Talk:LV2 Functions and Syscalls: Difference between revisions
Line 8,778: | Line 8,778: | ||
|- | |- | ||
! colspan="6" id="sys_semaphore Syscalls"|[[#sys_semaphore Syscalls]] (90-94+114) | ! colspan="6" id="sys_semaphore Syscalls"|[[#sys_semaphore Syscalls]] (90-94+114) | ||
|- | |||
| 90 | |||
| 0x05A | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_semaphore_create | |||
| int sys_semaphore_create(sys_semaphore_t * sem, sys_semaphore_attribute_t * attr, sys_semaphore_value_t initial_val, sys_semaphore_value_t max_val); | |||
|- | |||
| 91 | |||
| 0x05B | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_semaphore_destroy | |||
| int sys_semaphore_destroy(sys_semaphore_t sem); | |||
|- | |||
| 92 | |||
| 0x05C | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_semaphore_wait | |||
| int sys_semaphore_wait(sys_semaphore_t sem, usecond_t timeout); | |||
|- | |||
| 93 | |||
| 0x05D | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_semaphore_trywait | |||
| int sys_semaphore_trywait(sys_semaphore_t sem); | |||
|- | |||
| 94 | |||
| 0x05E | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_semaphore_post | |||
| int sys_semaphore_post(sys_semaphore_t sem, sys_semaphore_value_t val); | |||
|- | |||
! colspan="6" id="sys_lwmutex Syscalls"|[[#sys_lwmutex Syscalls]] (95-99) | |||
|- | |||
| 95 | |||
| 0x05F | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwmutex_create | |||
| int sys_lwmutex_create(sys_lwmutex_t *lwmutex, sys_lwmutex_attribute_t *attr) | |||
|- | |||
| 96 | |||
| 0x060 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwmutex_destroy | |||
| int sys_lwmutex_destroy(sys_lwmutex_t *lwmutex) | |||
|- | |||
| 97 | |||
| 0x061 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwmutex_lock | |||
| int sys_lwmutex_lock(sys_lwmutex_t *lwmutex, usecond_t timeout) | |||
|- | |||
| 98 | |||
| 0x062 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwmutex_trylock | |||
| int sys_lwmutex_trylock(sys_lwmutex_t *lwmutex) | |||
|- | |||
| 99 | |||
| 0x063 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwmutex_unlock | |||
| int sys_lwmutex_unlock(sys_lwmutex_t *lwmutex) | |||
|- | |||
! colspan="6" id="sys_mutex Syscalls"|[[#sys_mutex Syscalls]] (100-104) | |||
|- | |||
| 100 | |||
| 0x064 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_mutex_create | |||
| int sys_mutex_create(sys_mutex_t * mutex_id, sys_mutex_attribute_t * attr); | |||
|- | |||
| 101 | |||
| 0x065 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_mutex_destroy | |||
| int sys_mutex_destroy(sys_mutex_t mutex_id); | |||
|- | |||
| 102 | |||
| 0x066 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_mutex_lock | |||
| int sys_mutex_lock(sys_mutex_t mutex_id, usecond_t timeout); | |||
|- | |||
| 103 | |||
| 0x067 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_mutex_trylock | |||
| int sys_mutex_trylock(sys_mutex_t mutex_id); | |||
|- | |||
| 104 | |||
| 0x068 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_mutex_unlock | |||
| int sys_mutex_unlock(sys_mutex_t mutex_id); | |||
|- | |||
! colspan="6" id="sys_cond Syscalls"|[[#sys_cond Syscalls]] (105-110) | |||
|- | |||
| 105 | |||
| 0x069 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_cond_create | |||
| int sys_cond_create(sys_cond_t * cond_id, sys_mutex_t mutex_id, sys_cond_attribute_t * attr); | |||
|- | |||
| 106 | |||
| 0x06A | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_cond_destroy | |||
| int sys_cond_destroy(sys_cond_t cond_id); | |||
|- | |||
| 107 | |||
| 0x06B | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_cond_wait | |||
| int sys_cond_wait(sys_cond_t cond_id, usecond_t timeout); | |||
|- | |||
| 108 | |||
| 0x06C | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_cond_signal | |||
| int sys_cond_signal(sys_cond_t cond_id); | |||
|- | |||
| 109 | |||
| 0x06D | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_cond_signal_all | |||
| int sys_cond_signal_all(sys_cond_t cond_id); | |||
|- | |||
| 110 | |||
| 0x06E | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_cond_signal_to | |||
| int sys_cond_signal_to(sys_cond_t cond_id, sys_ppu_thread_t thread); | |||
|- | |||
! colspan="6" id="sys_lwcond Syscalls"|[[#sys_lwcond Syscalls]] (111+112) | |||
|- | |||
| 111 | |||
| 0x06F | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwcond_create | |||
| int sys_lwcond_create(sys_lwcond_t *lwcond, sys_lwmutex_t *lwmutex, sys_lwcond_attribute_t *attr) | |||
|- | |||
| 112 | |||
| 0x070 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwcond_destroy | |||
| int sys_lwcond_destroy(sys_lwcond_t *lwcond) | |||
|- | |||
| 113 | |||
| 0x071 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_lwcond_queue_wait | |||
| 3 params | |||
|- | |||
! colspan="6" id="sys_semaphore Syscalls"|[[#sys_semaphore Syscalls]] (90-94+114) | |||
|- | |||
| 114 | |||
| 0x072 | |||
| {{CEX}}{{DEX}}{{DECR}} | |||
| | |||
| sys_semaphore_get_value | |||
| int sys_semaphore_get_value(sys_semaphore_t sem, sys_semaphore_value_t * val); | |||
|- | |- | ||
|} | |} |
Revision as of 00:26, 22 May 2017
Lv2 Syscall Services Usage
Documentation about syscalls with packet id
Syscall 621 (0x26D) Gamepad Ycon Interface
syscall(621,packet_id,r4,r5)
Packet ID | Usage |
---|---|
0 | sys_gamepad_ycon_initialize ( 0, 0) |
1 | sys_gamepad_ycon_finalize ( 0, 0) |
2 | sys_gamepad_ycon_has_input_ownership ( inout[8](if==0->autofill), out[1]) |
3 | sys_gamepad_ycon_enumerate_device ( 0, out[0x20]) |
4 | sys_gamepad_ycon_get_device_info ( in[8], out[0x1C]) |
5 | sys_gamepad_ycon_read_raw_report ( in[4], out[4]) |
6 | sys_gamepad_ycon_write_raw_report ( in[0x3C], out[]) |
7 | sys_gamepad_ycon_get_feature ( in[8], out[0x38?]) |
8 | sys_gamepad_ycon_set_feature (in[6+x](4Bytes+1Byte+1Byte[contains size x]+xBytes),0) |
9 | sys_gamepad_ycon_is_gem ( 0,out[1]) |
Syscall 726 (0x2D6) Gelic Device Eurus Post Command
syscall(726,uint16_t cmd, uint8_t *cmdbuf, uint64_t cmdbuf_size)
Packet ID | Description |
---|
Syscall 861 (0x35D)
syscall(861,packet_id, r4,r5,r6,r7,r8,r9,r10)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Usage |
---|---|
0 | not implemented |
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | not implemented |
10 | not implemented |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 |
Syscall 862 (0x35E) Virtual TRM Manager Interface
syscall(862,packet_id, r4,r5,r6,r7)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Usage |
---|---|
0x2001 | |
0x2002 | |
0x2003 | |
0x2004 | |
0x2005 | |
0x2006 | |
0x2007 | not implemented |
0x2008 | not implemented |
0x2009 | not implemented |
0x200A | |
0x200B | |
0x200C | |
0x200D | |
0x200E | vtrm_decrypt_master(uint8[0x10],uint8[0x40] |
0x200F | not implemented |
0x2010 | not implemented |
0x2011 | not implemented |
0x2012 | |
0x2013 | |
0x2014 | |
0x2015 | |
0x2016 | |
0x2017 |
Syscall 863 (0x35F) Update Manager Interface
syscall(863,packet_id, r4,r5,r6,r7,r8,r9)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Usage |
---|---|
0x6001 | update_mgr_update_package_tophalf( ,,,) |
0x6002 | update_manager_if::Inspect_Package(int package_type(1-9),sys_addr_tr * alloc_addr,size,r7=9(cex)/5(dex/tool),r8=out:uint64_t*) |
0x6003 | update_manager_if::Get_Package_Info(int package_type,out:uint64_t*) |
0x6004 | update_mgr_get_fix_instruction( ) |
0x6005 | update_mgr_extract_package_tophalf( ,,,,) |
0x6006 | update_mgr_get_extract_package(,,,,,) |
0x6007 | not implemented |
0x6008 | not implemented |
0x6009 | update_manager_if::get_token_seed( out:uint8[size1],size1,out:uint8[size2],size2) size>=0x50 |
0x600A | update_manager_if::set_token(in:token[size],int size), size>=0x80 |
0x600B | update_manager_if::read_eprom(uint32 offset,out:uint8[1]) |
0x600C | update_manager_if::write_eprom(uint32 offset,uint8 value) |
0x600D | update_mgr_get_status( ,,,,,) |
0x600E | update_manager_if::allocate_buffer(size,out:sys_addr_t * alloc_addr) |
0x600F | update_manager_if::release_buffer(in:sys_addr_t * alloc_addr) |
0x6010 | not implemented |
0x6011 | update_manager_if::get_applicable_version(1 ,out:uint8[0x20]) |
0x6012 |
Syscall 864 (0x360) Storage Manager Interface
syscall(864,packet_id, r4)
Note: access to this Syscall requries at least 0x20 Debug Control Flags, else 0x80010003
Packet ID | Description | Notes |
---|---|---|
0x5004 | sys_ss_auth_bd(int) | cellSsDrvPs2DiscInsert(0x52) |
0x5007 | sys_ss_hw_disc_auth_emu(in/out:uint8[0x18]) | use can be restricted to certain authentication id's |
0x5008 | sys_ss_hw_mc(in/out:uint8[0x38]) | use can be restricted to certain authentication id's |
Syscall 865 (0x361) Random Number Generator
syscall(865,packet_id, r4,r5)
Packet ID | Description | Notes |
---|---|---|
1 | syscall(865,1, out[0x18], 0x18) | size is static usage with this packet_id requires either 0x40 Root Flags or [0x1B]=8 and a certain authentication id |
2 | sys_get_random_number(out[size], size) |
Syscall 866 (0x362) Secure RTC Manager Interface
syscall(866,packet_id, r4, r5, r6)
Packet ID | Description | Notes |
---|---|---|
0x3001 | secure_rtc_set_rtc(r4,r5) | requries 0x40 root control flags |
0x3002 | secure_rtc_get_time(r4,r5,r6) | might be restricted to certain authentication id's |
0x3003 | secure_rtc_set_time(r4,r5) | requries 0x40 root control flags |
Syscall 867 (0x363) AIM Manager Interface
syscall(867,packet_id, r4)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Description |
---|---|
0x19002 | cellSsAimGetDeviceType(out:uint8[0x10]) |
0x19003 | cellSsAimGetDeviceId(out:uint8[0x10]) |
0x19004 | cellSsAimGetPsCode(out:uint8[8]) |
0x19005 | cellSsAimGetOpenPsId(out:uint8[0x10]) |
0x19006 | syscall(867,0x19006) |
Syscall 868 (0x364) Indi Info Manager Interface
syscall(868,packet_id, r4,r5,r6,r7)
Note: access to this Syscall requries 0x40 Root Control Flags, but allows 0x20 Debug Flags and certain authentication id's for first packet_id
Packet ID | Description |
---|---|
0x17001 | |
0x17002 | |
0x17003 | |
0x17004 | |
0x17005 | |
0x17006 | |
0x17007 | |
0x17008 | |
0x17009 | |
0x1700A | |
0x1700B | |
0x1700C | |
0x1700D | |
0x1700E | |
0x1700F | |
0x17010 | |
0x17011 | |
0x17012 | |
0x17013 | |
0x17014 | |
0x17015 | |
0x17016 | |
0x17017 |
Syscall 869 (0x365) RTC? Manager Interface
syscall(869,packet_id, r4)
Note: access to this Syscall requries 0x40 Root Control Flags and possibly restricted to certain authentication id's, else 0x80010003
Packet ID | Description |
---|---|
0x22001 | syscall(869,0x22001, out:uint8[0x80]) |
0x22002 | syscall(869,0x22002, out:uint8[0x690]) |
0x22003 | syscall(869,0x22003, in:uint8[8]) |
0x22004 | syscall(869,0x22004, int) |
Syscall 871 (0x367) SS Access Control Engine
syscall(871,packet_id, r4)
Packet ID | Usage | Notes |
---|---|---|
1 | syscall(871,1,sys_pid_t id,out:uint8[8]) | this packet_id requires 0x20 Debug Control Flags or [0x1B]=8 and a certain authentication id, else 0x80010003 |
2 | syscall(871,2,out:uint8[8]) | returns authentication id? |
3 | syscall(871,3,sys_pid_t id) | this packet_id requries 0x20 Debug Control Flags, else 0x80010003, but returns 0x8001009 |
Syscall 876 (0x36C) Disc Access Control
syscall(876,packet_id, r4)
Note: accessing this Syscall is restricted to certain authentication id's
Packet ID | Description |
---|---|
0x20000 | sys_get_disc_access_control(out:uint8[4]) |
0x20001 | sys_set_disc_access_control(0 / 1) |
Syscall 877 (0x36D) User Token Interface
syscall(877,packet_id, r4,size)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003
Packet ID | Description |
---|---|
0x25003 | sys_ss_utoken_decrypt(uint8[0xC50], 0xC50) |
0x25004 | sys_ss_utoken_get?(out:uint8[0xC50], 0xC50) |
0x25005 | sys_ss_utoken_encrypt(uint8[0xC50], 0xC50) |
Syscall 878 (0x36E) Ad Sign
syscall(878,packet_id, r4,r5)
Note: access to this Syscall is restricted to certain authentication id's
Packet ID | Description |
---|---|
0x26001 | sys_ss_ad_sign(in:uint8[0x14],out:uint[0x80]) |
Syscall 879 (0x36F) Media ID
syscall(862,packet_id, r4)
Note: access to this Syscall is restricted to certain authentication id's
Note2: it uses Storage Service Id 0x5007, 0x4B
Packet ID | Description |
---|---|
0x10001 | sysBdMediaId(out:uint8[0x10]) |
not on the wiki yet
these lv2 syscalls are present, but neither ordinal nor branches are known yet
sys_usbbtaudio_start_recording_ex sys_lwcond_attribute_name_set sys_lwmutex_attribute_name_set sys_event_flag_attribute_name_set sys_semaphore_attribute_name_set sys_cond_attribute_name_set sys_mutex_attribute_name_set sys_raw_spu_mmio_read_ls (no real lv2 syscall, reading mmio address) sys_raw_spu_mmio_write_ls (no real lv2 syscall, reading mmio address) sys_raw_spu_mmio_read (no real lv2 syscall, reading mmio address) sys_raw_spu_mmio_write (no real lv2 syscall, reading mmio address) sys_event_queue_attribute_name_set sys_lwcond_signal sys_lwcond_signal_all sys_lwcond_signal_to sys_lwcond_wait sys_spu_elf_get_segments sys_raw_spu_image_load sys_mmapper_allocate_memory sys_ppu_thread_unregister_atexit sys_ppu_thread_once sys_prx_exitspawn_with_level sys_process_at_Exitspawn sys_process_atexitspawn sys_game_process_exitspawn2 sys_process_is_stack
debug syscalls sys_dbg_set_stacksize_ppu_exception_handler sys_dbg_get_spu_thread_group_ids sys_dbg_get_ppu_thread_ids sys_dbg_get_spu_thread_ids sys_dbg_register_ppu_exception_handler sys_dbg_mat_set_condition sys_dbg_read_spu_thread_context2 sys_dbg_enable_floating_point_enabled_exception sys_dbg_get_event_queue_information sys_dbg_get_spu_thread_name sys_dbg_get_ppu_thread_name sys_dbg_signal_to_ppu_exception_handler sys_dbg_get_mutex_information sys_dbg_vm_get_page_information sys_dbg_mat_get_condition sys_dbg_get_cond_information sys_dbg_get_ppu_thread_status sys_dbg_get_lwcond_information sys_dbg_get_rwlock_information sys_dbg_get_spu_thread_group_status sys_dbg_get_semaphore_information sys_dbg_set_mask_to_ppu_exception_handler sys_dbg_get_coredump_params sys_dbg_get_address_from_dabr sys_dbg_get_spu_thread_group_name sys_dbg_finalize_ppu_exception_handler sys_dbg_read_spu_thread_context sys_dbg_initialize_ppu_exception_handler sys_dbg_read_ppu_thread_context sys_dbg_unregister_ppu_exception_handler sys_dbg_get_lwmutex_information sys_dbg_signal_to_coredump_handler sys_dbg_set_address_to_dabr sys_dbg_get_event_flag_information sys_dbg_disable_floating_point_enabled_exception
see also this pastebin: http://pastebin.com/w2xkNZ9T
Custom Syscalls
This is a fself for testing that when started in 4.21 DEX CFW will add lv2_alloc as Syscall 32(Replaces: UNUSED_SYSCALL). It will then try to use it and printf the received pointer. Please test and report back. http://rghost.net/48803322
firmware version offsets
FW version | Offset | Value | Notes |
---|---|---|---|
3.72 Retail | 0x9150 | ||
3.70 Retail | 0x9088 | ||
3.66 Retail | 0x8ef8 | ||
3.61 Retail | 0x8d04 | ||
3.60 Retail | 0x8ca0 | ||
3.56 Retail | 0x8b10 | ||
3.55 Retail | 0x3329b8 | 0x8aac | |
3.55 DEX | |||
3.50 Retail | 0x88b8 | ||
3.42 Retail | 0x8598 | ||
3.41 Retail | 0x2d7580 | 0x8534 | |
3.41 DEX | |||
3.41 KIOSK | 0x8534 | ||
3.40 Retail | 0x84d0 | ||
3.30 Retail | 0x80e8 | ||
3.21 Retail | 0x7d64 | ||
3.15 Retail | 0x2d6c00 | 0x7b0c | offset seems to be 6 further @ 0x002d6c06 (see below) |
3.10 Retail | 0x7918 | ||
3.01 Retail | 0x7594 | ||
2.85 Retail | 0x6f54 | ||
2.76 Retail | 0x6bd0 | ||
2.70 Retail | 0x6978 | ||
2.60 Retail | 0x6590 | ||
2.53 Retail | 0x62d4 | ||
2.43 Retail | 0x5eec | ||
1.02 Retail | 0x27d8 |
Note: the value is decimal '35500', '34100' and '31500' in hex.
Example
Example from 3.15 with 3.60 spoof:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 002D6C00 00 00 00 00 00 00 8C A0 00 00 00 00 00 00 00 00 ......Œ ........ ^^ ^^ dec: 36000 spoofed
LV2 Process Structures
lv2::process is the same structure that can be found in CobraUSB source code (process.h). This version was reversed from 3.41 lv2_kernel.
struct proc_phys_mem_stat
{
u64 field_0;
u64 field_8;
u64 field_10;
u64 field_18;
u64 field_20;
u64 field_28;
u64 field_30;
};
struct unk_process_struct_1E8
{
u64 field_0;
u64 field_8;
u64 field_10;
u64 field_18;
};
struct unk_process_struct_3A0
{
u64 field_0;
u64 field_8;
};
namespace lv2
{
class wait_queue
{
u64 field_0;
u64 field_8;
u64 field_10;
};
class mutex
{
void *vtable;
u64 field_8;
u64 field_10;
lv2::wait_queue field_18;
u64 field_30;
u64 field_38;
};
class condition_variable
{
void *vtable;
u64 field_8;
lv2::wait_queue field_10;
u64 field_28;
u64 field_30;
};
class pu_thr
{
void *vtable;
char name[28];
int thr_id;
u64 field_28;
u64 field_30;
u64 field_38;
u64 prio;
u64 field_48;
u64 field_50;
u64 field_58;
u64 field_60;
u64 field_68;
u64 stack_address;
u64 stack_size;
lv2::process *my_proc;
u64 field_88;
u64 field_90;
u64 general_purpose_registers[32];
int condition_register;
u64 exception_register;
u64 link_register;
u64 count_register;
u64 save_restore_register_0;
u64 save_restore_register_1;
u64 field_1C8;
double floating_point_registers[32];
int field_2D0;
int floating_point_status_and_control_register;
u64 field_2D8;
u64 field_2E0;
u64 field_2E8;
u64 field_2F0;
u64 field_2F8;
u64 field_300;
u64 field_308;
u64 field_310;
u64 field_318;
u64 field_320;
u64 field_328;
u64 field_330;
u64 field_338;
u64 field_340;
u64 field_348;
u64 field_350;
u64 field_358;
u64 field_360;
u64 field_368;
u64 field_370;
u64 field_378;
u64 field_380;
u64 field_388;
u64 field_390;
u64 field_398;
u64 field_3A0;
u64 field_3A8;
u64 field_3B0;
u64 field_3B8;
u64 field_3C0;
u64 field_3C8;
u64 field_3D0;
u64 field_3D8;
u64 field_3E0;
u64 field_3E8;
u64 field_3F0;
u64 field_3F8;
u64 field_400;
u64 field_408;
u64 field_410;
u64 field_418;
u64 field_420;
u64 field_428;
u64 field_430;
u64 field_438;
u64 field_440;
u64 field_448;
u64 field_450;
u64 field_458;
u64 field_460;
u64 field_468;
u64 field_470;
u64 field_478;
u64 field_480;
u64 field_488;
u64 field_490;
u64 field_498;
u64 field_4A0;
u64 field_4A8;
u64 field_4B0;
u64 field_4B8;
u64 field_4C0;
u64 field_4C8;
u64 field_4D0;
u64 field_4D8;
u64 field_4E0;
u64 field_4E8;
u64 field_4F0;
u64 field_4F8;
u64 field_500;
u64 field_508;
u64 field_510;
u64 field_518;
u64 field_520;
u64 field_528;
u64 field_530;
u64 field_538;
u64 field_540;
u64 field_548;
int stop_info;
u64 field_558;
u64 field_560;
u64 field_568;
u64 field_570;
u64 field_578;
u64 field_580;
u64 field_588;
u64 field_590;
u64 field_598;
u64 field_5A0;
u64 field_5A8;
u64 field_5B0;
u64 field_5B8;
u64 field_5C0;
u64 field_5C8;
u64 field_5D0;
u64 field_5D8;
u64 field_5E0;
u64 field_5E8;
u64 field_5F0;
u64 field_5F8;
};
class id_table
{
u64 field_0[256];
u64 field_800;
lv2::wait_queue field_808;
u64 field_820;
};
class address_space
{
u64 field_0;
u64 field_8;
u64 field_10;
u64 field_18;
u64 field_20;
};
class process_as
{
lv2::address_space field_0;
u64 field_28;
u64 field_30;
u64 field_38;
u64 field_40;
u64 field_48;
u64 field_50;
u64 field_58;
u64 field_60;
u64 field_68;
u64 field_70;
u64 field_78;
u64 field_80;
u64 field_88;
u64 field_90;
u64 field_98;
u64 field_A0;
u64 field_A8;
u64 field_B0;
u64 field_B8;
u64 field_C0;
u64 field_C8;
u64 field_D0;
u64 field_D8;
u64 field_E0;
u64 field_E8;
u64 field_F0;
u64 field_F8;
u64 field_100;
u64 field_108;
u64 field_110;
u64 field_118;
u64 field_120;
u64 field_128;
u64 field_130;
u64 field_138;
u64 field_140;
u64 field_148;
u64 field_150;
u64 field_158;
u64 field_160;
u64 field_168;
u64 field_170;
u64 field_178;
u64 field_180;
u64 field_188;
u64 field_190;
u64 field_198;
u64 field_1A0;
u64 field_1A8;
u64 field_1B0;
u64 field_1B8;
u64 field_1C0;
u64 field_1C8;
u64 field_1D0;
u64 field_1D8;
u64 field_1E0;
u64 field_1E8;
u64 field_1F0;
u64 field_1F8;
u64 field_200;
u64 field_208;
u64 field_210;
u64 field_218;
u64 field_220;
u64 field_228;
u64 field_230;
u64 field_238;
u64 field_240;
u64 field_248;
u64 field_250;
u64 field_258;
u64 field_260;
u64 field_268;
u64 field_270;
u64 field_278;
u64 field_280;
u64 field_288;
u64 field_290;
u64 field_298;
u64 field_2A0;
u64 field_2A8;
u64 field_2B0;
u64 field_2B8;
u64 field_2C0;
u64 field_2C8;
u64 field_2D0;
u64 field_2D8;
u64 field_2E0;
u64 field_2E8;
u64 field_2F0;
u64 field_2F8;
u64 field_300;
u64 field_308;
u64 field_310;
u64 field_318;
u64 field_320;
u64 field_328;
u64 field_330;
u64 field_338;
u64 field_340;
u64 field_348;
u64 field_350;
u64 field_358;
u64 field_360;
u64 field_368;
u64 field_370;
u64 field_378;
u64 field_380;
u64 field_388;
u64 field_390;
u64 field_398;
u64 field_3A0;
u64 field_3A8;
u64 field_3B0;
u64 field_3B8;
u64 field_3C0;
u64 field_3C8;
u64 field_3D0;
u64 field_3D8;
u64 field_3E0;
u64 field_3E8;
u64 field_3F0;
u64 field_3F8;
u64 field_400;
u64 field_408;
u64 field_410;
u64 field_418;
u64 field_420;
u64 field_428;
u64 field_430;
u64 field_438;
u64 field_440;
u64 field_448;
u64 field_450;
u64 field_458;
u64 field_460;
u64 field_468;
u64 field_470;
u64 field_478;
u64 field_480;
u64 field_488;
u64 field_490;
u64 field_498;
u64 field_4A0;
lv2::mutex field_4A8;
u64 field_4E8;
u64 field_4F0;
u64 field_4F8;
u64 field_500;
u64 field_508;
u64 field_510;
u64 field_518;
u64 field_520;
u64 field_528;
};
class process
{
void *sc_table;
lv2::sc_trace *sc_trace;
u64 field_10;
u64 field_18;
u64 field_20;
int pid;
int status;
lv2::process_as *process_as;
lv2::pu_thr *primary_ppu_thread;
u64 field_40;
lv2::pu_thr *field_48;
u64 num_pu_threads_1;
u64 num_pu_threads_2;
u64 field_60;
u64 field_68;
u64 field_70;
u64 field_78;
u64 field_80;
u64 field_88;
u64 field_90;
u64 field_98;
u64 field_A0;
u64 size_of_memory;
lv2::process *parent;
lv2::process *first_child;
lv2::process *last_child;
u64 num_children;
lv2::mutex field_D0;
lv2::condition_variable field_110;
u64 field_148;
u64 field_150;
u64 field_158;
char *proc_image_filename;
lv2::mutex field_168;
u64 field_1A8;
proc_phys_mem_stat field_1B0;
unk_process_struct_1E8 field_1E8;
lv2::id_table *id_table;
u64 field_210;
u64 field_218;
u64 field_220;
u64 field_228;
u64 field_230;
u64 field_238;
u64 field_240;
u64 field_248;
u64 field_250;
u64 field_258;
u64 field_260;
char osabi_type;
int sdk_version;
u64 field_270;
u64 field_278;
u64 field_280;
u64 field_288;
u64 field_290;
u64 field_298;
u64 field_2A0;
u64 field_2A8;
u64 field_2B0;
u64 field_2B8;
u64 field_2C0;
u64 field_2C8;
u64 field_2D0;
u64 field_2D8;
u64 field_2E0;
u64 field_2E8;
u64 field_2F0;
u64 field_2F8;
u64 field_300;
u64 field_308;
u64 field_310;
u64 field_318;
u64 field_320;
u64 field_328;
u64 field_330;
u64 field_338;
u64 field_340;
u64 field_348;
u64 field_350;
u64 field_358;
u64 field_360;
u64 field_368;
u64 field_370;
u64 field_378;
u64 field_380;
u64 field_388;
u64 field_390;
u64 field_398;
unk_process_struct_3A0 field_3A0;
u64 field_3B0;
u64 field_3B8;
u64 field_3C0;
u64 field_3C8;
};
}
LV2 Kernel Syscall Table from SDK 0.80
LV2 Syscalls Merged Table
Dec | Hex | fw_type | needed_flags | Name | Notes |
---|---|---|---|---|---|
#sys_process Syscalls (1-31) | |||||
1 | 0x001 | CEX DEX DECR | sys_process_getpid | sys_pid_t sys_process_getpid(void); | |
2 | 0x002 | CEX DEX DECR | root | sys_process_wait_for_child | 3 params: sys_pid_t, uint32_t *status, unk=0 |
3 | 0x003 | CEX DEX DECR | sys_process_exit | int sys_process_exit(int) | |
4 | 0x004 | CEX DEX DECR | dbg | sys_process_get_status | int sys_process_get_status(sys_pid_t pid) |
5 | 0x005 | CEX DEX DECR | dbg | sys_process_detach_child | 1 param |
6 | 0x006 | ?? | ?? | syscall_sys_process_create_program_segment | ?? |
7 | 0x007 | ?? | ?? | syscall_sys_process_destroy_program_segment | ?? |
8 | 0x008 | ?? | ?? | syscall_sys_process_authenticate_program_segment | ?? |
9 | 0x009 | ?? | ?? | syscall_sys_process_load_program_segment | ?? |
10 | 0x00A | ?? | ?? | syscall_sys_process_unload_program_segment | ?? |
11 | 0x00B | ?? | ?? | syscall_sys_process_find_and_load_program_segment | ?? |
12 | 0x00C | CEX DEX DECR | sys_process_get_number_of_object | int sys_process_get_number_of_object(uint32_t object_type, uint32_t* count); | |
13 | 0x00D | CEX DEX DECR | sys_process_get_id | int sys_process_get_id(uint32_t object, uint32_t * buff, size_t size, size_t * set_size); | |
14 | 0x00E | CEX DEX DECR | sys_process_is_spu_lock_line_reservation_address | int sys_process_is_spu_lock_line_reservation_address(sys_addr_t addr, uint64_t flags); | |
15 | 0x00F | ?? | ?? | syscall_sys_process_create | ?? |
18 | 0x012 | CEX DEX DECR | sys_process_getppid | sys_pid_t sys_process_getppid(void); | |
19 | 0x013 | CEX DEX DECR | sys_process_kill | int sys_process_kill(sys_pid_t pid); | |
20 | 0x014 | ?? | ?? | syscall_sys_process_create_primary_ppu_thread_tls | ?? |
21 | 0x015 | CEX DEX DECR | dbg | _sys_process_spawn | int sys_process_spawn(int *pid, int prio, uint64_t flags, void *stack, int stack_size, int unk1, int unk2) |
22 | 0x016 | CEX DEX DECR | sys_process_exit | void sys_process_exit(int error_code,0,0) | |
23 | 0x017 | CEX DEX DECR | dbg | sys_process_wait_for_child2 | 6 params |
24 | 0x018 | CEX DEX DECR | dbg | 8 params, spawns a self | |
25 | 0x019 | CEX DEX DECR | sys_process_get_sdk_version | 2 params :sys_pid_t pid, uint8_t outbuf[4] | |
26 | 0x01A | CEX DEX DECR | _sys_process_exit as well | 4 params (calls sys_process_exit) | |
27 | 0x01B | CEX DEX DECR | dbg | 8 params, spawns a self | |
28 | 0x01C | CEX DEX DECR | root | _sys_process_get_number_of_object as well kinda | int sys_process_get_number_of_object(uint32_t object) |
29 | 0x01D | CEX DEX DECR | root | sys_process_get_id as well | same as syscall13 just with root flag check, same input etc. |
30 | 0x01E | CEX DEX DECR | _sys_process_get_paramsfo | int _sys_process_get_paramsfo(uint8_t buffer[0x40]); (more info: #sys_process_get_paramsfo) | |
31 | 0x01F | CEX DEX DECR | sys_process_get_ppu_guid | sys_addr_t sys_process_get_ppu_guid(void); | |
#sys_ppu_thread Syscalls (40-58) | |||||
41 | 0x029 | CEX DEX DECR | sys_ppu_thread_exit | int sys_ppu_thread_exit(int errorcode) | |
43 | 0x02B | CEX DEX DECR | sys_ppu_thread_yield | void sys_ppu_thread_yield(void); | |
44 | 0x02C | CEX DEX DECR | sys_ppu_thread_join | int sys_ppu_thread_join(sys_ppu_thread_t thread_id, uint64_t * vptr); | |
45 | 0x02D | CEX DEX DECR | sys_ppu_thread_detach | int sys_ppu_thread_detach(sys_ppu_thread_t thread_id); | |
46 | 0x02E | CEX DEX DECR | sys_ppu_thread_get_join_state | void sys_ppu_thread_get_join_state(int *isjoinable); | |
47 | 0x02F | CEX DEX DECR | dbg | sys_ppu_thread_set_priority | int sys_ppu_thread_set_priority(sys_ppu_thread_t thread_id, int prio); Flags are checked when 3071 > prio < 3199 |
48 | 0x030 | CEX DEX DECR | sys_ppu_thread_get_priority | int sys_ppu_thread_get_priority(sys_ppu_thread_t thread_id, int *prio); | |
49 | 0x031 | CEX DEX DECR | sys_ppu_thread_get_stack_information | int sys_ppu_thread_get_stack_information(sys_ppu_thread_stack_t * info); | |
50 | 0x032 | CEX DEX DECR | root | sys_ppu_thread_stop | int sys_ppu_thread_stop(sys_ppu_thread_t thread_id); |
51 | 0x033 | CEX DEX DECR | root | sys_ppu_thread_restart | int sys_ppu_thread_restart(void); |
52 | 0x034 | CEX DEX DECR | dbg | sys_ppu_thread_create | int sys_ppu_thread_create(sys_ppu_thread_t *thread_id, & void (*entry)(uint64_t), uint64_t arg, 0, int prio, size_t stacksize, uint64_t flags, const char *threadname); |
53 | 0x035 | CEX DEX DECR | sys_ppu_thread_start | int sys_ppu_thread_start(sys_ppu_thread_t thread_id); | |
54 | 0x036 | CEX DEX DECR | root | syscall(0x036, 0x109/0x111, out: uint8[4]), pu_thread get (kernel) allocation information | |
55 | 0x037 | CEX DEX DECR | root | syscall(0x037, 0x111, 0> int <0x100), pu_thread set (kernel) allocation? information | |
56 | 0x038 | CEX DEX DECR | sys_ppu_thread_rename | int sys_ppu_thread_rename(sys_ppu_thread_t thread_id, const char *name); | |
57 | 0x039 | CEX DEX DECR | sys_ppu_thread_recover_page_fault | int sys_ppu_thread_recover_page_fault(sys_ppu_thread_t thread_id); | |
58 | 0x03A | CEX DEX DECR | sys_ppu_thread_get_page_fault_context | int sys_ppu_thread_get_page_fault_context(sys_ppu_thread_t thread_id, sys_ppu_thread_icontext_t * ctxp); | |
#sys_trace Syscalls (60-69+77) | |||||
60 | 0x03C | DEX DECR | sys_trace_create | ||
61 | 0x03D | DEX DECR | sys_trace_start | ||
62 | 0x03E | DEX DECR | sys_trace_stop | ||
63 | 0x03F | DEX DECR | sys_trace_update_top_index | ||
64 | 0x040 | DEX DECR | sys_trace_destroy | ||
65 | 0x041 | DEX DECR | sys_trace_drain | ||
66 | 0x042 | DEX DECR | sys_trace_attach_process | ||
67 | 0x043 | DEX DECR | sys_trace_allocate_buffer | ||
68 | 0x044 | DEX DECR | sys_trace_free_buffer | ||
69 | 0x045 | DEX DECR | sys_trace_create2 | ||
#sys_timer Syscalls (70-76+141+142) | |||||
70 | 0x046 | CEX DEX DECR | sys_timer_create | int sys_timer_create(sys_timer_t * timer_id); | |
71 | 0x047 | CEX DEX DECR | sys_timer_destroy | int sys_timer_destroy(sys_timer_t timer_id); | |
72 | 0x048 | CEX DEX DECR | sys_timer_get_information | int sys_timer_get_information(sys_timer_t timer_id, sys_timer_information_t * info); | |
73 | 0x049 | CEX DEX DECR | sys_timer_start | int sys_timer_start(sys_timer_t timer_id, system_time_t base_time, usecond_t period); | |
74 | 0x04A | CEX DEX DECR | sys_timer_stop | int sys_timer_stop(sys_timer_t timer_id); | |
75 | 0x04B | CEX DEX DECR | sys_timer_connect_event_queue | int sys_timer_connect_event_queue(sys_timer_t timer_id, sys_event_queue_t queue_id, uint64_t name, uint64_t data1, uint64_t data2); | |
76 | 0x04C | CEX DEX DECR | sys_timer_disconnect_event_queue | int sys_timer_disconnect_event_queue(sys_timer_t timer_id); | |
#sys_trace Syscalls (60-69+77) | |||||
77 | 0x04D | DEX DECR | sys_trace_create2_in_cbepm | ||
78 | 0x04E | DECR | sys_trace_ | ||
#sys_interrupt Syscalls (80+81+84+88+89) | |||||
80 | 0x050 | CEX DEX DECR | sys_interrupt_tag_create | int sys_interrupt_tag_create(sys_interrupt_tag_t * intrtag, sys_irqoutlet_id_t irq, sys_hw_thread_t hwthread); | |
81 | 0x051 | CEX DEX DECR | sys_interrupt_tag_destroy | int sys_interrupt_tag_destroy(sys_interrupt_tag_t intrtag); | |
#sys_event Syscalls (82+83+85-87+118+128-140) | |||||
82 | 0x052 | CEX DEX DECR | sys_event_flag_create | int sys_event_flag_create(sys_event_flag_t * id, sys_event_flag_attribute_t * attr, uint64_t init); | |
83 | 0x053 | CEX DEX DECR | sys_event_flag_destroy | int sys_event_flag_destroy(sys_event_flag_t id); | |
#sys_interrupt Syscalls (80+81+84+88+89) | |||||
84 | 0x054 | CEX DEX DECR | sys_interrupt_thread_establish | int sys_interrupt_thread_establish(sys_interrupt_thread_handle_t * ih, sys_interrupt_tag_t intrtag, uint64_t intrthread, uint64_t arg1, uint64_t arg2); | |
#sys_event Syscalls (82+83+85-87+118+128-140) | |||||
85 | 0x055 | CEX DEX DECR | sys_event_flag_wait | int sys_event_flag_wait(sys_event_flag_t id, uint64_t bitptn, uint32_t mode, uint64_t * result, usecond_t timeout); | |
86 | 0x056 | CEX DEX DECR | sys_event_flag_trywait | int sys_event_flag_trywait(sys_event_flag_t id, uint64_t bitptn, uint32_t mode, uint64_t * result); | |
87 | 0x057 | CEX DEX DECR | sys_event_flag_set | int sys_event_flag_set(sys_event_flag_t id, uint64_t bitptn); | |
#sys_interrupt Syscalls (80+81+84+88+89) | |||||
88 | 0x058 | CEX DEX DECR | sys_interrupt_thread_eoi | void sys_interrupt_thread_eoi(void); | |
89 | 0x059 | CEX DEX DECR | sys_interrupt_thread_disestablish | int sys_interrupt_thread_disestablish(sys_interrupt_thread_handle_t ih); | |
#sys_semaphore Syscalls (90-94+114) | |||||
90 | 0x05A | CEX DEX DECR | sys_semaphore_create | int sys_semaphore_create(sys_semaphore_t * sem, sys_semaphore_attribute_t * attr, sys_semaphore_value_t initial_val, sys_semaphore_value_t max_val); | |
91 | 0x05B | CEX DEX DECR | sys_semaphore_destroy | int sys_semaphore_destroy(sys_semaphore_t sem); | |
92 | 0x05C | CEX DEX DECR | sys_semaphore_wait | int sys_semaphore_wait(sys_semaphore_t sem, usecond_t timeout); | |
93 | 0x05D | CEX DEX DECR | sys_semaphore_trywait | int sys_semaphore_trywait(sys_semaphore_t sem); | |
94 | 0x05E | CEX DEX DECR | sys_semaphore_post | int sys_semaphore_post(sys_semaphore_t sem, sys_semaphore_value_t val); | |
#sys_lwmutex Syscalls (95-99) | |||||
95 | 0x05F | CEX DEX DECR | sys_lwmutex_create | int sys_lwmutex_create(sys_lwmutex_t *lwmutex, sys_lwmutex_attribute_t *attr) | |
96 | 0x060 | CEX DEX DECR | sys_lwmutex_destroy | int sys_lwmutex_destroy(sys_lwmutex_t *lwmutex) | |
97 | 0x061 | CEX DEX DECR | sys_lwmutex_lock | int sys_lwmutex_lock(sys_lwmutex_t *lwmutex, usecond_t timeout) | |
98 | 0x062 | CEX DEX DECR | sys_lwmutex_trylock | int sys_lwmutex_trylock(sys_lwmutex_t *lwmutex) | |
99 | 0x063 | CEX DEX DECR | sys_lwmutex_unlock | int sys_lwmutex_unlock(sys_lwmutex_t *lwmutex) | |
#sys_mutex Syscalls (100-104) | |||||
100 | 0x064 | CEX DEX DECR | sys_mutex_create | int sys_mutex_create(sys_mutex_t * mutex_id, sys_mutex_attribute_t * attr); | |
101 | 0x065 | CEX DEX DECR | sys_mutex_destroy | int sys_mutex_destroy(sys_mutex_t mutex_id); | |
102 | 0x066 | CEX DEX DECR | sys_mutex_lock | int sys_mutex_lock(sys_mutex_t mutex_id, usecond_t timeout); | |
103 | 0x067 | CEX DEX DECR | sys_mutex_trylock | int sys_mutex_trylock(sys_mutex_t mutex_id); | |
104 | 0x068 | CEX DEX DECR | sys_mutex_unlock | int sys_mutex_unlock(sys_mutex_t mutex_id); | |
#sys_cond Syscalls (105-110) | |||||
105 | 0x069 | CEX DEX DECR | sys_cond_create | int sys_cond_create(sys_cond_t * cond_id, sys_mutex_t mutex_id, sys_cond_attribute_t * attr); | |
106 | 0x06A | CEX DEX DECR | sys_cond_destroy | int sys_cond_destroy(sys_cond_t cond_id); | |
107 | 0x06B | CEX DEX DECR | sys_cond_wait | int sys_cond_wait(sys_cond_t cond_id, usecond_t timeout); | |
108 | 0x06C | CEX DEX DECR | sys_cond_signal | int sys_cond_signal(sys_cond_t cond_id); | |
109 | 0x06D | CEX DEX DECR | sys_cond_signal_all | int sys_cond_signal_all(sys_cond_t cond_id); | |
110 | 0x06E | CEX DEX DECR | sys_cond_signal_to | int sys_cond_signal_to(sys_cond_t cond_id, sys_ppu_thread_t thread); | |
#sys_lwcond Syscalls (111+112) | |||||
111 | 0x06F | CEX DEX DECR | sys_lwcond_create | int sys_lwcond_create(sys_lwcond_t *lwcond, sys_lwmutex_t *lwmutex, sys_lwcond_attribute_t *attr) | |
112 | 0x070 | CEX DEX DECR | sys_lwcond_destroy | int sys_lwcond_destroy(sys_lwcond_t *lwcond) | |
113 | 0x071 | CEX DEX DECR | sys_lwcond_queue_wait | 3 params | |
#sys_semaphore Syscalls (90-94+114) | |||||
114 | 0x072 | CEX DEX DECR | sys_semaphore_get_value | int sys_semaphore_get_value(sys_semaphore_t sem, sys_semaphore_value_t * val); |