Author Topic: Ndless Hooking Tutorial (especially key-hooks)  (Read 10126 times)

0 Members and 1 Guest are viewing this topic.

Offline CiriousJoker

  • LV2 Member (Next: 40)
  • **
  • Posts: 34
  • Rating: +1/-0
    • View Profile
Ndless Hooking Tutorial (especially key-hooks)
« on: April 11, 2014, 05:58:47 pm »
Is there any good hooking tutorial for ndless on the ti-nspire 3.6?


I wanted to make a notepad which i can activate by something like ctrl+return.
I found "example" code in nClock (clock overlay in upper right corner). The Problem is that i dont know what part of the code actually installs the hook.
I found some lines that probably have to do with the hook (and hopefully only these):



Code: [Select]

/* Shared data between hook and nclock */
static long * display12hrs = 0;
... (same style as the line above)
static long * checkTimeOnStartup = 0;
static long * noMiniClock = 0;


Code: [Select]

/* Install hook */
HOOK_INSTALL(HOOK_ADDR, hook_nclock);


Code: [Select]

/* If hook isn't already installed */
if(*((int*)HOOK_ADDR) == HOOK_VALUE) {


}




Code: [Select]


HOOK_DEFINE(hook_nclock) {
    if(!*noMiniClock)
        mini_nclock(1);
    HOOK_RESTORE_RETURN(hook_nclock);
}


Code: [Select]
// Defines the adresses and value(?)

static const int hook_addrs[] = {0x100B66C8, 0x100B6988,  // Clickpad / Touchpad 3.1
                                 0x100EAAAC, 0x100EADC4,  // CX 3.1
                                 0x100E72CC, 0x100E75E4,  // CM 3.1
                                 0x101122b8, 0x100eb288,  // Clickpad / Touchpad 3.6
                                 0x10111cfc, 0x1011201C}; // CX 3.6


//What does this mean? what does nl_osvalue(... , ...); do?
#define HOOK_ADDR (nl_osvalue((int*)hook_addrs, sizeof(hook_addrs)/sizeof(hook_addrs[0])))


static const int hook_values[] = {0xe92d47f0, 0xe92d47f0,
                                  0xE59F1030, 0xE59F1030,
                                  0xE59F1030, 0xE59F1030,
                                  0xE59F1030, 0xE59F1030,
                                  0xE59F1030, 0xE59F1030};


#define HOOK_VALUE (nl_osvalue((int*)hook_values, sizeof(hook_values)/sizeof(hook_values[0])))


The full code of nclock is attached.
« Last Edit: July 20, 2014, 06:31:31 am by Virusscript24 »

Offline CiriousJoker

  • LV2 Member (Next: 40)
  • **
  • Posts: 34
  • Rating: +1/-0
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #1 on: April 11, 2014, 06:44:57 pm »
Now i found out that
n1_osvalue(... , ...);
is defined like this:

Code: [Select]
int n1_osvalue(const values[], unsigned size):
returns the value of values corresponding to the OS version. size is the number of values.
values[0] corresponds to non-CAS 3.1, values[1] to CAS 3.1, values[2] to non-CAS CX 3.1,
values[3] to CAS CX 3.1, values[4] to CM-C 3.1, values[5] to CAS CM-C 3.1.


Source: http://hackspire.unsads.com/wiki/index.php/Ndless_features_and_limitations#Builtin_functions
(second function)

So this means that for every os version the author of nclock has a specific address?

How do i get these addresses?

Does all this have anything to do with memory mapped io ports? (I guess not)
( http://hackspire.unsads.com/wiki/index.php/Memory-mapped_I/O_ports )

Offline CiriousJoker

  • LV2 Member (Next: 40)
  • **
  • Posts: 34
  • Rating: +1/-0
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #2 on: April 12, 2014, 10:17:10 am »
bump


rly noone?

Offline Vogtinator

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1193
  • Rating: +108/-5
  • Instruction counter
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #3 on: April 12, 2014, 11:28:40 am »
You want to execute a specific function if a key combination has been pressed. You want to search the OS for a place where you can install a hook which then checks whether you pressed the specific keys. It has to be called reasonably often. The OS's key interrupt handler should be the ideal place.
You'll have to find addresses for every OS version and model.

Offline CiriousJoker

  • LV2 Member (Next: 40)
  • **
  • Posts: 34
  • Rating: +1/-0
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #4 on: April 12, 2014, 02:41:05 pm »
By finding out what interrupts are and everything around it, the only thread was this one:


http://www.omnimaga.org/calculator-c-language/(ndless)-interrupts-newbie-here/


You tried to help him and he seems to understand... I don't


Do you have any code example?

Offline Levak

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1002
  • Rating: +208/-39
    • View Profile
    • My website
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #5 on: April 12, 2014, 06:15:51 pm »
Is there any good hooking tutorial for ndless on the ti-nspire 3.6?
As far as I know, no, but its pretty simple. Reading Ndless code tells you all.

Quote
I wanted to make a notepad which i can activate by something like ctrl+return.
A hook in the key code translator should be a rather good place (on CX CAS 3.1 : look around 0x10230140).

Quote
Code: [Select]
// Defines the adresses and value(?)

static const int hook_addrs[] = {0x100B66C8, 0x100B6988,  // Clickpad / Touchpad 3.1
                                 0x100EAAAC, 0x100EADC4,  // CX 3.1
                                 0x100E72CC, 0x100E75E4,  // CM 3.1
                                 0x101122b8, 0x100eb288,  // Clickpad / Touchpad 3.6
                                 0x10111cfc, 0x1011201C}; // CX 3.6


//What does this mean? what does nl_osvalue(... , ...); do?
#define HOOK_ADDR (nl_osvalue((int*)hook_addrs, sizeof(hook_addrs)/sizeof(hook_addrs[0])))


static const int hook_values[] = {0xe92d47f0, 0xe92d47f0,
                                  0xE59F1030, 0xE59F1030,
                                  0xE59F1030, 0xE59F1030,
                                  0xE59F1030, 0xE59F1030,
                                  0xE59F1030, 0xE59F1030};


#define HOOK_VALUE (nl_osvalue((int*)hook_values, sizeof(hook_values)/sizeof(hook_values[0])))

For each OS version and calc serie, I define where the hook has to installs itself. hook_values contains the original WORD contained at that specific address. This prevents from installing multiple time the same hook.

Quote
The full code of nclock is attached.
I'd rather prefer you to link to the archive directly.

So this means that for every os version the author of nclock has a specific address?
For every version of Ndless (3.1, 3.6) and every Nspire serie (Clickpad/Touchpad, CX, CM), yes.

Quote
How do i get these addresses?

You can, for instance, find them in nspire_emu, entering the debugger and start exploring. On a more serious level, by reading the disassembled code of the OS (for obvious reasons, tools and such things cannot be found pubicly).



By finding out what interrupts are and everything around it, the only thread was this one:
Interrupts are not what you're looking for. The OS already set them up.

Quote

http://www.omnimaga.org/calculator-c-language/(ndless)-interrupts-newbie-here

You tried to help him and he seems to understand... I don't
He may have discontinued his idea. Interrupt controlers are not that hard, except if you hate reading datasheets.
« Last Edit: April 12, 2014, 06:18:43 pm by Levak »
I do not get mad at people, I just want them to learn the way I learnt.
My website - TI-Planet - iNspired-Lua

Offline CiriousJoker

  • LV2 Member (Next: 40)
  • **
  • Posts: 34
  • Rating: +1/-0
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #6 on: April 12, 2014, 06:51:24 pm »
Vogtinator told me that the os interrupt handler is a good place to set up a hook. You tell me that the key code translator is the better place.
I "just" wanted a little code example cause i cant rly figure out how i can manipulate the ram(?)


I just wanted something like this if its possible:


Code: [Select]


installhook(ram_address, function_to_activate_when_ram_has_a_specific_value());


//or


installhook(ram_address); //launches my program, when user presses ctrl+return




Afaik, a hook means a ram address and if the value is changed, my code activates(?)
Plz correct me if im wrong

Offline Levak

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1002
  • Rating: +208/-39
    • View Profile
    • My website
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #7 on: April 12, 2014, 07:14:28 pm »

Vogtinator told me that the os interrupt handler is a good place to set up a hook. You tell me that the key code translator is the better place.
He said "Os key interrupt handler", I said "key code translator" which are, in fact the same fonction call tree. I pointed you the address to look for CX CAS 3.1.


Quote
I "just" wanted a little code example cause i cant rly figure out how i can manipulate the ram(?)
Even if I give you the code to install a hook and explain it you, there is still the correct location in the OS to find.


Quote
I just wanted something like this if its possible:
Code: [Select]
installhook(ram_address, function_to_activate_when_ram_has_a_specific_value());
This is excatly what the macro HOOK_INSTALL does, except it takes an array of addresses.


Quote
Afaik, a hook means a ram address and if the value is changed, my code activates(?)
A hook is more like that. Ndless hooks need to ensure every opcode are still called beside the code you add. You cannot shift the entire RAM to insert your hook.


Suppose you have these opcodes :
Code: [Select]
0x00  MOV r1, #0
0x04  MOV r2, #42
0x08  MOV r3, #69
0x0C  BL    foo
0x10  BL    bar


Take this simple hook mecanism :
Code: [Select]
/* Hook at address 0x0 on every OS version */
static const int hook_addrs[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
#define HOOK_ADDR (nl_osvalue((int*)hook_addrs, sizeof(hook_addrs)/sizeof(hook_addrs[0])))


HOOK_DEFINE(my_hook) {
  /* Code */
}


int main() {
  HOOK_INSTALL(HOOK_ADDR , my_hook)
  nl_set_resident();
  return 0;
}


Ndless hooks will result in something like this :
Code: [Select]
0x00  ADD LR, PC, #4           ; compute return address
0x04  STMFD !SP, {R0-R12, LR}  ; save the context
0x08  B hook_handler           ; jump to handler
0x0C  BL   foo                 ; previous context
0x10  BL   bar                 ; previous context
[...] ; elsewhere in RAM
hook_handler:
0x40  BL my_hook     ; the hook defined in C with HOOK_DEFINE
0x44  MOV r1, #0     ;\
0x48  MOV r2, #42    ; }all the previous context saved because we erased it with custom code
0x4C  MOV r3, #69    ;/
0x50  LDMFD !SP, {R0-R12, PC} ; return to previous context


But as I said, the place where you hook up needs to be found by your own.
« Last Edit: April 12, 2014, 07:27:12 pm by Levak »
I do not get mad at people, I just want them to learn the way I learnt.
My website - TI-Planet - iNspired-Lua

Offline CiriousJoker

  • LV2 Member (Next: 40)
  • **
  • Posts: 34
  • Rating: +1/-0
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #8 on: April 13, 2014, 05:58:51 am »
So i "just" have to find the right addresses?
Does this page help?

In the Link with the interrupt guy he talked about an address which i can find on this page:
http://hackspire.unsads.com/wiki/index.php/Memory-mapped_I/O_ports
But cause hes talking about interrupts, im not sure anymore, if this page could help me...

I need to fill hook_addr[] with all the addresses for all the ndless versions / hardware versions and

#define HOOK_ADDR
just decides which is used right?

How can i find these addresses? When i open the debugger, my emulator freezed (both emulators so it seems to be normal)

Offline Vogtinator

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1193
  • Rating: +108/-5
  • Instruction counter
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #9 on: April 13, 2014, 07:12:55 am »
Quote
#define HOOK_ADDR
just decides which is used right?
No, don't use macros, they're bad. Just use nl_osvalue directly with all addresses you found.

Quote
How can i find these addresses? When i open the debugger, my emulator freezed (both emulators so it seems to be normal)
That's debugging. In the console window you can enter debug commands, such as "u" = Disassemble memory and "s" = Step.

Offline CiriousJoker

  • LV2 Member (Next: 40)
  • **
  • Posts: 34
  • Rating: +1/-0
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #10 on: April 13, 2014, 04:15:24 pm »
Why shouldnt i use makros and how do i use the debugger??I dont know any assembler and i dont know anything about this debugger... I just know that the emulator stops working if i "debug"

Offline Vogtinator

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1193
  • Rating: +108/-5
  • Instruction counter
    • View Profile
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #11 on: April 13, 2014, 04:19:08 pm »
Quote
I dont know any assembler
Without any knowledge of ARM assembly you will probably not be able to make such a hook, you at least need to understand what the code you're hooking does.

Offline Matrefeytontias

  • Axe roxxor (kinda)
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1982
  • Rating: +310/-12
  • Axe roxxor
    • View Profile
    • RMV Pixel Engineers
Re: Ndless Hooking Tutorial (especially key-hooks)
« Reply #12 on: May 04, 2014, 02:58:59 pm »
By finding out what interrupts are and everything around it, the only thread was this one:


http://www.omnimaga.org/calculator-c-language/(ndless)-interrupts-newbie-here/


You tried to help him and he seems to understand... I don't
FYI, I didn't.