SceSysmem is a kernel module that acts as the heart of the kernel. It exports multiple libraries for various features. SceSysmem is the first module that is loaded in the kernel load sequence and its libraries are imported by almost all other modules. See Memory for more details on the memory subsystem.
Module
This module exists in both non-secure and secure world. The non-secure world SELF can be found in os0:kd/sysmem.skprx
. It also can be found in the Boot Image.
Known NIDs
Version |
Name |
World |
Privilege |
NID
|
1.69 |
SceSysmem |
Non-secure |
Kernel |
0xB93950C6
|
3.60 |
SceSysmem |
Non-secure |
Kernel |
0x3380B323
|
3.61 |
SceSysmem |
Non-secure |
Kernel |
0x3380B323
|
1.69 |
SceSysmem |
Secure |
Kernel |
0x502BE0E5
|
Libraries
Known NIDs
Types
typedef int threadmgr_core_ctx;
struct tctx_holder
{
int unk0;
int unk4;
int unk8;
int unkC;
int unk10;
int unk14;
int unk18;
int unk1C;
int unk20;
int unk24;
int unk28;
int unk2C;
int unk30;
threadmgr_core_ctx *tctx_34;
};
struct callback_holder1
{
int unk0;
int (*unk4)(void);
int (*unk8)(void);
int (*unkC)(void);
int unk10;
int unk14;
int unk18;
int unk1C;
int (*unk20)(void);
int unk24;
int unk28;
int unk2C;
int unk30;
int unk34;
int unk38;
int (*unk3C)(void);
};
struct callback_holder2
{
int size;
int (__cdecl *unk4)(int result, int *a2);
int (__cdecl *unk8)(SceUID *a1);
int (__cdecl *unkC)(int, int *);
int (__cdecl *sceKernelGetSelfInfoForKernel)(SceUID pid, SceSelfInfo *self_info);
int (__cdecl *sceKernelGetProcessTitleIdForKernel)(SceUID pid, char *titleid, size_t len);
int (__cdecl *unk18)(unsigned int a1);
int (__cdecl *unk1c)(int a1);
};
struct callback_holder3
{
int unk0;
int (*unk4)(void);
int (*unk8)(void);
int (__fastcall *unkC)(int);
int (__fastcall *unk10)(int);
int (*unk14)(void);
};
struct sysbase_t
{
tctx_holder *hldr[6];
char unk[84];
char *sysroot_buffer;
int unk70;
char unk74[616];
char unk2dc[52];
int unk310;
int unk314;
int unk318;
int unk31C;
int unk320;
int unk324;
int unk328;
int unk32C;
int unk330;
int unk334;
int unk338;
int unk33C;
int unk340;
int (__cdecl *unk344)();
int unk348;
int (*unk34C_some_callback1)(void);
callback_holder3 *unk350;
int unk354;
callback_holder1 *unk358;
callback_holder2 *unk35C;
int (*unk360)(void);
int (*unk364)(void);
int (__fastcall *unk368)(int, int, int);
char unk36C[20];
int (__cdecl *sceSblLicMgrGetLicenseStatusForDriver)();
int (__cdecl *SceSblPostSsMgrForDriver_22599675)();
int (__cdecl *SceSblPostSsMgrForDriver_9b49c249)();
int (__cdecl *SceSblPostSsMgrForDriver_d8a2d465)(unsigned long long);
int (__cdecl *SceSblPostSsMgrForDriver_abdd68cd)(void *);
int (__cdecl *sceSblUtMgrHasNpTestFlagForDriver)();
int (*SceSblUpdateMgr_smth)(void);
int (*ScePower_smth)(void);
};
typedef int (*SceClassCallback)(void *item);
typedef struct SceClass {
struct SceClass *next;
struct SceClass *root;
struct SceClass *prev;
const char *name;
struct SceClass *uidclass;
unsigned int attributes;
unsigned short itemsize;
unsigned short unk1A;
unsigned int object_type;
SceClassCallback create_cb;
SceClassCallback destroy_cb;
unsigned int magic; /* 0xABCE9DA5 */
} SceClass; /* size = 0x2C */
Memory Block Type
The type
parameter indicates what kind of memory to allocate. Here is a mapping of type
flags to ARM MMU flags. Higher bits are used for other options including where to allocate from. Not all flag values are valid, there is a table of valid types in the kernel. You cannot, for example, allocate RWX memory.
Mask |
Value |
Description
|
0x10000 |
0x10000 |
Global. nG bit NOT set
|
0xFF00 |
0x800 |
B bit set. Sharable device memory.
|
0xFF00 |
0x2000 |
TEX[2] and TEX[0] bit set. Outer cache Write-back, Write-Allocate. Inner cache non-cachable.
|
0xFF00 |
0x4000 |
TEX[2] and B bit set. Outer cache non-cachable. Inner cache Write-back, Write-Allocate
|
0xFF00 |
0x8000 |
TEX[0] bit set. S bit unset. Outer and inner non-cachable. Not sharable.
|
0xFF00 |
0xD000 |
TEX[0] bit set. C,B bits set. Outer and inner Write-back, Write-Allocate.
|
0xFF |
0x4 |
AP[2:0] = 5 , XN=1 . Privileged RO, User NA.
|
0xFF |
0x5 |
AP[2:0] = 5 . Privileged RX, User NA.
|
0xFF |
0x6 |
AP[2:0] = 1 , XN=1 . Privileged RW, User NA.
|
0xFF |
0x7 |
AP[2:0] = 1 . Privileged RWX, User NA. (Never used)
|
0xFF |
0x50 |
AP[2:0] = 7 . Privileged RX, User RX.
|
0xFF |
0x60 |
AP[2:0] = 3 , XN=1 . Privileged RW, User RW.
|
0xFF |
0x40 |
AP[2:0] = 7 , XN=1 . Privileged RO, User RO.
|
Mask |
Value |
Name
|
0x0F000000 |
0x09000000 |
SceKernelUserCdram
|
0x0F000000 |
0x0A000000 |
SceKernelUserShared
|
0x0F000000 |
0x0B000000 |
SceKernelUserIO
|
0x0F000000 |
0x0C000000 |
SceKernelUserMain
|
0x0F000000 |
0x0D000000 |
SceKernelUserUncache
|
0x0F000000 |
0x0E000000 |
SceKernelUserCDialog
|
0x0F000000 |
0x0F000000 |
SceKernelUserCDialogNC
|
SceSysmemForKernel
sceKernelRxMemcpyKernelToUserForPidForKernel
Version |
World |
NID
|
1.69 |
non-secure |
0x30931572
|
3.60 |
non-secure |
0x30931572
|
Unrestricted memcpy to the virtual address space for process pid
. Both dst
and src
must be in the address space of pid
but src
must also be accessible in the address space of the caller. This is normally used for resolving stubs in module loads. Same as write to RO but does a cache flush.
int sceKernelRxMemcpyKernelToUserForPidForKernel(SceUID pid, uintptr_t dst, const void *src, size_t len);
sceKernelFindClassByNameForKernel
Version |
World |
NID
|
3.60 |
Non-secure |
0x62989905
|
int sceKernelFindClassByNameForKernel(const char *name, SceClass **class);
sceKernelGetMemBlockTypeForKernel
Version |
World |
NID
|
3.60 |
Non-secure |
0x289BE3EC
|
/***
* Gets the memory block type of a memory block
*
* @param[in] uid - SceUID of the memory block
* @param[out] type - Type of the memory block identified by uid
*
* @return 0 on success, < 0 on error.
*/
int sceKernelGetMemBlockTypeForKernel(SceUID uid, unsigned int *type);
sceKernelCreateUidObjForKernel
Version |
World |
NID
|
3.60 |
Non-secure |
0xDF0288D7
|
SceUID sceKernelCreateUidObjForKernel(SceClass *class, const char *name, SceCreateUidObjOpt *opt, SceObjectBase **obj);
SceSysmemForDriver
sceKernelMemcpyKernelToUserForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x6D88EF8A
|
3.60 |
non-secure |
0x6D88EF8A
|
int sceKernelMemcpyKernelToUserForDriver(uint32_t uaddr, const void *kaddr, uint32_t len);
sceKernelMemcpyUserToKernelForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0xBC996A7A
|
3.60 |
non-secure |
0xBC996A7A
|
int sceKernelMemcpyUserToKernelForDriver(void *kaddr, uint32_t uaddr, uint32_t len);
sceKernelMemcpyUserToKernelForPidForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x605275F8
|
int sceKernelMemcpyUserToKernelForPidForDriver(SceUID pid, void *kaddr, uint32_t uaddr, uint32_t len);
Same as above, but copies from the specified process.
sceKernelStrncpyKernelToUserForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x80BD6FEB
|
3.60 |
non-secure |
0x80BD6FEB
|
int sceKernelStrncpyKernelToUserForDriver(uint32_t uaddr, const void *kaddr, uint32_t maxlen);
sceKernelStrncpyUserToKernelForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0xDB3EC244
|
3.60 |
non-secure |
0xDB3EC244
|
int sceKernelStrncpyUserToKernelForDriver(void *kaddr, uint32_t uaddr, uint32_t maxlen);
sceKernelStrnlenUserForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0xB429D419
|
3.60 |
non-secure |
0xB429D419
|
int sceKernelStrnlenUserForDriver(uint32_t uaddr, uint32_t maxlen);
sceKernelGetPaddrForDriver
Version |
World |
NID
|
1.69 |
secure |
0x1DEADF6C
|
1.69 |
non-secure |
0x8D160E65
|
3.60 |
non-secure |
0x8D160E65
|
if (result == 0)
return 0x80020005; // SCE_KERNEL_ERROR_INVALID_FLAGS
return sceKernelCpuGetPaddrWithMaskForKernel(0x33, vaddr, result);
This will write the physical address for a virtual address vaddr
to memory pointed to by result
.
Returns <0 on error, values >=0 indicate success.
int sceKernelGetPaddrForDriver(void *vaddr, void **result);
sceKernelGetPaddrListForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0xE68BEEBD
|
3.60 |
non-secure |
0xE68BEEBD
|
typedef struct SceKernelAddrPair {
uint32_t addr;
uint32_t length;
} SceKernelAddrPair;
typedef struct SceKernelPaddrListReq {
uint32_t size; // 0x14
uint32_t output_buffer_size;
uint32_t unk;
uint32_t ret_count;
SceKernelAddrPair *output_buffer;
} SceKernelPaddrListReq;
input.addr = vaddr;
input.length = length;
int sceKernelGetPaddrListForDriver(SceKernelAddrPair *input, SceKernelPaddrListReq *req);
This function takes in two parameters: an array of length 2 specifying the virtual address and the size of the block of memory and a request information. The function will write into output_buffer
an array of addr_pair
that encompasses the block of memory specified in the input. req->ret_count
will contain the number of entries written. If output_buffer
is null, it will just write the count.
sceKernelAllocMemBlockForDriver
Version |
World |
NID
|
1.69 |
secure |
0x402EB970
|
1.69 |
non-secure |
0xC94850C9
|
3.60 |
non-secure |
0xC94850C9
|
typedef enum SceKernelAllocMemBlockAttr {
SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PADDR = 0x00000002U,
SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_ALIGNMENT = 0x00000004U,
SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_MIRROR_BLOCKID = 0x00000040U,
SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PID = 0x00000080U,
SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PADDR_LIST = 0x00001000U
} SceKernelAllocMemBlockAttr;
struct SceKernelAllocMemKernelBlockOpt_old {
uint32_t size; // 0x34
uint32_t unk;
uint32_t attr;
uint32_t unk2;
uint32_t paddr;
uint32_t align;
uint32_t unk3[3];
uint32_t processid;
uint32_t unk4[3];
};
// specific to 3.60
typedef struct SceKernelAllocMemBlockKernelOpt {
SceSize size; //!< sizeof(SceKernelAllocMemBlockKernelOpt)
SceUInt32 field_4;
SceUInt32 attr; //!< OR of SceKernelAllocMemBlockAttr
SceUInt32 field_C;
SceUInt32 paddr;
SceSize alignment;
SceUInt32 field_18;
SceUInt32 field_1C;
SceUInt32 mirror_blockid;
SceUID pid;
SceKernelPaddrList *paddr_list;
SceUInt32 field_2C;
SceUInt32 field_30;
SceUInt32 field_34;
SceUInt32 field_38;
SceUInt32 field_3C;
SceUInt32 field_40;
SceUInt32 field_44;
SceUInt32 field_48;
SceUInt32 field_4C;
SceUInt32 field_50;
SceUInt32 field_54;
} SceKernelAllocMemBlockKernelOpt;
int sceKernelAllocMemBlockForDriver(const char *name, int32_t type, uint32_t vsize, struct SceKernelAllocMemKernelBlockOpt *pOpt);
The interface is the same as the user version of this call, however more types can be specified and more options are in the pOpt argument.
To allocate a kernel RW block of memory, specify type = 0x6020D006
.
To allocate a block of memory with a specific physical address, specify type = 0x20100206
or type = 0x20100806
, pOpt->attr = 2
, and pOpt->paddr = physical address
.
To allocate a block of memory that is kernel executable, specify type = 0x1020D005
.
To allocate a block of memory that is physically contiguous, specify type = 0x30808006
, pOpt->attr = 0x200004
and an alignment to pOpt->alignment
.
To allocate a block of memory inside the CDRAM, specify type = 0x40404006
.
pOpt->attr bitmask
Bitmask
|
Uses
|
0x00000001
|
field_C
|
0x00000002
|
paddr
|
0x00000004
|
alignment
|
0x00000008
|
field_18
|
0x00000010
|
field_1C
|
0x00000020
|
??
|
0x00000040
|
mirror_blockid
|
0x00000080
|
pid
|
0x00001000
|
paddr_list
|
0x00002000
|
field_2C
|
0x00010000
|
field_30
|
sceKernelGetMemBlockBaseForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0xA841EDDA
|
3.60 |
non-secure |
0xA841EDDA
|
int sceKernelGetMemBlockBaseForDriver(int blkid, void **base);
sceKernelFindMemBlockByAddrForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x8A1742F6
|
3.60 |
non-secure |
0x8A1742F6
|
int sceKernelFindMemBlockByAddrForDriver(void *base, int);
sceKernelRemapBlockForDriver
Version |
World |
NID
|
1.05 |
non-secure |
0x8D332AE1
|
1.69 |
non-secure |
0xDFE2C8CB
|
3.60 |
non-secure |
0xDFE2C8CB
|
int sceKernelRemapBlockForDriver(int blkid, int type);
This is used to remap RW memory as RX. To do this, first allocate a memory block of type 0x1020D006
. After you are done writing, call this with type
set to 0x1020D005
.
sceKernelCreateHeapForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x9328E0E8
|
3.60 |
non-secure |
0x9328E0E8
|
typedef struct {
int size; // 28
int flags; // usually 0x1
int unk;
int unk;
int block_type;
int unk;
int unk;
} pool_arg_t;
int sceKernelCreateHeapForDriver(const char *name, int size, pool_arg_t *opt); // opt can be NULL
The heap pool is thread safe.
sceKernelDeleteHeapForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0xD6437637
|
3.60 |
non-secure |
0xD6437637
|
int sceKernelDeleteHeapForDriver(int pool_uid);
sceKernelAllocHeapMemoryForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x7B4CB60A
|
3.60 |
non-secure |
0x7B4CB60A
|
void* sceKernelAllocHeapMemoryForDriver(SceUID uid, SceSize size);
sceKernelAllocHeapMemory2ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xB415B5A8
|
Same as sceKernelAllocHeapMemoryForDriver
but does not set unk2
to 0.
void* sceKernelAllocHeapMemory2ForDriver(SceUID uid, SceSize size, ctx_49D4DD9B* unk2);
sceKernelAllocHeapMemory3ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x49D4DD9B
|
Same as sceKernelAllocHeapMemoryForDriver
but does not set unk2
to 0.
typedef struct ctx_49D4DD9B
{
int unk0;
int unk4;
int unk8;
int unkC;
int unk10;
};
void* sceKernelAllocHeapMemory3ForDriver(SceUID uid, SceSize size, ctx_49D4DD9B* unk2);
sceKernelAllocHeapMemory4ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xD351EBC8
|
Same as sceKernelAllocHeapMemory2ForDriver
but does set uid
to 0x1000B.
Checks that uid is 0x10013 or 0x10005
void* sceKernelAllocHeapMemory4ForDriver(SceUID uid, SceSize size, ctx_49D4DD9B *unk);
sceKernelAllocHeapMemoryFromGlobal1ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x7750CEA7
|
Same as sceKernelAllocHeapMemoryForDriver
but uses global uid
.
void* sceKernelAllocHeapMemoryFromGlobal1ForDriver(SceSize size);
sceKernelAllocHeapMemoryFromGlobal2ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x0B4ED16A
|
Same as sceKernelAllocHeapMemoryForDriver
but does not set unk2
to 0 and uses global uid
.
typedef struct ctx_0B4ED16A
{
int unk0;
uint64_t unk8;
uint64_t unkC;
};
void* sceKernelAllocHeapMemoryFromGlobal2ForDriver(SceSize size, ctx_0B4ED16A* unk);
sceKernelFreeHeapMemoryForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x3EBCE343
|
3.60 |
non-secure |
0x3EBCE343
|
int sceKernelFreeHeapMemoryForDriver(int pool_uid, void *ptr);
sceKernelMapUserBlockForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x7D4F8B5F
|
3.60 |
non-secure |
0x7D4F8B5F
|
Permission is either "1" for read only, no execute or "2"/"3" for read write, no execute. Type is either 0, 1, or 17 and affects the block type. 0 is default. This will allocate kernel memory starting at kernel_page. To get the same memory as the user pointer, add the kernel_offset. kernel_size is how much is allocated.
//this signature is for 1.69
int sceKernelMapUserBlockForDriver(int permission, int type, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);
//this signature is for 3.60 - now allows to give a name
int sceKernelMapUserBlockForDriver(char *name, int permission, int type, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);
sceKernelMapUserBlockDefaultTypeForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x278BC201
|
Assigns type 0.
int sceKernelMapUserBlockDefaultTypeForDriver(char *name, int permission, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);
sceKernelMapUserBlockDefaultTypeForPidForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x0091D74D
|
Assigns type 0.
int sceKernelMapUserBlockDefaultTypeForPidForDriver(int pid, const char *name, int permission, const void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);
Switch TTB For PID
Version |
World |
NID
|
1.69 |
non-secure |
0x6F2ACDAE
|
3.60 |
non-secure |
N/A
|
Changes the TTBR to point to the tables for a given PID.
int switch_ttb_for_pid(SceUID pid);
sceKernelRoMemcpyKernelToUserForPidForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x571D2739
|
3.60 |
non-secure |
0x571D2739
|
int sceKernelRoMemcpyKernelToUserForPidForDriver(SceUID pid, void *dst, const void *src, SceSize size);
sceKernelFirstDifferentIntUserForPidForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x8334454F
|
3.60 |
non-secure |
0x8334454F
|
Looks for an integer in userspace.
int sceKernelFirstDifferentIntUserForPidForDriver(SceUID pid, void *haystack, int needle, SceSize size);
sceKernelStrnlenUserForPidForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x9929EB07
|
3.60 |
non-secure |
0x9929EB07
|
int sceKernelStrnlenUserForPidForDriver(SceUID pid, char *ptr, SceSize size);
sceKernelStrncpyUserForPidForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x75AAF178
|
3.60 |
non-secure |
0x75AAF178
|
int sceKernelStrncpyUserForPidForDriver(SceUID pid, char *dst, const char *kern_src, SceSize size);
sceKernelMemcpyKernelToUserForPidUncheckedForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0xFED82F2D
|
3.60 |
non-secure |
0xFED82F2D
|
int sceKernelMemcpyKernelToUserForPidUncheckedForDriver(SceUID pid, void *dst, const void *kern_src, SceSize size);
sceKernelMemcpyKernelToUserForPidForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x6B825479
|
3.60 |
non-secure |
0x6B825479
|
This will not crash on invalid user pointers, but instead return error.
int sceKernelMemcpyKernelToUserForPidForDriver(SceUID pid, void *dst, const void *kern_src, SceSize size);
sceKernelMemcpyUserToUserForPidForDriver
Version |
World |
NID
|
1.69 |
non-secure |
0x8E086C33
|
3.60 |
non-secure |
0x8E086C33
|
int sceKernelMemcpyUserToUserForPidForDriver(SceUID pid, void *dst, const void *src, SceSize size);
create_event
Version |
World |
NID
|
3.60 |
non-secure |
0x56A13E90
|
SceUID create_event(SceClass *cls, const char *name, SceObjectBase **obj);
sceKernelMemRangeRetainWithPermForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xBC0A1D60
|
Increase references to pages.
int sceKernelMemRangeRetainWithPermForDriver(int perm, const void *addr, unsigned int size);
sceKernelMemRangeReleaseWithPermForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x22CBE925
|
Decrease references to pages.
int sceKernelMemRangeReleaseWithPermForDriver(int perm, const void *addr, unsigned int size);
sceKernelAllocMemBlockExtForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xD44F464D
|
int sceKernelAllocMemBlockExtForDriver(const char *name, int type, unsigned int size, SceKernelAllocMemBlockKernelOpt *opt, SceKernelPaddrList *out_paddr_list);
sceKernelFindMemBlockForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x9C78064C
|
int sceKernelFindMemBlockForDriver(int flags, void *base, SceSize size);
SceSysmemForDriver_98C15666
Version |
World |
NID
|
3.60 |
non-secure |
0x98C15666
|
Returns the paddr and size (addrpair) of the memblock if it's physically continuous.
int SceSysmemForDriver_98C15666(SceUID uid, SceKernelAddrPair *addrpair)
SceSysmem
The SceSysmem library is responsible for both low-level and high-level memory management. There are functions for allocating raw blocks of memory (similar to Linux sbrk
) as well as functions for maintaining a heap-like structure (similar to malloc
) for kernel, however SceLibKernel implements a proper heap and that is used for user code.
sceKernelMapMemBlock
Version |
NID
|
1.69 |
0x7B763A21
|
3.60 |
not present
|
sceKernelRemapMemBlock
Version |
NID
|
1.69 |
0x3B29E0F5
|
3.60 |
not present
|
sceKernelPartialMapMemBlock
Version |
NID
|
1.69 |
0xC0A59868
|
3.60 |
not present
|
sceKernelUnmapMemBlock
Version |
NID
|
1.69 |
0xEE30D976
|
3.60 |
not present
|
sceKernelPartialUnmapMemBlock
Version |
NID
|
1.69 |
0xCA99929B
|
3.60 |
not present
|
sceKernelGetMemBlockInfoByRange
Version |
NID
|
1.69 |
0x006F3DB4
|
3.60 |
0x006F3DB4
|
sceKernelGetMemBlockInfoByAddr
Version |
NID
|
1.69 |
0x4010AD65
|
3.60 |
0x4010AD65
|
sceKernelGetSubbudgetInfo
Version |
NID
|
1.69 |
0x832B4A65
|
3.60 |
0x832B4A65
|
sceKernelGetFreeMemorySize
Version |
NID
|
1.69 |
0x87CC580B
|
3.60 |
0x87CC580B
|
sceKernelOpenMemBlock
Version |
NID
|
1.69 |
0x8EB8DFBB
|
3.60 |
0x8EB8DFBB
|
sceKernelFindMemBlockByAddr
Version |
NID
|
1.69 |
0xA33B99D1
|
3.60 |
0xA33B99D1
|
sceKernelFreeMemBlock
Version |
NID
|
1.69 |
0xA91E15EE
|
3.60 |
0xA91E15EE
|
sceKernelFreeMemBlockForVM
Version |
NID
|
3.60 |
0x4EA13FEA
|
sceKernelCloseMemBlock
Version |
NID
|
1.69 |
0xB680E3A0
|
3.60 |
0xB680E3A0
|
sceKernelGetMemBlockBase
Version |
NID
|
1.69 |
0xB8EF5818
|
3.60 |
0xB8EF5818
|
sceKernelAllocMemBlock
Version |
NID
|
1.69 |
0xB9D5EBDE
|
3.60 |
0xB9D5EBDE
|
sceKernelAllocUnmapMemBlock
Version |
NID
|
3.60 |
0xEC636BCB
|
sceKernelOpenVMDomain
Version |
NID
|
1.69 |
0x9CA3EB2B
|
3.60 |
0x9CA3EB2B
|
sceKernelSyncVMDomain
Version |
NID
|
1.69 |
0x19D2A81A
|
3.60 |
0x19D2A81A
|
sceKernelCloseVMDomain
Version |
NID
|
1.69 |
0xD6CA56CA
|
3.60 |
0xD6CA56CA
|
sceKernelAllocMemBlockForVM
Version |
NID
|
1.69 |
0xE2D7E137
|
3.60 |
0xE2D7E137
|
sceKernelCheckModelCapability
Version |
NID
|
3.60 |
0x0144FBD9
|
sceKernelGetModelForCDialog
Version |
NID
|
3.60 |
0xA2CB322F
|
sceKernelGetModel
Version |
NID
|
3.60 |
0xD0D4F729
|
sceKernelIsPSVitaTV
Version |
NID
|
3.60 |
0x1453A5E5
|
SceDipsw
sceKernelCheckDipsw
Version |
NID
|
1.69 |
0x1C783FB2
|
3.60 |
0x1C783FB2
|
sceKernelClearDipsw
Version |
NID
|
1.69 |
0x800EDCC1
|
3.60 |
0x800EDCC1
|
sceKernelSetDipsw
Version |
NID
|
1.69 |
0x817053D4
|
3.60 |
0x817053D4
|
SceDipswForDriver
sceKernelCheckDipswForDriver
Version |
NID
|
3.60 |
0xA98FC2FD
|
sceKernelCheckDipswForDriver(int bit);
sceKernelGetDipswForDriver
Version |
NID
|
3.60 |
0xB2AD48BE
|
return *(int *)(dipsw_addr + 4 * int_count);
sceKernelGetDipswForDriver(int int_count);
sceKernelClearDipswForDriver
Version |
NID
|
3.60 |
0xF1F3E9FE
|
sceKernelClearDipswForDriver(int bit);
sceKernelSetDipswForDriver
Version |
NID
|
3.60 |
0x82E45FBF
|
sceKernelSetDipswForDriver(int bit);
SceUartForKernel
sceUartWriteForKernel
Version |
NID
|
3.60 |
0x41973874
|
int sceUartWriteForKernel(int device, unsigned char data);
sceUartReadAvailableForKernel
Version |
NID
|
3.60 |
0x38DB7629
|
Returns the number of words available to read from the read FIFO.
int sceUartReadAvailableForKernel(int device);
sceUartReadForKernel
Version |
NID
|
3.60 |
0x9BBF1255
|
int sceUartReadForKernel(int device);
sceUartInitForKernel
Version |
NID
|
3.60 |
0xA9C74212
|
It initializes the clock generator registers for the device
.
The default baud rate is 115200 for devices 0-5 and 250000 for the device 6.
int sceUartInitForKernel(int device);
SceCpu
This library provides wrapper for much ARM CP15 co-processor access as well as low level support of spinlocks and other synchronization primitives.
sceKernelCpuGetCpuId
Version |
World |
NID
|
1.69 |
non-secure |
0x2704CFEE
|
3.60 |
non-secure |
0x2704CFEE
|
Return the CPU ID of the current core.
int sceKernelCpuGetCpuId(void);
SceCpuForKernel
sceKernelCpuBranchPredictorInvalidateAllISForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x1BB2BB8D
|
void sceKernelCpuBranchPredictorInvalidateAllISForKernel(void); // BPIALLIS, Branch predictor invalidate all (IS)
sceKernelCpuBranchPredictorInvalidateAllForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x4C4C7D6B
|
void sceKernelCpuBranchPredictorInvalidateAllForKernel(void); // BPIALL, Branch predictor invalidate all
sceKernelCpuDcacheInvalidateMVACForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x470EAE1E
|
void sceKernelCpuDcacheInvalidateMVACForKernel(int mva); // DCIMVAC, Data cache invalidate by MVA (PoC)
sceKernelCpuDcacheInvalidateMVACRangeForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x583F30D1
|
void sceKernelCpuDcacheInvalidateMVACRangeForKernel(void *addr, unsigned int size); // DCIMVAC, Data cache invalidate by MVA (PoC)
sceKernelCpuDcacheCleanInvalidateMVACRangeForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x6BA2E51C
|
void sceKernelCpuDcacheCleanInvalidateMVACRangeForKernel(void *addr, unsigned int size); // DCCIMVAC, Data cache clean and invalidate by MVA (PoC)
sceKernelCpuDcacheInvalidateSWForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x2F3BF020
|
void sceKernelCpuDcacheInvalidateSWForKernel(void); // DCISW, Data cache invalidate by set/way (all the cache)
sceKernelCpuDcacheCleanSWForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x73A30DB2
|
void sceKernelCpuDcacheCleanSWForKernel(void); // DCCSW, Data cache clean by set/way (all the cache)
sceKernelCpuDcacheCleanInvalidateSWForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x76DAB4D0
|
void sceKernelCpuDcacheCleanInvalidateSWForKernel(void); // DCCISW, Data cache clean and invalidate by set/way (all the cache)
sceKernelCpuDcacheCleanMVACForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xF7159B55
|
void sceKernelCpuDcacheCleanMVACForKernel(int mva); // DCCMVAC, Data cache clean by MVA (PoC)
sceKernelCpuDcacheCleanMVACRangeForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xC5C1EE4E
|
void sceKernelCpuDcacheCleanMVACRangeForKernel(void *addr, unsigned int size); // DCCMVAC, Data cache clean by MVA (PoC)
sceKernelCpuDcacheCleanInvalidateMVACForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xC8E8C9E9
|
void sceKernelCpuDcacheCleanInvalidateMVACForKernel(int mva); // DCCIMVAC, Data cache clean and invalidate by MVA (PoC)
sceKernelCpuIcacheInvalidateAllUISForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x264DA250
|
void sceKernelCpuIcacheInvalidateAllUISForKernel(void); // ICIALLUIS, Instruction cache invalidate all (PoU, IS)
sceKernelCpuIcacheInvalidateAllUForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xAEE0B489
|
void sceKernelCpuIcacheInvalidateAllUForKernel(void); // ICIALLU, Instruction cache invalidate all (PoU)
sceKernelCpuIcacheInvalidateMVAURangeForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xF4C7F578
|
void sceKernelCpuIcacheInvalidateMVAURangeForKernel(void *addr, unsigned int size); // ICIMVAU, Instruction cache invalidate by MVA (PoU)
sceKernelCpuPreloadEngineKill
Version |
World |
NID
|
3.60 |
non-secure |
0xD0D85FF8
|
- NSACR (Non-Secure Access Control Register)
- Test bit NS access to the Preload Engine resources
- [>] PLEFF (Preload Engine FIFO flush operation)
- [>] PLEKC (Preload Engine kill channel operation)
- [<] PLEASR (Preload Engine Activity Status Register)
int sceKernelCpuPreloadEngineKill(void);
sceKernelCpuUnrestrictedMemcpyForKernel
Version |
World |
NID
|
1.69 |
non-secure |
0x8C683DEC
|
3.60 |
non-secure |
0x8C683DEC
|
Unrestricted memcpy by first setting the DACR
register to 0xFFFF0000
and then doing a memcpy.
int sceKernelCpuUnrestrictedMemcpyForKernel(void *dst, const void *src, size_t len);
sceKernelCpuGetPaddrWithMaskForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x67343A07
|
maskPAR is usually 0x33, sometimes 2.
int sceKernelCpuGetPaddrWithMaskForKernel(int maskPAR, void *vaddr, void **result);
sceKernelCpuGetPaddrForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x2A46E800
|
Uses maskPAR 0x33.
int sceKernelCpuGetPaddrForKernel(void *vaddr, void **result);
sceKernelCpuForKernel_9B8173F4
Version |
World |
NID
|
3.60 |
non-secure |
0x9B8173F4
|
Might be get_vaddr_memory_type.
Return value can be:
- 2
- 8
- 0x40
- 0x80
- 0xD0
- 0x80022007 (SCE_KERNEL_ERROR_VA2PA_FAULT)
int sceKernelCpuForKernel_9B8173F4(void *vaddr);
SceCpuForKernel_A5C9DBBA
Version |
World |
NID
|
3.60 |
non-secure |
0xA5C9DBBA
|
Uses sceKernelCpuGetCpuIdForDriver, sceKernelCpuAtomicGetAndSub16ForDriver and sceKernelCpuUnlockStoreLRForDriver.
int SceCpuForKernel_A5C9DBBA(void *addr);
SceCpuForKernel_9D72DD1B
Version |
World |
NID
|
3.60 |
non-secure |
0x9D72DD1B
|
Uses sceKernelCpuGetCpuIdForDriver and sceKernelCpuLockStoreLRForDriver.
int SceCpuForKernel_9D72DD1B(void *addr);
SceCpuForKernel_4CD4D921
Version |
World |
NID
|
3.60 |
non-secure |
0x4CD4D921
|
*(uint32_t *)addr = 1;
*((uint16_t *)addr + 2) = 4;
*((uint16_t *)addr + 3) = 4;
return result;
aka write 01 00 00 00 04 00 04 00 at addr.
int SceCpuForKernel_4CD4D921(void *addr);
SceCpuForKernel_43CC6E20
Version |
World |
NID
|
3.60 |
non-secure |
0x43CC6E20
|
Only used by SceKernelThreadmgr.
Does some memory copies between the args.
int SceCpuForKernel_43CC6E20(void *addr, int a2, int a3, int a4);
SceCpuUnrestrictedBzeroIntForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x76EB0DD4
|
int SceCpuUnrestrictedBzeroIntForKernel(int *addr);
SceCpuForKernel_337473B5
Version |
World |
NID
|
3.60 |
non-secure |
0x337473B5
|
DACR off
int SceCpuForKernel_337473B5(volatile void *ptr, unsigned int value);
SceCpuForDriver
sceKernelCpuGetCpuIdForDriver
Version |
NID
|
3.60 |
0x5E4D5DE1
|
Return the CPU ID of the current core.
int sceKernelCpuGetCpuIdForDriver(void);
sceKernelCpuAtomicAddAndGet8ForDriver
Version |
NID
|
3.60 |
0x1E850481
|
unsigned char sceKernelCpuAtomicAddAndGet8ForDriver (unsigned char *addr, unsigned char val);
sceKernelCpuAtomicAddAndGet16ForDriver
Version |
NID
|
3.60 |
0x59F74E94
|
unsigned short sceKernelCpuAtomicAddAndGet16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicAddAndGet32ForDriver
Version |
NID
|
3.60 |
0x5F6A8743
|
unsigned int sceKernelCpuAtomicAddAndGet32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicAddAndGet64ForDriver
Version |
NID
|
3.60 |
0x4E459A03
|
unsigned long long sceKernelCpuAtomicAddAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicAddUnless8ForDriver
Version |
NID
|
3.60 |
0x5CC62CEC
|
int sceKernelCpuAtomicAddUnless8ForDriver(unsigned char *addr, unsigned char val, unsigned char cmp);
sceKernelCpuAtomicAddUnless16ForDriver
Version |
NID
|
3.60 |
0x0F84AFE9
|
int sceKernelCpuAtomicAddUnless16ForDriver(unsigned short *addr, unsigned short val, unsigned short cmp);
sceKernelCpuAtomicAddUnless32ForDriver
Version |
NID
|
3.60 |
0x1F157DC3
|
int sceKernelCpuAtomicAddUnless32ForDriver(unsigned int *addr, unsigned int val, unsigned int cmp);
sceKernelCpuAtomicAddUnless64ForDriver
Version |
NID
|
3.60 |
0x06CCFA4B
|
int sceKernelCpuAtomicAddUnless64ForDriver(unsigned long long *addr, int unused, unsigned long long val, unsigned long long cmp);
sceKernelCpuAtomicAndAndGet8ForDriver
Version |
NID
|
3.60 |
0x32B62B1A
|
unsigned char sceKernelCpuAtomicAndAndGet8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicAndAndGet16ForDriver
Version |
NID
|
3.60 |
0xB281D52A
|
unsigned short sceKernelCpuAtomicAndAndGet16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicAndAndGet32ForDriver
Version |
NID
|
3.60 |
0xDF899E4B
|
unsigned int sceKernelCpuAtomicAndAndGet32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicAndAndGet64ForDriver
Version |
NID
|
3.60 |
0xD18E7B54
|
unsigned long long sceKernelCpuAtomicAndAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicClearAndGet8ForDriver
Version |
NID
|
3.60 |
0x8E538AB5
|
unsigned char sceKernelCpuAtomicClearAndGet8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicClearAndGet16ForDriver
Version |
NID
|
3.60 |
0x6B050D7C
|
unsigned short sceKernelCpuAtomicClearAndGet16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicClearAndGet32ForDriver
Version |
NID
|
3.60 |
0x78C1F148
|
unsigned int sceKernelCpuAtomicClearAndGet32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicClearAndGet64ForDriver
Version |
NID
|
3.60 |
0x2149CD4C
|
unsigned long long sceKernelCpuAtomicClearAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicClearMask8ForDriver
Version |
NID
|
3.60 |
0x1B3336B0
|
void sceKernelCpuAtomicClearMask8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicClearMask16ForDriver
Version |
NID
|
3.60 |
0x1BE58599
|
void sceKernelCpuAtomicClearMask16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicClearMask32ForDriver
Version |
NID
|
3.60 |
0x4AE1BCC0
|
void sceKernelCpuAtomicClearMask32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicClearMask64ForDriver
Version |
NID
|
3.60 |
0x55760309
|
void sceKernelCpuAtomicClearMask64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicCompareAndSet8ForDriver
Version |
NID
|
3.60 |
0x3627F4E0
|
unsigned char sceKernelCpuAtomicCompareAndSet8ForDriver(unsigned char *addr, unsigned char cmp, unsigned char val);
sceKernelCpuAtomicCompareAndSet16ForDriver
Version |
NID
|
3.60 |
0x6F63F56D
|
unsigned short sceKernelCpuAtomicCompareAndSet16ForDriver(unsigned short *addr, unsigned short cmp, unsigned short val);
sceKernelCpuAtomicCompareAndSet32ForDriver
Version |
NID
|
3.60 |
0xCDA96E81
|
unsigned int sceKernelCpuAtomicCompareAndSet32ForDriver(unsigned int *addr, unsigned int cmp, unsigned int val);
sceKernelCpuAtomicCompareAndSet64ForDriver
Version |
NID
|
3.60 |
0x4B527009
|
unsigned long long sceKernelCpuAtomicCompareAndSet64ForDriver(unsigned long long *addr, int unused, unsigned long long cmp, unsigned long long val);
sceKernelCpuAtomicDecIfPositive8ForDriver
Version |
NID
|
3.60 |
0x45153D4E
|
unsigned char sceKernelCpuAtomicDecIfPositive8ForDriver(unsigned char *addr);
sceKernelCpuAtomicDecIfPositive16ForDriver
Version |
NID
|
3.60 |
0x9A693F5B
|
unsigned short sceKernelCpuAtomicDecIfPositive16ForDriver(unsigned short *addr);
sceKernelCpuAtomicDecIfPositive32ForDriver
Version |
NID
|
3.60 |
0x2A71B03C
|
unsigned int sceKernelCpuAtomicDecIfPositive32ForDriver(unsigned int *addr);
sceKernelCpuAtomicDecIfPositive64ForDriver
Version |
NID
|
3.60 |
0x267D0B33
|
unsigned long long sceKernelCpuAtomicDecIfPositive64ForDriver(unsigned long long *addr);
sceKernelCpuAtomicGetAndAdd8ForDriver
Version |
NID
|
3.60 |
0xFCDCD4DE
|
unsigned char sceKernelCpuAtomicGetAndAdd8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicGetAndAdd16ForDriver
Version |
NID
|
3.60 |
0x225DF91A
|
unsigned short sceKernelCpuAtomicGetAndAdd16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicGetAndAdd32ForDriver
Version |
NID
|
3.60 |
0x341B6E81
|
unsigned int sceKernelCpuAtomicGetAndAdd32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicGetAndAdd64ForDriver
Version |
NID
|
3.60 |
0x043FD446
|
unsigned long long sceKernelCpuAtomicGetAndAdd64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicGetAndAnd8ForDriver
Version |
NID
|
3.60 |
0xD8E675C0
|
unsigned char sceKernelCpuAtomicGetAndAnd8ForDriver(unsigned char *a1, unsigned char a2);
sceKernelCpuAtomicGetAndAnd16ForDriver
Version |
NID
|
3.60 |
0x4A820BC5
|
unsigned short sceKernelCpuAtomicGetAndAnd16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicGetAndAnd32ForDriver
Version |
NID
|
3.60 |
0x10EB35EB
|
unsigned int sceKernelCpuAtomicGetAndAnd32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicGetAndAnd64ForDriver
Version |
NID
|
3.60 |
0x18A17E07
|
unsigned long long sceKernelCpuAtomicGetAndAnd64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicGetAndClear8ForDriver
Version |
NID
|
3.60 |
0x382D1466
|
unsigned char sceKernelCpuAtomicGetAndClear8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicGetAndClear16ForDriver
Version |
NID
|
3.60 |
0x8E9C086D
|
unsigned short sceKernelCpuAtomicGetAndClear16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicGetAndClear32ForDriver
Version |
NID
|
3.60 |
0xE36F3A46
|
unsigned int sceKernelCpuAtomicGetAndClear32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicGetAndClear64ForDriver
Version |
NID
|
3.60 |
0x88BA6002
|
unsigned long long sceKernelCpuAtomicGetAndClear64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicGetAndOr8ForDriver
Version |
NID
|
3.60 |
0xBDF6F8E4
|
unsigned char sceKernelCpuAtomicGetAndOr8ForDriver(unsigned char *var, unsigned char value);
sceKernelCpuAtomicGetAndOr16ForDriver
Version |
NID
|
3.60 |
0x004F09D1
|
unsigned short sceKernelCpuAtomicGetAndOr16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicGetAndOr32ForDriver
Version |
NID
|
3.60 |
0x2A40BB93
|
unsigned int sceKernelCpuAtomicGetAndOr32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicGetAndOr64ForDriver
Version |
NID
|
3.60 |
0xCB73D6D5
|
unsigned long long sceKernelCpuAtomicGetAndOr64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicGetAndSet8ForDriver
Version |
NID
|
3.60 |
0x29599FC8
|
unsigned char sceKernelCpuAtomicGetAndSet8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicGetAndSet16ForDriver
Version |
NID
|
3.60 |
0x085532C8
|
unsigned short sceKernelCpuAtomicGetAndSet16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicGetAndSet32ForDriver
Version |
NID
|
3.60 |
0x0EE04C03
|
unsigned int sceKernelCpuAtomicGetAndSet32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicGetAndSet64ForDriver
Version |
NID
|
3.60 |
0xD2DEE625
|
unsigned long long sceKernelCpuAtomicGetAndSet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicGetAndSub8ForDriver
Version |
NID
|
3.60 |
0x7B43D0D7
|
unsigned char sceKernelCpuAtomicGetAndSub8ForDriver (unsigned char *addr, unsigned char val);
sceKernelCpuAtomicGetAndSub16ForDriver
Version |
NID
|
3.60 |
0x3EE9B5B8
|
unsigned short sceKernelCpuAtomicGetAndSub16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicGetAndSub32ForDriver
Version |
NID
|
3.60 |
0xF891CF2A
|
unsigned int sceKernelCpuAtomicGetAndSub32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicGetAndSub64ForDriver
Version |
NID
|
3.60 |
0xA7585370
|
unsigned long long sceKernelCpuAtomicGetAndSub64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicGetAndXor8ForDriver
Version |
NID
|
3.60 |
0xBAF47F7B
|
unsigned char sceKernelCpuAtomicGetAndXor8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicGetAndXor16ForDriver
Version |
NID
|
3.60 |
0x711801E6
|
unsigned short sceKernelCpuAtomicGetAndXor16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicGetAndXor32ForDriver
Version |
NID
|
3.60 |
0x77E34309
|
unsigned int sceKernelCpuAtomicGetAndXor32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicGetAndXor64ForDriver
Version |
NID
|
3.60 |
0xE212ECAD
|
unsigned long long sceKernelCpuAtomicGetAndXor64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicOrAndGet8ForDriver
Version |
NID
|
3.60 |
0x5D515F1B
|
unsigned char sceKernelCpuAtomicOrAndGet8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicOrAndGet16ForDriver
Version |
NID
|
3.60 |
0xADD39B84
|
unsigned short sceKernelCpuAtomicOrAndGet16ForDriver (unsigned short *addr, unsigned short val);
sceKernelCpuAtomicOrAndGet32ForDriver
Version |
NID
|
3.60 |
0xBC248C30
|
unsigned int sceKernelCpuAtomicOrAndGet32ForDriver (unsigned int *addr, unsigned int val);
sceKernelCpuAtomicOrAndGet64ForDriver
Version |
NID
|
3.60 |
0x3E218AF7
|
unsigned long long sceKernelCpuAtomicOrAndGet64ForDriver(unsigned long long *addr, int unused, long long val);
sceKernelCpuAtomicSet8ForDriver
Version |
NID
|
3.60 |
0x0836537E
|
void sceKernelCpuAtomicSet8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicSet16ForDriver
Version |
NID
|
3.60 |
0x532CA3E8
|
void sceKernelCpuAtomicSet16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicSet32ForDriver
Version |
NID
|
3.60 |
0x3168BC57
|
void sceKernelCpuAtomicSet32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicSet64ForDriver
Version |
NID
|
3.60 |
0xC381CE8C
|
void sceKernelCpuAtomicSet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicSetIfGreaterGet8ForDriver
Version |
NID
|
3.60 |
0xC3868071
|
unsigned char sceKernelCpuAtomicSetIfGreaterGet8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicSetIfGreaterGet16ForDriver
Version |
NID
|
3.60 |
0x875B094D
|
unsigned short sceKernelCpuAtomicSetIfGreaterGet16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicSetIfGreaterGet32ForDriver
Version |
NID
|
3.60 |
0x26F71995
|
unsigned int sceKernelCpuAtomicSetIfGreaterGet32ForDriver(unsigned int *a1, unsigned int val);
sceKernelCpuAtomicSubAndGet8ForDriver
Version |
NID
|
3.60 |
0xEB085370
|
unsigned char sceKernelCpuAtomicSubAndGet8ForDriver(unsigned char *addr, unsigned char val);
sceKernelCpuAtomicSubAndGet16ForDriver
Version |
NID
|
3.60 |
0x515682C9
|
unsigned short sceKernelCpuAtomicSubAndGet16ForDriver(unsigned short *addr, unsigned short val);
sceKernelCpuAtomicSubAndGet32ForDriver
Version |
NID
|
3.60 |
0xA4884C4E
|
unsigned int sceKernelCpuAtomicSubAndGet32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicSubAndGet64ForDriver
Version |
NID
|
3.60 |
0xB5F8919C
|
unsigned long long sceKernelCpuAtomicSubAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuAtomicXorAndGet8ForDriver
Version |
NID
|
3.60 |
0x03887992
|
unsigned char sceKernelCpuAtomicXorAndGet8ForDriver (unsigned char *a1, unsigned char a2);
sceKernelCpuAtomicXorAndGet16ForDriver
Version |
NID
|
3.60 |
0x646003D6
|
unsigned short sceKernelCpuAtomicXorAndGet16ForDriver (unsigned short *addr, unsigned short val);
sceKernelCpuAtomicXorAndGet32ForDriver
Version |
NID
|
3.60 |
0x4244BE65
|
unsigned int sceKernelCpuAtomicXorAndGet32ForDriver(unsigned int *addr, unsigned int val);
sceKernelCpuAtomicXorAndGet64ForDriver
Version |
NID
|
3.60 |
0x692C51B3
|
unsigned long long sceKernelCpuAtomicXorAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);
sceKernelCpuDcacheAndL2InvalidateMVACRange_1ForDriver
Version |
NID
|
3.60 |
0x02796361
|
1
int sceKernelCpuDcacheAndL2InvalidateMVACRange_1ForDriver(void *ptr, size_t len);
sceKernelCpuDcacheAndL2InvalidateMVACRange_20ForDriver
Version |
NID
|
3.60 |
0x8B4C26DF
|
0x20
int sceKernelCpuDcacheAndL2InvalidateMVACRange_20ForDriver(void *ptr, size_t len);
sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_1ForDriver
Version |
NID
|
3.60 |
0x364E68A4
|
1
int sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_1ForDriver(void *ptr, size_t len);
sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_20ForDriver
Version |
NID
|
3.60 |
0xE551F99B
|
0x20
int sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_20ForDriver(void *ptr, size_t len);
sceKernelCpuDcacheAndL2CleanMVACRange_1ForDriver
Version |
NID
|
3.60 |
0x103872A5
|
1
int sceKernelCpuDcacheAndL2CleanMVACRange_1ForDriver(void *ptr, size_t len);
sceKernelCpuDcacheAndL2CleanMVACRange_20ForDriver
Version |
NID
|
3.60 |
0x9CB9F0CE
|
0x20
int sceKernelCpuDcacheAndL2CleanMVACRange_20ForDriver(void *ptr, size_t len);
SceCpuForDriver_E813EBB2
Version |
NID
|
3.60 |
0xE813EBB2
|
#define SceL2CacheReg 0x1A002000
__dsb();
*(int *)(SceL2CacheReg + 0x730) = 0;
while ( *(int *)(SceL2CacheReg + 0x730) & 1 )
;
__dmb();
int SceCpuForDriver_E813EBB2(void);
sceKernelCpuIsVaddrMappedForDriver
Version |
NID
|
3.60 |
0x337CBDF3
|
res = SceCpuForKernel_9B8173F4(vaddr);
if ( res != 8 )
{
if ( res <= 8 )
{
if ( res != 2 )
return 0;
}
else if ( res != 0x40 && res != 0x80 )
{
return 0;
}
}
return 1;
int sceKernelCpuIsVaddrMappedForDriver(void *vaddr);
These functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.
sceKernelCpuLockStoreLRForDriver
Version |
NID
|
1.60 |
0xBF82DEB2
|
3.60 |
0xBF82DEB2
|
void sceKernelCpuLockStoreLRForDriver(unsigned int *addr);
sceKernelCpuTryLockStoreLRForDriver
Version |
NID
|
3.60 |
0x5AC9D394
|
unsigned int sceKernelCpuTryLockStoreLRForDriver(unsigned int *addr);
sceKernelCpuUnlockStoreLRForDriver
Version |
NID
|
1.60 |
0xD6ED0C46
|
3.60 |
0xD6ED0C46
|
void sceKernelCpuUnlockStoreLRForDriver(unsigned int *addr);
sceKernelCpuLockStoreFlagForDriver
Version |
NID
|
3.60 |
0x3F42B434
|
void sceKernelCpuLockStoreFlagForDriver(unsigned int *result);
sceKernelCpuTryLockStoreFlagForDriver
Version |
NID
|
3.60 |
0x4F7790B4
|
unsigned int sceKernelCpuTryLockStoreFlagForDriver(unsigned int *addr);
sceKernelCpuUnlockStoreFlagForDriver
Version |
NID
|
3.60 |
0xCB8ABDF0
|
void sceKernelCpuUnlockStoreFlagForDriver(unsigned int *addr);
These functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.
LR is stored as addr value.
While mutex is held, interrupts are disabled.
Used like this:
int prev_state = sceKernelCpuLockSuspendIntrStoreLRForDriver(mutex);
// do work
sceKernelCpuUnlockResumeIntrStoreLRForDriver(mutex, prev_state);
sceKernelCpuLockSuspendIntrStoreLRForDriver
Version |
NID
|
3.35 |
0xD32ACE9E
|
3.60 |
0xD32ACE9E
|
unsigned int sceKernelCpuLockSuspendIntrStoreLRForDriver(unsigned int *addr);
sceKernelCpuTryLockSuspendIntrStoreLRForDriver
Version |
NID
|
3.60 |
0x27C0B340
|
unsigned int sceKernelCpuTryLockSuspendIntrStoreLRForDriver(int *addr);
sceKernelCpuUnlockResumeIntrStoreLRForDriver
Version |
NID
|
3.35 |
0x7BB9D5DF
|
3.60 |
0x7BB9D5DF
|
void sceKernelCpuUnlockResumeIntrStoreLRForDriver(unsigned int *addr, int prev_state);
These functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.
0x80000000 is stored as addr value.
While mutex is held, interrupts are disabled.
Used like this:
int prev_state = sceKernelCpuLockSuspendIntrStoreFlagForDriver(mutex);
// do work
sceKernelCpuUnlockResumeIntrStoreFlagForDriver(mutex, prev_state);
sceKernelCpuLockSuspendIntrStoreFlagForDriver
Version |
NID
|
3.35 |
0x4C38CE4D
|
3.60 |
0x4C38CE4D
|
unsigned int sceKernelCpuLockSuspendIntrStoreFlagForDriver(unsigned int *addr);
sceKernelCpuTryLockSuspendIntrStoreFlagForDriver
Version |
NID
|
3.60 |
0xDE6482C6
|
unsigned int sceKernelCpuTryLockSuspendIntrStoreFlagForDriver(unsigned int *addr);
sceKernelCpuUnlockResumeIntrStoreFlagForDriver
Version |
NID
|
3.35 |
0x9EC91017
|
3.60 |
0x9EC91017
|
void sceKernelCpuUnlockResumeIntrStoreFlagForDriver(unsigned int *addr, unsigned int prev_state);
sceKernelCpuSpinLockStoreLRForDriver
Version |
NID
|
3.60 |
0xCAC9AE80
|
void sceKernelCpuSpinLockStoreLRForDriver(unsigned int *result);
sceKernelCpuTrySpinLockStoreLRForDriver
Version |
NID
|
3.60 |
0x093925BD
|
unsigned int sceKernelCpuTrySpinLockStoreLRForDriver(unsigned int *addr);
sceKernelCpuSpinUnlockStoreLRForDriver
Version |
NID
|
3.60 |
0xF5FD5676
|
void sceKernelCpuSpinUnlockStoreLRForDriver(unsigned int *result);
sceKernelCpuSpinLockSuspendIntrStoreLRForDriver
Version |
NID
|
3.60 |
0xEC53D007
|
unsigned int sceKernelCpuSpinLockSuspendIntrStoreLRForDriver(unsigned int *addr);
sceKernelCpuTrySpinLockSuspendIntrStoreLRForDriver
Version |
NID
|
3.60 |
0xF02467D1
|
unsigned int sceKernelCpuTrySpinLockSuspendIntrStoreLRForDriver(unsigned int *addr);
sceKernelCpuSpinUnlockResumeIntrStoreLRForDriver
Version |
NID
|
3.60 |
0x740A0750
|
void sceKernelCpuSpinUnlockResumeIntrStoreLRForDriver(unsigned int *addr, unsigned int prev_state);
sceKernelCpuDisableInterruptsForDriver
Version |
NID
|
1.60 |
0x821FC0EE
|
3.60 |
0x821FC0EE
|
Disable irq (but not fiq) and returns previous interrupt bit status (so either 0 or 0x80).
unsigned int sceKernelCpuDisableInterruptsForDriver(void);
sceKernelCpuEnableInterruptsForDriver
Version |
NID
|
1.60 |
0xF5BAD43B
|
3.60 |
0xF5BAD43B
|
Restore previous irq state, pass either 0 or 0x80.
unsigned int sceKernelCpuEnableInterruptsForDriver(unsigned int prev_state);
SceSysclibForKernel
SceSysclibForDriver
The C standard library for use in kernel only. (Userland have SceLibKernel, which confusingly is userland only).
Include standard string functions (no insecure variants like strcpy
).
__aeabi_idiv
Version |
World |
NID
|
3.60 |
non-secure |
0x2518CD9E
|
__aeabi_uidiv
Version |
World |
NID
|
3.35 |
non-secure |
0xA9FF1205
|
3.60 |
non-secure |
0xA9FF1205
|
__aeabi_uidivmod
Version |
World |
NID
|
3.35 |
non-secure |
0xA46CB7DE
|
3.60 |
non-secure |
0xA46CB7DE
|
__aeabi_ldivmod
Version |
World |
NID
|
3.60 |
non-secure |
0x7554AB04
|
__memcpy_chk
Version |
World |
NID
|
3.60 |
non-secure |
0x8A0B0815
|
__memmove_chk
Version |
World |
NID
|
3.60 |
non-secure |
0x35DBB110
|
__memset_chk
Version |
World |
NID
|
3.60 |
non-secure |
0x1A30BB28
|
__stack_chk_fail
Version |
World |
NID
|
1.69 |
non-secure |
0xB997493D
|
3.60 |
non-secure |
0xB997493D
|
__strncat_chk
Version |
World |
NID
|
3.60 |
non-secure |
0x33EE298B
|
__strncpy_chk
Version |
World |
NID
|
3.60 |
non-secure |
0x96268C53
|
look_ctype_table
Version |
World |
NID
|
3.60 |
non-secure |
0xCDF7F155
|
memchr
Version |
World |
NID
|
3.60 |
non-secure |
0x60DAEA30
|
memcmp
Version |
World |
NID
|
3.60 |
non-secure |
0xB5A4D745
|
timing constant memcmp
memcmp2
Version |
World |
NID
|
1.69 |
non-secure |
0xF939E83D
|
3.60 |
non-secure |
0xF939E83D
|
memcpy
Version |
World |
NID
|
1.60 |
non-secure |
0x40C88316
|
1.69 |
non-secure |
0x40C88316
|
3.60 |
non-secure |
0x40C88316
|
memmove
Version |
World |
NID
|
1.69 |
non-secure |
0x6CC9C1A1
|
3.60 |
non-secure |
0x6CC9C1A1
|
On 1.69, this seems to be implemented incorrectly.
memset
Version |
World |
NID
|
1.60 |
non-secure |
0x0AB9BF5C
|
3.60 |
non-secure |
0x0AB9BF5C
|
memset2
Version |
World |
NID
|
1.69 |
non-secure |
0x502B000D
|
rshift
Version |
World |
NID
|
1.69 |
non-secure |
0x1D89F6C0
|
3.60 |
non-secure |
0x1D89F6C0
|
snprintf
Version |
World |
NID
|
1.69 |
non-secure |
0xAE7A8981
|
3.60 |
non-secure |
0xAE7A8981
|
strchr
Version |
World |
NID
|
1.69 |
non-secure |
0x38463759
|
3.35 |
non-secure |
0x38463759
|
3.60 |
non-secure |
0x38463759
|
strcmp
Version |
World |
NID
|
1.69 |
non-secure |
0x0B33BC43
|
3.60 |
non-secure |
0x0B33BC43
|
strlcat
Version |
World |
NID
|
3.60 |
non-secure |
0x12504E09
|
strlcpy
Version |
World |
NID
|
3.60 |
non-secure |
0x7FB4EBEC
|
strlen
Version |
World |
NID
|
1.69 |
non-secure |
0xCFC6A9AC
|
3.60 |
non-secure |
0xCFC6A9AC
|
strncat
Version |
World |
NID
|
1.69 |
non-secure |
0xA1D1C32C
|
3.60 |
non-secure |
0xA1D1C32C
|
strncmp
Version |
World |
NID
|
1.60 |
non-secure |
0x12CEE649
|
1.69 |
non-secure |
0x12CEE649
|
3.60 |
non-secure |
0x12CEE649
|
strncpy
Version |
World |
NID
|
3.60 |
non-secure |
0x6D286146
|
strnlen
Version |
World |
NID
|
1.69 |
non-secure |
0xCD4BD884
|
3.60 |
non-secure |
0xCD4BD884
|
strrchr
Version |
World |
NID
|
1.69 |
non-secure |
0x7F0E0835
|
3.60 |
non-secure |
0x7F0E0835
|
strstr
Version |
World |
NID
|
1.69 |
non-secure |
0x1304A69D
|
3.60 |
non-secure |
0x1304A69D
|
strtol
Version |
World |
NID
|
1.69 |
non-secure |
0xAB77C5AA
|
3.60 |
non-secure |
0xAB77C5AA
|
strtoll
Version |
World |
NID
|
3.60 |
non-secure |
0x87AAAFA2
|
strtoul
Version |
World |
NID
|
3.60 |
non-secure |
0x4E5042DA
|
tolower
Version |
World |
NID
|
3.60 |
non-secure |
0x0021DAF9
|
toupper
Version |
World |
NID
|
3.60 |
non-secure |
0xA685DCB1
|
vsnprintf
Version |
World |
NID
|
3.60 |
non-secure |
0x3DDBE2E1
|
SceSysrootForKernel
sceSysrootGetSmSelfInfoForKernel
Version |
NID
|
3.60 |
0xF10AB792
|
typedef struct sm_self_info
{
uint32_t size; // 0x0C
char* sm_self_data;
uint32_t sm_self_size;
} sm_self_info;
int sceSysrootGetSmSelfInfoForKernel(int index, sm_self_info* state);
Index |
SM SELF location
|
0 |
os0:sm/gcauthmgr_sm.self
|
1 |
os0:sm/rmauth_sm.self
|
2 |
os0:sm/encdec_w_portability_sm.self
|
sceSysrootGetSelfInfoForKernel
Version |
NID
|
3.60 |
0x4F0A4066
|
typedef struct SceSelfInfo // size is 0x90
{
SceUInt64 program_authority_id;
SceUInt64 padding1;
uint8_t capability[0x20];
uint8_t attribute[0x20];
uint8_t padding2[0x10];
uint8_t klicensee[0x10];
uint32_t unk_70;
uint32_t unk_74;
uint32_t unk_78;
uint32_t unk_7C;
uint32_t unk_80; // ex: 0x10
uint32_t unk_84;
uint32_t unk_88;
uint32_t unk_8C;
} SceSelfInfo;
int sceSysrootGetSelfInfoForKernel(SceUID pid, SceSelfInfo *self_info);
SceSysrootForKernel_CC85905B
Version |
NID
|
3.60 |
0xCC85905B
|
Returns the exception vectors base address. The address of the exception vectors for the CPU i
is: SceSysrootForKernel_CC85905B() + 0x40 * i
.
void *SceSysrootForKernel_CC85905B(void);
SceSysrootForKernel_377895EB
Version |
NID
|
3.60 |
0x377895EB
|
int SceSysrootForKernel_377895EB(int *a1);
Returns 0 on success, 0xFFFFFFFF on error.
a1 usually takes value 1 after this function is called.
Called by sceSblAuthMgrAuthHeaderForKernel before F00D request.
sceSysrootGetSysrootBufferForKernel
Version |
NID
|
3.60 |
0x9DB56D1F
|
Returns pointer to Sysroot buffer.
void *sceSysrootGetSysrootBufferForKernel(void);
sceSysrootGetSysbaseForKernel
Version |
NID
|
3.60 |
0x3E455842
|
sysbase_t* sceSysrootGetSysbaseForKernel();
sceSysrootGetProcessTitleIdForPidForKernel
Version |
NID
|
3.60 |
0xEC3124A3
|
int sceSysrootGetProcessTitleIdForPidForKernel(SceUID pid, char *titleid, size_t len);
sceSysrootIsAuCodecIcConexantForKernel
Version |
NID
|
3.60 |
0x46E72428
|
return sysroot_buffer + 0xE8;
int sceSysrootIsAuCodecIcConexantForKernel(void);
sceSysrootIsBsodRebootForKernel
Version |
NID
|
3.60 |
0x4373AC96
|
return (*(int *)(sysroot_buffer->wakeup_factor) & 0x7Fu) <= 0x17;
int sceSysrootIsBsodRebootForKernel(void);
sceSysrootIsExternalBootModeForKernel
Version |
NID
|
3.60 |
0x89D19090
|
return *(int *)(sysroot_buffer->boot_type_indicator_1) & 1;
int sceSysrootIsExternalBootModeForKernel(void);
sceSysrootIsSafeModeForKernel
Version |
NID
|
3.60 |
0x834439A7
|
int sceSysrootIsSafeModeForKernel(void);
sceSysrootIsUpdateModeForKernel
Version |
NID
|
3.60 |
0xB0E1FC67
|
int sceSysrootIsUpdateModeForKernel(void);
sceSysrootIsUsbEnumWakeupForKernel
Version |
NID
|
3.60 |
0x79C9AE10
|
int sceSysrootIsUsbEnumWakeupForKernel(void);
sceSysrootUseExternalStorageForKernel
Version |
NID
|
3.60 |
0x55392965
|
Returns true when Manufacturing Mode flag is set:
return (*(int *)(*(int *)sysroot_buffer + 0x6C) >> 2) & 1;
int sceSysrootUseExternalStorageForKernel(void);
sceSysrootUseInternalStorageForKernel
Version |
NID
|
3.60 |
0x50FE3B4D
|
Returns true when internal storage is present (PSTV and SLIM - not FAT) and flag is set:
return *(char *)(sysroot_buffer + 0x35) & 1 ^ 1;
int sceSysrootUseInternalStorageForKernel(void);
sceSysrootGetNidNameForKernel
Version |
NID
|
3.60 |
0x0B79E220
|
int sceSysrootGetNidNameForKernel(unsigned int nid, const char **name);
sceSysrootGetModuleInfoForPidForKernel
Version |
NID
|
3.60 |
0xFF9F80FF
|
int sceSysrootGetModuleInfoForPidForKernel(SceUID pid, const void *addr, unsigned int *info); // info[0] = 0x3C
Returns export info at address for pid (contains module, lib and NID and their names).
SceSysrootForKernel_71DB83A2
Version |
NID
|
3.60 |
0x71DB83A2
|
Write value at 0x375F8 + 0x380.
int SceSysrootForKernel_71DB83A2(int value);
SceSysrootForDriver
sceSysrootSetSystemSwVersionForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x3276086B
|
Set System Software version as int in SceSysmem memory. For exemple: 0x3650000 on 3.65.
int sceSysrootSetSystemSwVersionForDriver(int sw_version);
sceSysrootGetSystemSwVersionForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x67AAB627
|
Returns System Software version as int from SceSysmem memory. For exemple: 0x3650000 on 3.65.
int sceSysrootGetSystemSwVersionForDriver(void);
?sceSysrootInitI2cForDriver?
Version |
World |
NID
|
3.60 |
non-secure |
0x930B1342
|
int ?sceSysrootInitI2cForDriver?(void);
sceSysrootIsSafeModeForDriver
Version |
NID
|
3.60 |
0x834439A7
|
int sceSysrootIsSafeModeForDriver(void);
SceKernelUtilsForDriver
sceAesDecrypt1ForDriver
Decrypt with AES.
Version |
NID
|
1.69 |
0xD8678061
|
3.60 |
0xD8678061
|
int sceAesDecrypt1ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);
sceAesDecrypt2ForDriver
Version |
NID
|
3.60 |
0xE39CD272
|
int sceAesDecrypt2ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);
sceAesEncrypt1ForDriver
Encrypt with AES. There are two functions that are the same on 1.69.
Version |
NID
|
1.69 |
0xC2A61770
|
3.60 |
0xC2A61770
|
int sceAesEncrypt1ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);
sceAesEncrypt2ForDriver
Encrypt with AES. There are two functions that are the same on 1.69.
Version |
NID
|
1.69 |
0x302947B6
|
3.60 |
0x302947B6
|
int sceAesEncrypt2ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);
sceAesInit1ForDriver
This sets up the AES engine. ctx
is a 960 byte buffer (int 1.69). blocksize
and keysize
is the security in bits. 128/196/256 are supported values.
Version |
NID
|
1.69 |
0xF12B6451
|
3.60 |
0xF12B6451
|
last arg to subroutine is 0
int sceAesInit1ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);
sceAesInit2ForDriver
Version |
NID
|
3.60 |
0xEDA97D6D
|
last arg to subroutine is 1
int sceAesInit2ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);
sceAesInit3ForDriver
Version |
NID
|
3.60 |
0x72408E29
|
last arg to subroutine is 2
int sceAesInit3ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);
sceDeflateDecompressForDriver
Version |
NID
|
3.60 |
0x8AF1FAD4
|
sceDeflateDecompressPartialForDriver
Version |
NID
|
3.60 |
0x3D74CCDF
|
sceGzipDecompressForDriver
Version |
NID
|
3.60 |
0x367EE3DF
|
Version |
NID
|
3.60 |
0xCD3AE08F
|
sceGzipGetCompressedDataForDriver
Version |
NID
|
3.60 |
0x63619124
|
sceGzipGetInfoForDriver
Version |
NID
|
3.60 |
0xFFC6A10F
|
sceGzipGetNameForDriver
Version |
NID
|
3.60 |
0xF901FD3E
|
sceGzipIsValidForDriver
Version |
NID
|
3.60 |
0xD8FAEFD4
|
sceHmacSha1DigestForDriver
Version |
NID
|
3.60 |
0x29A28957
|
int sceHmacSha1DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);
sceHmacSha224DigestForDriver
Version |
NID
|
3.60 |
0x7F2A7B99
|
int sceHmacSha224DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);
sceHmacSha256DigestForDriver
Version |
NID
|
3.60 |
0x83EFA1CC
|
int sceHmacSha256DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);
sceMt19937GlobalInitForDriver
Version |
NID
|
3.60 |
0xD428CC2A
|
sceMt19937GlobalUninitForDriver
Version |
NID
|
3.60 |
0x875B2A1C
|
sceMt19937InitForDriver
Version |
NID
|
3.60 |
0x4C9A5730
|
sceMt19937UIntForDriver
Version |
NID
|
3.60 |
0x92AEDFBC
|
sceSfmt19937FillArray32ForDriver
Version |
NID
|
3.60 |
0x2B30548B
|
sceSfmt19937FillArray64ForDriver
Version |
NID
|
3.60 |
0x49B41540
|
sceSfmt19937GenRand32ForDriver
Version |
NID
|
3.60 |
0xBBE4701A
|
sceSfmt19937GenRand64ForDriver
Version |
NID
|
3.60 |
0x45DEAAD6
|
sceSfmt19937InitByArrayForDriver
Version |
NID
|
3.60 |
0x33AE1203
|
sceSfmt19937InitGenRandForDriver
Version |
NID
|
3.60 |
0xAB48C3CA
|
sceSha1BlockInitForDriver
Version |
NID
|
3.60 |
0xE4390FFA
|
int sceSha1BlockInitForDriver(void* ctx);
sceSha1BlockResultForDriver
Version |
NID
|
3.60 |
0x48F24106
|
int sceSha1BlockResultForDriver(void* ctx, unsigned char* digest);
sceSha1BlockUpdateForDriver
Version |
NID
|
3.60 |
0x478A6F3C
|
int sceSha1BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);
sceSha1DigestForDriver
Version |
NID
|
3.60 |
0x87DC7F2F
|
int sceSha1DigestForDriver(unsigned char *data, int size, unsigned char* digest);
sceSha224BlockInitForDriver
Version |
NID
|
3.60 |
0xC762EA6D
|
int sceSha224BlockInitForDriver(void* ctx);
sceSha224BlockResultForDriver
Version |
NID
|
3.60 |
0xFBF2A442
|
int sceSha224BlockResultForDriver(void* ctx, unsigned char* digest);
sceSha224BlockUpdateForDriver
Version |
NID
|
3.60 |
0x7556E611
|
int sceSha224BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);
sceSha224DigestForDriver
Version |
NID
|
3.60 |
0x9EA9D4DC
|
int sceSha224DigestForDriver(unsigned char *data, int size, unsigned char* digest);
sceSha256BlockInitForDriver
Version |
NID
|
3.60 |
0xD909FA2C
|
int sceSha256BlockInitForDriver(void* ctx);
sceSha256BlockResultForDriver
Version |
NID
|
3.60 |
0x4899CD4B
|
int sceSha256BlockResultForDriver(void* ctx, unsigned char* digest);
sceSha256BlockUpdateForDriver
Version |
NID
|
3.60 |
0x236A9097
|
int sceSha256BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);
sceSha256DigestForDriver
Version |
NID
|
3.60 |
0xA773A6A8
|
int sceSha256DigestForDriver(unsigned char *data, int size, unsigned char* digest);
sceZlibDecompressForDriver
Version |
NID
|
3.60 |
0x900148DB
|
sceZlibGetCompressedDataForDriver
Version |
NID
|
3.60 |
0x01EB6C45
|
sceZlibGetInfoForDriver
Version |
NID
|
3.60 |
0x5B9BCD75
|
SceZlibForDriver
zlib compression library.
Firmware |
zlib version
|
1.60 |
1.2.5
|
3.60 |
??
|
inflate
Version |
World |
NID
|
1.60 |
non-secure |
0xE4F34A68
|
3.60 |
non-secure |
0xE4F34A68
|
deflate
Version |
World |
NID
|
1.60 |
non-secure |
0xE859D60F
|
3.60 |
non-secure |
0xE859D60F
|
deflateReset
Version |
World |
NID
|
1.60 |
non-secure |
0x68CFEA45
|
3.60 |
non-secure |
0x68CFEA45
|
crc32
Version |
World |
NID
|
1.60 |
non-secure |
0xE0CE06C0
|
3.60 |
non-secure |
0xE0CE06C0
|
adler32
Version |
World |
NID
|
1.60 |
non-secure |
0x98619620
|
3.60 |
non-secure |
0x98619620
|
inflateSetDictionary
Version |
World |
NID
|
1.60 |
non-secure |
0x7B16DBD6
|
3.60 |
non-secure |
0x7B16DBD6
|
SceKernelSuspendForDriver
Used to register callbacks for handling suspend/resume related events.
sceKernelRegisterSysEventHandlerForDriver
Version |
NID
|
1.69 |
0x04C05D10
|
3.60 |
0x04C05D10
|
typedef struct {
uint32_t size; // 24
uint32_t unk1;
uint32_t unk2;
uint32_t unk3;
uint32_t unk4;
uint32_t unk5;
} suspend_args_t;
typedef int (suspend_callback_t)(int resume, int event_id, suspend_args_t *args, void *opt);
int sceKernelSuspendRegisterCallbackForDriver(const char *name, suspend_callback_t *callback_func, void *opt);
Registers a function for handling suspend/resume. resume
is 0 if we are currently suspending and 1 if we are currently resuming. opt
is passed from the registration. Registration adds an entry to a linked list and returns the block id for the new entry.
Returns the suspend_callback_id.
sceKernelUnregisterSysEventHandlerForDriver
Version |
NID
|
1.69 |
0xDD61D621
|
3.60 |
0xDD61D621
|
int sceKernelUnregisterSysEventHandlerForDriver(int id);
Call with the id returned from suspend_register_callback
to remove the entry from the linked list and free the memory.
sceKernelSysEventDispatchForDriver
Version |
NID
|
1.69 |
0xD4622EA8
|
3.60 |
0xD4622EA8
|
int sceKernelSysEventDispatchForDriver(int resume, int eventid, suspend_args_t *args, int stop_on_error);
This will go through the linked list and call each callback. If stop_on_error
is set, then the first callback that returns a negative value will stop the call chain and return the block id of the callback that broke the chain. Otherwise, this function will invoke each callback and return zero.
sceKernelPowerTickForDriver
Version |
NID
|
3.60 |
0xE0489831
|
typedef enum SceKernelPowerTickType {
/** Cancel all timers */
SCE_KERNEL_POWER_TICK_DEFAULT = 0,
/** Cancel automatic suspension timer */
SCE_KERNEL_POWER_TICK_DISABLE_AUTO_SUSPEND = 1,
/** Cancel OLED-off timer */
SCE_KERNEL_POWER_TICK_DISABLE_OLED_OFF = 4,
/** Cancel OLED dimming timer */
SCE_KERNEL_POWER_TICK_DISABLE_OLED_DIMMING = 6
} SceKernelPowerTickType;
int sceKernelPowerTickForDriver(int type);
Cancel specified idle timers to prevent entering in power save processing.
Returns 0 on success.
SceQafMgrForDriver
Provides many device permission checks including PSVita model checks, running app privilege checks, debugging enabled checks, and so on.
SceQafMgrForDriver_7B14DC45
Version |
World |
NID
|
3.60 |
non-secure |
0x7B14DC45
|
Used by SceAppMgr.
return ((unsigned int)*(char *)(SceSysrootGetSysrootBufferForKernel() + 0x2D) >> 1) & 1; // = 0x2D + BIT number 30
int SceQafMgrForDriver_7B14DC45(void);
ScePmMgrForDriver
scePmGetBootTypeIndicatorBit2ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x2AC815A2
|
gets data using ksceKernelGetSysrootBuffer
int scePmGetBootTypeIndicatorBit2ForDriver(char* result);
scePmGetBootTypeIndicatorBit2_2ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xBD1F193B
|
gets data using ksceKernelGetSysrootBuffer
int scePmGetBootTypeIndicatorBit2_2ForDriver(char* result);
SceSblAIMgrForDriver
sceSblAIMgrGetSMIForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x47D9CF13
|
might be get shipped fw version
sceSblAIMgrGetSMIForDriver(int *shipped_fw_version);
sceSblAIMgrIsTestForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x3B638885
|
TEST = Internal Test Unit
Returns true if PsCode TargetId <= 0x100.
sceSblAIMgrIsToolOrTestForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x274663A0
|
TOOL = DevKit
Returns true if PsCode TargetId <= 0x101.
sceSblAIMgrIsNonCEXForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xF4B98F66
|
Returns true if PsCode TargetId <= 0x102.
sceSblAIMgrIsCEXForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xD78B04A2
|
Returns sceSblAIMgrIsJapaneseFatForDriver if PsCode TargetId <= 0x111 else returns 0.
sceSblAIMgrIsVITAForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x4273B97B
|
Returns sceSblAIMgrIsGenuineVITAForDriver.
sceSblAIMgrIsDolceForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x71608CA3
|
Returns sceSblAIMgrIsGenuineDolceForDriver if returns true else returns sceKernelCheckDipswForDriver(0x98).
sceSblAIMgrIsGenuineVITAForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x963CA644
|
Returns true if:
- PsCode TargetId <= 0x111 AND sceSblAIMgrIsGenuineDolceForDriver returns false
- sceSblAIMgrIsJapaneseFatForDriver returns true AND HardwareInfo != 0x700000 != 0x720000 != 0x510000
sceSblAIMgrIsGenuineDolceForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0xC6E83F34
|
sceSblAIMgrIsJapaneseFatForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x6D5A3FC9
|
?sceSblAIMgrGetBoardRevisionForDriver?
Version |
World |
NID
|
3.60 |
non-secure |
0x37A79140
|
Returns board revision if PsCode TargetId == 0x101.
SceProcEventForDriver
SceDebugLed
sceKernelGetGPI
Version |
NID
|
3.60 |
0x14F582CF
|
sceKernelSetGPO
Version |
NID
|
3.60 |
0x78E702D3
|
SceDebugLedForDriver
SceDebugForKernel
sceDebugSetHandlersForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x10067B7B
|
int sceDebugSetHandlersForKernel(void (*func)(int unk, const char *format, const uint32_t *args), void *args);
sceDebugPutcharForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0x82D2EDCE
|
Print character.
int sceDebugPutcharForKernel(int character);
sceDebugGetPutcharHandlerForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xE783518C
|
Returns pointer to current debug print char handler.
void *sceDebugGetPutcharHandlerForKernel(void);
sceDebugRegisterPutcharHandlerForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xE6115A72
|
Set debug print char handler.
int sceDebugRegisterPutcharHandlerForKernel(int (*func)(void *args, char c), void *args);
SceDebugForKernel_082B8D6A
Version |
World |
NID
|
3.60 |
non-secure |
0x082B8D6A
|
Print kernel exception information.
// name can be:
// UNDEF - ?
// PABT - Prefetch Abort
// DABT - Data Abort
// NEST - ?
int SceDebugForKernel_082B8D6A(void *unk, void *ctx, int index, char *name);
sceDebugDisableInfoDumpForKernel
Version |
World |
NID
|
3.60 |
non-secure |
0xF857CDD6
|
// ex: sceDebugDisableInfoDumpForKernel(0); as used in henkaku/payload.c
int sceDebugDisableInfoDumpForKernel(int flag);
SceDebugForDriver
Types
struct kernel_message_ctx
{
int hex_value0_hi;
int hex_value0_lo;
int hex_value1;
char* msg0;
int num;
char* msg1;
};
sceDebugPrintfForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x391B74B7
|
int sceDebugPrintfForDriver(const char *fmt, ...);
sceDebugPrintf2ForDriver
Version |
World |
NID
|
3.60 |
non-secure |
0x02B04343
|
int sceDebugPrintf2ForDriver(int msg_type_flag, kernel_message_ctx *msg_ctx, const char *fmt, ...);
print_kernel_panic
Version |
World |
NID
|
3.60 |
non-secure |
0x391B5B74
|
int print_kernel_panic(kernel_message_ctx *msg_ctx, void *some_address);
printf_kernel_panic
Version |
World |
NID
|
3.60 |
non-secure |
0x00CCE39C
|
int printf_kernel_panic(kernel_message_ctx *msg_ctx, void *some_address, const char* fmt, ...);
print_kernel_assertion
Version |
World |
NID
|
3.60 |
non-secure |
0x35A35322
|
int print_kernel_assertion(int condition, kernel_message_ctx *msg_ctx, void *some_address);
printf_kernel_assertion
Version |
World |
NID
|
3.60 |
non-secure |
0x821A2D59
|
int printf_kernel_assertion(int unk, int condition, kernel_message_ctx *msg_ctx, int some_address, const char *fmt, ...);
invoke_some_callback
Version |
World |
NID
|
3.60 |
non-secure |
0x411C0733
|
Uses sceKernelCpuLockSuspendIntrStoreLRForDriver and sceKernelCpuLockResumeIntrStoreLRForDriver.
Calls SceSysclibForDriver_E38E7605.
Maybe invoke debug handler.
int invoke_some_callback(char *format, va_list ap);
SceSysmemForTZS
sceKernelAllocMemBlockForPidForTZS
Version |
World |
NID
|
1.69 |
Secure |
0x0028E26C
|
int sceKernelAllocMemBlockForPidForTZS(SceUID pid, const char *name, SceKernelMemBlockType type, SceSize size, SceKernelAllocMemBlockKernelOpt *optp);
SceSysrootForTZS
sceSysrootGetSysrootBufferForTZS
Version |
World |
NID
|
1.69 |
secure |
0x29C1049E
|
Returns pointer to Sysroot buffer.
void *sceSysrootGetSysrootBufferForTZS(void);