Post by: xman954 on May 03, 2005, 12:35:00 PM
added fan speed and orange led
just make sure it points to your boot file (NKpatcher or PBL)
boots C:\default.xbe as is
CODE
;;;
;;; Compile: nasm -o ernie.xtf ernie.asm
;;;
BITS 32
header:
db 'XTF0'
dd 32
db 'xbox'
times 32-4 db 0
.data1len: jmp short shellcode
dw 10h
dd 0
.data2num: dd 100000h
dd 0
shellcode:
jmp near start
align 4, db 0
kexports:
HalReturnToFirmware dd 49
HalWriteSMBusValue dd 50
LaunchDataPage dd 164
MmAllocateContiguousMemory dd 165
MmPersistContiguousMemory dd 178
XePublicKeyData dd 355
KeQuerySystemTime dd 128
NtSetSystemTime dd 228
RtlTimeFieldsToTime dd 304
dd 0
mintimefields dw 2005 ; Year
dw 5 ; Month
dw 3 ; Day
dw 0 ; Hour
dw 0 ; Minute
dw 0 ; Second
dw 0 ; Milliseconds
dw 0 ; Weekday (ignored)
maxtimefields dw 2019 ; Year
dw 6 ; Month
dw 6 ; Day
dw 0 ; Hour
dw 0 ; Minute
dw 0 ; Second
dw 0 ; Milliseconds
dw 0 ; Weekday (ignored)
xbestr db '\Device\Harddisk0\Partition2;default.xbe',0
times 11 db 0
XBESTRLEN equ $-xbestr
start:
call base
base: pop ebp
cld
mov esi,80010000h; Kernel here
mov eax,[esi+3Ch]
mov ebx,[esi+eax+78h]
add ebx,esi
mov edx,[ebx+1Ch]
add edx,esi
lea edi,[ebp+kexports-base]
getexports:
mov ecx,[edi]
jecxz .done
sub ecx,[ebx+10h]
mov eax,[edx+4*ecx]
test eax,eax
jz .empty
add eax,esi
.empty: stosd
jmp getexports
.done:
orangeled:
mov edi,[ebp+HalWriteSMBusValue-base]
push 0FFh ; orange led
push byte 0
push byte 8 ; led_register
push byte 20h ; pic_address
call edi
push byte 1
push byte 0
push byte 7 ; led_mode
push byte 20h ; pic_address
call edi
fanspeed:
mov edi,[ebp+HalWriteSMBusValue-base]
push 025h ;speed 10-50 (00Ah-032h)
push byte 0
push byte 6 ; fan_register
push byte 20h ; pic_address
call edi
push byte 1
push byte 0
push byte 5 ; fan_mode
push byte 20h ; pic_address
call edi
patchpublickey:
mov ebx,[ebp+XePublicKeyData-base]
test ebx,ebx
jnz .chk
.searchkey:
mov ebx,esi
inc esi
.chk: cmp dword [ebx],31415352h
jne .searchkey
cmp dword [ebx+10h],10001h
jne .searchkey
.searchkeyend:
inc ebx
cmp dword [ebx],0A44B1BBDh
jne .searchkeyend
pushf
cli
mov ecx,cr0
push ecx
and ecx,0FFFEFFFFh
mov cr0,ecx
xor dword [ebx],2DD78BD6h
pop ecx
mov cr0,ecx
popf
clockcheck:
xor eax,eax
push eax
push eax
mov ebx,esp ; space for current time
push eax
push eax
mov esi,esp ; space for minimum time
push eax
push eax
mov edi,esp ; space for maximum time
push ebx
call dword [ebp+KeQuerySystemTime-base]
push esi
lea eax,[ebp+mintimefields-base]
push eax
call dword [ebp+RtlTimeFieldsToTime-base]
test eax,eax
jz .bailout
mov eax,[ebx]
mov edx,[ebx+4]
sub eax,[esi]
sbb edx,[esi+4]
jc .setclock
push edi
lea eax,[ebp+maxtimefields-base]
push eax
call dword [ebp+RtlTimeFieldsToTime-base]
test eax,eax
jz .bailout
mov eax,[ebx]
mov edx,[ebx+4]
sub eax,[edi]
sbb edx,[edi+4]
jc .clockok
.setclock:
push byte 0
push esi
call dword [ebp+NtSetSystemTime-base]
.clockok:
.bailout:
add esp,byte 8+8+8
launchxbe:
mov esi,[ebp+LaunchDataPage-base]
mov edi,1000h
mov ebx,[esi]
test ebx,ebx
jnz .memok
push edi
call dword [ebp+MmAllocateContiguousMemory-base]
mov ebx,eax
mov [esi],eax
.memok:
push byte 1
push edi
push ebx
call dword [ebp+MmPersistContiguousMemory-base]
mov edi,ebx
xor eax,eax
mov ecx,400h
rep stosd
or dword [ebx],byte -1
mov [ebx+4],eax
lea edi,[ebx+8]
lea esi,[ebp+xbestr-base]
push byte XBESTRLEN
pop ecx
rep movsb
push byte 2
call dword [ebp+HalReturnToFirmware-base]
.inf: jmp short .inf
;;; Compile: nasm -o ernie.xtf ernie.asm
;;;
BITS 32
header:
db 'XTF0'
dd 32
db 'xbox'
times 32-4 db 0
.data1len: jmp short shellcode
dw 10h
dd 0
.data2num: dd 100000h
dd 0
shellcode:
jmp near start
align 4, db 0
kexports:
HalReturnToFirmware dd 49
HalWriteSMBusValue dd 50
LaunchDataPage dd 164
MmAllocateContiguousMemory dd 165
MmPersistContiguousMemory dd 178
XePublicKeyData dd 355
KeQuerySystemTime dd 128
NtSetSystemTime dd 228
RtlTimeFieldsToTime dd 304
dd 0
mintimefields dw 2005 ; Year
dw 5 ; Month
dw 3 ; Day
dw 0 ; Hour
dw 0 ; Minute
dw 0 ; Second
dw 0 ; Milliseconds
dw 0 ; Weekday (ignored)
maxtimefields dw 2019 ; Year
dw 6 ; Month
dw 6 ; Day
dw 0 ; Hour
dw 0 ; Minute
dw 0 ; Second
dw 0 ; Milliseconds
dw 0 ; Weekday (ignored)
xbestr db '\Device\Harddisk0\Partition2;default.xbe',0
times 11 db 0
XBESTRLEN equ $-xbestr
start:
call base
base: pop ebp
cld
mov esi,80010000h; Kernel here
mov eax,[esi+3Ch]
mov ebx,[esi+eax+78h]
add ebx,esi
mov edx,[ebx+1Ch]
add edx,esi
lea edi,[ebp+kexports-base]
getexports:
mov ecx,[edi]
jecxz .done
sub ecx,[ebx+10h]
mov eax,[edx+4*ecx]
test eax,eax
jz .empty
add eax,esi
.empty: stosd
jmp getexports
.done:
orangeled:
mov edi,[ebp+HalWriteSMBusValue-base]
push 0FFh ; orange led
push byte 0
push byte 8 ; led_register
push byte 20h ; pic_address
call edi
push byte 1
push byte 0
push byte 7 ; led_mode
push byte 20h ; pic_address
call edi
fanspeed:
mov edi,[ebp+HalWriteSMBusValue-base]
push 025h ;speed 10-50 (00Ah-032h)
push byte 0
push byte 6 ; fan_register
push byte 20h ; pic_address
call edi
push byte 1
push byte 0
push byte 5 ; fan_mode
push byte 20h ; pic_address
call edi
patchpublickey:
mov ebx,[ebp+XePublicKeyData-base]
test ebx,ebx
jnz .chk
.searchkey:
mov ebx,esi
inc esi
.chk: cmp dword [ebx],31415352h
jne .searchkey
cmp dword [ebx+10h],10001h
jne .searchkey
.searchkeyend:
inc ebx
cmp dword [ebx],0A44B1BBDh
jne .searchkeyend
pushf
cli
mov ecx,cr0
push ecx
and ecx,0FFFEFFFFh
mov cr0,ecx
xor dword [ebx],2DD78BD6h
pop ecx
mov cr0,ecx
popf
clockcheck:
xor eax,eax
push eax
push eax
mov ebx,esp ; space for current time
push eax
push eax
mov esi,esp ; space for minimum time
push eax
push eax
mov edi,esp ; space for maximum time
push ebx
call dword [ebp+KeQuerySystemTime-base]
push esi
lea eax,[ebp+mintimefields-base]
push eax
call dword [ebp+RtlTimeFieldsToTime-base]
test eax,eax
jz .bailout
mov eax,[ebx]
mov edx,[ebx+4]
sub eax,[esi]
sbb edx,[esi+4]
jc .setclock
push edi
lea eax,[ebp+maxtimefields-base]
push eax
call dword [ebp+RtlTimeFieldsToTime-base]
test eax,eax
jz .bailout
mov eax,[ebx]
mov edx,[ebx+4]
sub eax,[edi]
sbb edx,[edi+4]
jc .clockok
.setclock:
push byte 0
push esi
call dword [ebp+NtSetSystemTime-base]
.clockok:
.bailout:
add esp,byte 8+8+8
launchxbe:
mov esi,[ebp+LaunchDataPage-base]
mov edi,1000h
mov ebx,[esi]
test ebx,ebx
jnz .memok
push edi
call dword [ebp+MmAllocateContiguousMemory-base]
mov ebx,eax
mov [esi],eax
.memok:
push byte 1
push edi
push ebx
call dword [ebp+MmPersistContiguousMemory-base]
mov edi,ebx
xor eax,eax
mov ecx,400h
rep stosd
or dword [ebx],byte -1
mov [ebx+4],eax
lea edi,[ebx+8]
lea esi,[ebp+xbestr-base]
push byte XBESTRLEN
pop ecx
rep movsb
push byte 2
call dword [ebp+HalReturnToFirmware-base]
.inf: jmp short .inf
Post by: DaddyJ on May 03, 2005, 06:46:00 PM
Post by: xman954 on May 03, 2005, 08:57:00 PM
now PBL has nothing over NKpatcher
and i have yet to see a game not run with NKpatcher
(even use it on my chiped xbox)hope it helps a few that still use evox as there main dash on there softmod..
also the LED byte can also be changed to get the xmas tree look
if so wanted, will post the table later
CODE
mintimefields dw 2005; Year
dw 5; Month
dw 3; Day
Post by: triggernum5 on May 04, 2005, 06:57:00 AM
Post by: krayzie on May 04, 2005, 08:45:00 AM
Post by: PedrosPad on May 04, 2005, 10:12:00 AM
QUOTE(SupaSaru @ May 4 2005, 04:10 PM)
Look at the thread I pasted my last post in this thread.
-
Title: Modded Ernie.xtf (fonts71)
Post by: xman954 on May 04, 2005, 11:13:00 AM
-
LED table
LED_REGISTER_CYCLE3_GREEN = 0x01
LED_REGISTER_CYCLE2_GREEN = 0x02
LED_REGISTER_CYCLE1_GREEN = 0x04
LED_REGISTER_CYCLE0_GREEN = 0x08
LED_REGISTER_ON_GREEN = 0x0F
LED_REGISTER_CYCLE3_RED = 0x10
LED_REGISTER_CYCLE2_RED = 0x20
LED_REGISTER_CYCLE1_RED = 0x40
LED_REGISTER_CYCLE0_RED = 0x80
LED_REGISTER_ON_RED = 0xF0
as you can see the high nible is for the red led and low is green (both orange)
and the cycle is time, so if set at different rates you will get
xmas lights
was thinking to add dual-habibi tray state
tray closed > orange, closed.xbe (normal boot, NKpatcher)
tray open > red, open.xbe (NKpatcher, no shadowC with EEPROM writes)
-
Title: Modded Ernie.xtf (fonts71)
Post by: Olipro on May 04, 2005, 01:25:00 PM
-
if you want the LED to flash a certain sequence, (i believe that the number of changes is 4) then just OR each of the hex values in the order you want them, and push the end result onto the stack.
-
Title: Modded Ernie.xtf (fonts71)
Post by: SupaSaru on May 04, 2005, 01:48:00 PM
-
Someone volunteer to test my modified nkp10.... Privvy or something.
-
Title: Modded Ernie.xtf (fonts71)
Post by: krayzie on May 04, 2005, 01:57:00 PM
-
Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.
-
Title: Modded Ernie.xtf (fonts71)
Post by: SupaSaru on May 04, 2005, 03:23:00 PM
-
Post by: xman954 on May 04, 2005, 11:13:00 AM
CODE
LED_REGISTER_CYCLE3_GREEN = 0x01
LED_REGISTER_CYCLE2_GREEN = 0x02
LED_REGISTER_CYCLE1_GREEN = 0x04
LED_REGISTER_CYCLE0_GREEN = 0x08
LED_REGISTER_ON_GREEN = 0x0F
LED_REGISTER_CYCLE3_RED = 0x10
LED_REGISTER_CYCLE2_RED = 0x20
LED_REGISTER_CYCLE1_RED = 0x40
LED_REGISTER_CYCLE0_RED = 0x80
LED_REGISTER_ON_RED = 0xF0
as you can see the high nible is for the red led and low is green (both orange)
and the cycle is time, so if set at different rates you will get
xmas lights
was thinking to add dual-habibi tray state
tray closed > orange, closed.xbe (normal boot, NKpatcher)
tray open > red, open.xbe (NKpatcher, no shadowC with EEPROM writes)
Post by: Olipro on May 04, 2005, 01:25:00 PM
Post by: SupaSaru on May 04, 2005, 01:48:00 PM
Someone volunteer to test my modified nkp10.... Privvy or something.
Post by: krayzie on May 04, 2005, 01:57:00 PM
Post by: SupaSaru on May 04, 2005, 03:23:00 PM
QUOTE(krayzie @ May 4 2005, 03:03 PM)
Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.
-
Title: Modded Ernie.xtf (fonts71)
Post by: DaddyJ on May 04, 2005, 04:33:00 PM
-
Post by: DaddyJ on May 04, 2005, 04:33:00 PM
QUOTE(krayzie @ May 4 2005, 03:03 PM)
Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.
-
Title: Modded Ernie.xtf (fonts71)
Post by: xman954 on May 05, 2005, 12:10:00 AM
-
Post by: xman954 on May 05, 2005, 12:10:00 AM
QUOTE(krayzie @ May 4 2005, 04:03 PM)
Rmenhal separated the dual state code from the fonts as he said it's better to leave the fonts code as clean as possible. Wouldn't it be much nicer to get all the funky stuff in the nkpatcher and leave the fonts only as what they are intended for.
-
Title: Modded Ernie.xtf (fonts71)
Post by: triggernum5 on May 05, 2005, 06:09:00 PM
-
-
Title: Modded Ernie.xtf (fonts71)
Post by: DaddyJ on May 05, 2005, 06:27:00 PM
-
These features would be great
-
Title: Modded Ernie.xtf (fonts71)
Post by: slrhsapple on May 05, 2005, 07:00:00 PM
-
. Thanks
Post by: triggernum5 on May 05, 2005, 06:09:00 PM
Post by: DaddyJ on May 05, 2005, 06:27:00 PM
QUOTE(SupaSaru)
but no one seems interested. ......
NKP would be nice with an easily swapped config file, but using a button system would be just as useful. Maybe I'll look into adding a way to disable shadowing with a button. Maybe something like L+R disables shadow, A button boots a third dash/fbl.
NKP would be nice with an easily swapped config file, but using a button system would be just as useful. Maybe I'll look into adding a way to disable shadowing with a button. Maybe something like L+R disables shadow, A button boots a third dash/fbl.
These features would be great
Post by: slrhsapple on May 05, 2005, 07:00:00 PM
. Thanks