the problem of multicore

[enler]

We know the arm11 processor of New Nintendo 3DS has four cores, but the NTR CFW DEX only supports debugging on one of them, this means, If you add a watchpoint(aka read/write memory breakpoint), and a thread that running on another core accesses the memory, the watchpoint will not be triggered.

[Syphurith]

Could the thread know which core it is running on? (CHN)

[enler]

@Syphurith Yes,use syscall "GetCurrentProcessorNumber()",for more details see here http://3dbrew.org/wiki/SVC

[Syphurith]

@enler Then you may try to cycle through the threads to find several threads to set the breaks. Or simply else just put that break to all threads. Hope the CFW could achieve that.

[enler]

@Syphurith Thanks for your suggestion. But the problem of multicore is more complex than I think,on the software level, I have tried out several ways, such as hooking specified kernel-thread, creating a thread that running on specified core and etc,but none of them is stable. Now I'm trying to solve this problem on the hardware level.

[Syphurith]

0x65 Result GetProcessList(s32* processCount, u32* processIds, s32 processIdMaxCount) 0x66 Result GetThreadList(s32* threadCount, u32* threadIds, s32 threadIdMaxCount, Handle domain) The worst thing is at least i have no idea about how its multicore scedules the jobs. You may ask for help on #3dsdev, and there is document about MPCore from ARM.

[Syphurith]

@enler Contact with 44670 via QQ minutes ago. About this breakpoint support.. I don't think this could be done without any modification within the binary, however he is busy doing other things. Instructions differs from OSes and Chip-Families. I only suggested a BKPT or a crafted HardFault may work. BTW, i suggest you could try to build this Client with Mono environment, which leads to better platform support. It may need you to change the Code a bit. Thanks for contribution as always.

[Syphurith]

@enler I heard that you try to contact me via QQ, and sorry for that, I merely be on QQ. I've looked into NTRDisasm which is done by patios first, and it only has ONE THREAD injected to the HomeMenu. So you can't do so on multicore unless stop the whole core, or inject multiple threads to all cores. If you choose to inject it multiple times, you would have to cycle around to ensure it is on the desired core after created, else send back create failed and let NTR try again. To myself, i don't care about NTR much enough, since what i have is only its Disasm with symbols. And since its main part is not open-sourced legal reason, i would not like to contribute to it. Also I would perfer one way for ARM11 to contact the ARM9 kernel to do other things. The methods are described above, feel free to do so if you like. And, sorry for my unable to help you this time.

[LITTOMA]

talk chnises pleass!!

[Syphurith]

@LITTOMA 說正體中文还是简体中文?ALL OK.有拼错哦。 3dbrew的新修改说，发现用于硬件断点的SVC，调用号尚不知道。如觉得有意思请自行联系44670。

[LITTOMA]

故意拼错的

[Syphurith]

@LITTOMA 其实啊也是语序。个人还是不太看好NTR的以后吧，不过还是比较有用的。

[enler]

已解决，用inter-processor interrupt搞定的，不用创建任何新的线程，而且还挺稳定，这issue我关掉了，谢谢2位的支持: ) 顺便聊一下开发的一些细节吧，那个svc 0x60-svc 0x6d，也就是调试器相关的这些，0x6c那个就是设置硬件断点，我们团队里有个人在差不多一年前的时候已经分析出来，3dbrew前几天更新的那些，我们一年前就已经知道了，并且在一年前他也尝试编写调试器，但是最后并没有写出来，他表示内核的调试机制不是很好用。 在这个背景下，于是我打算编写不依赖内核的调试器（其实最初的工程并不基于ntr，后来是觉得ntr有个基本的调试功能，干脆放到一块），对arm11内核进行了一定程度的逆向工程（主要是对异常中断机制以及svc的具体实现进行深入分析，啃汇编是我强项，实际上F5反编译插件对于有着一大堆特权指令的内核来说，用处不大），在查阅了arm11mpcore的官方文档之后很顺利就有了第一个版本（把bkpt指令跟硬件断点都用上了）。然而我忽略了一件事，就是每个核上的硬件调试器是独立的，在一个核上的硬件调试器下断点对另外一个核是没有作用的（官方的svc甚至都不能解决这个问题），我考虑过在其他核上创建线程等方法，但是这些方法都不大理想，稳定性是个大问题，所以最后就从IPI入手解决这个问题，很幸运的是内核当中并没有把16个IPI的中断号全部用完（只用到4到10，直到老3ds的9.6的内核也是如此，估计以后其他的中断号被用上的可能性也不高），我只要注册一个调试器用的中断号就行，不过要做到这件事必须去调用几个内核的私有函数（非svc那些，一般用户态不可见的函数），这使得ntr变得更难移植。

[Syphurith]

@enler 居然解决了，实在恭喜。顺便看了下IPI的说明，还是自己知道的不够啊。