SceKernelModulemgr

SceKernelModulemgr is in charge of loading both user modules and kernel modules. SceSblAuthMgr facilitates the SELF decryption process and this library loads the ELF programs into memory along with linking with NIDs and relocation of ELF in position independent executables.

Module
This module exists only in non-secure world. The SELF can be found in.

Libraries
This module exports kernel and user libraries.

Loading Sequence
When loading a module the sequence creates a SceModule structure to represent it.

SELF Decryption
The following code can decrypt a SELF located at. Set  to 1 if decrypting a user module else 0 for kernel. Set  to 0 if you're decrypting the SELF at the right location (for example decrypting   located in  ). If you have copied the SELF elsewhere, you need to set the  to the right value for where the real path was. is for modules that are too large and won't fit in contiguous regular memory.

Module decryption and signature checks ("HENkaku patches" on 1.60)
SELF_Loading.

The code below will patch signature checks and bypass module decryption and allow homebrew to run. The idea is to hook SceSblAuthMgr* calls that are imported to SceKernelModulemgr. The offsets are from 1.60, you will probably need to modify hook_resume_sbl_* defines (set them to addresses of functions) and INSTALL_HOOK second arguments (set to addresses of imports in SceKernelModulemgr). As a bonus there's also patch_npdrm functions that patches SceNpDrm to bypass some DRM checks and allow unsigned packages to be installed, which you also need to modify, see SceNpDrm.

sceKernelDecryptSelfByPathForKernel
This is an easy way of decrypting SELFs but you are limited to the kinds of SELFs you can load in the current context (for example, you can't load user libraries from kernel context). It is also susceptible to limitations of where the SELF can be loaded from. For example, you are not allowed to load SELFs found in  from. This is because it checks the PathId.

sceKernelGetModuleList2ForKernel
Found by Princess

sceKernelGetModuleUidForKernel
Found by Princess

sceKernelGetModuleUidListForKernel
Found by Princess

sceKernelGetModuleInfo2ForKernel
Found by Princess

sceKernelGetModuleLibraryInfoForKernel
Found by Princess

sceKernelGetProcessMainModulePathForKernel
Found by Princess

sceKernelLoadPreloadingModulesForKernel
Was wrongly named sceKernelLoadStartDefaultSharedModulesForPidForKernel.

This loads the default shared modules for a process (only the ones that are actually imported). This includes, for example,. Modules are loaded with flags  meaning that text pages can be shared. If dipsw 210 is set, then flag  is set, meaning that if the existing page is found, do not share it but instead make a copy.

SceModulemgrForDriver_1D9E0F7E
Calls SceModulemgrForKernel_0053BA4A.

sceKernelLoadModuleWithoutStartForDriver / sceKernelLoadModuleForDriver
Returns int modid (to use with sceKernelStartModuleForDriver).

sceKernelInhibitLoadingModule
Added somewhere between 3.30 an 3.60 to prevent loading Sysmodules from webbrowser. (see Vitasploit 2.00-3.36 and h-encore 3.65)

_sceKernelBacktrace
Calls sceKernelBacktraceForDriver.