Topic: Apilogger V2 (Read 197 times)

PedrosPad · « **Reply #15 on:** November 07, 2005, 04:58:00 AM »

QUOTE(xman954 @ Nov 7 2005, 06:10 AM)

directed it to log C:\settings_adoc.xip and it worked
but it will not work with any other xbe (habibi or M$ signed)
tried xboxdash.xbe, xonlinedash.xbe

is there anything i can do to make it work...

Interestingly, the only one it worked on - C:\settings_adoc.xip - doesn't require any support files. The others do.

Remember to put the default.xbe and any support files required by the default.xbe in E:\APILog! (this includes any subfolders, etc.)

PedrosPad · « **Reply #16 on:** November 07, 2005, 10:47:00 PM »

QUOTE(xman954 @ Nov 7 2005, 06:10 AM)

APIlogger V1 works fine...
APIlogger V2 well, it does not like my xbox for some reason

EVERYTHING i try just turns the led to orange then hangs with a black screen.
<snip />
but it will not work with any other xbe (habibi or M$ signed)
tried xboxdash.xbe, xonlinedash.xbe
xbox is K4034
is there anything i can do to make it work...

Ditto. I managed to verify your failures.

It works fine for earlier XBEs but not XBEs compiled with a later XDK.
D:4920 works fine with APILoggerV2 (and that should include UberDash), but D:5690 doesn't.

IIRC there was a change to the startup library in the later XDKs that set a CS limit in the GDT. A way around this may be to patch out this code in the subject XBE. I'll attempt that and post hex edits for the D:5960 Dash if I find them.

xman954 · « **Reply #17 on:** November 08, 2005, 12:08:00 AM »

thanks, thats good and bad news (good that im not totally wacked

)

d0wnlab · « **Reply #18 on:** November 08, 2005, 10:46:00 AM »

QUOTE(PedrosPad @ Nov 8 2005, 12:47 AM)

Ditto. I managed to verify your failures.

Just wanted to add that I'm experiencing the same :|

PedrosPad · « **Reply #19 on:** November 09, 2005, 06:24:00 PM »

QUOTE(PedrosPad @ Nov 8 2005, 06:47 AM)

Ditto. I managed to verify your failures.

IIRC there was a change to the startup library in the later XDKs that set a CS limit in the GDT. A way around this may be to patch out this code in the subject XBE. I'll attempt that and post hex edits for the D:5960 Dash if I find them.

Hex edits for D:5960:

Using a hex editor
on C:\xboxdash.xbe or c:\xodash\xonlinedash.xbe
search for 0x87480887500C (should only be one occurrence)
replace with 0x909090909090
re-sign with xbedump to correct segment checksums.
Spawn the patched XBE from APILoggerV2

Since this is in a library routine compiled into all newer XDK XBEs, I suspect the same hex edit will work on all XBEs that APILoggerV2 currently fails to process.

fyi - here's the fragement where c:\xboxdash.xbe checks C:\xodash\xonlinedash.xbe:

QUOTE

0x0000000B 0xD0021018 0x0006AD90 NtCreateFile(pFileHandle=0xD00326EC,DesiredAccess=0x80100080(SYNCHRONIZE|GENERIC
_READ|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD00326D0{RootDirectory=0xFFFFFF
FD,ObjectName=0xD00326E4{Length=0x0019,MaximumLength=0x001A,Buffer=0x0001FF98{"y:\xodash\xonlinedash.xbe" }},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD00326DC,Alloca
tionSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000000(),CreateDis
position=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE_SEQUENTIAL_ONLY|FIL
E_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE));
0x0000000C 0xD0021018 0x0006CEAA NtReadFile(FileHandle=0x0000000C ,Event=0x00000000,pApcRoutine=0x00000000,pApcContext=0x00000000,pIoStatusBlock=0
xD00326F0,pBuffer=0xD0032720,Length=0x00000178,pByteOffset=0x00000000);
0x0000000D 0xD0021018 0x0006D11C NtSetInformationFile(FileHandle=0x0000000C,pIoStatusBlock=0xD00326EC,FileInformation=0xD00326F4,Length=0x00000008,FileInformationClass=0x0000000E(FilePositionInformation));
0x0000000E 0xD0021018 0x0006CEAA NtReadFile(FileHandle=0x0000000C ,Event=0x00000000,pApcRoutine=0x00000000,pApcContext=0x00000000,pIoStatusBlock=0
xD00326F0,pBuffer=0xD00328E4,Length=0x000001D0,pByteOffset=0x00000000);

and where C:\xodash\xonlinedash.xbe checks c:\xboxdash.xbe:

QUOTE

0x00000008 0xD0021018 0x0007B59E NtCreateFile(pFileHandle=0xD00326E4,DesiredAccess=0x80100080(SYNCHRONIZE|GENERIC
_READ|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD00326C8{RootDirectory=0xFFFFFF
FD,ObjectName=0xD00326DC{Length=0x000F,MaximumLength=0x0010,Buffer=0x00013D84{"y:\xboxdash.xbe" }},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD00326D4,Alloca
tionSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000000(),CreateDis
position=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE_SEQUENTIAL_ONLY|FIL
E_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE));
0x00000009 0xD0021018 0x0007BBC7 NtReadFile(FileHandle=0x00000018 ,Event=0x00000000,pApcRoutine=0x00000000,pApcContext=0x00000000,pIoStatusBlock=0
xD00326E8,pBuffer=0xD0032718,Length=0x00000178,pByteOffset=0x00000000);
0x0000000A 0xD0021018 0x0007BE39 NtSetInformationFile(FileHandle=0x00000018,pIoStatusBlock=0xD00326E4,FileInformation=0xD00326EC,Length=0x00000008,FileInformationClass=0x0000000E(FilePositionInformation));
0x0000000B 0xD0021018 0x0007BBC7 NtReadFile(FileHandle=0x00000018 ,Event=0x00000000,pApcRoutine=0x00000000,pApcContext=0x00000000,pIoStatusBlock=0
xD00326E8,pBuffer=0xD00328BC,Length=0x000001D0,pByteOffset=0x00000000);

Angerwound · « **Reply #20 on:** November 09, 2005, 09:14:00 PM »

WOW! Pedro's genius wins again!

krayzie · « **Reply #21 on:** November 09, 2005, 11:08:00 PM »

When I hexed xonlinedash to look for xb0xdash.xbe (for the fuck m$ xonlinedash thing) I noticed there is also a path in the code looking for device\cdrom0\xboxdash.xbe. anyone knows what that is about? is it meant for some special msdisc or something?

Tp21 · « **Reply #22 on:** November 10, 2005, 10:33:00 AM »

why would MS do that?
and if it's really for some "MS only" cd... can we use it too exploit the system?
if you open xonlinedash.xbe in an text editor and do an search for cdrom
you get a lot of files that are searched from on an cd...

krayzie · « **Reply #23 on:** November 10, 2005, 10:36:00 AM »

probably not since it would be an xbox dvd but I was just curious what it was meant for.

Tp21 · « **Reply #24 on:** November 10, 2005, 10:46:00 AM »

hmmm, those are also in xboxdash.xbe
there is also one weird one: \Device\Cdrom0\contentmeta.xbx (last \ is an double empty box thing

)
i just thought... isn't that for checking for savegames from cd/dvd?
there is also an call to t:\motd.xbx...
one prob. don't know where t:\ ends...

garyopa · « **Reply #25 on:** November 10, 2005, 11:00:00 AM »

MOTD.XBX = Message of the Day - A Newer feature of live, and copy of
the message is sometimes found in your E:\TDATA\FFFE000 directory.

Tp21 · « **Reply #26 on:** November 10, 2005, 11:14:00 AM »

do you know how it looks like?
is it just "flat" text?
isn't it possible too exploit it using Motd.xbx?
i've just created an empty file, and it doens't work whitout live account

just found something else...
\Device\Harddisk0\Partition2\dvdkey.bin
anyone know what it is?

garyopa · « **Reply #27 on:** November 10, 2005, 12:59:00 PM »

When you first use the DVD dongle it adds a small file to the HDD, to
enable the dashboard to enable playing DVD movies.

Tp21 · « **Reply #28 on:** November 10, 2005, 01:21:00 PM »

do you know what's in it, and if it can be exploited
same for that other "strange" file link i found
too some xbx file on cd...

xman954 · « **Reply #29 on:** November 18, 2005, 12:59:00 AM »

is this where xboxdash maps C:\ to Y:\ ?
0x00000000 0xD0008358 0x0006FBE3 IoCreateSymbolicLink(UnknownArgs=682F1600 702F1600)
could it be changed to map C:\path_to_orignal_files\ to Y:\ ?

Author Topic: Apilogger V2 (Read 197 times)