VSMX
Jump to navigation
Jump to search
Description
Virtual Script Machine Instructions (VSMX) file (filename extension .jsx, a .js compiled)
History:
Rcomage can compile/decompile .jsx (VSMX) <=> .JS (need to change the VSMX version at offset 0x04 to 01 (PSP?) instead of 02 (PS3?)
but it's very buggy and usually doesn't work right
- VSMX files are used on:
- PSP (inside RCO's from video/music UMDs, and two lftv firmware RCO's in flash0/vsh/resource/...)
- PS3 (inside RAF's: on Coldboot.raf, PS3 themes animated) and some PS3 Games?
- PSVita & PS4 (unknown)
VSMX Structure
Header
| Offset | Size | Example (hex) from coldboot.jsx |
Value | Notes |
|---|---|---|---|---|
| 0x00 | 0x04 | 0x56534D58 | VSMX | Magic |
| 0x04 | 0x04 | 0x00000200 | 2.0 | Mayor version.Minor version (PSP=1.0) (PS3=2.0) |
| 0x08 | 0x04 | 0x34000000 | 0x34 | absolute offset of OPCODE table (also, header length) |
| 0x0C | 0x04 | 0x30100000 | 0x1030 | length of OPCODE table (also, number of entries = length / 8) |
| 0x10 | 0x04 | 0x64100000 | 0x1064 | absolute offset of STRING table |
| 0x14 | 0x04 | 0x7A000000 | 0x7A | length of STRING table |
| 0x18 | 0x04 | 0x08000000 | 0x8 | number of entries inside STRING table |
| 0x1C | 0x04 | 0xDE100000 | 0x10DE | absolute offset of ATTR table |
| 0x20 | 0x04 | 0xA2000000 | 0xA2 | length of ATTR table |
| 0x24 | 0x04 | 0x09000000 | 0x9 | number of entries inside ATTR table |
| 0x28 | 0x04 | 0x80110000 | 0x1180 | absolute offset of GLOBAL table |
| 0x2C | 0x04 | 0x70010000 | 0x170 | length of GLOBAL table |
| 0x30 | 0x04 | 0x23000000 | 0x23 | number of entries inside GLOBAL table |
- Table access related opcodes: (this is here by now just as an argument of why to choose this names for the tables, if there are better names please suggest/discuss or change them)
- 0x28 PUSH_STRING
- 0x2F GETATTR, 0x30 GETATTR_KEEPOBJ
- 0x2E PUSH_GLOBAL
OPCODE Table
- Instructions length: 4+4 bytes? (or 3+1+4)
- See Pastebin (without the header) of the coldboot.
| OpCode (short) |
Mnemonics (official) |
Mnemonics (rcomage) |
group | Notes |
|---|---|---|---|---|
| 0x00 | NOP | UNKNOWN_0 | - | - |
| 0x01 | ASSGN | ASSIGN | Assignment Operators | - |
| 0x02 | ADD | ADD | Arithmetic Operators | - |
| 0x03 | SUB | SUBTRACT | Arithmetic Operators | - |
| 0x04 | MUL | MULTIPLY | Arithmetic Operators | - |
| 0x05 | DIV | DIVIDE | Arithmetic Operators | - |
| 0x06 | MOD | MODULUS | Arithmetic Operators | - |
| 0x07 | TO_NUMBER | POSITIVE | - | - |
| 0x08 | CSIGN | NEGATE | - | - |
| 0x09 | NOT | NOT | - | - |
| 0x0A | INC | PRE_INCREMENT | Arithmetic Operators | - |
| 0x0B | DEC | PRE_DECREMENT | Arithmetic Operators | - |
| 0x0C | POST_INC | INCREMENT | Arithmetic Operators | - |
| 0x0D | POST_DEC | DECREMENT | Arithmetic Operators | - |
| 0x0E | CMPEQ | TEST_EQUAL | Compare Operators | - |
| 0x0F | CMPNEQ | TEST_NOT_EQUAL | Compare Operators | - |
| 0x10 | CMPSEQ | TEST_IDENTITY | Compare Operators | - |
| 0x11 | CMPSNEQ | TEST_NON_IDENTITY | Compare Operators | - |
| 0x12 | CMPLT | TEST_LESS_THAN | Compare Operators | - |
| 0x13 | CMPLE | TEST_LESS_EQUAL_THAN | Compare Operators | - |
| 0x14 | CMPGE | TEST_MORE_EQUAL_THAN | Compare Operators | - |
| 0x15 | CMPGT | TEST_MORE_THAN | Compare Operators | - |
| 0x16 | INSTANCEOF | UNKNOWN_16 | - | - |
| 0x17 | IN | UNKNOWN_17 | - | - |
| 0x18 | TYPEOF | TYPEOF | - | - |
| 0x19 | BIT_AND | BINARY_AND | Bitwise Operators | - |
| 0x1A | BIT_XOR | BINARY_XOR | Bitwise Operators | - |
| 0x1B | BIT_OR | BINARY_OR | Bitwise Operators | - |
| 0x1C | BIT_NOT | BINARY_NOT | Bitwise Operators | - |
| 0x1D | LSHIFT | LSHIFT | Bitwise Operators | - |
| 0x1E | S_RSHIFT | RSHIFT | Bitwise Operators | - |
| 0x1F | U_RSHIFT | UNSIGNED_RSHIFT | Bitwise Operators | - |
| 0x20 | COPY | STACK_PUSH | - | - |
| 0x21 | SWAP | UNKNOWN_21 | - | - |
| 0x22 | REMOVE | END_STATEMENT | - | - |
| 0x23 | PUSH_UNDEFINED | CONST_NULL | Data Types | - |
| 0x24 | PUSH_NULL | CONST_EMPTY_ARRAY | Data Types | - |
| 0x25 | PUSH_BOOL | CONST_BOOL | Data Types | - |
| 0x26 | PUSH_INT | CONST_INT | Data Types | - |
| 0x27 | PUSH_FLOAT | CONST_FLOAT | Data Types | - |
| 0x28 | PUSH_STRING | CONST_STRING | Data Types | - |
| 0x29 | PUSH_OBJECT | CONST_OBJECT | - | - |
| 0x2A | PUSH_FUNC | FUNCTION | - | byte 4 uses a "flag" |
| 0x2B | PUSH_ARRAY | CONST_ARRAY | - | - |
| 0x2C | PUSH_THIS | THIS_OBJECT | - | - |
| 0x2D | PUSH_LOCAL | UNNAMED_VARIABLE | - | - |
| 0x2E | PUSH_GLOBAL | NAME | - | - |
| 0x2F | GETATTR | PROPERTY | - | - |
| 0x30 | GETATTR_KEEPOBJ | METHOD | - | - |
| 0x31 | SETATTR | SET | - | - |
| 0x32 | DELATTR | UNSET | - | - |
| 0x33 | APPEND_ATTR | OBJECT_ADD_ATTRIBUTE | - | - |
| 0x34 | GETITEM | ARRAY_INDEX | - | - |
| 0x35 | GETITEM_KEEPOBJ | UNKNOWN_35 | - | - |
| 0x36 | SETITEM | ARRAY_INDEX_ASSIGN | - | - |
| 0x37 | DELITEM | UNKNOWN_37 | - | - |
| 0x38 | APPEND_ITEM | ARRAY_PUSH | - | - |
| 0x39 | JUMP | JUMP | - | - |
| 0x3A | JUMPT | JUMP_IF_TRUE | - | - |
| 0x3B | JUMPF | JUMP_IF_FALSE | - | - |
| 0x3C | CALL_FUNC | CALL_FUNCTION | - | - |
| 0x3D | CALL_METHOD | CALL_METHOD | - | - |
| 0x3E | CALL_CONSTRUCTOR | CALL_INBUILT / CALL_NEW | - | - |
| 0x3F | RET | RETURN | - | - |
| 0x40 | THROW | UNKNOWN_40 | - | - |
| 0x41 | TRYBLK_IN | UNKNOWN_41 | - | - |
| 0x42 | TRYBLK_OUT | UNKNOWN_42 | - | - |
| 0x43 | CATCH_FINALLYBLK_IN | UNKNOWN_43 | - | - |
| 0x44 | CATCH_FINALLYBLK_OUT | UNKNOWN_44 | - | - |
| 0x45 | HALT | END_SCRIPT | - | - |
| 0x46 | DEBUG_FILE | DEBUG_FILE | - | - |
| 0x47 | DEBUG_LINE | DEBUG_LINE | - | - |
| 0x48 | GETITEM_KEEPOBJNAME | UNKNOWN_48 | - | - |
| 0x49 | PUSH_VECTOR | UNKNOWN_49 / MAKE_FLOAT_ARRAY | Data Types | - |
| 0x4A | GET_VECTOR_ELEMENT | UNKNOWN_4a | - | - |
| 0x4B | GET_VECTOR_ELEMENT_KEEPVECTOR | UNKNOWN_4b | - | - |
| 0x4C | ASSGN_VECTOR_ELEMENT | UNKNOWN_4c | - | - |
| 0x4D | SETATTR_VECTOR_ELEMENT | UNKNOWN_4d | - | byte 4 uses a vector identifyer -> |
| 0x4E | SETITEM_VECTOR_ELEMENT | UNKNOWN_4e | - | |
Arithmetic Operators
May be move later to PlayStation JavaScript or make it as template
Arithmetic operators are used to perform arithmetic between variables and/or values.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| 0x02 | ADD | + | Addition |
| 0x03 | SUB | - | Subtraction |
| 0x04 | MUL | * | Multiplication |
| 0x05 | DIV | / | Division |
| 0x06 | MOD | % | Modulus (division remainder) |
| 0x0A | INC | ++ | Increment |
| 0x0B | DEC | -- | Decrement |
| 0x0C | POST_INC | ++ | Increment |
| 0x0D | POST_DEC | -- | Decrement |
Bitwise Operators
Bit operators work on 32 bits numbers.
Any numeric operand in the operation is converted into a 32 bit number.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| 0x19 | BIT_AND | & | AND |
| 0x1B | BIT_OR | | | OR |
| 0x1C | BIT_NOT | ~ | NOT |
| 0x1A | BIT_XOR | ^ | XOR |
| 0x1D | LSHIFT | << | Left Shift |
| 0x1E | S_RSHIFT | >> | Right Shift |
Compare Operators
Comparison and Logical operators are used to test for true or false.
Comparison operators are used in logical statements to determine equality or difference between variables or values.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| 0x0E | CMPEQ | == | Equality |
| 0x10 | CMPSEQ | === | Strict Equal value and equal type |
| 0x0F | CMPNEQ | != | Inequality |
| 0x11 | CMPSNEQ | !== | Strict not equal value or not equal type |
| 0x15 | CMPGT | > | Greater Than |
| 0x14 | CMPGE | >= | Greater Than or Equal To |
| 0x12 | CMPLT | < | Less Than |
| 0x13 | CMPLE | <= | Less Than or Equal To |
- http://es5.github.io/#x11.9.3 The Abstract Equality Comparison Algorithm
- http://es5.github.io/#x11.9.6 The Strict Equality Comparison Algorithm
Logical Operators
Comparison and Logical operators are used to test for true or false.
Logical operators are used to determine the logic between variables or values.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| - | || | or | |
| - | && | and |
STRING table
ATTR Table
GLOBAL Table
VSMX Decompilation sample
This is an example of the decodification and decompilation made with the VSMX script contained inside coldboot.raf. The decompilation has been made by hand because the vsmx decompiler by ZiNgA BuRgA doesnt supports vectors and crashes, the purpose is to serve as an explain of how the opcodes works, the features that was added to VSMX v2 format for PS3, and as an overall explain of how to decompile other VSMX files
The file can be saved as .js and compiled directlly (there is no need to remove the comments), for a better view of the decompiled code without the comments in PlayStation JavaScript format see coldboot.raf page
- Form left to right:
- NUM - Is the opcode number (important because the JUMPS are pointers to other opcodes identifyed by his number)
- OPCODE - The hex value that identifyes the opcode (first byte)... second byte reserved?... third byte unknown... fourth byte argument
- VALUE - Any value, or pointer to internal VSMX tables (4 bytes)
- OPCODE NAME - Self explanatory, is a direct conversion from the hex value to the name
- VALUES CONVERSION - For pointers are text strings extracted from internal VSMX tables, Data types are the conversion from hex, JUMPS and FUNCTS contains also identifyers for other opcodes and arguments
- DECOMPILED PSJS CODE - The source code in PlayStation JavaScript format ready to compile, it will generate a coldboot.jsx exactly like the one extracted from coldboot.raf by the CXML decompiler tool
Code Sample
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
