PDA

View Full Version : complete manual for g3n0lite v2.0 scripts .GSC



asgaardro
19-03-2004, 12:54 AM
#
# #######################
# PATCH definitions
# #######################
#

[PATCH]
Description = This is just a test
Creator = g3gg0

#
# #######################
# CODE definitions
# #######################
#

[CODE]
name = 2dumdidum
code = 2200EDebd0ef12341234123412341234
bl = 0x00 -> func_1
bl = 0x04 -> n_memset
#
# DATA = <offset> -> <var> <absolute> <allowzero>
# patches the dword at <offset> the the value in <var>
# if <absolute> is Y then no 0x00200000 will be added
# if <allowzero> is Y then g3n0lite wont abort if <var>
# contains the value 0
#
data = 0x08 -> foo_1 Y N
data = 0x0c -> foo_2 Y Y
byte = 0x10 -> foo_3
byte = 0x11 -> foo_4

[CODE]
name = 1dumdidum
code = 2200EDebd0ef12341234123412341234
bl = 0x04 -> n_memset

#
# #######################
# PATTERN definitions
# #######################
#

[PATTERN]
name = n_divide
pattern = b43c17cc40611b09
mask = ffffffffffffffff
searchback = N

[PATTERN]
name = n_divide2
pattern = b43c17cc40611b09
mask = ffffffffffffffff
searchback = N

#
# ###########################
# VARIABLE (pre)definitions
# ###########################
#

[VARS]
n_memset = 0x00001000
n_memcpy = 0x00002000
5e0_function = 0x00002000

#
# #######################
# the execution order
# #######################
#

[SCRIPT]

#
# EXT <var> = <func>
# tries to find specified g3n0lite function in flash, or creates it if none found
# supported functions: own_get_ram, own_set_ram, own_get_config_nibble, own_set_config_nibble
# please do a SPC: an AUT: and a CFG: before
#

#
# AUT
# automatic pattern search, use DMP: to dump all variables
#

#
# DMP
# dump all variables
#

#
# CMP <arg1> <op> <arg2>
# compares arg1 with arg2. these can be variable or value. op can be <, > or =
#

#
# BNE / BEQ <val>
# skip <val> lines if last CMP was TRUE (BEQ) or FALSE (BNE).
# <val> can be negative, -1 jumps to the actual line (endless loop)
#

#
# SKP <val>
# skip <val> lines.
# <val> can be negative, -1 jumps to the actual line (endless loop)
#


#
# CFG
# show up phonetype page and add variables like CFG_SAVERAM
# use dmp: to dump all variables
#
cfg:


#
# 5E0: <var> = <count>
# patches and redirects the 5E0 table and reserves <count> free 5E0 ID's
# the address of the free 5E0 id entries is placed in <var> (not needed)
#
5E0: 5E0_space = 10

#
# A5E: <var> = <dst>
# adds the address in <dst> (variable or hex value) to the 5E0 table
# the result ID is placed in <var> (maybe needed in a function with send_message?)
# if not enough IDs are free, it will abort
#
a5e: foo = 5e0_function

#
# DMP
# dump all variables - for development
#
dmp:


prt: This Script is done by g3gg0 feel free to modify it :)
dlg: baaaah = Please enter some dumbshit value :)||Thank you very much

#
# LOC <var> = <pattern> [NOBREAK]
# searches for the <pattern> and stores offset in <var>
# if NOBREAK is given, it wont break if not found, just sets var to 0
#
loc: func_1 = n_divide
loc: func_2 = n_divide nobreak

#
# Fxx <var> = <addr>
# BL: searches for BL at address
# BR: searches for B at address
# LD: searches for LDR at address
#
# Gxx <var> = <addr>
# BL: gets BL destination from BL at address
# BR: gets B destination from B at address
# LD: gets LDR destination from LDR at address
# ED: gets dword from address (e.g. after GLD)
# EW: gets word from address
# EB: gets byte from address
#
# Sxx <addr> = <var>
# TD: places dword at address
# TW: places word at address
# TB: places byte at address
#
# <addr> can be a value or a variable
#

std: func_2 = 0x00
gew: ttt = func_1
fbl: bl = n_memcpy
fbr: br = func_2
fld: ldr = func_2
gbl: test = bl
gbr: test = br
gld: test = ldr

#
# SPC [<var> =] <bytes>
# searches for <bytes> free space and stores result in <var> if given
# <var> is not needed in any place - just for information
#
spc: free_addr = 1000
spc: 1000

#
# CLC <var1> = <var2> [OP] <var3>
#
# simple calcs.... + - * / % & | ^ ~
# operator NOT (~) doesnt require <var2>
#

clc: foo_1 = n_memset + test
clc: foo_2 = foo_1 - n_memset
clc: foo_3 = n_memcpy + 0x1234
clc: foo_4 = foo_3 - n_memcpy

#
# CRE <var> = <function> [FINDFIRST/<address>]
# creates <function> in the previously found ram area and stores
# its address in <var>
# if FINDFIRST is given, it will first SEARCH for this routine and
# only create it if it was not found
# else is <address> is given, it will create the function at this address (variables allowed)
#
cre: own_func_dumdidum = 2dumdidum
cre: own_func_dumdidum = 2dumdidum findfirst

#
# inj <src> -> <dst>
# inserts a BL to <dst> at offset <src>
#
inj: n_memcpy -> own_func_dumdidum

#
# inf <src> -> <dst> <r_code> <r_data>
# looks for relocateable code at <src> and inserts a BL to <dst>
# at this offset. the relocated code would be placed at <dst>+<r_data>
# and the relocated data (e.g. when LDR gets relocated) at <dst>+<r_code>
#
# this would be an optimal hook function:
#
# push lr
#
# bl @own_hook_call
# nop
# nop
# pop lr
# dd 0
#
# r_code is the first NOP and r_code the DD 0
#
inf: n_memcpy -> own_func_dumdidum 8 8

#
# EXT <var> = <func>
# tries to find specified g3n0lite function in flash, or creates it if none found
# supported functions: own_get_ram, own_set_ram, own_get_config_nibble, own_set_config_nibble
# please do a SPC: an AUT: and a CFG: before
#

hud_nash
19-03-2004, 04:50 AM
nice work sir thanks