SceSysmem

SceSysmem is a kernel module that acts as the heart of the kernel. It exports multiple libraries for various features. SceSysmem is the first module that is loaded in the kernel load sequence and its libraries are imported by almost all other modules. See Virtual Memory and Physical Memory for more details on the memory subsystem.

Module
This module exists in both non-secure and secure world. The non-secure world SELF can be found in. It also can be found in the Boot Image.

Known NIDs
The SceCpu libraries provide wrappers for much ARM CP15 co-processor access as well as low level support of spinlocks and other synchronization primitives.

Memory Block Type
The  parameter indicates what kind of memory to allocate. Here is a mapping of  flags to ARM MMU flags. Higher bits are used for other options including where to allocate from. Not all flag values are valid, there is a table of valid types in the kernel. You cannot, for example, allocate RWX memory.

All memtype list for 3.60

Note

The only commonly available memtypes are those that are publicly available.

sceKernelAllocMemblockInternal uses a list to translate it into an internal memtype.

So we can't create memtype with any bits and use that's.

memtype bit value
This is based internal memtypes.

Available memory types
See also : Memory budget

Types to reverse
from 0.990:

SceSysmemForKernel_A7D44B50
A guessed name is sceKernelSetSysmemFuncForKernel.

Used by SceKernelSSProxy's module_start to register a function that just calls SMC 0x10E (BusErrorClear).

The registered function is used internally by and.

sceKernelSysmemModuleStartAfterProcessmgrForKernel
Temp name was sceKernelInitProcessMemoryForKernel.

Used by SceProcessmgr.

sceKernelSysmemCleanerForKernel
?Implemented in internal system software.? Not implemented in external system software.

sceKernelPhysicalMemWriteForKernel
Writes to physical address  using a pre-allocated memblock. Destination must belong into a hardcoded table describing physical ranges.

sceKernelPhysicalMemReadForKernel
Temp name was memcpy_from_paddr.

Dest must be a virtual address and src must be a physical address. Returns copied size on success.

sceKernelCopyToUserProcTextDomainForKernel
Temp name was sceKernelRxMemcpyKernelToUserForPidForKernel, sceKernelProcCopyToUserRxForKernel.

Same as sceKernelCopyToUserProcDomain, but performs a DCache clean after the copy. Use this function if you want to write code in user pages.

This function is usually called when resolving stubs during a module loads. In 3.60, DACR is set to 0x15450FC3 instead of 0xFFFFFFFF.

sceKernelCopyToUserTextDomainForKernel
This is a guessed name. Temp names were sceKernelMemcpyToUserRxForKernel, sceKernelCopyToUserRxForKernel.

Similar to sceKernelCopyToUserProcTextDomain, but performed in the current address space.

In FW 3.60, sceKernelCopyToUserProcTextDomain calls this function to perform the copy after changing address space.

sceKernelCopyToUserDomainForKernel
This is a guessed name. Temp names were sceKernelMemcpyToUserRoForKernel, sceKernelCopyToUserRoForKernel.

Similar to sceKernelCopyToUserTextDomain, but doesn't perform any DCache clean.

Uses the same DACR, 0x15450FC3, for the copy.

sceUIDRegisterForKernel
Calls.

sceUIDGetUIDVectorByClassForKernel
Calls.

scePUIDGetUIDVectorByClassForKernel
Similar to. Maybe replacement for.

sceKernelAddressSpaceSetNameForKernel
Used by SceProcessmgr.

sceKernelAddressSpaceUnmapForKernel
Example: 0.990 SceSysStateMgr:

Example: 3.60 SceSysStateMgr:

sceKernelAddressSpaceChangeMMUContextForKernel
Changes to the MMU context (CONTEXTIDR.ASID + DACR + TTBR1) of target address space.

sceKernelAddressSpaceGetMMUContextForKernel
This is a guessed name.

SceSysmemForKernel_FBEF93AA
Maybe gets MMU context. Maybe was replaced by.

SceSysmemForKernel_4492421F
Gets address space information.

sceKernelAddressSpaceGetMMUL1InfoForKernel
Gets information about a L1PT entry in the translation table of an address space. Pass the virtual address of the target entry maps as.

sceKernelGetUIDAddressSpaceClassForKernel
This is a guessed name.

sceKernelAddressSpaceReferForKernel
This is a guessed name.

sceKernelCreatePhyMemPartForKernel
Calls with pbase = 0.

sceKernelGetPhyMemPartInfoForDebuggerForKernel
info size is 0xB0-bytes.

sceKernelGrowPhyMemPartForKernel
Calls sceKernelGrowPhyMemPartWithFlagsForKernel with flags = 0.

sceKernelGrowPhyMemPartByPbaseForKernel
Temp name was sceKernelGrowPhyMemPartWithFlagsForKernel.

Grows physical memory partition with pbase.

sceKernelGetGrownPhyMemPartSizeForKernel
This is a guessed name.

Returns a global variable. This global variable is either a size or offset or address and is incremented by sceKernelGrowPhyMemPartWithFlagsForKernel.

SceSysmemForKernel_153A08A0
Adds 1 to  using SceSysmem, and returns its new value.

sceKernelPhyMemPartAllocPhyPageForKernel
This is a guessed name.

sceKernelResetPhyMemPartForKernel
Used by SceProcessmgr.

Called with same argument as.

sceKernelShowPhyMemPartForKernel
?Implemented in internal system software.? Not implemented in external system software.

sceKernelGetHeapInfoByPtrForKernel
Temp name was sceKernelGetHeapInfoByPointerForKernel.

SceSysmemForKernel_7FDF483A
A possible name could be sceKernelObjectHeapAllocForKernel.

sceKernelUIDEntryHeapGetInfoForKernel
Official name might also be sceUIDEntryHeapGetInfoForKernel.

sceUIDEntryHeapSetHookForKernel
?Implemented in internal system software.? Not implemented in external system software.

sceKernelPrintHeapSegmentListForKernel
?Implemented in internal system software.? Not implemented in external system software.

sceGUIDGetObjectWithClassForKernel
Possible name are sceUIDGetObjectWithClassForKernel or sceUIDtoProcessForKernel.

sceGUIDGetUIDVectorByClassForKernel
Copy uid to vector by referring to all objects created by cls.

sceKernelGetPhyPartKernelForKernel
return gpPhyPartKernel;

sceKernelPhyMemLowAllocForKernel
Allocate a range of physically contiguous "pages" from a PhyMemLow object.

sceKernelPhyMemLowFreeForKernel
Free a range of physical "pages" from a PhyMemLow object.

sceKernelAllocPartitionMemBlockForKernel
Temp name was sceKernelAllocSystemCallTableForKernel.

sceGUIDKernelCreateForKernel
Create a GUID with default attribute (0x30000).

sceGUIDKernelCreateWithAttrForKernel
Create a GUID with the specified attribute.

sceGUIDKernelCreateWithOptForKernel
This is a guessed name. Temp name was sceKernelCreateUidObjForKernel, scePUIDKernelCreateWithAttrForKernel.

SceSysmemForKernel_BD33EDDF
Gets thread's name. Returns 0 on success.

sceGUIDSetVisibilityLevelForKernel
Sets visibilityLevel into guid's GUIDEntry.

SceSysmemForKernel_942D15FC
Computes MurmurHash.

Used to get GUID by name.

sceGUIDGetPIDForKernel
Returns Process ID for guid.

sceGUIDSetPIDForKernel
Sets Process ID for guid.

sceGUIDSetCNOAForKernel
Setting Class Name Object Attr.

sceGUIDSetForKernel
Re setting the GUID on an object that already has a uid assigned may cause the system to malfunction.

SceSysmemForKernel_C38D61FC
Calls.

sceUIDGetObjectForKernel
Calls.

SceSysmemForKernel_7C797940
Calls or.

sceUIDtoObjectForKernel
Calls SceSysmem.

SceSysmemForKernel_01DE3AB7
Return 0.

SceSysmemForKernel_ECF9435A
Writes  times the 4-byte   starting at usermode address. Write is performed with the  instruction and   (same as |sceKernelCopyToUserTextDomain - required because NID tables are in RX segments).

Used by SceKernelModulemgr to overwrite NID tables once a module's imports are bound with a random value from Bigmac RNG. This overwrite was called "NID Poisoning" by Team Molecule.

sceKernelCheckOpenVMDomainForKernel
Returns 2 if Virtual Machine is open, 0 else. Returns 0x80027101 on error.

SceSysmemForKernel_17F1AA22
Return 0.

SceSysmemForKernel_1E11F41D
Return 0.

SceSysmemForKernel_2658EE0A
Return 0.

SceSysmemForKernel_BC2E2B2B
Return 0.

SceSysmemForKernel_B339A865
Returns 0.

SceSysmemForKernel_7DC46969
Returns 1.

SceSysmemForKernel_68CB9266
Could be named sceKernelGetKernelFixedHeapForKernel.

sceKernelProcessGetContextForDriver
This is a guessed name.

sceKernelProcessSwitchContextForDriver
This is a guessed name.

scePUIDOpenByGUIDForDriver
Temp name was sceKernelCreateUserUidForDriver.

scePUIDOpenByGUIDWithFlagsForDriver
Temp name was sceKernelCreateUserUidForClassForDriver.

scePUIDOpenByNameForDriver
Temp name was sceKernelCreateUserUidForNameForDriver.

scePUIDOpenByNameWithClassForDriver
Equivalent to scePUIDOpenByNameForDriver, but object's class is checked to be a subclass of provided  before opening.

scePUIDOpenByNameWithExactClassForDriver
This is a guessed name. Previous name was.

Equivalent to scePUIDOpenByNameWithClass, but the object's class must match exactly the provided.

scePUIDCloseForDriver
Temp name was sceKernelDeleteUserUidForDriver.

scePUIDSetNameForDriver
Temp name was sceKernelSetNameForPidForUidForDriver.

scePUIDGetObjectForDriver
Temp name was sceKernelGetObjectForPidForUidForDriver.

scePUIDtoGUIDForDriver
Temp name was sceKernelKernelUidForUserUidForDriver.

Process UID to Global UID.

scePUIDtoGUIDWithClassForDriver
Temp name was sceKernelKernelUidForUserUidForClassForDriver.

scePUIDGetEntryHeapNameForDriver
Real name might be scePUIDGetEntryHeapNameForDriver. Temp name was sceKernelGetNameForPidByUidForDriver.

scePUIDGetClassForDriver
Temp name was sceKernelGetClassForPidForUidForDriver.

sceUIDKernelCreateForDriver
Calls.

Create a UID with default attribute (0x30000).

sceGUIDKernelCreateForDriver
Temp name was sceUIDKernelCreate2ForDriver, sceKernelCreateUidObj2ForDriver.

Create a UID with default attribute (0x30000).

sceUIDOpenByNameForDriver
Calls.

sceUIDCloseForDriver
if (flag_or_addr_or_pid & 0x40000000) == 0 calls else.

SceSysmemForDriver_F09A7D09
Calls.

sceUIDtoObjectForDriver
This is a guessed name.

Calls.

sceUIDtoClassForDriver
Calls.

sceGUIDCreateForDriver
Temp name was sceKernelCreateUidObjForUidForDriver.

Create a GUID with default attribute (0x30000) for the specified UID.

sceGUIDOpenByNameForDriver
Temp name was sceKernelOpenUidForNameForDriver.

sceGUIDCloseForDriver
Temp name was sceKernelDeleteUidForDriver.

sceGUIDGetClassForDriver
Temp name was sceKernelGetClassForUidForDriver.

sceGUIDSetNameForDriver
Temp name was sceKernelSetObjectForUidForDriver. Wrongfully named scePUIDSetNameForDriver.

Calls the same routine as sceGUIDSetForKernel, but passes NULL for pClass and pObject.

sceGUIDGetNameForDriver
This is a guessed name, but near. Temp name was sceKernelGetNameForUidForDriver.

sceGUIDGetName2ForDriver
This is a guessed name, but near. Temp name was sceKernelGetNameForUid2ForDriver.

sceGUIDGetObjectForDriver
Temp name was sceKernelGUIDGetObjectForDriver.

sceGUIDReferObjectForDriver
Temp name was sceKernelGetObjectForUidForDriver.

sceGUIDReferObjectWithLevelForDriver
Temp name was sceKernelGetObjectForUidForAttrForDriver.

sceGUIDReferObjectWithClassForDriver
Temp name was sceKernelGetObjForUidForDriver.

sceGUIDReferObjectWithSubclassForDriver
Temp name was sceKernelGetObjectForUidForClassTreeForDriver.

sceGUIDReleaseObjectForDriver
Temp name was sceKernelUidReleaseForDriver.

sceKernelGetUIDClassForDriver
This is a guessed and bad name.

SceSysmemForDriver_6F2ACDAE
Temp name was switch_ttb_for_pid.

Changes the TTBR to point to the tables for a given PID.

sceKernelAllocMemBlockForDriver
The interface is the same as the usermode version of this function, however more types can be specified and more options are in the pOpt argument.

To allocate a kernel RW block of memory, specify.

To allocate a block of memory with a specific physical address, specify  or ,  , and.

To allocate a block of memory that is kernel executable, specify.

To allocate a block of memory that is physically contiguous, specify,   and an alignment to.

To allocate a block of memory inside the CDRAM, specify.

sceKernelAllocMemBlockForDebuggerForDriver
Same as but authorizes null pOpt.

sceKernelAllocMemBlockWithInfoForDriver
Temp name was sceKernelAllocMemBlockExtForDriver.

sceKernelFindProcMemBlockByAddrForDriver
Temp name was sceKernelFindMemBlockByAddrForPidForDriver.

sceKernelGetMemBlockMemtypeByAddrForDriver
Temp name was sceKernelFindMemBlockByAddrForDefaultSizeForDriver.

sceKernelGetMemBlockPARangeForDriver
Previous name was sceKernelGetMemBlockAddrPairForUidForDriver

Returns the physical address and size (pRange) of the memory block if it is physically continuous.

sceKernelGetMemBlockVBaseForDriver
Temp name was sceKernelGetMemBlockKernelPageForDriver.

sceKernelGetMemBlockPAVectorForDriver
Temp name was sceKernelGetMemBlockPaddrListForUidForDriver.

sceKernelGetMemBlockInfoForDriver
Temp name was sceKernelMemBlockGetInfoExForVisibilityLevelForDriver.

sceKernelGetMemBlockInfoExForDriver
This is a guessed name.

sceKernelDecRefCountMemBlockForDriver
Temp name was sceKernelMemBlockDecRefCounterAndReleaseUidForDriver.

sceKernelIncRefCountMemBlockForDriver
Temp name was sceKernelMemBlockIncRefCounterAndReleaseUidForDriver.

sceKernelPartitionMapMemBlockForDriver
Temp name was sceKernelMapBlockUserVisibleForDriver.

sceKernelRemapMemBlockForDriver
This can be used to remap RW memory as RX. To do this, first allocate a memory block of type. After you are done writing, call sceKernelRemapMemBlockForDriver with type.

sceKernelPartialRemapMemBlockForDriver
Temp name was sceKernelRemapBlockForDriver, sceKernelRemapMemBlockForDriver.

This can be used to remap RW memory as RX. To do this, first allocate a memory block of type. After you are done writing, call sceKernelPartialRemapMemBlockForDriver with type.

sceKernelGetPhysicalMemoryTypeForDriver
Temp name was sceKernelVaddrMaybeGetSectionTypeForDriver

SceSysmemForDriver_13805CA8
Does some MemBlock partial operations.

SceSysmemForDriver_16713BE8
Does some MemBlock partial operations.

Same as but with different flags.

SceSysmemForDriver_4C584B29
Does some MemBlock partial operations.

Same as but with different flags.

SceSysmemForDriver_6C76AD89
Does some MemBlock partial operations.

Same as but with different flags.

SceSysmemForDriver_8C43B052
Does some MemBlock partial operations.

Same as but with different flags.

sceKernelMemBlockGetVirPageForDriver
This is a guessed name.

Does some MemBlock related operations.

sceKernelCreateHeapForDriver
The heap pool is thread safe.

has list "SCE_KERNEL_HEAP_HAS_HEAPCB".

sceKernelAllocHeapMemoryForDriver
Temp name was sceKernelMemPoolAlloc. Official name might also be sceUIDKernelCreateForDriver.

Calls sceKernelAllocHeapMemoryWithOptionForDriver with a3 = 0.

sceKernelAllocHeapMemoryFromGlobalHeapForDriver
Calls sceKernelAllocHeapMemoryForDriver with uid = -1 (global heap ).

sceKernelAllocHeapMemoryFromGlobalHeapWithOptForDriver
Calls sceKernelAllocHeapMemoryWithOptionForDriver with uid = -1 (global heap ).

sceKernelAllocHeapMemoryWithOptForDriver
Temp name was sceKernelAllocHeapMemoryWithOpt1ForDriver.

Same as  but uses.

sceKernelAllocHeapMemoryWithOptionForDriver
Temp name was sceKernelAllocHeapMemoryWithOpt2ForDriver.

Same as  but uses.

sceKernelFreeHeapMemoryForDriver
Temp name was sceKernelMemPoolFreeForDriver.

sceKernelCountFillValueFromUserForDriver
Temp name was sceKernelFirstDifferentBlock32UserForDriver.

sceKernelCountFillValueFromUserProcForDriver
Temp name was sceKernelFirstDifferentBlock32UserForPidForDriver.

sceKernelCountFillValue64FromUserForDriver
Temp name was sceKernelFirstDifferentBlock64UserForDriver.

sceKernelCountFillValue64FromUserProcForDriver
Temp name was sceKernelFirstDifferentBlock64UserForPidForDriver.

sceKernelVAtoPAForDriver
Temp name was sceKernelGetPaddrForDriver.

This will write the physical address for a virtual address  to memory pointed to by.

Returns <0 on error, values >=0 indicate success.

sceKernelVAtoPABySWForDriver
Temp name was sceKernelGetPaddrWithSectionTypeCheckForDriver, sceKernelAddressSpaceVAtoPABySWForDriver.

sceKernelProcModeVAtoPAForDriver
Temp name was sceKernelGetPaddrForPidForDriver.

sceKernelVARangeToPAVectorForDriver
Temp name was sceKernelGetPaddrListForDriver.

This function writes into  an array of   that encompasses the block of memory specified in the input. will contain the number of entries written. If  is null, it will just write the count.

sceKernelVARangeToPAVectorBySWForDriver
This is a guessed name. Temp name was sceKernelGetPaddrListForLargePageForDriver.

sceKernelVARangeToPAVectorByHWForDriver
Temp name was sceKernelGetPaddrListForSmallPageForDriver.

sceKernelVARangeToPARangeForDriver
Temp name was sceKernelGetPaddrPairForDriver.

sceKernelVARangeToPARangeBySWForDriver
This is a guessed name. Temp name was sceKernelGetPaddrPairForLargePageForDriver.

sceKernelVARangeToPARangeByHWForDriver
This is a guessed name. Temp name was sceKernelGetPaddrPairForSmallPageForDriver.

sceKernelIsAccessibleRangeForDriver
Temp name was sceKernelFindMemBlockForDriver.

Also exported as.

?Returns 0 on success (if is accessible range)?

sceKernelIsAccessibleRangeProcForDriver
Temp name was sceKernelFindMemBlockForPidForDriver.

Also exported as.

?Returns 0 on success (if is accessible range)?

sceKernelIsEqualAccessibleRangeProcBySWForDriver
Temp name was sceKernelProcIsPAWithinSameSection, sceKernelIsPaddrWithinSameSectionForUidForDriver.

sceKernelGetDebugPADramRangeForDriver
This is a guessed name. Temp name was sceKernelGetUnknownValidPhysAddressSpaceForDriver.

sceKernelIsVAWithinDebugPADramRangeForDriver
This is a guessed and bad name. Temp name was sceKernelIsPaddrWithinUnknownValidPhysAddressSpaceForDriver.

sceKernelUserMapForDriver
Temp name was sceKernelMapUserBlockDefaultTypeForDriver.

Assigns type 0.

sceKernelProcUserMapForDriver
Temp name was sceKernelMapUserBlockForDefaultTypeForPidForDriver. sceKernelProcUserMapForDriver is certainly the real name.

Assigns type 0.

sceKernelUserMapWithFlagsForDriver
Temp name was sceKernelMapUserBlockForDriver.

Permission is either "1" for read only, no execute or "2"/"3" for read write, no execute. Type is either 0, 1, or 17 and affects the block type. 0 is default. This will allocate kernel memory starting at kernel_page. To get the same memory as the user pointer, add the kernel_offset. kernel_size is how much is allocated.

sceKernelUserUnmapForDriver
Temp name was sceKernelMemBlockReleaseForDriver.

sceKernelUnlockRangeForDriver
Temp name was sceKernelMemRangeReleaseForDriver.

sceKernelUnlockRangeProcForDriver
Temp name was sceKernelMemRangeReleaseForPidForDriver.

sceKernelUnlockRangeWithModeForDriver
Temp name was sceKernelMemRangeReleaseWithPermForDriver, sceKernelUnlockRangeWithPermForDriver.

Decreases references to pages.

sceKernelLockRangeForDriver
Temp name was sceKernelMemRangeRetainForDriver.

sceKernelLockRangeProcForDriver
Temp name was sceKernelMemRangeRetainForPidForDriver.

sceKernelLockRangeWithModeForDriver
Temp name was sceKernelMemRangeRetainWithPermForDriver, sceKernelLockRangeWithPermForDriver.

Increases references to pages.

sceKernelCopyToUserForDriver
Temp name was sceKernelMemcpyKernelToUserForDriver.

Copies  bytes from a kernel buffer to a user buffer. Writes to  are performed using  -type instructions which cause a Data Abort if the pages are not user-accessible. If any Data Abort occurs during the operation, the exception is swallowed and an error is returned. Otherwise, the function returns.

sceKernelCopyToUserProcForDriver
Temp name was sceKernelMemcpyKernelToUserForPidForDriver, sceKernelProcCopyToUserForDriver.

Temporarily switches to specified process' address space for a call to sceKernelCopyToUser.

sceKernelCopyToUserProcDomainForDriver
Temp name was sceKernelRoMemcpyKernelToUserForPidForDriver, sceKernelProcCopyToUserRoForDriver.

Same as sceKernelCopyToUserProc, but sets DACR to 0xFFFFFFFF (ignore access permission bits in page table) before the copy then restores it. Use this function instead of sceKernelCopyToUserProc if you need to write data to read-only pages.

sceKernelCopyFromUserForDriver
Temp name was sceKernelMemcpyUserToKernelForDriver.

Copies  bytes from a user buffer to a kernel buffer. Reads from  are performed using  -type instructions which cause a Data Abort if the pages are not user-accessible. If any Data Abort occurs during the operation, the exception is swallowed and an error is returned. Otherwise, the function returns.

sceKernelCopyFromUserProcForDriver
Temp names were sceKernelMemcpyUserToKernelForPidForDriver, sceKernelProcCopyFromUserForDriver.

Temporarily switches to specified process' address space for a call to sceKernelCopyFromUser.

sceKernelUserCopyForDriver
Temp name was sceKernelMemcpyUserToUserForDriver.

sceKernelProcUserCopyForDriver
Temp name was sceKernelMemcpyUserToUserForPidForDriver.

sceKernelUserStrnlenForDriver
Temp name was sceKernelStrnlenFromUserForDriver.

sceKernelUserStrncpyForDriver
Returns 0 on success.

sceKernelStrncpyFromUserForDriver
Temp name was sceKernelStrncpyUserToKernelForDriver.

sceKernelProcStrncpyFromUserForDriver
Temp name was sceKernelStrncpyUserForPidForDriver.

sceKernelStrncpyToUserForDriver
Temp name was sceKernelStrncpyKernelToUserForDriver.

sceKernelProcStrncpyToUserForDriver
Temp name was sceKernelMemcpyKernelToUserForPidUncheckedForDriver.

SceSysmemForDebugger
This library was removed on FW 1.80.

sceKernelGetPhysicalAddressSpaceForDebugger
In FW 0.931, it calls sceKernelPhysicalAddressSpaceStartForDebugger.

sceKernelIsAccessibleRangeProcForDebugger
?Returns 0 on success (if is accessible range)?

sceKernelIsAccessibleRangeForDebugger
?Returns 0 on success (if is accessible range)?

SceSysmem
The SceSysmem library is responsible for both low-level and high-level memory management. There are functions for allocating raw blocks of memory (similar to Linux ) as well as functions for maintaining a heap-like structure (similar to  ) for kernel, however SceLibKernel implements a proper heap and that is used for user code.

sceKernelCheckModelCapability
Only bits 7 and 10 are supported.

Returns 0x80020005 if  is not supported.

On success, returns SCE_TRUE if the model has capability, else SCE_FALSE.

sceKernelGetDipswInfoForDriver
This is a guessed name.

All it does is:

info_id possible values:
 * 0: CP timestamp 1
 * 1: CP Version, CP Board ID
 * 2: CP timestamp 2
 * 3: ASLR Seed

See KBL Param.

sceKernelUartChStartForKernel
Temp name was sceKernelUartInitForKernel, sceUartInitForKernel.

It initializes the clock generator registers for the UART. See UART Registers. The default baud rate is 115200 for channels 0-5 and 250000 for channel 6.

sceKernelUartReadAvailableForKernel
Temp name was sceUartReadAvailableForKernel.

Returns the number of words available to read from the read FIFO.

sceKernelUartReadForKernel
Temp name was sceUartReadForKernel.

sceKernelUartWriteForKernel
Temp name was sceUartWriteForKernel.

sceKernelCpuId
Returns the CPU ID of the current core.

sceKernelRoundupDCacheLineForKernel
Calls the function previously registered by SceSysmem.

sceKernelSetRoundupDCacheLineFuncForKernel
Uses CTR and CTR-DMINLINE to determine which function to return.

sceKernelMMUL1GetInfoForKernel
Parses a L1PT for information about a specific entry. Pass the address of the L1PT in. Used by sceKernelAddressSpaceGetMMUL1InfoForKernel.

SceCpuForKernel_CA4124DE
Returns 1, 2 or 6 based on some page/section properties.

sceKernelMMUGetContextForKernel
Temp name was sceKernelCpuSaveContextForKernel.

sceKernelMMUChangeContextForKernel
Temp name was sceKernelCpuRestoreContextForKernel.

sceKernelMMUVAtoPAWithModeForKernel
Temp name was sceKernelCpuGetPaddrWithMaskForKernel.

mode (maskPAR) is usually 0x33, sometimes 2.

sceKernelMMUCheckRangeWithModeForKernel
Return 0 if all pages are valid, < 0 else.

sceKernelMMUVAtoPAForKernel
Temp name was sceKernelCpuGetPaddrForKernel.

Uses mode (maskPAR) 0x33.

This will write the physical address for a virtual address  to memory pointed to by.

Returns <0 on error, values >=0 indicate success.

sceKernelCpuGetCONTEXTIDRForKernel
The CONTEXTIDR, bits [31:0] contain the process ID number.

sceKernelDcacheCleanInvalidateAll
Flushes PLE then cleans and invalidates L1 Dcache and L2 cache in this order.

sceKernelL1DcacheInvalidateForKernel
Temp name was sceKernelCpuDcacheInvalidateMVACForKernel.

sceKernelL1DcacheInvalidateRangeForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheInvalidateMVACRangeForKernel.

sceKernelL1DcacheCleanInvalidateRangeForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheCleanInvalidateMVACRangeForKernel, sceKernelCpuDcacheWritebackInvalidateRangeForKernel, sceKernelDcacheWritebackInvalidateRangeForKernel.

sceKernelL1DcacheInvalidateAllForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheInvalidateSWForKernel.

sceKernelL1DcacheCleanAllForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheCleanSWForKernel.

sceKernelL1DcacheCleanInvalidateAllForKernel
Guessed name was sceKernelCpuDcacheCleanInvalidateSWForKernel.

sceKernelL1DcacheCleanForKernel
Temp name was sceKernelCpuDcacheCleanMVACForKernel.

sceKernelL1DcacheCleanRangeForKernel
Guessed name was sceKernelCpuDcacheCleanMVACRangeForKernel.

sceKernelL1DcacheInvalidateRangeForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheCleanInvalidateMVACForKernel.

sceKernelL1IcacheInvalidateEntireAllCoreForKernel
Guessed name was sceKernelCpuIcacheInvalidateAllUISForKernel.

Invalidates the L1 Icache for all cores.

sceKernelL1IcacheInvalidateEntireForKernel
This is a guessed name. Temp name was sceKernelCpuIcacheInvalidateAllUForKernel.

Invalidates the entire L1 Icache of this core.

sceKernelL1IcacheInvalidateRangeForKernel
Temp name was sceKernelCpuIcacheInvalidateRangeForKernel, sceKernelCpuIcacheInvalidateMVAURange.

Invalidates a range in L1 Icache of this core.

sceKernelIcacheInvalidateRangeForKernel
Temp name was sceKernelCpuIcacheAndL2InvalidateMVAURangeForKernel, sceKernelCpuIcacheAndL2WritebackInvalidateRangeForKernel.

Cleans and invalidates range in L2 cache, then in L1 Icache of core.

sceKernelPleFlushRequestForKernel
Temp name was sceKernelCpuPreloadEngineKillForKernel.


 * NSACR (Non-Secure Access Control Register)
 * Test bit NS access to the Preload Engine resources
 * [>] PLEFF (Preload Engine FIFO flush operation)
 * [>] PLEKC (Preload Engine kill channel operation)
 * [<] PLEASR (Preload Engine Activity Status Register)

sceKernelDomainTextMemcpyForKernel
Temp name was sceKernelCpuUnrestrictedMemcpyForKernel.

Unrestricted memcpy by first setting the  register to   then doing a memcpy.

In FW 0.931,  is set to   instead and interrupts are disabled for the operation.

sceKernelCpuForKernel_9B8173F4
Might be get_vaddr_memory_type.

Return value can be:
 * 2
 * 8
 * 0x40
 * 0x80
 * 0xD0
 * 0x80022007 (SCE_KERNEL_ERROR_VA2PA_FAULT)

sceKernelCorelockUnlockForKernel
This is a guessed name. Temp name was sceKernelWaitCore3ForKernel.

sceKernelCorelockLockForKernel
This is a guessed name.

sceKernelCorelockInitializeForKernel
This is a guessed name.

SceCpuForKernel_43CC6E20
DACR off

Does some memory copies between the args.

sceCpuUnrestrictedBzeroIntForKernel
DACR off

SceCpuForKernel_337473B5
DACR off

If addr.unk_0 equals 0, changes addr.unk_0 to new_val, else increase addr.unk_4.

sceKernelCpuAtomicSubIfGreater64ForKernel
DACR is not disabled

sceKernelCpuAtomicLimit64ForKernel
DACR is not disabled

sceKernelCpuAtomicAdd32AndGet64InRangeForKernel
DACR is not disabled

sceKernelCpuAtomicAdd32AndGet64InHiLoRangeForKernel
DACR is not disabled

sceKernelCpuAtomicGet32AndSet64ForKernel
DACR is not disabled

sceKernelCpuAtomicGet32AndSet64_2ForKernel
Exact same code as SceCpuForKernel_4553FBDE.

DACR is not disabled

sceKernelCpuAtomicDecIfLowPositive32ForKernel
DACR is not disabled

sceKernelCpuAtomicHiLoAlgorithmForKernel
DACR is not disabled

Returns current value (high + low), and sets it to max_low.

sceKernelCpuAtomicAddAndGetPositive32InRangeForKernel
This is a guessed name. Official name might be sceKernelAddressSpaceReferForKernel.

DACR is not disabled

If val is negative, returns 2 and does not override val.

SceCpuForKernel_6C7E7B57
Set TTBR lower value (0x4A).

SceCpuForKernel_AED8F8D7
Initialize TTBR.

SceCpuForKernel_9A3281C0
Gets start and end of a special code area in which the kernel<->user memory copy routines reside. See SceExcpmgr page for more information about how this is used.

In older firmware, this function also provides the start and end of the "memory access error range" code area (see SceExcpmgrForKernel_C45C0D3D for what this range is for).

sceKernelCpuIdForDriver
Returns the CPU ID of the current core.

sceKernelCpuAtomicAddAndGet32ForDriver
Adds  to   atomically, and returns the result.

sceKernelCpuAtomicDecIfPositive32ForDriver
This is a guessed name. Official name might be sceKernelAddressSpaceReleaseForDriver.

sceKernelDcacheInvalidateRangeForDriver
Temp name was sceKernelDcacheInvalidateRange_1ForDriver, sceKernelCpuDcacheAndL2InvalidateMVACRange_1ForDriver, sceKernelCpuDcacheAndL2InvalidateRangeForDriver.

sceKernelDcacheInvalidateRangeForL2WBWAForDriver
Temp name was sceKernelDcacheInvalidateRange_0x10ForDriver, sceKernelCpuDcacheAndL2InvalidateMVACRange_10ForDriver.

sceKernelDcacheInvalidateRangeForL1WBWAForDriver
Temp name was sceKernelDcacheInvalidateRange_0x20ForDriver, sceKernelCpuDcacheInvalidateRangeForDriver, sceKernelCpuDcacheAndL2InvalidateMVACRange_20ForDriver.

sceKernelDcacheCleanInvalidateRangeForDriver
Temp name was sceKernelDcacheCleanInvalidateRange_1ForDriver, sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_1ForDriver, sceKernelCpuDcacheAndL2WritebackInvalidateRangeForDriver.

sceKernelDcacheCleanInvalidateRangeForL2WBWAForDriver
Temp name was sceKernelDcacheCleanInvalidateRange_0x10ForDriver.

sceKernelDcacheCleanInvalidateRangeForL1WBWAForDriver
Temp name was sceKernelDcacheCleanInvalidateRange_0x20ForDriver, sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_20ForDriver.

sceKernelDcacheCleanRangeForDriver
Temp name was sceKernelDcacheCleanRange_1ForDriver, sceKernelCpuDcacheAndL2WritebackRangeForDriver, sceKernelCpuDcacheAndL2CleanMVACRange_1ForDriver.

sceKernelDcacheCleanRangeForL2WBWAForDriver
Temp name was sceKernelDcacheCleanRange_0x10ForDriver.

sceKernelDcacheCleanRangeForL1WBWAForDriver
Temp name was sceKernelCpuDcacheWritebackRangeForDriver, flush_dcache, sceKernelDcacheCleanRange_0x20ForDriver, sceKernelCpuDcacheAndL2CleanMVACRange_20ForDriver.

SceCpuForDriver_E813EBB2
Cleans L2 memory? A name could be sceKernelWaitL2CacheReg.

sceKernelIsUncacheAddressInTmpFsGameForDriver
Temp name was sceKernelCpuIsVaddrMappedForDriver.

sceKernelCpuSuspendIntrForDriver
Temp name was sceKernelCpuDisableInterruptsForDriver.

Disables IRQ (FIQ are not disabled, but they're routed to Secure state anyways...) and returns previous interrupt bit status (either 0 or 0x80).

sceKernelCpuResumeIntrForDriver
Temp name was sceKernelCpuEnableInterruptsForDriver.

Restore previous IRQ state. Pass the return value of the previous call to sceKernelCpuSuspendIntrForDriver.

Spinlock functions

The following functions implement a simple mutal exclusion mechanism using atomic operation (LDREX/STREX). Spinlocks are owned by a single thread or CPU at a time. Unlike other lock/sync objects of the kernel, spinlocks can be used under any context. Use spinlocks if the data to protect may be accessed from an IRQ or exception handler.

There are two version of the Spinlock functions: normal functions do not change the CPU state, while the  functions ensure the CPU cannot be interrupted while the lock is held.

The same type of function must be used to lock and unlock a spinlock: for example, calling  followed by   is an invalid usage of this API.

Spinlocks can take two values:  means the spinlock is unlocked, and   means the spinlock is locked.

sceKernelSpinlockLowLockForDriver
Temp name was sceKernelCpuLockStoreLRForDriver.

Acquires a spinlock.

sceKernelSpinlockLowTryLockForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockStoreLRForDriver.

Attempts to acquire a spinlock.

sceKernelSpinlockLowUnlockForDriver
Temp name was sceKernelCpuUnlockStoreLRForDriver.

Unlocks a spinlock previously acquired with either sceKernelSpinlockLowLockForDriver or sceKernelSpinlockLowTryLockForDriver.

sceKernelSpinlockLowLockCpuSuspendIntrForDriver
Temp name was sceKernelCpuSuspendIntrForDriver, sceKernelCpuLockSuspendIntrStoreLRForDriver.

Acquires a spinlock and suspend interrupts if necessary.

sceKernelSpinlockLowTryLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockSuspendIntrStoreLRForDriver.

Attempts to acquire a spinlock. If successfully acquired, suspends interrupts if necessary.

sceKernelSpinlockLowUnlockCpuResumeIntrForDriver
Temp name was sceKernelCpuUnlockResumeIntrStoreLRForDriver, sceKernelCpuResumeIntrForDriver.

Unlocks a spinlock previously acquired with either sceKernelSpinlockLowLockCpuSuspendIntrForDriver or sceKernelSpinlockLowTryLockCpuSuspendIntrForDriver and resumes interrupts if necessary.

If interrupts were disabled before acquiring the spinlock, they will remain disabled after this call.

RW Spinlock functions

The following functions implement RW spinlocks. This variant of the spinlock allows multiple threads/CPUs to access data at the same time as long as only reads are performed. When acquired for writing, a single thread at a time can access the data and is thus free to modify it. Like regular spinlocks, the RW spinlocks can be used under any context. Use RW spinlocks if the data to protect may be accessed from an IRQ or exception handler.

Like for regular spinlocks, all RWSpinlock functions are available in a normal and  version. Additionally, every function exists in  and   variants, depending on whether the caller wants to read or write to the object protected by the lock.

Like for regular spinlocks, the same type of function must be used to lock and unlock a RW spinlock. Calling  followed by   is an invalid usage of this API. Calling  followed by    is also an invalid usage of this API.

RW Spinlocks can take three kind of values:  means the spinlock is unlocked,   means the spinlock is write-locked, and a positive value   means that   readers have read-locked the spinlock.

sceKernelRWSpinlockLowReadLockForDriver
This is a guessed name. Temp name was sceKernelCpuSpinLockStoreLRForDriver.

Acquires a RW spinlock for reading data. Modifying the data protected by the spinlock is not allowed.

sceKernelRWSpinlockLowTryReadLockForDriver
This is a guessed name. Temp name was sceKernelCpuTrySpinLockStoreLRForDriver.

Attempts to acquire a RW spinlock for reading data.

Even if the spinlock is acquired, modifying the data protected by the spinlock is not allowed.

sceKernelRWSpinlockLowReadUnlockForDriver
Temp name was sceKernelCpuSpinUnlockStoreLRForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowReadLockForDriver or sceKernelRWSpinlockLowTryReadLockForDriver.

sceKernelRWSpinlockLowWriteLockForDriver
This is a guessed name. Temp name was sceKernelCpuLockStoreFlagForDriver.

Acquires a RW spinlock for writing data.

sceKernelRWSpinlockLowTryWriteLockForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockStoreFlagForDriver.

Attempts to acquire a RW spinlock for writing data.

sceKernelRWSpinlockLowWriteUnlockForDriver
Temp name was sceKernelCpuUnlockStoreFlagForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowWriteLockForDriver or sceKernelRWSpinlockLowTryWriteLockForDriver.

sceKernelRWSpinlockLowReadLockCpuSuspendIntr
This is a guessed name. Temp name was sceKernelCpuSpinLockSuspendIntrStoreLRForDriver.

Acquires a RW spinlock for reading data and suspends interrupts if necessary.

sceKernelRWSpinlockLowTryReadLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuTrySpinLockSuspendIntrStoreLRForDriver.

Attempts to acquire a RW spinlock for reading data. If successfully acquired, suspends interrupts if necessary.

sceKernelRWSpinlockLowReadUnlockCpuResumeIntrForDriver
Temp name was sceKernelCpuSpinUnlockResumeIntrStoreLRForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowReadLockCpuSuspendIntrForDriver or sceKernelRWSpinlockLowTryReadLockCpuSuspendIntrForDriver, and resumes interrupts if necessary.

If interrupts were disabled before acquiring the spinlock, they will remain disabled after this call.

sceKernelRWSpinlockLowWriteLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuLockSuspendIntrStoreFlagForDriver.

Acquires a RW spinlock for writing data and suspends interrupts if necessary.

sceKernelRWSpinlockLowTryWriteLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockSuspendIntrStoreFlagForDriver.

Attempts to acquire a RW spinlock for writing data. If successfully acquired, suspends interrupts if necessary.

sceKernelRWSpinlockLowWriteUnlockCpuResumeIntrDriver
Temp name was sceKernelCpuUnlockResumeIntrStoreFlagForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowWriteLockCpuSuspendIntrForDriver or sceKernelRWSpinlockLowTryWriteLockCpuSuspendIntrForDriver, and resumes interrupts if necessary.

If interrupts were disabled before acquiring the spinlock, they will remain disabled after this call.

SceSysclibForKernel
This library was removed on FW 1.80.

__prnt
This is a guessed name. from PSP.

SceSysclibForKernel_FA746181
return a1 * (- 0x6e19295b) - 0x6e19295b;

In SceSysmem, it is used internally to modify a global variable, like a multiplication hash function would do.

SceSysclibForDriver
The C standard library for use in kernel only. Usermode has access to SceLibKernel, which confusingly is usermode only.

Includes standard string functions (no insecure variants like ).

sortof_vsnprintf
This is a guessed name.

sortof_vsnprintf_2
This is a guessed name.

SceSysclibForDriver_33388DBC
Calculates xor of a1 and a2, then does some calculation with a3.

SceSysclibForDriver_32373DF7
Helper for strtol in base 10.

__aeabi_uldivmod
Returns the 64-bit quotient of the division of dividend by divisor.

Used for example to convert SceRtc ticks to a simpler format (divide by time unit in ms) or to compute the number of storage device blocks in SceSdstor (divide by block size).

__aeabi_lasr
Temp name was rshift.

__stack_chk_guard
This is a variable.

__prnt
This is a guessed name. from PSP.

Supported formats:

timingsafe_memcmp
timing constant memcmp

memmove
On FW 1.69, this seems to be implemented incorrectly.

__strncpy_chk2
This is a guessed name.

__strncat_chk2
This is a guessed name.

SceSysrootForKernel_571E5B79
See.

SceSysrootForKernel_611F17A4
Registers the function called by.

SceSysrootForKernel_118657C6
Calls the function registered by.

Used in SceExcpmgr.

SceSysrootForKernel_081F2C20
Registers sceKernelGetProcessId_2 from SceKernelThreadMgr.

SceSysrootForKernel_C5EAF5F7
Registers the function called by.

SceSysrootForKernel_47724459
Calls the function registered by.

SceSysrootForKernel_8747D415
Registers the function used by.

SceSysrootForKernel_B27B7530
Calls the function registered by.

Used by SceKernelBusError.

SceSysrootForKernel_82FC6405
Registers the function used by.

Used by SceKernelBusError.

SceSysrootForKernel_CD4B84F7
Calls the function registered by.

Used by SceKernelBusError.

SceSysrootForKernel_733C243E
Registers many Sysroot SceProcessmgr callbacks.

SceSysrootForKernel_7334F1E8
Calls SceProcessmgr function registered by.

SceSysrootForKernel_D29BCA77
Registers many Sysroot SceProcessmgr callbacks.

SceSysrootForKernel_DD7821AA
Register the function called by.

SceSysrootForKernel_340575CB
Return some PID.

sceKernelSysrootSetCheckRemapCodeForUserFuncForKernel
Registers the function called by.

sceKernelSysrootCorelockUnlockForKernel
Calls.

SceSysrootForKernel_21F5790B
Registers a function related to kernel panic.

SceSysrootForKernel_0DF574A9
Calls the function related to kernel panic registered by.

SceSysrootForKernel_2D6B2A79
Registers a function related to kernel panic, called by.

SceSysrootForKernel_CC7A0E63
Calls a function related to kernel panic, registered by.

SceSysrootForKernel_1D84C4D4
Get module name, dbgFingerprint and base from address.

SceSysrootForKernel_5B5EBFB1
Registers pointer to SceLT5 used by.

SceSysrootForKernel_41636522
Returns current SceLT5 value pointed by pointer registered using. Long/low (64bit) time in microseconds. It is about "awake" uptime from system boot.

SceSysrootForKernel_E20F6FC8
Same as but "asynchronous".

Used by SceDebug Kernel Exceptions handlers.

SceSysrootForKernel_1D8DB3A5
Same as but "asynchronous".

Returns 0 on success, 0x80020006 if pTime is a NULL pointer.

sceKernelSysrootCorelockLockForKernel
Calls.

SceSysrootForKernel_06182D59
Reimplementation:

SceSysrootForKernel_7385CADE
Get current syscall's PID.

SceSysrootForKernel_D441DC34
Calls a callback registered by, related to syscall frame printing on kernel panic.

get_SceKernelSysrootClass_itemsize
On FW 0.990 return hardcoded value 0x470.

On FW 3.60 return hardcoded value 0x41C.

sceKernelSysrootGetLibraryDBForKernel
Maybe returns a pointer to the library stub structure. See Modules.

sceKernelSysrootSetLibraryDBForKernel
Maybe sets a pointer to the library stub structure. See Modules.

sceKernelSysrootAllocForKernel
Allocates memory from the "Sysroot heap". The Sysroot heap is located after  structure and consumes the rest of the page. Allocations from this "heap" are permanent and cannot be returned - there is no.

Usage of this function is not recommended because of the lack of a "free" function. Use SceSysmem instead.

sceKernelSysrootAssertSysrootForKernel
Check sysroot->magic (offset 0xC must be 0xBA97F5A1) and sysroot->magic2 (offset 0x20C must be 0xA008B0C3‬).

sceKernelSysrootGetCurrentProcessForKernel
Return the current process id.

sceKernelSysrootTrapThreadAfterSyscallForKernel
Calls a callback registered by.

Prints syscall_critical_usage.

sceKernelSysrootReturnFromExcpToThreadForKernel
Used in SceExcpmgr.

sceKernelSysrootBacktraceForKernel
See also SceKernelModulemgr.

sceKernelSysrootPrintBacktraceForKernel
See also SceKernelModulemgr.

sceKernelSysrootGetCurrentAddressSpaceCBForKernel
Calls a callback registered by if it was registered, else a fallback callback. The fallback callback is registered by on System Software version < 2.10 and by  on System Software version >= 2.10.

SceSysrootForKernel_BF82931F
Calls the function registered by.

No usage seen on CEX OS. Maybe used in DEX/TOOL OS.

SceSysrootForKernel_6D111FA7
Calls the function registered by.

Used only in SceCoredump.

SceSysrootForKernel_2A03DFA1
Calls the function registered by.

Used only in SceCoredump.

sceKernelSysrootGetCachedSecureModuleInfoForKernel
Temp name was sceKernelSysrootGetSmSelfInfoForKernel.

sceKernelSysrootGetProcessSelfAuthInfoForKernel
Temp name was sceSysrootGetSelfAuthInfoForKernel.

sceKernelSysrootGetProcessTitleIdForKernel
Temp name was sceSysrootGetProcessTitleIdForPidForKernel.

sceKernelSysrootGetFunctionNameByNIDForKernel
Mirror of SceSysLibTrace.

SceSysrootForKernel_E635DFCC
Registers the fallback Address Space callback used in.

SceSysrootForKernel_26458702
Registers some callbacks for example the fallback Address Space callback used in.

SceSysrootForKernel_B171CC2D
Register some ModuleMgr handlers.

Used by SceKernelModulemgr.

sceKernelSysrootGetVbaseResetVectorForKernel
Returns the exception vectors base address. The address of the exception vectors for the CPU  is:.

sceKernelSysrootSetLicMgrGetLicenseStatusFuncForKernel
Registers SceSblPostSsMgr.

sceKernelSysrootLicMgrGetLicenseStatusForKernel
Called by sceSblAuthMgrAuthHeaderForKernel before Cmep request.

sceKernelSysrootGetSysrootForKernel
Temp name was sceKernelGetSysbaseForKernel.

Returns pointer to SceUIDSysrootObject in SceSysmem.

sceKernelSysrootGetKblParamForKernel
Temp name was sceKernelGetSysrootBufferForKernel, sceSysrootGetSysrootBufferForKernel.

Returns pointer to KBL Param.

sceKernelSysrootGetSoCRevisionForKernel
return pSysroot->soc_revision;

sceKernelSysrootGetPervasiveUnkDwordForKernel
This is a guessed name.

Returns value initially read from physical address 0xE3100004 (ScePervasiveMisc + 0x4).

return pSysroot->pervasive_unk_dword;

sceKernelSysrootGetKermitRevisionForKernel
return pSysroot->kermit_revision;

Used by SceKernelBusError, SceSysStateMgr.

sceKernelSysrootGetErnieSleepFactorForKernel
This is a guessed name.

See KBL Param.

return kbl_param->sleep_factor;

sceKernelSysrootGetErnieWakeupFactorForKernel
This is official name. Temp name was sceSysrootGetWakeupFactorForKernel.

See KBL Param.

return kbl_param->wakeup_factor;

sceKernelSysrootGetSessionIdForKernel
Writes kbl_param->session_id to buffer.

pSessionId buffer size is 0x10 bytes.

sceKernelSysrootIsExternalBootModeForKernel
return *(int *)(kbl_param->boot_type_indicator_1) & 1;

sceKernelSysrootIsSomeBootModeForKernel
This is a guessed name. A possible name is sceKernelIsAllowSdCardFromMgmt.

Used by SceSdif, SceExfatfs.

return (*(int *)(kbl_param->boot_type_indicator_1) >> 19) & 1;

Returns true if boot_type_indicator_1 has flag 0x80000 ?sd mode? - (Mgmt bit 1)

sceKernelSysrootIsExternalBootMode2ForKernel
This is a guessed name. Temp name was sceSysrootIsSomeBootMode2ForKernel. A possible name is sceKernelIsAllowFwCheckSkip.

return kbl_param->boot_type_indicator_1[2] & 1;

Return true if boot_type_indicator_1 has flag 0x10000 but it seems to be never set in external (release) second_loader. It allows to bypass current fw version check for module loading.

sceKernelSysrootIsUartModeForKernel
This is a guessed name. Temp name was sceSysrootIsSomeModeForKernel.

Returns true if (kbl_param->boot_flags[1] != 0xFF).

Used to check if UART must be initialized or not.

sceKernelSysrootIsBsodRebootForKernel
return ((pKblParam->wakeup_factor) & 0x7Fu) == 0x17;

sceKernelSysrootIsUnknownRebootForKernel
return (*(int *)(kbl_param->wakeup_factor) & 0x7Fu) <= 1;

sceKernelSysrootIsManufacturingModeForKernel
This is a guessed name. Temp name was sceSysrootUseExternalStorageForKernel.

When returns true it allows loading sd0:psp2config.skprx.

Returns true when Manufacturing Mode flag is set:

return (*(int *)(kbl_param->boot_type_indicator_1) >> 2) & 1;

sceKernelSysrootUseInternalStorageForKernel
Returns true when use internal storage flag is not set:

return *(char *)(kbl_param->boot_flags[5]) & 1 ^ 1;

sceKernelSysrootGetThreadAccessLevelForKernel
Calls int (__cdecl *GetThreadAccessLevel); // 0x344 on 3.60

sceKernelSysrootAllocRemoteProcessHeapForKernel
Temp name was sceKernelAllocHeapMemoryForKernel.

Same as  but does set   to 0x1000B.

Checks that pid is 0x10013 or 0x10005 (kernel).

sceKernelSysrootGetModulePrivateForKernel
data : 3: system memory (0xDC-bytes), 7: some process data (?-bytes), 9: kbl module cb (0xAC-bytes)

sceKernelSysrootGetSecureStatusForKernel
return *(uint *)some_buf->field_0x28 & 1;

sceKernelSysrootIsSecureStateForKernel
return (*(uint *)some_buf->field_0x28 ^ 1) & 1;

sceKernelSysrootIsColdBootForKernel
return (*(uint *)some_buf->field_0x28 & 10; // FW 3.60 in IDA PRO

return ((*(uint *)some_buf->field_0x28 ^ 0x10) << 0x1b) >> 0x1f; // FW 0.940 in Ghidra

SceSysrootForDriver_6219CC14
Used in SceUlobjMgr.

SceSysrootForDriver_F804F761
Official name might be sceKernelSysrootHasSDCardSupportForDriver.

This function always returns  on some release System Software versions, for example 3.500.000 and 3.600.011.

Used in SceSdstor and SceVshBridge.

If this function returns, then   is called.

sceKernelSysrootSetVipRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootClearVipRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootGetVipRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootSetVeneziaRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootClearVeneziaRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootGetVeneziaRpcDebugFuncForDriver
This is a guessed name.

sceKernelApiDeclareTypeUInt64ForDriver
Sets a value to 3.

sceKernelSysrootGetTimebaseClockFrequencyForDriver
Calls the function registered by.

Functions are registered only in DevKit.

Used by SceGpuEs4.

SceSysrootForDriver_C94C76FA
Registers some Sysroot functions.

SceSysrootForDriver_2BE874EF
Registers the function called by.

Used only in SceAppMgr.

SceSysrootForDriver_3B19B06B
Registers the function called by.

Used only in SceAppMgr.

SceSysrootForDriver_70AD47A9
Registers the function called by.

Used only in SceAppMgr.

SceSysrootForDriver_AA770EF7
Registers the function called by.

The function is registered from SceTty2uart only if DIP Switch 211 is set.

SceSysrootForDriver_591BB490
Calls the function registered by.

Gets tty2uart information into a 0x1000-sized buffer, similarly to. Returns some size, maybe size of the written tty2uart buffer.

Used only in SceCoredump.

SceSysrootForDriver_C5EAF5F7
Registers the function called by.

SceSysrootForDriver_47724459
Calls the function registered by.

SceSysrootForDriver_F9FB9A2A
Registers the function called by.

SceSysrootForDriver_40F28DC6
Calls the function registered by.

sceKernelSysrootGetCompiledSdkVersionByPidForDriver
Temp name was sceKernelGetProcessHeapIDForDriver.

Calls a callback registered by.

Used in SceKernelModulemgr functions that load modules, for example SceKernelModulemgr.

SceSysrootForDriver_8747D415
Used by SceDeci4pSDfMgr.

Registers the function called by.

SceSysrootForDriver_B27B7530
Calls the function registered by.

sceKernelSysrootSetGetBuserrorDataFuncForDriver
This is a guessed name.

Registers the function called by.

sceKernelSysrootGetBuserrorDataForDriver
This is a guessed name.

Calls the function registered by.

SceSysrootForDriver_FF2DD7AB
Registers something.

SceSysrootForDriver_3AE319DA
Used by SceSyscon.

Get something registered by.

sceKernelSysrootGetHardwareFlagsForDriver
This is a guessed name. Temp name was sceSysrootIsAuCodecIcConexantForDriver.

Writes kbl_param->hardware_flags to buffer.

pFlags buffer size is 0x10 bytes.

sceKernelSysrootGetHardwareInfoForDriver
return kbl_param->hardware_info;

sceKernelSysrootSetUtMgrGetTrilithiumBufferFuncForDriver
Registers the function called by.

sceKernelSysrootSetSceSblPostSsMgrForDriver_A12C9950FuncForDriver
Registers the function called by.

The function is SceSblPostSsMgr.

sceKernelSysrootSceSblPostSsMgrForDriver_56D85EB0ForDriver
Used by SceSblACMgr.

Calls the function registered by.

The function is SceSblPostSsMgr.

sceKernelSysrootSetSblUtMgrHasUNK1FlagFuncForDriver
Registers the functions called by.

sceKernelSysrootSblUtMgrHasUNK1FlagForDriver
Calls the function registered by.

sceKernelSysrootSetSblUtMgrHasUNK2FlagFuncForDriver
Registers the function called by.

sceKernelSysrootSblUtMgrHasUNK2FlagForDriver
Calls the function registered by.

Used by SceSblACMgr.

SceSysrootForDriver_2D6B2A79
Registers a function related to kernel panic, called by or.

SceSysrootForDriver_CC7A0E63
Calls a function related to kernel panic, registered by or.

sceKernelSysrootDisableAutoClockDownForDriver
Derived from SceVshBridge.

return sceKernelCpuAtomicGetAndAdd32ForDriver(&a_flag_based_on_mgmt_bit0, 0x10);

Adds 0x10 from a SceSysmem global variable and returns it.

sceKernelSysrootEnableAutoClockDownForDriver
Derived from SceVshBridge.

return sceKernelCpuAtomicGetAndAdd32ForDriver(&a_flag_based_on_mgmt_bit0, 0xfffffff0);

Subtracts 0x10 from a SceSysmem global variable and returns it.

Used by SceCompat, ScePower, SceKernelDmacMgr, SceSblAuthMgr, SceSblSmschedProxy, SceSblSsSmComm.

SceSysrootForDriver_6050A467
Debug related. Returns an error when called because there is no handler set for retail.

SceSysrootForDriver_F4340469
Coredump related. Called during process load. Something is same as in.

sceKernelSysrootCoredumpTriggerForDriver
Used by SceDeci4pDbgp.

sceKernelSysrootSetProcessHandlerForDriver
Registers some handlers.

SceSysrootForDriver_421EFC96
Calls SceSysrootProcessHandler's on_process_created.

Used only by SceAppMgr and called on process creation.

Hooked to make it return 0 (success) for example in:
 * HENkaku payload by Team Molecule
 * update365 by TheFloW

SceSysrootForDriver_571E5B79
Calls SceSysrootProcessHandler's unk_4.

SceSysrootForDriver_51F9C118
Calls SceSysrootProcessHandler's unk_18.

Used in SceProcessmgr.

SceSysrootForDriver_582616EC
Calls SceSysrootProcessHandler's unk_24.

Used in SceProcessmgr.

sceKernelSysrootSetGetSystemSwVersionFuncForDriver
Temp name was sceKernelSysrootSetSystemSwVersionForDriver.

Used by SceSblUpdateMgr.

sceKernelSysrootGetSystemSwVersionForDriver
Returns System Software version as int from SceSysmem memory. For exemple: 0x0365000 on 3.65.

sceKernelSysrootGetModelInfoForDriver
This is a guessed name, based on "sysroot->model_info".

Returns sysroot->model_info.

Used only in SceProcessmgr initializeBudget on module start. According to model_info, ScePhyMemPartShell is allocated with different parameters.

SceSysrootForDriver_ED688AEE
Registers the callback called by.

SceSysrootForDriver_F404026C
Calls the callback registered by.

sceKernelSysrootCheckModelCapabilityForDriver
This is an official name. Name derived from.

Only bits in the range 0-255 are supported.

Bits:
 * 0: unknown
 * 1: Multi-controllers support
 * 2: unknown
 * 4: unknown
 * 5: unknown
 * 6: unknown
 * 7: unknown, ?OLED display?
 * 8: unknown, ?LCD display?
 * 9: unknown, set on almost all models
 * 10: unknown
 * 11: SD card support
 * 12: unknown
 * 13: unknown

Used in SceCtrl, SceSdstor, SceUsbEtherRtl and SceVshBridge.

sceKernelSysrootInvokeInitCallbackExForDriver
This is a guessed name.

sceAesDecrypt1ForDriver
Perform normal AES decrypt.

sceAesDecrypt2ForDriver
Perform AES decrypt using encryption round key.

sceAesEncrypt1ForDriver
Perform AES encrypt. There are two functions that are the same on 1.69.

sceAesEncrypt2ForDriver
Perform AES encrypt. Similar to sceAesEncrypt1ForDriver.

sceAesInit1ForDriver
This sets up the AES engine. is a 0x3C0 byte buffer (on FW 1.69). and  values are in bits. 128/196/256 are supported values.

last arg to subroutine is 0

sceAesInit2ForDriver
last arg to subroutine is 1

sceAesInit3ForDriver
last arg to subroutine is 2

SceKernelUtilsForDriver_C76A7685
Looks like it relates to AES InvMixColumns.

SceKernelUtilsForDriver_60ED6EA9
Equivalent to AES getSBox32Value

sceMt19937GlobalInitForDriver
cp_timestamp_2 is gotten from SceKblParam.

sceMt19937GlobalUIntInRangeForDriver
Temp name was sceMt19937GlobalUninitForDriver.

sceXorshift128ForDriver
Similar implementation as xorshift128.

SceKernelUtilsForDriver_B55C69B7
If buffer is full of zeroes, then each of the four dwords of buffer are set to 1. Always success and always return 0.

Used in SceProcessmgr.

SceZlibForDriver
This library was moved to SceSblPostSsMgr on FW 1.800.071.

zlib compression library.

SceZlibForDriver_20A122F8
May be an initialization function.

Used by SceCoredump.

SceZlibForDriver_5492B3F2
Used by SceCoredump.

SceZlibForDriver_5B718E55
Used by SceCoredump.

SceKernelSuspendForDriver
Used to register handlers for handling suspend/resume related events.

sceKernelPowerLockForDriver
This is a guessed name.

Used in SceProcessmgr.

sceKernelPowerUnlockForDriver
This is a guessed name.

Used in SceProcessmgr.

SceKernelSuspendForDriver_4DF40893
Locks something.

Called in SceProcessmgr and SceProcessmgr just before starting a process.

Called just before NVS write.

SceKernelSuspendForDriver_2BB92967
Unlocks something.

Called in SceProcessmgr and SceProcessmgr just after starting a process.

Called just after NVS write.

sceKernelRegisterSysEventHandlerForDriver
Temp name was sceKernelSuspendRegisterCallbackForDriver.

Registers a function for handling suspend/resume. is 0 if we are currently suspending and 1 if we are currently resuming. is passed from the registration. Registration adds an entry to a linked list and returns the block id for the new entry.

Returns the suspend_handler_id.

SceKernelSuspendForDriver_CE7A2207
Registers a handler for a suspend event.

SceKernelSuspendForDriver_105C5752
Registers a handler for a resume event.

SceKernelSuspendForDriver_D4958E6F
Dispatch handler registered by.

sceKernelUnregisterSysEventHandlerForDriver
Call with the id returned from  to remove the entry from the linked list and free the memory.

sceKernelSysEventDispatchForDriver
This function goes through the linked list and calls each handler. If  is set, then the first handler that returns a negative value stops the call chain and returns the block id of the handler that broke the chain. Otherwise, this function invokes each handler and returns 0.

sceKernelPowerTickForDriver
Cancel specified idle timers to prevent entering in power save processing.

Returns 0 on success.

SceKernelSuspendForDriver_1FA2F8F1
Calls a power handler.

SceKernelSuspendForDriver_F2B07167
Registers a global variable used by.

SceKernelSuspendForDriver_B5C58EE8
Registers a global variable used by.

SceKernelSuspendForDriver_D6124071
Registers a global variable used by.

SceKernelSuspendForDriver_0DE3CC02
Registers a global variable used by.

SceKernelSuspendForDriver_4E5A3A23
Registers a global variable used by.

SceKernelSuspendForDriver_C00826AC
Registers a global variable used by.

SceKernelSuspendForDriver_8B3F02B8
Registers a global variable used by.

SceQafMgrForDriver
Provides many device permission checks including running app privilege checks, debugging enabled checks, and so on.

SceQafMgrForDriver_082A4FC2
Temp name was sceSblQafMgrIsAllowHost0AccessForDriver. A potential name could be sceSblQafMgrIsAllowRemoteLoadForDriver.

Used by sceSblFwLoaderLockForDriver, SceKernelModulemgr, SceSysStateMgr and SceSblPostSsMgr.

Used by sceSblSpsfoMgrOpenForDriver.

When this flag is set, it allows for example to load some files from host0:, for example SPSFO and psp2config.skprx.

sceSblQafMgrIsAllowGameDebugForDriver
This is a guessed name.

Only used by SceSblACMgr.

Might be something like sceSblQafMgrIsAllowUserAppDebug.

SceQafMgrForDriver_0E588747
Only used by SceRegistryMgr.

Returns true if the PSVita is an "Internal system".

SceSblQafMgrForDriver_4BC1883F
Like a sceSblQafMgrIsAllowPSPEmuDevelopmentForDriver.

sceSblQafMgrIsAllowSystemAppDebugForDriver
Used by SceDeci4pDtracep and SceSblACMgr.

If it returns false, syscalls debug trace printf is disabled.

sceSblQafMgrIsAllowKernelDebugForDriver
Used by SceKernelModulemgr, SceExcpmgr, SceCrashDump, SceHdmi, SceKernelBlueScreenOfDeath.

sceSblQafMgrIsAllowQAUpdateForDriver
Only used by SceSblUpdateMgr.

sceSblQafMgrIsAllowForceUpdateForDriver
Only used by SceSblUpdateMgr.

SceQafMgrForDriver_52B4E164
Only used by SceWlanBt and SceEnumWakeUp.

SceQafMgrForDriver_883E9465
Temp name was sceSblQafMgrIsAllowDecryptedBootConfigLoadForDriver.

Used by SceSysStateMgr only.

Allows loading psp2config.skprx as plaintext format.

SceQafMgrForDriver_B9770A13
Needed to be enabled to work with DIPSW 251 (Enable "dummytty0:"). Needed by SceSysStateMgr to allow loading.

Used by SceKernelModulemgr and SceSysmodule.

SceQafMgrForDriver_AE033133
Only used by SceNpDrm.

SceQafMgrForDriver_DEC6DF4E
Only used by SceNpDrm.

SceQafMgrForDriver_41E04800
Only used by SceAppMgr.

SceQafMgrForDriver_7B14DC45
Only used by SceAppMgr.

scePmMgrGetProductModeForDriver
Returns 0 on success, 0x800f0a29 on failure.

Gets kbl_param using sceKernelSysrootGetKblParamForKernel.

result = ((int *)(kbl_param->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag

scePmMgrIsExternalBootModeForDriver
Gets kbl_param using sceKernelSysrootGetKblParamForKernel.

return (int *)(kbl_param->boot_type_indicator_1) & 1; // external boot mode flag

sceSblAIMgrGetSMIForDriver
SMI means Service / Manufacturing Information.

SMI is read from SceKblParam->min_fw_version.

sceSblAIMgrGetProductCodeForDriver
Temp name was sceSblAIMgrGetTargetIdForDriver.

Product Code = Target Id

sceSblAIMgrGetProductSubCodeForDriver
Product Sub Code = model revision

sceSblAIMgrIsTestForDriver
TEST = Internal Test Unit

Returns true if PsCode Product Code == 0x100.

sceSblAIMgrIsToolForDriver
TOOL = DevKit

Returns true if PsCode Product Code == 0x101.

sceSblAIMgrIsDEXForDriver
Returns true if PsCode Product Code == 0x102.

sceSblAIMgrIsCEXForDriver
Returns true if PsCode Product Code 0x103-0x111 AND sceSblAIMgrIsSpecialCEXForDriver returns false.

sceSblAIMgrIsVITAForDriver
Returns sceSblAIMgrIsGenuineVITAForDriver.

sceSblAIMgrIsDolceForDriver
Returns sceSblAIMgrIsGenuineDolceForDriver if returns true else returns sceKernelCheckDipswForDriver(0x98).

sceSblAIMgrIsGenuineVITAForDriver
Returns true if:
 * PsCode Product Code <= 0x111 AND sceSblAIMgrIsGenuineDolceForDriver returns false
 * sceSblAIMgrIsSpecialCEXForDriver returns true AND HardwareInfo != 0x700000 != 0x720000 != 0x510000

sceSblAIMgrIsDiagForDriver
Temp name was sceSblAIMgrIsSpecialCEXForDriver, sceSblAIMgrIsCEXJpFatForDriver.

Returns true if PsCode Product Code == 0x103 (Japan), PsCode Product Sub Code == 0x10 (FAT chassis) and PsCode Factory Code == 0x24 (SCE labs).

sceSblAIMgrIsToolDVT1ForDriver
Returns true if PsCode Product Code == 0x101 and PsCode Product Sub Code == 3.

sceSblAIMgrIsToolRev4ForDriver
Returns true if PsCode Product Code == 0x101 and PsCode Product Sub Code == 4.

sceSblAIMgrIsToolDVT2ForDriver
Returns true if PsCode Product Code == 0x101 and PsCode Product Sub Code == 5.

sceSblAIMgrIsCEXPrototypeRev2ForDriver
Returns true if PsCode Product Code == 0x103 and PsCode Product Sub Code == 2.

sceSblAIMgrIsCEXPrototypeRev7ForDriver
Returns true if PsCode Product Code == 0x103 and PsCode Product Sub Code == 7.

sceKernelUnregisterProcEventHandlerForDriver
Previous name was sceProcEventDeleteUidForDriver.

Wrapper to sceGUIDCloseForDriver.

sceKernelRegisterProcEventHandlerForDriver
Previous name was sceProcEventCreateEventForDriver

Uses sceKernelCreateEventForDriver.

Returns uid.

sceKernelInvokeProcEventHandlerForDriver
Walks the list of registered process event handlers and invokes the ones related to the signaled event.

SceDebugLedForDriver
GPI stands for General Purpose Input, and GPO stands for General Purpose Output.

sceKernelGetGPIForDriver
Only SceDebugLedForDriver function used by SceCoredump.

sceKernelRegisterKprintfHandlerForKernel
Temp name was sceDebugSetHandlersForKernel.

sceKernelGetDebugPutcharForKernel
Temp name was sceDebugGetPutcharHandlerForKernel.

Returns pointer to current debug putchar handler.

sceKernelRegisterDebugPutcharForKernel
Temp name was sceDebugRegisterPutcharHandlerForKernel.

Set debug print char handler.

sceKernelDebugPutcharForKernel
Temp name was sceDebugPutcharForKernel.

Print character.

Return 1.

sceKernelTtyPutcharForKernel
This is a guessed name.

Prints a character to the 0x1000-byte buffer returned by SceSysmem.

On success, returns printed size (always 1).

panic_on_kernel_exception
Prints information about a Kernel Exception, ?and certainly calls SceCoredump?, then calls SceSysrootForKernel_0DF574A9 in an infinite loop.

This function doesn't return.

See SceExcpmgr for the meaning of excpcode.

register_unk_handler
used by SceDeci4pSDbgp.

handler definition:

set_info_dump_flag
Temp name was sceDebugDisableInfoDumpForKernel.

Returns previous info dump flag.

start_logging
Returns 1 if logging has been started successfully, -1 else.

stop_logging
If state is not zero, stops logging and return 1, else does nothing and return 0.

Returns 1 if logging has been stopped, 0 else.

_sceKernelPrintDebugLogForKernel
If a2 is not zero, the current log buffer address is updated, else it is unchanged.

maxNum is guessed to be either the number of entries or the index of the chosen entry. Entry size is 0x40 bytes.

Uses sceKernelPrintfLevelForDriver to print.

sceKernelPrintDebugLogForKernel
Calls _sceKernelPrintDebugLogForKernel with maxNum = (log_buf_end - log_buf_start) / 0x40.

sceKernelPrintfCore0ForKernel
Same as sceKernelPrintfForDriver but only prints if CPU ID is 0.

sceKernelPrintfLevelCore0ForKernel
Same as sceKernelPrintfLevelForDriver but only prints if CPU ID is 0.

sceKernelGetMinimumLogLevelForKernel
Returns the minimumLogLevel set by sceKernelSetMinimumLogLevelForKernel.

sceKernelSetAssertLevelForKernel
Temp name was sceKernelSetMinimumAssertionLevelForKernel.

Overrides in memory g_assertLevel set by DIP switches 201 and 202.

Returns the previous assert level.

sceKernelGetAssertLevelForKernel
Temp name was sceKernelGetMinimumAssertionLevelForKernel.

Returns g_assertLevel from memory.

sceDebugRegisterBacktraceInternalForKernel
This is a guessed name.

Registers a callback for SceKernelModulemgr.

If callback runs successfully (returns >= 0), value of pNumReturn is used as third argument of PrintBacktrace, else PrintBacktrace is not called at all.

sceDebugRegisterPrintBacktraceForKernel
This is a guessed name.

Registers a callback for SceKernelModulemgr.

SceDebugForKernel_F1F861CF
Registers a callback that is called when a crash occur.

Used by SceKernelBlueScreenOfDeath.

SceDebugForDriver
If AllowKernelDebug QA flag is not set, calls to functions with non-zero SceKernelDebugLevel are ignored.

sceKernelPrintfForDriver
Temp name was sceDebugPrintfForDriver.

sceKernelPrintfLevelWithInfoForDriver
This is a guessed name.

Temp name was sceKernelPrintfLevelWithCtxForDriver.

sceKernelPrintfWithInfoForDriver
This is a guessed name.

Temp name was sceDebugPrintf2ForDriver, sceKernelVprintfLevelWithCtxForDriver.

sceKernelAssertForDriver
Temp name was sceDebugPrintKernelAssertionForDriver.

Condition 0 can trigger "kernel stopped".

sceKernelPrintfAssertLevelForDriver
This is a guessed name.

Temp name was sceDebugPrintfKernelAssertionForDriver, sceKernelVprintfAssertLevelForDriver.

sceKernelGetAssertLevelForDriver
Temp name was sceKernelGetMinimumAssertionLevelForDriver.

Returns g_assertLevel from memory.

sceKernelPanicForDriver
Temp name was sceDebugPrintKernelPanicForDriver.

sceKernelGetTtyInfoForDriver
This is a guessed name.

_sceEventLogPutForDriver
Derived from SceVshBridge.

Calls SceSysmem with KERNEL PID and SceSysmem return value as second argument.

sceEventLogPutForDriver
This is a guessed name.

sceEventLogGetInfoForDriver
This is a guessed name.

Copy by blocks of 0x30 bytes (or maybe 0xC0 bytes).

sceKernelAllocPartitionMemBlockForTZS
Temp name was sceKernelAllocMemBlockForPidForTZS.

sceKernelVAtoPAForTZS
This will write the physical address for a virtual address  to memory pointed to by.

Returns <0 on error, values >=0 indicate success.

sceKernelDebugPutcharForTZS
Print character.

sceKernelGetAssertLevelForTZS
Returns g_assertLevel from memory.

sceKernelPrintfCore0ForTZS
Same as sceKernelPrintfForTZS but only prints if CPU ID is 0.

sceKernelPrintfLevelCore0ForTZS
Same as sceKernelPrintfLevelForTZS but only prints if CPU ID is 0.

stop_logging
If state is not zero, stops logging and return 1, else does nothing and return 0.

Returns 1 if logging has been stopped, 0 else.

register_unk_cb
The callback has this definition:

If unk_cb runs successfully (return >= 0), pOut is used as third argument of unk_cb2, else unk_cb2 is not called at all.

register_unk_cb2
The callback has this definition:

SceCpuForTZS

 * 0.931: 0xACA39932: unknown, save context that will be restored with 0xCA74C9A2
 * 0.931: 0xCA74C9A2: unknown, restore context saved with 0xACA39932
 * 0.931: 0xE0B34336: unknown, same as SceCpuForKernel_9D72DD1B
 * 0.931-0.990: 0x40DEC1B6: sceKernelWaitForEvent
 * 0.931-0.990: 0xF42F079B: sceKernelSendEvent
 * 0.940: 0x1266F962: sceKernelAbort
 * 0.931-0.940: 0x98BF47D3: sceKernelGetVmaccessRange
 * 0.931: 0x49AD8B60: sceKernelSetFIQModeStack
 * 0.931: 0xC2A428F3: sceKernelSetMonModeStack
 * 0.931: 0xD9013440: sceKernelSetIRQModeStack
 * 0.931: 0xDF17E4A3: sceKernelSetUndModeStack
 * 0.931: 0xF832C341: sceKernelSetAbtModeStack
 * 0.931: 0xFB1D3114: sceKernelSetSvcModeStack
 * 0.931: 0xF6CE21EA: sceKernelPrintCpuMode
 * 3.60: 0x31E78A4B: unknown
 * 3.60: 0x4FED4BCE: unknown
 * 3.60: 0x7548CBCF: unknown
 * 3.60: 0xD4E7413D: unknown

1.80:     NID 0: 0x0A15B41C: sceKernelL1DcacheCleanInvalidateAll NID 1: 0x17A88E69: sceKernelL1DcacheCleanRange NID 2: 0x190D96D5: sceKernelDcacheCleanRange NID 3: 0x2A0A3DC6 NID 4: 0x2B6403F8: on FW 3.60, does nothing and returns -1 NID 5: 0x2FE24445: sceKernelCpuAtomicSet32 NID 6: 0x308D7ABE: sceKernelCpuDcacheInvalidateMVACRange NID 7: 0x324727D1: sceKernelGetCpsr NID 8: 0x39FCFCC2: sceKernelDomainTextMemcpy NID 9: 0x44C423D3: sceKernelCpuId NID 10: 0x49B11FF8 NID 11: 0x71FD9AB5: sceKernelSpinlockLowLock NID 12: 0x72CA4F7A: sceKernelGetSpsr NID 13: 0x75D87321: sceKernelCpuAtomicOrAndGet32 NID 14: 0x7A5373EB: sceKernelDcacheCleanInvalidateRange NID 15: 0x7CCE9480: sceKernelDcacheCleanInvalidateAll NID 16: 0x864E3DED NID 17: 0x9E4C0D0D: on FW 3.60, does nothing and returns -1 NID 18: 0xA5965CBF: sceKernelL1IcacheInvalidateEntireAllCore NID 19: 0xACF209F3: sceKernelSpinlockLowTrylockCpuSuspendIntr NID 20: 0xB421FAFD: sceKernelL1IcacheInvalidateRange NID 21: 0xB8F00FBE: sceKernelSpinlockLowUnlockCpuResumeIntr NID 22: 0xC4137AED: sceKernelPleFlushRequest NID 23: 0xCD98416C: sceKernelSpinlockLowUnlock NID 24: 0xCDD46655: sceKernelDcacheInvalidateRange NID 25: 0xD67A4356: sceKernelSpinlockLowLockCpuSuspendIntr NID 26: 0xEFD6F289: sceKernelCpuAtomicCompareAndSet8

__stack_chk_guard
This is a variable.

sceKernelSysrootGetKblParamForTZS
Returns pointer to KBL Param buffer.

sceSblQafManagerIsAllowKernelDebugForTZS
return *(char *)(sceKernelSysrootGetKblParamForTZS + 0x2D) & 1;