SceSysmem

From Vita Development Wiki
Jump to: navigation, search

SceSysmem is a kernel module that acts as the heart of the kernel. It exports multiple libraries for various features. SceSysmem is the first module that is loaded in the kernel load sequence and its libraries are imported by almost all other modules. See Memory for more details on the memory subsystem.

Contents

Module

This module exists in both non-secure and secure world. The non-secure world SELF can be found in os0:kd/sysmem.skprx. It also can be found in the Boot Image.

Known NIDs

Version Name World Privilege NID
1.69 SceSysmem Non-secure Kernel 0xB93950C6
3.60 SceSysmem Non-secure Kernel 0x3380B323
3.61 SceSysmem Non-secure Kernel 0x3380B323
1.69 SceSysmem Secure Kernel 0x502BE0E5

Libraries

Known NIDs

Version Name World Visibility NID
1.69 SceSysmemForKernel Non-secure Kernel 0x63A519E5
3.60 SceSysmemForKernel Non-secure Kernel 0x63A519E5
1.69 SceSysmemForDriver Non-secure Kernel 0x6F25E18A
3.60 SceSysmemForDriver Non-secure Kernel 0x6F25E18A
1.69 SceSysmem Non-secure User 0x37FE725A
3.60 SceSysmem Non-secure User 0x37FE725A
1.69 SceSysmemForDebugger Non-secure Kernel 0xC7309957
1.69 SceDipsw Non-secure User 0xB36D5922
3.60 SceDipsw Non-secure User 0xB36D5922
1.69 SceDipswForDriver Non-secure Kernel 0xC9E26388
3.60 SceDipswForDriver Non-secure Kernel 0xC9E26388
1.69 SceUartForKernel Non-secure Kernel 0xC03DBE40
3.60 SceUartForKernel Non-secure Kernel 0xC03DBE40
1.69 SceCpu Non-secure User 0x45265161
3.60 SceCpu Non-secure User 0x45265161
1.69 SceCpuForKernel Non-secure Kernel 0x54BF2BAB
3.60 SceCpuForKernel Non-secure Kernel 0x54BF2BAB
1.69 SceCpuForDriver Non-secure Kernel 0x40ECDB0E
3.60 SceCpuForDriver Non-secure Kernel 0x40ECDB0E
1.69 SceSysclibForKernel Non-secure Kernel 0x24878615
3.60 SceSysclibForKernel Non-secure Kernel removed
1.69 SceSysclibForDriver Non-secure Kernel 0x7EE45391
3.60 SceSysclibForDriver Non-secure Kernel 0x7EE45391
1.69 SceSysrootForKernel Non-secure Kernel 0x3691DA45
3.60 SceSysrootForKernel Non-secure Kernel 0x3691DA45
1.69 SceSysrootForDriver Non-secure Kernel 0x2ED7F97A
3.60 SceSysrootForDriver Non-secure Kernel 0x2ED7F97A
1.69 SceKernelUtilsForDriver Non-secure Kernel 0x496AD8B4
3.60 SceKernelUtilsForDriver Non-secure Kernel 0x496AD8B4
1.69 SceZlibForDriver Non-secure Kernel 0xE241534E
1.69 SceKernelSuspendForDriver Non-secure Kernel 0x7290B21C
3.60 SceKernelSuspendForDriver Non-secure Kernel 0x7290B21C
1.69 SceQafMgrForDriver Non-secure Kernel 0x4E29D3B6
3.60 SceQafMgrForDriver Non-secure Kernel 0x4E29D3B6
1.69 ScePmMgrForDriver Non-secure Kernel 0xF13F32F9
3.60 ScePmMgrForDriver Non-secure Kernel 0xF13F32F9
1.69 SceSblAIMgrForDriver Non-secure Kernel 0xFD00C69A
3.60 SceSblAIMgrForDriver Non-secure Kernel 0xFD00C69A
1.69 SceProcEventForDriver Non-secure Kernel 0x887F19D0
3.60 SceProcEventForDriver Non-secure Kernel 0x887F19D0
3.60 SceDebugLed Non-secure User 0xAE004C0A
3.60 SceDebugLedForDriver Non-secure Kernel 0x7BC05EAD
3.60 SceDebugForKernel Non-secure Kernel 0x88C17370
3.60 SceDebugForDriver Non-secure Kernel 0x88758561
1.69 SceSysmemForTZS Secure Kernel 0x8680060
1.69 SceDipswForTZS Secure Kernel 0x9DBF584C
1.69 SceCpuForTZS Secure Kernel 0xC516B23E
1.69 SceSysclibForTZS Secure Kernel 0xC839BB78
1.69 SceSysrootForTZS Secure Kernel 0xFEFF641D
1.69 SceQafMgrForTZS Secure Kernel 0x637069DD
1.69 ScePmMgrForTZS Secure Kernel 0x27F1AFD8
1.69 SceSblAIMgrForTZS Secure Kernel 0x60D19047

Types

typedef int threadmgr_core_ctx;

struct tctx_holder
{
  int unk0;
  int unk4;
  int unk8;
  int unkC;
  int unk10;
  int unk14;
  int unk18;
  int unk1C;
  int unk20;
  int unk24;
  int unk28;
  int unk2C;
  int unk30;
  threadmgr_core_ctx *tctx_34;
};

struct callback_holder1
{
  int unk0;
  int (*unk4)(void);
  int (*unk8)(void);
  int (*unkC)(void);
  int unk10;
  int unk14;
  int unk18;
  int unk1C;
  int (*unk20)(void);
  int unk24;
  int unk28;
  int unk2C;
  int unk30;
  int unk34;
  int unk38;
  int (*unk3C)(void);
};

struct callback_holder2
{
  int size;
  int (__cdecl *unk4)(int result, int *a2);
  int (__cdecl *unk8)(SceUID *a1);
  int (__cdecl *unkC)(int, int *);
  int (__cdecl *sceKernelGetSelfInfoForKernel)(SceUID pid, SceSelfInfo *self_info);
  int (__cdecl *sceKernelGetProcessTitleIdForKernel)(SceUID pid, char *titleid, size_t len);
  int (__cdecl *unk18)(unsigned int a1);
  int (__cdecl *unk1c)(int a1);
};

struct callback_holder3
{
  int unk0;
  int (*unk4)(void);
  int (*unk8)(void);
  int (__fastcall *unkC)(int);
  int (__fastcall *unk10)(int);
  int (*unk14)(void);
};

struct sysbase_t
{
  tctx_holder *hldr[6];
  char unk[84];
  char *sysroot_buffer;
  int unk70;
  char unk74[616];
  char unk2dc[52];
  int unk310;
  int unk314;
  int unk318;
  int unk31C;
  int unk320;
  int unk324;
  int unk328;
  int unk32C;
  int unk330;
  int unk334;
  int unk338;
  int unk33C;
  int unk340;
  int (__cdecl *unk344)();
  int unk348;
  int (*unk34C_some_callback1)(void);
  callback_holder3 *unk350;
  int unk354;
  callback_holder1 *unk358;
  callback_holder2 *unk35C;
  int (*unk360)(void);
  int (*unk364)(void);
  int (__fastcall *unk368)(int, int, int);
  char unk36C[20];
  int (__cdecl *sceSblLicMgrGetLicenseStatusForDriver)();
  int (__cdecl *SceSblPostSsMgrForDriver_22599675)();
  int (__cdecl *SceSblPostSsMgrForDriver_9b49c249)();
  int (__cdecl *SceSblPostSsMgrForDriver_d8a2d465)(unsigned long long);
  int (__cdecl *SceSblPostSsMgrForDriver_abdd68cd)(void *);
  int (__cdecl *sceSblUtMgrHasNpTestFlagForDriver)();
  int (*SceSblUpdateMgr_smth)(void);
  int (*ScePower_smth)(void);
};

typedef int (*SceClassCallback)(void *item);

typedef struct SceClass {
	struct SceClass *next;
	struct SceClass *root;
	struct SceClass *prev;
	const char *name;
	struct SceClass *uidclass;
	unsigned int attributes;
	unsigned short itemsize;
	unsigned short unk1A;
	unsigned int object_type;
	SceClassCallback create_cb;
	SceClassCallback destroy_cb;
	unsigned int magic; /* 0xABCE9DA5 */
} SceClass; /* size = 0x2C */

Memory Block Type

The type parameter indicates what kind of memory to allocate. Here is a mapping of type flags to ARM MMU flags. Higher bits are used for other options including where to allocate from. Not all flag values are valid, there is a table of valid types in the kernel. You cannot, for example, allocate RWX memory.

Mask Value Description
0x10000 0x10000 Global. nG bit NOT set
0xFF00 0x800 B bit set. Sharable device memory.
0xFF00 0x2000 TEX[2] and TEX[0] bit set. Outer cache Write-back, Write-Allocate. Inner cache non-cachable.
0xFF00 0x4000 TEX[2] and B bit set. Outer cache non-cachable. Inner cache Write-back, Write-Allocate
0xFF00 0x8000 TEX[0] bit set. S bit unset. Outer and inner non-cachable. Not sharable.
0xFF00 0xD000 TEX[0] bit set. C,B bits set. Outer and inner Write-back, Write-Allocate.
0xFF 0x4 AP[2:0] = 5, XN=1. Privileged RO, User NA.
0xFF 0x5 AP[2:0] = 5. Privileged RX, User NA.
0xFF 0x6 AP[2:0] = 1, XN=1. Privileged RW, User NA.
0xFF 0x7 AP[2:0] = 1. Privileged RWX, User NA. (Never used)
0xFF 0x50 AP[2:0] = 7. Privileged RX, User RX.
0xFF 0x60 AP[2:0] = 3, XN=1. Privileged RW, User RW.
0xFF 0x40 AP[2:0] = 7, XN=1. Privileged RO, User RO.
Mask Value Name
0x0F000000 0x09000000 SceKernelUserCdram
0x0F000000 0x0A000000 SceKernelUserShared
0x0F000000 0x0B000000 SceKernelUserIO
0x0F000000 0x0C000000 SceKernelUserMain
0x0F000000 0x0D000000 SceKernelUserUncache
0x0F000000 0x0E000000 SceKernelUserCDialog
0x0F000000 0x0F000000 SceKernelUserCDialogNC

SceSysmemForKernel

sceKernelRxMemcpyKernelToUserForPidForKernel

Version World NID
1.69 non-secure 0x30931572
3.60 non-secure 0x30931572

Unrestricted memcpy to the virtual address space for process pid. Both dst and src must be in the address space of pid but src must also be accessible in the address space of the caller. This is normally used for resolving stubs in module loads. Same as write to RO but does a cache flush.

int sceKernelRxMemcpyKernelToUserForPidForKernel(SceUID pid, uintptr_t dst, const void *src, size_t len);

sceKernelFindClassByNameForKernel

Version World NID
3.60 Non-secure 0x62989905
int sceKernelFindClassByNameForKernel(const char *name, SceClass **class);

sceKernelGetMemBlockTypeForKernel

Version World NID
3.60 Non-secure 0x289BE3EC
/***
 * Gets the memory block type of a memory block
 *
 * @param[in] uid - SceUID of the memory block
 * @param[out] type - Type of the memory block identified by uid
 *
 * @return 0 on success, < 0 on error.
*/
int sceKernelGetMemBlockTypeForKernel(SceUID uid, unsigned int *type);

sceKernelCreateUidObjForKernel

Version World NID
3.60 Non-secure 0xDF0288D7
SceUID sceKernelCreateUidObjForKernel(SceClass *class, const char *name, SceCreateUidObjOpt *opt, SceObjectBase **obj);

SceSysmemForDriver

sceKernelMemcpyKernelToUserForDriver

Version World NID
1.69 non-secure 0x6D88EF8A
3.60 non-secure 0x6D88EF8A
int sceKernelMemcpyKernelToUserForDriver(uint32_t uaddr, const void *kaddr, uint32_t len);

sceKernelMemcpyUserToKernelForDriver

Version World NID
1.69 non-secure 0xBC996A7A
3.60 non-secure 0xBC996A7A
int sceKernelMemcpyUserToKernelForDriver(void *kaddr, uint32_t uaddr, uint32_t len);

sceKernelMemcpyUserToKernelForPidForDriver

Version World NID
3.60 non-secure 0x605275F8
int sceKernelMemcpyUserToKernelForPidForDriver(SceUID pid, void *kaddr, uint32_t uaddr, uint32_t len);

Same as above, but copies from the specified process.

sceKernelStrncpyKernelToUserForDriver

Version World NID
1.69 non-secure 0x80BD6FEB
3.60 non-secure 0x80BD6FEB
int sceKernelStrncpyKernelToUserForDriver(uint32_t uaddr, const void *kaddr, uint32_t maxlen);

sceKernelStrncpyUserToKernelForDriver

Version World NID
1.69 non-secure 0xDB3EC244
3.60 non-secure 0xDB3EC244
int sceKernelStrncpyUserToKernelForDriver(void *kaddr, uint32_t uaddr, uint32_t maxlen);

sceKernelStrnlenUserForDriver

Version World NID
1.69 non-secure 0xB429D419
3.60 non-secure 0xB429D419
int sceKernelStrnlenUserForDriver(uint32_t uaddr, uint32_t maxlen);

sceKernelGetPaddrForDriver

Version World NID
1.69 secure 0x1DEADF6C
1.69 non-secure 0x8D160E65
3.60 non-secure 0x8D160E65
if (result == 0)
    return 0x80020005; // SCE_KERNEL_ERROR_INVALID_FLAGS
return sceKernelCpuGetPaddrWithMaskForKernel(0x33, vaddr, result);

This will write the physical address for a virtual address vaddr to memory pointed to by result.

Returns <0 on error, values >=0 indicate success.

int sceKernelGetPaddrForDriver(void *vaddr, void **result);

sceKernelGetPaddrListForDriver

Version World NID
1.69 non-secure 0xE68BEEBD
3.60 non-secure 0xE68BEEBD
typedef struct SceKernelAddrPair {
	uint32_t addr;
	uint32_t length;
} SceKernelAddrPair;

typedef struct SceKernelPaddrListReq {
	uint32_t size; // 0x14
	uint32_t output_buffer_size;
	uint32_t unk;
	uint32_t ret_count;
	SceKernelAddrPair *output_buffer;
} SceKernelPaddrListReq;

input.addr = vaddr;
input.length = length;
int sceKernelGetPaddrListForDriver(SceKernelAddrPair *input, SceKernelPaddrListReq *req);

This function takes in two parameters: an array of length 2 specifying the virtual address and the size of the block of memory and a request information. The function will write into output_buffer an array of addr_pair that encompasses the block of memory specified in the input. req->ret_count will contain the number of entries written. If output_buffer is null, it will just write the count.

sceKernelAllocMemBlockForDriver

Version World NID
1.69 secure 0x402EB970
1.69 non-secure 0xC94850C9
3.60 non-secure 0xC94850C9
typedef enum SceKernelAllocMemBlockAttr {
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PADDR          = 0x00000002U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_ALIGNMENT      = 0x00000004U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_MIRROR_BLOCKID = 0x00000040U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PID            = 0x00000080U,
	SCE_KERNEL_ALLOC_MEMBLOCK_ATTR_HAS_PADDR_LIST     = 0x00001000U
} SceKernelAllocMemBlockAttr;

struct SceKernelAllocMemKernelBlockOpt_old {
    uint32_t size; // 0x34
    uint32_t unk;
    uint32_t attr;
    uint32_t unk2;
    uint32_t paddr;
    uint32_t align;
    uint32_t unk3[3];
    uint32_t processid;
    uint32_t unk4[3];
};

// specific to 3.60
typedef struct SceKernelAllocMemBlockKernelOpt {
	SceSize size;                   //!< sizeof(SceKernelAllocMemBlockKernelOpt)
	SceUInt32 field_4;
	SceUInt32 attr;                 //!< OR of SceKernelAllocMemBlockAttr
	SceUInt32 field_C;
	SceUInt32 paddr;
	SceSize alignment;
	SceUInt32 field_18;
	SceUInt32 field_1C;
	SceUInt32 mirror_blockid;
	SceUID pid;
	SceKernelPaddrList *paddr_list;
	SceUInt32 field_2C;
	SceUInt32 field_30;
	SceUInt32 field_34;
	SceUInt32 field_38;
	SceUInt32 field_3C;
	SceUInt32 field_40;
	SceUInt32 field_44;
	SceUInt32 field_48;
	SceUInt32 field_4C;
	SceUInt32 field_50;
	SceUInt32 field_54;
} SceKernelAllocMemBlockKernelOpt;

int sceKernelAllocMemBlockForDriver(const char *name, int32_t type, uint32_t vsize, struct SceKernelAllocMemKernelBlockOpt *pOpt);

The interface is the same as the user version of this call, however more types can be specified and more options are in the pOpt argument.

To allocate a kernel RW block of memory, specify type = 0x6020D006.

To allocate a block of memory with a specific physical address, specify type = 0x20100206 or type = 0x20100806, pOpt->attr = 2, and pOpt->paddr = physical address.

To allocate a block of memory that is kernel executable, specify type = 0x1020D005.

To allocate a block of memory that is physically contiguous, specify type = 0x30808006, pOpt->attr = 0x200004 and an alignment to pOpt->alignment.

To allocate a block of memory inside the CDRAM, specify type = 0x40404006.

pOpt->attr bitmask

Bitmask Uses
0x00000001 field_C
0x00000002 paddr
0x00000004 alignment
0x00000008 field_18
0x00000010 field_1C
0x00000020 ??
0x00000040 mirror_blockid
0x00000080 pid
0x00001000 paddr_list
0x00002000 field_2C
0x00010000 field_30

sceKernelGetMemBlockBaseForDriver

Version World NID
1.69 non-secure 0xA841EDDA
3.60 non-secure 0xA841EDDA
int sceKernelGetMemBlockBaseForDriver(int blkid, void **base);

sceKernelFindMemBlockByAddrForDriver

Version World NID
1.69 non-secure 0x8A1742F6
3.60 non-secure 0x8A1742F6
int sceKernelFindMemBlockByAddrForDriver(void *base, int);

sceKernelRemapBlockForDriver

Version World NID
1.05 non-secure 0x8D332AE1
1.69 non-secure 0xDFE2C8CB
3.60 non-secure 0xDFE2C8CB
int sceKernelRemapBlockForDriver(int blkid, int type);

This is used to remap RW memory as RX. To do this, first allocate a memory block of type 0x1020D006. After you are done writing, call this with type set to 0x1020D005.

sceKernelCreateHeapForDriver

Version World NID
1.69 non-secure 0x9328E0E8
3.60 non-secure 0x9328E0E8
typedef struct {
    int size; // 28
    int flags; // usually 0x1 
    int unk;
    int unk;
    int block_type;
    int unk;
    int unk;
} pool_arg_t;

int sceKernelCreateHeapForDriver(const char *name, int size, pool_arg_t *opt); // opt can be NULL

The heap pool is thread safe.

sceKernelDeleteHeapForDriver

Version World NID
1.69 non-secure 0xD6437637
3.60 non-secure 0xD6437637
int sceKernelDeleteHeapForDriver(int pool_uid);

sceKernelAllocHeapMemoryForDriver

Version World NID
1.69 non-secure 0x7B4CB60A
3.60 non-secure 0x7B4CB60A
void* sceKernelAllocHeapMemoryForDriver(SceUID uid, SceSize size);

sceKernelAllocHeapMemory2ForDriver

Version World NID
3.60 non-secure 0xB415B5A8

Same as sceKernelAllocHeapMemoryForDriver but does not set unk2 to 0.

void* sceKernelAllocHeapMemory2ForDriver(SceUID uid, SceSize size, ctx_49D4DD9B* unk2);

sceKernelAllocHeapMemory3ForDriver

Version World NID
3.60 non-secure 0x49D4DD9B

Same as sceKernelAllocHeapMemoryForDriver but does not set unk2 to 0.

typedef struct ctx_49D4DD9B
{
   int unk0;
   int unk4;
   int unk8;
   int unkC;
   int unk10;
};

void* sceKernelAllocHeapMemory3ForDriver(SceUID uid, SceSize size, ctx_49D4DD9B* unk2);

sceKernelAllocHeapMemory4ForDriver

Version World NID
3.60 non-secure 0xD351EBC8

Same as sceKernelAllocHeapMemory2ForDriver but does set uid to 0x1000B.

Checks that uid is 0x10013 or 0x10005

void* sceKernelAllocHeapMemory4ForDriver(SceUID uid, SceSize size, ctx_49D4DD9B *unk);

sceKernelAllocHeapMemoryFromGlobal1ForDriver

Version World NID
3.60 non-secure 0x7750CEA7

Same as sceKernelAllocHeapMemoryForDriver but uses global uid.

void* sceKernelAllocHeapMemoryFromGlobal1ForDriver(SceSize size);

sceKernelAllocHeapMemoryFromGlobal2ForDriver

Version World NID
3.60 non-secure 0x0B4ED16A

Same as sceKernelAllocHeapMemoryForDriver but does not set unk2 to 0 and uses global uid.

typedef struct ctx_0B4ED16A
{
  int unk0;
  uint64_t unk8;
  uint64_t unkC;
};

void* sceKernelAllocHeapMemoryFromGlobal2ForDriver(SceSize size, ctx_0B4ED16A* unk);

sceKernelFreeHeapMemoryForDriver

Version World NID
1.69 non-secure 0x3EBCE343
3.60 non-secure 0x3EBCE343
int sceKernelFreeHeapMemoryForDriver(int pool_uid, void *ptr);

sceKernelMapUserBlockForDriver

Version World NID
1.69 non-secure 0x7D4F8B5F
3.60 non-secure 0x7D4F8B5F

Permission is either "1" for read only, no execute or "2"/"3" for read write, no execute. Type is either 0, 1, or 17 and affects the block type. 0 is default. This will allocate kernel memory starting at kernel_page. To get the same memory as the user pointer, add the kernel_offset. kernel_size is how much is allocated.

//this signature is for 1.69
int sceKernelMapUserBlockForDriver(int permission, int type, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);

//this signature is for 3.60 - now allows to give a name
int sceKernelMapUserBlockForDriver(char *name, int permission, int type, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);

sceKernelMapUserBlockDefaultTypeForDriver

Version World NID
3.60 non-secure 0x278BC201

Assigns type 0.

int sceKernelMapUserBlockDefaultTypeForDriver(char *name, int permission, void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);


sceKernelMapUserBlockDefaultTypeForPidForDriver

Version World NID
3.60 non-secure 0x0091D74D

Assigns type 0.

int sceKernelMapUserBlockDefaultTypeForPidForDriver(int pid, const char *name, int permission, const void *user_buf, int size, void **kernel_page, int *kernel_size, int *kernel_offset);

Switch TTB For PID

Version World NID
1.69 non-secure 0x6F2ACDAE
3.60 non-secure N/A

Changes the TTBR to point to the tables for a given PID.

int switch_ttb_for_pid(SceUID pid);

sceKernelRoMemcpyKernelToUserForPidForDriver

Version World NID
1.69 non-secure 0x571D2739
3.60 non-secure 0x571D2739
int sceKernelRoMemcpyKernelToUserForPidForDriver(SceUID pid, void *dst, const void *src, SceSize size);

sceKernelFirstDifferentIntUserForPidForDriver

Version World NID
1.69 non-secure 0x8334454F
3.60 non-secure 0x8334454F

Looks for an integer in userspace.

int sceKernelFirstDifferentIntUserForPidForDriver(SceUID pid, void *haystack, int needle, SceSize size);

sceKernelStrnlenUserForPidForDriver

Version World NID
1.69 non-secure 0x9929EB07
3.60 non-secure 0x9929EB07
int sceKernelStrnlenUserForPidForDriver(SceUID pid, char *ptr, SceSize size);

sceKernelStrncpyUserForPidForDriver

Version World NID
1.69 non-secure 0x75AAF178
3.60 non-secure 0x75AAF178
int sceKernelStrncpyUserForPidForDriver(SceUID pid, char *dst, const char *kern_src, SceSize size);

sceKernelMemcpyKernelToUserForPidUncheckedForDriver

Version World NID
1.69 non-secure 0xFED82F2D
3.60 non-secure 0xFED82F2D
int sceKernelMemcpyKernelToUserForPidUncheckedForDriver(SceUID pid, void *dst, const void *kern_src, SceSize size);

sceKernelMemcpyKernelToUserForPidForDriver

Version World NID
1.69 non-secure 0x6B825479
3.60 non-secure 0x6B825479

This will not crash on invalid user pointers, but instead return error.

int sceKernelMemcpyKernelToUserForPidForDriver(SceUID pid, void *dst, const void *kern_src, SceSize size);

sceKernelMemcpyUserToUserForPidForDriver

Version World NID
1.69 non-secure 0x8E086C33
3.60 non-secure 0x8E086C33
int sceKernelMemcpyUserToUserForPidForDriver(SceUID pid, void *dst, const void *src, SceSize size);

sceKernelCreateEventForDriver

Version World NID
3.60 non-secure 0x56A13E90
SceUID sceKernelCreateEventForDriver(SceClass *cls, const char *name, SceObjectBase **obj);

sceKernelMemRangeRetainWithPermForDriver

Version World NID
3.60 non-secure 0xBC0A1D60

Increase references to pages.

int sceKernelMemRangeRetainWithPermForDriver(int perm, const void *addr, unsigned int size);

sceKernelMemRangeReleaseWithPermForDriver

Version World NID
3.60 non-secure 0x22CBE925

Decrease references to pages.

int sceKernelMemRangeReleaseWithPermForDriver(int perm, const void *addr, unsigned int size);

sceKernelAllocMemBlockExtForDriver

Version World NID
3.60 non-secure 0xD44F464D
int sceKernelAllocMemBlockExtForDriver(const char *name, int type, unsigned int size, SceKernelAllocMemBlockKernelOpt *opt, SceKernelPaddrList *out_paddr_list);

sceKernelFindMemBlockForDriver

Version World NID
3.60 non-secure 0x9C78064C
int sceKernelFindMemBlockForDriver(int flags, void *base, SceSize size);

SceSysmemForDriver_98C15666

Version World NID
3.60 non-secure 0x98C15666

Returns the paddr and size (addrpair) of the memblock if it's physically continuous.

int SceSysmemForDriver_98C15666(SceUID uid, SceKernelAddrPair *addrpair)

SceSysmem

The SceSysmem library is responsible for both low-level and high-level memory management. There are functions for allocating raw blocks of memory (similar to Linux sbrk) as well as functions for maintaining a heap-like structure (similar to malloc) for kernel, however SceLibKernel implements a proper heap and that is used for user code.


sceKernelMapMemBlock

Version NID
1.69 0x7B763A21
3.60 not present

sceKernelRemapMemBlock

Version NID
1.69 0x3B29E0F5
3.60 not present

sceKernelPartialMapMemBlock

Version NID
1.69 0xC0A59868
3.60 not present

sceKernelUnmapMemBlock

Version NID
1.69 0xEE30D976
3.60 not present

sceKernelPartialUnmapMemBlock

Version NID
1.69 0xCA99929B
3.60 not present

sceKernelGetMemBlockInfoByRange

Version NID
1.69 0x006F3DB4
3.60 0x006F3DB4

sceKernelGetMemBlockInfoByAddr

Version NID
1.69 0x4010AD65
3.60 0x4010AD65

sceKernelGetSubbudgetInfo

Version NID
1.69 0x832B4A65
3.60 0x832B4A65

sceKernelGetFreeMemorySize

Version NID
1.69 0x87CC580B
3.60 0x87CC580B

sceKernelOpenMemBlock

Version NID
1.69 0x8EB8DFBB
3.60 0x8EB8DFBB

sceKernelFindMemBlockByAddr

Version NID
1.69 0xA33B99D1
3.60 0xA33B99D1

sceKernelFreeMemBlock

Version NID
1.69 0xA91E15EE
3.60 0xA91E15EE

sceKernelFreeMemBlockForVM

Version NID
3.60 0x4EA13FEA

sceKernelCloseMemBlock

Version NID
1.69 0xB680E3A0
3.60 0xB680E3A0

sceKernelGetMemBlockBase

Version NID
1.69 0xB8EF5818
3.60 0xB8EF5818

sceKernelAllocMemBlock

Version NID
1.69 0xB9D5EBDE
3.60 0xB9D5EBDE

sceKernelAllocUnmapMemBlock

Version NID
3.60 0xEC636BCB

sceKernelOpenVMDomain

Version NID
1.69 0x9CA3EB2B
3.60 0x9CA3EB2B

sceKernelSyncVMDomain

Version NID
1.69 0x19D2A81A
3.60 0x19D2A81A

sceKernelCloseVMDomain

Version NID
1.69 0xD6CA56CA
3.60 0xD6CA56CA

sceKernelAllocMemBlockForVM

Version NID
1.69 0xE2D7E137
3.60 0xE2D7E137

sceKernelCheckModelCapability

Version NID
3.60 0x0144FBD9

sceKernelGetModelForCDialog

Version NID
3.60 0xA2CB322F

sceKernelGetModel

Version NID
3.60 0xD0D4F729

sceKernelIsPSVitaTV

Version NID
3.60 0x1453A5E5

SceDipsw

sceKernelCheckDipsw

Version NID
1.69 0x1C783FB2
3.60 0x1C783FB2

sceKernelClearDipsw

Version NID
1.69 0x800EDCC1
3.60 0x800EDCC1

sceKernelSetDipsw

Version NID
1.69 0x817053D4
3.60 0x817053D4

SceDipswForDriver

sceKernelCheckDipswForDriver

Version NID
3.60 0xA98FC2FD
sceKernelCheckDipswForDriver(int bit);

sceKernelGetDipswForDriver

Version NID
3.60 0xB2AD48BE

return *(int *)(dipsw_addr + 4 * int_count);

sceKernelGetDipswForDriver(int int_count);

sceKernelClearDipswForDriver

Version NID
3.60 0xF1F3E9FE
sceKernelClearDipswForDriver(int bit);

sceKernelSetDipswForDriver

Version NID
3.60 0x82E45FBF
sceKernelSetDipswForDriver(int bit);

SceUartForKernel

sceUartWriteForKernel

Version NID
3.60 0x41973874
int sceUartWriteForKernel(int device, unsigned char data);

sceUartReadAvailableForKernel

Version NID
3.60 0x38DB7629

Returns the number of words available to read from the read FIFO.

int sceUartReadAvailableForKernel(int device);

sceUartReadForKernel

Version NID
3.60 0x9BBF1255
int sceUartReadForKernel(int device);

sceUartInitForKernel

Version NID
3.60 0xA9C74212

It initializes the clock generator registers for the device. The default baud rate is 115200 for devices 0-5 and 250000 for the device 6.

int sceUartInitForKernel(int device);

SceCpu

This library provides wrapper for much ARM CP15 co-processor access as well as low level support of spinlocks and other synchronization primitives.

sceKernelCpuGetCpuId

Version World NID
1.69 non-secure 0x2704CFEE
3.60 non-secure 0x2704CFEE

Return the CPU ID of the current core.

int sceKernelCpuGetCpuId(void);

SceCpuForKernel

sceKernelCpuGetCONTEXTIDRForKernel

Version World NID
3.60 non-secure 0x5B6B3274

The CONTEXTIDR, bits [31:0] contain the process ID number.

  return (unsigned __int8)__mrc(15, 0, 13, 0, 1); // Read CONTEXTIDR (Context ID Register)
void sceKernelCpuGetCONTEXTIDRForKernel(void);

sceKernelCpuUpdateSCTLRForKernel

Version World NID
3.60 non-secure 0x04008CF7
  int result;
  result = __mrc(15, 0, 1, 0, 0) | 0x1806; // Read SCTLR (System Control Register)
  __mcr(15, 0, result, 1, 0, 0); // Write SCTLR (System Control Register)
  return result;
void sceKernelCpuUpdateSCTLRForKernel(void); // SCTLR (System Control Register)

sceKernelCpuBranchPredictorInvalidateAllISForKernel

Version World NID
3.60 non-secure 0x1BB2BB8D
void sceKernelCpuBranchPredictorInvalidateAllISForKernel(void); // BPIALLIS, Branch predictor invalidate all (IS)

sceKernelCpuBranchPredictorInvalidateAllForKernel

Version World NID
3.60 non-secure 0x4C4C7D6B
void sceKernelCpuBranchPredictorInvalidateAllForKernel(void); // BPIALL, Branch predictor invalidate all

sceKernelCpuDcacheInvalidateMVACForKernel

Version World NID
3.60 non-secure 0x470EAE1E
void sceKernelCpuDcacheInvalidateMVACForKernel(int mva); // DCIMVAC, Data cache invalidate by MVA (PoC)

sceKernelCpuDcacheInvalidateMVACRangeForKernel

Version World NID
3.60 non-secure 0x583F30D1
void sceKernelCpuDcacheInvalidateMVACRangeForKernel(void *addr, unsigned int size); // DCIMVAC, Data cache invalidate by MVA (PoC)

sceKernelCpuDcacheCleanInvalidateMVACRangeForKernel

Version World NID
3.60 non-secure 0x6BA2E51C
void sceKernelCpuDcacheCleanInvalidateMVACRangeForKernel(void *addr, unsigned int size); // DCCIMVAC, Data cache clean and invalidate by MVA (PoC)

sceKernelCpuDcacheInvalidateSWForKernel

Version World NID
3.60 non-secure 0x2F3BF020
void sceKernelCpuDcacheInvalidateSWForKernel(void); // DCISW, Data cache invalidate by set/way (all the cache)

sceKernelCpuDcacheCleanSWForKernel

Version World NID
3.60 non-secure 0x73A30DB2
void sceKernelCpuDcacheCleanSWForKernel(void); // DCCSW, Data cache clean by set/way (all the cache)

sceKernelCpuDcacheCleanInvalidateSWForKernel

Version World NID
3.60 non-secure 0x76DAB4D0
void sceKernelCpuDcacheCleanInvalidateSWForKernel(void); // DCCISW, Data cache clean and invalidate by set/way (all the cache)

sceKernelCpuDcacheCleanMVACForKernel

Version World NID
3.60 non-secure 0xF7159B55
void sceKernelCpuDcacheCleanMVACForKernel(int mva); // DCCMVAC, Data cache clean by MVA (PoC)

sceKernelCpuDcacheCleanMVACRangeForKernel

Version World NID
3.60 non-secure 0xC5C1EE4E
void sceKernelCpuDcacheCleanMVACRangeForKernel(void *addr, unsigned int size); // DCCMVAC, Data cache clean by MVA (PoC)

sceKernelCpuDcacheCleanInvalidateMVACForKernel

Version World NID
3.60 non-secure 0xC8E8C9E9
void sceKernelCpuDcacheCleanInvalidateMVACForKernel(int mva); // DCCIMVAC, Data cache clean and invalidate by MVA (PoC)

sceKernelCpuIcacheInvalidateAllUISForKernel

Version World NID
3.60 non-secure 0x264DA250
void sceKernelCpuIcacheInvalidateAllUISForKernel(void); // ICIALLUIS, Instruction cache invalidate all (PoU, IS)

sceKernelCpuIcacheInvalidateAllUForKernel

Version World NID
3.60 non-secure 0xAEE0B489
void sceKernelCpuIcacheInvalidateAllUForKernel(void); // ICIALLU, Instruction cache invalidate all (PoU)

sceKernelCpuIcacheInvalidateMVAURangeForKernel

Version World NID
3.60 non-secure 0xF4C7F578
void sceKernelCpuIcacheInvalidateMVAURangeForKernel(void *addr, unsigned int size); // ICIMVAU, Instruction cache invalidate by MVA (PoU)

sceKernelCpuIcacheAndL2InvalidateMVAURangeForKernel

Version World NID
3.60 non-secure 0x19F17BD0
int sceKernelCpuIcacheAndL2InvalidateMVAURangeForKernel(void *addr, unsigned int size);

sceKernelCpuPreloadEngineKill

Version World NID
3.60 non-secure 0xD0D85FF8
  • NSACR (Non-Secure Access Control Register)
  • Test bit NS access to the Preload Engine resources
  • [>] PLEFF (Preload Engine FIFO flush operation)
  • [>] PLEKC (Preload Engine kill channel operation)
  • [<] PLEASR (Preload Engine Activity Status Register)
int sceKernelCpuPreloadEngineKill(void);

sceKernelCpuUnrestrictedMemcpyForKernel

Version World NID
1.69 non-secure 0x8C683DEC
3.60 non-secure 0x8C683DEC

Unrestricted memcpy by first setting the DACR register to 0xFFFF0000 and then doing a memcpy.

int sceKernelCpuUnrestrictedMemcpyForKernel(void *dst, const void *src, size_t len);

sceKernelCpuGetPaddrWithMaskForKernel

Version World NID
3.60 non-secure 0x67343A07

maskPAR is usually 0x33, sometimes 2.

int sceKernelCpuGetPaddrWithMaskForKernel(int maskPAR, void *vaddr, void **result);

sceKernelCpuGetPaddrForKernel

Version World NID
3.60 non-secure 0x2A46E800

Uses maskPAR 0x33.

int sceKernelCpuGetPaddrForKernel(void *vaddr, void **result);

sceKernelCpuForKernel_9B8173F4

Version World NID
3.60 non-secure 0x9B8173F4

Might be get_vaddr_memory_type.

Return value can be:

  • 2
  • 8
  • 0x40
  • 0x80
  • 0xD0
  • 0x80022007 (SCE_KERNEL_ERROR_VA2PA_FAULT)
int sceKernelCpuForKernel_9B8173F4(void *vaddr);

SceCpuForKernel_A5C9DBBA

Version World NID
3.60 non-secure 0xA5C9DBBA

Uses sceKernelCpuGetCpuIdForDriver, sceKernelCpuAtomicGetAndSub16ForDriver and sceKernelCpuUnlockStoreLRForDriver.

int SceCpuForKernel_A5C9DBBA(void *addr);

SceCpuForKernel_9D72DD1B

Version World NID
3.60 non-secure 0x9D72DD1B

Uses sceKernelCpuGetCpuIdForDriver and sceKernelCpuLockStoreLRForDriver.

int SceCpuForKernel_9D72DD1B(void *addr);

SceCpuForKernel_4CD4D921

Version World NID
3.60 non-secure 0x4CD4D921
*(uint32_t *)addr = 1;
*((uint16_t *)addr + 2) = 4;
*((uint16_t *)addr + 3) = 4;
return result;

aka write 01 00 00 00 04 00 04 00 at addr.

int SceCpuForKernel_4CD4D921(void *addr);

SceCpuForKernel_43CC6E20

Version World NID
3.60 non-secure 0x43CC6E20

Only used by SceKernelThreadmgr.

DACR off

Does some memory copies between the args.

int SceCpuForKernel_43CC6E20(void *addr, int a2, int a3, int a4);

SceCpuUnrestrictedBzeroIntForKernel

Version World NID
3.60 non-secure 0x76EB0DD4

Only used by SceKernelThreadmgr.

DACR off

int SceCpuUnrestrictedBzeroIntForKernel(int *addr);

SceCpuForKernel_337473B5

Version World NID
3.60 non-secure 0x337473B5

Only used by SceKernelThreadmgr.

DACR off

int SceCpuForKernel_337473B5(volatile void *ptr, unsigned int value);

SceCpuForKernel_37FBFD12

Version World NID
3.60 non-secure 0x37FBFD12

Only used by SceKernelThreadmgr.

same as SceCpuForKernel_337473B5 but DACR is not disabled

int SceCpuForKernel_37FBFD12(volatile void *ptr, unsigned int value);

SceCpuForKernel_D37AABE5

Version World NID
3.60 non-secure 0xD37AABE5

Only used by SceKernelThreadmgr.

similar as SceCpuForKernel_37FBFD12 but with a3

DACR is not disabled

int SceCpuForKernel_D37AABE5(volatile void *ptr, unsigned int value, int a3);

SceCpuForKernel_4553FBDE

Version World NID
3.60 non-secure 0x4553FBDE

Only used by SceKernelThreadmgr.

DACR is not disabled

  unsigned __int64 v2;
  do
  {
    v2 = __ldrexd(result);
    LODWORD(v2) = a2;
    HIDWORD(v2) = a2;
  }
  while ( __strexd(v2, result) );
  return result;
int SceCpuForKernel_4553FBDE(unsigned uint64_t *result, int a2);

SceCpuForKernel_6190A018

Version World NID
3.60 non-secure 0x6190A018

Only used by SceKernelThreadmgr.

similar as SceCpuForKernel_37FBFD12

DACR is not disabled

int SceCpuForKernel_6190A018(unsigned __int64 *a1, signed int a2);

SceCpuForKernel_D8A7216C

Version World NID
3.60 non-secure 0xD8A7216C

Only used by SceKernelThreadmgr.

similar as SceCpuForKernel_37FBFD12

DACR is not disabled

int SceCpuForKernel_D8A7216C(unsigned __int64 *a1, int a2, int a3);

SceCpuForKernel_7FB4E7AC

Version World NID
3.60 non-secure 0x7FB4E7AC

Only used by SceKernelThreadmgr.

similar as SceCpuForKernel_37FBFD12

DACR is not disabled

int SceCpuForKernel_7FB4E7AC(unsigned __int64 *result, int a2);

SceCpuForKernel_8510FA52

Version World NID
3.60 non-secure 0x8510FA52

Only used by SceKernelThreadmgr.

similar as SceCpuForKernel_37FBFD12

DACR is not disabled

int SceCpuForKernel_8510FA52(unsigned int *a1);

SceCpuForKernel_5F64E5ED

Version World NID
3.60 non-secure 0x5F64E5ED

Only used by SceKernelThreadmgr.

similar as SceCpuForKernel_37FBFD12

DACR is not disabled

int SceCpuForKernel_5F64E5ED(unsigned int *a1);

SceCpuForKernel_98E91C1C

Version World NID
3.60 non-secure 0x98E91C1C

Only used by SceKernelThreadmgr.

similar as SceCpuForKernel_37FBFD12

DACR is not disabled

int SceCpuForKernel_98E91C1C(unsigned int *a1, int a2, signed int a3);

SceCpuForKernel_6C7E7B57

Version World NID
3.60 non-secure 0x6C7E7B57
a1 = a1 | 0x4A;
return a1;
int SceCpuForKernel_6C7E7B57(int a1);

SceCpuForKernel_9A3281C0

Version World NID
3.60 non-secure 0x9A3281C0
*result = 0x810227EC;
*a2 = 0x81022B40;
return result;
int SceCpuForKernel_9A3281C0(int *result_0, int *result_1);

SceCpuForKernel_9CB82EB0

Version World NID
3.60 non-secure 0x9CB82EB0
return;
int SceCpuForKernel_9CB82EB0(void);

SceCpuForDriver

sceKernelCpuGetCpuIdForDriver

Version NID
3.60 0x5E4D5DE1

Return the CPU ID of the current core.

int sceKernelCpuGetCpuIdForDriver(void);

sceKernelCpuAtomicAddAndGet8ForDriver

Version NID
3.60 0x1E850481
unsigned char sceKernelCpuAtomicAddAndGet8ForDriver (unsigned char *addr, unsigned char val);

sceKernelCpuAtomicAddAndGet16ForDriver

Version NID
3.60 0x59F74E94
unsigned short sceKernelCpuAtomicAddAndGet16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicAddAndGet32ForDriver

Version NID
3.60 0x5F6A8743
unsigned int sceKernelCpuAtomicAddAndGet32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicAddAndGet64ForDriver

Version NID
3.60 0x4E459A03
unsigned long long sceKernelCpuAtomicAddAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicAddUnless8ForDriver

Version NID
3.60 0x5CC62CEC
int sceKernelCpuAtomicAddUnless8ForDriver(unsigned char *addr, unsigned char val, unsigned char cmp);

sceKernelCpuAtomicAddUnless16ForDriver

Version NID
3.60 0x0F84AFE9
int sceKernelCpuAtomicAddUnless16ForDriver(unsigned short *addr, unsigned short val, unsigned short cmp);

sceKernelCpuAtomicAddUnless32ForDriver

Version NID
3.60 0x1F157DC3
int sceKernelCpuAtomicAddUnless32ForDriver(unsigned int *addr, unsigned int val, unsigned int cmp);

sceKernelCpuAtomicAddUnless64ForDriver

Version NID
3.60 0x06CCFA4B
int sceKernelCpuAtomicAddUnless64ForDriver(unsigned long long *addr, int unused, unsigned long long val, unsigned long long cmp);

sceKernelCpuAtomicAndAndGet8ForDriver

Version NID
3.60 0x32B62B1A
unsigned char sceKernelCpuAtomicAndAndGet8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicAndAndGet16ForDriver

Version NID
3.60 0xB281D52A
unsigned short sceKernelCpuAtomicAndAndGet16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicAndAndGet32ForDriver

Version NID
3.60 0xDF899E4B
unsigned int sceKernelCpuAtomicAndAndGet32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicAndAndGet64ForDriver

Version NID
3.60 0xD18E7B54
unsigned long long sceKernelCpuAtomicAndAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicClearAndGet8ForDriver

Version NID
3.60 0x8E538AB5
unsigned char sceKernelCpuAtomicClearAndGet8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicClearAndGet16ForDriver

Version NID
3.60 0x6B050D7C
unsigned short sceKernelCpuAtomicClearAndGet16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicClearAndGet32ForDriver

Version NID
3.60 0x78C1F148
unsigned int sceKernelCpuAtomicClearAndGet32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicClearAndGet64ForDriver

Version NID
3.60 0x2149CD4C
unsigned long long sceKernelCpuAtomicClearAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicClearMask8ForDriver

Version NID
3.60 0x1B3336B0
void sceKernelCpuAtomicClearMask8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicClearMask16ForDriver

Version NID
3.60 0x1BE58599
void sceKernelCpuAtomicClearMask16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicClearMask32ForDriver

Version NID
3.60 0x4AE1BCC0
void sceKernelCpuAtomicClearMask32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicClearMask64ForDriver

Version NID
3.60 0x55760309
void sceKernelCpuAtomicClearMask64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicCompareAndSet8ForDriver

Version NID
3.60 0x3627F4E0
unsigned char sceKernelCpuAtomicCompareAndSet8ForDriver(unsigned char *addr, unsigned char cmp, unsigned char val);

sceKernelCpuAtomicCompareAndSet16ForDriver

Version NID
3.60 0x6F63F56D
unsigned short sceKernelCpuAtomicCompareAndSet16ForDriver(unsigned short *addr, unsigned short cmp, unsigned short val);

sceKernelCpuAtomicCompareAndSet32ForDriver

Version NID
3.60 0xCDA96E81
unsigned int sceKernelCpuAtomicCompareAndSet32ForDriver(unsigned int *addr, unsigned int cmp, unsigned int val);

sceKernelCpuAtomicCompareAndSet64ForDriver

Version NID
3.60 0x4B527009
unsigned long long sceKernelCpuAtomicCompareAndSet64ForDriver(unsigned long long *addr, int unused, unsigned long long cmp, unsigned long long val);

sceKernelCpuAtomicDecIfPositive8ForDriver

Version NID
3.60 0x45153D4E
unsigned char sceKernelCpuAtomicDecIfPositive8ForDriver(unsigned char *addr);

sceKernelCpuAtomicDecIfPositive16ForDriver

Version NID
3.60 0x9A693F5B
unsigned short sceKernelCpuAtomicDecIfPositive16ForDriver(unsigned short *addr);

sceKernelCpuAtomicDecIfPositive32ForDriver

Version NID
3.60 0x2A71B03C
unsigned int sceKernelCpuAtomicDecIfPositive32ForDriver(unsigned int *addr);

sceKernelCpuAtomicDecIfPositive64ForDriver

Version NID
3.60 0x267D0B33
unsigned long long sceKernelCpuAtomicDecIfPositive64ForDriver(unsigned long long *addr);

sceKernelCpuAtomicGetAndAdd8ForDriver

Version NID
3.60 0xFCDCD4DE
unsigned char sceKernelCpuAtomicGetAndAdd8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicGetAndAdd16ForDriver

Version NID
3.60 0x225DF91A
unsigned short sceKernelCpuAtomicGetAndAdd16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicGetAndAdd32ForDriver

Version NID
3.60 0x341B6E81
unsigned int sceKernelCpuAtomicGetAndAdd32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicGetAndAdd64ForDriver

Version NID
3.60 0x043FD446
unsigned long long sceKernelCpuAtomicGetAndAdd64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicGetAndAnd8ForDriver

Version NID
3.60 0xD8E675C0
unsigned char sceKernelCpuAtomicGetAndAnd8ForDriver(unsigned char *a1, unsigned char a2);

sceKernelCpuAtomicGetAndAnd16ForDriver

Version NID
3.60 0x4A820BC5
unsigned short sceKernelCpuAtomicGetAndAnd16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicGetAndAnd32ForDriver

Version NID
3.60 0x10EB35EB
unsigned int sceKernelCpuAtomicGetAndAnd32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicGetAndAnd64ForDriver

Version NID
3.60 0x18A17E07
unsigned long long sceKernelCpuAtomicGetAndAnd64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicGetAndClear8ForDriver

Version NID
3.60 0x382D1466
unsigned char sceKernelCpuAtomicGetAndClear8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicGetAndClear16ForDriver

Version NID
3.60 0x8E9C086D
unsigned short sceKernelCpuAtomicGetAndClear16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicGetAndClear32ForDriver

Version NID
3.60 0xE36F3A46
unsigned int sceKernelCpuAtomicGetAndClear32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicGetAndClear64ForDriver

Version NID
3.60 0x88BA6002
unsigned long long sceKernelCpuAtomicGetAndClear64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicGetAndOr8ForDriver

Version NID
3.60 0xBDF6F8E4
unsigned char sceKernelCpuAtomicGetAndOr8ForDriver(unsigned char *var, unsigned char value);

sceKernelCpuAtomicGetAndOr16ForDriver

Version NID
3.60 0x004F09D1
unsigned short sceKernelCpuAtomicGetAndOr16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicGetAndOr32ForDriver

Version NID
3.60 0x2A40BB93
unsigned int sceKernelCpuAtomicGetAndOr32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicGetAndOr64ForDriver

Version NID
3.60 0xCB73D6D5
unsigned long long sceKernelCpuAtomicGetAndOr64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicGetAndSet8ForDriver

Version NID
3.60 0x29599FC8
unsigned char sceKernelCpuAtomicGetAndSet8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicGetAndSet16ForDriver

Version NID
3.60 0x085532C8
unsigned short sceKernelCpuAtomicGetAndSet16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicGetAndSet32ForDriver

Version NID
3.60 0x0EE04C03
unsigned int sceKernelCpuAtomicGetAndSet32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicGetAndSet64ForDriver

Version NID
3.60 0xD2DEE625
unsigned long long sceKernelCpuAtomicGetAndSet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicGetAndSub8ForDriver

Version NID
3.60 0x7B43D0D7
unsigned char sceKernelCpuAtomicGetAndSub8ForDriver (unsigned char *addr, unsigned char val);

sceKernelCpuAtomicGetAndSub16ForDriver

Version NID
3.60 0x3EE9B5B8
unsigned short sceKernelCpuAtomicGetAndSub16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicGetAndSub32ForDriver

Version NID
3.60 0xF891CF2A
unsigned int sceKernelCpuAtomicGetAndSub32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicGetAndSub64ForDriver

Version NID
3.60 0xA7585370
unsigned long long sceKernelCpuAtomicGetAndSub64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicGetAndXor8ForDriver

Version NID
3.60 0xBAF47F7B
unsigned char sceKernelCpuAtomicGetAndXor8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicGetAndXor16ForDriver

Version NID
3.60 0x711801E6
unsigned short sceKernelCpuAtomicGetAndXor16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicGetAndXor32ForDriver

Version NID
3.60 0x77E34309
unsigned int sceKernelCpuAtomicGetAndXor32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicGetAndXor64ForDriver

Version NID
3.60 0xE212ECAD
unsigned long long sceKernelCpuAtomicGetAndXor64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicOrAndGet8ForDriver

Version NID
3.60 0x5D515F1B
unsigned char sceKernelCpuAtomicOrAndGet8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicOrAndGet16ForDriver

Version NID
3.60 0xADD39B84
unsigned short sceKernelCpuAtomicOrAndGet16ForDriver (unsigned short *addr, unsigned short val);

sceKernelCpuAtomicOrAndGet32ForDriver

Version NID
3.60 0xBC248C30
unsigned int sceKernelCpuAtomicOrAndGet32ForDriver (unsigned int *addr, unsigned int val);

sceKernelCpuAtomicOrAndGet64ForDriver

Version NID
3.60 0x3E218AF7
unsigned long long sceKernelCpuAtomicOrAndGet64ForDriver(unsigned long long *addr, int unused, long long val);

sceKernelCpuAtomicSet8ForDriver

Version NID
3.60 0x0836537E
void sceKernelCpuAtomicSet8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicSet16ForDriver

Version NID
3.60 0x532CA3E8
void sceKernelCpuAtomicSet16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicSet32ForDriver

Version NID
3.60 0x3168BC57
void sceKernelCpuAtomicSet32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicSet64ForDriver

Version NID
3.60 0xC381CE8C
void sceKernelCpuAtomicSet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicSetIfGreaterGet8ForDriver

Version NID
3.60 0xC3868071
unsigned char sceKernelCpuAtomicSetIfGreaterGet8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicSetIfGreaterGet16ForDriver

Version NID
3.60 0x875B094D
unsigned short sceKernelCpuAtomicSetIfGreaterGet16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicSetIfGreaterGet32ForDriver

Version NID
3.60 0x26F71995
unsigned int sceKernelCpuAtomicSetIfGreaterGet32ForDriver(unsigned int *a1, unsigned int val);

sceKernelCpuAtomicSubAndGet8ForDriver

Version NID
3.60 0xEB085370
unsigned char sceKernelCpuAtomicSubAndGet8ForDriver(unsigned char *addr, unsigned char val);

sceKernelCpuAtomicSubAndGet16ForDriver

Version NID
3.60 0x515682C9
unsigned short sceKernelCpuAtomicSubAndGet16ForDriver(unsigned short *addr, unsigned short val);

sceKernelCpuAtomicSubAndGet32ForDriver

Version NID
3.60 0xA4884C4E
unsigned int sceKernelCpuAtomicSubAndGet32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicSubAndGet64ForDriver

Version NID
3.60 0xB5F8919C
unsigned long long sceKernelCpuAtomicSubAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuAtomicXorAndGet8ForDriver

Version NID
3.60 0x03887992
unsigned char sceKernelCpuAtomicXorAndGet8ForDriver (unsigned char *a1, unsigned char a2);

sceKernelCpuAtomicXorAndGet16ForDriver

Version NID
3.60 0x646003D6
unsigned short sceKernelCpuAtomicXorAndGet16ForDriver (unsigned short *addr, unsigned short val);

sceKernelCpuAtomicXorAndGet32ForDriver

Version NID
3.60 0x4244BE65
unsigned int sceKernelCpuAtomicXorAndGet32ForDriver(unsigned int *addr, unsigned int val);

sceKernelCpuAtomicXorAndGet64ForDriver

Version NID
3.60 0x692C51B3
unsigned long long sceKernelCpuAtomicXorAndGet64ForDriver(unsigned long long *addr, int unused, unsigned long long val);

sceKernelCpuDcacheAndL2InvalidateMVACRange_1ForDriver

Version NID
3.60 0x02796361

1

int sceKernelCpuDcacheAndL2InvalidateMVACRange_1ForDriver(void *ptr, size_t len);

sceKernelCpuDcacheAndL2InvalidateMVACRange_20ForDriver

Version NID
3.60 0x8B4C26DF

0x20

int sceKernelCpuDcacheAndL2InvalidateMVACRange_20ForDriver(void *ptr, size_t len);

sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_1ForDriver

Version NID
3.60 0x364E68A4

1

int sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_1ForDriver(void *ptr, size_t len);

sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_20ForDriver

Version NID
3.60 0xE551F99B

0x20

int sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_20ForDriver(void *ptr, size_t len);

sceKernelCpuDcacheAndL2CleanMVACRange_1ForDriver

Version NID
3.60 0x103872A5

1

int sceKernelCpuDcacheAndL2CleanMVACRange_1ForDriver(void *ptr, size_t len);

sceKernelCpuDcacheAndL2CleanMVACRange_20ForDriver

Version NID
3.60 0x9CB9F0CE

0x20

int sceKernelCpuDcacheAndL2CleanMVACRange_20ForDriver(void *ptr, size_t len);

SceCpuForDriver_E813EBB2

Version NID
3.60 0xE813EBB2
#define SceL2CacheReg 0x1A002000
__dsb();
*(int *)(SceL2CacheReg + 0x730) = 0;
while ( *(int *)(SceL2CacheReg + 0x730) & 1 )
    ;
__dmb();
int SceCpuForDriver_E813EBB2(void);

sceKernelCpuIsVaddrMappedForDriver

Version NID
3.60 0x337CBDF3
  res = SceCpuForKernel_9B8173F4(vaddr);
  if ( res != 8 )
  {
    if ( res <= 8 )
    {
      if ( res != 2 )
        return 0;
    }
    else if ( res != 0x40 && res != 0x80 )
    {
      return 0;
    }
  }
  return 1;
int sceKernelCpuIsVaddrMappedForDriver(void *vaddr);

These functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.

sceKernelCpuLockStoreLRForDriver

Version NID
1.60 0xBF82DEB2
3.60 0xBF82DEB2
void sceKernelCpuLockStoreLRForDriver(unsigned int *addr);

sceKernelCpuTryLockStoreLRForDriver

Version NID
3.60 0x5AC9D394
unsigned int sceKernelCpuTryLockStoreLRForDriver(unsigned int *addr);

sceKernelCpuUnlockStoreLRForDriver

Version NID
1.60 0xD6ED0C46
3.60 0xD6ED0C46
void sceKernelCpuUnlockStoreLRForDriver(unsigned int *addr);

sceKernelCpuLockStoreFlagForDriver

Version NID
3.60 0x3F42B434
void sceKernelCpuLockStoreFlagForDriver(unsigned int *result);

sceKernelCpuTryLockStoreFlagForDriver

Version NID
3.60 0x4F7790B4
unsigned int sceKernelCpuTryLockStoreFlagForDriver(unsigned int *addr);

sceKernelCpuUnlockStoreFlagForDriver

Version NID
3.60 0xCB8ABDF0
void sceKernelCpuUnlockStoreFlagForDriver(unsigned int *addr);

These functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.

LR is stored as addr value.

While mutex is held, interrupts are disabled.

Used like this:

int prev_state = sceKernelCpuLockSuspendIntrStoreLRForDriver(mutex);
// do work
sceKernelCpuUnlockResumeIntrStoreLRForDriver(mutex, prev_state);

sceKernelCpuLockSuspendIntrStoreLRForDriver

Version NID
3.35 0xD32ACE9E
3.60 0xD32ACE9E
unsigned int sceKernelCpuLockSuspendIntrStoreLRForDriver(unsigned int *addr);

sceKernelCpuTryLockSuspendIntrStoreLRForDriver

Version NID
3.60 0x27C0B340
unsigned int sceKernelCpuTryLockSuspendIntrStoreLRForDriver(int *addr);

sceKernelCpuUnlockResumeIntrStoreLRForDriver

Version NID
3.35 0x7BB9D5DF
3.60 0x7BB9D5DF
void sceKernelCpuUnlockResumeIntrStoreLRForDriver(unsigned int *addr, int prev_state);

These functions implement a simple mutual exclusive access on a resource addr using LDREX/STREX.

0x80000000 is stored as addr value.

While mutex is held, interrupts are disabled.

Used like this:

int prev_state = sceKernelCpuLockSuspendIntrStoreFlagForDriver(mutex);
// do work
sceKernelCpuUnlockResumeIntrStoreFlagForDriver(mutex, prev_state);

sceKernelCpuLockSuspendIntrStoreFlagForDriver

Version NID
3.35 0x4C38CE4D
3.60 0x4C38CE4D
unsigned int sceKernelCpuLockSuspendIntrStoreFlagForDriver(unsigned int *addr);

sceKernelCpuTryLockSuspendIntrStoreFlagForDriver

Version NID
3.60 0xDE6482C6
unsigned int sceKernelCpuTryLockSuspendIntrStoreFlagForDriver(unsigned int *addr);

sceKernelCpuUnlockResumeIntrStoreFlagForDriver

Version NID
3.35 0x9EC91017
3.60 0x9EC91017
void sceKernelCpuUnlockResumeIntrStoreFlagForDriver(unsigned int *addr, unsigned int prev_state);

sceKernelCpuSpinLockStoreLRForDriver

Version NID
3.60 0xCAC9AE80
void sceKernelCpuSpinLockStoreLRForDriver(unsigned int *result);

sceKernelCpuTrySpinLockStoreLRForDriver

Version NID
3.60 0x093925BD
unsigned int sceKernelCpuTrySpinLockStoreLRForDriver(unsigned int *addr);

sceKernelCpuSpinUnlockStoreLRForDriver

Version NID
3.60 0xF5FD5676
void sceKernelCpuSpinUnlockStoreLRForDriver(unsigned int *result);

sceKernelCpuSpinLockSuspendIntrStoreLRForDriver

Version NID
3.60 0xEC53D007
unsigned int sceKernelCpuSpinLockSuspendIntrStoreLRForDriver(unsigned int *addr);

sceKernelCpuTrySpinLockSuspendIntrStoreLRForDriver

Version NID
3.60 0xF02467D1
unsigned int sceKernelCpuTrySpinLockSuspendIntrStoreLRForDriver(unsigned int *addr);

sceKernelCpuSpinUnlockResumeIntrStoreLRForDriver

Version NID
3.60 0x740A0750
void sceKernelCpuSpinUnlockResumeIntrStoreLRForDriver(unsigned int *addr, unsigned int prev_state);

sceKernelCpuDisableInterruptsForDriver

Version NID
1.60 0x821FC0EE
3.60 0x821FC0EE

Disable irq (but not fiq) and returns previous interrupt bit status (so either 0 or 0x80).

unsigned int sceKernelCpuDisableInterruptsForDriver(void);

sceKernelCpuEnableInterruptsForDriver

Version NID
1.60 0xF5BAD43B
3.60 0xF5BAD43B

Restore previous irq state, pass either 0 or 0x80.

unsigned int sceKernelCpuEnableInterruptsForDriver(unsigned int prev_state);

SceSysclibForKernel

Was present on 1.69. Doesn't exist on 3.60.

SceSysclibForDriver

The C standard library for use in kernel only. (Userland have SceLibKernel, which confusingly is userland only).

Include standard string functions (no insecure variants like strcpy).

__aeabi_idiv

Version World NID
3.60 non-secure 0x2518CD9E

__aeabi_uidiv

Version World NID
3.35 non-secure 0xA9FF1205
3.60 non-secure 0xA9FF1205

__aeabi_uidivmod

Version World NID
3.35 non-secure 0xA46CB7DE
3.60 non-secure 0xA46CB7DE

__aeabi_ldivmod

Version World NID
3.60 non-secure 0x7554AB04

__memcpy_chk

Version World NID
3.60 non-secure 0x8A0B0815

__memmove_chk

Version World NID
3.60 non-secure 0x35DBB110

__memset_chk

Version World NID
3.60 non-secure 0x1A30BB28

__stack_chk_fail

Version World NID
1.69 non-secure 0xB997493D
3.60 non-secure 0xB997493D

__strncat_chk

Version World NID
3.60 non-secure 0x33EE298B

__strncpy_chk

Version World NID
3.60 non-secure 0x96268C53

look_ctype_table

Version World NID
3.60 non-secure 0xCDF7F155

memchr

Version World NID
3.60 non-secure 0x60DAEA30

memcmp

Version World NID
3.60 non-secure 0xB5A4D745

timing constant memcmp

memcmp2

Version World NID
1.69 non-secure 0xF939E83D
3.60 non-secure 0xF939E83D

memcpy

Version World NID
1.60 non-secure 0x40C88316
1.69 non-secure 0x40C88316
3.60 non-secure 0x40C88316

memmove

Version World NID
1.69 non-secure 0x6CC9C1A1
3.60 non-secure 0x6CC9C1A1

On 1.69, this seems to be implemented incorrectly.

memset

Version World NID
1.60 non-secure 0x0AB9BF5C
3.60 non-secure 0x0AB9BF5C

memset2

Version World NID
1.69 non-secure 0x502B000D

rshift

Version World NID
1.69 non-secure 0x1D89F6C0
3.60 non-secure 0x1D89F6C0

snprintf

Version World NID
1.69 non-secure 0xAE7A8981
3.60 non-secure 0xAE7A8981

strchr

Version World NID
1.69 non-secure 0x38463759
3.35 non-secure 0x38463759
3.60 non-secure 0x38463759

strcmp

Version World NID
1.69 non-secure 0x0B33BC43
3.60 non-secure 0x0B33BC43

strlcat

Version World NID
3.60 non-secure 0x12504E09

strlcpy

Version World NID
3.60 non-secure 0x7FB4EBEC

strlen

Version World NID
1.69 non-secure 0xCFC6A9AC
3.60 non-secure 0xCFC6A9AC

strncat

Version World NID
1.69 non-secure 0xA1D1C32C
3.60 non-secure 0xA1D1C32C

strncmp

Version World NID
1.60 non-secure 0x12CEE649
1.69 non-secure 0x12CEE649
3.60 non-secure 0x12CEE649

strncpy

Version World NID
3.60 non-secure 0x6D286146

strnlen

Version World NID
1.69 non-secure 0xCD4BD884
3.60 non-secure 0xCD4BD884

strrchr

Version World NID
1.69 non-secure 0x7F0E0835
3.60 non-secure 0x7F0E0835

strstr

Version World NID
1.69 non-secure 0x1304A69D
3.60 non-secure 0x1304A69D

strtol

Version World NID
1.69 non-secure 0xAB77C5AA
3.60 non-secure 0xAB77C5AA

strtoll

Version World NID
3.60 non-secure 0x87AAAFA2

strtoul

Version World NID
3.60 non-secure 0x4E5042DA

tolower

Version World NID
3.60 non-secure 0x0021DAF9

toupper

Version World NID
3.60 non-secure 0xA685DCB1

vsnprintf

Version World NID
3.60 non-secure 0x3DDBE2E1

SceSysrootForKernel

sceSysrootGetSmSelfInfoForKernel

Version NID
3.60 0xF10AB792
typedef struct sm_self_info
{
   uint32_t size; // 0x0C
   char* sm_self_data; 
   uint32_t sm_self_size;
} sm_self_info;

int sceSysrootGetSmSelfInfoForKernel(int index, sm_self_info* state);
Index SM SELF location
0 os0:sm/gcauthmgr_sm.self
1 os0:sm/rmauth_sm.self
2 os0:sm/encdec_w_portability_sm.self

sceSysrootGetSelfInfoForKernel

Version NID
3.60 0x4F0A4066
typedef struct SceSelfInfo // size is 0x90
{
   SceUInt64 program_authority_id;
   SceUInt64 padding1;
   uint8_t capability[0x20];
   uint8_t attribute[0x20];
   uint8_t padding2[0x10];
   uint8_t klicensee[0x10];
   uint32_t unk_70;
   uint32_t unk_74;
   uint32_t unk_78;
   uint32_t unk_7C;
   uint32_t unk_80; // ex: 0x10
   uint32_t unk_84;
   uint32_t unk_88;
   uint32_t unk_8C;
} SceSelfInfo;

int sceSysrootGetSelfInfoForKernel(SceUID pid, SceSelfInfo *self_info);

SceSysrootForKernel_CC85905B

Version NID
3.60 0xCC85905B

Returns the exception vectors base address. The address of the exception vectors for the CPU i is: SceSysrootForKernel_CC85905B() + 0x40 * i.

void *SceSysrootForKernel_CC85905B(void);

SceSysrootForKernel_377895EB

Version NID
3.60 0x377895EB
int SceSysrootForKernel_377895EB(int *a1);

Returns 0 on success, 0xFFFFFFFF on error. a1 usually takes value 1 after this function is called. Called by sceSblAuthMgrAuthHeaderForKernel before F00D request.

sceSysrootGetSysrootBufferForKernel

Version NID
3.60 0x9DB56D1F

Returns pointer to Sysroot buffer.

void *sceSysrootGetSysrootBufferForKernel(void);

sceSysrootGetSysbaseForKernel

Version NID
3.60 0x3E455842
sysbase_t* sceSysrootGetSysbaseForKernel();

sceSysrootGetProcessTitleIdForPidForKernel

Version NID
3.60 0xEC3124A3
int sceSysrootGetProcessTitleIdForPidForKernel(SceUID pid, char *titleid, size_t len);

sceSysrootIsAuCodecIcConexantForKernel

Version NID
3.60 0x46E72428

return sysroot_buffer + 0xE8;

int sceSysrootIsAuCodecIcConexantForKernel(void);

sceSysrootIsBsodRebootForKernel

Version NID
3.60 0x4373AC96

return (*(int *)(sysroot_buffer->wakeup_factor) & 0x7Fu) <= 0x17;

int sceSysrootIsBsodRebootForKernel(void);

sceSysrootIsExternalBootModeForKernel

Version NID
3.60 0x89D19090

return *(int *)(sysroot_buffer->boot_type_indicator_1) & 1;

int sceSysrootIsExternalBootModeForKernel(void);

sceSysrootIsSafeModeForKernel

Version NID
3.60 0x834439A7
int sceSysrootIsSafeModeForKernel(void);

sceSysrootIsUpdateModeForKernel

Version NID
3.60 0xB0E1FC67
int sceSysrootIsUpdateModeForKernel(void);

sceSysrootIsUsbEnumWakeupForKernel

Version NID
3.60 0x79C9AE10
 if ( *(int *)(sysroot_buffer + 0xC0) & 0x90000 )
   result = 1;
 else
   result = (*(int *)(sysroot_buffer->wakeup_factor) & 0x7Fu) <= 0xF;
 return result;
int sceSysrootIsUsbEnumWakeupForKernel(void);

sceSysrootUseExternalStorageForKernel

Version NID
3.60 0x55392965

Returns true when Manufacturing Mode flag is set:

return (*(int *)(sysroot_buffer->boot_type_indicator_1) >> 2) & 1;

int sceSysrootUseExternalStorageForKernel(void);

sceSysrootUseInternalStorageForKernel

Version NID
3.60 0x50FE3B4D

Returns true when internal storage is present (PSTV and SLIM - not FAT) and flag is set:

return *(char *)(sysroot_buffer + 0x35) & 1 ^ 1;

int sceSysrootUseInternalStorageForKernel(void);

sceSysrootGetNidNameForKernel

Version NID
3.60 0x0B79E220
int sceSysrootGetNidNameForKernel(unsigned int nid, const char **name);

sceSysrootGetModuleInfoForPidForKernel

Version NID
3.60 0xFF9F80FF
int sceSysrootGetModuleInfoForPidForKernel(SceUID pid, const void *addr, unsigned int *info); // info[0] = 0x3C

Returns export info at address for pid (contains module, lib and NID and their names).

SceSysrootForKernel_71DB83A2

Version NID
3.60 0x71DB83A2

Write value at 0x375F8 + 0x380.

int SceSysrootForKernel_71DB83A2(int value);

SceSysrootForDriver

sceSysrootSetSystemSwVersionForDriver

Version World NID
3.60 non-secure 0x3276086B

Set System Software version as int in SceSysmem memory. For exemple: 0x3650000 on 3.65.

int sceSysrootSetSystemSwVersionForDriver(int sw_version);

sceSysrootGetSystemSwVersionForDriver

Version World NID
3.60 non-secure 0x67AAB627

Returns System Software version as int from SceSysmem memory. For exemple: 0x3650000 on 3.65.

int sceSysrootGetSystemSwVersionForDriver(void);

?sceSysrootInitI2cForDriver?

Version World NID
3.60 non-secure 0x930B1342
int ?sceSysrootInitI2cForDriver?(void);

sceSysrootIsSafeModeForDriver

Version NID
3.60 0x834439A7
int sceSysrootIsSafeModeForDriver(void);

SceKernelUtilsForDriver

sceAesDecrypt1ForDriver

Decrypt with AES.

Version NID
1.69 0xD8678061
3.60 0xD8678061
int sceAesDecrypt1ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesDecrypt2ForDriver

Version NID
3.60 0xE39CD272
int sceAesDecrypt2ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesEncrypt1ForDriver

Encrypt with AES. There are two functions that are the same on 1.69.

Version NID
1.69 0xC2A61770
3.60 0xC2A61770
int sceAesEncrypt1ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesEncrypt2ForDriver

Encrypt with AES. There are two functions that are the same on 1.69.

Version NID
1.69 0x302947B6
3.60 0x302947B6
int sceAesEncrypt2ForDriver(void *ctx, const unsigned char* src, unsigned char* dst);

sceAesInit1ForDriver

This sets up the AES engine. ctx is a 960 byte buffer (int 1.69). blocksize and keysize is the security in bits. 128/196/256 are supported values.

Version NID
1.69 0xF12B6451
3.60 0xF12B6451

last arg to subroutine is 0

int sceAesInit1ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);

sceAesInit2ForDriver

Version NID
3.60 0xEDA97D6D

last arg to subroutine is 1

int sceAesInit2ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);

sceAesInit3ForDriver

Version NID
3.60 0x72408E29

last arg to subroutine is 2

int sceAesInit3ForDriver(void *ctx, int blocksize, int keysize, const unsigned char* key);

sceDeflateDecompressForDriver

Version NID
3.60 0x8AF1FAD4

sceDeflateDecompressPartialForDriver

Version NID
3.60 0x3D74CCDF

sceGzipDecompressForDriver

Version NID
3.60 0x367EE3DF

sceGzipGetCommentForDriver

Version NID
3.60 0xCD3AE08F

sceGzipGetCompressedDataForDriver

Version NID
3.60 0x63619124

sceGzipGetInfoForDriver

Version NID
3.60 0xFFC6A10F

sceGzipGetNameForDriver

Version NID
3.60 0xF901FD3E

sceGzipIsValidForDriver

Version NID
3.60 0xD8FAEFD4

sceHmacSha1DigestForDriver

Version NID
3.60 0x29A28957
int sceHmacSha1DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);

sceHmacSha224DigestForDriver

Version NID
3.60 0x7F2A7B99
int sceHmacSha224DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);

sceHmacSha256DigestForDriver

Version NID
3.60 0x83EFA1CC
int sceHmacSha256DigestForDriver(const unsigned char* key, int key_len, const unsigned char* data, int data_len, unsigned char* digest);

sceMt19937GlobalInitForDriver

Version NID
3.60 0xD428CC2A

sceMt19937GlobalUninitForDriver

Version NID
3.60 0x875B2A1C

sceMt19937InitForDriver

Version NID
3.60 0x4C9A5730

sceMt19937UIntForDriver

Version NID
3.60 0x92AEDFBC

sceSfmt19937FillArray32ForDriver

Version NID
3.60 0x2B30548B

sceSfmt19937FillArray64ForDriver

Version NID
3.60 0x49B41540

sceSfmt19937GenRand32ForDriver

Version NID
3.60 0xBBE4701A

sceSfmt19937GenRand64ForDriver

Version NID
3.60 0x45DEAAD6

sceSfmt19937InitByArrayForDriver

Version NID
3.60 0x33AE1203

sceSfmt19937InitGenRandForDriver

Version NID
3.60 0xAB48C3CA

sceSha1BlockInitForDriver

Version NID
3.60 0xE4390FFA
int sceSha1BlockInitForDriver(void* ctx);

sceSha1BlockResultForDriver

Version NID
3.60 0x48F24106
int sceSha1BlockResultForDriver(void* ctx, unsigned char* digest);

sceSha1BlockUpdateForDriver

Version NID
3.60 0x478A6F3C
int sceSha1BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);

sceSha1DigestForDriver

Version NID
3.60 0x87DC7F2F
int sceSha1DigestForDriver(unsigned char *data, int size, unsigned char* digest);

sceSha224BlockInitForDriver

Version NID
3.60 0xC762EA6D
int sceSha224BlockInitForDriver(void* ctx);

sceSha224BlockResultForDriver

Version NID
3.60 0xFBF2A442
int sceSha224BlockResultForDriver(void* ctx, unsigned char* digest);

sceSha224BlockUpdateForDriver

Version NID
3.60 0x7556E611
int sceSha224BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);

sceSha224DigestForDriver

Version NID
3.60 0x9EA9D4DC
int sceSha224DigestForDriver(unsigned char *data, int size, unsigned char* digest);

sceSha256BlockInitForDriver

Version NID
3.60 0xD909FA2C
int sceSha256BlockInitForDriver(void* ctx);

sceSha256BlockResultForDriver

Version NID
3.60 0x4899CD4B
int sceSha256BlockResultForDriver(void* ctx, unsigned char* digest);

sceSha256BlockUpdateForDriver

Version NID
3.60 0x236A9097
int sceSha256BlockUpdateForDriver(void* ctx, const unsigned char* data, int size);

sceSha256DigestForDriver

Version NID
3.60 0xA773A6A8
int sceSha256DigestForDriver(unsigned char *data, int size, unsigned char* digest);

sceZlibDecompressForDriver

Version NID
3.60 0x900148DB

sceZlibGetCompressedDataForDriver

Version NID
3.60 0x01EB6C45

sceZlibGetInfoForDriver

Version NID
3.60 0x5B9BCD75

SceZlibForDriver

zlib compression library.

Firmware zlib version
1.60 1.2.5
3.60 ??

inflate

Version World NID
1.60 non-secure 0xE4F34A68
3.60 non-secure 0xE4F34A68

deflate

Version World NID
1.60 non-secure 0xE859D60F
3.60 non-secure 0xE859D60F

deflateReset

Version World NID
1.60 non-secure 0x68CFEA45
3.60 non-secure 0x68CFEA45

crc32

Version World NID
1.60 non-secure 0xE0CE06C0
3.60 non-secure 0xE0CE06C0

adler32

Version World NID
1.60 non-secure 0x98619620
3.60 non-secure 0x98619620

inflateSetDictionary

Version World NID
1.60 non-secure 0x7B16DBD6
3.60 non-secure 0x7B16DBD6

SceKernelSuspendForDriver

Used to register callbacks for handling suspend/resume related events.

sceKernelRegisterSysEventHandlerForDriver

Version NID
1.69 0x04C05D10
3.60 0x04C05D10
typedef struct {
    uint32_t size; // 24
    uint32_t unk1;
    uint32_t unk2;
    uint32_t unk3;
    uint32_t unk4;
    uint32_t unk5;
} suspend_args_t;

typedef int (suspend_callback_t)(int resume, int event_id, suspend_args_t *args, void *opt);

int sceKernelSuspendRegisterCallbackForDriver(const char *name, suspend_callback_t *callback_func, void *opt);

Registers a function for handling suspend/resume. resume is 0 if we are currently suspending and 1 if we are currently resuming. opt is passed from the registration. Registration adds an entry to a linked list and returns the block id for the new entry.

Returns the suspend_callback_id.

sceKernelUnregisterSysEventHandlerForDriver

Version NID
1.69 0xDD61D621
3.60 0xDD61D621
int sceKernelUnregisterSysEventHandlerForDriver(int id);

Call with the id returned from suspend_register_callback to remove the entry from the linked list and free the memory.

sceKernelSysEventDispatchForDriver

Version NID
1.69 0xD4622EA8
3.60 0xD4622EA8
int sceKernelSysEventDispatchForDriver(int resume, int eventid, suspend_args_t *args, int stop_on_error);

This will go through the linked list and call each callback. If stop_on_error is set, then the first callback that returns a negative value will stop the call chain and return the block id of the callback that broke the chain. Otherwise, this function will invoke each callback and return zero.

sceKernelPowerTickForDriver

Version NID
3.60 0xE0489831
typedef enum SceKernelPowerTickType {
	/** Cancel all timers */
	SCE_KERNEL_POWER_TICK_DEFAULT			= 0,
	/** Cancel automatic suspension timer */
	SCE_KERNEL_POWER_TICK_DISABLE_AUTO_SUSPEND	= 1,
	/** Cancel OLED-off timer */
	SCE_KERNEL_POWER_TICK_DISABLE_OLED_OFF		= 4,
	/** Cancel OLED dimming timer */
	SCE_KERNEL_POWER_TICK_DISABLE_OLED_DIMMING	= 6
} SceKernelPowerTickType;

int sceKernelPowerTickForDriver(int type);

Cancel specified idle timers to prevent entering in power save processing.

Returns 0 on success.

SceQafMgrForDriver

Provides many device permission checks including PSVita model checks, running app privilege checks, debugging enabled checks, and so on.

SceQafMgrForDriver_7B14DC45

Version World NID
3.60 non-secure 0x7B14DC45

Used by SceAppMgr.

return ((unsigned int)*(char *)(SceSysrootGetSysrootBufferForKernel() + 0x2D) >> 1) & 1; // = 0x2D + BIT number 30

int SceQafMgrForDriver_7B14DC45(void);

ScePmMgrForDriver

scePmGetProductModeForDriver

Version World NID
3.60 non-secure 0x2AC815A2

Returns 0 on success.

Gets sysroot_buffer using sceKernelGetSysrootBufferForDriver.

result = ((int *)(sysroot_buffer->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag

int scePmGetProductModeForDriver(int* result);

scePmIsExternalBootModeForDriver

Version World NID
3.60 non-secure 0xBD1F193B

Gets sysroot_buffer using sceKernelGetSysrootBufferForDriver.

return (int *)(sysroot_buffer->boot_type_indicator_1) & 1;

int scePmIsExternalBootModeForDriver(void);

SceSblAIMgrForDriver

sceSblAIMgrGetSMIForDriver

Version World NID
3.60 non-secure 0x47D9CF13

might be get shipped fw version

int sceSblAIMgrGetSMIForDriver(int *shipped_fw_version);

sceSblAIMgrGetTargetIdForDriver

Version World NID
3.60 non-secure 0x14345161
int sceSblAIMgrGetTargetIdForDriver(void);

sceSblAIMgrGetModelRevisionForDriver

Version World NID
3.60 non-secure 0xB33CEC8F
int sceSblAIMgrGetModelRevisionForDriver(void);

sceSblAIMgrIsTestForDriver

Version World NID
3.60 non-secure 0x3B638885

TEST = Internal Test Unit

Returns true if PsCode TargetId <= 0x100.

int sceSblAIMgrIsTestForDriver(void);

sceSblAIMgrIsToolOrTestForDriver

Version World NID
3.60 non-secure 0x274663A0

TOOL = DevKit

Returns true if PsCode TargetId <= 0x101.

int sceSblAIMgrIsToolOrTestForDriver(void);

sceSblAIMgrIsNonCEXForDriver

Version World NID
3.60 non-secure 0xF4B98F66

Returns true if PsCode TargetId <= 0x102.

int sceSblAIMgrIsNonCEXForDriver(void);

sceSblAIMgrIsCEXForDriver

Version World NID
3.60 non-secure 0xD78B04A2

Returns sceSblAIMgrIsJapaneseFatForDriver if PsCode TargetId <= 0x111 else returns 0.

int sceSblAIMgrIsCEXForDriver(void);

sceSblAIMgrIsVITAForDriver

Version World NID
3.60 non-secure 0x4273B97B

Returns sceSblAIMgrIsGenuineVITAForDriver.

int sceSblAIMgrIsVITAForDriver(void);

sceSblAIMgrIsDolceForDriver

Version World NID
3.60 non-secure 0x71608CA3

Returns sceSblAIMgrIsGenuineDolceForDriver if returns true else returns sceKernelCheckDipswForDriver(0x98).

int sceSblAIMgrIsDolceForDriver(void);

sceSblAIMgrIsGenuineVITAForDriver

Version World NID
3.60 non-secure 0x963CA644

Returns true if:

  • PsCode TargetId <= 0x111 AND sceSblAIMgrIsGenuineDolceForDriver returns false
  • sceSblAIMgrIsJapaneseFatForDriver returns true AND HardwareInfo != 0x700000 != 0x720000 != 0x510000
int sceSblAIMgrIsGenuineVITAForDriver(void);

sceSblAIMgrIsGenuineDolceForDriver

Version World NID
3.60 non-secure 0xC6E83F34
int sceSblAIMgrIsGenuineDolceForDriver(void);

sceSblAIMgrIsJapaneseFatForDriver

Version World NID
3.60 non-secure 0x6D5A3FC9
int sceSblAIMgrIsJapaneseFatForDriver(void);

sceSblAIMgrIsToolRev3ForDriver

Version World NID
3.60 non-secure 0xBB9D146B

Returns true if PsCode TargetId == 0x101 and PsCode Model revision <= 3.

int sceSblAIMgrIsToolRev3ForDriver(void);

sceSblAIMgrIsToolRev4ForDriver

Version World NID
3.60 non-secure 0x37A79140

Returns true if PsCode TargetId == 0x101 and PsCode Model revision <= 4.

int sceSblAIMgrIsToolRev4ForDriver(void);

sceSblAIMgrIsToolRev5ForDriver

Version World NID
3.60 non-secure 0xE5E47FF7

Returns true if PsCode TargetId == 0x101 and PsCode Model revision <= 5.

int sceSblAIMgrIsToolRev5ForDriver(void);

sceSblAIMgrIsPrototypeRev2ForDriver

Version World NID
3.60 non-secure 0xFF5784B9

Returns true if PsCode TargetId == 0x103 and PsCode Model revision <= 2.

int sceSblAIMgrIsPrototypeRev2ForDriver(void);

sceSblAIMgrIsPrototypeRev7ForDriver

Version World NID
3.60 non-secure 0x05F79D4A

Returns true if PsCode TargetId == 0x103 and PsCode Model revision <= 7.

int sceSblAIMgrIsPrototypeRev7ForDriver(void);

SceProcEventForDriver

SceProcEventDeleteUidForDriver

Version World NID
3.60 non-secure 0x3DED57CC

Wrapper to sceKernelDeleteUidForDriver.

int SceProcEventDeleteUidForDriver(int uid);

sceProcEventCreateEventForDriver

Version World NID
3.60 non-secure 0x2A43912D

Uses sceKernelCreateEventForDriver.

Returns uid.

int sceProcEventCreateEventForDriver(const char *name, int *a2, int a3);

SceProcEventForDriver_414CC813

Version World NID
3.60 non-secure 0x414CC813

Uses suspend/resume LR.

int SceProcEventForDriver_414CC813(int a1, int a2, int a3, int a4, int *a5, int a6);

SceDebugLed

sceKernelGetGPI

Version NID
3.60 0x14F582CF
int sceKernelGetGPI(void);

sceKernelSetGPO

Version NID
3.60 0x78E702D3
int sceKernelSetGPO(int value);

get_74

Version NID
3.60 0x2B6EABAD
int get_74(void);

get_78

Version NID
3.60 0x0E6B9890
int get_78(void);

SceDebugLedForDriver

sceKernelGetGPIForDriver

Version NID
3.60 0x14F582CF

Only SceDebugLedForDriver function used by SceCoredump.

int sceKernelGetGPIForDriver(void);

sceKernelSetGPIForDriver

Version NID
3.60 0x51C5325A
int sceKernelSetGPIForDriver(int value);

sceKernelGetGPOForDriver

Version NID
3.60 0x3BB289F7
int sceKernelGetGPOForDriver(void);

sceKernelSetGPOForDriver

Version NID
3.60 0x78E702D3
int sceKernelSetGPOForDriver(int value);

sceKernelSetGPOMaskForDriver

Version NID
3.60 0x098473B0
sceKernelSetGPOMaskForDriver(int a1, int a2);

get_74

Version NID
3.60 0x2B6EABAD
int get_74(void);

set_74

Version NID
3.60 0x24173819
int set_74(int value);

get_78

Version NID
3.60 0x0E6B9890
int get_78(void);

set_78

Version NID
3.60 0xF62154E7
int set_78(int value);

SceDebugForKernel

sceDebugSetHandlersForKernel

Version World NID
3.60 non-secure 0x10067B7B
int sceDebugSetHandlersForKernel(void (*func)(int unk, const char *format, const uint32_t *args), void *args);

sceDebugPutcharForKernel

Version World NID
3.60 non-secure 0x82D2EDCE

Print character.

int sceDebugPutcharForKernel(int character);

sceDebugGetPutcharHandlerForKernel

Version World NID
3.60 non-secure 0xE783518C

Returns pointer to current debug print char handler.

void *sceDebugGetPutcharHandlerForKernel(void);

sceDebugRegisterPutcharHandlerForKernel

Version World NID
3.60 non-secure 0xE6115A72

Set debug print char handler.

int sceDebugRegisterPutcharHandlerForKernel(int (*func)(void *args, char c), void *args);

SceDebugForKernel_082B8D6A

Version World NID
3.60 non-secure 0x082B8D6A

Print kernel exception information.

// name can be:
// UNDEF - ?
// PABT - Prefetch Abort
// DABT - Data Abort
// NEST - ?
int SceDebugForKernel_082B8D6A(void *unk, void *ctx, int index, char *name);

sceDebugDisableInfoDumpForKernel

Version World NID
3.60 non-secure 0xF857CDD6
// ex: sceDebugDisableInfoDumpForKernel(0); as used in henkaku/payload.c
int sceDebugDisableInfoDumpForKernel(int flag);

SceDebugForDriver

Types

struct kernel_message_ctx
{
  int hex_value0_hi;
  int hex_value0_lo;
  int hex_value1;
  char* msg0;
  int num;
  char* msg1;
};

sceDebugPrintfForDriver

Version World NID
3.60 non-secure 0x391B74B7
int sceDebugPrintfForDriver(const char *fmt, ...);

sceDebugPrintf2ForDriver

Version World NID
3.60 non-secure 0x02B04343
int sceDebugPrintf2ForDriver(int msg_type_flag, kernel_message_ctx *msg_ctx, const char *fmt, ...);

print_kernel_panic

Version World NID
3.60 non-secure 0x391B5B74
int print_kernel_panic(kernel_message_ctx *msg_ctx, void *some_address);

printf_kernel_panic

Version World NID
3.60 non-secure 0x00CCE39C
int printf_kernel_panic(kernel_message_ctx *msg_ctx, void *some_address, const char* fmt, ...);

print_kernel_assertion

Version World NID
3.60 non-secure 0x35A35322
int print_kernel_assertion(int condition, kernel_message_ctx *msg_ctx, void *some_address);

printf_kernel_assertion

Version World NID
3.60 non-secure 0x821A2D59
int printf_kernel_assertion(int unk, int condition, kernel_message_ctx *msg_ctx, int some_address, const char *fmt, ...);

invoke_some_callback

Version World NID
3.60 non-secure 0x411C0733

Uses sceKernelCpuLockSuspendIntrStoreLRForDriver and sceKernelCpuLockResumeIntrStoreLRForDriver.

Calls SceSysclibForDriver_E38E7605.

Maybe invoke debug handler.

int invoke_some_callback(char *format, va_list ap);

SceSysmemForTZS

sceKernelAllocMemBlockForPidForTZS

Version World NID
1.69 Secure 0x0028E26C
int sceKernelAllocMemBlockForPidForTZS(SceUID pid, const char *name, SceKernelMemBlockType type, SceSize size, SceKernelAllocMemBlockKernelOpt *optp);

SceSysrootForTZS

sceSysrootGetSysrootBufferForTZS

Version World NID
1.69 secure 0x29C1049E

Returns pointer to Sysroot buffer.

void *sceSysrootGetSysrootBufferForTZS(void);