[X360 Reversing] Chapter 2: CD patches

<< Previuos Chapter <<

Chapter 2: CD patches



Patch #1
00 00 02 8C 00 00 00 01 48 00 4C 95
Jumps to a custom subroutine located at 0x4F20 (Patch #4).


Patch #2
00 00 05 B4 00 00 00 01 48 00 4C 38 00
Jumps to a custom subroutine located at 0x51EC.


Patch #3
00 00 08 30 00 00 00 01 60 00 00 00
nop a check during CF execution.


Patch #4
00 00 4F 20 00 00 00 DC ...
Custom subroutine, basically it's GliGli's CD with extra stuff.
It asks SMC how the console was turned on and starts kernel or xell.

http://i60.tinypic.com/2vmy9av.jpg

At 0x509C, 0x50BC, 0x51C0 and 0x51DC there are other subcalls used by 0x4F20. They init PCI, regs, SMC and other stuff.

Subroutine at 0x51EC (called by Patch #2) loads from Flash Kernel/HV patches, apllies them and jumps to HV.

Credits:
xeBuild Team
Free60
RGLoader

Published