Talk:LV2 Functions and Syscalls

From PS3 Developer wiki
Jump to navigation Jump to search

Lv2 Syscall Services Usage

Documentation about syscalls with packet id

Syscall 621 (0x26D) Gamepad Ycon Interface

syscall(621,packet_id,r4,r5)

Packet ID Usage
0 sys_gamepad_ycon_initialize ( 0, 0)
1 sys_gamepad_ycon_finalize ( 0, 0)
2 sys_gamepad_ycon_has_input_ownership ( inout[8](if==0->autofill), out[1])
3 sys_gamepad_ycon_enumerate_device ( 0, out[0x20])
4 sys_gamepad_ycon_get_device_info ( in[8], out[0x1C])
5 sys_gamepad_ycon_read_raw_report ( in[4], out[4])
6 sys_gamepad_ycon_write_raw_report ( in[0x3C], out[])
7 sys_gamepad_ycon_get_feature ( in[8], out[0x38?])
8 sys_gamepad_ycon_set_feature (in[6+x](4Bytes+1Byte+1Byte[contains size x]+xBytes),0)
9 sys_gamepad_ycon_is_gem ( 0,out[1])

Syscall 726 (0x2D6) Gelic Device Eurus Post Command

syscall(726,uint16_t cmd, uint8_t *cmdbuf, uint64_t cmdbuf_size)

Packet ID Description

Syscall 861 (0x35D)

syscall(861,packet_id, r4,r5,r6,r7,r8,r9,r10)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003

Packet ID Usage
0 not implemented
1
2
3
4
5
6
7
8
9 not implemented
10 not implemented
11
12
13
14
15
16
17
18
19

Syscall 862 (0x35E) Virtual TRM Manager Interface

syscall(862,packet_id, r4,r5,r6,r7)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003

Packet ID Usage
0x2001
0x2002
0x2003
0x2004
0x2005
0x2006
0x2007 not implemented
0x2008 not implemented
0x2009 not implemented
0x200A
0x200B
0x200C
0x200D
0x200E vtrm_decrypt_master(uint8[0x10],uint8[0x40]
0x200F not implemented
0x2010 not implemented
0x2011 not implemented
0x2012
0x2013
0x2014
0x2015
0x2016
0x2017

Syscall 863 (0x35F) Update Manager Interface

syscall(863,packet_id, r4,r5,r6,r7,r8,r9)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003

Packet ID Usage
0x6001 update_mgr_update_package_tophalf( ,,,)
0x6002 update_manager_if::Inspect_Package(int package_type(1-9),sys_addr_tr * alloc_addr,size,r7=9(cex)/5(dex/tool),r8=out:uint64_t*)
0x6003 update_manager_if::Get_Package_Info(int package_type,out:uint64_t*)
0x6004 update_mgr_get_fix_instruction( )
0x6005 update_mgr_extract_package_tophalf( ,,,,)
0x6006 update_mgr_get_extract_package(,,,,,)
0x6007 not implemented
0x6008 not implemented
0x6009 update_manager_if::get_token_seed( out:uint8[size1],size1,out:uint8[size2],size2) size>=0x50
0x600A update_manager_if::set_token(in:token[size],int size), size>=0x80
0x600B update_manager_if::read_eprom(uint32 offset,out:uint8[1])
0x600C update_manager_if::write_eprom(uint32 offset,uint8 value)
0x600D update_mgr_get_status( ,,,,,)
0x600E update_manager_if::allocate_buffer(size,out:sys_addr_t * alloc_addr)
0x600F update_manager_if::release_buffer(in:sys_addr_t * alloc_addr)
0x6010 not implemented
0x6011 update_manager_if::get_applicable_version(1 ,out:uint8[0x20])
0x6012

Syscall 864 (0x360) Storage Manager Interface

syscall(864,packet_id, r4)
Note: access to this Syscall requries at least 0x20 Debug Control Flags, else 0x80010003

Packet ID Description Notes
0x5004 sys_ss_auth_bd(int) cellSsDrvPs2DiscInsert(0x52)
0x5007 sys_ss_hw_disc_auth_emu(in/out:uint8[0x18]) use can be restricted to certain authentication id's
0x5008 sys_ss_hw_mc(in/out:uint8[0x38]) use can be restricted to certain authentication id's

Syscall 865 (0x361) Random Number Generator

syscall(865,packet_id, r4,r5)

Packet ID Description Notes
1 syscall(865,1, out[0x18], 0x18) size is static
usage with this packet_id requires either 0x40 Root Flags or [0x1B]=8 and a certain authentication id
2 sys_get_random_number(out[size], size)

Syscall 866 (0x362) Secure RTC Manager Interface

syscall(866,packet_id, r4, r5, r6)

Packet ID Description Notes
0x3001 secure_rtc_set_rtc(r4,r5) requries 0x40 root control flags
0x3002 secure_rtc_get_time(r4,r5,r6) might be restricted to certain authentication id's
0x3003 secure_rtc_set_time(r4,r5) requries 0x40 root control flags

Syscall 867 (0x363) AIM Manager Interface

syscall(867,packet_id, r4)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003

Packet ID Description
0x19002 cellSsAimGetDeviceType(out:uint8[0x10])
0x19003 cellSsAimGetDeviceId(out:uint8[0x10])
0x19004 cellSsAimGetPsCode(out:uint8[8])
0x19005 cellSsAimGetOpenPsId(out:uint8[0x10])
0x19006 syscall(867,0x19006)

Syscall 868 (0x364) Indi Info Manager Interface

syscall(868,packet_id, r4,r5,r6,r7)
Note: access to this Syscall requries 0x40 Root Control Flags, but allows 0x20 Debug Flags and certain authentication id's for first packet_id

Packet ID Description
0x17001
0x17002
0x17003
0x17004
0x17005
0x17006
0x17007
0x17008
0x17009
0x1700A
0x1700B
0x1700C
0x1700D
0x1700E
0x1700F
0x17010
0x17011
0x17012
0x17013
0x17014
0x17015
0x17016
0x17017

Syscall 869 (0x365) RTC? Manager Interface

syscall(869,packet_id, r4)
Note: access to this Syscall requries 0x40 Root Control Flags and possibly restricted to certain authentication id's, else 0x80010003

Packet ID Description
0x22001 syscall(869,0x22001, out:uint8[0x80])
0x22002 syscall(869,0x22002, out:uint8[0x690])
0x22003 syscall(869,0x22003, in:uint8[8])
0x22004 syscall(869,0x22004, int)

Syscall 871 (0x367) SS Access Control Engine

syscall(871,packet_id, r4)

Packet ID Usage Notes
1 syscall(871,1,sys_pid_t id,out:uint8[8]) this packet_id requires 0x20 Debug Control Flags or [0x1B]=8 and a certain authentication id, else 0x80010003
2 syscall(871,2,out:uint8[8]) returns authentication id?
3 syscall(871,3,sys_pid_t id) this packet_id requries 0x20 Debug Control Flags, else 0x80010003, but returns 0x8001009

Syscall 876 (0x36C) Disc Access Control

syscall(876,packet_id, r4)
Note: accessing this Syscall is restricted to certain authentication id's

Packet ID Description
0x20000 sys_get_disc_access_control(out:uint8[4])
0x20001 sys_set_disc_access_control(0 / 1)

Syscall 877 (0x36D) User Token Interface

syscall(877,packet_id, r4,size)
Note: access to this Syscall requries 0x40 Root Control Flags, else 0x80010003

Packet ID Description
0x25003 sys_ss_utoken_decrypt(uint8[0xC50], 0xC50)
0x25004 sys_ss_utoken_get?(out:uint8[0xC50], 0xC50)
0x25005 sys_ss_utoken_encrypt(uint8[0xC50], 0xC50)

Syscall 878 (0x36E) Ad Sign

syscall(878,packet_id, r4,r5)
Note: access to this Syscall is restricted to certain authentication id's

Packet ID Description
0x26001 sys_ss_ad_sign(in:uint8[0x14],out:uint[0x80])

Syscall 879 (0x36F) Media ID

syscall(862,packet_id, r4)
Note: access to this Syscall is restricted to certain authentication id's
Note2: it uses Storage Service Id 0x5007, 0x4B

Packet ID Description
0x10001 sysBdMediaId(out:uint8[0x10])

not on the wiki yet

these lv2 syscalls are present, but neither ordinal nor branches are known yet

  sys_usbbtaudio_start_recording_ex
  sys_lwcond_attribute_name_set
  sys_lwmutex_attribute_name_set
  sys_event_flag_attribute_name_set
  sys_semaphore_attribute_name_set
  sys_cond_attribute_name_set
  sys_mutex_attribute_name_set
  sys_raw_spu_mmio_read_ls (no real lv2 syscall, reading mmio address)
  sys_raw_spu_mmio_write_ls (no real lv2 syscall, reading mmio address)
  sys_raw_spu_mmio_read (no real lv2 syscall, reading mmio address)
  sys_raw_spu_mmio_write (no real lv2 syscall, reading mmio address)
  sys_event_queue_attribute_name_set
          
  sys_lwcond_signal
  sys_lwcond_signal_all
  sys_lwcond_signal_to
  sys_lwcond_wait
  sys_spu_elf_get_segments
  sys_raw_spu_image_load
  sys_mmapper_allocate_memory
  sys_ppu_thread_unregister_atexit
  sys_ppu_thread_once
  sys_prx_exitspawn_with_level
  sys_process_at_Exitspawn
  sys_process_atexitspawn
  sys_game_process_exitspawn2
  sys_process_is_stack
  debug syscalls
  sys_dbg_set_stacksize_ppu_exception_handler
  sys_dbg_get_spu_thread_group_ids
  sys_dbg_get_ppu_thread_ids
  sys_dbg_get_spu_thread_ids
  sys_dbg_register_ppu_exception_handler
  sys_dbg_mat_set_condition
  sys_dbg_read_spu_thread_context2
  sys_dbg_enable_floating_point_enabled_exception
  sys_dbg_get_event_queue_information
  sys_dbg_get_spu_thread_name
  sys_dbg_get_ppu_thread_name
  sys_dbg_signal_to_ppu_exception_handler
  sys_dbg_get_mutex_information
  sys_dbg_vm_get_page_information
  sys_dbg_mat_get_condition
  sys_dbg_get_cond_information
  sys_dbg_get_ppu_thread_status
  sys_dbg_get_lwcond_information
  sys_dbg_get_rwlock_information
  sys_dbg_get_spu_thread_group_status
  sys_dbg_get_semaphore_information
  sys_dbg_set_mask_to_ppu_exception_handler
  sys_dbg_get_coredump_params
  sys_dbg_get_address_from_dabr
  sys_dbg_get_spu_thread_group_name
  sys_dbg_finalize_ppu_exception_handler
  sys_dbg_read_spu_thread_context
  sys_dbg_initialize_ppu_exception_handler
  sys_dbg_read_ppu_thread_context
  sys_dbg_unregister_ppu_exception_handler
  sys_dbg_get_lwmutex_information
  sys_dbg_signal_to_coredump_handler
  sys_dbg_set_address_to_dabr
  sys_dbg_get_event_flag_information
  sys_dbg_disable_floating_point_enabled_exception

see also this pastebin: http://pastebin.com/w2xkNZ9T

Custom Syscalls

This is a fself for testing that when started in 4.21 DEX CFW will add lv2_alloc as Syscall 32(Replaces: UNUSED_SYSCALL). It will then try to use it and printf the received pointer. Please test and report back. http://rghost.net/48803322

firmware version offsets

FW version Offset Value Notes
3.72 Retail 0x9150
3.70 Retail 0x9088
3.66 Retail 0x8ef8
3.61 Retail 0x8d04
3.60 Retail 0x8ca0
3.56 Retail 0x8b10
3.55 Retail 0x3329b8 0x8aac
3.55 DEX
3.50 Retail 0x88b8
3.42 Retail 0x8598
3.41 Retail 0x2d7580 0x8534
3.41 DEX
3.41 KIOSK 0x8534
3.40 Retail 0x84d0
3.30 Retail 0x80e8
3.21 Retail 0x7d64
3.15 Retail 0x2d6c00 0x7b0c offset seems to be 6 further @ 0x002d6c06 (see below)
3.10 Retail 0x7918
3.01 Retail 0x7594
2.85 Retail 0x6f54
2.76 Retail 0x6bd0
2.70 Retail 0x6978
2.60 Retail 0x6590
2.53 Retail 0x62d4
2.43 Retail 0x5eec
1.02 Retail 0x27d8

Note: the value is decimal '35500', '34100' and '31500' in hex.

Example

Example from 3.15 with 3.60 spoof:

   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
   002D6C00  00 00 00 00 00 00 8C A0 00 00 00 00 00 00 00 00  ......Œ ........
                               ^^ ^^
                         dec: 36000 spoofed

LV2 Process Structures

lv2::process is the same structure that can be found in CobraUSB source code (process.h). This version was reversed from 3.41 lv2_kernel.

struct proc_phys_mem_stat
{
  u64 field_0;
  u64 field_8;
  u64 field_10;
  u64 field_18;
  u64 field_20;
  u64 field_28;
  u64 field_30;
};

struct unk_process_struct_1E8
{
  u64 field_0;
  u64 field_8;
  u64 field_10;
  u64 field_18;
};

struct unk_process_struct_3A0
{
  u64 field_0;
  u64 field_8;
};

namespace lv2
{
    class wait_queue
    {
        u64 field_0;
        u64 field_8;
        u64 field_10;
    };

    class mutex
    {
        void *vtable;
        u64 field_8;
        u64 field_10;
        lv2::wait_queue field_18;
        u64 field_30;
        u64 field_38;
    };

    class condition_variable
    {
        void *vtable;
        u64 field_8;
        lv2::wait_queue field_10;
        u64 field_28;
        u64 field_30;
    };
    
    class pu_thr
    {
        void *vtable;
        char name[28];
        int thr_id;
        u64 field_28;
        u64 field_30;
        u64 field_38;
        u64 prio;
        u64 field_48;
        u64 field_50;
        u64 field_58;
        u64 field_60;
        u64 field_68;
        u64 stack_address;
        u64 stack_size;
        lv2::process *my_proc;
        u64 field_88;
        u64 field_90;
        u64 general_purpose_registers[32];
        int condition_register;
        u64 exception_register;
        u64 link_register;
        u64 count_register;
        u64 save_restore_register_0;
        u64 save_restore_register_1;
        u64 field_1C8;
        double floating_point_registers[32];
        int field_2D0;
        int floating_point_status_and_control_register;
        u64 field_2D8;
        u64 field_2E0;
        u64 field_2E8;
        u64 field_2F0;
        u64 field_2F8;
        u64 field_300;
        u64 field_308;
        u64 field_310;
        u64 field_318;
        u64 field_320;
        u64 field_328;
        u64 field_330;
        u64 field_338;
        u64 field_340;
        u64 field_348;
        u64 field_350;
        u64 field_358;
        u64 field_360;
        u64 field_368;
        u64 field_370;
        u64 field_378;
        u64 field_380;
        u64 field_388;
        u64 field_390;
        u64 field_398;
        u64 field_3A0;
        u64 field_3A8;
        u64 field_3B0;
        u64 field_3B8;
        u64 field_3C0;
        u64 field_3C8;
        u64 field_3D0;
        u64 field_3D8;
        u64 field_3E0;
        u64 field_3E8;
        u64 field_3F0;
        u64 field_3F8;
        u64 field_400;
        u64 field_408;
        u64 field_410;
        u64 field_418;
        u64 field_420;
        u64 field_428;
        u64 field_430;
        u64 field_438;
        u64 field_440;
        u64 field_448;
        u64 field_450;
        u64 field_458;
        u64 field_460;
        u64 field_468;
        u64 field_470;
        u64 field_478;
        u64 field_480;
        u64 field_488;
        u64 field_490;
        u64 field_498;
        u64 field_4A0;
        u64 field_4A8;
        u64 field_4B0;
        u64 field_4B8;
        u64 field_4C0;
        u64 field_4C8;
        u64 field_4D0;
        u64 field_4D8;
        u64 field_4E0;
        u64 field_4E8;
        u64 field_4F0;
        u64 field_4F8;
        u64 field_500;
        u64 field_508;
        u64 field_510;
        u64 field_518;
        u64 field_520;
        u64 field_528;
        u64 field_530;
        u64 field_538;
        u64 field_540;
        u64 field_548;
        int stop_info;
        u64 field_558;
        u64 field_560;
        u64 field_568;
        u64 field_570;
        u64 field_578;
        u64 field_580;
        u64 field_588;
        u64 field_590;
        u64 field_598;
        u64 field_5A0;
        u64 field_5A8;
        u64 field_5B0;
        u64 field_5B8;
        u64 field_5C0;
        u64 field_5C8;
        u64 field_5D0;
        u64 field_5D8;
        u64 field_5E0;
        u64 field_5E8;
        u64 field_5F0;
        u64 field_5F8;
    };
    
    class id_table
    {
        u64 field_0[256];
        u64 field_800;
        lv2::wait_queue field_808;
        u64 field_820;
    };
    
    class address_space
    {
        u64 field_0;
        u64 field_8;
        u64 field_10;
        u64 field_18;
        u64 field_20;
    };
    
    class process_as
    {
        lv2::address_space field_0;
        u64 field_28;
        u64 field_30;
        u64 field_38;
        u64 field_40;
        u64 field_48;
        u64 field_50;
        u64 field_58;
        u64 field_60;
        u64 field_68;
        u64 field_70;
        u64 field_78;
        u64 field_80;
        u64 field_88;
        u64 field_90;
        u64 field_98;
        u64 field_A0;
        u64 field_A8;
        u64 field_B0;
        u64 field_B8;
        u64 field_C0;
        u64 field_C8;
        u64 field_D0;
        u64 field_D8;
        u64 field_E0;
        u64 field_E8;
        u64 field_F0;
        u64 field_F8;
        u64 field_100;
        u64 field_108;
        u64 field_110;
        u64 field_118;
        u64 field_120;
        u64 field_128;
        u64 field_130;
        u64 field_138;
        u64 field_140;
        u64 field_148;
        u64 field_150;
        u64 field_158;
        u64 field_160;
        u64 field_168;
        u64 field_170;
        u64 field_178;
        u64 field_180;
        u64 field_188;
        u64 field_190;
        u64 field_198;
        u64 field_1A0;
        u64 field_1A8;
        u64 field_1B0;
        u64 field_1B8;
        u64 field_1C0;
        u64 field_1C8;
        u64 field_1D0;
        u64 field_1D8;
        u64 field_1E0;
        u64 field_1E8;
        u64 field_1F0;
        u64 field_1F8;
        u64 field_200;
        u64 field_208;
        u64 field_210;
        u64 field_218;
        u64 field_220;
        u64 field_228;
        u64 field_230;
        u64 field_238;
        u64 field_240;
        u64 field_248;
        u64 field_250;
        u64 field_258;
        u64 field_260;
        u64 field_268;
        u64 field_270;
        u64 field_278;
        u64 field_280;
        u64 field_288;
        u64 field_290;
        u64 field_298;
        u64 field_2A0;
        u64 field_2A8;
        u64 field_2B0;
        u64 field_2B8;
        u64 field_2C0;
        u64 field_2C8;
        u64 field_2D0;
        u64 field_2D8;
        u64 field_2E0;
        u64 field_2E8;
        u64 field_2F0;
        u64 field_2F8;
        u64 field_300;
        u64 field_308;
        u64 field_310;
        u64 field_318;
        u64 field_320;
        u64 field_328;
        u64 field_330;
        u64 field_338;
        u64 field_340;
        u64 field_348;
        u64 field_350;
        u64 field_358;
        u64 field_360;
        u64 field_368;
        u64 field_370;
        u64 field_378;
        u64 field_380;
        u64 field_388;
        u64 field_390;
        u64 field_398;
        u64 field_3A0;
        u64 field_3A8;
        u64 field_3B0;
        u64 field_3B8;
        u64 field_3C0;
        u64 field_3C8;
        u64 field_3D0;
        u64 field_3D8;
        u64 field_3E0;
        u64 field_3E8;
        u64 field_3F0;
        u64 field_3F8;
        u64 field_400;
        u64 field_408;
        u64 field_410;
        u64 field_418;
        u64 field_420;
        u64 field_428;
        u64 field_430;
        u64 field_438;
        u64 field_440;
        u64 field_448;
        u64 field_450;
        u64 field_458;
        u64 field_460;
        u64 field_468;
        u64 field_470;
        u64 field_478;
        u64 field_480;
        u64 field_488;
        u64 field_490;
        u64 field_498;
        u64 field_4A0;
        lv2::mutex field_4A8;
        u64 field_4E8;
        u64 field_4F0;
        u64 field_4F8;
        u64 field_500;
        u64 field_508;
        u64 field_510;
        u64 field_518;
        u64 field_520;
        u64 field_528;
    };

    class process
    {
        void *sc_table;
        lv2::sc_trace *sc_trace;
        u64 field_10;
        u64 field_18;
        u64 field_20;
        int pid;
        int status;
        lv2::process_as *process_as;
        lv2::pu_thr *primary_ppu_thread;
        u64 field_40;
        lv2::pu_thr *field_48;
        u64 num_pu_threads_1;
        u64 num_pu_threads_2;
        u64 field_60;
        u64 field_68;
        u64 field_70;
        u64 field_78;
        u64 field_80;
        u64 field_88;
        u64 field_90;
        u64 field_98;
        u64 field_A0;
        u64 size_of_memory;
        lv2::process *parent;
        lv2::process *first_child;
        lv2::process *last_child;
        u64 num_children;
        lv2::mutex field_D0;
        lv2::condition_variable field_110;
        u64 field_148;
        u64 field_150;
        u64 field_158;
        char *proc_image_filename;
        lv2::mutex field_168;
        u64 field_1A8;
        proc_phys_mem_stat field_1B0;
        unk_process_struct_1E8 field_1E8;
        lv2::id_table *id_table;
        u64 field_210;
        u64 field_218;
        u64 field_220;
        u64 field_228;
        u64 field_230;
        u64 field_238;
        u64 field_240;
        u64 field_248;
        u64 field_250;
        u64 field_258;
        u64 field_260;
        char osabi_type;
        int sdk_version;
        u64 field_270;
        u64 field_278;
        u64 field_280;
        u64 field_288;
        u64 field_290;
        u64 field_298;
        u64 field_2A0;
        u64 field_2A8;
        u64 field_2B0;
        u64 field_2B8;
        u64 field_2C0;
        u64 field_2C8;
        u64 field_2D0;
        u64 field_2D8;
        u64 field_2E0;
        u64 field_2E8;
        u64 field_2F0;
        u64 field_2F8;
        u64 field_300;
        u64 field_308;
        u64 field_310;
        u64 field_318;
        u64 field_320;
        u64 field_328;
        u64 field_330;
        u64 field_338;
        u64 field_340;
        u64 field_348;
        u64 field_350;
        u64 field_358;
        u64 field_360;
        u64 field_368;
        u64 field_370;
        u64 field_378;
        u64 field_380;
        u64 field_388;
        u64 field_390;
        u64 field_398;
        unk_process_struct_3A0 field_3A0;
        u64 field_3B0;
        u64 field_3B8;
        u64 field_3C0;
        u64 field_3C8;
    };
}

LV2 Kernel Syscall Table from SDK 0.80

https://pastebin.com/aTRaFstS

LV2 Syscalls Merged Table

Dec Hex fw_type needed_flags Name Notes
#sys_process Syscalls (1-31)
1 0x001  CEX  DEX  DECR  sys_process_getpid sys_pid_t sys_process_getpid(void);
2 0x002  CEX  DEX  DECR   root  sys_process_wait_for_child 3 params: sys_pid_t, uint32_t *status, unk=0
3 0x003  CEX  DEX  DECR  sys_process_exit int sys_process_exit(int)
4 0x004  CEX  DEX  DECR   dbg  sys_process_get_status int sys_process_get_status(sys_pid_t pid)
5 0x005  CEX  DEX  DECR   dbg  sys_process_detach_child 1 param
6 0x006 ?? ?? syscall_sys_process_create_program_segment ??
7 0x007 ?? ?? syscall_sys_process_destroy_program_segment ??
8 0x008 ?? ?? syscall_sys_process_authenticate_program_segment ??
9 0x009 ?? ?? syscall_sys_process_load_program_segment ??
10 0x00A ?? ?? syscall_sys_process_unload_program_segment ??
11 0x00B ?? ?? syscall_sys_process_find_and_load_program_segment ??
12 0x00C  CEX  DEX  DECR  sys_process_get_number_of_object int sys_process_get_number_of_object(uint32_t object_type, uint32_t* count);
13 0x00D  CEX  DEX  DECR  sys_process_get_id int sys_process_get_id(uint32_t object, uint32_t * buff, size_t size, size_t * set_size);
14 0x00E  CEX  DEX  DECR  sys_process_is_spu_lock_line_reservation_address int sys_process_is_spu_lock_line_reservation_address(sys_addr_t addr, uint64_t flags);
15 0x00F ?? ?? syscall_sys_process_create ??
18 0x012  CEX  DEX  DECR  sys_process_getppid sys_pid_t sys_process_getppid(void);
19 0x013  CEX  DEX  DECR  sys_process_kill int sys_process_kill(sys_pid_t pid);
20 0x014 ?? ?? syscall_sys_process_create_primary_ppu_thread_tls ??
21 0x015  CEX  DEX  DECR   dbg  _sys_process_spawn int sys_process_spawn(int *pid, int prio, uint64_t flags, void *stack, int stack_size, int unk1, int unk2)
22 0x016  CEX  DEX  DECR  sys_process_exit void sys_process_exit(int error_code,0,0)
23 0x017  CEX  DEX  DECR   dbg  sys_process_wait_for_child2 6 params
24 0x018  CEX  DEX  DECR   dbg  8 params, spawns a self
25 0x019  CEX  DEX  DECR  sys_process_get_sdk_version 2 params :sys_pid_t pid, uint8_t outbuf[4]
26 0x01A  CEX  DEX  DECR  _sys_process_exit as well 4 params (calls sys_process_exit)
27 0x01B  CEX  DEX  DECR   dbg  8 params, spawns a self
28 0x01C  CEX  DEX  DECR   root  _sys_process_get_number_of_object as well kinda int sys_process_get_number_of_object(uint32_t object)
29 0x01D  CEX  DEX  DECR   root  sys_process_get_id as well same as syscall13 just with root flag check, same input etc.
30 0x01E  CEX  DEX  DECR  _sys_process_get_paramsfo int _sys_process_get_paramsfo(uint8_t buffer[0x40]); (more info: #sys_process_get_paramsfo)
31 0x01F  CEX  DEX  DECR  sys_process_get_ppu_guid sys_addr_t sys_process_get_ppu_guid(void);
#sys_ppu_thread Syscalls (40-58)
41 0x029  CEX  DEX  DECR  sys_ppu_thread_exit int sys_ppu_thread_exit(int errorcode)
43 0x02B  CEX  DEX  DECR  sys_ppu_thread_yield void sys_ppu_thread_yield(void);
44 0x02C  CEX  DEX  DECR  sys_ppu_thread_join int sys_ppu_thread_join(sys_ppu_thread_t thread_id, uint64_t * vptr);
45 0x02D  CEX  DEX  DECR  sys_ppu_thread_detach int sys_ppu_thread_detach(sys_ppu_thread_t thread_id);
46 0x02E  CEX  DEX  DECR  sys_ppu_thread_get_join_state void sys_ppu_thread_get_join_state(int *isjoinable);
47 0x02F  CEX  DEX  DECR   dbg  sys_ppu_thread_set_priority int sys_ppu_thread_set_priority(sys_ppu_thread_t thread_id, int prio);
Flags are checked when 3071 > prio < 3199
48 0x030  CEX  DEX  DECR  sys_ppu_thread_get_priority int sys_ppu_thread_get_priority(sys_ppu_thread_t thread_id, int *prio);
49 0x031  CEX  DEX  DECR  sys_ppu_thread_get_stack_information int sys_ppu_thread_get_stack_information(sys_ppu_thread_stack_t * info);
50 0x032  CEX  DEX  DECR   root  sys_ppu_thread_stop int sys_ppu_thread_stop(sys_ppu_thread_t thread_id);
51 0x033  CEX  DEX  DECR   root  sys_ppu_thread_restart int sys_ppu_thread_restart(void);
52 0x034  CEX  DEX  DECR   dbg  sys_ppu_thread_create int sys_ppu_thread_create(sys_ppu_thread_t *thread_id, & void (*entry)(uint64_t), uint64_t arg, 0, int prio, size_t stacksize, uint64_t flags, const char *threadname);
53 0x035  CEX  DEX  DECR  sys_ppu_thread_start int sys_ppu_thread_start(sys_ppu_thread_t thread_id);
54 0x036  CEX  DEX  DECR   root  syscall(0x036, 0x109/0x111, out: uint8[4]), pu_thread get (kernel) allocation information
55 0x037  CEX  DEX  DECR   root  syscall(0x037, 0x111, 0> int <0x100), pu_thread set (kernel) allocation? information
56 0x038  CEX  DEX  DECR  sys_ppu_thread_rename int sys_ppu_thread_rename(sys_ppu_thread_t thread_id, const char *name);
57 0x039  CEX  DEX  DECR  sys_ppu_thread_recover_page_fault int sys_ppu_thread_recover_page_fault(sys_ppu_thread_t thread_id);
58 0x03A  CEX  DEX  DECR  sys_ppu_thread_get_page_fault_context int sys_ppu_thread_get_page_fault_context(sys_ppu_thread_t thread_id, sys_ppu_thread_icontext_t * ctxp);
#sys_trace Syscalls (60-69+77)
60 0x03C  DEX   DECR  sys_trace_create
61 0x03D  DEX   DECR  sys_trace_start
62 0x03E  DEX   DECR  sys_trace_stop
63 0x03F  DEX   DECR  sys_trace_update_top_index
64 0x040  DEX   DECR  sys_trace_destroy
65 0x041  DEX   DECR  sys_trace_drain
66 0x042  DEX   DECR  sys_trace_attach_process
67 0x043  DEX   DECR  sys_trace_allocate_buffer
68 0x044  DEX   DECR  sys_trace_free_buffer
69 0x045  DEX   DECR  sys_trace_create2
#sys_timer Syscalls (70-76+141+142)
70 0x046  CEX  DEX  DECR  sys_timer_create int sys_timer_create(sys_timer_t * timer_id);
71 0x047  CEX  DEX  DECR  sys_timer_destroy int sys_timer_destroy(sys_timer_t timer_id);
72 0x048  CEX  DEX  DECR  sys_timer_get_information int sys_timer_get_information(sys_timer_t timer_id, sys_timer_information_t * info);
73 0x049  CEX  DEX  DECR  sys_timer_start int sys_timer_start(sys_timer_t timer_id, system_time_t base_time, usecond_t period);
74 0x04A  CEX  DEX  DECR  sys_timer_stop int sys_timer_stop(sys_timer_t timer_id);
75 0x04B  CEX  DEX  DECR  sys_timer_connect_event_queue int sys_timer_connect_event_queue(sys_timer_t timer_id, sys_event_queue_t queue_id, uint64_t name, uint64_t data1, uint64_t data2);
76 0x04C  CEX  DEX  DECR  sys_timer_disconnect_event_queue int sys_timer_disconnect_event_queue(sys_timer_t timer_id);
#sys_trace Syscalls (60-69+77)
77 0x04D  DEX   DECR  sys_trace_create2_in_cbepm
78 0x04E  DECR  sys_trace_
#sys_interrupt Syscalls (80+81+84+88+89)
80 0x050  CEX  DEX  DECR  sys_interrupt_tag_create int sys_interrupt_tag_create(sys_interrupt_tag_t * intrtag, sys_irqoutlet_id_t irq, sys_hw_thread_t hwthread);
81 0x051  CEX  DEX  DECR  sys_interrupt_tag_destroy int sys_interrupt_tag_destroy(sys_interrupt_tag_t intrtag);
#sys_event Syscalls (82+83+85-87+118+128-140)
82 0x052  CEX  DEX  DECR  sys_event_flag_create int sys_event_flag_create(sys_event_flag_t * id, sys_event_flag_attribute_t * attr, uint64_t init);
83 0x053  CEX  DEX  DECR  sys_event_flag_destroy int sys_event_flag_destroy(sys_event_flag_t id);
#sys_interrupt Syscalls (80+81+84+88+89)
84 0x054  CEX  DEX  DECR  sys_interrupt_thread_establish int sys_interrupt_thread_establish(sys_interrupt_thread_handle_t * ih, sys_interrupt_tag_t intrtag, uint64_t intrthread, uint64_t arg1, uint64_t arg2);
#sys_event Syscalls (82+83+85-87+118+128-140)
85 0x055  CEX  DEX  DECR  sys_event_flag_wait int sys_event_flag_wait(sys_event_flag_t id, uint64_t bitptn, uint32_t mode, uint64_t * result, usecond_t timeout);
86 0x056  CEX  DEX  DECR  sys_event_flag_trywait int sys_event_flag_trywait(sys_event_flag_t id, uint64_t bitptn, uint32_t mode, uint64_t * result);
87 0x057  CEX  DEX  DECR  sys_event_flag_set int sys_event_flag_set(sys_event_flag_t id, uint64_t bitptn);
#sys_interrupt Syscalls (80+81+84+88+89)
88 0x058  CEX  DEX  DECR  sys_interrupt_thread_eoi void sys_interrupt_thread_eoi(void);
89 0x059  CEX  DEX  DECR  sys_interrupt_thread_disestablish int sys_interrupt_thread_disestablish(sys_interrupt_thread_handle_t ih);
#sys_semaphore Syscalls (90-94+114)
90 0x05A  CEX  DEX  DECR  sys_semaphore_create int sys_semaphore_create(sys_semaphore_t * sem, sys_semaphore_attribute_t * attr, sys_semaphore_value_t initial_val, sys_semaphore_value_t max_val);
91 0x05B  CEX  DEX  DECR  sys_semaphore_destroy int sys_semaphore_destroy(sys_semaphore_t sem);
92 0x05C  CEX  DEX  DECR  sys_semaphore_wait int sys_semaphore_wait(sys_semaphore_t sem, usecond_t timeout);
93 0x05D  CEX  DEX  DECR  sys_semaphore_trywait int sys_semaphore_trywait(sys_semaphore_t sem);
94 0x05E  CEX  DEX  DECR  sys_semaphore_post int sys_semaphore_post(sys_semaphore_t sem, sys_semaphore_value_t val);
#sys_lwmutex Syscalls (95-99)
95 0x05F  CEX  DEX  DECR  sys_lwmutex_create int sys_lwmutex_create(sys_lwmutex_t *lwmutex, sys_lwmutex_attribute_t *attr)
96 0x060  CEX  DEX  DECR  sys_lwmutex_destroy int sys_lwmutex_destroy(sys_lwmutex_t *lwmutex)
97 0x061  CEX  DEX  DECR  sys_lwmutex_lock int sys_lwmutex_lock(sys_lwmutex_t *lwmutex, usecond_t timeout)
98 0x062  CEX  DEX  DECR  sys_lwmutex_trylock int sys_lwmutex_trylock(sys_lwmutex_t *lwmutex)
99 0x063  CEX  DEX  DECR  sys_lwmutex_unlock int sys_lwmutex_unlock(sys_lwmutex_t *lwmutex)
#sys_mutex Syscalls (100-104)
100 0x064  CEX  DEX  DECR  sys_mutex_create int sys_mutex_create(sys_mutex_t * mutex_id, sys_mutex_attribute_t * attr);
101 0x065  CEX  DEX  DECR  sys_mutex_destroy int sys_mutex_destroy(sys_mutex_t mutex_id);
102 0x066  CEX  DEX  DECR  sys_mutex_lock int sys_mutex_lock(sys_mutex_t mutex_id, usecond_t timeout);
103 0x067  CEX  DEX  DECR  sys_mutex_trylock int sys_mutex_trylock(sys_mutex_t mutex_id);
104 0x068  CEX  DEX  DECR  sys_mutex_unlock int sys_mutex_unlock(sys_mutex_t mutex_id);
#sys_cond Syscalls (105-110)
105 0x069  CEX  DEX  DECR  sys_cond_create int sys_cond_create(sys_cond_t * cond_id, sys_mutex_t mutex_id, sys_cond_attribute_t * attr);
106 0x06A  CEX  DEX  DECR  sys_cond_destroy int sys_cond_destroy(sys_cond_t cond_id);
107 0x06B  CEX  DEX  DECR  sys_cond_wait int sys_cond_wait(sys_cond_t cond_id, usecond_t timeout);
108 0x06C  CEX  DEX  DECR  sys_cond_signal int sys_cond_signal(sys_cond_t cond_id);
109 0x06D  CEX  DEX  DECR  sys_cond_signal_all int sys_cond_signal_all(sys_cond_t cond_id);
110 0x06E  CEX  DEX  DECR  sys_cond_signal_to int sys_cond_signal_to(sys_cond_t cond_id, sys_ppu_thread_t thread);
#sys_lwcond Syscalls (111+112)
111 0x06F  CEX  DEX  DECR  sys_lwcond_create int sys_lwcond_create(sys_lwcond_t *lwcond, sys_lwmutex_t *lwmutex, sys_lwcond_attribute_t *attr)
112 0x070  CEX  DEX  DECR  sys_lwcond_destroy int sys_lwcond_destroy(sys_lwcond_t *lwcond)
113 0x071  CEX  DEX  DECR  sys_lwcond_queue_wait 3 params
#sys_semaphore Syscalls (90-94+114)
114 0x072  CEX  DEX  DECR  sys_semaphore_get_value int sys_semaphore_get_value(sys_semaphore_t sem, sys_semaphore_value_t * val);