Thread Closed 
 
Thread Rating:
  • 14 Votes - 4.07 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PPSSPP iOS Port
03-10-2013, 04:42 PM
Post: #256
RE: PPSSPP iOS Port
You can try something like this but it didn't work for me, as mentioned:

Code:
diff --git a/Common/MemoryUtil.cpp b/Common/MemoryUtil.cpp
index a7119b3..c9d5518 100644
--- a/Common/MemoryUtil.cpp
+++ b/Common/MemoryUtil.cpp
@@ -30,6 +30,7 @@
#ifdef __APPLE__
#include <sys/types.h>
#include <sys/mman.h>
+#include <fcntl.h>
#endif

#include <stdlib.h>
@@ -86,12 +87,21 @@ void* AllocateExecutableMemory(size_t size, bool low)
        if (low && (!map_hint))
                map_hint = (char*)round_page(512*1024*1024); /* 0.5 GB rounded u
#endif
+#ifdef IOS
+       int fd = open("/dev/zero", O_RDWR, 0);
+#endif
+
        void* ptr = mmap(map_hint, size, PROT_READ | PROT_WRITE | PROT_EXEC,
+#ifdef IOS
+               MAP_JIT | MAP_PRIVATE | MAP_FILE
+               , fd, 0);
+#else
                MAP_ANON | MAP_PRIVATE
#if defined(__x86_64__) && defined(MAP_32BIT)
                | (low ? MAP_32BIT : 0)
#endif
                , -1, 0);
+#endif
#endif /* defined(_WIN32) */

        // printf("Mapped executable memory at %p (size %ld)\n", ptr,

-[Unknown]
Find all posts by this user
03-10-2013, 08:14 PM (This post was last modified: 03-10-2013 09:25 PM by the avenger.)
Post: #257
RE: PPSSPP iOS Port
(03-10-2013 04:42 PM)[Unknown] Wrote:  You can try something like this but it didn't work for me, as mentioned:

Code:
diff --git a/Common/MemoryUtil.cpp b/Common/MemoryUtil.cpp
index a7119b3..c9d5518 100644
--- a/Common/MemoryUtil.cpp
+++ b/Common/MemoryUtil.cpp
@@ -30,6 +30,7 @@
#ifdef __APPLE__
#include <sys/types.h>
#include <sys/mman.h>
+#include <fcntl.h>
#endif

#include <stdlib.h>
@@ -86,12 +87,21 @@ void* AllocateExecutableMemory(size_t size, bool low)
        if (low && (!map_hint))
                map_hint = (char*)round_page(512*1024*1024); /* 0.5 GB rounded u
#endif
+#ifdef IOS
+       int fd = open("/dev/zero", O_RDWR, 0);
+#endif
+
        void* ptr = mmap(map_hint, size, PROT_READ | PROT_WRITE | PROT_EXEC,
+#ifdef IOS
+               MAP_JIT | MAP_PRIVATE | MAP_FILE
+               , fd, 0);
+#else
                MAP_ANON | MAP_PRIVATE
#if defined(__x86_64__) && defined(MAP_32BIT)
                | (low ? MAP_32BIT : 0)
#endif
                , -1, 0);
+#endif
#endif /* defined(_WIN32) */

        // printf("Mapped executable memory at %p (size %ld)\n", ptr,

-[Unknown]
i am confused,how do i use this code,anyway i say we move from the Jit problem for now and start on other issues like mediaengine and sound.
EDIT:also it looks like MAP_FILE is not allowed
Find all posts by this user
03-10-2013, 11:03 PM (This post was last modified: 03-10-2013 11:45 PM by the avenger.)
Post: #258
RE: PPSSPP iOS Port
(03-10-2013 12:39 AM)xsacha Wrote:  I think he's just saying it's possible because technically it is possible -- just no one does it yet.
actually cydia itself uses JIT(but not dynarec) and many other cydia apps use JIT,also i know you said it doesn't but the description on cydia of n64ios says that it uses dynarec,to quote it to the letter it says
features include:
Fast dynarec cpu emulation
so you might wanna look into that
Find all posts by this user
03-11-2013, 12:28 AM (This post was last modified: 03-11-2013 12:40 AM by xsacha.)
Post: #259
RE: PPSSPP iOS Port
(03-10-2013 11:03 PM)the avenger Wrote:  
(03-10-2013 12:39 AM)xsacha Wrote:  I think he's just saying it's possible because technically it is possible -- just no one does it yet.
actually cydia itself uses JIT(but not dynarec) and many other cydia apps use JIT,also i know you said it doesn't but the description on cydia of n64ios says that it uses dynarec,to quote it to the letter it says
features include:
Fast dynarec cpu emulation
so you might wanna look into that

JIT = dynarec.
Although the emulator supports JIT, in the source code you can see that the app disables it for iOS. It looks like a repacked mupen64plus and doesn't even include the iOS clear cache so JIT wouldn't even be possible with the source provided. Maybe I'm wrong but the source code isn't available in that case.
Find all posts by this user
03-11-2013, 10:28 PM
Post: #260
RE: PPSSPP iOS Port
I don't no much about coding emulators. But I did I little digging...it's seems that ari64 and mupen64plus developed the dynarec for zodttd's n64 emulator. And as mentioned above...dynarec is the same as JIT? Maybe the answer lies there?
Find all posts by this user
03-11-2013, 10:31 PM (This post was last modified: 03-12-2013 12:32 AM by the avenger.)
Post: #261
RE: PPSSPP iOS Port
(03-11-2013 12:28 AM)xsacha Wrote:  
(03-10-2013 11:03 PM)the avenger Wrote:  
(03-10-2013 12:39 AM)xsacha Wrote:  I think he's just saying it's possible because technically it is possible -- just no one does it yet.
actually cydia itself uses JIT(but not dynarec) and many other cydia apps use JIT,also i know you said it doesn't but the description on cydia of n64ios says that it uses dynarec,to quote it to the letter it says
features include:
Fast dynarec cpu emulation
so you might wanna look into that

JIT = dynarec.
Although the emulator supports JIT, in the source code you can see that the app disables it for iOS. It looks like a repacked mupen64plus and doesn't even include the iOS clear cache so JIT wouldn't even be possible with the source provided. Maybe I'm wrong but the source code isn't available in that case.
ok,any idea about sound?

EDIT:updated cydia package with 7.0
Find all posts by this user
03-12-2013, 09:05 AM
Post: #262
RE: PPSSPP iOS Port
(03-11-2013 10:31 PM)the avenger Wrote:  
(03-11-2013 12:28 AM)xsacha Wrote:  
(03-10-2013 11:03 PM)the avenger Wrote:  
(03-10-2013 12:39 AM)xsacha Wrote:  I think he's just saying it's possible because technically it is possible -- just no one does it yet.
actually cydia itself uses JIT(but not dynarec) and many other cydia apps use JIT,also i know you said it doesn't but the description on cydia of n64ios says that it uses dynarec,to quote it to the letter it says
features include:
Fast dynarec cpu emulation
so you might wanna look into that

JIT = dynarec.
Although the emulator supports JIT, in the source code you can see that the app disables it for iOS. It looks like a repacked mupen64plus and doesn't even include the iOS clear cache so JIT wouldn't even be possible with the source provided. Maybe I'm wrong but the source code isn't available in that case.
ok,any idea about sound?

EDIT:updated cydia package with 7.0

support!!!!:P

请大家遵守论坛制度,谢谢
Find all posts by this user
03-12-2013, 10:47 AM (This post was last modified: 03-12-2013 10:48 AM by the avenger.)
Post: #263
RE: PPSSPP iOS Port
i am starting to think the error is in the code not in the OS,as jailbreaking removes the limitations for jit compiling,to quote from the ios hacker's handbook:
Quote:vm_map_enter
When memory is mapped into the address space of a process, the kernel function vm_map_enter() is called to allocate a range in the virtual
address map. You can trigger this function, for example, by using the mmap() system call. In the context of a jailbreak, this function is interesting
because it enforces the rule that mapped memory cannot be writable and executable at the same time. The following code enforces this rule. If you
want to see the full code of the function, have a look into the file /osfmk/vm/vm_map.c. As you can see in the code, the VM_PROT_EXECUTE flag is
cleared in case the VM_PROT_WRITE flag is also set:
kern_return_t vm_map_enter(
vm_map_t map,
vm_map_offset_t *address, /* IN/OUT */
vm_map_size_t size,
vm_map_offset_t mask,
int flags,
vm_object_t object,
vm_object_offset_t offset,
boolean_t needs_copy,
vm_prot_t cur_protection,
vm_prot_t max_protection,
vm_inherit_t inheritance)
{
...
if (cur_protection & VM_PROT_WRITE){
if ((cur_protection & VM_PROT_EXECUTE) && !(flags &
VM_FLAGS_MAP_JIT)){
printf("EMBEDDED: %s curprot cannot be write+execute.
turning off execute\n", _PRETTY_FUNCTION_);
cur_protection &= ∼VM_PROT_EXECUTE;
}
}
As you saw in Chapter 4, there is an exception to the rule for so-called JIT (just-in-time) mappings. This is a special type of memory area that is
allowed to be writable and executable at the same time, which is required for the JIT JavaScript compiler inside MobileSafari. An application can
make use of this exception only one time and only if it has the dynamic code-signing entitlement.
So far this is true only for MobileSafari. All other applications cannot have self-modifying code, dynamic code generators, or JIT compilers, with
the exception of the dynamic code-signing vulnerability found by Charlie Miller, which is discussed in Chapter 4. For a full jailbreak, this is an
unwanted limitation, because it disallows runtime patching of applications, which is required for the popular MobileSubstrate. Additionally, a
number of emulators, which are available for jailbroken iPhones, require self-modifying code.
To find the best way to patch this check you should have a look at the iOS kernel binary. Though there is no symbol for the vm_map_enter()
function, it is very easy to find the function by looking for strings containing vm_map_enter. A look at the ARM assembly of the check shows that multiple different one-byte patches exist to kill the check. For example, the AND.W R0, R1, #6 can be changed into AND.W R0, R1, #8; or the BIC.W
R0, R0, #4 can be changed into BIC.W R0, R0, #0:
800497C6 LDR R1, [R7,#cur_protection]
800497C8 AND.W R0, R4, #0x80000
800497CC STR R0, [SP,#0xB8+var_54]
800497CE STR R1, [SP,#0xB8+var_78]
800497D0 AND.W R0, R1, #6
800497D4 CMP R0, #6
800497D6 ITT EQ
800497D8 LDREQ R0, [SP,#0xB8+var_54]
800497DA CMPEQ R0, #0
800497DC BNE loc_800497F0
800497DE LDR.W R1, =aKern_return_
800497E2 MOVS R0, #0
800497E4 BL sub_8001D608
800497E8 LDR R0, [R7,#cur_protection]
800497EA BIC.W R0, R0, #4
800497EE STR R0, [SP,#0xB8+var_78]
For people who jailbreak their iPhones just for the purpose of security research or to have shell access, this patch is not required. It is actually
counterproductive to have this limitation patched, because the phone behaves less like a default iPhone.
vm_map_protect
When the protection on mapped memory is changed, the kernel function vm_map_protect() is called. You can trigger this, for example, by using the
mprotect() system call. Similar to the vm_map_enter() function, it does not allow changing the protection to writable and executable at the same
time. The following code enforces this rule. You can also find the full code of this function in the file /osfmk/vm/vm_map.c, if you want to look at it in
more detail. As you can see in the code, the VM_PROT_EXECUTE flag is again cleared in case the VM_PROT_WRITE flag is also set:
kern_return_t vm_map_protect(
register vm_map_t map,
register vm_map_offset_t start,
register vm_map_offset_t end,
register vm_prot_t new_prot,
register boolean_t set_max)
{
. . .
#if CONFIG_EMBEDDED
if (new_prot & VM_PROT_WRITE) {
if ((new_prot & VM_PROT_EXECUTE) && !(current->used_for_jit)) {
printf(„EMBEDDED: %s can't have both write and exec at the
same time\n", _FUNCTION_);
new_prot &= ∼VM_PROT_EXECUTE;
}
}
#endif
Again you can see that an exception is made only for memory ranges that are used for JIT, which can be created only by applications with the
dynamic code-signing entitlement. No other applications can use mprotect() to make a memory area writable and executable at the same time.
The standard jailbreaks therefore patch this check, to allow applications to make previously allocated memory writable and executable.
To patch this function it first has to be found. Although there is no kernel symbol pointing to it, there is a reference to the string vm_map_protect
within the function, which makes it easy to find. A look at the ARM disassembly shows you that, again, two alternative one-byte patches can be
applied to remove the security check. The AND.W R1, R6, #6 can be changed into AND.W R1, R6, #8; or the BIC.W R6, R6, #4 can be changed
into BIC.W R6, R6, #0:
8004A950 AND.W R1, R6, #6
8004A954 CMP R1, #6
8004A956 IT EQ
8004A958 TSTEQ.W R0, #0x40000000
8004A95C BNE loc_8004A96A
8004A95E BIC.W R6, R6, #4
Because of this patch, jailbreaking weakens the memory protection of the iOS device. We suggest applying this patch only if the user of the
jailbreak wants to run applications that require self-modifying code. The problem with these patches is that they disable the non-executable memory
restrictions, so that remote attacks against iPhone applications do not need to be implemented in 100 percent ROP. Instead, these attacks (or
malware) just need a short ROP stub that uses mprotect() to make the injected code executable.
Find all posts by this user
03-12-2013, 05:46 PM
Post: #264
RE: PPSSPP iOS Port
could you compile the app universally, avenger? FullForce works fine for the menu, but I haven't tried to play a game, so I'm not sure how that'd affect the screen resolution. I'm on an iPhone 5.
Find all posts by this user
03-12-2013, 05:58 PM
Post: #265
RE: PPSSPP iOS Port
(03-12-2013 05:46 PM)auriculogenesis Wrote:  could you compile the app universally, avenger? FullForce works fine for the menu, but I haven't tried to play a game, so I'm not sure how that'd affect the screen resolution. I'm on an iPhone 5.

I used full force on the ipad and it scaled the emulator perfectly, it even works when playing games. Its surprising because full force usually breaks emulators and games.
Find all posts by this user
03-12-2013, 08:16 PM (This post was last modified: 03-12-2013 08:21 PM by xsacha.)
Post: #266
RE: PPSSPP iOS Port
(03-12-2013 10:47 AM)the avenger Wrote:  i am starting to think the error is in the code not in the OS,as jailbreaking removes the limitations for jit compiling,to quote from the ios hacker's handbook:
I think it's safe to say that jailbreaks today do not include the patch referenced here because otherwise JIT would 'just work' Wink. Right now, the emulator complains that PROT_EXEC is *not* enabled whereas this patch was meant to make sure it was.
Sounds like an old quote.

Maybe it's possible to find this patch and add it manually for jailbroken OS.

In any case, it's unrelated to PPSSPP.
Find all posts by this user
03-13-2013, 07:51 AM (This post was last modified: 03-13-2013 08:05 AM by the avenger.)
Post: #267
RE: PPSSPP iOS Port
(03-12-2013 08:16 PM)xsacha Wrote:  
(03-12-2013 10:47 AM)the avenger Wrote:  i am starting to think the error is in the code not in the OS,as jailbreaking removes the limitations for jit compiling,to quote from the ios hacker's handbook:
I think it's safe to say that jailbreaks today do not include the patch referenced here because otherwise JIT would 'just work' Wink. Right now, the emulator complains that PROT_EXEC is *not* enabled whereas this patch was meant to make sure it was.
Sounds like an old quote.

Maybe it's possible to find this patch and add it manually for jailbroken OS.

In any case, it's unrelated to PPSSPP.
Oh ok,but any any case it doesn't crash there if you add MAP_JIT,it crashes in armxemitter::write32
https://github.com/comex/datautils0
Find all posts by this user
03-13-2013, 07:56 AM
Post: #268
RE: PPSSPP iOS Port
It probably crashes there because the allocation of writable/executable memories failed, so write32 just writes into space.
Find all posts by this user
03-13-2013, 01:00 PM
Post: #269
RE: PPSSPP iOS Port
Wow . . . It seems like something really strange is going on here . . .

Why doesn't someone try contacting saurik (creator of Cydia) or one of the iOS jailbreakers like planetbeing, MuscleNerd, pod2g, or Nikias Bassen (pimskeks)? Maybe one of them could help . . .

Also, there's a thread on PPSSPP over on the r/jailbreak Reddit. There's definitely interest in getting JIT to work over there. Maybe someone there can help.

http://www.reddit.com/r/jailbreak/commen...unning_on/

Hope this helps! Smile
Find all posts by this user
03-13-2013, 05:18 PM (This post was last modified: 03-13-2013 05:49 PM by BubblegumBalloon.)
Post: #270
RE: PPSSPP iOS Port
If its an issue with the OS then I have an idea but its a long shot...

Basically jit CAN work on iOS but it is only enabled on apples own 1st party apps that come preinstalled on the device. If any 3rd party app tries to use jit then the OS will kill the app.

There is a jailbreak tweak called Nitrous and what Nitrous does is enable the Nitrous javascript engine that is used in safari to be used with other apps. Now you may be wondering what this has to do with ppsspp? Well basically the Nitrous javascript engine uses jit so im guessing that the Nitrous jailbreak tweak somehow gives permission for 3rd party applications to use jit without being killed by the OS.

I havent tried this out myself yet since nitrous is a paid tweak but if anybody is willing to try it out this could be a potential solution to getting jit to work on ppsspp without crashing.

EDIT: I did a bit more research and I found then even though iOS does not support JIT by default it does support AOT. AOT is not as fast as JIT but its still heck of a lot faster than using Interpreter.
Find all posts by this user
Thread Closed 


Forum Jump: