Syscalls

From PS4 Developer wiki
Jump to: navigation, search

PS4 custom system calls

#syscall ID FW Ver Name Prototype Notes
99 <=1.01? sys_netcontrol int sys_netcontrol(int fd, uint op, void *buf, uint nbuf) -
101 <=1.01? sys_netabort - -
102 <=1.01? sys_netgetsockinfo - -
113 <=1.01? sys_socketex int sys_socketex(const char *name, int domain, int type, int protocol) Like existing socket syscall, but with the addition of a name argument.
114 <=1.01? sys_socketclose - -
125 <=1.01? sys_netgetiflist - -
141 <=1.01? sys_kqueueex - -
379 >1.01 <=1.76? sys_mtypeprotect - -
532 <=1.76? sys_regmgr_call - -
533 <=1.01? sys_jitshm_create - Only callable from a jit compiler process, else returns EPERM (0x1)
534 <=1.01? sys_jitshm_alias - Only callable from a jit compiler/application process, else returns EPERM (0x1)
535 <=1.01? sys_dl_get_list - Only callable from a debugger, core dump, or syscore process, else returns EPERM (0x1)
536 <=1.01? sys_dl_get_info - Only callable from a debugger, core dump, or syscore process, else returns EPERM (0x1)
537 <=1.01? sys_dl_notify_event - Always returns ENOSYS (0x4E) (may only be implemented in devkits)
538 <=1.01? sys_evf_create int sys_evf_create(char* name, int flag, struct evFlag *evf) -
539 <=1.01? sys_evf_delete int sys_evf_delete(int id) -
540 <=1.01? sys_evf_open int sys_evf_open(struct evFlag *evf) -
541 <=1.01? sys_evf_close int sys_evf_close(int id) -
542 <=1.01? sys_evf_wait - -
543 <=1.01? sys_evf_trywait - -
544 <=1.01? sys_evf_set int sys_evf_set(int id) -
545 <=1.01? sys_evf_clear int sys_evf_clear(int id) -
546 <=1.01? sys_evf_cancel int sys_evf_cancel(int id) -
547 <=1.01? sys_query_memory_protection - -
548 <=1.01? sys_batch_map - -
549 <=1.01? sys_osem_create - -
550 <=1.01? sys_osem_delete - -
551 <=1.01? sys_osem_open - -
552 <=1.01? sys_osem_close - -
553 <=1.01? sys_osem_wait - -
554 <=1.01? sys_osem_trywait - -
555 <=1.01? sys_osem_post - -
556 <=1.01? sys_osem_cancel - -
557 <=1.01? sys_namedobj_create - -
558 <=1.01? sys_namedobj_delete - -
559 <=1.01? sys_set_vm_container - Successful call requires privileges (uid0), else returns EPERM (0x1)
560 <=1.01? sys_debug_init - -
561 <=1.01? sys_suspend_process int sys_suspend_process(int pid) Successful call requires credentials (td->td_proc->p_ucred), else returns EPERM (0x1)
562 <=1.01? sys_resume_process int sys_resume_process(int pid) Successful call requires credentials (td->td_proc->p_ucred), else returns EPERM (0x1)
563 <=1.01? sys_opmc_enable - -
564 <=1.01? sys_opmc_disable - -
565 <=1.01? sys_opmc_set_ctl - -
566 <=1.01? sys_opmc_set_ctr - -
567 <=1.01? sys_opmc_get_ctr - -
568 <=1.01? sys_budget_create - Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
569 <=1.01? sys_budget_delete - Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
570 <=1.01? sys_budget_get - Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
571 <=1.01? sys_budget_set - Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
572 <=1.01? sys_virtual_query int sys_virtual_query(uint64_t addr, uint64_t unk, void *info, uint64_t info_size) -
573 <=1.01? sys_mdbg_call - Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
574 <=1.01? sys_sblock_create - -
575 <=1.01? sys_sblock_delete - -
576 <=1.01? sys_sblock_enter - -
577 <=1.01? sys_sblock_exit - -
578 <=1.01? sys_sblock_xenter - -
579 <=1.01? sys_sblock_xexit - -
580 <=1.01? sys_eport_create - -
581 <=1.01? sys_eport_delete - -
582 <=1.01? sys_eport_trigger - -
583 <=1.01? sys_eport_open - -
584 <=1.01? sys_eport_close - -
585 <=1.01? sys_is_in_sandbox - -
586 <=1.01? sys_dmem_container - Successful call requires privileges (uid0), else returns EPERM (0x1)
587 <=1.01? sys_get_authinfo - Some functionality requires privileges (uid0)
588 <=1.01? sys_mname - -
589 <=1.01? sys_dynlib_dlopen - Always returns ENOSYS (0x4E) (may only be implemented in devkits)
590 <=1.01? sys_dynlib_dlclose - -
591 <=1.01? sys_dynlib_dlsym int sys_dynlib_dlsym(SceKernelModule handle, const char *symbol, void **addrp) -
592 <=1.01? sys_dynlib_get_list int sys_dynlib_get_list(SceKernelModule *pArray, size_t numArray, size_t * pActualNum) -
593 <=1.01? sys_dynlib_get_info int sys_dynlib_get_info(SceKernelModule handle, SceDbgModuleInfo *pInfo) Sony has stripped module information since 1.76 FW (STO) *
594 <=1.01? sys_dynlib_load_prx int sys_dynlib_load_prx(const char *moduleFileName, size_t args, const void *argp, uint32_t flags, const SceKernelLoadModuleOpt *pOpt, int *pRes) -
595 <=1.01? sys_dynlib_unload_prx int sys_dynlib_unload_prx(SceKernelModule handle, size_t args, const void *argp, uint32_t flags, const SceKernelUnloadModuleOpt *pOpt, int *pRes) -
596 <=1.01? sys_dynlib_do_copy_relocations - -
597 <=1.01? sys_dynlib_prepare_dlclose - Contains an exploitable integer overflow on FWs <= 1.76
598 <=1.01? sys_dynlib_get_proc_param - -
599 <=1.01? sys_dynlib_process_needed_and_relocate - -
600 <=1.01? sys_sandbox_path - Successful call requires credentials (td->td_proc->p_ucred), else returns EPERM (0x1)
601 <=1.01? sys_mdbg_service - -
602 <=1.01? sys_randomized_path - Some functionality requires privileges (uid0)
603 <=1.01? sys_rdup - Successful call requires privileges (uid0), else returns EPERM (0x1)
604 <=1.01? sys_dl_get_metadata - Only callable from a debugger, core dump, or syscore process, else returns EPERM (0x1)
605 <=1.01? sys_workaround8849 - -
606 <=1.01? sys_is_development_mode - -
607 <=1.01? sys_get_self_auth_info - -
608 <=1.01? sys_dynlib_get_info_ex int sys_dynlib_get_info_ex(int moduleHandle, struct Unk *unk, int *destModuleInfoEx) -
609 <=1.01? sys_budget_getid int sys_budget_getid(void) Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
610 <=1.01? sys_budget_get_ptype int sys_budget_get_ptype(int budgetID) -
611 <=1.01? sys_get_paging_stats_of_all_threads - Successful call requires credentials (td->td_proc->p_ucred), else returns EPERM (0x1)
612 <=1.01? sys_get_proc_type_info int sys_get_proc_type_info(int *destProcessInfo) Only callable from certain processes mainly involving media and JiT
613 >1.01 <=1.76? sys_get_resident_count int sys_get_resident_count(int pid) Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
614 <=1.76? sys_prepare_to_suspend_process int sys_prepare_to_suspend_process(int pid) Successful call requires credentials (td->td_proc->p_ucred), else returns ENOSYS (0x4E)
615 <=1.76? sys_get_resident_fmem_count int sys_get_resident_fmem_count(int pid) Some functionality requires privileges (uid0)
616 <=1.76? sys_thr_get_name int sys_thr_get_name(int threadID) -
617 <=1.76? sys_set_gpo - Only callable on development kit (devkit) units
618 >1.76? sys_get_paging_stats_of_all_objects -
619 >1.76? sys_test_debug_rwmem -
620 >1.76? sys_free_stack -
621 >1.76? sys_suspend_system -
622 >1.76? sys_ipmimgr_call -
623 >1.76? sys_get_gpo -
624 >1.76? sys_get_vm_map_timestamp -
625 >1.76? sys_opmc_set_hw -
626 >1.76? sys_opmc_get_hw -
627 >1.76? sys_get_cpu_usage_all -
628 >1.76? sys_mmap_dmem -
629 >1.76? sys_physhm_open -
630 >1.76? sys_physhm_unlink -
631 >1.76? sys_resume_internal_hdd -
632 >1.76? sys_thr_suspend_ucontext -
633 >1.76? sys_thr_resume_ucontext -
634 >1.76? sys_thr_get_ucontext -
635 >1.76? sys_thr_set_ucontext -
636 >1.76? sys_set_timezone_info -
637 >1.76? sys_set_phys_fmem_limit -
638 >1.76? sys_utc_to_localtime -
639 >1.76? sys_localtime_to_utc -
640 >1.76? sys_set_uevt -
641 >1.76? sys_get_cpu_usage_proc -
642 >1.76? sys_get_map_statistics -
643 >1.76? sys_set_chicken_switches -
644 >4.05>3.55? sys_extend_page_table_pool -
645 >1.76? sys_#645 -
646 >1.76? sys_get_kernel_mem_statistics -
647 >1.76? sys_get_sdk_compiled_version -
648 >1.76? sys_app_state_change -
649 >1.76? sys_dynlib_get_obj_member -
650 >1.76? sys_budget_get_ptype_of_budget -
651 >1.76? sys_prepare_to_resume_process -
652 >1.76? sys_process_terminate -
653 >1.76? sys_blockpool_open -
654 >1.76? sys_blockpool_map -
655 >1.76? sys_blockpool_unmap -
656 >1.76? sys_dynlib_get_info_for_libdbg -
657 >1.76? sys_blockpool_batch -
658 >1.76? sys_fdatasync -
659 >1.76? sys_dynlib_get_list2 -
660 >1.76? sys_dynlib_get_info2 -
661 >1.76? sys_aio_submit -
662 >1.76? sys_aio_multi_delete -
663 >1.76? sys_aio_multi_wait -
664 >1.76? sys_aio_multi_poll -
665 >1.76? sys_aio_get_data -
666 >1.76? sys_aio_multi_cancel -
667 >1.76? sys_get_bio_usage_all -
668 >1.76? sys_aio_create -
669 >1.76? sys_aio_submit_cmd -
670 >1.76? sys_aio_init -
671 >1.76? sys_get_page_table_stats -
672 >1.76? sys_dynlib_get_list_for_libdbg -
673 ?> 5.07? sys_blockpool_move -
674 ?> 5.07? sys_virtual_query_all -
675 ?> 5.07? sys_reserve_2mb_page -
676 ?> 5.07? sys_cpumode_yield -
677 ?>= 6.50? (not present on 6.20) sys_get_phys_page_size -

* Since 1.76, Sony has removed key information from sys_dynlib_get_info() (syscall 593), eg. it does not return the module's code base address, data base address, code size, or the data size.

Note: All system calls actually have the thread pointer as the first argument (struct thread *td), however since it's common among all system calls it's been omitted for readability.