Difference between revisions of "User:JayFoxRox"
From xboxdevwiki
m (→Unfinished information) |
m (→THPS2X Syslink crash) |
||
Line 17: | Line 17: | ||
(gdb) print $eip | (gdb) print $eip | ||
$1 = (void (*)()) 0x215adf | $1 = (void (*)()) 0x215adf | ||
+ | </pre> | ||
+ | |||
+ | And this seems to copy server to database (this in particular copied string?): | ||
+ | |||
+ | <pre> | ||
+ | Hardware watchpoint 1: *(int*)0xf47944 | ||
+ | |||
+ | Old value = 926102321 | ||
+ | New value = 858992984 | ||
+ | 0x00156cc3 in ?? () | ||
+ | (gdb) print $eip | ||
+ | $2 = (void (*)()) 0x156cc3 | ||
+ | (gdb) info reg | ||
+ | eax 0xd0043260 -805031328 | ||
+ | ecx 0x1d 29 | ||
+ | edx 0x0 0 | ||
+ | ebx 0xf20ce0 15863008 | ||
+ | esp 0xd004324c 0xd004324c | ||
+ | ebp 0xf20ce0 0xf20ce0 | ||
+ | esi 0xd00432a0 -805031264 | ||
+ | edi 0xf47948 16021832 | ||
+ | eip 0x156cc3 0x156cc3 | ||
+ | eflags 0x246 [ PF ZF IF ] | ||
+ | cs 0x8 8 | ||
+ | ss 0x10 16 | ||
+ | ds 0x10 16 | ||
+ | es 0x10 16 | ||
+ | fs 0x20 32 | ||
+ | gs 0x0 0 | ||
+ | (gdb) x/10i $eip | ||
+ | => 0x156cc3: rep movsl %ds:(%esi),%es:(%edi) | ||
+ | 0x156cc5: call 0x1b9db6 | ||
+ | 0x156cca: mov 0x29b44(%ebx),%ecx | ||
+ | 0x156cd0: mov 0x10(%esp),%edx | ||
+ | 0x156cd4: imul $0x78,%ecx,%ecx | ||
+ | 0x156cd7: mov %edx,0x26ca8(%ecx,%ebx,1) | ||
+ | 0x156cde: mov 0x14(%esp),%eax | ||
+ | 0x156ce2: mov %eax,0x26cac(%ecx,%ebx,1) | ||
+ | 0x156ce9: mov 0x29b44(%ebx),%eax | ||
+ | 0x156cef: mov (%ebx),%edx | ||
</pre> | </pre> | ||
Revision as of 23:27, 21 October 2018
For contact details, see http://jannikvogel.de/
Contents
Unfinished information
THPS2X Syslink crash
Happens if too many servers are present (this is where data is written to driver?):
Hardware watchpoint 1: *(int*)0xD004D048 Old value = 1065353216 New value = 1500647462 0x00215adf in ?? () (gdb) pint $eip Undefined command: "pint". Try "help". (gdb) print $eip $1 = (void (*)()) 0x215adf
And this seems to copy server to database (this in particular copied string?):
Hardware watchpoint 1: *(int*)0xf47944 Old value = 926102321 New value = 858992984 0x00156cc3 in ?? () (gdb) print $eip $2 = (void (*)()) 0x156cc3 (gdb) info reg eax 0xd0043260 -805031328 ecx 0x1d 29 edx 0x0 0 ebx 0xf20ce0 15863008 esp 0xd004324c 0xd004324c ebp 0xf20ce0 0xf20ce0 esi 0xd00432a0 -805031264 edi 0xf47948 16021832 eip 0x156cc3 0x156cc3 eflags 0x246 [ PF ZF IF ] cs 0x8 8 ss 0x10 16 ds 0x10 16 es 0x10 16 fs 0x20 32 gs 0x0 0 (gdb) x/10i $eip => 0x156cc3: rep movsl %ds:(%esi),%es:(%edi) 0x156cc5: call 0x1b9db6 0x156cca: mov 0x29b44(%ebx),%ecx 0x156cd0: mov 0x10(%esp),%edx 0x156cd4: imul $0x78,%ecx,%ecx 0x156cd7: mov %edx,0x26ca8(%ecx,%ebx,1) 0x156cde: mov 0x14(%esp),%eax 0x156ce2: mov %eax,0x26cac(%ecx,%ebx,1) 0x156ce9: mov 0x29b44(%ebx),%eax 0x156cef: mov (%ebx),%edx
Reset
There are various methods to reset an Xbox or major parts of it (successfully or not).
SMC Cold Reboot
- CPU cycles: X > 0
SMC Warm Reboot
- CPU cycles: X > 0
PM26
- CPU cycles: X > 0
RST_CNT (RST_CPU)
RST_CNT (RST_CPU + SYS_RST)
RST_CNT (RST_CPU + FULL_RST)
RST_CNT (RST_CPU + SYS_RST + FULL_RST)
- CPU cycles: 0
Triple fault
- CPU cycles: 0[FIXME]
PCI-to-PCI bridge secondary bus reset
- CPU cycles: X > 0