Editing Hypervisor Reverse Engineering
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
<span style="background:red; color:#ffffff;">Warning, this page | <span style="background:red; color:#ffffff;">Warning, this page way too long and voted to be split into seperate sections</span> | ||
---- | ---- | ||
Line 217: | Line 217: | ||
0xE - int kill(int pid, int signal_type) | 0xE - int kill(int pid, int signal_type) | ||
0xF - int brk(void * | 0xF - int brk(void *) | ||
0x10 - int socket(int af, int type, int protocol) (supports only address family 0x1F, type 0x0 and protocol 0x0) | 0x10 - int socket(int af, int type, int protocol) (supports only address family 0x1F, type 0x0 and protocol 0x0) | ||
Line 247: | Line 247: | ||
0x1D - unmap_pages(...) (used for free) | 0x1D - unmap_pages(...) (used for free) | ||
0x1E - | 0x1E - select(...) | ||
0x1F - getcwd(...) | 0x1F - getcwd(...) | ||
Line 253: | Line 253: | ||
0x20 - Not used | 0x20 - Not used | ||
0x21 - | 0x21 - alarm(...) | ||
0x22 - | 0x22 - ioctl(...) | ||
0x23 - pme_memalign(...) | 0x23 - pme_memalign(...) | ||
Line 269: | Line 269: | ||
=== System call numbers === | === System call numbers === | ||
0x10000 - allocate_memory(LPAR id, size, log2 of page size, ?, ?) | 0x10000 - allocate_memory(LPAR id, size, log2 of page size, ?, ?) | ||
0x10001 - query_logical_partition_address_region_info | 0x10001 - query_logical_partition_address_region_info | ||
Line 363: | Line 363: | ||
0x10044 - disable_spe_execution | 0x10044 - disable_spe_execution | ||
0x10045 - | 0x10045 - set_spe_interrupt_mask | ||
0x10046 - read_spe_problem_state_register(spe id, register offset, value) | 0x10046 - read_spe_problem_state_register(spe id, register offset, value) | ||
0x10047 - write_spe_problem_state_register(spe id, register offset, value) | 0x10047 - write_spe_problem_state_register(spe id, register offset, value) | ||
0x1004B - disable_spe_loading | 0x1004B - disable_spe_loading | ||
Line 840: | Line 838: | ||
=== vtable === | === vtable === | ||
0x003569F8 (3.15) | 0x003569F8 (3.15) | ||
== IOIF device file objects == | == IOIF device file objects == | ||
Line 3,602: | Line 3,600: | ||
==== Loading appldr ==== | ==== Loading appldr ==== | ||
*64 bit memory address of ''' | *64 bit memory address of '''isoldr''' is written into 32 bit SPU register '''SPU_In_Mbox''' | ||
*'''metldr''' is loaded | *'''metldr''' is loaded | ||
Line 3,989: | Line 3,987: | ||
offset 0x90 - LPAR image path | offset 0x90 - LPAR image path | ||
offset 0x1C0 - LPAR ability (8 bytes) | offset 0x1C0 - LPAR ability (8 bytes) | ||
=== Types of System Manager === | === Types of System Manager === | ||
Line 9,493: | Line 9,491: | ||
| 0x35|| 0x22 || Calculate AES_H 1 || || | | 0x35|| 0x22 || Calculate AES_H 1 || || | ||
* Calculates AES_H hash of the data stored in XDR buffer. | * Calculates AES_H hash of the data stored in XDR buffer. | ||
|- | |- | ||
| 0x36|| 0x24 || Calculate AES_H 2 || || | | 0x36|| 0x24 || Calculate AES_H 2 || || | ||
Line 10,550: | Line 10,539: | ||
Decrypted P-Block (and EID4) contains region settings (see below) | Decrypted P-Block (and EID4) contains region settings (see below) | ||
In decrypted P-Block(bytes 0x30 and 0x32) and in EID4(first byte) these bytes match [[ | In decrypted P-Block(bytes 0x30 and 0x32) and in EID4(first byte) these bytes match [[Target ID]]: | ||
{| class="wikitable sortable" style="font-size:small; border:2px ridge #999999;" | {| class="wikitable sortable" style="font-size:small; border:2px ridge #999999;" | ||
|- | |- | ||
! Hex !! bitflag !! [[ | ! Hex !! bitflag !! [[Target ID]] !! Console Type !! Remarks | ||
|- | |- | ||
| | | || || {{TID80}} || | ||
|- | |- | ||
| 0xFF || '''11111111''' || {{TID81}} || No BD playback on that [[ | | 0xFF || '''11111111''' || {{TID81}} || No BD playback on that [[Target ID]] | ||
|- | |- | ||
| 0xFF || '''11111111''' || {{TID82}} || No BD playback on that [[ | | 0xFF || '''11111111''' || {{TID82}} || No BD playback on that [[Target ID]] | ||
|- | |- | ||
| 0x01 || 0000000'''1''' || {{TID83}} || bit 0 (Region 0: Japan?) | | 0x01 || 0000000'''1''' || {{TID83}} || bit 0 (Region 0: Japan?) | ||
Line 10,571: | Line 10,560: | ||
| 0x04 || 00000'''1'''00 || {{TID87}} || bit 2 (Region 2: Europe (with the exceptions of Russia, Ukraine, Belarus), South Africa, Swaziland, Middle East, Egypt, Lesotho, and Greenland) | | 0x04 || 00000'''1'''00 || {{TID87}} || bit 2 (Region 2: Europe (with the exceptions of Russia, Ukraine, Belarus), South Africa, Swaziland, Middle East, Egypt, Lesotho, and Greenland) | ||
|- | |- | ||
| | | || || {{TID88}} || | ||
|- | |- | ||
| 0x08 || 0000'''1'''000 || {{TID89}} || bit 3 | | 0x08 || 0000'''1'''000 || {{TID89}} || bit 3 | ||
|- | |- | ||
| | | || || {{TID8A}} || | ||
|- | |- | ||
| | | || || {{TID8B}} || | ||
|- | |- | ||
| 0x20 || 00'''1'''00000 || {{TID8C}} || bit 5 (Region 5: Russia, Asia (non-southeast), and Africa) | | 0x20 || 00'''1'''00000 || {{TID8C}} || bit 5 (Region 5: Russia, Asia (non-southeast), and Africa) | ||
|- | |- | ||
| | | || || {{TID8D}} || | ||
|- | |- | ||
| 0x10 || 000'''1'''0000 || {{TID8E}} || bit 4 | | 0x10 || 000'''1'''0000 || {{TID8E}} || bit 4 | ||
|- | |- | ||
| | | || || {{TID8F}} || | ||
|- | |- | ||
| 0xFF || '''11111111''' || {{TIDA0}} || No BD playback on that [[ | | 0xFF || '''11111111''' || {{TIDA0}} || No BD playback on that [[Target ID]] | ||
|- | |- | ||
|} | |} |