SceSysmem: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
Line 2,328: Line 2,328:


== SceDebugLed ==
== SceDebugLed ==
=== sceKernelGetGPI ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x14F582CF
|}
=== sceKernelSetGPO ===
{| class="wikitable"
|-
! Version !! NID
|-
| 3.60 || 0x78E702D3
|}
== SceDebugLedForDriver ==
== SceDebugLedForDriver ==
== SceDebugForKernel ==
== SceDebugForKernel ==

Revision as of 23:48, 17 March 2018

SceSysmem is a kernel module that acts as the heart of the kernel. It exports multiple libraries for different functionalities (one of the few modules that do so). SceSysmem is the first module that is loaded in the kernel load sequence and its libraries are imported by almost all other modules. See Memory for more details on the memory subsystem.

Module

This module exists in both non-secure and secure world. The non-secure world SELF can be found in os0:kd/sysmem.skprx. It also can be found in the Boot Image.

Known NIDs

Version Name World Privilege NID
1.69 SceSysmem Non-secure Kernel 0xB93950C6
3.60 SceSysmem Non-secure Kernel 0x3380B323
3.61 SceSysmem Non-secure Kernel 0x3380B323
1.69 SceSysmem Secure Kernel 0x502BE0E5

Libraries

This module only exports kernel libraries.

Known NIDs

Version Name World Visibility NID
1.69 SceSysmemForKernel Non-secure Kernel 0x63A519E5
3.60 SceSysmemForKernel Non-secure Kernel 0x63A519E5
1.69 SceSysmemForDriver Non-secure Kernel 0x6F25E18A
3.60 SceSysmemForDriver Non-secure Kernel 0x6F25E18A
1.69 SceSysmem Non-secure User 0x37FE725A
3.60 SceSysmem Non-secure User 0x37FE725A
1.69 SceSysmemForDebugger Non-secure Kernel 0xC7309957
1.69 SceDipsw Non-secure User 0xB36D5922
3.60 SceDipsw Non-secure User 0xB36D5922
1.69 SceDipswForDriver Non-secure Kernel 0xC9E26388
3.60 SceDipswForDriver Non-secure Kernel 0xC9E26388
1.69 SceUartForKernel Non-secure Kernel 0xC03DBE40
3.60 SceUartForKernel Non-secure Kernel 0xC03DBE40
1.69 SceCpu Non-secure User 0x45265161
3.60 SceCpu Non-secure User 0x45265161
1.69 SceCpuForKernel Non-secure Kernel 0x54BF2BAB
3.60 SceCpuForKernel Non-secure Kernel 0x54BF2BAB
1.69 SceCpuForDriver Non-secure Kernel 0x40ECDB0E
3.60 SceCpuForDriver Non-secure Kernel 0x40ECDB0E
1.69 SceSysclibForKernel Non-secure Kernel 0x24878615
1.69 SceSysclibForDriver Non-secure Kernel 0x7EE45391
3.60 SceSysclibForDriver Non-secure Kernel 0x7EE45391
1.69 SceSysrootForKernel Non-secure Kernel 0x3691DA45
3.60 SceSysrootForKernel Non-secure Kernel 0x3691DA45
1.69 SceKernelUtilsForDriver Non-secure Kernel 0x496AD8B4
3.60 SceKernelUtilsForDriver Non-secure Kernel 0x496AD8B4
1.69 SceZlibForDriver Non-secure Kernel 0xE241534E
1.69 SceKernelSuspendForDriver Non-secure Kernel 0x7290B21C
3.60 SceKernelSuspendForDriver Non-secure Kernel 0x7290B21C
1.69 SceQafMgrForDriver Non-secure Kernel 0x4E29D3B6
3.60 SceQafMgrForDriver Non-secure Kernel 0x4E29D3B6
1.69 ScePmMgrForDriver Non-secure Kernel 0xF13F32F9
3.60 ScePmMgrForDriver Non-secure Kernel 0xF13F32F9
1.69 SceSblAIMgrForDriver Non-secure Kernel 0xFD00C69A
3.60 SceSblAIMgrForDriver Non-secure Kernel 0xFD00C69A
1.69 SceProcEventForDriver Non-secure Kernel 0x887F19D0
3.60 SceProcEventForDriver Non-secure Kernel 0x887F19D0
1.69 SceSysrootForDriver Non-secure Kernel 0x2ED7F97A
3.60 SceSysrootForDriver Non-secure Kernel 0x2ED7F97A
3.60 SceDebugLed Non-secure User 0xAE004C0A
3.60 SceDebugLedForDriver Non-secure Kernel 0x7BC05EAD
3.60 SceDebugForKernel Non-secure Kernel 0x88C17370
3.60 SceDebugForDriver Non-secure Kernel 0x88758561
1.69 SceSysmemForTZS Secure Kernel 0x8680060
1.69 SceDipswForTZS Secure Kernel 0x9DBF584C
1.69 SceCpuForTZS Secure Kernel 0xC516B23E
1.69 SceSysclibForTZS Secure Kernel 0xC839BB78
1.69 SceSysrootForTZS Secure Kernel 0xFEFF641D
1.69 SceQafMgrForTZS Secure Kernel 0x637069DD
1.69 ScePmMgrForTZS Secure Kernel 0x27F1AFD8
1.69 SceSblAIMgrForTZS Secure Kernel 0x60D19047

Memory Block Type

The type parameter indicates what kind of memory to allocate. Here is a mapping of type flags to ARM MMU flags. Higher bits are used for other options including where to allocate from. Not all flag values are valid, there is a table of valid types in the kernel. You cannot, for example, allocate RWX memory.

Mask Value Description
0x10000 0x10000 Global. nG bit NOT set
0xFF00 0x800 B bit set. Sharable device memory.
0xFF00 0x2000 TEX[2] and TEX[0] bit set. Outer cache Write-back, Write-Allocate. Inner cache non-cachable.
0xFF00 0x4000 TEX[2] and B bit set. Outer cache non-cachable. Inner cache Write-back, Write-Allocate
0xFF00 0x8000 TEX[0] bit set. S bit unset. Outer and inner non-cachable. Not sharable.
0xFF00 0xD000 TEX[0] bit set. C,B bits set. Outer and inner Write-back, Write-Allocate.
0xFF 0x4 AP[2:0] = 5, XN=1. Privileged RO, User NA.
0xFF 0x5 AP[2:0] = 5. Privileged RX, User NA.
0xFF 0x6 AP[2:0] = 1, XN=1. Privileged RW, User NA.
0xFF 0x7 AP[2:0] = 1. Privileged RWX, User NA. (Never used)
0xFF 0x50 AP[2:0] = 7. Privileged RX, User RX.
0xFF 0x60 AP[2:0] = 3, XN=1. Privileged RW, User RW.
0xFF 0x40 AP[2:0] = 7, XN=1. Privileged RO, User RO.
Mask Value Name
0x0F000000 0x09000000 SceKernelUserCdram
0x0F000000 0x0A000000 SceKernelUserShared
0x0F000000 0x0B000000 SceKernelUserIO
0x0F000000 0x0C000000 SceKernelUserMain
0x0F000000 0x0D000000 SceKernelUserUncache
0x0F000000 0x0E000000 SceKernelUserCDialog
0x0F000000 0x0F000000 SceKernelUserCDialogNC

SceSysmemForKernel

sceKernelRxMemcpyKernelToUserForPidForKernel

Version World NID
1.69 non-secure 0x30931572
3.60 non-secure 0x30931572

Unrestricted memcpy to the virtual address space for process pid. Both dst and src must be in the address space of pid but src must also be accessible in the address space of the caller. This is normally used for resolving stubs in module loads. Same as write to RO but does a cache flush.

int sceKernelRxMemcpyKernelToUserForPidForKernel(SceUID pid, uintptr_t dst, const void *src, size_t len);

sceKernelFindClassByNameForKernel

Version World NID
3.60 Non-secure 0x62989905
int sceKernelFindClassByNameForKernel(const char *name, SceClass **class);

SceSysmemForDriver

sceKernelMemcpyKernelToUserForDriver

Version World NID
1.69 non-secure 0x6D88EF8A
3.60 non-secure 0x6D88EF8A
int sceKernelMemcpyKernelToUserForDriver(uint32_t uaddr, const void *kaddr, uint32_t len);

sceKernelMemcpyUserToKernelForDriver

Version World NID
1.69 non-secure 0xBC996A7A
3.60 non-secure 0xBC996A7A
int sceKernelMemcpyUserToKernelForDriver(void *kaddr, uint32_t uaddr, uint32_t len);

sceKernelMemcpyUserToKernelForPidForDriver

Version World NID
3.60 non-secure 0x605275F8
int sceKernelMemcpyUserToKernelForPidForDriver(SceUID pid, void *kaddr, uint32_t uaddr, uint32_t len);

Same as above, but copies from the specified process.

sceKernelStrncpyKernelToUserForDriver

Version World NID
1.69 non-secure 0x80BD6FEB
3.60 non-secure 0x80BD6FEB
int sceKernelStrncpyKernelToUserForDriver(uint32_t uaddr, const void *kaddr, uint32_t maxlen);

sceKernelStrncpyUserToKernelForDriver

Version World NID
1.69 non-secure 0xDB3EC244
3.60 non-secure 0xDB3EC244
int sceKernelStrncpyUserToKernelForDriver(void *kaddr, uint32_t uaddr, uint32_t maxlen);

sceKernelStrnlenUserForDriver

Version World NID
1.69 non-secure 0xB429D419
3.60 non-secure 0xB429D419
int sceKernelStrnlenUserForDriver(uint32_t uaddr, uint32_t maxlen);

sceKernelGetPaddrForDriver

Version World NID
1.69 secure 0x1DEADF6C
1.69 non-secure 0x8D160E65
3.60 non-secure 0x8D160E65
int sceKernelGetPaddrForDriver(void *vaddr, void **result);

This will write the physical address for a virtual address vaddr to memory pointed to by result.

Returns <0 on error, values >=0 indicate success.

sceKernelGetPaddrListForDriver

Version World NID
1.69 non-secure 0xE68BEEBD
3.60 non-secure 0xE68BEEBD
typedef struct SceKernelAddrPair {
	uint32_t addr;
	uint32_t length;
} SceKernelAddrPair;

typedef struct SceKernelPaddrListReq {
	uint32_t size; // 0x14
	uint32_t output_buffer_size;
	uint32_t unk;
	uint32_t ret_count;
	SceKernelAddrPair *output_buffer;
} SceKernelPaddrListReq;

input.addr = vaddr;
input.length = length;
int sceKernelGetPaddrListForDriver(SceKernelAddrPair *input, SceKernelPaddrListReq *req);

This function takes in two parameters: an array of length 2 specifying the virtual address and the size of the block of memory and a request information. The function will write into output_buffer an array of addr_pair that encompasses the block of memory specified in the input. req->ret_count will contain the number of entries written. If output_buffer is null, it will just write the count.

sceKernelAllocMemBlockForDriver

Version World NID
1.69 secure 0x402EB970
1.69 non-secure 0xC94850C9
3.60 non-secure 0xC94850C9
typedef enum SceKernelAllocMemBlockAttr {
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PADDR          = 0x00000002U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_ALIGNMENT      = 0x00000004U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_MIRROR_BLOCKID = 0x00000040U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PID            = 0x00000080U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PADDR_LIST     = 0x00001000U
} SceKernelAllocMemBlockAttr;

struct SceKernelAllocMemKernelBlockOpt_old {
    uint32_t size; // 0x34
    uint32_t unk;
    uint32_t attr;
    uint32_t unk2;
    uint32_t paddr;
    uint32_t align;
    uint32_t unk3[3];
    uint32_t processid;
    uint32_t unk4[3];
};

// specific to 3.60
typedef struct SceKernelAllocMemBlockKernelOpt {
	SceSize size;                   //!< sizeof(SceKernelAllocMemBlockKernelOpt)
	SceUInt32 field_4;
	SceUInt32 attr;                 //!< OR of SceKernelAllocMemBlockAttr
	SceUInt32 field_C;
	SceUInt32 paddr;
	SceSize alignment;
	SceUInt32 field_18;
	SceUInt32 field_1C;
	SceUInt32 mirror_blockid;
	SceUID pid;
	SceKernelPaddrList *paddr_list;
	SceUInt32 field_2C;
	SceUInt32 field_30;
	SceUInt32 field_34;
	SceUInt32 field_38;
	SceUInt32 field_3C;
	SceUInt32 field_40;
	SceUInt32 field_44;
	SceUInt32 field_48;
	SceUInt32 field_4C;
	SceUInt32 field_50;
	SceUInt32 field_54;
} SceKernelAllocMemBlockKernelOpt;

int sceKernelAllocMemBlockForDriver(const char *name, int32_t type, uint32_t vsize, struct SceKernelAllocMemKernelBlockOpt *pOpt);

The interface is the same as the user version of this call, however more types can be specified and more options are in the pOpt argument.

To allocate a kernel RW block of memory, specify type = 0x6020D006.

To allocate a block of memory with a specific physical address, specify type = 0x20100206 or type = 0x20100806, pOpt->attr = 2, and pOpt->paddr = physical address.

To allocate a block of memory that is kernel executable, specify type = 0x1020D005.

To allocate a block of memory that is physically contiguous, specify type = 0x30808006, pOpt->attr = 0x200004 and an alignment to pOpt->alignment.

To allocate a block of memory inside the CDRAM, specify type = 0x40404006.

pOpt->attr bitmask

Bitmask Uses
0x00000001 field_C
0x00000002 paddr
0x00000004 alignment
0x00000008 field_18
0x00000010 field_1C
0x00000020 ??
0x00000040 mirror_blockid
0x00000080 pid
0x00001000 paddr_list
0x00002000 field_2C
0x00010000 field_30

sceKernelGetMemBlockBaseForDriver

Version World NID
1.69 non-secure 0xA841EDDA
3.60 non-secure 0xA841EDDA
int sceKernelGetMemBlockBaseForDriver(int blkid, void **base);

sceKernelFindMemBlockByAddrForDriver

Version World NID
1.69 non-secure 0x8A1742F6
3.60 non-secure 0x8A1742F6
int sceKernelFindMemBlockByAddrForDriver(void *base, int);

sceKernelRemapBlockForDriver

Version World NID
1.05 non-secure 0x8D332AE1
1.69 non-secure 0xDFE2C8CB
3.60 non-secure 0xDFE2C8CB
int sceKernelRemapBlockForDriver(int blkid, int type);

This is used to remap RW memory as RX. To do this, first allocate a memory block of type 0x1020D006. After you are done writing, call this with type set to 0x1020D005.

sceKernelCreateHeapForDriver

Version World NID
1.69 non-secure 0x9328E0E8
3.60 non-secure 0x9328E0E8
typedef struct {
    int size; // 28
    int flags; // usually 0x1 
    int unk;
    int unk;
    int block_type;
    int unk;
    int unk;
} pool_arg_t;

int sceKernelCreateHeapForDriver(const char *name, int size, pool_arg_t *opt); // opt can be NULL

The heap pool is thread safe.

sceKernelDeleteHeapForDriver

Version World NID
1.69 non-secure 0xD6437637
3.60 non-secure 0xD6437637
int sceKernelDeleteHeapForDriver(int pool_uid);

sceKernelAllocHeapMemoryForDriver

Version World NID
1.69 non-secure 0x7B4CB60A
3.60 non-secure 0x7B4CB60A
void* sceKernelAllocHeapMemoryForDriver(SceUID uid, SceSize size);

sceKernelAllocHeapMemory2ForDriver

Version World NID
3.60 non-secure 0xB415B5A8

Same as sceKernelAllocHeapMemoryForDriver but does not set unk2 to 0.

void* sceKernelAllocHeapMemory2ForDriver(SceUID uid, SceSize size, void* unk2);

sceKernelAllocHeapMemory3ForDriver

Version World NID
3.60 non-secure 0x49D4DD9B

Same as sceKernelAllocHeapMemoryForDriver but does not set unk2 to 0.

void* sceKernelAllocHeapMemory3ForDriver(SceUID uid, SceSize size, void* unk2);

sceKernelAllocHeapMemoryFromGlobal1ForDriver

Version World NID
3.60 non-secure 0x7750CEA7

Same as sceKernelAllocHeapMemoryForDriver but uses global uid.

void* sceKernelAllocHeapMemoryFromGlobal1ForDriver(SceSize size);

sceKernelAllocHeapMemoryFromGlobal2ForDriver

Version World NID
3.60 non-secure 0x0B4ED16A

Same as sceKernelAllocHeapMemoryForDriver but does not set unk2 to 0 and uses global uid.

void* sceKernelAllocHeapMemoryFromGlobal2ForDriver(SceSize size, void *unk);

sceKernelFreeHeapMemoryForDriver

Version World NID
1.69 non-secure 0x3EBCE343
3.60 non-secure 0x3EBCE343
int sceKernelFreeHeapMemoryForDriver(int pool_uid, void *ptr);

sceKernelMapUserBlockForDriver

Version World NID
1.69 non-secure 0x7D4F8B5F
3.60 non-secure 0x7D4F8B5F

Permission is either "1" for read only, no execute or "2"/"3" for read write, no execute. Type is either 0, 1, or 17 and affects the block type. 0 is default. This will allocate kernel memory starting at kernel_page. To get the same memory as the user pointer, add the kernel_offset. kernel_size is how much is allocated.

//this signature is for 1.69
int sceKernelMapUserBlockForDriver(int permission, int type, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);

//this signature is for 3.60 - now allows to give a name
int sceKernelMapUserBlockForDriver(char *name, int permission, int type, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);

sceKernelMapUserBlockDefaultTypeForDriver

Version World NID
3.60 non-secure 0x278BC201

Assigns type 0.

int sceKernelMapUserBlockDefaultTypeForDriver(char *name, int permission, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);


sceKernelMapUserBlockDefaultType2ForDriver

Version World NID
3.60 non-secure 0x0091D74D

Assigns type 0.

int sceKernelMapUserBlockDefaultType2ForDriver(int unk0, char *name, int permission, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);

Switch TTB For PID

Version World NID
1.69 non-secure 0x6F2ACDAE
3.60 non-secure N/A

Changes the TTBR to point to the tables for a given PID.

int switch_ttb_for_pid(SceUID pid);

sceKernelRoMemcpyKernelToUserForPidForDriver

Version World NID
1.69 non-secure 0x571D2739
3.60 non-secure 0x571D2739
int sceKernelRoMemcpyKernelToUserForPidForDriver(SceUID pid, void *dst, const void *src, SceSize size);

sceKernelFirstDifferentIntUserForPidForDriver

Version World NID
1.69 non-secure 0x8334454F
3.60 non-secure 0x8334454F

Looks for an integer in userspace.

int sceKernelFirstDifferentIntUserForPidForDriver(SceUID pid, void *haystack, int needle, SceSize size);

sceKernelStrnlenUserForPidForDriver

Version World NID
1.69 non-secure 0x9929EB07
3.60 non-secure 0x9929EB07
int sceKernelStrnlenUserForPidForDriver(SceUID pid, char *ptr, SceSize size);

sceKernelStrncpyUserForPidForDriver

Version World NID
1.69 non-secure 0x75AAF178
3.60 non-secure 0x75AAF178
int sceKernelStrncpyUserForPidForDriver(SceUID pid, char *dst, const char *kern_src, SceSize size);

sceKernelMemcpyKernelToUserForPidUncheckedForDriver

Version World NID
1.69 non-secure 0xFED82F2D
3.60 non-secure 0xFED82F2D
int sceKernelMemcpyKernelToUserForPidUncheckedForDriver(SceUID pid, void *dst, const void *kern_src, SceSize size);

sceKernelMemcpyKernelToUserForPidForDriver

Version World NID
1.69 non-secure 0x6B825479
3.60 non-secure 0x6B825479

This will not crash on invalid user pointers, but instead return error.

int sceKernelMemcpyKernelToUserForPidForDriver(SceUID pid, void *dst, const void *kern_src, SceSize size);

sceKernelMemcpyUserToUserForPidForDriver

Version World NID
1.69 non-secure 0x8E086C33
3.60 non-secure 0x8E086C33
int sceKernelMemcpyUserToUserForPidForDriver(SceUID pid, void *dst, const void *src, SceSize size);

create_event

Version World NID
3.60 non-secure 0x56A13E90
SceUID create_event(SceClass *cls, const char *name, SceObjectBase **obj);

sceKernelMemRangeRetainWithPermForDriver

Version World NID
3.60 non-secure 0xBC0A1D60

Increase references to pages.

int sceKernelMemRangeRetainWithPermForDriver(int perm, const void *addr, unsigned int size);

sceKernelMemRangeReleaseWithPermForDriver

Version World NID
3.60 non-secure 0x22CBE925

Decrease references to pages.

int sceKernelMemRangeReleaseWithPermForDriver(int perm, const void *addr, unsigned int size);

sceKernelAllocMemBlockExtForDriver

Version World NID
3.60 non-secure 0xD44F464D
int sceKernelAllocMemBlockExtForDriver(const char *name, int type, unsigned int size, SceKernelAllocMemBlockKernelOpt *opt, SceKernelPaddrList *out_paddr_list);

sceKernelFindMemBlockForDriver

Version World NID
3.60 non-secure 0x9C78064C
int sceKernelFindMemBlockForDriver(int flags, void *base, SceSize size);

SceSysmemForDriver_98C15666

Version World NID
3.60 non-secure 0x98C15666

Returns the paddr and size (addrpair) of the memblock if it's physically continuous.

int SceSysmemForDriver_98C15666(SceUID uid, SceKernelAddrPair *addrpair)

SceSysmem

The SceSysmem library is responsible for both low-level and high-level memory management. There are functions for allocating raw blocks of memory (similar to Linux sbrk) as well as functions for maintaining a heap-like structure (similar to malloc) for kernel, however SceLibKernel implements a proper heap and that is used for user code.

sceKernelGetMemBlockInfoByRange

Version NID
1.69 0x6F3DB4

sceKernelSyncVMDomain

Version NID
1.69 0x19D2A81A

sceKernelRemapMemBlock

Version NID
1.69 0x3B29E0F5

sceKernelGetMemBlockInfoByAddr

Version NID
1.69 0x4010AD65

sceKernelMapMemBlock

Version NID
1.69 0x7B763A21

sceKernelGetSubbudgetInfo

Version NID
1.69 0x832B4A65

sceKernelGetFreeMemorySize

Version NID
1.69 0x87CC580B

sceKernelOpenMemBlock

Version NID
1.69 0x8EB8DFBB

sceKernelOpenVMDomain

Version NID
1.69 0x9CA3EB2B

sceKernelFindMemBlockByAddr

Version NID
1.69 0xA33B99D1

sceKernelFreeMemBlock

Version NID
1.69 0xA91E15EE

sceKernelCloseMemBlock

Version NID
1.69 0xB680E3A0

sceKernelGetMemBlockBase

Version NID
1.69 0xB8EF5818

sceKernelAllocMemBlock

Version NID
1.69 0xB9D5EBDE

sceKernelPartialMapMemBlock

Version NID
1.69 0xC0A59868

sceKernelPartialUnmapMemBlock

Version NID
1.69 0xCA99929B

sceKernelCloseVMDomain

Version NID
1.69 0xD6CA56CA

sceKernelAllocMemBlockForVM

Version NID
1.69 0xE2D7E137

sceKernelUnmapMemBlock

Version NID
1.69 0xEE30D976

SceDipsw

SceCpu

This library provides wrapper for much ARM CP15 co-processor access as well as low level support of spinlocks and other synchronization primitives.

SceDipsw

sceKernelCheckDipsw

Version NID
1.69 0x1C783FB2

sceKernelClearDipsw

Version NID
1.69 0x800EDCC1

sceKernelSetDipsw

Version NID
1.69 0x817053D4

SceDipswForDriver

ksceKernelCheckDipsw

Version NID
3.60 0xA98FC2FD

ksceKernelClearDipsw

Version NID
3.60 0xF1F3E9FE

ksceKernelSetDipsw

Version NID
3.60 0x82E45FBF

SceUartForKernel

SceUartForKernel_41973874

Version NID
3.60 0x41973874
int ksceUartWrite(int device, unsigned char data);

SceUartForKernel_38DB7629

Version NID
3.60 0x38DB7629

Returns the number of words available to read from the read FIFO.

int ksceUartReadAvailable(int device);

SceUartForKernel_9BBF1255

Version NID
3.60 0x9BBF1255
int ksceUartRead(int device);

SceUartForKernel_A9C74212

Version NID
3.60 0xA9C74212

It initializes the clock generator registers for the device. The default baud rate is 115200 for devices 0-5 and 250000 for the device 6.

int ksceUartInit(int device);

SceCpu

sceKernelCpuId

Version NID
1.69 0x2704CFEE

SceCpuForKernel

void SceCpuForKernel_1BB2BB8D(void); // BPIALLIS, Branch predictor invalidate all (IS)
void SceCpuForKernel_264DA250(void); // ICIALLUIS, Instruction cache invalidate all (PoU, IS)
void SceCpuForKernel_2F3BF020(void); //DCISW, Data cache invalidate by set/way (all the cache)
void SceCpuForKernel_470EAE1E(int mva); //DCIMVAC, Data cache invalidate by MVA (PoC)
void SceCpuForKernel_4C4C7D6B(void); //BPIALL, Branch predictor invalidate all
void SceCpuForKernel_583F30D1(void *addr, unsigned int size); //DCIMVAC, Data cache invalidate by MVA (PoC)
void SceCpuForKernel_6BA2E51C(void *addr, unsigned int size); // DCCIMVAC, Data cache clean and invalidate by MVA (PoC)
void SceCpuForKernel_73A30DB2(void); // DCCSW, Data cache clean by set/way (all the cache)
void SceCpuForKernel_76DAB4D0(void); // DCCISW, Data cache clean and invalidate by set/way (all the cache)
void SceCpuForKernel_AEE0B489(void); //ICIALLU, Instruction cache invalidate all (PoU)
void SceCpuForKernel_C5C1EE4E(void *addr, unsigned int size); // DCCMVAC, Data cache clean by MVA (PoC)
void SceCpuForKernel_C8E8C9E9(int mva); //DCCIMVAC, Data cache clean and invalidate by MVA (PoC)
void SceCpuForKernel_F4C7F578(void *addr, unsigned int size); // ICIMVAU, Instruction cache invalidate by MVA (PoU)
void SceCpuForKernel_F7159B55(int mva); // DCCMVAC, Data cache clean by MVA (PoC)

Unrestricted Write for Kernel

Unrestricted memcpy by first setting the DACR register to 0xFFFF0000 and then doing a memcpy.

Version NID
1.69 0x8C683DEC
int unrestricted_memcpy_for_kernel(void *dst, void *src, size_t len);

get_paddr_2

Version World NID
3.60 ? 0x67343a07
int get_paddr_2(int maskPAR, void *vaddr, void **result);

get_paddr_3

Version World NID
3.60 ? 0x2a46e800
int get_paddr_3(void *vaddr, void **result);

SceCpuForKernel_D0D85FF8

Version NID
3.60 0xD0D85FF8
int invalidate_unknown_coprocessor_cache(void);

SceCpuForDriver

SceCpuForDriver_BF82DEB2_lock

Version NID
1.60 0xBF82DEB2
int SceCpuForDriver_BF82DEB2_lock(int *addr);

SceCpuForDriver_D6ED0C46_unlock

Version NID
1.60 0xD6ED0C46
int SceCpuForDriver_D6ED0C46_unlock(int *addr);

These two functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.


SceCpuForDriver_D32ACE9E_lock_int

Version NID
3.35 0xD32ACE9E
int SceCpuForDriver_D32ACE9E_lock_int(int *addr);

SceCpuForDriver_7BB9D5DF_unlock_int

Version NID
3.35 0x7BB9D5DF
void SceCpuForDriver_7BB9D5DF_unlock_int(int *addr, int prev_state);

Same as the pair above, but while mutex is held, interrupts are disabled. Used like this:

int prev_state = SceCpuForDriver_D32ACE9E_lock_int(mutex);
// do work
SceCpuForDriver_7BB9D5DF_unlock_int(mutex, prev_state);

SceCpuForDriver_4C38CE4D_lock_int_2

Version NID
3.35 0x4C38CE4D

SceCpuForDriver_9EC91017_unlock_int_2

Version NID
3.35 0x9EC91017


Same as the pair above, but stores 0x80000000 as the addr value instead of LR.


SceCpuForDriver_821FC0EE_disable_irq

Version NID
1.60 0x821FC0EE
int SceCpuForDriver_821FC0EE_disable_irq(void);

Disables irq (but not fiq) and returns previous interrupt bit status (so either 0 or 0x80).

SceCpuForDriver_F5BAD43B_restore_irq

Version NID
1.60 0xF5BAD43B
void SceCpuForDriver_F5BAD43B_restore_irq(int previous_state);

Restores previous irq state, pass either 0 or 0x80.

SceCpuForDriver_5E4D5DE1_get_multproc_id_reg

Version NID
1.50 0x5E4D5DE1

Return the CPU ID of the current core.

SceSysclibForKernel

SceSysclibForDriver

The C standard library for use in kernel only. (Userland have SceLibKernel, which confusingly is userland only).

Include standard string functions (no insecure variants like strcpy).

__aeabi_idiv

Version World NID
3.60 non-secure 0x2518CD9E

__aeabi_uidiv

Version World NID
3.35 non-secure 0xA9FF1205
3.60 non-secure 0xA9FF1205

__aeabi_uidivmod

Version World NID
3.35 non-secure 0xA46CB7DE
3.60 non-secure 0xA46CB7DE

__aeabi_ldivmod

Version World NID
3.60 non-secure 0x7554AB04

__memcpy_chk

Version World NID
3.60 non-secure 0x8A0B0815

__memmove_chk

Version World NID
3.60 non-secure 0x35DBB110

__memset_chk

Version World NID
3.60 non-secure 0x1A30BB28

__stack_chk_fail

Version World NID
1.69 non-secure 0xB997493D
3.60 non-secure 0xB997493D

__strncat_chk

Version World NID
3.60 non-secure 0x33EE298B

__strncpy_chk

Version World NID
3.60 non-secure 0x96268C53

look_ctype_table

Version World NID
3.60 non-secure 0xCDF7F155

memchr

Version World NID
3.60 non-secure 0x60DAEA30

memcmp

Version World NID
3.60 non-secure 0xB5A4D745

timing constant memcmp

memcmp2

Version World NID
1.69 non-secure 0xF939E83D
3.60 non-secure 0xF939E83D

memcpy

Version World NID
1.60 non-secure 0x40C88316
1.69 non-secure 0x40C88316
3.60 non-secure 0x40C88316

memmove

Version World NID
1.69 non-secure 0x6CC9C1A1
3.60 non-secure 0x6CC9C1A1

On 1.69, this seems to be implemented incorrectly.

memset

Version World NID
1.60 non-secure 0x0AB9BF5C
3.60 non-secure 0x0AB9BF5C

memset2

Version World NID
1.69 non-secure 0x502B000D

rshift

Version World NID
1.69 non-secure 0x1D89F6C0
3.60 non-secure 0x1D89F6C0

snprintf

Version World NID
1.69 non-secure 0xAE7A8981
3.60 non-secure 0xAE7A8981

strchr

Version World NID
1.69 non-secure 0x38463759
3.35 non-secure 0x38463759
3.60 non-secure 0x38463759

strcmp

Version World NID
1.69 non-secure 0x0B33BC43
3.60 non-secure 0x0B33BC43

strlcat

Version World NID
3.60 non-secure 0x12504E09

strlcpy

Version World NID
3.60 non-secure 0x7FB4EBEC

strlen

Version World NID
1.69 non-secure 0xCFC6A9AC
3.60 non-secure 0xCFC6A9AC

strncat

Version World NID
1.69 non-secure 0xA1D1C32C
3.60 non-secure 0xA1D1C32C

strncmp

Version World NID
1.60 non-secure 0x12CEE649
1.69 non-secure 0x12CEE649
3.60 non-secure 0x12CEE649

strncpy

Version World NID
3.60 non-secure 0x6D286146

strnlen

Version World NID
1.69 non-secure 0xCD4BD884
3.60 non-secure 0xCD4BD884

strrchr

Version World NID
1.69 non-secure 0x7F0E0835
3.60 non-secure 0x7F0E0835

strstr

Version World NID
1.69 non-secure 0x1304A69D
3.60 non-secure 0x1304A69D

strtol

Version World NID
1.69 non-secure 0xAB77C5AA
3.60 non-secure 0xAB77C5AA

strtoll

Version World NID
3.60 non-secure 0x87AAAFA2

strtoul

Version World NID
3.60 non-secure 0x4E5042DA

tolower

Version World NID
3.60 non-secure 0x0021DAF9

toupper

Version World NID
3.60 non-secure 0xA685DCB1

vsnprintf

Version World NID
3.60 non-secure 0x3DDBE2E1

SceSysrootForKernel

sceSysrootGetSelfInfoForKernel

Version NID
3.60 0xF10AB792
typedef struct self_info_pair
{
   uint32_t size; // 0x0C
   char* elf_data; 
   uint32_t elf_size;
} self_info_pair;

int sceSysrootGetSelfInfoForKernel(int index, self_info_pair* state);
Index SELF
0 gcauthmgr_sm.self
1 rmauth_sm.self
2 encdec_w_portability_sm.self

SceSysrootForKernel_CC85905B

Version NID
3.60 0xCC85905B

Returns the exception vectors base address. The address of the exception vectors for the CPU i is: SceSysrootForKernel_CC85905B() + 0x40 * i.

sceSysrootGetSysrootBufferForKernel

Version NID
3.60 0x9DB56D1F

Returns pointer to Sysroot buffer.

void *sceSysrootGetSysrootBufferForKernel(void);

sceSysrootGetSysbaseForKernel

Version NID
3.60 0x3E455842

sceSysrootGetProcessTitleIdForPidForKernel

Version NID
3.60 0xEC3124A3
int sceSysrootGetProcessTitleIdForPidForKernel(SceUID pid, char *titleid, size_t len);

sceSysrootIsAuCodecIcConexantForKernel

Version NID
3.60 0x46E72428
int sceSysrootIsAuCodecIcConexantForKernel(void);

sceSysrootIsBsodRebootForKernel

Version NID
3.60 0x4373AC96
int sceSysrootIsBsodRebootForKernel(void);

sceSysrootIsExternalBootModeForKernel

Version NID
3.60 0x89D19090
int sceSysrootIsExternalBootModeForKernel(void);

sceSysrootIsManufacturingModeForKernel

Version NID
3.60 0x55392965
int sceSysrootIsManufacturingModeForKernel(void);

sceSysrootIsSafeModeForKernel

Version NID
3.60 0x834439A7
int sceSysrootIsSafeModeForKernel(void);

sceSysrootIsUpdateModeForKernel

Version NID
3.60 0xB0E1FC67
int sceSysrootIsUpdateModeForKernel(void);

sceSysrootIsUsbEnumWakeupForKernel

Version NID
3.60 0x79C9AE10
int sceSysrootIsUsbEnumWakeupForKernel(void);

sceSysrootUseInternalStorageForKernel

Version NID
3.60 0x50FE3B4D
int sceSysrootUseInternalStorageForKernel(void);

sceSysrootGetNidNameForKernel

Version NID
3.60 0x0B79E220
int sceSysrootGetNidNameForKernel(unsigned int nid, const char **name);

SceSysrootForKernel_FF9F80FF

Version NID
3.60 0xFF9F80FF
int SceSysrootForKernel_FF9F80FF(SceUID pid, const void *addr, unsigned int *info); // info[0] = 0x3C

Returns export info at address for pid (contains module, lib and NID and their names).

SceKernelUtilsForDriver

sceAesDecrypt1ForDriver

Decrypt with AES.

Version NID
1.69 0xD8678061
3.60 0xD8678061
int sceAesDecrypt1ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesDecrypt2ForDriver

Version NID
3.60 0xE39CD272
int sceAesDecrypt2ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesEncrypt1ForDriver

Encrypt with AES. There are two functions that are the same on 1.69.

Version NID
1.69 0xC2A61770
3.60 0xC2A61770
int sceAesEncrypt1ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesEncrypt2ForDriver

Encrypt with AES. There are two functions that are the same on 1.69.

Version NID
1.69 0x302947B6
3.60 0x302947B6
int sceAesEncrypt2ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesInit1ForDriver

This sets up the AES engine. ctx is a 960 byte buffer (int 1.69). blocksize and keysize is the security in bits. 128/196/256 are supported values.

Version NID
1.69 0xF12B6451
3.60 0xF12B6451

last arg to subroutine is 0

int sceAesInit1ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);

sceAesInit2ForDriver

Version NID
3.60 0xEDA97D6D

last arg to subroutine is 1

int sceAesInit2ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);

sceAesInit3ForDriver

Version NID
3.60 0x72408E29

last arg to subroutine is 2

int sceAesInit3ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);

sceDeflateDecompressForDriver

Version NID
3.60 0x8AF1FAD4

sceDeflateDecompressPartialForDriver

Version NID
3.60 0x3D74CCDF

sceGzipDecompressForDriver

Version NID
3.60 0x367EE3DF

sceGzipGetCommentForDriver

Version NID
3.60 0xCD3AE08F

sceGzipGetCompressedDataForDriver

Version NID
3.60 0x63619124

sceGzipGetInfoForDriver

Version NID
3.60 0xFFC6A10F

sceGzipGetNameForDriver

Version NID
3.60 0xF901FD3E

sceGzipIsValidForDriver

Version NID
3.60 0xD8FAEFD4

sceHmacSha1DigestForDriver

Version NID
3.60 0x29A28957
int sceHmacSha1DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);

sceHmacSha224DigestForDriver

Version NID
3.60 0x7F2A7B99
int sceHmacSha224DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);

sceHmacSha256DigestForDriver

Version NID
3.60 0x83EFA1CC
int sceHmacSha256DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);

sceMt19937GlobalInitForDriver

Version NID
3.60 0xD428CC2A

sceMt19937GlobalUninitForDriver

Version NID
3.60 0x875B2A1C

sceMt19937InitForDriver

Version NID
3.60 0x4C9A5730

sceMt19937UIntForDriver

Version NID
3.60 0x92AEDFBC

sceSfmt19937FillArray32ForDriver

Version NID
3.60 0x2B30548B

sceSfmt19937FillArray64ForDriver

Version NID
3.60 0x49B41540

sceSfmt19937GenRand32ForDriver

Version NID
3.60 0xBBE4701A

sceSfmt19937GenRand64ForDriver

Version NID
3.60 0x45DEAAD6

sceSfmt19937InitByArrayForDriver

Version NID
3.60 0x33AE1203

sceSfmt19937InitGenRandForDriver

Version NID
3.60 0xAB48C3CA

sceSha1BlockInitForDriver

Version NID
3.60 0xE4390FFA
int sceSha1BlockInitForDriver(void* ctx);

sceSha1BlockResultForDriver

Version NID
3.60 0x48F24106
int sceSha1BlockResultForDriver(void* ctx, unsigned char* digest);

sceSha1BlockUpdateForDriver

Version NID
3.60 0x478A6F3C
int sceSha1BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);

sceSha1DigestForDriver

Version NID
3.60 0x87DC7F2F
int sceSha1DigestForDriver(unsigned char *data, int size, unsigned char* digest);

sceSha224BlockInitForDriver

Version NID
3.60 0xC762EA6D
int sceSha224BlockInitForDriver(void* ctx);

sceSha224BlockResultForDriver

Version NID
3.60 0xFBF2A442
int sceSha224BlockResultForDriver(void* ctx, unsigned char* digest);

sceSha224BlockUpdateForDriver

Version NID
3.60 0x7556E611
int sceSha224BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);

sceSha224DigestForDriver

Version NID
3.60 0x9EA9D4DC
int sceSha224DigestForDriver(unsigned char *data, int size, unsigned char* digest);

sceSha256BlockInitForDriver

Version NID
3.60 0xD909FA2C
int sceSha256BlockInitForDriver(void* ctx);

sceSha256BlockResultForDriver

Version NID
3.60 0x4899CD4B
int sceSha256BlockResultForDriver(void* ctx, unsigned char* digest);

sceSha256BlockUpdateForDriver

Version NID
3.60 0x236A9097
int sceSha256BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);

sceSha256DigestForDriver

Version NID
3.60 0xA773A6A8
int sceSha256DigestForDriver(unsigned char *data, int size, unsigned char* digest);

sceZlibDecompressForDriver

Version NID
3.60 0x900148DB

sceZlibGetCompressedDataForDriver

Version NID
3.60 0x01EB6C45

sceZlibGetInfoForDriver

Version NID
3.60 0x5B9BCD75

SceZlibForDriver

zlib compression library.

Firmware zlib version
1.60 1.2.5

inflate

Version NID
1.60 0xE4F34A68

deflate

Version NID
1.60 0xE859D60F

deflateReset

Version NID
1.60 0x68CFEA45

crc32

Version NID
1.60 0xE0CE06C0

adler32

Version NID
1.60 0x98619620

inflateSetDictionary

Version NID
1.60 0x7B16DBD6

SceKernelSuspendForDriver

Used to register callbacks for handling suspend/resume related events.

sceKernelRegisterSysEventHandlerForDriver

Version NID
1.69 0x04C05D10
3.60 0x04C05D10
typedef struct {
    uint32_t size; // 24
    uint32_t unk1;
    uint32_t unk2;
    uint32_t unk3;
    uint32_t unk4;
    uint32_t unk5;
} suspend_args_t;

typedef int (suspend_callback_t)(int resume, int event_id, suspend_args_t *args, void *opt);

int sceKernelSuspendRegisterCallbackForDriver(const char *name, suspend_callback_t *callback_func, void *opt);

Registers a function for handling suspend/resume. resume is 0 if we are currently suspending and 1 if we are currently resuming. opt is passed from the registration. Registration adds an entry to a linked list and returns the block id for the new entry.

Returns the suspend_callback_id.

sceKernelUnregisterSysEventHandlerForDriver

Version NID
1.69 0xDD61D621
3.60 0xDD61D621
int sceKernelUnregisterSysEventHandlerForDriver(int id);

Call with the id returned from suspend_register_callback to remove the entry from the linked list and free the memory.

sceKernelSysEventDispatchForDriver

Version NID
1.69 0xD4622EA8
3.60 0xD4622EA8
int sceKernelSysEventDispatchForDriver(int resume, int eventid, suspend_args_t *args, int stop_on_error);

This will go through the linked list and call each callback. If stop_on_error is set, then the first callback that returns a negative value will stop the call chain and return the block id of the callback that broke the chain. Otherwise, this function will invoke each callback and return zero.

sceKernelPowerTickForDriver

Version NID
3.60 0xE0489831
typedef enum SceKernelPowerTickType {
	/** Cancel all timers */
	SCE_KERNEL_POWER_TICK_DEFAULT			= 0,
	/** Cancel automatic suspension timer */
	SCE_KERNEL_POWER_TICK_DISABLE_AUTO_SUSPEND	= 1,
	/** Cancel OLED-off timer */
	SCE_KERNEL_POWER_TICK_DISABLE_OLED_OFF		= 4,
	/** Cancel OLED dimming timer */
	SCE_KERNEL_POWER_TICK_DISABLE_OLED_DIMMING	= 6
} SceKernelPowerTickType;

int sceKernelPowerTickForDriver(int type);

Cancel specified idle timers to prevent entering in power save processing.

Returns 0 on success.

SceQafMgrForDriver

Provides many device permission checks including Vita model checks, running app privilege checks, and so on.

ScePmMgrForDriver

scePmGetBootTypeIndicatorBit2ForDriver

Version World NID
3.60 non-secure 0x2AC815A2

gets data using ksceKernelGetSysrootBuffer

int scePmGetBootTypeIndicatorBit2ForDriver(char* result);

scePmGetBootTypeIndicatorBit2_2ForDriver

Version World NID
3.60 non-secure 0xBD1F193B

gets data using ksceKernelGetSysrootBuffer

int scePmGetBootTypeIndicatorBit2_2ForDriver(char* result);

SceSblAIMgrForDriver

SceProcEventForDriver

SceSysrootForDriver

SceSysrootForDriver_930B1342

Version World NID
3.60 non-secure 0x930B1342
int sceSysrootInitI2c?(void);

SceDebugLed

sceKernelGetGPI

Version NID
3.60 0x14F582CF

sceKernelSetGPO

Version NID
3.60 0x78E702D3

SceDebugLedForDriver

SceDebugForKernel

sceDebugSetHandlersForKernel

Version World NID
3.60 non-secure 0x10067B7B
int sceDebugSetHandlersForKernel(void (*func)(int unk, const char *format, const uint32_t *args), void *args);

sceDebugPutcharForKernel

Version World NID
3.60 non-secure 0x82D2EDCE

Print character.

int sceDebugPutcharForKernel(int character);

sceDebugGetPutcharHandlerForKernel

Version World NID
3.60 non-secure 0xE783518C

Returns pointer to current debug print char handler.

void *sceDebugGetPutcharHandlerForKernel(void);

sceDebugRegisterPutcharHandlerForKernel

Version World NID
3.60 non-secure 0xE6115A72

Set debug print char handler.

int sceDebugRegisterPutcharHandlerForKernel(int (*func)(void *args, char c), void *args);

SceDebugForKernel_082B8D6A

Version World NID
3.60 non-secure 0x082B8D6A

Print kernel exception information.

//name can be:
//UNDEF - ?
//PABT - Prefetch Abort
//DABT - Data Abort
//NEST - ?
int SceDebugForKernel_082B8D6A(void *unk, void *ctx, int index, char *name);

sceDebugDisableInfoDumpForKernel

Version World NID
3.60 non-secure 0xF857CDD6

SceDebugForDriver

SceSysmemForTZS

sceKernelAllocMemBlockForPidForTZS

Version World NID
1.69 Secure 0x0028E26C
int sceKernelAllocMemBlockForPidForTZS(SceUID pid, const char *name, SceKernelMemBlockType type, SceSize size, SceKernelAllocMemBlockKernelOpt *optp);

SceSysrootForTZS

sceSysrootGetSysrootBufferForTZS

Version World NID
1.69 secure 0x29C1049E

Returns pointer to Sysroot buffer.

void *sceSysrootGetSysrootBufferForTZS(void);