Talk:PSP Custom Configs
Jump to navigation
Jump to search
Orphan/unknown debug info
This info was published with the name "Experimental Patch", and has been waiting more than 5 years for either: identify the game... or delete it
Original:
00000000000285B0
00000000000285B0 empty_buffer: # CODE XREF: sceIoIoctlAsync+74�j
00000000000285B0 # sceIofileAsync+140�j ...
00000000000285B0 li r31, 0
00000000000285B4 clrldi r27, r3, 32
00000000000285B8 li r29, 0
00000000000285BC cmpwi cr4, r31, 0
00000000000285C0
00000000000285C0 IoFileMgrForUser_822ADD32: # CODE XREF: sceIoIoctlAsync+184�j
00000000000285C0 # sceIofileAsync+2D0�j
00000000000285C0 clrldi r7, r23, 32 # out data ptr
00000000000285C4 extsw r3, r24 # id
00000000000285C8 extsw r4, r28 # cmd
00000000000285CC mr r6, r27 # in size
00000000000285D0 clrldi r8, r25, 32 # out len
00000000000285D4 mr r5, r29 # in data ptr
00000000000285D8 bl _IoFileMgrForUser_822ADD32 # pspFileSystem.... ?
00000000000285DC ld r2, 0xC0+var_98(r1)
00000000000285E0 mr r31, r3
00000000000285E4 beq cr4, loc_285F4 # nop
00000000000285E8 mr r3, r29
00000000000285EC bl _sys_libc_free
00000000000285F0 ld r2, 0xC0+var_98(r1)
00000000000285F4
00000000000285F4 loc_285F4: # CODE XREF: sceIoIoctlAsync+B4�j
00000000000285F4 stw r31, 8(r30) # return value
Modification:
LOAD:00000000000285B0
LOAD:00000000000285B0 loc_285B0: # CODE XREF: sceIoIoctlAsync+74�j
LOAD:00000000000285B0 # sceIoIoctlAsync+140�j ...
LOAD:00000000000285B0 bl _sys_libc_malloc
LOAD:00000000000285B4 clrldi r26, r3, 32
LOAD:00000000000285B8 lis r28, 0x101 # 0x1010005 # Seek cmd id
LOAD:00000000000285BC ori r28, r28, 5 # 0x1010005
LOAD:00000000000285C0 b loc_28724
LOAD:00000000000285C4 # ---------------------------------------------------------------------------
LOAD:00000000000285C4
LOAD:00000000000285C4 loc_285C4: # CODE XREF: sceIoIoctlAsync+184�j #
LOAD:00000000000285C4 # sceIoIoctlAsync+2D0�j # Both branches also modified, so we can use 5x4 bytes
LOAD:00000000000285C4 clrldi r7, r23, 32
LOAD:00000000000285C8 extsw r3, r24
LOAD:00000000000285CC extsw r4, r28
LOAD:00000000000285D0 mr r6, r27
LOAD:00000000000285D4 clrldi r8, r25, 32
LOAD:00000000000285D8 mr r5, r29
LOAD:00000000000285DC bl _IoFileMgrForUser_822ADD32
LOAD:00000000000285E0 ld r2, 0xC0+var_98(r1)
LOAD:00000000000285E4 mr r31, r3
LOAD:00000000000285E8 mr r3, r29
LOAD:00000000000285EC bl _sys_libc_free
LOAD:00000000000285F0 ld r2, 0xC0+var_98(r1)
LOAD:00000000000285F4 stw r31, 8(r30)
Unsupported ID's will be replaced with empty buffers and simply sent through IoIoctl.
PGD = ID 0x04100001
This ugly and highly experimental poc code simply redirects unsupported cmd's to 0x01010005 (Seek Begin)
prolly breaks other cmd's
Supported cmd ID's:
0x1010005 (UMD file seek set) 0x1010009 0x101000A (0x1020006) (0x1020007) 0x1030008 (Read UMD file) (0x1D20002) 0x1F100A6 (UMD file seek whence) 0x1F30003 (UMD disc read sectors operation)
Referenced as help:
https://raw.githubusercontent.com/hrydgard/ppsspp/master/Core/HLE/sceIo.cpp
https://code.google.com/p/jpcsp/source/browse/trunk/src/jpcsp/HLE/modules150/IoFileMgrForUser.java
0x01020001 - Get UMD Primary Volume Descriptor 0x01020002 - Get UMD Path Table 0x01020003 - Get UMD sector size 0x01020004 - Get UMD file pointer 0x01010005 - Set UMD file seek 0x01020006 - Get UMD file start sector 0x01020007 - Get UMD file length in bytes 0x01030008 - Read UMD file 0x01D20001 - Get UMD device file current sector seek position 0x01F30003 - Read raw sectors from UMD device file 0x01F100A6 - Set UMD device file seek by sector 0x04100001 - Define decryption key (DRM by amctrl.prx) 0x04100002 - Set PGD offset 0x04100010 - Get PGD data size