Print

[xman954]

FOR USE WITH UXE (1994752)

added fan speed and orange led
just make sure it points to your boot file (NKpatcher or PBL)
boots C:\default.xbe as is

CODE

;;;
;;; Compile:   nasm -o ernie.xtf ernie.asm
;;;

  BITS 32


header:   
  db 'XTF0'
  dd 32
  db 'xbox'
  times 32-4 db 0
.data1len:   jmp short shellcode
  dw 10h
  dd 0
.data2num:   dd 100000h
  dd 0


shellcode:
   jmp   near start
   

  align 4, db 0

kexports:   
HalReturnToFirmware  dd 49
HalWriteSMBusValue  dd 50
LaunchDataPage     dd 164
MmAllocateContiguousMemory   dd 165
MmPersistContiguousMemory   dd 178
XePublicKeyData     dd 355
KeQuerySystemTime  dd 128
NtSetSystemTime     dd 228
RtlTimeFieldsToTime  dd 304
    dd 0


mintimefields   dw 2005   ; Year
  dw 5   ; Month
  dw 3   ; Day
  dw 0   ; Hour
  dw 0   ; Minute
  dw 0   ; Second
  dw 0   ; Milliseconds
  dw 0   ; Weekday (ignored)

maxtimefields   dw 2019   ; Year
  dw 6   ; Month
  dw 6   ; Day
  dw 0   ; Hour
  dw 0   ; Minute
  dw 0   ; Second
  dw 0   ; Milliseconds
  dw 0   ; Weekday (ignored)


xbestr  db '\Device\Harddisk0\Partition2;default.xbe',0
  times 11 db 0
XBESTRLEN   equ $-xbestr



start:
   call   base
base:   pop   ebp

   cld
   mov   esi,80010000h; Kernel here
   
   mov   eax,[esi+3Ch]
   mov   ebx,[esi+eax+78h]
   add   ebx,esi
   mov   edx,[ebx+1Ch]
   add   edx,esi
   lea   edi,[ebp+kexports-base]
getexports:   
   mov   ecx,[edi]
   jecxz   .done
   sub   ecx,[ebx+10h]
   mov   eax,[edx+4*ecx]
   test   eax,eax
   jz   .empty
   add   eax,esi
.empty:   stosd
   jmp   getexports
.done:

orangeled:   
  mov   edi,[ebp+HalWriteSMBusValue-base]
  push   0FFh          ; orange led
  push   byte 0
  push   byte 8  ; led_register
  push   byte 20h  ; pic_address
  call   edi
  push   byte 1
  push   byte 0
  push   byte 7  ; led_mode
  push   byte 20h  ; pic_address
  call   edi

fanspeed:   
  mov   edi,[ebp+HalWriteSMBusValue-base]
  push   025h          ;speed 10-50 (00Ah-032h)
  push   byte 0
  push   byte 6  ; fan_register
  push   byte 20h  ; pic_address
  call   edi
  push   byte 1
  push   byte 0
  push   byte 5  ; fan_mode
  push   byte 20h  ; pic_address
  call   edi

patchpublickey:   
   mov   ebx,[ebp+XePublicKeyData-base]
   test   ebx,ebx
   jnz   .chk

.searchkey:   
   mov   ebx,esi
   inc   esi
.chk:   cmp   dword [ebx],31415352h
   jne   .searchkey
   cmp   dword [ebx+10h],10001h
   jne   .searchkey

.searchkeyend:   
   inc   ebx
   cmp   dword [ebx],0A44B1BBDh
   jne   .searchkeyend

   pushf
   cli
   mov   ecx,cr0
   push   ecx
   and   ecx,0FFFEFFFFh
   mov   cr0,ecx

   xor   dword [ebx],2DD78BD6h

   pop   ecx
   mov   cr0,ecx
   popf


clockcheck:
   xor   eax,eax
   push   eax
   push   eax
   mov   ebx,esp   ; space for current time

   push   eax
   push   eax
   mov   esi,esp   ; space for minimum time

   push   eax
   push   eax
   mov   edi,esp   ; space for maximum time

   push   ebx
   call   dword [ebp+KeQuerySystemTime-base]

   push   esi
   lea   eax,[ebp+mintimefields-base]
   push   eax
   call   dword [ebp+RtlTimeFieldsToTime-base]
   test   eax,eax
   jz   .bailout

   mov   eax,[ebx]
   mov   edx,[ebx+4]
   sub   eax,[esi]
   sbb   edx,[esi+4]
   jc   .setclock

   push   edi
   lea   eax,[ebp+maxtimefields-base]
   push   eax
   call   dword [ebp+RtlTimeFieldsToTime-base]
   test   eax,eax
   jz   .bailout
   
   mov   eax,[ebx]
   mov   edx,[ebx+4]
   sub   eax,[edi]
   sbb   edx,[edi+4]
   jc   .clockok

.setclock:
   push   byte 0
   push   esi
   call   dword [ebp+NtSetSystemTime-base]

.clockok:   
.bailout:   
   add   esp,byte 8+8+8
   
   
launchxbe:   
   mov   esi,[ebp+LaunchDataPage-base]
   mov   edi,1000h
   mov   ebx,[esi]
   test   ebx,ebx
   jnz   .memok

   push   edi
   call   dword [ebp+MmAllocateContiguousMemory-base]
   mov   ebx,eax
   mov   [esi],eax
.memok:   

   push   byte 1
   push   edi
   push   ebx
   call   dword [ebp+MmPersistContiguousMemory-base]

   mov   edi,ebx
   xor   eax,eax
   mov   ecx,400h
   rep   stosd

   or   dword [ebx],byte -1
   mov   [ebx+4],eax

   lea   edi,[ebx+8]
   lea   esi,[ebp+xbestr-base]
   push   byte XBESTRLEN
   pop   ecx
   rep   movsb

   push   byte 2
   call   dword [ebp+HalReturnToFirmware-base]
.inf:   jmp   short .inf

[DaddyJ]

Awesome job man, Might have to update the ernie editor for this code

 

[xman954]

Thanks DJ  
now PBL has nothing over NKpatcher
and i have yet to see a game not run with NKpatcher   (even use it on my chiped xbox)

hope it helps a few that still use evox as there main dash on there softmod..
also the LED byte can also be changed to get the xmas tree look
if so wanted, will post the table later

CODE

mintimefields dw 2005; Year
 dw 5; Month
 dw 3; Day

[triggernum5]

Very nice indeed..  I too would like to see multiboot path, and/or dual boot embedded directly into nkpatcher..  Think your talent could spill into that venue?  Don't stress too much on it though, the current methods are perfectly acceptable (from what I have read about that new multipath xbe)..

[krayzie]

nice.....I will play around with this. might be some material for the 2.9 version.

[PedrosPad]

QUOTE(SupaSaru @ May 4 2005, 04:10 PM)

Look at the thread I pasted my last post in this thread.

[xman954]

LED table

CODE

LED_REGISTER_CYCLE3_GREEN = 0x01
LED_REGISTER_CYCLE2_GREEN = 0x02
LED_REGISTER_CYCLE1_GREEN = 0x04
LED_REGISTER_CYCLE0_GREEN = 0x08
LED_REGISTER_ON_GREEN     = 0x0F   

LED_REGISTER_CYCLE3_RED = 0x10
LED_REGISTER_CYCLE2_RED = 0x20
LED_REGISTER_CYCLE1_RED = 0x40
LED_REGISTER_CYCLE0_RED = 0x80
LED_REGISTER_ON_RED     = 0xF0

as you can see the high nible is for the red led and low is green (both orange)
and the cycle is time, so if set at different rates you will get
xmas lights

was thinking to add dual-habibi tray state
tray closed > orange, closed.xbe (normal boot, NKpatcher)
tray open   > red, open.xbe (NKpatcher, no shadowC with EEPROM writes)

[Olipro]

if you want the LED to flash a certain sequence, (i believe that the number of changes is 4) then just OR each of the hex values in the order you want them, and push the end result onto the stack.

[SupaSaru]

  Someone volunteer to test my modified nkp10....  Privvy or something.

[krayzie]

Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.

[SupaSaru]

QUOTE(krayzie @ May 4 2005, 03:03 PM)

Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.

[DaddyJ]

QUOTE(krayzie @ May 4 2005, 03:03 PM)

Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.

[xman954]

QUOTE(krayzie @ May 4 2005, 04:03 PM)

Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.

[triggernum5]

[DaddyJ]

QUOTE(SupaSaru)

but no one seems interested. ......

  NKP would be nice with an easily swapped config file, but using a button system would be just as useful.  Maybe I'll look into adding a way to disable shadowing with a button.  Maybe something like L+R disables shadow, A button boots a third dash/fbl.

These features would be great