Jump to navigation
Jump to search
[[3DS_System_Flaws#Kernel11|memchunkhax2]] was fixed by reading the [[MemoryBlockHeader]] next pointer before it is mapped to userland.
The only updated FIRM sysmodules were fs and loader, for fs only a version-field in .code was updated used with a debug NOP-instruction.
====loader====The loader process .text was previously 0x331C-bytes, it's now 0x36F0-bytes . All code changes: * Some code using svcGetSystemTick was added, this appears to be debug code that wasn't disabled(the output from this is never used). * L_140022b8(L_14002234 in previous loader version): This is the function which calls L_140025f0. Code was added between the code which loads the memregion value from exheader, and the func call for mapping it(L_140025f0). This new code determines what to pass for the L_140025f0 insp4 flag. By default the value passed for that flag is 0. ** When the process memregion is APPLICATION, the programID is for a CTR title, and the uniqueid matches the eShop system-application(''all'' regions including CHN), the flag is set to 1. ** When the process memregion is SYSTEM, the flag is set to 1 when the reslimit_category is not LIB_APPLET. * L_140025f0(L_140024e4 in previous loader version) now calls another function(L_14002670) instead of svcControlMemory directly, for mapping the codebin memory. The insp4 flag from the L_140025f0 input is passed to L_14002670 as sp0. * L_14002670: New function used for mapping the codebin. When the insp0 flag is zero, this does the normal memory-mapping, otherwise a special memory-mapping codepath is used. This codepath still uses the same memregion specified in the exheader.