SceCoredump: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
 
(37 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Module ==
== Module ==


=== Known NIDs ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! Name !! World !! Privilege !! NID
! Version !! World !! Privilege
|-
| 1.69 || SceCoredump || Non-secure || Kernel || 0x4CB1F0CC
|-
|-
| 3.60 || SceCoredump || ? || Kernel || 0x3E0F5EBD
| 1.69-3.60 || Non-secure || Kernel
|}
|}


== Libraries ==
== Libraries ==
Though it may be possible to enable some Coredump features via setting registry values, patching for creating full Coredumps on retails is required. There are 2 key patches.
In the SceCoredump module, there are two functions that read values from the registry. The registry key used is "/CONFIG/COREDUMP". The first patch is to force the function that checks the key "enable_coredump" to return 1. The second is to force the function that checks the key "dump_level" to return 0xEF0. They are at base+0x3070 and base+0x3000 respectively on 1.50.


=== Known NIDs ===
=== Known NIDs ===
Line 23: Line 17:
|-
|-
| 1.69 || [[SceCoredump#SceCoredumpForDriver|SceCoredumpForDriver]] || Non-secure || Kernel || 0xA351714A
| 1.69 || [[SceCoredump#SceCoredumpForDriver|SceCoredumpForDriver]] || Non-secure || Kernel || 0xA351714A
|-
| 3.60 || [[SceCoredump#SceCoredumpForDriver|SceCoredumpForDriver]] || Non-secure || Kernel || 0xA351714A
|-
| 3.60 || [[SceCoredump#SceCoredump|SceCoredump]] || Non-secure || User || 0xA143A77F
|-
| 3.60 || [[SceCoredump#SceCoredumpNounlink|SceCoredumpNounlink]] || Non-secure || User || 0x2646E9D8
|}
|}
== Enabling more coredumps ==
Though it may be possible to enable some Coredump features via setting registry values, patching for creating full Coredumps on CEX is required. There are 2 key patches. In the SceCoredump module, there are two functions that read values from the registry. The registry key used is "/CONFIG/COREDUMP".
The first patch is to force the function (located at base+0x3070 on 1.50) that checks the key "enable_coredump" to return 1 (True).
The second patch is to force the function (located at base+0x3000 on 1.50) that checks the key "dump_level" to return 0xEF0 (full coredump).
== Thread stopReason table ==
[[SceSysmem#sceKernelSysrootDbgpSuspendProcessAndWaitResumeForKernel|sceKernelSysrootDbgpSuspendProcessAndWaitResumeForKernel]]
[[SceKernelThreadMgr#sceKernelIsThreadDebugSuspendedForDriver|sceKernelIsThreadDebugSuspendedForDriver]]
{| class="wikitable"
|-
! stopReason !! debugSuspend !! Description
|-
| 0x10002 || Unknown || Nothing
|-
| 0x10003 || Unknown || Nothing
|-
| 0x10004 || Unknown || AppMgr detected hungup
|-
| 0x10005 || Unknown || Spontaneous exit
|-
| 0x10006 || 0x10000 || Stack overflow
|-
| 0x10007 || 0x20000 || Syscall illegal context
|-
| 0x10008 || 0x40000 || Syscall critical usage
|-
| 0x10009 || 0x80000 || Syscall illegal number
|-
| 0x20001 || Unknown || Hardware watchpoint
|-
| 0x20002 || Unknown || Software watchpoint
|-
| 0x20003 || Unknown || Hardware bkpt
|-
| 0x20004 || Unknown || Software bkpt
|-
| 0x20005 || Unknown || Startup failed
|-
| 0x20006 || Unknown || Prx stop init
|-
| 0x20007 || Unknown || Dtrace bkpt
|-
| 0x30002 || 0x400 || Undefined instruction exception
|-
| 0x30003 || 0x100 || Prefetch abort exception
|-
| 0x30004 || 0x200 || Data abort exception
|-
| 0x40001 || 0x10 || Fpu vfp
|-
| 0x40002 || Unknown || Fpu neon
|-
| 0x50001 || Unknown || Gpu exception
|-
| 0x60080 || Unknown || Int div0
|-
| 0x8XXXX || Unknown || Unrecoverable
|}
== Types ==
<source lang="C">
typedef struct SceCoredumpTriggerParam {
SceSize size;
SceUInt32 dump_level;
int data_0x08;
int data_0x0C;
int data_0x10;
SceSize titleIdSize;
const char *titleId;
SceSize appTitleSize;
const char *appTitle;
SceUInt32 appVer;
int cause_flag;
SceUID crash_thid;
int data_0x30;
} SceCoredumpTriggerParam;
typedef int (* SceKernelCoredumpStateUpdateCallback)(int task_id, SceUID pid, int progress);
typedef int (* SceKernelCoredumpStateFinishCallback)(int task_id, SceUID pid, int result, const char *path, SceSize path_len, int unk);
</source>


== SceCoredumpForDriver ==
== SceCoredumpForDriver ==


=== sceCoredumpCafContextCreateForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x2964AD0A
|}
derived from <code>SceVshBridge</code>
Returns Caf context.
<source lang="C">SceUID sceCoredumpCafContextCreateForDriver(void);</source>
=== sceCoredumpCafContextDestroyForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x95402BF3
|}
derived from <code>SceVshBridge</code>
=== sceCoredumpCafCreateIvForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xE1BCBE8F
|}
=== sceCoredumpCafFinalForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xC90F61AF
|}
derived from <code>SceVshBridge</code>
=== sceCoredumpCafHeaderFinalForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x65AA4991
|}
derived from <code>SceVshBridge</code>
=== sceCoredumpCafHeaderInitForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x7C8120C5
|}
derived from <code>SceVshBridge</code>
=== sceCoredumpCafHeaderTransformForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xAE2C2793
|}
derived from <code>SceVshBridge</code>
=== sceCoredumpCafInitForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x9336009B
|}
derived from <code>SceVshBridge</code>
=== sceCoredumpCafSegmentFinalForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xDF17420A
|}
derived from <code>SceVshBridge</code>
<source lang="C">int sceCoredumpCafSegmentFinalForDriver(SceUID ctx, void *buf, SceSize size);</source>
=== sceCoredumpCafSegmentInitForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x07185515
|}
derived from <code>SceVshBridge</code>
base_key size is 0x10. It is the key that is sent to SceSblPostSsMgr for maybe some modification.
<source lang="C">int sceCoredumpCafSegmentInitForDriver(SceUID ctx, int a2, int a3, int a4, void *base_key, SceSize size);</source>
=== sceCoredumpCafSegmentTransformForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xFB7AEBFE
|}
derived from <code>SceVshBridge</code>
<source lang="C">int sceCoredumpCafSegmentTransformForDriver(SceUID ctx, void *src, void *dst, SceSize size);</source>
=== sceCoredumpCreateDumpForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x0C10313F
|}
derived from <code>SceVshBridge</code>
=== sceCoredumpDeleteCrashReportCafForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xAD070837
|}
derived from <code>SceVshBridge</code>
=== SceCoredumpForDriver_097AA37D ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x097AA37D
|}
Used in <code>SceAppMgr</code>
Used in <code>SceAppMgrAbortHandler</code>
Always returns 1.
<source lang="C">SceBool SceCoredumpForDriver_097AA37D(void);</source>
=== sceKernelCoredumpTriggerForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.990-3.60 || 0xA7D214A7
|}
Used in <code>SceAppMgr</code>
Used in <code>SceAppMgrAbortHandler</code>
<source lang="C">
typedef struct SceKernelCoredumpTriggerParam { // Size is 0x4 or 0x8 on FW 0.990
  SceSize size; // Size of this structure
  SceSize dumpLevel; // 0xF (minimal coredump), 0xEF0 (full coredump)
} SceKernelCoredumpTriggerParam;
int sceKernelCoredumpTriggerForDriver(SceUID pid, const void *update_cb, const void *finish_cb, SceKernelCoredumpTriggerParam *pParam);
</source>
=== sceKernelCoredumpCancelForDriver ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.990-3.60 || 0x340856F7
|}
Used by <code>sceAppMgrFinishCoredumpForShell</code>
Used in <code>sceCoreDumpFinishCoredumpForShellForDriver</code>
<source lang="C">int sceKernelCoredumpCancelForDriver(int task_id);</source>
=== SceCoredumpForDriver_unk_10863B61 ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x10863B61
|}
=== SceCoredumpForDriver_unk_12392973 ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x12392973
|}
=== SceCoredumpForDriver_D064F6DC ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.990-3.60 || 0xD064F6DC
|}
Calls SceCoredumpForDriver_A7D214A7.
<source lang="C">int SceCoredumpForDriver_D064F6DC(int a1, int a2, int a3, SceCoredumpForDriver_A7D214A7_Opt *pOpt);</source>
=== SceCoredumpForDriver_unk_EF20949F ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xEF20949F
|}
=== SceCoredumpForDriver_unk_13EF8516 ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x13EF8516
|}
Probably opens/creates coredump file
== SceCoredump==
=== sceCoredumpRegisterCoredumpHandler ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x031DC61E
|}
Calls [[SceProcessmgr#sceKernelRegisterCoredumpHandlerForDriver]].
<source lang="C">int sceCoredumpRegisterCoredumpHandler(void *handler, SceSize size, void *memblock_addr);</source>
=== sceCoredumpUnregisterCoredumpHandler ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x6037A2C3
|}
Calls [[SceProcessmgr#sceKernelUnregisterCoredumpHandlerForDriver]].
<source lang="C">int sceCoredumpUnregisterCoredumpHandler(void);</source>
== SceCoredumpNounlink ==
=== sceCoredumpWriteUserData ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0xDF335DCF
|}
<source lang="C">
// Write user data to SceCoredump kernel heap
// Maximum theoretical size is 0x4000 bytes (heap size)
int sceCoredumpWriteUserData(const void *data, SceSize size);
</source>
[[Category:ARM]]
[[Category:Kernel]]
[[Category:Modules]]
[[Category:Modules]]
[[Category:Kernel]]
[[Category:Library]]

Latest revision as of 13:57, 9 June 2023

Module

Version World Privilege
1.69-3.60 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
1.69 SceCoredumpForDriver Non-secure Kernel 0xA351714A
3.60 SceCoredumpForDriver Non-secure Kernel 0xA351714A
3.60 SceCoredump Non-secure User 0xA143A77F
3.60 SceCoredumpNounlink Non-secure User 0x2646E9D8

Enabling more coredumps

Though it may be possible to enable some Coredump features via setting registry values, patching for creating full Coredumps on CEX is required. There are 2 key patches. In the SceCoredump module, there are two functions that read values from the registry. The registry key used is "/CONFIG/COREDUMP".

The first patch is to force the function (located at base+0x3070 on 1.50) that checks the key "enable_coredump" to return 1 (True).

The second patch is to force the function (located at base+0x3000 on 1.50) that checks the key "dump_level" to return 0xEF0 (full coredump).

Thread stopReason table

sceKernelSysrootDbgpSuspendProcessAndWaitResumeForKernel

sceKernelIsThreadDebugSuspendedForDriver

stopReason debugSuspend Description
0x10002 Unknown Nothing
0x10003 Unknown Nothing
0x10004 Unknown AppMgr detected hungup
0x10005 Unknown Spontaneous exit
0x10006 0x10000 Stack overflow
0x10007 0x20000 Syscall illegal context
0x10008 0x40000 Syscall critical usage
0x10009 0x80000 Syscall illegal number
0x20001 Unknown Hardware watchpoint
0x20002 Unknown Software watchpoint
0x20003 Unknown Hardware bkpt
0x20004 Unknown Software bkpt
0x20005 Unknown Startup failed
0x20006 Unknown Prx stop init
0x20007 Unknown Dtrace bkpt
0x30002 0x400 Undefined instruction exception
0x30003 0x100 Prefetch abort exception
0x30004 0x200 Data abort exception
0x40001 0x10 Fpu vfp
0x40002 Unknown Fpu neon
0x50001 Unknown Gpu exception
0x60080 Unknown Int div0
0x8XXXX Unknown Unrecoverable

Types

typedef struct SceCoredumpTriggerParam {
	SceSize size;
	SceUInt32 dump_level;
	int data_0x08;
	int data_0x0C;
	int data_0x10;
	SceSize titleIdSize;
	const char *titleId;
	SceSize appTitleSize;
	const char *appTitle;
	SceUInt32 appVer;
	int cause_flag;
	SceUID crash_thid;
	int data_0x30;
} SceCoredumpTriggerParam;

typedef int (* SceKernelCoredumpStateUpdateCallback)(int task_id, SceUID pid, int progress);
typedef int (* SceKernelCoredumpStateFinishCallback)(int task_id, SceUID pid, int result, const char *path, SceSize path_len, int unk);

SceCoredumpForDriver

sceCoredumpCafContextCreateForDriver

Version NID
3.60 0x2964AD0A

derived from SceVshBridge

Returns Caf context.

SceUID sceCoredumpCafContextCreateForDriver(void);

sceCoredumpCafContextDestroyForDriver

Version NID
3.60 0x95402BF3

derived from SceVshBridge

sceCoredumpCafCreateIvForDriver

Version NID
3.60 0xE1BCBE8F

sceCoredumpCafFinalForDriver

Version NID
3.60 0xC90F61AF

derived from SceVshBridge

sceCoredumpCafHeaderFinalForDriver

Version NID
3.60 0x65AA4991

derived from SceVshBridge

sceCoredumpCafHeaderInitForDriver

Version NID
3.60 0x7C8120C5

derived from SceVshBridge

sceCoredumpCafHeaderTransformForDriver

Version NID
3.60 0xAE2C2793

derived from SceVshBridge

sceCoredumpCafInitForDriver

Version NID
3.60 0x9336009B

derived from SceVshBridge

sceCoredumpCafSegmentFinalForDriver

Version NID
3.60 0xDF17420A

derived from SceVshBridge

int sceCoredumpCafSegmentFinalForDriver(SceUID ctx, void *buf, SceSize size);

sceCoredumpCafSegmentInitForDriver

Version NID
3.60 0x07185515

derived from SceVshBridge

base_key size is 0x10. It is the key that is sent to SceSblPostSsMgr for maybe some modification.

int sceCoredumpCafSegmentInitForDriver(SceUID ctx, int a2, int a3, int a4, void *base_key, SceSize size);

sceCoredumpCafSegmentTransformForDriver

Version NID
3.60 0xFB7AEBFE

derived from SceVshBridge

int sceCoredumpCafSegmentTransformForDriver(SceUID ctx, void *src, void *dst, SceSize size);

sceCoredumpCreateDumpForDriver

Version NID
3.60 0x0C10313F

derived from SceVshBridge

sceCoredumpDeleteCrashReportCafForDriver

Version NID
3.60 0xAD070837

derived from SceVshBridge

SceCoredumpForDriver_097AA37D

Version NID
3.60 0x097AA37D

Used in SceAppMgr

Used in SceAppMgrAbortHandler

Always returns 1.

SceBool SceCoredumpForDriver_097AA37D(void);

sceKernelCoredumpTriggerForDriver

Version NID
0.990-3.60 0xA7D214A7

Used in SceAppMgr

Used in SceAppMgrAbortHandler

typedef struct SceKernelCoredumpTriggerParam { // Size is 0x4 or 0x8 on FW 0.990
  SceSize size; // Size of this structure
  SceSize dumpLevel; // 0xF (minimal coredump), 0xEF0 (full coredump)
} SceKernelCoredumpTriggerParam;

int sceKernelCoredumpTriggerForDriver(SceUID pid, const void *update_cb, const void *finish_cb, SceKernelCoredumpTriggerParam *pParam);

sceKernelCoredumpCancelForDriver

Version NID
0.990-3.60 0x340856F7

Used by sceAppMgrFinishCoredumpForShell

Used in sceCoreDumpFinishCoredumpForShellForDriver

int sceKernelCoredumpCancelForDriver(int task_id);

SceCoredumpForDriver_unk_10863B61

Version NID
3.60 0x10863B61

SceCoredumpForDriver_unk_12392973

Version NID
3.60 0x12392973

SceCoredumpForDriver_D064F6DC

Version NID
0.990-3.60 0xD064F6DC

Calls SceCoredumpForDriver_A7D214A7.

int SceCoredumpForDriver_D064F6DC(int a1, int a2, int a3, SceCoredumpForDriver_A7D214A7_Opt *pOpt);

SceCoredumpForDriver_unk_EF20949F

Version NID
3.60 0xEF20949F

SceCoredumpForDriver_unk_13EF8516

Version NID
3.60 0x13EF8516

Probably opens/creates coredump file

SceCoredump

sceCoredumpRegisterCoredumpHandler

Version NID
3.60 0x031DC61E

Calls SceProcessmgr#sceKernelRegisterCoredumpHandlerForDriver.

int sceCoredumpRegisterCoredumpHandler(void *handler, SceSize size, void *memblock_addr);

sceCoredumpUnregisterCoredumpHandler

Version NID
3.60 0x6037A2C3

Calls SceProcessmgr#sceKernelUnregisterCoredumpHandlerForDriver.

int sceCoredumpUnregisterCoredumpHandler(void);

SceCoredumpNounlink

sceCoredumpWriteUserData

Version NID
3.60 0xDF335DCF
// Write user data to SceCoredump kernel heap
// Maximum theoretical size is 0x4000 bytes (heap size)
int sceCoredumpWriteUserData(const void *data, SceSize size);