SceCoredump
Module
| Version | World | Privilege |
|---|---|---|
| 1.69-3.60 | Non-secure | Kernel |
Libraries
Known NIDs
| Version | Name | World | Visibility | NID |
|---|---|---|---|---|
| 1.69 | SceCoredumpForDriver | Non-secure | Kernel | 0xA351714A |
| 3.60 | SceCoredumpForDriver | Non-secure | Kernel | 0xA351714A |
| 3.60 | SceCoredump | Non-secure | User | 0xA143A77F |
| 3.60 | SceCoredumpNounlink | Non-secure | User | 0x2646E9D8 |
Enabling more coredumps
Though it may be possible to enable some Coredump features via setting registry values, patching for creating full Coredumps on CEX is required. There are 2 key patches. In the SceCoredump module, there are two functions that read values from the registry. The registry key used is "/CONFIG/COREDUMP".
The first patch is to force the function (located at base+0x3070 on 1.50) that checks the key "enable_coredump" to return 1 (True).
The second patch is to force the function (located at base+0x3000 on 1.50) that checks the key "dump_level" to return 0xEF0 (full coredump).
SceCoredumpForDriver
sceCoredumpCafContextCreateForDriver
| Version | NID |
|---|---|
| 3.60 | 0x2964AD0A |
derived from SceVshBridge
Returns Caf context.
SceUID sceCoredumpCafContextCreateForDriver(void);sceCoredumpCafContextDestroyForDriver
| Version | NID |
|---|---|
| 3.60 | 0x95402BF3 |
derived from SceVshBridge
sceCoredumpCafCreateIvForDriver
| Version | NID |
|---|---|
| 3.60 | 0xE1BCBE8F |
sceCoredumpCafFinalForDriver
| Version | NID |
|---|---|
| 3.60 | 0xC90F61AF |
derived from SceVshBridge
sceCoredumpCafHeaderFinalForDriver
| Version | NID |
|---|---|
| 3.60 | 0x65AA4991 |
derived from SceVshBridge
sceCoredumpCafHeaderInitForDriver
| Version | NID |
|---|---|
| 3.60 | 0x7C8120C5 |
derived from SceVshBridge
sceCoredumpCafHeaderTransformForDriver
| Version | NID |
|---|---|
| 3.60 | 0xAE2C2793 |
derived from SceVshBridge
sceCoredumpCafInitForDriver
| Version | NID |
|---|---|
| 3.60 | 0x9336009B |
derived from SceVshBridge
sceCoredumpCafSegmentFinalForDriver
| Version | NID |
|---|---|
| 3.60 | 0xDF17420A |
derived from SceVshBridge
int sceCoredumpCafSegmentFinalForDriver(SceUID ctx, void *buf, SceSize size);sceCoredumpCafSegmentInitForDriver
| Version | NID |
|---|---|
| 3.60 | 0x07185515 |
derived from SceVshBridge
base_key size is 0x10. It is the key that is sent to SceSblPostSsMgr for maybe some modification.
int sceCoredumpCafSegmentInitForDriver(SceUID ctx, int a2, int a3, int a4, void *base_key, SceSize size);sceCoredumpCafSegmentTransformForDriver
| Version | NID |
|---|---|
| 3.60 | 0xFB7AEBFE |
derived from SceVshBridge
int sceCoredumpCafSegmentTransformForDriver(SceUID ctx, void *src, void *dst, SceSize size);sceCoredumpCreateDumpForDriver
| Version | NID |
|---|---|
| 3.60 | 0x0C10313F |
derived from SceVshBridge
sceCoredumpDeleteCrashReportCafForDriver
| Version | NID |
|---|---|
| 3.60 | 0xAD070837 |
derived from SceVshBridge
SceCoredumpForDriver_097AA37D
| Version | NID |
|---|---|
| 3.60 | 0x097AA37D |
Used in SceAppMgr
Used in SceAppMgrAbortHandler
Always returns 1.
int SceCoredumpForDriver_097AA37D(void);sceKernelCoredumpTriggerForDriver
| Version | NID |
|---|---|
| 0.990-3.60 | 0xA7D214A7 |
Used in SceAppMgr
Used in SceAppMgrAbortHandler
typedef struct SceKernelCoredumpTriggerParam { // Size is 0x4 or 0x8 on FW 0.990
SceSize size; // Size of this structure
SceSize dumpLevel; // 0xF (minimal coredump), 0xEF0 (full coredump)
} SceKernelCoredumpTriggerParam;
int sceKernelCoredumpTriggerForDriver(SceUID pid, const void *update_cb, const void *finish_cb, SceKernelCoredumpTriggerParam *pParam);sceKernelCoredumpCancelForDriver
| Version | NID |
|---|---|
| 0.990-3.60 | 0x340856F7 |
Used by sceAppMgrFinishCoredumpForShell
Used in sceCoreDumpFinishCoredumpForShellForDriver
int sceKernelCoredumpCancelForDriver(int task_id);SceCoredumpForDriver_unk_10863B61
| Version | NID |
|---|---|
| 3.60 | 0x10863B61 |
SceCoredumpForDriver_unk_12392973
| Version | NID |
|---|---|
| 3.60 | 0x12392973 |
SceCoredumpForDriver_D064F6DC
| Version | NID |
|---|---|
| 0.990-3.60 | 0xD064F6DC |
Calls SceCoredumpForDriver_A7D214A7.
int SceCoredumpForDriver_D064F6DC(int a1, int a2, int a3, SceCoredumpForDriver_A7D214A7_Opt *pOpt);SceCoredumpForDriver_unk_EF20949F
| Version | NID |
|---|---|
| 3.60 | 0xEF20949F |
SceCoredumpForDriver_unk_13EF8516
| Version | NID |
|---|---|
| 3.60 | 0x13EF8516 |
Probably opens/creates coredump file
SceCoredump
sceCoredumpRegisterCoredumpHandler
| Version | NID |
|---|---|
| 3.60 | 0x031DC61E |
Calls SceProcessmgr#sceKernelRegisterCoredumpHandlerForDriver.
int sceCoredumpRegisterCoredumpHandler(void *handler, SceSize size, void *memblock_addr);sceCoredumpUnregisterCoredumpHandler
| Version | NID |
|---|---|
| 3.60 | 0x6037A2C3 |
Calls SceProcessmgr#sceKernelUnregisterCoredumpHandlerForDriver.
int sceCoredumpUnregisterCoredumpHandler(void);SceCoredumpNounlink
sceCoredumpWriteUserData
| Version | NID |
|---|---|
| 3.60 | 0xDF335DCF |
// Write user data to SceCoredump kernel heap
// Maximum theoretical size is 0x4000 bytes (heap size)
int sceCoredumpWriteUserData(const void *data, SceSize size);