Special:Badtitle/NS3000:DTrace

KASLR bypass
Create a new project, use the following source:
 * 1) include 

int main { // call any syscall to fill up waypoint sceIoOpen("ux0:whatever", 0, 0);

*(int*)0 = 0x11223344; }

Once it crashes, the waypoint is printed to "console output":

Print Waypoint
(26) PC:0x00B6220A, TARGETPC:0x00B509F8 T16Bt [0xB62C282F + 0x000109F8] (27) PC:0x00B509F8, TARGETPC:0x00B45590 T16Bt [0xB62C282F + 0x00005590] [SceShellSvc               ]:Starting... OK      2631usec [SceCommonDialog           ]:Starting... OK      1626usec [SceLibDbg                 ]:Starting... OK         1usec (28) PC:0x00B45592, TARGETPC:0x00B450A0 T32Lt [0xB62C282F + 0x000050A0] [SceLibft2                 ]:Starting... OK         1usec (29) PC:0x00B450AA, TARGETPC:0x00B450F0 T16Bt [0xB62C282F + 0x000050F0] (30) PC:0x00B450F0, TARGETPC:0x00B45596 T32Bt [0xB62C282F + 0x00005596] (31) PC:0x00B4559E, TARGETPC:0x00B455A0 T16Bn [0xB62C282F + 0x000055A0] // ...

(31) PC:0x00B4559E, TARGETPC:0x00B455A0 T16Bn [0xB62C282F + 0x000055A0] ^ target pc      ^ target NID ^ target offset sysmem base = 0x00B455A0 - 0x000055A0 = 0xB40000