Open SuperMarioDaBom opened 5 years ago
Memory watchpoints are quite difficult to implement. There are two ways to do this:
A software watchpoint would require the debugger to single-step though the code and check if a watchpoint was hit after every instruction. This slows down the game a lot.
A hardware watchpoint would be faster, but since there is only one DABR (data address breakpoint register) you can only have a single hardware watchpoint at once. I'm not even sure if it's possible to use hardware watchpoints on the Wii U, because the DABR is optional according to the PowerPC manual.
I can verify that the DABR is functional on my kiosk Wii U; if I call OSSetDABR() with the appropriate arguments, the Wii U crashes when the read/write breakpoint is hit. I can then go through the crash logs and find the ASM address which triggered the read/write. It's tedious, but at least working.
The function does not do anything on my retail Wii U, however. Getting the DABR working on retail would probably require a patch to the PPC kernel. As mentioned here, the syscall for setting the DABR doesn't even do anything if it sees a certain flag is set. There are probably even more checks to patch out once the DABR exception is actually taken.
I've done tests before to write patches to the kernel, to no avail. But I'm sure would be theoretically possible to get the DABR working...
Thanks, that's good to know. The debugger already has functions that let me write directly to physical memory, so it shouldn't be difficult to patch away the check in the kernel.
How feasible would it be to add memory / watch breakpoints? (Meaning breakpoints that get tripped whenever a read / write is performed to the specified area in memory.) It'd be very helpful tool for game reverse engineering.