| 224 |
|
// id = 4711 means "find any ID" |
| 225 |
|
static uint32 find_rom_resource(uint32 s_type, int16 s_id = 4711, bool cont = false) |
| 226 |
|
{ |
| 227 |
< |
uint32 *lp = (uint32 *)(ROMBaseHost + 0x1a); |
| 228 |
< |
uint32 x = ntohl(*lp); |
| 229 |
< |
uint8 *bp = (uint8 *)(ROMBaseHost + x + 5); |
| 230 |
< |
uint32 header_size = *bp; |
| 227 |
> |
uint32 lp = ROM_BASE + 0x1a; |
| 228 |
> |
uint32 x = ReadMacInt32(lp); |
| 229 |
> |
uint32 header_size = ReadMacInt8(ROM_BASE + x + 5); |
| 230 |
|
|
| 231 |
|
if (!cont) |
| 232 |
|
rsrc_ptr = x; |
| 234 |
|
return 0; |
| 235 |
|
|
| 236 |
|
for (;;) { |
| 237 |
< |
lp = (uint32 *)(ROMBaseHost + rsrc_ptr); |
| 238 |
< |
rsrc_ptr = ntohl(*lp); |
| 237 |
> |
lp = ROM_BASE + rsrc_ptr; |
| 238 |
> |
rsrc_ptr = ReadMacInt32(lp); |
| 239 |
|
if (rsrc_ptr == 0) |
| 240 |
|
break; |
| 241 |
|
|
| 242 |
|
rsrc_ptr += header_size; |
| 243 |
|
|
| 244 |
< |
lp = (uint32 *)(ROMBaseHost + rsrc_ptr + 4); |
| 245 |
< |
uint32 data = ntohl(*lp); lp++; |
| 246 |
< |
uint32 type = ntohl(*lp); lp++; |
| 247 |
< |
int16 id = ntohs(*(int16 *)lp); |
| 244 |
> |
lp = ROM_BASE + rsrc_ptr + 4; |
| 245 |
> |
uint32 data = ReadMacInt32(lp); |
| 246 |
> |
uint32 type = ReadMacInt32(lp + 4); |
| 247 |
> |
int16 id = ReadMacInt16(lp + 8); |
| 248 |
|
if (type == s_type && (id == s_id || s_id == 4711)) |
| 249 |
|
return data; |
| 250 |
|
} |
| 258 |
|
|
| 259 |
|
static uint32 find_rom_trap(uint16 trap) |
| 260 |
|
{ |
| 261 |
< |
uint32 *lp = (uint32 *)(ROMBaseHost + 0x22); |
| 263 |
< |
lp = (uint32 *)(ROMBaseHost + ntohl(*lp)); |
| 261 |
> |
uint32 lp = ROM_BASE + ReadMacInt32(ROM_BASE + 0x22); |
| 262 |
|
|
| 263 |
|
if (trap > 0xa800) |
| 264 |
< |
return ntohl(lp[trap & 0x3ff]); |
| 264 |
> |
return ReadMacInt32(lp + 4 * (trap & 0x3ff)); |
| 265 |
|
else |
| 266 |
< |
return ntohl(lp[(trap & 0xff) + 0x400]); |
| 266 |
> |
return ReadMacInt32(lp + 4 * ((trap & 0xff) + 0x400)); |
| 267 |
|
} |
| 268 |
|
|
| 269 |
|
|
| 1437 |
|
*lp++ = htonl(0x91400000 + XLM_IRQ_NEST); // stw r10,XLM_IRQ_NEST |
| 1438 |
|
*lp = htonl(0x48000000 + ((npc - 0x31800c) & 0x03fffffc)); // b ROM_BASE+0x312c2c |
| 1439 |
|
|
| 1440 |
+ |
// Patch FEOA opcode, selector 0x0A (virtual->physical page index) |
| 1441 |
+ |
static const uint8 fe0a_0a_dat[] = {0x55, 0x23, 0xa3, 0x3e, 0x4b}; |
| 1442 |
+ |
if ((base = find_rom_data(0x314000, 0x318000, fe0a_0a_dat, sizeof(fe0a_0a_dat))) == 0) return false; |
| 1443 |
+ |
loc = rom_powerpc_branch_target(base - 8); |
| 1444 |
+ |
static const uint8 fe0a_dat[] = {0x7e, 0x04, 0x48, 0x40, 0x81, 0xe1, 0x06, 0xb0, 0x54, 0x88, 0x10, 0x3a, 0x40, 0x90}; |
| 1445 |
+ |
if (find_rom_data(loc, 0x318000, fe0a_dat, sizeof(fe0a_dat)) != loc) return false; |
| 1446 |
+ |
D(bug("fe0a_0a %08lx\n", base - 8)); |
| 1447 |
+ |
lp = (uint32 *)(ROMBaseHost + base - 8); |
| 1448 |
+ |
*lp++ = htonl(0x7c832378); // mr r3,r4 |
| 1449 |
+ |
*lp++ = htonl(POWERPC_NOP); |
| 1450 |
+ |
*lp = htonl(POWERPC_NOP); |
| 1451 |
+ |
|
| 1452 |
+ |
// Disable FE0A opcode, selector 0x11 (init page tables?) |
| 1453 |
+ |
static const uint8 fe0a_11_dat[] = {0x56, 0x07, 0x06, 0x74, 0x2c, 0x07, 0x00, 0x60, 0x40}; |
| 1454 |
+ |
if ((base = find_rom_data(0x314000, 0x318000, fe0a_11_dat, sizeof(fe0a_11_dat))) == 0) return false; |
| 1455 |
+ |
loc = rom_powerpc_branch_target(base - 4); |
| 1456 |
+ |
if (find_rom_data(0x314000, 0x318000, fe0a_dat, sizeof(fe0a_dat)) != loc) return false; |
| 1457 |
+ |
D(bug("fe0a_11 %08lx\n", base - 4)); |
| 1458 |
+ |
lp = (uint32 *)(ROMBaseHost + base - 4); |
| 1459 |
+ |
*lp++ = htonl(POWERPC_NOP); |
| 1460 |
+ |
*lp++ = htonl(POWERPC_NOP); |
| 1461 |
+ |
*lp++ = htonl(POWERPC_NOP); |
| 1462 |
+ |
*lp = htonl(ntohl(*lp) | 0x02800000); // bf => ba |
| 1463 |
+ |
|
| 1464 |
+ |
// Patch FE0A opcode to fake a page table entry so that V=P for RAM and ROM |
| 1465 |
+ |
static const uint8 pg_lookup_dat[] = {0x7e, 0x0f, 0x40, 0x6e, 0x81, 0xc1, 0x06, 0xa4, 0x7e, 0x00, 0x71, 0x20}; |
| 1466 |
+ |
if ((base = find_rom_data(0x310000, 0x320000, pg_lookup_dat, sizeof(pg_lookup_dat))) == 0) return false; |
| 1467 |
+ |
D(bug("fe0a_pgtb_lookup %08lx\n", base - 12)); |
| 1468 |
+ |
lp = (uint32 *)(ROMBaseHost + base - 12); |
| 1469 |
+ |
if (ntohl(lp[0]) != 0x81e106b0) // lwz r15,$06b0(r1) |
| 1470 |
+ |
return false; |
| 1471 |
+ |
lp[0] = htonl(0x54906026); // slwi r16,r4,12 |
| 1472 |
+ |
lp[3] = htonl(0x62100121); // ori r16,r16,0x121 |
| 1473 |
+ |
|
| 1474 |
+ |
// Patch FE0A opcode to not write to kernel memory |
| 1475 |
+ |
static const uint8 krnl_write_dat[] = {0x38, 0xe0, 0x00, 0x01, 0x7e, 0x10, 0x38, 0x78, 0x92, 0x0f, 0x00, 0x00}; |
| 1476 |
+ |
if ((base = find_rom_data(0x310000, 0x320000, krnl_write_dat, sizeof(krnl_write_dat))) == 0) return false; |
| 1477 |
+ |
D(bug("fe0a_krnl_write %08lx\n", base)); |
| 1478 |
+ |
lp = (uint32 *)(ROMBaseHost + base); |
| 1479 |
+ |
lp[2] = htonl(POWERPC_NOP); |
| 1480 |
+ |
|
| 1481 |
|
/* |
| 1482 |
|
// Disable FE0A/FE06 opcodes |
| 1483 |
|
lp = (uint32 *)(ROM_BASE + 0x3144ac); |
| 1754 |
|
static const uint8 ext_cache_dat[] = {0x4e, 0x7b, 0x00, 0x02}; |
| 1755 |
|
if ((base = find_rom_data(0x1d0, 0x230, ext_cache_dat, sizeof(ext_cache_dat))) == 0) return false; |
| 1756 |
|
D(bug("ext_cache %08lx\n", base)); |
| 1757 |
< |
lp = (uint32 *)(ROMBaseHost + base + 6); |
| 1758 |
< |
wp = (uint16 *)(ROMBaseHost + ntohl(*lp) + base + 6); |
| 1757 |
> |
loc = ReadMacInt32(ROM_BASE + base + 6); |
| 1758 |
> |
wp = (uint16 *)(ROMBaseHost + loc + base + 6); |
| 1759 |
|
*wp = htons(M68K_RTS); |
| 1760 |
< |
lp = (uint32 *)(ROMBaseHost + base + 12); |
| 1761 |
< |
wp = (uint16 *)(ROMBaseHost + ntohl(*lp) + base + 12); |
| 1760 |
> |
loc = ReadMacInt32(ROM_BASE + base + 12); |
| 1761 |
> |
wp = (uint16 *)(ROMBaseHost + loc + base + 12); |
| 1762 |
|
*wp = htons(M68K_RTS); |
| 1763 |
|
|
| 1764 |
|
// Fake CPU speed test (SetupTimeK) |
| 2040 |
|
*lp = htonl(0x38600000); // li r3,0 |
| 2041 |
|
} |
| 2042 |
|
|
| 2043 |
< |
// FIXME: Fake reading from [HpChk]+4 (the callchain reports some function from DriverServicesLib) |
| 2043 |
> |
// Don't read from MacPgm in WipeOutMACPGMINFOProcPtrs (StdCLib) |
| 2044 |
|
if (1) { |
| 2045 |
|
uint32 hpchk_offset = find_rom_resource(FOURCC('n','l','i','b'), 10); |
| 2046 |
|
static const uint8 hpchk_dat[] = {0x80, 0x80, 0x03, 0x16, 0x94, 0x21, 0xff, 0xb0, 0x83, 0xc4, 0x00, 0x04}; |
| 2047 |
|
if ((base = find_rom_data(hpchk_offset, hpchk_offset + 0x3000, hpchk_dat, sizeof(hpchk_dat))) == 0) return false; |
| 2048 |
< |
D(bug("hpchk %08lx\n", base)); |
| 2048 |
> |
D(bug("macpgm %08lx\n", base)); |
| 2049 |
|
lp = (uint32 *)(ROMBaseHost + base); |
| 2050 |
|
*lp = htonl(0x80800000 + XLM_ZERO_PAGE); // lwz r4,(zero page) |
| 2051 |
|
} |
| 2303 |
|
*wp++ = htons(M68K_JMP); |
| 2304 |
|
*wp++ = htons((ROM_BASE + put_scrap) >> 16); |
| 2305 |
|
*wp++ = htons((ROM_BASE + put_scrap) & 0xffff); |
| 2306 |
< |
lp = (uint32 *)(ROMBaseHost + 0x22); |
| 2307 |
< |
lp = (uint32 *)(ROMBaseHost + ntohl(*lp)); |
| 2269 |
< |
lp[0xa9fe & 0x3ff] = htonl(PUT_SCRAP_PATCH_SPACE); |
| 2306 |
> |
base = ROM_BASE + ReadMacInt32(ROM_BASE + 0x22); |
| 2307 |
> |
WriteMacInt32(base + 4 * (0xa9fe & 0x3ff), PUT_SCRAP_PATCH_SPACE); |
| 2308 |
|
|
| 2309 |
|
// Patch GetScrap() for clipboard exchange with host OS |
| 2310 |
|
uint32 get_scrap = find_rom_trap(0xa9fd); // GetScrap() |
| 2313 |
|
*wp++ = htons(M68K_JMP); |
| 2314 |
|
*wp++ = htons((ROM_BASE + get_scrap) >> 16); |
| 2315 |
|
*wp++ = htons((ROM_BASE + get_scrap) & 0xffff); |
| 2316 |
< |
lp = (uint32 *)(ROMBaseHost + 0x22); |
| 2317 |
< |
lp = (uint32 *)(ROMBaseHost + ntohl(*lp)); |
| 2280 |
< |
lp[0xa9fd & 0x3ff] = htonl(GET_SCRAP_PATCH_SPACE); |
| 2316 |
> |
base = ROM_BASE + ReadMacInt32(ROM_BASE + 0x22); |
| 2317 |
> |
WriteMacInt32(base + 4 * (0xa9fd & 0x3ff), GET_SCRAP_PATCH_SPACE); |
| 2318 |
|
|
| 2319 |
|
// Patch SynchIdleTime() |
| 2320 |
|
if (PrefsFindBool("idlewait")) { |
