

/* process entire lv2 */
for (int i = 0; i < 128; i++)
{
/* read the old value */
pte0 = Lv2Syscall1(6, HTAB_BASE | (i << 7));
pte1 = Lv2Syscall1(6, HTAB_BASE | (i << 7) + 8);

/* verify entry is lv2 */
if ((pte1 >= HTAB_LV2_START) && (pte1 < (HTAB_LV2_START+0x800000ULL)))
{
/* patch proper htab settings */
lv1_write_htab_entry(0, i << 3, pte0, (pte1 & 0xff0000) | 0x190);
}
}

Lv2Syscall2(7, patch_htab1, (0x480000012C230000ULL) | ( ((base_addr+0x100-patch_htab1)&0xFFFFFF)<<32) );
Lv2Syscall2(7, patch_htab2, (0x480000012C230000ULL) | ( ((base_addr+0x100-patch_htab2)&0xFFFFFF)<<32) );
Lv2Syscall2(7, patch_htab3, (0x480000012C230000ULL) | ( ((base_addr+0x100-patch_htab3)&0xFFFFFF)<<32) );
}
}

Code (C):

...
u64 CEX=0x4345580000000000ULL;
u64 DEX=0x4445580000000000ULL;

if(peekq(0x80000000002E79C8ULL)==DEX) {dex_mode=2; c_firmware=3.41f;}
else
if(peekq(0x80000000002CFF98ULL)==CEX) {dex_mode=0; c_firmware=3.41f;}
else
if(peekq(0x80000000002EFE20ULL)==DEX) {dex_mode=2; c_firmware=3.55f;}
else
if(peekq(0x80000000002D83D0ULL)==CEX) {dex_mode=0; c_firmware=3.55f;}
else
if(peekq(0x8000000000302D88ULL)==DEX) {dex_mode=2; c_firmware=4.21f;}
else
if(peekq(0x80000000002E8610ULL)==CEX) {dex_mode=0; c_firmware=4.21f;}
else
if(peekq(0x80000000002E9F08ULL)==CEX) {dex_mode=0; c_firmware=4.30f;}
else
if(peekq(0x8000000000304630ULL)==DEX) {dex_mode=2; c_firmware=4.30f;}
else
if(peekq(0x80000000002E9F18ULL)==CEX) {dex_mode=0; c_firmware=4.31f;}
else
// unknown fw...

In IDA for 4.30CEX where:

base_addr=0x2D2418 which makes the payload go at base_addr+0x100 -> 0x2D2518:

Code (C):

ROM:002D2518 # =============== S U B R O U T I N E =======================================
ROM:002D2518
ROM:002D2518
ROM:002D2518 sub_2D2518: # CODE XREF: sub_5C9D4+420p
ROM:002D2518 # sub_5D590+29Cp
ROM:002D2518
ROM:002D2518 .set var_10, -0x10
ROM:002D2518 .set arg_10, 0x10
ROM:002D2518
ROM:002D2518 mflr r0
ROM:002D251C std r0, arg_10(r1)
ROM:002D2520 stdu r1, -0x80(r1)
ROM:002D2524 std r2, 0x80+var_10(r1)
ROM:002D2528 lis r2, -0x8000
ROM:002D252C mr r2, r2
ROM:002D2530 sldi r2, r2, 32
ROM:002D2534 oris r2, r2, 0x2D
ROM:002D2538 ori r2, r2, 0x25B0
ROM:002D253C ld r0, 0(r2)
ROM:002D2540 ld r2, 8(r2)
ROM:002D2544 mtctr r0
ROM:002D2548 bctrl
ROM:002D254C ld r2, 0x80+var_10(r1)
ROM:002D2550 addi r1, r1, 0x80
ROM:002D2554 ld r0, arg_10(r1)
ROM:002D2558 mtlr r0
ROM:002D255C blr
ROM:002D255C # End of function sub_2D2518
ROM:002D255C
ROM:002D2560 # ---------------------------------------------------------------------------
ROM:002D2560
ROM:002D2560 loc_2D2560: # DATA XREF: ROM:002D25B4o
ROM:002D2560 clrrdi r6, r6, 2
ROM:002D2564 mflr r0
ROM:002D2568 std r0, 0x10(r1)
ROM:002D256C ori r6, r6, 2
ROM:002D2570 stdu r1, -0x70(r1)
ROM:002D2574 bl sub_2D2590
ROM:002D2578 nop
ROM:002D257C addi r1, r1, 0x70
ROM:002D2580 extsw r3, r3
ROM:002D2584 ld r0, 0x10(r1)
ROM:002D2588 mtlr r0
ROM:002D258C blr
ROM:002D2590
ROM:002D2590 # =============== S U B R O U T I N E =======================================
ROM:002D2590
ROM:002D2590
ROM:002D2590 sub_2D2590: # CODE XREF: ROM:002D2574p
ROM:002D2590
ROM:002D2590 .set arg_10, 0x10
ROM:002D2590
ROM:002D2590 mflr r0
ROM:002D2594 std r0, arg_10(r1)
ROM:002D2598 li r11, 1
ROM:002D259C hvsc # hvsc(1): lv1_write_htab_entry
ROM:002D25A0 extsw r3, r3
ROM:002D25A4 ld r0, arg_10(r1)
ROM:002D25A8 mtlr r0
ROM:002D25AC blr
ROM:002D25AC # End of function sub_2D2590
ROM:002D25AC
ROM:002D25AC # ---------------------------------------------------------------------------
ROM:002D25B0 .long 0x80000000
ROM:002D25B4 .long loc_2D2560
ROM:002D25B8 .long 0x80000000
ROM:002D25BC .long unk_700000

Code (C):

002D2518 7C 08 02 A6 F8 01 00 10 F8 21 FF 81 F8 41 00 70
002D2528 3C 40 80 00 60 42 00 00 78 42 07 C6 64 42 00 2D
002D2538 60 42 25 B0 E8 02 00 00 E8 42 00 08 7C 09 03 A6
002D2548 4E 80 04 21 E8 41 00 70 38 21 00 80 E8 01 00 10
002D2558 7C 08 03 A6 4E 80 00 20 78 C6 07 64 7C 08 02 A6
002D2568 F8 01 00 10 60 C6 00 02 F8 21 FF 91 48 00 00 1D
002D2578 60 00 00 00 38 21 00 70 7C 63 07 B4 E8 01 00 10
002D2588 7C 08 03 A6 4E 80 00 20 7C 08 02 A6 F8 01 00 10
002D2598 39 60 00 01 44 00 00 22 7C 63 07 B4 E8 01 00 10
002D25A8 7C 08 03 A6 4E 80 00 20 80 00 00 00 00 2D 25 60
002D25B8 80 00 00 00 00 70 00 00

Want to Join Us ?

Release MultiMAN 04.20.03 UPD Released

Share This Page

Techbliss Owner Admin Ida Pro Expert Developer

Want to Join Us ?

Release MultiMAN 04.20.03 UPD Released

Share This Page

Techbliss Owner Admin Ida Pro Expert Developer

Useful Searches