Talk:LV2 Functions and Syscalls: Difference between revisions
(document lv2::process structure) |
|||
Line 7,753: | Line 7,753: | ||
//--> | //--> | ||
=== LV2 Process Structures === | |||
lv2::process is the same structure that can be found in CobraUSB source code ([https://github.com/Joonie86/CobraUSB/blob/master/USB/lv2/include/lv2/process.h process.h]). This version was reversed from 3.41 lv2_kernel. | |||
<source lang="cpp"> | |||
struct proc_phys_mem_stat | |||
{ | |||
u64 field_0; | |||
u64 field_8; | |||
u64 field_10; | |||
u64 field_18; | |||
u64 field_20; | |||
u64 field_28; | |||
u64 field_30; | |||
}; | |||
struct unk_process_struct_1E8 | |||
{ | |||
u64 field_0; | |||
u64 field_8; | |||
u64 field_10; | |||
u64 field_18; | |||
}; | |||
struct unk_process_struct_3A0 | |||
{ | |||
u64 field_0; | |||
u64 field_8; | |||
}; | |||
namespace lv2 | |||
{ | |||
class wait_queue | |||
{ | |||
u64 field_0; | |||
u64 field_8; | |||
u64 field_10; | |||
}; | |||
class mutex | |||
{ | |||
void *vtable; | |||
u64 field_8; | |||
u64 field_10; | |||
lv2::wait_queue field_18; | |||
u64 field_30; | |||
u64 field_38; | |||
}; | |||
class condition_variable | |||
{ | |||
void *vtable; | |||
u64 field_8; | |||
lv2::wait_queue field_10; | |||
u64 field_28; | |||
u64 field_30; | |||
}; | |||
class pu_thr | |||
{ | |||
void *vtable; | |||
char name[28]; | |||
int thr_id; | |||
u64 field_28; | |||
u64 field_30; | |||
u64 field_38; | |||
u64 prio; | |||
u64 field_48; | |||
u64 field_50; | |||
u64 field_58; | |||
u64 field_60; | |||
u64 field_68; | |||
u64 stack_address; | |||
u64 stack_size; | |||
lv2::process *my_proc; | |||
u64 field_88; | |||
u64 field_90; | |||
u64 general_purpose_registers[32]; | |||
int condition_register; | |||
u64 exception_register; | |||
u64 link_register; | |||
u64 count_register; | |||
u64 save_restore_register_0; | |||
u64 save_restore_register_1; | |||
u64 field_1C8; | |||
double floating_point_registers[32]; | |||
int field_2D0; | |||
int floating_point_status_and_control_register; | |||
u64 field_2D8; | |||
u64 field_2E0; | |||
u64 field_2E8; | |||
u64 field_2F0; | |||
u64 field_2F8; | |||
u64 field_300; | |||
u64 field_308; | |||
u64 field_310; | |||
u64 field_318; | |||
u64 field_320; | |||
u64 field_328; | |||
u64 field_330; | |||
u64 field_338; | |||
u64 field_340; | |||
u64 field_348; | |||
u64 field_350; | |||
u64 field_358; | |||
u64 field_360; | |||
u64 field_368; | |||
u64 field_370; | |||
u64 field_378; | |||
u64 field_380; | |||
u64 field_388; | |||
u64 field_390; | |||
u64 field_398; | |||
u64 field_3A0; | |||
u64 field_3A8; | |||
u64 field_3B0; | |||
u64 field_3B8; | |||
u64 field_3C0; | |||
u64 field_3C8; | |||
u64 field_3D0; | |||
u64 field_3D8; | |||
u64 field_3E0; | |||
u64 field_3E8; | |||
u64 field_3F0; | |||
u64 field_3F8; | |||
u64 field_400; | |||
u64 field_408; | |||
u64 field_410; | |||
u64 field_418; | |||
u64 field_420; | |||
u64 field_428; | |||
u64 field_430; | |||
u64 field_438; | |||
u64 field_440; | |||
u64 field_448; | |||
u64 field_450; | |||
u64 field_458; | |||
u64 field_460; | |||
u64 field_468; | |||
u64 field_470; | |||
u64 field_478; | |||
u64 field_480; | |||
u64 field_488; | |||
u64 field_490; | |||
u64 field_498; | |||
u64 field_4A0; | |||
u64 field_4A8; | |||
u64 field_4B0; | |||
u64 field_4B8; | |||
u64 field_4C0; | |||
u64 field_4C8; | |||
u64 field_4D0; | |||
u64 field_4D8; | |||
u64 field_4E0; | |||
u64 field_4E8; | |||
u64 field_4F0; | |||
u64 field_4F8; | |||
u64 field_500; | |||
u64 field_508; | |||
u64 field_510; | |||
u64 field_518; | |||
u64 field_520; | |||
u64 field_528; | |||
u64 field_530; | |||
u64 field_538; | |||
u64 field_540; | |||
u64 field_548; | |||
int stop_info; | |||
u64 field_558; | |||
u64 field_560; | |||
u64 field_568; | |||
u64 field_570; | |||
u64 field_578; | |||
u64 field_580; | |||
u64 field_588; | |||
u64 field_590; | |||
u64 field_598; | |||
u64 field_5A0; | |||
u64 field_5A8; | |||
u64 field_5B0; | |||
u64 field_5B8; | |||
u64 field_5C0; | |||
u64 field_5C8; | |||
u64 field_5D0; | |||
u64 field_5D8; | |||
u64 field_5E0; | |||
u64 field_5E8; | |||
u64 field_5F0; | |||
u64 field_5F8; | |||
}; | |||
class id_table | |||
{ | |||
u64 field_0[256]; | |||
u64 field_800; | |||
lv2::wait_queue field_808; | |||
u64 field_820; | |||
}; | |||
class address_space | |||
{ | |||
u64 field_0; | |||
u64 field_8; | |||
u64 field_10; | |||
u64 field_18; | |||
u64 field_20; | |||
}; | |||
class process_as | |||
{ | |||
lv2::address_space field_0; | |||
u64 field_28; | |||
u64 field_30; | |||
u64 field_38; | |||
u64 field_40; | |||
u64 field_48; | |||
u64 field_50; | |||
u64 field_58; | |||
u64 field_60; | |||
u64 field_68; | |||
u64 field_70; | |||
u64 field_78; | |||
u64 field_80; | |||
u64 field_88; | |||
u64 field_90; | |||
u64 field_98; | |||
u64 field_A0; | |||
u64 field_A8; | |||
u64 field_B0; | |||
u64 field_B8; | |||
u64 field_C0; | |||
u64 field_C8; | |||
u64 field_D0; | |||
u64 field_D8; | |||
u64 field_E0; | |||
u64 field_E8; | |||
u64 field_F0; | |||
u64 field_F8; | |||
u64 field_100; | |||
u64 field_108; | |||
u64 field_110; | |||
u64 field_118; | |||
u64 field_120; | |||
u64 field_128; | |||
u64 field_130; | |||
u64 field_138; | |||
u64 field_140; | |||
u64 field_148; | |||
u64 field_150; | |||
u64 field_158; | |||
u64 field_160; | |||
u64 field_168; | |||
u64 field_170; | |||
u64 field_178; | |||
u64 field_180; | |||
u64 field_188; | |||
u64 field_190; | |||
u64 field_198; | |||
u64 field_1A0; | |||
u64 field_1A8; | |||
u64 field_1B0; | |||
u64 field_1B8; | |||
u64 field_1C0; | |||
u64 field_1C8; | |||
u64 field_1D0; | |||
u64 field_1D8; | |||
u64 field_1E0; | |||
u64 field_1E8; | |||
u64 field_1F0; | |||
u64 field_1F8; | |||
u64 field_200; | |||
u64 field_208; | |||
u64 field_210; | |||
u64 field_218; | |||
u64 field_220; | |||
u64 field_228; | |||
u64 field_230; | |||
u64 field_238; | |||
u64 field_240; | |||
u64 field_248; | |||
u64 field_250; | |||
u64 field_258; | |||
u64 field_260; | |||
u64 field_268; | |||
u64 field_270; | |||
u64 field_278; | |||
u64 field_280; | |||
u64 field_288; | |||
u64 field_290; | |||
u64 field_298; | |||
u64 field_2A0; | |||
u64 field_2A8; | |||
u64 field_2B0; | |||
u64 field_2B8; | |||
u64 field_2C0; | |||
u64 field_2C8; | |||
u64 field_2D0; | |||
u64 field_2D8; | |||
u64 field_2E0; | |||
u64 field_2E8; | |||
u64 field_2F0; | |||
u64 field_2F8; | |||
u64 field_300; | |||
u64 field_308; | |||
u64 field_310; | |||
u64 field_318; | |||
u64 field_320; | |||
u64 field_328; | |||
u64 field_330; | |||
u64 field_338; | |||
u64 field_340; | |||
u64 field_348; | |||
u64 field_350; | |||
u64 field_358; | |||
u64 field_360; | |||
u64 field_368; | |||
u64 field_370; | |||
u64 field_378; | |||
u64 field_380; | |||
u64 field_388; | |||
u64 field_390; | |||
u64 field_398; | |||
u64 field_3A0; | |||
u64 field_3A8; | |||
u64 field_3B0; | |||
u64 field_3B8; | |||
u64 field_3C0; | |||
u64 field_3C8; | |||
u64 field_3D0; | |||
u64 field_3D8; | |||
u64 field_3E0; | |||
u64 field_3E8; | |||
u64 field_3F0; | |||
u64 field_3F8; | |||
u64 field_400; | |||
u64 field_408; | |||
u64 field_410; | |||
u64 field_418; | |||
u64 field_420; | |||
u64 field_428; | |||
u64 field_430; | |||
u64 field_438; | |||
u64 field_440; | |||
u64 field_448; | |||
u64 field_450; | |||
u64 field_458; | |||
u64 field_460; | |||
u64 field_468; | |||
u64 field_470; | |||
u64 field_478; | |||
u64 field_480; | |||
u64 field_488; | |||
u64 field_490; | |||
u64 field_498; | |||
u64 field_4A0; | |||
lv2::mutex field_4A8; | |||
u64 field_4E8; | |||
u64 field_4F0; | |||
u64 field_4F8; | |||
u64 field_500; | |||
u64 field_508; | |||
u64 field_510; | |||
u64 field_518; | |||
u64 field_520; | |||
u64 field_528; | |||
}; | |||
class process | |||
{ | |||
void *sc_table; | |||
lv2::sc_trace *sc_trace; | |||
u64 field_10; | |||
u64 field_18; | |||
u64 field_20; | |||
int pid; | |||
int status; | |||
lv2::process_as *process_as; | |||
lv2::pu_thr *primary_ppu_thread; | |||
u64 field_40; | |||
lv2::pu_thr *field_48; | |||
u64 num_pu_threads_1; | |||
u64 num_pu_threads_2; | |||
u64 field_60; | |||
u64 field_68; | |||
u64 field_70; | |||
u64 field_78; | |||
u64 field_80; | |||
u64 field_88; | |||
u64 field_90; | |||
u64 field_98; | |||
u64 field_A0; | |||
u64 size_of_memory; | |||
lv2::process *parent; | |||
lv2::process *first_child; | |||
lv2::process *last_child; | |||
u64 num_children; | |||
lv2::mutex field_D0; | |||
lv2::condition_variable field_110; | |||
u64 field_148; | |||
u64 field_150; | |||
u64 field_158; | |||
char *proc_image_filename; | |||
lv2::mutex field_168; | |||
u64 field_1A8; | |||
proc_phys_mem_stat field_1B0; | |||
unk_process_struct_1E8 field_1E8; | |||
lv2::id_table *id_table; | |||
u64 field_210; | |||
u64 field_218; | |||
u64 field_220; | |||
u64 field_228; | |||
u64 field_230; | |||
u64 field_238; | |||
u64 field_240; | |||
u64 field_248; | |||
u64 field_250; | |||
u64 field_258; | |||
u64 field_260; | |||
char osabi_type; | |||
int sdk_version; | |||
u64 field_270; | |||
u64 field_278; | |||
u64 field_280; | |||
u64 field_288; | |||
u64 field_290; | |||
u64 field_298; | |||
u64 field_2A0; | |||
u64 field_2A8; | |||
u64 field_2B0; | |||
u64 field_2B8; | |||
u64 field_2C0; | |||
u64 field_2C8; | |||
u64 field_2D0; | |||
u64 field_2D8; | |||
u64 field_2E0; | |||
u64 field_2E8; | |||
u64 field_2F0; | |||
u64 field_2F8; | |||
u64 field_300; | |||
u64 field_308; | |||
u64 field_310; | |||
u64 field_318; | |||
u64 field_320; | |||
u64 field_328; | |||
u64 field_330; | |||
u64 field_338; | |||
u64 field_340; | |||
u64 field_348; | |||
u64 field_350; | |||
u64 field_358; | |||
u64 field_360; | |||
u64 field_368; | |||
u64 field_370; | |||
u64 field_378; | |||
u64 field_380; | |||
u64 field_388; | |||
u64 field_390; | |||
u64 field_398; | |||
unk_process_struct_3A0 field_3A0; | |||
u64 field_3B0; | |||
u64 field_3B8; | |||
u64 field_3C0; | |||
u64 field_3C8; | |||
}; | |||
} | |||
</source> |
Revision as of 14:44, 21 December 2016
Lv2 Syscall Services Usage
Documentation about syscalls with packet id
Syscall 621 (0x26D) Gamepad Ycon Interface
syscall(621,packet_id,r4,r5)
Packet ID | Usage |
---|---|
0 | sys_gamepad_ycon_initialize ( 0, 0) |
1 | sys_gamepad_ycon_finalize ( 0, 0) |
2 | sys_gamepad_ycon_has_input_ownership ( inout[8](if==0->autofill), out[1]) |
3 | sys_gamepad_ycon_enumerate_device ( 0, out[0x20]) |
4 | sys_gamepad_ycon_get_device_info ( in[8], out[0x1C]) |
5 | sys_gamepad_ycon_read_raw_report ( in[4], out[4]) |
6 | sys_gamepad_ycon_write_raw_report ( in[0x3C], out[]) |
7 | sys_gamepad_ycon_get_feature ( in[8], out[0x38?]) |
8 | sys_gamepad_ycon_set_feature (in[6+x](4Bytes+1Byte+1Byte[contains size x]+xBytes),0) |
9 | sys_gamepad_ycon_is_gem ( 0,out[1]) |
Syscall 726 (0x2D6) Gelic Device Eurus Post Command
syscall(726,uint16_t cmd, uint8_t *cmdbuf, uint64_t cmdbuf_size)
Packet ID | Description |
---|
Syscall 861 (0x35D)
syscall(861,packet_id, r4,r5,r6,r7,r8,r9,r10)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Usage |
---|---|
0 | not implemented |
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | not implemented |
10 | not implemented |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 |
Syscall 862 (0x35E) Virtual TRM Manager Interface
syscall(862,packet_id, r4,r5,r6,r7)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Usage |
---|---|
0x2001 | |
0x2002 | |
0x2003 | |
0x2004 | |
0x2005 | |
0x2006 | |
0x2007 | not implemented |
0x2008 | not implemented |
0x2009 | not implemented |
0x200A | |
0x200B | |
0x200C | |
0x200D | |
0x200E | vtrm_decrypt_master(uint8[0x10],uint8[0x40] |
0x200F | not implemented |
0x2010 | not implemented |
0x2011 | not implemented |
0x2012 | |
0x2013 | |
0x2014 | |
0x2015 | |
0x2016 | |
0x2017 |
Syscall 863 (0x35F) Update Manager Interface
syscall(863,packet_id, r4,r5,r6,r7,r8,r9)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Usage |
---|---|
0x6001 | update_mgr_update_package_tophalf( ,,,) |
0x6002 | update_manager_if::Inspect_Package(int package_type(1-9),sys_addr_tr * alloc_addr,size,r7=9(cex)/5(dex/tool),r8=out:uint64_t*) |
0x6003 | update_manager_if::Get_Package_Info(int package_type,out:uint64_t*) |
0x6004 | update_mgr_get_fix_instruction( ) |
0x6005 | update_mgr_extract_package_tophalf( ,,,,) |
0x6006 | update_mgr_get_extract_package(,,,,,) |
0x6007 | not implemented |
0x6008 | not implemented |
0x6009 | update_manager_if::get_token_seed( out:uint8[size1],size1,out:uint8[size2],size2) size>=0x50 |
0x600A | update_manager_if::set_token(in:token[size],int size), size>=0x80 |
0x600B | update_manager_if::read_eprom(uint32 offset,out:uint8[1]) |
0x600C | update_manager_if::write_eprom(uint32 offset,uint8 value) |
0x600D | update_mgr_get_status( ,,,,,) |
0x600E | update_manager_if::allocate_buffer(size,out:sys_addr_t * alloc_addr) |
0x600F | update_manager_if::release_buffer(in:sys_addr_t * alloc_addr) |
0x6010 | not implemented |
0x6011 | update_manager_if::get_applicable_version(1 ,out:uint8[0x20]) |
0x6012 |
Syscall 864 (0x360) Storage Manager Interface
syscall(864,packet_id, r4)
Note: access to this Syscall requries at least 0x20 Debug Control Flags, else 0x80010003
Packet ID | Description | Notes |
---|---|---|
0x5004 | sys_ss_auth_bd(int) | cellSsDrvPs2DiscInsert(0x52) |
0x5007 | sys_ss_hw_disc_auth_emu(in/out:uint8[0x18]) | use can be restricted to certain authentication id's |
0x5008 | sys_ss_hw_mc(in/out:uint8[0x38]) | use can be restricted to certain authentication id's |
Syscall 865 (0x361) Random Number Generator
syscall(865,packet_id, r4,r5)
Packet ID | Description | Notes |
---|---|---|
1 | syscall(865,1, out[0x18], 0x18) | size is static usage with this packet_id requires either 0x40 Root Flags or [0x1B]=8 and a certain authentication id |
2 | sys_get_random_number(out[size], size) |
Syscall 866 (0x362) Secure RTC Manager Interface
syscall(866,packet_id, r4, r5, r6)
Packet ID | Description | Notes |
---|---|---|
0x3001 | secure_rtc_set_rtc(r4,r5) | requries 0x40 root control flags |
0x3002 | secure_rtc_get_time(r4,r5,r6) | might be restricted to certain authentication id's |
0x3003 | secure_rtc_set_time(r4,r5) | requries 0x40 root control flags |
Syscall 867 (0x363) AIM Manager Interface
syscall(867,packet_id, r4)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Description |
---|---|
0x19002 | cellSsAimGetDeviceType(out:uint8[0x10]) |
0x19003 | cellSsAimGetDeviceId(out:uint8[0x10]) |
0x19004 | cellSsAimGetPsCode(out:uint8[8]) |
0x19005 | cellSsAimGetOpenPsId(out:uint8[0x10]) |
0x19006 | syscall(867,0x19006) |
Syscall 868 (0x364) Indi Info Manager Interface
syscall(868,packet_id, r4,r5,r6,r7)
Note: access to this Syscall requries 0x40 Root Control Flags, but allows 0x20 Debug Flags and certain authentication id's for first packet_id
Packet ID | Description |
---|---|
0x17001 | |
0x17002 | |
0x17003 | |
0x17004 | |
0x17005 | |
0x17006 | |
0x17007 | |
0x17008 | |
0x17009 | |
0x1700A | |
0x1700B | |
0x1700C | |
0x1700D | |
0x1700E | |
0x1700F | |
0x17010 | |
0x17011 | |
0x17012 | |
0x17013 | |
0x17014 | |
0x17015 | |
0x17016 | |
0x17017 |
Syscall 869 (0x365) RTC? Manager Interface
syscall(869,packet_id, r4)
Note: access to this Syscall requries 0x40 Root Control Flags and possibly restricted to certain authentication id's, else 0x80010003
Packet ID | Description |
---|---|
0x22001 | syscall(869,0x22001, out:uint8[0x80]) |
0x22002 | syscall(869,0x22002, out:uint8[0x690]) |
0x22003 | syscall(869,0x22003, in:uint8[8]) |
0x22004 | syscall(869,0x22004, int) |
Syscall 871 (0x367) SS Access Control Engine
syscall(871,packet_id, r4)
Packet ID | Usage | Notes |
---|---|---|
1 | syscall(871,1,sys_pid_t id,out:uint8[8]) | this packet_id requires 0x20 Debug Control Flags or [0x1B]=8 and a certain authentication id, else 0x80010003 |
2 | syscall(871,2,out:uint8[8]) | returns authentication id? |
3 | syscall(871,3,sys_pid_t id) | this packet_id requries 0x20 Debug Control Flags, else 0x80010003, but returns 0x8001009 |
Syscall 876 (0x36C) Disc Access Control
syscall(876,packet_id, r4)
Note: accessing this Syscall is restricted to certain authentication id's
Packet ID | Description |
---|---|
0x20000 | sys_get_disc_access_control(out:uint8[4]) |
0x20001 | sys_set_disc_access_control(0 / 1) |
Syscall 877 (0x36D) User Token Interface
syscall(877,packet_id, r4,size)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Description |
---|---|
0x25003 | sys_ss_utoken_decrypt(uint8[0xC50], 0xC50) |
0x25004 | sys_ss_utoken_get?(out:uint8[0xC50], 0xC50) |
0x25005 | sys_ss_utoken_encrypt(uint8[0xC50], 0xC50) |
Syscall 878 (0x36E) Ad Sign
syscall(878,packet_id, r4,r5)
Note: access to this Syscall is restricted to certain authentication id's
Packet ID | Description |
---|---|
0x26001 | sys_ss_ad_sign(in:uint8[0x14],out:uint[0x80]) |
Syscall 879 (0x36F) Media ID
syscall(862,packet_id, r4)
Note: access to this Syscall is restricted to certain authentication id's
Note2: it uses Storage Service Id 0x5007, 0x4B
Packet ID | Description |
---|---|
0x10001 | sysBdMediaId(out:uint8[0x10]) |
not on the wiki yet
these lv2 syscalls are present, but neither ordinal nor branches are known yet
sys_usbbtaudio_start_recording_ex sys_lwcond_attribute_name_set sys_lwmutex_attribute_name_set sys_event_flag_attribute_name_set sys_semaphore_attribute_name_set sys_cond_attribute_name_set sys_mutex_attribute_name_set sys_raw_spu_mmio_read_ls (no real lv2 syscall, reading mmio address) sys_raw_spu_mmio_write_ls (no real lv2 syscall, reading mmio address) sys_raw_spu_mmio_read (no real lv2 syscall, reading mmio address) sys_raw_spu_mmio_write (no real lv2 syscall, reading mmio address) sys_event_queue_attribute_name_set sys_lwcond_signal sys_lwcond_signal_all sys_lwcond_signal_to sys_lwcond_wait sys_spu_elf_get_segments sys_raw_spu_image_load sys_mmapper_allocate_memory sys_ppu_thread_unregister_atexit sys_ppu_thread_once sys_prx_exitspawn_with_level sys_process_at_Exitspawn sys_process_atexitspawn sys_game_process_exitspawn2 sys_process_is_stack
debug syscalls sys_dbg_set_stacksize_ppu_exception_handler sys_dbg_get_spu_thread_group_ids sys_dbg_get_ppu_thread_ids sys_dbg_get_spu_thread_ids sys_dbg_register_ppu_exception_handler sys_dbg_mat_set_condition sys_dbg_read_spu_thread_context2 sys_dbg_enable_floating_point_enabled_exception sys_dbg_get_event_queue_information sys_dbg_get_spu_thread_name sys_dbg_get_ppu_thread_name sys_dbg_signal_to_ppu_exception_handler sys_dbg_get_mutex_information sys_dbg_vm_get_page_information sys_dbg_mat_get_condition sys_dbg_get_cond_information sys_dbg_get_ppu_thread_status sys_dbg_get_lwcond_information sys_dbg_get_rwlock_information sys_dbg_get_spu_thread_group_status sys_dbg_get_semaphore_information sys_dbg_set_mask_to_ppu_exception_handler sys_dbg_get_coredump_params sys_dbg_get_address_from_dabr sys_dbg_get_spu_thread_group_name sys_dbg_finalize_ppu_exception_handler sys_dbg_read_spu_thread_context sys_dbg_initialize_ppu_exception_handler sys_dbg_read_ppu_thread_context sys_dbg_unregister_ppu_exception_handler sys_dbg_get_lwmutex_information sys_dbg_signal_to_coredump_handler sys_dbg_set_address_to_dabr sys_dbg_get_event_flag_information sys_dbg_disable_floating_point_enabled_exception
see also this pastebin: http://pastebin.com/w2xkNZ9T
Custom Syscalls
This is a fself for testing that when started in 4.21 DEX CFW will add lv2_alloc as Syscall 32(Replaces: UNUSED_SYSCALL). It will then try to use it and printf the received pointer. Please test and report back. http://rghost.net/48803322
firmware version offsets
FW version | Offset | Value | Notes |
---|---|---|---|
3.72 Retail | 0x9150 | ||
3.70 Retail | 0x9088 | ||
3.66 Retail | 0x8ef8 | ||
3.61 Retail | 0x8d04 | ||
3.60 Retail | 0x8ca0 | ||
3.56 Retail | 0x8b10 | ||
3.55 Retail | 0x3329b8 | 0x8aac | |
3.55 DEX | |||
3.50 Retail | 0x88b8 | ||
3.42 Retail | 0x8598 | ||
3.41 Retail | 0x2d7580 | 0x8534 | |
3.41 DEX | |||
3.41 KIOSK | 0x8534 | ||
3.40 Retail | 0x84d0 | ||
3.30 Retail | 0x80e8 | ||
3.21 Retail | 0x7d64 | ||
3.15 Retail | 0x2d6c00 | 0x7b0c | offset seems to be 6 further @ 0x002d6c06 (see below) |
3.10 Retail | 0x7918 | ||
3.01 Retail | 0x7594 | ||
2.85 Retail | 0x6f54 | ||
2.76 Retail | 0x6bd0 | ||
2.70 Retail | 0x6978 | ||
2.60 Retail | 0x6590 | ||
2.53 Retail | 0x62d4 | ||
2.43 Retail | 0x5eec | ||
1.02 Retail | 0x27d8 |
Note: the value is decimal '35500', '34100' and '31500' in hex.
Example
Example from 3.15 with 3.60 spoof:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 002D6C00 00 00 00 00 00 00 8C A0 00 00 00 00 00 00 00 00 ......Œ ........ ^^ ^^ dec: 36000 spoofed
LV2 Process Structures
lv2::process is the same structure that can be found in CobraUSB source code (process.h). This version was reversed from 3.41 lv2_kernel.
struct proc_phys_mem_stat
{
u64 field_0;
u64 field_8;
u64 field_10;
u64 field_18;
u64 field_20;
u64 field_28;
u64 field_30;
};
struct unk_process_struct_1E8
{
u64 field_0;
u64 field_8;
u64 field_10;
u64 field_18;
};
struct unk_process_struct_3A0
{
u64 field_0;
u64 field_8;
};
namespace lv2
{
class wait_queue
{
u64 field_0;
u64 field_8;
u64 field_10;
};
class mutex
{
void *vtable;
u64 field_8;
u64 field_10;
lv2::wait_queue field_18;
u64 field_30;
u64 field_38;
};
class condition_variable
{
void *vtable;
u64 field_8;
lv2::wait_queue field_10;
u64 field_28;
u64 field_30;
};
class pu_thr
{
void *vtable;
char name[28];
int thr_id;
u64 field_28;
u64 field_30;
u64 field_38;
u64 prio;
u64 field_48;
u64 field_50;
u64 field_58;
u64 field_60;
u64 field_68;
u64 stack_address;
u64 stack_size;
lv2::process *my_proc;
u64 field_88;
u64 field_90;
u64 general_purpose_registers[32];
int condition_register;
u64 exception_register;
u64 link_register;
u64 count_register;
u64 save_restore_register_0;
u64 save_restore_register_1;
u64 field_1C8;
double floating_point_registers[32];
int field_2D0;
int floating_point_status_and_control_register;
u64 field_2D8;
u64 field_2E0;
u64 field_2E8;
u64 field_2F0;
u64 field_2F8;
u64 field_300;
u64 field_308;
u64 field_310;
u64 field_318;
u64 field_320;
u64 field_328;
u64 field_330;
u64 field_338;
u64 field_340;
u64 field_348;
u64 field_350;
u64 field_358;
u64 field_360;
u64 field_368;
u64 field_370;
u64 field_378;
u64 field_380;
u64 field_388;
u64 field_390;
u64 field_398;
u64 field_3A0;
u64 field_3A8;
u64 field_3B0;
u64 field_3B8;
u64 field_3C0;
u64 field_3C8;
u64 field_3D0;
u64 field_3D8;
u64 field_3E0;
u64 field_3E8;
u64 field_3F0;
u64 field_3F8;
u64 field_400;
u64 field_408;
u64 field_410;
u64 field_418;
u64 field_420;
u64 field_428;
u64 field_430;
u64 field_438;
u64 field_440;
u64 field_448;
u64 field_450;
u64 field_458;
u64 field_460;
u64 field_468;
u64 field_470;
u64 field_478;
u64 field_480;
u64 field_488;
u64 field_490;
u64 field_498;
u64 field_4A0;
u64 field_4A8;
u64 field_4B0;
u64 field_4B8;
u64 field_4C0;
u64 field_4C8;
u64 field_4D0;
u64 field_4D8;
u64 field_4E0;
u64 field_4E8;
u64 field_4F0;
u64 field_4F8;
u64 field_500;
u64 field_508;
u64 field_510;
u64 field_518;
u64 field_520;
u64 field_528;
u64 field_530;
u64 field_538;
u64 field_540;
u64 field_548;
int stop_info;
u64 field_558;
u64 field_560;
u64 field_568;
u64 field_570;
u64 field_578;
u64 field_580;
u64 field_588;
u64 field_590;
u64 field_598;
u64 field_5A0;
u64 field_5A8;
u64 field_5B0;
u64 field_5B8;
u64 field_5C0;
u64 field_5C8;
u64 field_5D0;
u64 field_5D8;
u64 field_5E0;
u64 field_5E8;
u64 field_5F0;
u64 field_5F8;
};
class id_table
{
u64 field_0[256];
u64 field_800;
lv2::wait_queue field_808;
u64 field_820;
};
class address_space
{
u64 field_0;
u64 field_8;
u64 field_10;
u64 field_18;
u64 field_20;
};
class process_as
{
lv2::address_space field_0;
u64 field_28;
u64 field_30;
u64 field_38;
u64 field_40;
u64 field_48;
u64 field_50;
u64 field_58;
u64 field_60;
u64 field_68;
u64 field_70;
u64 field_78;
u64 field_80;
u64 field_88;
u64 field_90;
u64 field_98;
u64 field_A0;
u64 field_A8;
u64 field_B0;
u64 field_B8;
u64 field_C0;
u64 field_C8;
u64 field_D0;
u64 field_D8;
u64 field_E0;
u64 field_E8;
u64 field_F0;
u64 field_F8;
u64 field_100;
u64 field_108;
u64 field_110;
u64 field_118;
u64 field_120;
u64 field_128;
u64 field_130;
u64 field_138;
u64 field_140;
u64 field_148;
u64 field_150;
u64 field_158;
u64 field_160;
u64 field_168;
u64 field_170;
u64 field_178;
u64 field_180;
u64 field_188;
u64 field_190;
u64 field_198;
u64 field_1A0;
u64 field_1A8;
u64 field_1B0;
u64 field_1B8;
u64 field_1C0;
u64 field_1C8;
u64 field_1D0;
u64 field_1D8;
u64 field_1E0;
u64 field_1E8;
u64 field_1F0;
u64 field_1F8;
u64 field_200;
u64 field_208;
u64 field_210;
u64 field_218;
u64 field_220;
u64 field_228;
u64 field_230;
u64 field_238;
u64 field_240;
u64 field_248;
u64 field_250;
u64 field_258;
u64 field_260;
u64 field_268;
u64 field_270;
u64 field_278;
u64 field_280;
u64 field_288;
u64 field_290;
u64 field_298;
u64 field_2A0;
u64 field_2A8;
u64 field_2B0;
u64 field_2B8;
u64 field_2C0;
u64 field_2C8;
u64 field_2D0;
u64 field_2D8;
u64 field_2E0;
u64 field_2E8;
u64 field_2F0;
u64 field_2F8;
u64 field_300;
u64 field_308;
u64 field_310;
u64 field_318;
u64 field_320;
u64 field_328;
u64 field_330;
u64 field_338;
u64 field_340;
u64 field_348;
u64 field_350;
u64 field_358;
u64 field_360;
u64 field_368;
u64 field_370;
u64 field_378;
u64 field_380;
u64 field_388;
u64 field_390;
u64 field_398;
u64 field_3A0;
u64 field_3A8;
u64 field_3B0;
u64 field_3B8;
u64 field_3C0;
u64 field_3C8;
u64 field_3D0;
u64 field_3D8;
u64 field_3E0;
u64 field_3E8;
u64 field_3F0;
u64 field_3F8;
u64 field_400;
u64 field_408;
u64 field_410;
u64 field_418;
u64 field_420;
u64 field_428;
u64 field_430;
u64 field_438;
u64 field_440;
u64 field_448;
u64 field_450;
u64 field_458;
u64 field_460;
u64 field_468;
u64 field_470;
u64 field_478;
u64 field_480;
u64 field_488;
u64 field_490;
u64 field_498;
u64 field_4A0;
lv2::mutex field_4A8;
u64 field_4E8;
u64 field_4F0;
u64 field_4F8;
u64 field_500;
u64 field_508;
u64 field_510;
u64 field_518;
u64 field_520;
u64 field_528;
};
class process
{
void *sc_table;
lv2::sc_trace *sc_trace;
u64 field_10;
u64 field_18;
u64 field_20;
int pid;
int status;
lv2::process_as *process_as;
lv2::pu_thr *primary_ppu_thread;
u64 field_40;
lv2::pu_thr *field_48;
u64 num_pu_threads_1;
u64 num_pu_threads_2;
u64 field_60;
u64 field_68;
u64 field_70;
u64 field_78;
u64 field_80;
u64 field_88;
u64 field_90;
u64 field_98;
u64 field_A0;
u64 size_of_memory;
lv2::process *parent;
lv2::process *first_child;
lv2::process *last_child;
u64 num_children;
lv2::mutex field_D0;
lv2::condition_variable field_110;
u64 field_148;
u64 field_150;
u64 field_158;
char *proc_image_filename;
lv2::mutex field_168;
u64 field_1A8;
proc_phys_mem_stat field_1B0;
unk_process_struct_1E8 field_1E8;
lv2::id_table *id_table;
u64 field_210;
u64 field_218;
u64 field_220;
u64 field_228;
u64 field_230;
u64 field_238;
u64 field_240;
u64 field_248;
u64 field_250;
u64 field_258;
u64 field_260;
char osabi_type;
int sdk_version;
u64 field_270;
u64 field_278;
u64 field_280;
u64 field_288;
u64 field_290;
u64 field_298;
u64 field_2A0;
u64 field_2A8;
u64 field_2B0;
u64 field_2B8;
u64 field_2C0;
u64 field_2C8;
u64 field_2D0;
u64 field_2D8;
u64 field_2E0;
u64 field_2E8;
u64 field_2F0;
u64 field_2F8;
u64 field_300;
u64 field_308;
u64 field_310;
u64 field_318;
u64 field_320;
u64 field_328;
u64 field_330;
u64 field_338;
u64 field_340;
u64 field_348;
u64 field_350;
u64 field_358;
u64 field_360;
u64 field_368;
u64 field_370;
u64 field_378;
u64 field_380;
u64 field_388;
u64 field_390;
u64 field_398;
unk_process_struct_3A0 field_3A0;
u64 field_3B0;
u64 field_3B8;
u64 field_3C0;
u64 field_3C8;
};
}