SceCoredump: Difference between revisions
CelesteBlue (talk | contribs) |
No edit summary |
||
(20 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== Module == | == Module == | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version | ! Version !! World !! Privilege | ||
|- | |- | ||
| 3.60 | | 1.69-3.60 || Non-secure || Kernel | ||
|} | |} | ||
Line 35: | Line 32: | ||
The second patch is to force the function (located at base+0x3000 on 1.50) that checks the key "dump_level" to return 0xEF0 (full coredump). | The second patch is to force the function (located at base+0x3000 on 1.50) that checks the key "dump_level" to return 0xEF0 (full coredump). | ||
== Thread stopReason table == | |||
[[SceSysmem#sceKernelSysrootDbgpSuspendProcessAndWaitResumeForKernel|sceKernelSysrootDbgpSuspendProcessAndWaitResumeForKernel]] | |||
[[SceKernelThreadMgr#sceKernelIsThreadDebugSuspendedForDriver|sceKernelIsThreadDebugSuspendedForDriver]] | |||
{| class="wikitable" | |||
|- | |||
! stopReason !! debugSuspend !! Description | |||
|- | |||
| 0x10002 || Unknown || Nothing | |||
|- | |||
| 0x10003 || Unknown || Nothing | |||
|- | |||
| 0x10004 || Unknown || AppMgr detected hungup | |||
|- | |||
| 0x10005 || Unknown || Spontaneous exit | |||
|- | |||
| 0x10006 || 0x10000 || Stack overflow | |||
|- | |||
| 0x10007 || 0x20000 || Syscall illegal context | |||
|- | |||
| 0x10008 || 0x40000 || Syscall critical usage | |||
|- | |||
| 0x10009 || 0x80000 || Syscall illegal number | |||
|- | |||
| 0x20001 || Unknown || Hardware watchpoint | |||
|- | |||
| 0x20002 || Unknown || Software watchpoint | |||
|- | |||
| 0x20003 || Unknown || Hardware bkpt | |||
|- | |||
| 0x20004 || Unknown || Software bkpt | |||
|- | |||
| 0x20005 || Unknown || Startup failed | |||
|- | |||
| 0x20006 || Unknown || Prx stop init | |||
|- | |||
| 0x20007 || Unknown || Dtrace bkpt | |||
|- | |||
| 0x30002 || 0x400 || Undefined instruction exception | |||
|- | |||
| 0x30003 || 0x100 || Prefetch abort exception | |||
|- | |||
| 0x30004 || 0x200 || Data abort exception | |||
|- | |||
| 0x40001 || 0x10 || Fpu vfp | |||
|- | |||
| 0x40002 || Unknown || Fpu neon | |||
|- | |||
| 0x50001 || Unknown || Gpu exception | |||
|- | |||
| 0x60080 || Unknown || Int div0 | |||
|- | |||
| 0x8XXXX || Unknown || Unrecoverable | |||
|} | |||
== Types == | |||
<source lang="C"> | |||
typedef struct SceCoredumpTriggerParam { | |||
SceSize size; | |||
SceUInt32 dump_level; | |||
int data_0x08; | |||
int data_0x0C; | |||
int data_0x10; | |||
SceSize titleIdSize; | |||
const char *titleId; | |||
SceSize appTitleSize; | |||
const char *appTitle; | |||
SceUInt32 appVer; | |||
int cause_flag; | |||
SceUID crash_thid; | |||
int data_0x30; | |||
} SceCoredumpTriggerParam; | |||
typedef int (* SceKernelCoredumpStateUpdateCallback)(int task_id, SceUID pid, int progress); | |||
typedef int (* SceKernelCoredumpStateFinishCallback)(int task_id, SceUID pid, int result, const char *path, SceSize path_len, int unk); | |||
</source> | |||
== SceCoredumpForDriver == | == SceCoredumpForDriver == | ||
Line 47: | Line 124: | ||
derived from <code>SceVshBridge</code> | derived from <code>SceVshBridge</code> | ||
Returns Caf context. | |||
<source lang="C">SceUID sceCoredumpCafContextCreateForDriver(void);</source> | |||
=== sceCoredumpCafContextDestroyForDriver === | === sceCoredumpCafContextDestroyForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 125: | Line 206: | ||
derived from <code>SceVshBridge</code> | derived from <code>SceVshBridge</code> | ||
<source lang="C">int sceCoredumpCafSegmentFinalForDriver(SceUID ctx, void *buf, SceSize size);</source> | |||
=== sceCoredumpCafSegmentInitForDriver === | === sceCoredumpCafSegmentInitForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 135: | Line 218: | ||
derived from <code>SceVshBridge</code> | derived from <code>SceVshBridge</code> | ||
base_key size is 0x10. It is the key that is sent to SceSblPostSsMgr for maybe some modification. | |||
<source lang="C">int sceCoredumpCafSegmentInitForDriver(SceUID ctx, int a2, int a3, int a4, void *base_key, SceSize size);</source> | |||
=== sceCoredumpCafSegmentTransformForDriver === | === sceCoredumpCafSegmentTransformForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 145: | Line 232: | ||
derived from <code>SceVshBridge</code> | derived from <code>SceVshBridge</code> | ||
<source lang="C">int sceCoredumpCafSegmentTransformForDriver(SceUID ctx, void *src, void *dst, SceSize size);</source> | |||
=== sceCoredumpCreateDumpForDriver === | === sceCoredumpCreateDumpForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 166: | Line 255: | ||
derived from <code>SceVshBridge</code> | derived from <code>SceVshBridge</code> | ||
=== | === SceCoredumpForDriver_097AA37D === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 178: | Line 267: | ||
Used in <code>SceAppMgrAbortHandler</code> | Used in <code>SceAppMgrAbortHandler</code> | ||
Always returns 1. | |||
<source lang="C">SceBool SceCoredumpForDriver_097AA37D(void);</source> | |||
=== | === sceKernelCoredumpTriggerForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 193: | Line 284: | ||
<source lang="C"> | <source lang="C"> | ||
typedef struct | typedef struct SceKernelCoredumpTriggerParam { // Size is 0x4 or 0x8 on FW 0.990 | ||
SceSize size; // Size of this structure | SceSize size; // Size of this structure | ||
SceSize | SceSize dumpLevel; // 0xF (minimal coredump), 0xEF0 (full coredump) | ||
} | } SceKernelCoredumpTriggerParam; | ||
int | int sceKernelCoredumpTriggerForDriver(SceUID pid, const void *update_cb, const void *finish_cb, SceKernelCoredumpTriggerParam *pParam); | ||
</source> | </source> | ||
=== | === sceKernelCoredumpCancelForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
| 3.60 || 0x340856F7 | | 0.990-3.60 || 0x340856F7 | ||
|} | |} | ||
Line 212: | Line 303: | ||
Used in <code>sceCoreDumpFinishCoredumpForShellForDriver</code> | Used in <code>sceCoreDumpFinishCoredumpForShellForDriver</code> | ||
<source lang="C">int sceKernelCoredumpCancelForDriver(int task_id);</source> | |||
=== SceCoredumpForDriver_unk_10863B61 === | === SceCoredumpForDriver_unk_10863B61 === | ||
Line 268: | Line 361: | ||
| 3.60 || 0x031DC61E | | 3.60 || 0x031DC61E | ||
|} | |} | ||
Calls [[SceProcessmgr#sceKernelRegisterCoredumpHandlerForDriver]]. | |||
<source lang="C">int sceCoredumpRegisterCoredumpHandler(void *handler, SceSize size, void *memblock_addr);</source> | |||
=== sceCoredumpUnregisterCoredumpHandler === | === sceCoredumpUnregisterCoredumpHandler === | ||
Line 277: | Line 374: | ||
|} | |} | ||
== SceCoredumpNounlink== | Calls [[SceProcessmgr#sceKernelUnregisterCoredumpHandlerForDriver]]. | ||
<source lang="C">int sceCoredumpUnregisterCoredumpHandler(void);</source> | |||
== SceCoredumpNounlink == | |||
=== sceCoredumpWriteUserData === | === sceCoredumpWriteUserData === | ||
Line 287: | Line 388: | ||
|} | |} | ||
<source lang="C"> | |||
// Write user data to SceCoredump kernel heap | |||
// Maximum theoretical size is 0x4000 bytes (heap size) | |||
int sceCoredumpWriteUserData(const void *data, SceSize size); | |||
</source> | |||
[[Category:ARM]] | |||
[[Category:Kernel]] | |||
[[Category:Modules]] | [[Category:Modules]] | ||
[[Category: | [[Category:Library]] |
Latest revision as of 13:57, 9 June 2023
Module
Version | World | Privilege |
---|---|---|
1.69-3.60 | Non-secure | Kernel |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69 | SceCoredumpForDriver | Non-secure | Kernel | 0xA351714A |
3.60 | SceCoredumpForDriver | Non-secure | Kernel | 0xA351714A |
3.60 | SceCoredump | Non-secure | User | 0xA143A77F |
3.60 | SceCoredumpNounlink | Non-secure | User | 0x2646E9D8 |
Enabling more coredumps
Though it may be possible to enable some Coredump features via setting registry values, patching for creating full Coredumps on CEX is required. There are 2 key patches. In the SceCoredump module, there are two functions that read values from the registry. The registry key used is "/CONFIG/COREDUMP".
The first patch is to force the function (located at base+0x3070 on 1.50) that checks the key "enable_coredump" to return 1 (True).
The second patch is to force the function (located at base+0x3000 on 1.50) that checks the key "dump_level" to return 0xEF0 (full coredump).
Thread stopReason table
sceKernelSysrootDbgpSuspendProcessAndWaitResumeForKernel
sceKernelIsThreadDebugSuspendedForDriver
stopReason | debugSuspend | Description |
---|---|---|
0x10002 | Unknown | Nothing |
0x10003 | Unknown | Nothing |
0x10004 | Unknown | AppMgr detected hungup |
0x10005 | Unknown | Spontaneous exit |
0x10006 | 0x10000 | Stack overflow |
0x10007 | 0x20000 | Syscall illegal context |
0x10008 | 0x40000 | Syscall critical usage |
0x10009 | 0x80000 | Syscall illegal number |
0x20001 | Unknown | Hardware watchpoint |
0x20002 | Unknown | Software watchpoint |
0x20003 | Unknown | Hardware bkpt |
0x20004 | Unknown | Software bkpt |
0x20005 | Unknown | Startup failed |
0x20006 | Unknown | Prx stop init |
0x20007 | Unknown | Dtrace bkpt |
0x30002 | 0x400 | Undefined instruction exception |
0x30003 | 0x100 | Prefetch abort exception |
0x30004 | 0x200 | Data abort exception |
0x40001 | 0x10 | Fpu vfp |
0x40002 | Unknown | Fpu neon |
0x50001 | Unknown | Gpu exception |
0x60080 | Unknown | Int div0 |
0x8XXXX | Unknown | Unrecoverable |
Types
typedef struct SceCoredumpTriggerParam { SceSize size; SceUInt32 dump_level; int data_0x08; int data_0x0C; int data_0x10; SceSize titleIdSize; const char *titleId; SceSize appTitleSize; const char *appTitle; SceUInt32 appVer; int cause_flag; SceUID crash_thid; int data_0x30; } SceCoredumpTriggerParam; typedef int (* SceKernelCoredumpStateUpdateCallback)(int task_id, SceUID pid, int progress); typedef int (* SceKernelCoredumpStateFinishCallback)(int task_id, SceUID pid, int result, const char *path, SceSize path_len, int unk);
SceCoredumpForDriver
sceCoredumpCafContextCreateForDriver
Version | NID |
---|---|
3.60 | 0x2964AD0A |
derived from SceVshBridge
Returns Caf context.
SceUID sceCoredumpCafContextCreateForDriver(void);
sceCoredumpCafContextDestroyForDriver
Version | NID |
---|---|
3.60 | 0x95402BF3 |
derived from SceVshBridge
sceCoredumpCafCreateIvForDriver
Version | NID |
---|---|
3.60 | 0xE1BCBE8F |
sceCoredumpCafFinalForDriver
Version | NID |
---|---|
3.60 | 0xC90F61AF |
derived from SceVshBridge
sceCoredumpCafHeaderFinalForDriver
Version | NID |
---|---|
3.60 | 0x65AA4991 |
derived from SceVshBridge
sceCoredumpCafHeaderInitForDriver
Version | NID |
---|---|
3.60 | 0x7C8120C5 |
derived from SceVshBridge
sceCoredumpCafHeaderTransformForDriver
Version | NID |
---|---|
3.60 | 0xAE2C2793 |
derived from SceVshBridge
sceCoredumpCafInitForDriver
Version | NID |
---|---|
3.60 | 0x9336009B |
derived from SceVshBridge
sceCoredumpCafSegmentFinalForDriver
Version | NID |
---|---|
3.60 | 0xDF17420A |
derived from SceVshBridge
int sceCoredumpCafSegmentFinalForDriver(SceUID ctx, void *buf, SceSize size);
sceCoredumpCafSegmentInitForDriver
Version | NID |
---|---|
3.60 | 0x07185515 |
derived from SceVshBridge
base_key size is 0x10. It is the key that is sent to SceSblPostSsMgr for maybe some modification.
int sceCoredumpCafSegmentInitForDriver(SceUID ctx, int a2, int a3, int a4, void *base_key, SceSize size);
sceCoredumpCafSegmentTransformForDriver
Version | NID |
---|---|
3.60 | 0xFB7AEBFE |
derived from SceVshBridge
int sceCoredumpCafSegmentTransformForDriver(SceUID ctx, void *src, void *dst, SceSize size);
sceCoredumpCreateDumpForDriver
Version | NID |
---|---|
3.60 | 0x0C10313F |
derived from SceVshBridge
sceCoredumpDeleteCrashReportCafForDriver
Version | NID |
---|---|
3.60 | 0xAD070837 |
derived from SceVshBridge
SceCoredumpForDriver_097AA37D
Version | NID |
---|---|
3.60 | 0x097AA37D |
Used in SceAppMgr
Used in SceAppMgrAbortHandler
Always returns 1.
SceBool SceCoredumpForDriver_097AA37D(void);
sceKernelCoredumpTriggerForDriver
Version | NID |
---|---|
0.990-3.60 | 0xA7D214A7 |
Used in SceAppMgr
Used in SceAppMgrAbortHandler
typedef struct SceKernelCoredumpTriggerParam { // Size is 0x4 or 0x8 on FW 0.990 SceSize size; // Size of this structure SceSize dumpLevel; // 0xF (minimal coredump), 0xEF0 (full coredump) } SceKernelCoredumpTriggerParam; int sceKernelCoredumpTriggerForDriver(SceUID pid, const void *update_cb, const void *finish_cb, SceKernelCoredumpTriggerParam *pParam);
sceKernelCoredumpCancelForDriver
Version | NID |
---|---|
0.990-3.60 | 0x340856F7 |
Used by sceAppMgrFinishCoredumpForShell
Used in sceCoreDumpFinishCoredumpForShellForDriver
int sceKernelCoredumpCancelForDriver(int task_id);
SceCoredumpForDriver_unk_10863B61
Version | NID |
---|---|
3.60 | 0x10863B61 |
SceCoredumpForDriver_unk_12392973
Version | NID |
---|---|
3.60 | 0x12392973 |
SceCoredumpForDriver_D064F6DC
Version | NID |
---|---|
0.990-3.60 | 0xD064F6DC |
Calls SceCoredumpForDriver_A7D214A7.
int SceCoredumpForDriver_D064F6DC(int a1, int a2, int a3, SceCoredumpForDriver_A7D214A7_Opt *pOpt);
SceCoredumpForDriver_unk_EF20949F
Version | NID |
---|---|
3.60 | 0xEF20949F |
SceCoredumpForDriver_unk_13EF8516
Version | NID |
---|---|
3.60 | 0x13EF8516 |
Probably opens/creates coredump file
SceCoredump
sceCoredumpRegisterCoredumpHandler
Version | NID |
---|---|
3.60 | 0x031DC61E |
Calls SceProcessmgr#sceKernelRegisterCoredumpHandlerForDriver.
int sceCoredumpRegisterCoredumpHandler(void *handler, SceSize size, void *memblock_addr);
sceCoredumpUnregisterCoredumpHandler
Version | NID |
---|---|
3.60 | 0x6037A2C3 |
Calls SceProcessmgr#sceKernelUnregisterCoredumpHandlerForDriver.
int sceCoredumpUnregisterCoredumpHandler(void);
SceCoredumpNounlink
sceCoredumpWriteUserData
Version | NID |
---|---|
3.60 | 0xDF335DCF |
// Write user data to SceCoredump kernel heap // Maximum theoretical size is 0x4000 bytes (heap size) int sceCoredumpWriteUserData(const void *data, SceSize size);