Changelog
FW version |
What changed compared to previous FW version
|
0.940 |
Changed SKBL base physical address to 0x40040000 from 0x50000000. NSKBL is now stored in kernel_boot_loader.self segment 3 instead of SKBL .text , and loaded (ARZL-compressed) at 0x50000000 .
Changed the early boot stack base addresses from 0x500Ex000 to 0x400ExC00 . Undef/Abort/IRQ/FIQ stack are no longer separated.
Resuming on Kermit ES1 is no longer supported (sceKernelAssert(0) ).
|
0.995 |
Unknown.
|
0.996 |
Changed SKBL base physical address to 0x40020000 from 0x40040000.
|
3.36 |
Unknown
|
3.50 |
Initial stack base changed (+ 0x100).
Something in the function has changed (see function at: 3.50:0x40020438).
Removed some register writing (see function at: 3.36:0x4002066c/3.50:0x40020668).
|
Common
These functions are at different offsets than those of SceTzs modules.
Offsets are relative to SKBL text segment base address. See Secure DRAM.
SceKernelModulemgr
sceKernelLoadStartModule
Version |
offset |
mode
|
3.60 |
0x20B0 |
thumb
|
typedef struct SceTzsModule {
const void *pModule;
const void *pModuleEnd;
} SceTzsModule;
int sceKernelLoadStartModule(SceTzsModule *pModule, void *argp);
get_module_object
Version |
offset |
mode
|
3.60 |
0x2350 |
thumb
|
SceModuleObject *get_module_object(SceUID modid);
sceKernelLoadModuleWithBuffer
Version |
offset |
mode
|
3.60 |
0x2494 |
thumb
|
SceUID sceKernelLoadModuleWithBuffer(const void *pModule, SceSize size);
sceKernelStartModuleForPid
Version |
offset |
mode
|
3.60 |
0x25BC |
thumb
|
int sceKernelStartModuleForPid(SceUID pid, SceUID modid, SceSize args, void *argp, int flags, SceKernelLMOption *option, int *status);
sceKernelStartModule
Version |
offset |
mode
|
3.60 |
0x2710 |
thumb
|
int sceKernelStartModule(SceUID modid, SceSize args, void *argp, int flags, SceKernelLMOption *option, int *status);
get_module_bootstart
Version |
offset |
mode
|
3.60 |
0x2744 |
thumb
|
int get_module_bootstart(SceUID modid, void *entry);
print_module_load_info
Version |
offset |
mode
|
3.60 |
0x2A70 |
thumb
|
resolve_import_function
Version |
offset |
mode
|
3.60 |
0x4748 |
thumb
|
SceExcpmgr
excp_handler
Version |
offset |
mode
|
3.60 |
0x4A3C |
thumb
|
sceExcpmgrRegisterHandler
Version |
offset |
mode
|
3.60 |
0x4A70 |
thumb
|
SceExcpmgr_module_start
Version |
offset |
mode
|
3.60 |
0x4CB4 |
thumb
|
SceSysmem
SceSysmem_NS_0x8100156C
Version |
offset |
mode
|
3.60 |
0x6EC0 |
thumb
|
sceGUIDReferObjectWithClass
Version |
offset |
mode
|
3.60 |
0x9DF8 |
thumb
|
int sceGUIDReferObjectWithClass(SceUID uid, SceClass *pClass, SceKernelObject **ppEntry);
sceKernelUidRelease
Version |
offset |
mode
|
3.60 |
0x9E60 |
thumb
|
int sceKernelUidRelease(SceUID uid);
sceKernelIsColdBoot
Version |
offset |
mode
|
3.60 |
0x14904 |
thumb
|
int sceKernelIsColdBoot(void);
memcpy
Version |
offset |
mode
|
3.60 |
0x15920 |
thumb
|
void *memcpy(void *dst, const void *src, int len);
memset
Version |
offset |
mode
|
3.60 |
0x15A30 |
thumb
|
void *memset(void *dst, int ch, int len);
sceKernelCpuIcacheInvalidateAll
Version |
offset |
mode
|
3.60 |
0x16480 |
thumb
|
void sceKernelCpuIcacheInvalidateAll(void);
sceKernelCpuIcacheInvalidateMVAURange
Version |
offset |
mode
|
3.60 |
0x164A0 |
thumb
|
void sceKernelCpuIcacheInvalidateMVAURange(void *start, SceSize size);
sceKernelCpuDcacheCleanMVACRange
Version |
offset |
mode
|
3.60 |
0x1650C |
thumb
|
void sceKernelCpuDcacheCleanMVACRange(void *addr, unsigned int size);
sceKernelDcacheWritebackInvalidateRange
Version |
offset |
mode
|
3.60 |
0x1652C |
thumb
|
Temp name was sceKernelCpuDcacheCleanInvalidateMVACRangeForKernel, sceKernelCpuDcacheWritebackInvalidateRangeForKernel.
// DCCIMVAC, Data cache clean and invalidate by MVA (PoC)
void sceKernelDcacheWritebackInvalidateRange(const void *addr, unsigned int size);
sceKernelCorelockContextInitialize
Version |
offset |
mode
|
3.60 |
0x16A80 |
thumb
|
typedef struct SceCorelockContext {
int lock;
int16_t core_count;
int16_t last_wait_core; // 0:core3, 1:core0, 2:core1, 3:core2
} SceCorelockContext;
void sceKernelCorelockContextInitialize(SceCorelockContext *ctx);
sceKernelCorelockLock
Version |
offset |
mode
|
3.60 |
0x16A8C |
thumb
|
void sceKernelCorelockLock(SceCorelockContext *ctx, int core);
sceKernelCorelockUnlock
Version |
offset |
mode
|
3.60 |
0x16AC0 |
thumb
|
void sceKernelCorelockUnlock(SceCorelockContext *ctx);
sceKernelDcacheCleanRange_0x20
Version |
offset |
mode
|
3.60 |
0x16E54 |
thumb
|
int sceKernelDcacheCleanRange_0x20(const void *start, SceSize size);
sceKernelDcacheCleanRange_0x1
Version |
offset |
mode
|
3.60 |
0x16E60 |
thumb
|
int sceKernelDcacheCleanRange_0x1(const void *start, SceSize size);
sceKernelDomainTextMemcpy
Version |
offset |
mode
|
3.60 |
0x16E90 |
thumb
|
Temp name was sceKernelCpuUnrestrictedMemcpy.
int sceKernelDomainTextMemcpy(void *dst, const void *src, SceSize len);
sceKernelVAtoPA
Version |
offset |
mode
|
3.60 |
0x179E0 |
thumb
|
int sceKernelVAtoPA(void *pVA, void **pPA);
SceSkbl
sceArlzDecode
Version |
Offset |
Mode
|
0.931 |
0x31E10 |
ARM
|
0.990 |
0x2BF50 |
ARM
|
3.60 |
0x183A8 |
ARM
|
Decodes an ARZL encoded buffer stored at src
, of size size
and writes result to dst
. Source must point to just after "ARZL" magic.
Returns written size.
SceSSize sceArlzDecode(void *dst_start, SceSize dst_max_size, const void *src, void **dst_end);
sceArlzArmFilter
Version |
Offset |
Mode
|
0.931 |
0x32620 |
ARM
|
0.990 |
0x2C760 |
ARM
|
3.60 |
0x18E24 |
ARM
|
Returns actual size of decoded ARZL data coming from #sceArlzDecode.
SceSSize sceArlzArmFilter(void *data, SceSize size, SceUInt32 version);