SceKernelModulemgr: Difference between revisions
No edit summary |
CelesteBlue (talk | contribs) No edit summary |
||
Line 9: | Line 9: | ||
! Version !! Name !! World !! Privilege !! NID | ! Version !! Name !! World !! Privilege !! NID | ||
|- | |- | ||
| 1.69 | | 1.69-3.65 || SceKernelModulemgr || Non-secure || Kernel || | ||
|} | |} | ||
Line 26: | Line 20: | ||
! Version !! Name !! World !! Visibility !! NID | ! Version !! Name !! World !! Visibility !! NID | ||
|- | |- | ||
| 1.69-3. | | 1.69-3.61 || [[SceKernelModulemgr#SceModulemgrForKernel|SceModulemgrForKernel]] || Non-secure || Kernel || 0xC445FA63 | ||
|- | |- | ||
| 3.65 || [[SceKernelModulemgr#SceModulemgrForKernel|SceModulemgrForKernel]] || Non-secure || Kernel || 0x92C9FFC2 | | 3.63-3.65 || [[SceKernelModulemgr#SceModulemgrForKernel|SceModulemgrForKernel]] || Non-secure || Kernel || 0x92C9FFC2 | ||
|- | |- | ||
| 1.69-3.65 || [[SceKernelModulemgr#SceModulemgrForDriver|SceModulemgrForDriver]] || Non-secure || Kernel || 0xD4A60A52 | | 1.69-3.65 || [[SceKernelModulemgr#SceModulemgrForDriver|SceModulemgrForDriver]] || Non-secure || Kernel || 0xD4A60A52 | ||
Line 34: | Line 28: | ||
| 1.69-3.65 || [[SceKernelModulemgr#SceModulemgr|SceModulemgr]] || Non-secure || User || 0xEAED1616 | | 1.69-3.65 || [[SceKernelModulemgr#SceModulemgr|SceModulemgr]] || Non-secure || User || 0xEAED1616 | ||
|- | |- | ||
| 3.57-3. | | 3.57-3.65 || [[SceKernelModulemgr#SceBacktraceForDriver|SceBacktraceForDriver]] || Non-secure || Kernel || 0x77CB3DD6 | ||
|- | |- | ||
| 3.57-3. | | 3.57-3.65 || [[SceKernelModulemgr#SceBacktrace|SceBacktrace]] || Non-secure || User || 0xB07B6A3F | ||
|} | |} | ||
Line 129: | Line 123: | ||
SceUID evid; // SceModuleMgrSelfDecryptComm event flag | SceUID evid; // SceModuleMgrSelfDecryptComm event flag | ||
SceUID tid; // SceModuleMgrSelfDecrypter thread uid | SceUID tid; // SceModuleMgrSelfDecrypter thread uid | ||
void *unk_2C; // | void *unk_2C; // sceDeflateDecompressPartialForDriver out memblock | ||
int compressed_seg_size; | int compressed_seg_size; | ||
Line 183: | Line 177: | ||
typedef struct SceKernelSegmentInfo2 { // size is 0x14 | typedef struct SceKernelSegmentInfo2 { // size is 0x14 | ||
SceSize size; //!< sizeof(SceKernelSegmentInfo2) | SceSize size; //!< sizeof(SceKernelSegmentInfo2) | ||
SceUInt32 perm; | |||
void * | void *pVA; | ||
SceSize memsz; | |||
int unk_10; | int unk_10; | ||
} SceKernelSegmentInfo2; | } SceKernelSegmentInfo2; | ||
Line 193: | Line 187: | ||
SceUID modid; | SceUID modid; | ||
uint32_t version; | uint32_t version; | ||
uint32_t | uint32_t modVer; | ||
uint32_t unk10; | uint32_t unk10; | ||
void *unk14; | void *unk14; | ||
Line 199: | Line 193: | ||
void *unk1C; | void *unk1C; | ||
void *unk20; | void *unk20; | ||
char | char modName[28]; | ||
uint32_t unk40; | uint32_t unk40; | ||
uint32_t unk44; | uint32_t unk44; | ||
SceUInt32 dbgFingerprint; | |||
int segments_num; | int segments_num; | ||
union { | union { | ||
Line 300: | Line 294: | ||
SceUIntVAddr pc; /**< program counter */ | SceUIntVAddr pc; /**< program counter */ | ||
} SceKernelCallFrame; | } SceKernelCallFrame; | ||
</source> | </source> | ||
== | == Notes == | ||
=== get module info === | === How to get module info === | ||
modid and SceUIDModuleClass are required to get module information. | modid and SceUIDModuleClass are required to get module information. | ||
Simply call sceGUIDReferObjectForDriver with these parameters. | |||
=== | === Module decrypt threads === | ||
SceKernelModulemgr_func_8100910D | SceKernelModulemgr_func_8100910D | ||
Line 317: | Line 310: | ||
This thread keeps waiting at sceKernelWaitEventFlagForDriver until a module decrypt request comes. | This thread keeps waiting at sceKernelWaitEventFlagForDriver until a module decrypt request comes. | ||
bits of | bits of sceKernelWaitEventFlagForDriver is 3. | ||
== | === Common functions === | ||
Decrypt module to membase with current ctx. | Decrypt module to membase with current ctx. | ||
Line 325: | Line 318: | ||
<source lang="c">int SceKernelModulemgr_func_81009309(SceDecryptCtx *ctx, int seg_idx, void *membase, int arg4);</source> | <source lang="c">int SceKernelModulemgr_func_81009309(SceDecryptCtx *ctx, int seg_idx, void *membase, int arg4);</source> | ||
Called whenever a module is loaded. | |||
<source lang="c"> | <source lang="c"> | ||
Line 341: | Line 332: | ||
int SceKernelModulemgr_func_81001519(int a1, const char *path, SceUID modid, void *a4, uint32_t flags); | int SceKernelModulemgr_func_81001519(int a1, const char *path, SceUID modid, void *a4, uint32_t flags); | ||
</source> | </source> | ||
Reads the header from the passed fd and performs some checks. | Reads the header from the passed fd and performs some checks. | ||
Line 360: | Line 348: | ||
Offsets are for FW 3.60. | Offsets are for FW 3.60. | ||
Data section size is 0x203C0. | |||
{| class="wikitable" | {| class="wikitable" | ||
Line 376: | Line 364: | ||
| 0x0040 || 0x4 || pointer of SceClass. The second class obtained with sceKernelSysrootGetModulePrivateForKernel. SceUIDLibraryClass | | 0x0040 || 0x4 || pointer of SceClass. The second class obtained with sceKernelSysrootGetModulePrivateForKernel. SceUIDLibraryClass | ||
|- | |- | ||
| 0x0044 || 0x4 || Return value of SceThreadmgrForDriver_B645C7EF | | 0x0044 || 0x4 || Return value of SceThreadmgrForDriver_B645C7EF. | ||
|- | |- | ||
| 0x0048 || 0x4 || pointer of SceClass. The first class obtained with sceKernelSysrootGetModulePrivateForKernel. SceUIDModuleClass | | 0x0048 || 0x4 || pointer of SceClass. The first class obtained with sceKernelSysrootGetModulePrivateForKernel. SceUIDModuleClass | ||
Line 386: | Line 374: | ||
| 0x02D0 || 0x28 || SceKernelFwInfo data | | 0x02D0 || 0x28 || SceKernelFwInfo data | ||
|- | |- | ||
| 0x02F8 || 0x4 || some thread id, check | | 0x02F8 || 0x4 || some thread id, check sceKernelModuleUnloadMySelfForKernel | ||
|- | |- | ||
| 0x02FC || 0x4 || some kernel module uid, check | | 0x02FC || 0x4 || some kernel module uid, check sceKernelModuleUnloadMySelfForKernel | ||
|- | |- | ||
| 0x0300 || 0x4 || unk, used by | | 0x0300 || 0x4 || unk, used by sceKernelLoadPreloadingModulesForKernel | ||
|- | |- | ||
| 0x0304 || 0x4 || some storage ptr. used by sceKernelMountBootfsForKernel, sceKernelUmountBootfsForKernel | | 0x0304 || 0x4 || some storage ptr. used by sceKernelMountBootfsForKernel, sceKernelUmountBootfsForKernel | ||
Line 398: | Line 386: | ||
| 0x030C || 0x4 || unk | | 0x030C || 0x4 || unk | ||
|- | |- | ||
| 0x0310 || 0x4 || cpu_addr out ( | | 0x0310 || 0x4 || cpu_addr out (sceKernelCpuLockSuspendIntrStoreLRForDriver arg1) | ||
|- | |- | ||
| 0x0314 || 0x4 || unk, some flag | | 0x0314 || 0x4 || unk, some flag | ||
Line 412: | Line 400: | ||
| 0x0330 || 0x4 || unk, used by SceModulemgrForKernel_F3CD647F | | 0x0330 || 0x4 || unk, used by SceModulemgrForKernel_F3CD647F | ||
|- | |- | ||
| 0x0334 || 0x4 || | | 0x0334 || 0x4 || Syscall table vaddr. | ||
|- | |- | ||
| 0x0338 || 0x4 || unk, related to syscall. used by | | 0x0338 || 0x4 || unk, related to syscall. used by sceMt19937GlobalUninitForDriver | ||
|- | |- | ||
| 0x033C || 0x4 || unk | | 0x033C || 0x4 || unk | ||
Line 1,546: | Line 1,534: | ||
|- | |- | ||
| 0.990 || 0x19A65337 | | 0.990 || 0x19A65337 | ||
|} | |||
=== SceModulemgrForKernel_60E176C8 === | |||
{| class="wikitable" | |||
|- | |||
! Version !! NID | |||
|- | |||
| 3.60 || 0x60E176C8 | |||
|} | |||
=== SceModulemgrForKernel_9D20C9BB === | |||
{| class="wikitable" | |||
|- | |||
! Version !! NID | |||
|- | |||
| 3.60 || 0x9D20C9BB | |||
|} | |||
=== SceModulemgrForKernel_F3CD647F === | |||
{| class="wikitable" | |||
|- | |||
! Version !! NID | |||
|- | |||
| 3.60 || 0xF3CD647F | |||
|} | |} | ||
Revision as of 22:48, 28 April 2020
SceKernelModulemgr is in charge of loading both user modules and kernel modules. SceSblAuthMgr facilitates the SELF decryption process and this library loads the ELF programs into memory along with linking with NIDs and relocation of ELF in position independent executables.
Module
This module exists only in non-secure world. The SELF can be found in os0:kd/modulemgr.skprx
.
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69-3.65 | SceKernelModulemgr | Non-secure | Kernel |
Libraries
This module exports kernel and user libraries.
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69-3.61 | SceModulemgrForKernel | Non-secure | Kernel | 0xC445FA63 |
3.63-3.65 | SceModulemgrForKernel | Non-secure | Kernel | 0x92C9FFC2 |
1.69-3.65 | SceModulemgrForDriver | Non-secure | Kernel | 0xD4A60A52 |
1.69-3.65 | SceModulemgr | Non-secure | User | 0xEAED1616 |
3.57-3.65 | SceBacktraceForDriver | Non-secure | Kernel | 0x77CB3DD6 |
3.57-3.65 | SceBacktrace | Non-secure | User | 0xB07B6A3F |
Types
// These types are defined in elfutils typedef Elf32_Ehdr Elf32_Ehdr; typedef Elf32_Phdr Elf32_Phdr; typedef struct SCE_header { uint32_t magic; /* 53434500 = SCE\0 */ uint32_t version; /* header version 3*/ uint16_t sdk_type; /* */ uint16_t header_type; /* 1 self, 2 unknown, 3 pkg */ uint32_t metadata_offset; /* metadata offset */ uint64_t header_len; /* self header length */ uint64_t elf_filesize; /* ELF file length */ uint64_t self_filesize; /* SELF file length */ uint64_t unknown; /* UNKNOWN */ uint64_t self_offset; /* SELF offset */ uint64_t appinfo_offset; /* app info offset */ uint64_t elf_offset; /* ELF #1 offset */ uint64_t phdr_offset; /* program header offset */ uint64_t shdr_offset; /* section header offset */ uint64_t section_info_offset; /* section info offset */ uint64_t sceversion_offset; /* version offset */ uint64_t controlinfo_offset; /* control info offset */ uint64_t controlinfo_size; /* control info size */ uint64_t padding; } SCE_header; typedef struct SCE_appinfo { uint64_t program_authority_id; /* program authority id */ uint32_t vendor_id; /* vendor id */ uint32_t self_type; /* app type */ uint64_t version; /* app version */ uint64_t padding; /* UNKNOWN */ } SCE_appinfo; typedef struct segment_info { uint64_t offset; uint64_t length; uint64_t compression; // 1 = uncompressed, 2 = compressed uint64_t encryption; // 1 = encrypted, 2 = plain } segment_info; typedef struct self_data_buffer { SCE_header sce_header; SCE_appinfo sce_appinfo; Elf32_Ehdr elf_hdr; //... data goes } self_data_buffer; typedef struct SceDecryptCtx { //size is 0x30 self_data_buffer* self_header; // aligned buffer - based on (buffer_unaligned). // points at SCE_header followed by SCE_appinfo // size is usually 0x1000 int self_header_length; Elf32_Ehdr* elf_ptr; // pointer constructed with elf_offset Elf32_Phdr* phdr_ptr; // pointer constructed with phdr_offset uint8_t type; // ex: 2 uint8_t init_completed; uint8_t unk_12; uint8_t unk_13; segment_info* section_info_ptr; // pointer constructed with section_info_offset void* buffer_unaligned; // SELF header data - size 0x103F - raw data read from file int sm_ctx; // obtained with sceSblAuthMgrOpenForKernel SceSblSmCommContext130* context_130; SceUID fd; // file descriptor of SELF file - obtained with sceIoOpenForDriver SceUID pid; uint32_t max_size; } SceDecryptCtx; typedef struct SceDecryptCtxGlobal { // size is 0x4C uint32_t unk_0; uint32_t unk_4; // ex:3 void *module_decrypt_buff_ptr1; int decrypt_size; // max 0x10000 int unk_10; // 0 or 1 or 2 int unk_14; // ex:-1 void *module_decrypt_buff_ptr2; int unk_1C; // some size SceDecryptCtx *decrypt_ctx; SceUID evid; // SceModuleMgrSelfDecryptComm event flag SceUID tid; // SceModuleMgrSelfDecrypter thread uid void *unk_2C; // sceDeflateDecompressPartialForDriver out memblock int compressed_seg_size; uint32_t unk_34; // unk_2C out size? uint16_t segment_number; uint16_t unk_3A; // ex:0xFFFF SceDeflatePartialInputParam cbinfo; } SceDecryptCtxGlobal; typedef struct SceKernelFwInfo { SceSize size; char versionString[0x1C]; SceUInt version; SceUInt unk_24; } SceKernelFwInfo; typedef struct SceKernelSegmentInfo { SceUInt size; //!< this structure size (0x18) SceUInt perms; //!< probably rwx in low bits void *vaddr; //!< address in memory SceUInt memsz; //!< size in memory SceUInt flags; //!< meaning unknown SceUInt res; //!< unused? } SceKernelSegmentInfo; typedef struct SceKernelModuleName { char s[0x1C]; } SceKernelModuleName; typedef struct SceKernelModuleInfo { // size is 0x1B8 SceSize size; //!< sizeof(SceKernelModuleInfo) SceUID modid; uint16_t modattr; uint8_t modver[2]; char name[0x1C]; uint32_t unk28; void *start_entry; void *stop_entry; void *exit_entry; void *exidx_start; void *exidx_end; void *extab_start; void *extab_end; void *tls_start; SceSize tls_filesz; SceSize tls_memsz; char path[256]; SceKernelSegmentInfo segments[4]; SceUInt type; } SceKernelModuleInfo; typedef struct SceKernelSegmentInfo2 { // size is 0x14 SceSize size; //!< sizeof(SceKernelSegmentInfo2) SceUInt32 perm; void *pVA; SceSize memsz; int unk_10; } SceKernelSegmentInfo2; typedef struct SceKernelModuleListInfo { //!< sizeof(SceKernelModuleListInfo) SceSize size; SceUID modid; uint32_t version; uint32_t modVer; uint32_t unk10; void *unk14; uint32_t unk18; void *unk1C; void *unk20; char modName[28]; uint32_t unk40; uint32_t unk44; SceUInt32 dbgFingerprint; int segments_num; union { struct { SceKernelSegmentInfo2 SegmentInfo[1]; uint32_t addr[4]; } seg1; struct { SceKernelSegmentInfo2 SegmentInfo[2]; uint32_t addr[4]; } seg2; struct { SceKernelSegmentInfo2 SegmentInfo[3]; uint32_t addr[4]; } seg3; struct { SceKernelSegmentInfo2 SegmentInfo[4]; uint32_t addr[4]; } seg4; }; } SceKernelModuleListInfo; // is for SceCoredump? typedef struct SceKernelLibraryInfo { // size is 0x1C SceSize size; //!< sizeof(SceKernelLibraryInfo) uint16_t libver[2]; uint32_t libnid; const char *libname; uint16_t nfunc; uint16_t nvar; uint32_t *nid_table; uint32_t *entry_table; } SceKernelLibraryInfo; /** * Module common macro */ #define SCE_KERNEL_START_SUCCESS (0) /**< Successful startup */ #define SCE_KERNEL_START_RESIDENT SCE_KERNEL_START_SUCCESS /**< Successful startup (resident) */ #define SCE_KERNEL_START_NO_RESIDENT (1) /**< Successful startup (not resident) */ #define SCE_KERNEL_START_FAILED (2) /**< Failed to start */ #define SCE_KERNEL_STOP_SUCCESS (0) /**< Successful stop */ #define SCE_KERNEL_STOP_FAIL (1) /**< Failed to stop */ #define SCE_KERNEL_STOP_CANCEL SCE_KERNEL_STOP_FAIL /**< Stop was cancelled */ /** Module attributes */ #define SCE_MODULE_ATTR_NONE (0x0000) /**< No attributes specified */ /** obsolete */ #define SCE_KERNEL_MODULE_ATTR_NONE SCE_MODULE_ATTR_NONE /** * option parameter for load module APIs */ typedef struct SceKernelLoadModuleOpt { SceSize size; /**< Size of structure itself */ } SceKernelLoadModuleOpt; /** * option parameter for start module API */ typedef struct SceKernelStartModuleOpt { SceSize size; /**< size of structure itself */ SceUInt32 flags; /**< should be 0 */ SceUInt32 prologue; /**< should be 0 */ SceUInt32 start; /**< should be 0 */ } SceKernelStartModuleOpt; /** * option parameter for stop module API */ typedef struct SceKernelStopModuleOpt { SceSize size; /**< size of structure itself */ SceUInt32 flags; /**< should be 0 */ SceUInt32 epilogue; /**< should be 0 */ SceUInt32 stop; /**< should be 0 */ } SceKernelStopModuleOpt; /** * option parameter for unload module APIs */ typedef struct SceKernelUnloadModuleOpt { SceSize size; /**< size of structure itself */ } SceKernelUnloadModuleOpt; #define SCE_KERNEL_BACKTRACE_CONTEXT_CURRENT (0x00000000) /**< Backtrace current context */ #define SCE_KERNEL_BACKTRACE_MODE_USER (0x00000000) /**< User stack backtrace */ #define SCE_KERNEL_BACKTRACE_MODE_DONT_EXCEED (0x00000002) /**< Don't get stack depth */ /** * Structure that represents one stage of the call stack */ typedef struct _SceKernelCallFrame { SceUIntVAddr sp; /**< stack pointer */ SceUIntVAddr pc; /**< program counter */ } SceKernelCallFrame;
Notes
How to get module info
modid and SceUIDModuleClass are required to get module information.
Simply call sceGUIDReferObjectForDriver with these parameters.
Module decrypt threads
SceKernelModulemgr_func_8100910D
This thread keeps waiting at sceKernelWaitEventFlagForDriver until a module decrypt request comes.
bits of sceKernelWaitEventFlagForDriver is 3.
Common functions
Decrypt module to membase with current ctx.
int SceKernelModulemgr_func_81009309(SceDecryptCtx *ctx, int seg_idx, void *membase, int arg4);
Called whenever a module is loaded.
flags process image : 0x4 normal module : 0x1000 process module shared : 0x8001 process module : 0x8002 homebrew plugin : 0x8000002 shared module : 0x8008001 normal module ? : 0x8008002 int SceKernelModulemgr_func_81001519(int a1, const char *path, SceUID modid, void *a4, uint32_t flags);
Reads the header from the passed fd and performs some checks.
[out] ctx [in] pid [in] fd [in] context_130 int SceKernelModulemgr_func_81008DC9(SceDecryptCtx *ctx, SceUID pid, SceUID fd, void *context_130);
Data segment layout
Offsets are for FW 3.60.
Data section size is 0x203C0.
Offset | Size | Description |
---|---|---|
0x0000 | 0x34 | unknown, all zero |
0x0034 | 0x4 | SceKernelFwInfo data Initialize flag |
0x0038 | 0x4 | pointer of SceClass. The first class obtained with sceKernelSysrootGetModulePrivateForKernel. used by only sceKernelFinalizeKblForKernel. |
0x003C | 0x4 | pointer of SceClass. The third class obtained with sceKernelSysrootGetModulePrivateForKernel. SceUIDLibStubClass |
0x0040 | 0x4 | pointer of SceClass. The second class obtained with sceKernelSysrootGetModulePrivateForKernel. SceUIDLibraryClass |
0x0044 | 0x4 | Return value of SceThreadmgrForDriver_B645C7EF. |
0x0048 | 0x4 | pointer of SceClass. The first class obtained with sceKernelSysrootGetModulePrivateForKernel. SceUIDModuleClass |
0x004C | 0x4 | SceModuleMgr Mutex uid |
0x0050 | 0x280 | unknown |
0x02D0 | 0x28 | SceKernelFwInfo data |
0x02F8 | 0x4 | some thread id, check sceKernelModuleUnloadMySelfForKernel |
0x02FC | 0x4 | some kernel module uid, check sceKernelModuleUnloadMySelfForKernel |
0x0300 | 0x4 | unk, used by sceKernelLoadPreloadingModulesForKernel |
0x0304 | 0x4 | some storage ptr. used by sceKernelMountBootfsForKernel, sceKernelUmountBootfsForKernel |
0x0308 | 0x4 | unk, used by SceModulemgrForKernel_60E176C8, SceModulemgrForKernel_9D20C9BB |
0x030C | 0x4 | unk |
0x0310 | 0x4 | cpu_addr out (sceKernelCpuLockSuspendIntrStoreLRForDriver arg1) |
0x0314 | 0x4 | unk, some flag |
0x0318 | 0x4 | sceKernelGetMemBlockBaseForDriver membase out |
0x031C | 0x4 | sceKernelAllocMemBlockForDriver ret |
0x0320 | 0xC | unk |
0x032C | 0x4 | unk, used by SceModulemgrForKernel_F3CD647F |
0x0330 | 0x4 | unk, used by SceModulemgrForKernel_F3CD647F |
0x0334 | 0x4 | Syscall table vaddr. |
0x0338 | 0x4 | unk, related to syscall. used by sceMt19937GlobalUninitForDriver |
0x033C | 0x4 | unk |
0x0340 | 0x4C | SceDecryptCtxGlobal data |
0x038C | 0x34 | unk, all zero |
0x03C0 | 0x10000 | module decrypt buff 1 |
0x103C0 | 0x10000 | module decrypt buff 2 |
typedef struct SceKernelModulemgr_data_t // size is 0x203C0 { char unk_00[0x34]; // unknown, all zero int is_FwInfo_init; SceClass *kbl_unload; SceClass *pSceUIDLibStubClass; SceClass *pSceUIDLibraryClass; int some_thread_res; SceClass *pSceUIDModuleClass; SceUID mutex_id; char unk_50[0x280]; // unknown SceKernelFwInfo FwInfo; SceUID some_threadid; SceUID some_kernel_module_id; int unk_0x0300; void *bootfs_info; int unk_0x0308; int unk_0x030C; int cpu_addr; int some_flag; void *membase; SceUID memuid; int unk_0x0320[3]; int unk_0x032C; int unk_0x0330; void *syscall_table; int some_syscall_info; int unk_0x033C; SceDecryptCtxGlobal g_decrypt_ctx; char unk_0x038C[0x34]; char module_decrypt_buff1[0x10000]; char module_decrypt_buff2[0x10000]; } SceKernelModulemgr_data_t;
Loading Sequence
When loading a module the sequence creates a SceModule structure to represent it.
typedef struct SceModule { // ?size is 0x3EC? u8 unk0[0x64]; // 0x0 const char *filename; // 0x64 u8 unk1[0xC]; // 0x68 Elf32_Ehdr ehdr; // 0x74 Elf32_Phdr phdr; // 0xA8 void *text_addr; // 0x108 SceUID text_uid; // 0x10C u32 text_size; // 0x110 void *kernel_addr; // 0x114 SceUID kernel_uid; // 0x118 u8 unk2[0x2C8]; // 0x11C SceUID parent_pid; // 0x3E4 SceSblSmCommContext130* context_130; // 0x3E8 } SceModule;
SELF Decryption
The following code can decrypt a SELF located at path
. Set user
to 1 if decrypting a user module else 0 for kernel. Set pathid
to 0 if you're decrypting the SELF at the right location (for example decrypting sysmem.skprx
located in os0:
). If you have copied the SELF elsewhere, you need to set the pathid
to the right value for where the real path was. usecdram
is for modules that are too large and won't fit in contiguous regular memory.
int decrypt_self(const char *path, const char *outprefix, int pathid, int usecdram, int user) { char outpath[256]; int ctx; int ret; int pid; int fd = 0, wfd = 0; char *somebuf = NULL; char *hdr_buf = NULL, *hdr_buf_aligned; char *data_buf = NULL, *data_buf_aligned; int phdr; unsigned int hdr_size; // set up SBL decrypt context ret = sceSblAuthMgrOpenForKernel(&ctx); printf("sceSblAuthMgrOpenForKernel: 0x%08X, CTX: 0x%08X\n", ret, ctx); if (ret < 0) return 1; // set up this weird buffer somebuf = sceKernelLoadcoreKallocForKernel(0x10005, 0x130); printf("Weird buffer: 0x%08X\n", somebuf); if (somebuf == NULL) goto fail; memset(somebuf, 0, 0x130); if (ret < 0) goto fail; *(int *)(somebuf + 0x4) = user; *(u64_t *)(somebuf + 0x8) = 0x2808000000000001LL; *(u64_t *)(somebuf + 0x10) = 0xF000C000000080LL; *(u64_t *)(somebuf + 0x18) = 0xFFFFFFFF00000000LL; *(u64_t *)(somebuf + 0x30) = 0xC300003800980LL; *(u64_t *)(somebuf + 0x38) = 0x8009800000LL; *(u64_t *)(somebuf + 0x48) = 0xFFFFFFFF00000000LL; if (pathid) { *(int *)(somebuf + 0x128) = pathid; } else { ret = sceIoGetMediaTypeForDriver(0x10005, path, 1, somebuf + 0x128); printf("sceIoGetMediaTypeForDriver: 0x%08X\n", ret); if (ret < 0) goto fail; } // read header fd = sceIoOpenForDriver(path, 1, 0); printf("sceIoOpenForDriver: 0x%08X\n", fd); if (fd < 0) goto fail; hdr_buf = sceKernelLoadcoreKallocForKernel(0x10005, 0x1000+63); hdr_buf_aligned = (char *)(((int)hdr_buf + 63) & 0xFFFFFFC0); printf("Header buffer: 0x%08X, aligned: 0x%08X\n", hdr_buf, hdr_buf_aligned); if (hdr_buf == NULL) goto fail; ret = sceIoReadForDriver(fd, hdr_buf_aligned, 0x1000); printf("Header read: 0x%08X\n", ret); hdr_size = *(unsigned int *)(hdr_buf_aligned + 0x10); if (hdr_size > 0x1000) { printf("Header too large: 0x%08X\n", hdr_size); goto fail; } ret = sceIoLseekForDriver(fd, 0LL, 0); printf("Header rewind: 0x%08X\n", ret); // set up SBL decryption for this SELF ret = sceSblAuthMgrAuthHeaderForKernel(ctx, hdr_buf_aligned, hdr_size, somebuf); printf("sceSblAuthMgrAuthHeaderForKernel: 0x%08X\n", ret); if (ret < 0) goto fail; // set up read buffer data_buf = sceKernelLoadcoreKallocForKernel(0x10005, 0x10000+63); data_buf_aligned = (char *)(((int)data_buf + 63) & 0xFFFFFFC0); printf("Data buffer: 0x%08X, aligned: 0x%08X\n", data_buf, data_buf_aligned); if (data_buf == NULL) goto fail; // get sections int elf_offset = *(int*)(hdr_buf_aligned + 0x40); int num_segs = *(short*)(hdr_buf_aligned + elf_offset + 0x2C); printf("Number of segments to read: 0x%04X\n", num_segs); int info_offset = *(int*)(hdr_buf_aligned + 0x58); struct seg_info *segs = (struct seg_info *)(hdr_buf_aligned + info_offset); int phdr_offset = *(int*)(hdr_buf_aligned + 0x48); struct e_phdr *phdrs = (struct e_phdr *)(hdr_buf_aligned + phdr_offset); // decrypt sections int i; int total, to_read, num_read, off; int aligned_size; int blkid = 0; void *pgr_buf; for (i = 0; i < num_segs; i++) { sprintf(outpath, "%s.seg%u", outprefix, i); sceIoCloseForDriver(wfd); wfd = sceIoOpenForDriver(outpath, 0x602, 6); printf("sceIoOpenForDriver(%s): 0x%08X\n", outpath, wfd); if (wfd < 0) break; if (blkid) sceKernelFreeMemBlockForKernel(blkid); aligned_size = (phdrs[i].p_filesz + 4095) & 0xFFFFF000; if (usecdram) blkid = sceKernelAllocMemBlockForKernel("self_decrypt_buffer", 0x40404006, 0x4000000, NULL); else blkid = sceKernelAllocMemBlockForKernel("self_decrypt_buffer", 0x1020D006, aligned_size, NULL); printf("sceKernelAllocMemBlockForKernel: 0x%08X, size: 0x%08X\n", blkid, aligned_size); ret = sceKernelGetMemBlockBaseForKernel(blkid, &pgr_buf); printf("sceKernelGetMemBlockBaseForKernel: 0x%08X, base: 0x%08X\n", ret, pgr_buf); if (ret < 0) break; // setup buffer for output ret = sceSblAuthMgrSetupAuthSegmentForKernel(ctx, i, (u32_t)segs[i].length, pgr_buf, phdrs[i].p_filesz); printf("sceSblAuthMgrSetupAuthSegmentForKernel: 0x%08X\n", ret); if (ret < 0) break; ret = sceIoLseekForDriver(fd, segs[i].offset, 0); printf("sceIoLseekForDriver(0x%08X): 0x%08X\n", (u32_t)segs[i].offset, ret); if (ret < 0) break; total = (u32_t)segs[i].length; to_read = total > 0x10000 ? 0x10000 : total; off = 0; while (total > 0 && (num_read = sceIoReadForDriver(fd, data_buf_aligned+off, to_read)) > 0) { off += num_read; total -= num_read; if (num_read < to_read) { to_read -= num_read; continue; } ret = sceSblAuthMgrAuthSegmentForKernel(ctx, data_buf_aligned, off); // decrypt buffer printf("sceSblAuthMgrAuthSegmentForKernel: 0x%08X\n", ret); if (ret < 0) printf("!!! ERROR !!!\n"); ret = sceSblAuthMgrLoadSegmentInternalForKernel(ctx, data_buf_aligned, off); // copy buffer to output printf("sceSblAuthMgrLoadSegmentInternalForKernel: 0x%08X\n", ret); if (ret < 0) printf("!!! ERROR !!!\n"); off = 0; to_read = total > 0x10000 ? 0x10000 : total; } // write buffer off = 0; while ((off += sceIoWriteForDriver(wfd, pgr_buf+off, phdrs[i].p_filesz-off)) < phdrs[i].p_filesz); } if (blkid) sceKernelFreeMemBlockForKernel(blkid); sceIoCloseForDriver(wfd); fail: sceSblAuthMgrCloseForKernel(ctx); if (fd) sceIoCloseForDriver(fd); if (somebuf) sceKernelLoadcoreKfreeForKernel(somebuf); if (hdr_buf) sceKernelLoadcoreKfreeForKernel(hdr_buf); if (data_buf) sceKernelLoadcoreKfreeForKernel(data_buf); return 1; }
Module decryption and signature checks ("HENkaku patches" on 1.60)
See also SELF_Loading to see how these SceSblAuthMgr functions are used to decrypt SELFs.
The code below will patch signature checks and bypass module decryption and allow homebrews to run. The idea is to hook SceSblAuthMgr* calls that are imported to SceKernelModulemgr. The offsets are from 1.60, you will probably need to modify functions defines (set to addresses of functions) and INSTALL_HOOK second arguments (set to addresses of imports in SceKernelModulemgr). For old FWs like 1.60, as there is no kASLR, you can set hardcoded addresses, else take HENkaku code. As a bonus there's also patch_npdrm functions that patches SceNpDrm to bypass some DRM checks and allow unsigned packages to be installed, which you also need to modify addresses. See SceNpDrm#Package_integrity_checks.
// hardcoded addresses for 1.60 #define G_OUR_EBOOT *(unsigned*)(0x01E60000 - 0x14) #define G_BUF *(unsigned*)(0x01E60000 - 0xC) #define G_WRITTEN *(unsigned*)(0x01E60000 - 0x10) #define Func(addr) ((unsigned(*)())(addr)) // Hardcoded addresses for 1.60 #define sceSblAuthMgrAuthHeaderForKernel Func(0x4BC6C9) #define sceSblAuthMgrSetupAuthSegmentForKernel Func(0x4BC851) #define sceSblAuthMgrAuthSegmentForKernel Func(0x4BC909) #define sceSblAuthMgrLoadSegmentInternalForKernel Func(0x4BCA89) // setup file decryption unsigned sceSblAuthMgrAuthHeaderForKernel_patched(unsigned a1, unsigned a2, unsigned a3, unsigned a4) { unsigned res = sceSblAuthMgrAuthHeaderForKernel(a1, a2, a3, a4); if (res == 0x800f0624 || res == 0x800f0616 || res == 0x800f0024) { G_OUR_EBOOT = 1; // patch somebuf so our module actually runs unsigned *somebuf = (unsigned*)a4; somebuf[42] = 0x40; return 0; } else { G_OUR_EBOOT = 0; } return res; } // setup output buffer unsigned sceSblAuthMgrSetupAuthSegmentForKernel_patched(unsigned a1, unsigned a2, unsigned a3, unsigned a4, unsigned a5) { G_BUF = a4; G_WRITTEN = 0; if (G_OUR_EBOOT == 1) { return 0; } return sceSblAuthMgrSetupAuthSegmentForKernel(a1, a2, a3, a4, a5); } // decrypt unsigned sceSblAuthMgrAuthSegmentForKernel_patched(unsigned a1, unsigned a2, unsigned a3) { if (G_OUR_EBOOT == 1) { return 0; } return sceSblAuthMgrAuthSegmentForKernel(a1, a2, a3); } // copy to output - not present on 3.60 unsigned sceSblAuthMgrLoadSegmentInternalForKernel_patched(unsigned a1, unsigned a2, unsigned a3) { if (G_OUR_EBOOT == 1) { memcpy((void*)(G_BUF + G_WRITTEN), (void*)a2, a3); G_WRITTEN += a3; return 0; } return sceSblAuthMgrLoadSegmentInternalForKernel(a1, a2, a3); } #define INSTALL_HOOK(func, addr) \ { unsigned *target; \ target = (unsigned*)addr; \ *target++ = 0xE59FF000; /* ldr pc, [pc, #0] */ \ *target++; /* doesn't matter */ \ *target = (unsigned)func; \ } // hardcoded addresses for 1.60 void hook_install(void) { INSTALL_HOOK(sceSblAuthMgrLoadSegmentInternalForKernel_patched, 0x5BA9CC); INSTALL_HOOK(sceSblAuthMgrSetupAuthSegmentForKernel_patched, 0x5BA9DC); INSTALL_HOOK(sceSblAuthMgrAuthSegmentForKernel_patched, 0x5BAA0C); INSTALL_HOOK(sceSblAuthMgrAuthHeaderForKernel_patched, 0x5BAA1C); } unsigned get_module_base(const char *name) { int * modlist[MOD_LIST_SIZE]; int modlist_records; int res; SceKernelModuleInfo modinfo; memset(modlist, 0, sizeof(modlist)); modlist_records = MOD_LIST_SIZE; sceKernelGetModuleListForKernel(0x10005, 0x7FFFFFFF, 1, modlist, &modlist_records); for(int j = 0; j < modlist_records; j++) { memset(&modinfo, 0, sizeof(modinfo)); res = sceKernelGetModuleInfoForKernel(modlist[j], &modinfo); if (strcmp(modinfo.name, name) == 0) return (unsigned)modinfo.module_top; } return 0; } // Hardcoded addresses for 1.60 void patch_npdrm(unsigned base) { unsigned *patch; // check where check_func[0] is called patch = (unsigned*)(base + 0x310); *patch = 0x47702001; // check where check_func[1] is called patch = (unsigned*)(base + 0xaa4); *patch = 0x47702001; // always return 1 in install_allowed patch = (unsigned*)(base + 0x2d64); *patch = 0x47702001; // patch error code 0x80870003 patch = (unsigned*)(base + 0x4856); *patch = 0x2500; // second same error code patch = (unsigned*)(base + 0x35fe); *patch = 0x2600; } // Call this function from a thread int hook(void) { fprintf("Hook start\n"); unsigned prev_dacr; __asm__ volatile("mrc p15, 0, %0, c3, c0, 0" : "=r" (prev_dacr)); __asm__ volatile("mcr p15, 0, %0, c3, c0, 0" : : "r" (-1)); unsigned base_npdrm = get_module_base("SceNpDrm"); fprintf("SceNpDrm base: 0x%08x\n", base_npdrm); patch_npdrm(base_npdrm); hook_install(); __asm__ volatile("MCR p15, 0, %0, c7, c5, 0" : : "r" (0)); // flush icache __asm__ volatile("mcr p15, 0, %0, c3, c0, 0" : : "r" (prev_dacr)); sceKernelDelayThread(4*1000*1000); return 0; }
SceModulemgrForKernel
sceKernelSetupForModulemgrForKernel
Version | NID |
---|---|
3.60 | 0x3382952B |
void sceKernelSetupForModulemgrForKernel(void);
sceKernelFinalizeKblForKernel
Version | NID |
---|---|
0.990-3.60 | 0xFDD7F646 |
3.65 | 0xB911516F |
unload the ScePsp2BootConfig
void *sysroot_buffer = sceKernelGetSysrootBuffer(); kbl_modid = *(SceUID *)(SceSysrootForKernel_CD70C9D7(sysroot_buffer) + 0x38); sceKernelStopUnloadModuleForDriver(kbl_modid); unk = *(_DWORD *)(SceSysrootForKernel_CD70C9D7(sysroot_buffer) + 0x34); // then does other things with other sysroot functions
0.990
void sceKernelFinalizeKblForKernel(void);
3.60
int sceKernelFinalizeKblForKernel(void);
sceKernelRegisterSyscallForKernel
Version | NID |
---|---|
3.60 | 0xB427025E |
3.65-3.68 | 0x2E4A10A0 |
void sceKernelRegisterSyscallForKernel(SceSize num, void *function);
sceKernelLoadPtLoadSegForFwloaderForKernel
Version | NID |
---|---|
0.990-3.60 | 0x448810D5 |
3.65 | 0xA07063EA |
Temp name is sceKernelDecryptSelfByPathForKernel
int sceKernelLoadPtLoadSegForFwloaderForKernel(const char *path, int e_phnum, void *buffer, uint32_t bufsize, int zero_unk, uint32_t *bytes_read);
This is an easy way of decrypting SELFs but you are limited to the kinds of SELFs you can load in the current context (for example, you can't load user modules from kernel context). It is also susceptible to limitations of where the SELF can be loaded from. For example, you are not allowed to load SELFs found in os0:
from ux0:
. This is because it checks the PathId.
On 3.60, statically compiled self give an error.
sceKernelMountBootfsForKernel
Version | NID |
---|---|
3.60 | 0x01360661 |
3.65 | 0x185FF1BC |
int sceKernelMountBootfsForKernel(const char *bootImagePath);
sceKernelUmountBootfsForKernel
Version | NID |
---|---|
3.60 | 0x9C838A6B |
3.65 | 0xBD61AD4D |
int sceKernelUmountBootfsForKernel(void);
sceKernelLoadModuleForPidForKernel
Version | NID |
---|---|
3.60 | 0xFA21D8CB |
/** * @brief Load module * * moduleFileName Loads the module specified by moduleFileName. * If the load is successful, the module identifier is returned as the return value. * * @param[in] moduleFileName file name * @param[in] flags flags * @param[in] pOpt option parameter, should be SCE_NULL * @retval (>0) module uid * @retval (<0) Error code */ SceUID sceKernelLoadModuleForPidForKernel(SceUID pid, const char *moduleFileName, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt);
sceKernelStartModuleForPidForKernel
Version | NID |
---|---|
3.60 | 0x6DF745D5 |
// flags must be 0 // pOpt can be null /** * @brief start module for process * * Starts the module specified by uid. When calling the start entry function, * the value specified by the args and argp arguments is passed as an argument. * * If the start process is successful, the library declared with AUTO_EXPORT will be registered. * Public processing is performed and the return value of the start entry function is stored in the area indicated by pRes. * If the start process fails, library registration and publishing will not be performed. * * SCE_KERNEL_START_NO_RESIDENT is returned as the return value of the start entry function * only if the module is automatically unloaded after executing the start entry function. * If SCE_KERNEL_START_FAILED is returned, the start process will fail. * At this time, the module is not unloaded. Modules that failed to start * It can be restarted with sceKernelStartModuleForPidForKernel(). * * @param[in] pid process id * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * @retval SCE_OK success * @retval (<0) Error code */ int sceKernelStartModuleForPidForKernel(SceUID pid, SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStartModuleOpt *pOpt, int *pRes);
sceKernelStopModuleForPidForKernel
Version | NID |
---|---|
3.60 | 0x7BB4CE54 |
/** * @brief Stop module * * Stops the module specified by uid. When calling the stop entry function, * the values specified by the args and argp arguments are passed as arguments. * * If the stop process is successful, the library released from the module is deleted, * and the return value of the stop entry function is stored in the area indicated by pRes. * If stop processing fails, library deletion processing is not performed. * * Only when SCE_KERNEL_STOP_SUCCESS is returned as the return value of the * stop entry function, module stop processing succeeds. * If any other value is returned, module stop processing will fail. * The module that failed to stop can be restarted with sceKernelStopModuleForPidForKernel(). * * @param[in] pid process id * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of stop entry * @retval SCE_OK success * @retval (<0) Error code */ int sceKernelStopModuleForPidForKernel(SceUID pid, SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStopModuleOpt *pOpt, int *pRes);
sceKernelUnloadModuleForPidForKernel
Version | NID |
---|---|
3.60 | 0x5972E2CC |
/** * @brief Unload module * * Unloads the module specified by uid. * * @param[in] pid process id * @param[in] uid module id * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter * * @retval SCE_OK success * @retval (<0) Error code int sceKernelUnloadModuleForPidForKernel(SceUID pid, SceUID uid, SceUInt32 flags, const SceKernelUnloadModuleOpt *pOpt);
sceKernelModuleUnloadMySelfForKernel
Version | NID |
---|---|
3.60 | 0x2A69385E |
3.65 | 0x2F82EEBC |
int sceKernelModuleUnloadMySelfForKernel(void);
sceKernelLoadPreloadingModulesForKernel
Temp name was sceKernelLoadProcessModulesForKernel. Was wrongly named sceKernelLoadStartDefaultSharedModulesForPidForKernel.
Version | NID |
---|---|
0.931-3.60 | 0x3AD26B43 |
This loads the default shared modules for a process (only the ones that are actually imported). This includes, for example, SceLibKernel
. Modules are loaded with flags 0x10000000
meaning that text pages can be shared. If dipsw 210 is set, then flag 0x1000
is set, meaning that if the existing page is found, do not share it but instead make a copy.
int sceKernelLoadPreloadingModulesForKernel(SceUID pid, void *unk_buf, int flags);
sceKernelLoadProcessImageForKernel
Version | NID |
---|---|
0.931-3.60 | 0xAC4EABDB |
typedef struct SceLoadProcessParam { uint32_t sysver; char thread_name[0x20]; uint32_t unk_0x24; // ex:0x100000EC uint32_t unk_0x28; // ex:0x6000 uint32_t unk_0x2C; char unk_0x30[0x24]; char module_name[0x1C]; uint32_t unk_0x70; uint32_t unk_0x74; // ex:0x790000 void *unk_0x78; // ex:0x81600814, data seg vaddr? char unk_0x7C[0x20]; // all 0xFF // more... } SceLoadProcessParam; /** * @brief load process image * * @param[in] pid - target pid * @param[in] path - path * @param[in] a3 - unk, zero * @param[out] auth_info * @param[out] param * @param[in] a6 - unk, zero * * @return modid, < 0 on error. */ SceUID sceKernelLoadProcessImageForKernel(SceUID pid, const char *path, int a3, SceSelfAuthInfo *auth_info, SceLoadProcessParam *param, int a6);
sceKernelUnloadProcessModulesForKernel
Temp name was sceKernelStopUnloadPreloadingModulesForKernel.
Version | NID |
---|---|
0.990-3.60 | 0x0E33258E |
sceKernelStartPreloadingModulesForKernel
Version | NID |
---|---|
0.931-3.60 | 0x432DCC7A |
3.65 | 0x998C7AE9 |
Temp name was sceKernelStartProcessModulesForKernel.
int sceKernelStartPreloadingModulesForKernel(SceUID pid);
sceKernelGetModuleListForKernel
Version | NID |
---|---|
1.60-3.60 | 0x97CF7B4E |
3.65 | 0xB72C75A4 |
int sceKernelGetModuleListForKernel(SceUID pid, int flags1, int flags2, SceUID *modids, SceSize *num);
sceKernelGetModuleList2ForKernel
Version | NID |
---|---|
3.60 | 0x410E1D2E |
int sceKernelGetModuleList2ForKernel(SceUID pid, SceKernelModuleListInfo *infolists, SceSize *num);
sceKernelGetModuleUidForKernel
Version | NID |
---|---|
3.60 | 0x3B93CF88 |
Found by Princess
sceKernelGetModuleExportLibraryListForKernel
Version | NID |
---|---|
3.60 | 0x1FDEAE16 |
int sceKernelGetModuleUidListForKernel(SceUID pid, SceUID *uids, SceSize *num);
sceKernelGetModuleInfoForKernel
Version | NID |
---|---|
3.60 | 0xD269F915 |
3.65 | 0xDAA90093 |
int sceKernelGetModuleInfoForKernel(SceUID pid, SceUID modid, SceKernelModuleInfo *info);
sceKernelGetModuleLibraryInfoForKernel
Version | NID |
---|---|
3.60 | 0x6A655255 |
typedef struct SceKernelModuleLibraryInfo { SceSize size; //!< sizeof(SceKernelModuleLibraryInfo) : 0x120 SceUID libid; uint32_t libnid; uint16_t libver[2]; uint16_t entry_num_function; uint16_t entry_num_variable; uint16_t unk_0x14; uint16_t unk_0x16; char library_name[0x100]; // offset : 0x18 uint32_t unk_0x118; SceUID modid2; } SceKernelModuleLibraryInfo; int sceKernelGetModuleLibraryInfoForKernel(SceUID pid, SceUID libid, SceKernelModuleLibraryInfo *info);
sceKernelGetModuleLibExportListForKernel
Version | NID |
---|---|
3.60 | 0xD4BF409C |
typedef struct SceKernelModuleExportEntry { uint32_t libnid; const void *entry; // function ptr. or vars? } SceKernelModuleExportEntry; int sceKernelGetModuleLibExportListForKernel(SceUID pid, SceUID libid, SceKernelModuleExportEntry *list, SceSize *num, SceSize cpy_skip_num);
sceKernelGetModulePathForKernel
Version | NID |
---|---|
3.60 | 0x779A1025 |
wrong name is sceKernelGetProcessMainModulePathForKernel
int sceKernelGetModulePathForKernel(SceUID modid, char *path, int pathlen);
sceKernelGetModuleEntryPointForKernel
Version | NID |
---|---|
3.60 | 0x66606301 |
void *sceKernelGetModuleEntryPointForKernel(SceUID modid);
sceKernelGetModuleEntryPointForUserForKernel
Version | NID |
---|---|
3.60 | 0x78DBC027 |
typedef int (* SceKernelModuleEntry)(SceSize args, void *argp); int sceKernelGetModuleEntryPointForUserForKernel(SceUID pid, SceUID UserUid, SceKernelModuleEntry *start, SceKernelModuleEntry *stop);
sceKernelGetModuleIdByAddrForKernel
Version | NID |
---|---|
0.990-3.60 | 0x0053BA4A |
SceUID sceKernelGetModuleIdByAddrForKernel(SceUID pid, const void *module_addr);
sceKernelGetModuleInfoMinByAddrForKernel
Version | NID |
---|---|
3.60 | 0x8309E043 |
int sceKernelGetModuleInfoMinByAddrForKernel(SceUID pid, const void *pModuleAddr, SceUInt32 *piDbgFingerprint, const void **program_text_addr, SceKernelModuleName *moduleName);
sceKernelGetModuleInhibitStateForKernel
Version | NID |
---|---|
3.60 | 0x7A1E882D |
int sceKernelGetModuleInhibitStateForKernel(SceUID pid, int *state);
sceKernelGetModuleInternalByAddrForKernel
Version | NID |
---|---|
0.990-3.60 | 0x2C2618D9 |
Used by sceKernelPrintBacktraceForDriver.
int sceKernelGetModuleInternalByAddrForKernel(SceUID pid, const void *module_addr, SceKernelModuleInfoObjBase_t **info);
sceKernelGetModuleNIDForKernel
Version | NID |
---|---|
3.60 | 0xEEA92F1F |
int sceKernelGetModuleNIDForKernel(SceUID modid, uint32_t *module_nid);
sceKernelGetModuleNonlinkedImportInfoForKernel
Version | NID |
---|---|
3.60 | 0x1BDE2ED2 |
typedef struct { SceUID modid; uint32_t libnid; } SceKernelModuleImportNID; int sceKernelGetModuleNonlinkedImportInfoForKernel(SceUID pid, SceKernelModuleImportNID *a2, SceSize *num);
sceKernelGetModuleLibStubIdListForKernel
Version | NID |
---|---|
3.60 | 0x1D341231 |
int sceKernelGetModuleLibStubIdListForKernel(SceUID pid, SceUID *stubid, SceSize *num);
sceKernelGetModuleLibraryIdListForKernel
Version | NID |
---|---|
3.60 | 0x619925F1 |
int sceKernelGetModuleLibraryIdListForKernel(SceUID pid, SceUID modid, SceUID *libid, SceSize *num);
Version | NID |
---|---|
3.60 | 0x99890202 |
int sceKernelGetModuleIsSharedByAddrForKernel(SceUID pid, const void *module_addr);
sceKernelGetModuleKernelExportListForKernel
Version | NID |
---|---|
3.60 | 0x8D1AA624 |
typedef struct SceModuleLibraryExportInfo_t { struct SceModuleLibraryExportInfo_t *next; void *data_0x04; SceModuleLibExport_t *nid_info; int data_0x0C; // flags? int data_0x10; // ex:1 int data_0x14; // zero? SceUID libid_kernel; SceUID libid_user; SceKernelModuleInfoObjBase_t *modobj; int data_0x24[3]; // zero? int data_0x30; // zero? SceModuleLibExport_t *data_0x34; // maybe noname export int data_0x38; // ex:0x40000 // maybe more } SceModuleLibraryExportInfo_t; int sceKernelGetModuleKernelExportListForKernel(SceModuleLibraryExportInfo_t **list, SceSize *num);
sceKernelGetModuleImportNonlinkedInfoByNIDForKernel
Version | NID |
---|---|
3.60 | 0x952535A3 |
typedef struct SceKernelModuleImportNonlinkedInfo { SceSize size; // 0x124 SceUID modid; uint32_t libnid; char libname[0x100]; uint32_t data_0x10C; uint32_t data_0x110; uint32_t data_0x114; uint32_t data_0x118; uint32_t data_0x11C; uint32_t data_0x120; } SceKernelModuleImportNonlinkedInfo; int sceKernelGetModuleImportNonlinkedInfoByNIDForKernel(SceUID pid, SceUID modid, uint32_t libnid, SceKernelModuleImportNonlinkedInfo *info);
sceKernelGetProcessEntryPointForKernel
Version | NID |
---|---|
0.990-3.60 | 0xFE303863 |
Temp name was sceKernelGetModuleInternalForKernel, sceKernelGetModuleCBForDebugger.
0.990:
void **sceKernelGetProcessEntryPointForKernel(SceUID modid);
3.60:
int sceKernelGetProcessEntryPointForKernel(SceUID modid, void **entrypoint);
sceKernelGetProcessMainModuleForKernel
Version | NID |
---|---|
3.60 | 0x20A27FA9 |
/** * @brief Get the main module for a given process. * @param pid The process to query. * @return the UID of the module else < 0 for an error. */ SceUID sceKernelGetProcessMainModuleForKernel(SceUID pid);
sceKernelLibraryDBGetSyslibtraceCBForKernel
Version | NID |
---|---|
0.990 | 0x3AE7F62F |
3.60 | not present |
sceKernelLibraryDBSetSyslibtraceCBForKernel
Version | NID |
---|---|
0.990 | 0x7E68D6EC |
SceModulemgrForKernel_06D9392A
Version | NID |
---|---|
0.990 | 0x06D9392A |
3.60 | not present |
SceModulemgrForKernel_06D9392A(int modid, void *addr, int *out);
sceModulemgrLockLibDBForKernel
Version | NID |
---|---|
0.990 | 0x37C2A1A5 |
sceModulemgrUnlockLibDBForKernel
Version | NID |
---|---|
0.990 | 0x0751F162 |
SceModulemgrForKernel_04ADDA3E
Version | NID |
---|---|
0.990 | 0x04ADDA3E |
sceKernelGetProcessEntryPointForKernel
Version | NID |
---|---|
0.990 | 0xC72CA412 |
3.60 | not present |
sceKernelLoadcoreKallocForKernel
Version | NID |
---|---|
0.990 | 0xB4A1DE31 |
void *sceKernelLoadcoreKallocForKernel(SceSize len);
sceKernelLoadcoreKfreeForKernel
Version | NID |
---|---|
0.990-1.60 | 0xF4B2D8B8 |
Calls sceKernelFreeHeapMemoryForDriver.
sceKernelCallModuleSuspendEntryForKernel
Version | NID |
---|---|
0.990 | 0x829E1C94 |
sceKernelLibraryDBGetLibEntHeadForKernel
Version | NID |
---|---|
0.990 | 0x1100A1B8 |
SceModulemgrForKernel_19A65337
Version | NID |
---|---|
0.990 | 0x19A65337 |
SceModulemgrForKernel_60E176C8
Version | NID |
---|---|
3.60 | 0x60E176C8 |
SceModulemgrForKernel_9D20C9BB
Version | NID |
---|---|
3.60 | 0x9D20C9BB |
SceModulemgrForKernel_F3CD647F
Version | NID |
---|---|
3.60 | 0xF3CD647F |
SceModulemgrForDriver
sceKernelGetModuleInfoByAddrForDriver
Version | NID |
---|---|
0.990-3.60 | 0x1D9E0F7E |
note : kernel only.
int sceKernelGetModuleInfoByAddrForDriver(const void *module_addr, SceKernelModuleInfo *info);
sceKernelRegisterLibaryForDriver
Version | NID |
---|---|
0.990-3.60 | 0x861638AD |
note : kernel only.
int sceKernelRegisterLibaryForDriver(const void *module_addr);
sceKernelReleaseLibaryForDriver
Version | NID |
---|---|
0.990-3.60 | 0x0975B104 |
note : kernel only.
int sceKernelReleaseLibaryForDriver(const void *module_addr);
sceKernelGetModuleInfoForDriver
Version | NID |
---|---|
0.990-1.69 | 0x36585DAF |
3.60 | moved to SceModulemgrForKernel |
sceKernelSearchModuleByNameForDriver
Version | NID |
---|---|
0.940-3.60 | 0xBBE1771C |
// Returns (<0) if error or module is not loaded SceUID sceKernelSearchModuleByNameForDriver(const char *module_name);
sceKernelGetSystemSwVersionForDriver
Version | NID |
---|---|
0.940-3.60 | 0x5182E212 |
int sceKernelGetSystemSwVersionForDriver(SceKernelFwInfo *data);
sceKernelSetSystemSwVersionForDriver
Version | NID |
---|---|
0.990-1.69 | 0x912AEB73 |
3.60 | non existent. Integrated with sceKernelGetSystemSwVersionForDriver |
sceKernelLoadStartModuleForDriver
Version | NID |
---|---|
1.69-3.60 | 0x189BFBBB |
/** * @brief PRX Load and start PRX * * moduleFileName After loading the PRX specified by the moduleFileName argument, start processing * is performed. * * During start processing, module_start () is called by a thread * that is initialized with SCE_KERNEL_DEFAULT_PRIORITY_USER as the priority * and SCE_KERNEL_STACK_SIZE_DEFAULT_USER_MAIN as the stack size. * When it is done, the argument block specified by the args and argp arguments are * copied to the thread stack and then passed to module_start(). * * If loading and start processing is successful, the return value * of the start entry function is stored in the area indicated by pRes. * * If SCE_KERNEL_START_NO_RESIDENT is returned as the return value of module_start() * the module is not resident in memory and is automatically unloaded after module_start() is executed. * If SCE_KERNEL_START_FAILED is returned, * the PRX has failed to load. A PRX is resident (loaded) only if it * returns a value other than SCE_KERNEL_START_NO_RESIDENT * or SCE_KERNEL_START_FAILED, including SCE_KERNEL_START_RESIDENT. * * @param[in] moduleFileName file name * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * * @retval (>0) module uid * @retval (<0) Error code */ SceUID sceKernelLoadStartModuleForDriver(const char *moduleFileName, SceSize args, const void *argp, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt, int *pRes);
sceKernelLoadStartModuleForPidForDriver
Version | NID |
---|---|
3.60 | 0x9D953C22 |
/** * @brief PRX Load and start PRX * * moduleFileName After loading the PRX specified by the moduleFileName argument, start processing * is performed. * * During start processing, module_start () is called by a thread * that is initialized with SCE_KERNEL_DEFAULT_PRIORITY_USER as the priority * and SCE_KERNEL_STACK_SIZE_DEFAULT_USER_MAIN as the stack size. * When it is done, the argument block specified by the args and argp arguments are * copied to the thread stack and then passed to module_start(). * * If loading and start processing is successful, the return value * of the start entry function is stored in the area indicated by pRes. * * If SCE_KERNEL_START_NO_RESIDENT is returned as the return value of module_start() * the module is not resident in memory and is automatically unloaded after module_start() is executed. * If SCE_KERNEL_START_FAILED is returned, * the PRX has failed to load. A PRX is resident (loaded) only if it * returns a value other than SCE_KERNEL_START_NO_RESIDENT * or SCE_KERNEL_START_FAILED, including SCE_KERNEL_START_RESIDENT. * * @param[in] pid process id * @param[in] moduleFileName file name * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * * @retval (>0) module uid * @retval (<0) Error code */ SceUID sceKernelLoadStartModuleForPidForDriver(SceUID pid, const char *moduleFileName, SceSize args, const void *argp, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt, int *pRes);
Version | NID |
---|---|
3.60 | 0xE2ADEF8D |
/** * @brief PRX Load and start PRX * * moduleFileName After loading the PRX specified by the moduleFileName argument, start processing * is performed. * * During start processing, module_start () is called by a thread * that is initialized with SCE_KERNEL_DEFAULT_PRIORITY_USER as the priority * and SCE_KERNEL_STACK_SIZE_DEFAULT_USER_MAIN as the stack size. * When it is done, the argument block specified by the args and argp arguments are * copied to the thread stack and then passed to module_start(). * * If loading and start processing is successful, the return value * of the start entry function is stored in the area indicated by pRes. * * If SCE_KERNEL_START_NO_RESIDENT is returned as the return value of module_start() * the module is not resident in memory and is automatically unloaded after module_start() is executed. * If SCE_KERNEL_START_FAILED is returned, * the PRX has failed to load. A PRX is resident (loaded) only if it * returns a value other than SCE_KERNEL_START_NO_RESIDENT * or SCE_KERNEL_START_FAILED, including SCE_KERNEL_START_RESIDENT. * * @param[in] pid process id * @param[in] moduleFileName file name * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * * @retval (>0) module uid * @retval (<0) Error code */ SceUID sceKernelLoadStartSharedModuleForPidForDriver(SceUID pid, const char *moduleFileName, SceSize args, const void *argp, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt, int *pRes);
sceKernelLoadModuleWithoutStartForDriver / sceKernelLoadModuleForDriver
Version | NID |
---|---|
1.69-3.60 | 0x86D8D634 |
/** * @brief Load module * * moduleFileName Loads the module specified by moduleFileName. * If the load is successful, the module identifier is returned as the return value. * * @param[in] moduleFileName file name * @param[in] flags flags * @param[in] pOpt option parameter, should be SCE_NULL * @retval (>0) module uid * @retval (<0) Error code */ SceUID sceKernelLoadModuleForDriver(const char *moduleFileName, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt);
sceKernelStartModuleForDriver
Version | NID |
---|---|
1.69-3.60 | 0x0675B682 |
// flags must be 0 // pOpt can be null /** * @brief start module * * Starts the module specified by uid. When calling the start entry function, * the value specified by the args and argp arguments is passed as an argument. * * If the start process is successful, the library declared with AUTO_EXPORT will be registered. * Public processing is performed and the return value of the start entry function is stored in the area indicated by pRes. * If the start process fails, library registration and publishing will not be performed. * * SCE_KERNEL_START_NO_RESIDENT is returned as the return value of the start entry function * only if the module is automatically unloaded after executing the start entry function. * If SCE_KERNEL_START_FAILED is returned, the start process will fail. * At this time, the module is not unloaded. Modules that failed to start * It can be restarted with sceKernelStartModuleForDriver(). * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * @retval SCE_OK success * @retval (<0) Error code */ int sceKernelStartModuleForDriver(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStartModuleOpt *pOpt, int *pRes);
sceKernelStopUnloadModuleForDriver
Version | NID |
---|---|
1.69-3.60 | 0x03B30B7E |
// flags must be 0 // opt can be null /** * @brief Stop and unload PRX * * After stopping the PRX specified by the uid argument, unloading is performed. * * During stop processing, module_stop() is called by a thread that is * initialized with SCE_KERNEL_DEFAULT_PRIORITY_USER as the priority * and SCE_KERNEL_STACK_SIZE_DEFAULT_USER_MAIN as the stack size. * When it is done, the argument blocks specified by the args and argp * arguments are copied onto the thread stack and then passed to module_stop(). * * If the stop process is successful, the library released from PRX * is deleted and then unloaded, and the return value of * the stop entry function is stored in the area indicated by pRes. * * PRX stop and unload processing has failed only if SCE_KERNEL_STOP_CANCEL * is returned as the return value of module_stop(). * If any other value is returned, stop and unload processing has succeeded. * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of stop entry * @retval SCE_OK success * @retval (<0) Error code */ int sceKernelStopUnloadModuleForDriver(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelUnloadModuleOpt *pOpt, int *pRes);
sceKernelStopUnloadModuleForPidForDriver
Version | NID |
---|---|
3.60 | 0x49A3EDC7 |
/** * @brief Stop and unload PRX * * After stopping the PRX specified by the uid argument, unloading is performed. * * During stop processing, module_stop() is called by a thread that is * initialized with SCE_KERNEL_DEFAULT_PRIORITY_USER as the priority * and SCE_KERNEL_STACK_SIZE_DEFAULT_USER_MAIN as the stack size. * When it is done, the argument blocks specified by the args and argp * arguments are copied onto the thread stack and then passed to module_stop(). * * If the stop process is successful, the library released from PRX * is deleted and then unloaded, and the return value of * the stop entry function is stored in the area indicated by pRes. * * PRX stop and unload processing has failed only if SCE_KERNEL_STOP_CANCEL * is returned as the return value of module_stop(). * If any other value is returned, stop and unload processing has succeeded. * * @param[in] pid process id * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of stop entry * @retval SCE_OK success * @retval (<0) Error code */ int sceKernelStopUnloadModuleForPidForDriver(SceUID pid, SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelUnloadModuleOpt *pOpt, int *pRes);
Version | NID |
---|---|
3.60 | 0x02D3D0C1 |
int sceKernelStopUnloadSharedModuleForPidForDriver(SceUID pid, SceUID modid, SceSize args, void *argp, int flags, SceKernelULMOption *option, int *status);
sceKernelStopModuleForDriver
Version | NID |
---|---|
1.69-3.60 | 0x100DAEB9 |
/** * @brief Stop module * * Stops the module specified by uid. When calling the stop entry function, * the values specified by the args and argp arguments are passed as arguments. * * If the stop process is successful, the library released from the module is deleted, * and the return value of the stop entry function is stored in the area indicated by pRes. * If stop processing fails, library deletion processing is not performed. * * Only when SCE_KERNEL_STOP_SUCCESS is returned as the return value of the * stop entry function, module stop processing succeeds. * If any other value is returned, module stop processing will fail. * The module that failed to stop can be restarted with sceKernelStopModuleForDriver(). * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of stop entry * @retval SCE_OK success * @retval (<0) Error code */ int sceKernelStopModuleForDriver(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStopModuleOpt *pOpt, int *pRes);
sceKernelUnloadModuleForDriver
Version | NID |
---|---|
1.69-3.60 | 0x728E72A6 |
In 1.69 existed in SceModulemgrForKernel
/** * @brief Unload module * * Unloads the module specified by uid. * * @param[in] uid module id * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter * * @retval SCE_OK success * @retval (<0) Error code int sceKernelUnloadModuleForDriver(SceUID uid, SceUInt32 flags, const SceKernelUnloadModuleOpt *pOpt);
load_with_logs
Version | NID |
---|---|
0.990 | 0x57EE2372 |
SceModulemgr
__sceKernelLoadModuleWithoutStart
Version | NID |
---|---|
0.990-1.69 | 0xA4E6DA4D |
3.60 | non existent |
/** * @brief Load module * * moduleFileName Loads the module specified by moduleFileName. * If the load is successful, the module identifier is returned as the return value. * * @param[in] moduleFileName file name * @param[in] flags flags * @param[in] pOpt option parameter, should be SCE_NULL * @retval (>0) module uid * @retval (<0) Error code */ SceUID __sceKernelLoadModuleWithoutStart(const char *moduleFileName, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt);
_sceKernelLoadModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0xB4C5EF9E |
/** * @brief Load module * * moduleFileName Loads the module specified by moduleFileName. * If the load is successful, the module identifier is returned as the return value. * * @param[in] moduleFileName file name * @param[in] flags flags * @param[in] pOpt option parameter, should be SCE_NULL * @retval (>0) module uid * @retval (<0) Error code */ SceUID _sceKernelLoadModule(const char *moduleFileName, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt);
_sceKernelLoadStartModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x60647592 |
/** * @brief PRX Load and start PRX * * moduleFileName After loading the PRX specified by the moduleFileName argument, start processing * is performed. * * During start processing, module_start () is called by a thread * that is initialized with SCE_KERNEL_DEFAULT_PRIORITY_USER as the priority * and SCE_KERNEL_STACK_SIZE_DEFAULT_USER_MAIN as the stack size. * When it is done, the argument block specified by the args and argp arguments are * copied to the thread stack and then passed to module_start(). * * If loading and start processing is successful, the return value * of the start entry function is stored in the area indicated by pRes. * * If SCE_KERNEL_START_NO_RESIDENT is returned as the return value of module_start() * the module is not resident in memory and is automatically unloaded after module_start() is executed. * If SCE_KERNEL_START_FAILED is returned, * the PRX has failed to load. A PRX is resident (loaded) only if it * returns a value other than SCE_KERNEL_START_NO_RESIDENT * or SCE_KERNEL_START_FAILED, including SCE_KERNEL_START_RESIDENT. * * @param[in] moduleFileName file name * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * * @retval (>0) module uid * @retval (<0) Error code */ SceUID _sceKernelLoadStartModule(const char *moduleFileName, SceSize args, const void *argp, SceUInt32 flags, const SceKernelLoadModuleOpt *pOpt, int *pRes);
__sceKernelStartModule
Version | NID |
---|---|
0.990-1.69 | 0x1FD99C9F |
3.60 | non existent |
/** * @brief start module * * Starts the module specified by uid. When calling the start entry function, * the value specified by the args and argp arguments is passed as an argument. * * If the start process is successful, the library declared with AUTO_EXPORT will be registered. * Public processing is performed and the return value of the start entry function is stored in the area indicated by pRes. * If the start process fails, library registration and publishing will not be performed. * * SCE_KERNEL_START_NO_RESIDENT is returned as the return value of the start entry function * only if the module is automatically unloaded after executing the start entry function. * If SCE_KERNEL_START_FAILED is returned, the start process will fail. * At this time, the module is not unloaded. Modules that failed to start * It can be restarted with __sceKernelStartModule(). * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * @retval SCE_OK success * @retval (<0) Error code */ int __sceKernelStartModule(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStartModuleOpt *pOpt, int *pRes);
_sceKernelStartModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x72CD301F |
/** * @brief start module * * Starts the module specified by uid. When calling the start entry function, * the value specified by the args and argp arguments is passed as an argument. * * If the start process is successful, the library declared with AUTO_EXPORT will be registered. * Public processing is performed and the return value of the start entry function is stored in the area indicated by pRes. * If the start process fails, library registration and publishing will not be performed. * * SCE_KERNEL_START_NO_RESIDENT is returned as the return value of the start entry function * only if the module is automatically unloaded after executing the start entry function. * If SCE_KERNEL_START_FAILED is returned, the start process will fail. * At this time, the module is not unloaded. Modules that failed to start * It can be restarted with _sceKernelStartModule(). * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of start entry * @retval SCE_OK success * @retval (<0) Error code */ int _sceKernelStartModule(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStartModuleOpt *pOpt, int *pRes);
__sceKernelStopModule
Version | NID |
---|---|
0.990-1.69 | 0xBA49EA5C |
3.60 | non existent |
/** * @brief Stop module * * Stops the module specified by uid. When calling the stop entry function, * the values specified by the args and argp arguments are passed as arguments. * * If the stop process is successful, the library released from the module is deleted, * and the return value of the stop entry function is stored in the area indicated by pRes. * If stop processing fails, library deletion processing is not performed. * * Only when SCE_KERNEL_STOP_SUCCESS is returned as the return value of the * stop entry function, module stop processing succeeds. * If any other value is returned, module stop processing will fail. * The module that failed to stop can be restarted with __sceKernelStopModule(). * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of stop entry * @retval SCE_OK success * @retval (<0) Error code */ int __sceKernelStopModule(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStopModuleOpt *pOpt, int *pRes);
_sceKernelStopModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x086867A8 |
/** * @brief Stop module * * Stops the module specified by uid. When calling the stop entry function, * the values specified by the args and argp arguments are passed as arguments. * * If the stop process is successful, the library released from the module is deleted, * and the return value of the stop entry function is stored in the area indicated by pRes. * If stop processing fails, library deletion processing is not performed. * * Only when SCE_KERNEL_STOP_SUCCESS is returned as the return value of the * stop entry function, module stop processing succeeds. * If any other value is returned, module stop processing will fail. * The module that failed to stop can be restarted with _sceKernelStopModule(). * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of stop entry * @retval SCE_OK success * @retval (<0) Error code */ int _sceKernelStopModule(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelStopModuleOpt *pOpt, int *pRes);
_sceKernelStopUnloadModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x86EAEA0A |
/** * @brief Stop and unload PRX * * After stopping the PRX specified by the uid argument, unloading is performed. * * During stop processing, module_stop() is called by a thread that is * initialized with SCE_KERNEL_DEFAULT_PRIORITY_USER as the priority * and SCE_KERNEL_STACK_SIZE_DEFAULT_USER_MAIN as the stack size. * When it is done, the argument blocks specified by the args and argp * arguments are copied onto the thread stack and then passed to module_stop(). * * If the stop process is successful, the library released from PRX * is deleted and then unloaded, and the return value of * the stop entry function is stored in the area indicated by pRes. * * PRX stop and unload processing has failed only if SCE_KERNEL_STOP_CANCEL * is returned as the return value of module_stop(). * If any other value is returned, stop and unload processing has succeeded. * * @param[in] uid module id * @param[in] args argument block size * @param[in] argp argument block address * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter, should be SCE_NULL * @param[out] pRes result of stop entry * @retval SCE_OK success * @retval (<0) Error code */ int _sceKernelStopUnloadModule(SceUID uid, SceSize args, const void *argp, SceUInt32 flags, const SceKernelUnloadModuleOpt *pOpt, int *pRes);
__sceKernelUnloadModuleWithoutStop
Version | NID |
---|---|
0.990-1.69 | 0xE439E26B |
3.60 | non existent |
/** * @brief Unload module * * Unloads the module specified by uid. * * @param[in] uid module id * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter * * @retval SCE_OK success * @retval (<0) Error code int __sceKernelUnloadModuleWithoutStop(SceUID uid, SceUInt32 flags, const SceKernelUnloadModuleOpt *pOpt);
_sceKernelUnloadModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x8E4A7716 |
/** * @brief Unload module * * Unloads the module specified by uid. * * @param[in] uid module id * @param[in] flags flags, should be 0 * @param[in] pOpt option parameter * * @retval SCE_OK success * @retval (<0) Error code int _sceKernelUnloadModule(SceUID uid, SceUInt32 flags, const SceKernelUnloadModuleOpt *pOpt);
__sceKernelOpenModule
Version | NID |
---|---|
0.990-1.69 | 0x9C2A9A49 |
3.60 | non existent |
_sceKernelOpenModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x9D674F45 |
__sceKernelCloseModule
Version | NID |
---|---|
0.990-1.69 | 0x5303C52F |
3.60 | non existent |
_sceKernelCloseModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x849E78BE |
sceKernelKttyWrite
Version | NID |
---|---|
0.940-1.69 | 0x4D76CF9E |
3.60 | non existent |
sceKernelPutc
Version | NID |
---|---|
0.990-1.69 | 0x9D2FE122 |
3.60 | non existent |
sceKernelGetSystemSwVersion
Version | NID |
---|---|
0.940-3.60 | 0x5182E212 |
sceKernelSetSystemSwVersion
Version | NID |
---|---|
0.990-1.69 | 0x912AEB73 |
3.60 | non existent |
sceKernelGetAllowedSdkVersionOnSystem
Version | NID |
---|---|
1.69-3.60 | 0x4397FC4E |
sceKernelGetModuleList
Version | NID |
---|---|
1.69-3.60 | 0x2EF2581F |
sceKernelGetModuleIdByAddr
Version | NID |
---|---|
1.69-3.60 | 0xF5798C7C |
sceKernelGetModuleInfo
Version | NID |
---|---|
1.69-3.60 | 0x36585DAF |
sceKernelGetLibraryInfoByNID
Version | NID |
---|---|
0.990 | not present |
1.69-3.60 | 0xEAEB1312 |
int sceKernelGetLibraryInfoByNID(SceUID modid, SceUInt32 libnid, SceKernelLibraryInfo *pInfo);
sceKernelIsCalledFromSysModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x85E6D2BB |
sceKernelInhibitLoadingModule
Version | NID |
---|---|
1.69 | non existent |
3.60 | 0x6CED1F63 |
Added somewhere between 3.30 an 3.60 to prevent loading Sysmodules from webbrowser (see Vitasploit 2.00-3.36 and h-encore 3.65-3.68 writeup).
SceBacktraceForDriver
sceKernelBacktraceForDriver
Version | NID |
---|---|
0.990-3.60 | 0x166B9C8C |
// a4 size = 0x10 int sceKernelBacktraceForDriver(int a1, int a2, int a3, char* a4);
sceKernelPrintBacktraceForDriver
Version | NID |
---|---|
0.990 | 0xC5608386 |
3.60 | 0x7C878F90 |
sceKernelBacktraceInternalForDriver
Version | NID |
---|---|
0.990 | 0xCECD5584 |
3.60 | 0x888E99B8 |
SceBacktrace
_sceKernelBacktrace
Version | NID |
---|---|
3.60 | 0xBF371A98 |
Calls sceKernelBacktraceForDriver.
/** * Get backtrace * - When called with pCallFrameBuffer=NULL, numBytesBuffer=0, * only the depth of the call stack can be obtained as a return value. * * @param threadId Thread ID, or SCE_KERNEL_BACKTRACE_CONTEXT_xxx * @param pCallFrameBuffer Buffer to get call frame * @param numBytesBuffer Buffer size (byte) * @param pNumReturn Pointer that receives the acquired number of frames * @param mode Action mode * @retval (0) Call stack depth, or SCE_OK * @retval (<0) Error code * @note Callable only with TOOL */ SceInt32 _sceKernelBacktrace( SceUID threadId, /**< Thread ID, SCE_KERNEL_BACKTRACE_* can be used. */ SceKernelCallFrame *pCallFrameBuffer, /**< buffer for frames */ SceSize numBytesBuffer, /**< buffer size */ SceUInt32 *pNumReturn, /**< number of frames gathered. */ SceInt32 mode /**< KERNEL or USER mode. / DONT_EXCEED */ );
_sceKernelPrintBacktrace
Version | NID |
---|---|
0.990 | 0x21F00CF2 |
Calls sceKernelPrintBacktraceForDriver.
/** * Display backtrace * @param processId Process ID to which the frame belongs * @param pCallFrame Stack frame data * @param numFrames Maximum step * @retval (0) Success * @retval (<0) Error code */ SceInt32 _sceKernelPrintBacktrace( SceUID processId, const SceKernelCallFrame *pCallFrame, SceUInt32 numFrames );