Editing IOCTL

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
In computing, ioctl (an abbreviation of input/output control) is a system call for device-specific input/output operations and other operations which cannot be expressed by regular file semantics. It takes a parameter specifying a request code; the effect of a call depends completely on the request code. Request codes are often device-specific. For instance, a CD-ROM device driver which can instruct a physical device to eject a disc would provide an ioctl request code to do so. Device-independent request codes are sometimes used to give usermode access to kernel functions which are only used by core system software or still under development.
= What is it? =
 
See also [https://en.wikipedia.org/wiki/Ioctl wikipedia page about IOCTL].
 
See also [[Devices]] and [https://www.psdevwiki.com/ps5/IOCTL PS5 IOCTL]s.
 
= Description =


<pre>
<pre>
      int ioctl(int fd, unsigned long request, ...);
       The ioctl() system call manipulates the underlying device parameters
       The ioctl() system call manipulates the underlying device parameters
       of special files.  In particular, many operating characteristics of
       of special files.  In particular, many operating characteristics of
Line 24: Line 16:
       bytes.  Macros and defines used in specifying an ioctl() request are
       bytes.  Macros and defines used in specifying an ioctl() request are
       located in the file <sys/ioctl.h>.
       located in the file <sys/ioctl.h>.
      DIRECTION_INOUT = 0xC000000
      DIRECTION_IN    = 0x8000000
      DIRECTION_OUT  = 0x4000000
      DIRECTION_NONE  = 0x2000000
</pre>
= List of IOCTL by kernel device =
== npdrm ==
<pre>
C0404E03 npdrm_decrypt_isolated_rif
C0404E02 npdrm_decrypt_disc_rif
C0404E01 npdrm_decrypt_kds_rif
</pre>
== sbl ==
=== pup_update / sc_fw_update ===
<pre>
C0184401 decrypt_pup_header
C0184402 verify_pup_additional_sign
C0184403 verify_pup_watermark
C0184404 decrypt_pup_segment
C0284405 decrypt_pup_segment_block
80014406 set_partion_updated ?typo for partition?
20004407 switch_bank
C0104408 ?unknown name?
C0284409 decrypt_pup_header_with_response
C010440A generate_challenge
C008440B get_syscon_key_type
2000440C write_app_pup_info
C010440D verify_bls_header
</pre>
=== crepo ===
<pre>
400C4302 sceSblCryptReleaseContext
C00C4303 crepo_get_sign_crypt_handle
C00C4304 crepo_get_encdec_cryp_handle
</pre>
=== sealedkey / devact / idata ===
<pre>
40845301 sceSblSsGenerateSealedKey
C0845302 sceSblSsDecryptSealedKey
40105303 sceSblDevActSetStatus
C0205364 sceSblIdataGetCprm
C0205365 sceSblIdataGetHddKey
C0205366 sceSblIdataGetEapHddKey
C0205367 sceSblIdataGetCprm
C0205368 sceSblIdataGetChallenge
C0205369 sceSblIdataVeriResponse
C020536A manu_mode_sm_start
C020536B sceSblIdataGetManuMode
C020536C sceSblIdataSetManuMode
C020536D manu_mode_sm_exit
C020536E isSpecialWake
</pre>
=== encdec ===
<pre>
C0284501 sceSblSsDecryptWithPortability
</pre>
=== manu_mode_mgr ===
<pre>
C0205364 _sceSblIdataGetCprm
C0205365 _sceSblIdataGetHddKey
C0205366 _sceSblIdataGetEapHddKey
C0205367 _sceSblIdataGetCprm
C0205368 _sceSblIdataGetChallenge
C0205369 _sceSblIdataVeriResponse
C020536A manu_mode_sm_start
C020536B _sceSblIdataGetManuMode
C020536C _sceSblIdataSetManuMode
C020536D manu_mode_sm_exit
</pre>
=== pfsctl ===
<pre>
80709101 pfs_format
80049102 pfs_sbram_clear_useflag
80389103 pfs_img_compaction
20009104 pfs_img_compaction_cancel
80289105 pfs_sbram_write_metadata
C0389106 pfs_img_clean
80389107 pfs_img_clean_cancel
C0309108 pfs_sbram_get_header
20009109 pfs_sbram_init
</pre>
=== pfs ===
<pre>
C03866A7 pfs_get_data_chunks
80089167
80209168 pfs_allocate_full_icv_cache
80089169 pfs_cmp_get_offset_aio
8080916A
</pre>
</pre>


== av_control ==
== How many exist? Which ones are they? ==


=== av_control ===
=== PUP ===


<pre>
<pre>
C0089A01 enable_crtc_ioctl
C0184401 = decrypt_pup_header
C0089A02 blank_crtc_ioctl
C0184402 = verify_pup_additional_sign
C0089A03 enable_display_data_request_ioctl
C0184403 = verify_pup_watermark
C0089A04 set_double_buff_cntl_ioctl
C0184404 = decrypt_pup_segment
C0089A05 set_master_update_lock_ioctl
C0284405 = decrypt_pup_segment_block
C0089A06 enable_dcfe_clock_ioctl
C0189A07 set_crtc_timing_ioctl
C0089A08 enable_crtc_prefetch_ioctl
C0089A09 set_early_control_ioctl
20009A0A cancel_vga_ioctl
C0049A0C setup_audiopll_ioctl
C0109A0D setup_pixelpll_ioctl
C0109A0E setup_dispclk_ioctl
C0189A0F dp_on_ioctl
C0189A10 dp_off_ioctl
C0089A13 set_pixel_encoding_ioctl
C0089A14 set_subsampling_mode_ioctl
C0089A15 set_truncation_depth_ioctl
C0109A16 set_fmt_spatial_dither_ioctl
C00C9A17 enable_fmt_crc_ioctl
C0109A18 get_fmt_crc_ioctl
C0109A19 set_clamp_ioctl
C0089A1A enable_fmt_truncate_ioctl
C0049A1B disable_fmt_truncate_ioctl
C0089A1C set_formatter_src_ioctl
C0089A1D set_truncation_mode_ioctl
C0089A1E enable_pti_ioctl
C0089A1F dvo_on_ioctl
20009A20 dvo_off_ioctl
</pre>
</pre>


== bt ==
=== DMEM ===
 
=== bt_dev ===
 
<pre>
C0106206 bt_reg_name_lookup
80206216 bt_audio_send_req
80206217 bt_audio_recv_req
20046204 sceBtStartInquiry
20046205 sceBtStopInquiry
80186201 get_registered_info
80186207 reply_pin_code
80106227 bt_get_jedi_vol_gain
80106228 bt_set_jedi_vol_gain
80106208 sceBtReplyUserConfirmation
8004622A sceBtStartMode
80086225
80086202 bt_reg_delete
80086203 sceBtGetConnectingInfo
8008620A sceBtStartConnect
8008620B sceBtStartDisconnect
80086213 bt_avctp_read_volume
8008621A
8008621D
20046226
</pre>
 
== hdmi ==
 
=== hdmi ===
 
<pre>
20008D01 sceHdmiInitVideoConfig
C0108D02 sceHdmiSetVideoConfig
C01C8D03 sceHdmiSetAudioConfig
C0048D05 sceHdmiSetAudioMute
C0108D07 sceHdmiSetGamutMetaData
C0048D0A sceSetHdmiEventConfig
C0088D0B sceHdmiGetMonitorInformation
C0088D0C sceHdmiGetState
C0088D0D getHdmiConnectState
C0108D0E sceHdmiGetKsv
C0088D0F sceHdmiGetKsvSize
C0048D13 sceChangeEdidPassMode
C0048D14 sceChangeHdcpMode
C0108D15 sceHdmiGetAksv
C0048D16 sceHdmiSetScrambleMode
20008D17 sceHdmiTransmitCecSignal
C0048D1E sceChangeCecMode
20008D1F sceHdmiCecOneTouchPlay
C0048D20 sceHdmiCecSetStandyResult
</pre>
 
== camera ==
 
=== luke ===
 
?none?
 
== Unclassified ==
 
=== gbase ===
 
<pre>
C0044507 sceKernelSetBaseModeClock
C0044508 sceKernelSetGpuCu
C0044511 sceKernelSetMemoryPstate
40084516 sceKernelGetMemoryPstate
</pre>
 
=== dmem ===


<pre>
<pre>
Line 255: Line 46:
</pre>
</pre>


=== dbggc ===
=== FAN ===


<pre>
<pre>
C0088500 gbase_read_register
C0068F06 get_fan_manual_duty
C0088501 gbase_write_register
C0048502 gbase_dump_map
</pre>
</pre>


=== twsi ===
=== POWER ===


<pre>
<pre>
C0188601 read_twsi
C0019901 icc_notify_boot_status
C0188602 write_twsi
C0099902 icc_get_system_powerup_cause
C1009903 icc_read_boot_message
C00C9904 icc_power_get_number_of_boot_shutdown
C0109905 icc_power_get_operating_time
20009906 icc_power_set_bootup_at_poweron
</pre>
</pre>


=== metadbg ===
=== PFS ===


<pre>
<pre>
C0888763 metadbg_call0
80709101 pfs_format
80049102 pfs_sbram_clear_useflag
80389103 pfs_img_compaction
20009104 pfs_img_compaction_cancel
80289105 pfs_sbram_write_metadata
C0389106 pfs_img_clean
80389107 pfs_img_clean_cancel
C0309108 pfs_sbram_get_header
20009109 pfs_sbram_init
</pre>
</pre>


=== dipsw_dev ===
=== CONFIGURATION ===
 
<pre>
20008800 sceKernelInitializeDipsw
80028801 sceKernelSetDipsw
80028802 sceKernelUnsetDipsw
C0088803 sceKernelCheckDipsw
80108804 sceKernelReadDipswData
80108805 sceKernelWriteDipswData
40048806 sceKernelCheckDipsw
</pre>
 
=== icc_fan ===
 
<pre>
C0168F01 eval_fan_id
C0048F04
C0068F06 get_fan_manual_duty
C01C8F07
C01C8F08
C0148F09
</pre>
 
=== icc_thermal ===
 
<pre>
C0169001
C0169002
</pre>
 
=== icc_configuration ===


<pre>
<pre>
C0029203 icc_configuration_get_cpu_info_bit
C0029203 icc_configuration_get_cpu_info_bit
80029204 icc_configuration_set_cpu_info_bit
80029204 icc_configuration_set_cpu_info_bit
20009205
80019206 set_download_mode
80019206 icc_configuration_set_download_mode
40019207 icc_configuration_get_cp_mode
40019207 icc_configuration_get_cp_mode
80019208 icc_configuration_set_cp_mode
80019208 icc_configuration_set_cp_mode
</pre>
</pre>


=== icc_indicator ===
=== INDICATOR ===


<pre>
<pre>
Line 332: Line 102:
</pre>
</pre>


=== icc_nvs ===
=== NVS ===


<pre>
<pre>
Line 338: Line 108:
</pre>
</pre>


=== icc_power ===
=== SC CONFIG ===
 
<pre>
C0019901 icc_notify_boot_status
C0099902 icc_get_system_powerup_cause
C1009903 icc_read_boot_message
C00C9904 icc_power_get_number_of_boot_shutdown
C0109905 icc_power_get_operating_time
20009906 icc_power_set_bootup_at_poweron
</pre>
 
=== icc_sc_config ===


<pre>
<pre>
Line 355: Line 114:
</pre>
</pre>


=== icc_device_power ===
=== DEVICE POWER ===


<pre>
<pre>
Line 367: Line 126:
40019C08 icc_device_power_get_bd_power_state
40019C08 icc_device_power_get_bd_power_state
</pre>
</pre>
=== uipc_control ===
?none?
=== sce_exfatfs_vop ===
?none?
=== sbi ===
<pre>
4004A501 sceKernelGetCpuTemperature
C008A502 sceKernelGetSocSensorTemperature
</pre>
* Thanks to SocraticBliss for the names.
= Finding the IOCTL handler address for a device in kernel =
# Find a string of the device name in kernel.
# There should be only two cross-references from function: make_dev and mutex_init. make_dev is the interesting one.
# The structure before the device string is what we want to look.
# Follow the structure then go to the very last offset of the structure. It is the handler function in charge of IOCTLs for that device.
</pre>
{{Reverse Engineering}}
<noinclude>
[[Category:Main]]
</noinclude>
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)