SceSysmem

SceSysmem is a kernel module that acts as the heart of the kernel. It exports multiple libraries for various features. SceSysmem is the first module that is loaded in the kernel load sequence and its libraries are imported by almost all other modules. See Virtual Memory and Physical Memory for more details on the memory subsystem.

Module
This module exists in both non-secure and secure world. The non-secure world SELF can be found in. It also can be found in the Boot Image.

Memory Block Type
The  parameter indicates what kind of memory to allocate. Here is a mapping of  flags to ARM MMU flags. Higher bits are used for other options including where to allocate from. Not all flag values are valid, there is a table of valid types in the kernel. You cannot, for example, allocate RWX memory.

All memtype list for 3.60

Note

The only commonly available memtypes are those that are publicly available.

sceKernelAllocMemblockInternal uses a list to translate it into an internal memtype.

So we can't create memtype with any bits and use that's.

memtype bit value
This is based internal memtypes.

Available memory types
See also : Memory budget

Types to reverse
from 0.990:

SceSysmemForKernel_BD33EDDF
Gets thread's name. Returns 0 on success.

sceKernelGrowPhyMemPartForKernel
Calls sceKernelGrowPhyMemPartWithFlagsForKernel with flags = 0.

sceKernelGrowPhyMemPartWithFlagsForKernel
Grows physical memory partition with flags.

sceKernelGetGrownPhyMemPartSizeForKernel
This is a temp name.

Returns a global variable. This global variable is either a size or offset or address and is incremented by sceKernelGrowPhyMemPartWithFlagsForKernel.

sceKernelAddressSpaceChangeMMUContextForKernel
Changes to the MMU context (CONTEXTIDR.ASID + DACR + TTBR1) of target address space.

sceKernelAddressSpaceGetMMUL1InfoForKernel
Get information about a L1PT entry in the translation table of an address space. Pass the vaddress the target entry maps as.

sceKernelGetPhyPartKernelForKernel
return gpPhyPartKernel;

SceSysmemForKernel_54E85275
Uses result from SceSysmem.

SceSysmemForKernel_EEB85560
Used by SceProcessmgr.

Called with same argument as.

sceKernelPhyMemLowAllocForKernel
Allocate a range of physically contiguous "pages" from a PhyMemLow object.

sceKernelPhyMemLowFreeForKernel
Free a range of physical "pages" from a PhyMemLow object.

sceUIDRegisterForKernel
Calls sceGUIDRegisterForKernel.

sceKernelCreatePhyMemPartForKernel
Calls sceKernelCreatePhyMemPartByPbaseForKernel with pbase = 0.

sceGUIDKernelCreateForKernel
Create a GUID with default attribute (0x30000).

sceGUIDKernelCreateWithAttrForKernel
Create a GUID with the specified attribute.

sceGUIDKernelCreateWithOptForKernel
This is a guessed name. Temp name was sceKernelCreateUidObjForKernel, scePUIDKernelCreateWithAttrForKernel.

sceGUIDSetVisibilityLevelForKernel
Sets visibilityLevel into guid's GUIDEntry.

sceGUIDGetPIDForKernel
Returns Process ID for guid.

sceGUIDSetPIDForKernel
Sets Process ID for guid.

sceGUIDSetForKernel
Re setting the GUID on an object that already has a uid assigned may cause the system to malfunction.

sceKernelPhysicalMemWriteForKernel
Writes to physical address  using a pre-allocated memblock. Destination must belong into a hardcoded table describing physical ranges.

sceKernelPhysicalMemReadForKernel
Temp name was memcpy_from_paddr.

Dest must be a virtual address and src must be a physical address. Returns copied size on success.

sceKernelAllocPartitionMemBlockForKernel
Temp name was sceKernelAllocSystemCallTableForKernel.

sceGUIDGetObjectWithClassForKernel
Possible name are sceUIDGetObjectWithClassForKernel or sceUIDtoProcessForKernel.

SceSysmemForKernel_C38D61FC
Calls.

sceUIDGetObjectForKernel
Calls.

SceSysmemForKernel_7C797940
Calls or.

sceKernelCopyToUserProcTextDomainForKernel
Temp name was sceKernelRxMemcpyKernelToUserForPidForKernel, sceKernelProcCopyToUserRxForKernel.

Same as sceKernelCopyToUserProcDomain, but performs a DCache clean after the copy. Use this function if you want to write code in user pages.

This function is usually called when resolving stubs during a module loads. In 3.60, DACR is set to 0x15450FC3 instead of 0xFFFFFFFF.

sceKernelCopyToUserTextDomainForKernel
This is a guessed name. Temp names were sceKernelMemcpyToUserRxForKernel, sceKernelCopyToUserRxForKernel.

Similar to sceKernelCopyToUserProcTextDomain, but performed in the current address space.

In 3.60, sceKernelCopyToUserProcTextDomain calls this function to perform the copy after changing address space.

sceKernelCopyToUserDomainForKernel
This is a guessed name. Temp names were sceKernelMemcpyToUserRoForKernel, sceKernelCopyToUserRoForKernel.

Similar to sceKernelCopyToUserTextDomain, but doesn't perform any DCache clean.

Uses the same DACR, 0x15450FC3, for the copy.

sceUIDtoObjectForKernel
Calls SceSysmem.

sceGUIDGetUIDVectorByClassForKernel
Copy uid to vector by referring to all objects created by cls.

scePUIDGetUIDVectorByClassForKernel
Similar to.

sceUIDGetUIDVectorByClassForKernel
It is simply a wrapper for.

sceKernelAddressSpaceUnmapForKernel
3.60:

Example: in SceSysStateMgr:

3.60

SceSysmemForKernel_7BD56D6D
Official name might be sceKernelSetAddressSpaceName.

Used by SceProcessmgr.

SceSysmemForKernel_153A08A0
Add 1 to  using SceSysmem, and returns its new value.

SceSysmemForKernel_942D15FC
Used to get GUID by name.

sceKernelInitProcessMemoryForKernel
This is guessed name.

Used by SceProcessmgr

sceUIDtoClassForDriver
Calls sceGUIDtoClassForKernel.

scePUIDGetClassForDriver
Temp name was sceKernelGetClassForPidForUidForDriver.

sceGUIDGetClassForDriver
Temp name was sceKernelGetClassForUidForDriver.

scePUIDOpenByNameWithExactClassForDriver
This is a guessed name. Previous name was.

Equivalent to scePUIDOpenByNameWithClass, but the object's class must match exactly the provided.

sceUIDCloseForDriver
if (a2 & 0x40000000) == 0 calls sceGUIDCloseForDriver else scePUIDCloseForDriver.

SceSysmemForDriver_F09A7D09
Calls sceGUIDCloseForDriver.

switch_ttb_for_pid
Changes the TTBR to point to the tables for a given PID.

sceKernelAllocHeapMemoryForDriver
Temp name was sceKernelMemPoolAlloc. Official name might also be sceUIDKernelCreateForDriver.

Calls sceKernelAllocHeapMemoryWithOptionForDriver with a3 = 0.

sceKernelAllocHeapMemoryFromGlobalHeapForDriver
Calls sceKernelAllocHeapMemoryForDriver with uid = -1 (global heap ).

sceKernelAllocHeapMemoryFromGlobalHeapWithOptForDriver
Calls sceKernelAllocHeapMemoryWithOptionForDriver with uid = -1 (global heap ).

sceKernelAllocHeapMemoryWithOptForDriver
Temp name was sceKernelAllocHeapMemoryWithOpt1ForDriver.

Same as  but uses.

sceKernelAllocHeapMemoryWithOptionForDriver
Temp name was sceKernelAllocHeapMemoryWithOpt2ForDriver.

Same as  but uses.

sceKernelAllocMemBlockWithInfoForDriver
Temp name was sceKernelAllocMemBlockExtForDriver.

sceKernelAllocMemBlockForDriver
The interface is the same as the usermode version of this function, however more types can be specified and more options are in the pOpt argument.

To allocate a kernel RW block of memory, specify.

To allocate a block of memory with a specific physical address, specify  or ,  , and.

To allocate a block of memory that is kernel executable, specify.

To allocate a block of memory that is physically contiguous, specify,   and an alignment to.

To allocate a block of memory inside the CDRAM, specify.

sceKernelAllocMemBlockForDebuggerForDriver
Same as sceKernelAllocMemBlockForDriver but authorize null pOpt.

sceKernelCreateHeapForDriver
The heap pool is thread safe.

sceUIDKernelCreateForDriver
Calls sceGUIDKernelCreateForKernel.

Create a UID with default attribute (0x30000).

sceUIDKernelCreate2ForDriver
Temp name was sceKernelCreateUidObj2ForDriver.

Create a UID with default attribute (0x30000).

sceGUIDCreateForDriver
Temp name was sceKernelCreateUidObjForUidForDriver.

Create a GUID with default attribute (0x30000) for the specified UID.

scePUIDOpenByGUIDForDriver
Temp name was sceKernelCreateUserUidForDriver.

scePUIDOpenByGUIDWithFlagsForDriver
Temp name was sceKernelCreateUserUidForClassForDriver.

scePUIDOpenByNameForDriver
Temp name was sceKernelCreateUserUidForNameForDriver.

scePUIDOpenByNameWithClassForDriver
Equivalent to scePUIDOpenByNameForDriver, but object's class is checked to be a subclass of provided  before opening.

sceGUIDCloseForDriver
Temp name was sceKernelDeleteUidForDriver.

scePUIDCloseForDriver
Temp name was sceKernelDeleteUserUidForDriver.

sceKernelGetMemBlockMemtypeByAddrForDriver
Temp name was sceKernelFindMemBlockByAddrForDefaultSizeForDriver.

sceKernelFindProcMemBlockByAddrForDriver
Temp name was sceKernelFindMemBlockByAddrForPidForDriver.

sceKernelIsAccessibleRangeForDriver
Temp name was sceKernelFindMemBlockForDriver.

Also exported as.

?Returns 0 on success (if is accessible range)?

sceKernelIsAccessibleRangeProcForDriver
Temp name was sceKernelFindMemBlockForPidForDriver.

Also exported as.

?Returns 0 on success (if is accessible range)?

sceKernelFirstDifferentBlock32UserForPidForDriver
Looks for an integer in userspace.

sceKernelFreeHeapMemoryForDriver
Temp name was sceKernelMemPoolFreeForDriver.

sceKernelGetMemBlockPARangeForDriver
Previous name was sceKernelGetMemBlockAddrPairForUidForDriver

Returns the physical address and size (pRange) of the memory block if it is physically continuous.

sceKernelGetMemBlockVBaseForDriver
Temp name was sceKernelGetMemBlockKernelPageForDriver.

sceKernelGetMemBlockPAVectorForDriver
Temp name was sceKernelGetMemBlockPaddrListForUidForDriver.

scePUIDGetEntryHeapNameForDriver
Real name might be scePUIDGetEntryHeapNameForDriver. Temp name was sceKernelGetNameForPidByUidForDriver.

sceGUIDGetNameForDriver
This is a guessed name, but near. Temp name was sceKernelGetNameForUidForDriver.

sceGUIDGetName2ForDriver
This is a guessed name, but near. Temp name was sceKernelGetNameForUid2ForDriver.

sceUIDtoObjectWrapperForDriver
This is a guessed name.

Calls.

sceGUIDGetObjectForDriver
Temp name was sceKernelGUIDGetObjectForDriver.

scePUIDGetObjectForDriver
Temp name was sceKernelGetObjectForPidForUidForDriver.

sceGUIDReferObjectForDriver
Temp name was sceKernelGetObjectForUidForDriver.

sceGUIDReferObjectWithLevelForDriver
Temp name was sceKernelGetObjectForUidForAttrForDriver.

sceGUIDReferObjectWithClassForDriver
Temp name was sceKernelGetObjForUidForDriver.

sceGUIDReferObjectWithSubclassForDriver
Temp name was sceKernelGetObjectForUidForClassTreeForDriver.

sceKernelVAtoPAForDriver
Temp name was sceKernelGetPaddrForDriver.

This will write the physical address for a virtual address  to memory pointed to by.

Returns <0 on error, values >=0 indicate success.

sceKernelProcModeVAtoPAForDriver
Temp name was sceKernelGetPaddrForPidForDriver.

sceKernelVARangeToPAVectorForDriver
Temp name was sceKernelGetPaddrListForDriver.

This function writes into  an array of   that encompasses the block of memory specified in the input. will contain the number of entries written. If  is null, it will just write the count.

sceKernelGetPaddrListForLargePageForDriver
This is a guessed and bad name.

sceKernelGetPaddrListForSmallPageForDriver
This is a guessed and bad name.

sceKernelVARangeToPARangeForDriver
Temp name was sceKernelGetPaddrPairForDriver.

sceKernelGetPaddrPairForLargePageForDriver
This is a guessed and bad name.

sceKernelGetPaddrPairForSmallPageForDriver
This is a guessed and bad name.

sceKernelVAtoPABySWForDriver
Temp name was sceKernelGetPaddrWithSectionTypeCheckForDriver, sceKernelAddressSpaceVAtoPABySWForDriver.

sceKernelGetUIDClassForDriver
This is a guessed and bad name.

sceKernelGetDebugPADramRangeForDriver
This is a guessed name. Temp name was sceKernelGetUnknownValidPhysAddressSpaceForDriver.

sceKernelIsEqualAccessibleRangeProcBySWForDriver
Temp name was sceKernelProcIsPAWithinSameSection, sceKernelIsPaddrWithinSameSectionForUidForDriver.

sceKernelIsVAWithinDebugPADramRangeForDriver
This is a guessed and bad name. Temp name was sceKernelIsPaddrWithinUnknownValidPhysAddressSpaceForDriver.

scePUIDtoGUIDWithClassForDriver
Temp name was sceKernelKernelUidForUserUidForClassForDriver.

scePUIDtoGUIDForDriver
Temp name was sceKernelKernelUidForUserUidForDriver.

Process UID to Global UID.

sceKernelPartitionMapMemBlockForDriver
Temp name was sceKernelMapBlockUserVisibleForDriver.

sceKernelUserMapForDriver
Temp name was sceKernelMapUserBlockDefaultTypeForDriver.

Assigns type 0.

sceKernelProcUserMapForDriver
Temp name was sceKernelMapUserBlockForDefaultTypeForPidForDriver. sceKernelProcUserMapForDriver is certainly the real name.

Assigns type 0.

sceKernelUserMapWithFlagsForDriver
Temp name was sceKernelMapUserBlockForDriver.

Permission is either "1" for read only, no execute or "2"/"3" for read write, no execute. Type is either 0, 1, or 17 and affects the block type. 0 is default. This will allocate kernel memory starting at kernel_page. To get the same memory as the user pointer, add the kernel_offset. kernel_size is how much is allocated.

sceKernelDecRefCountMemBlockForDriver
Temp name was sceKernelMemBlockDecRefCounterAndReleaseUidForDriver.

sceKernelGetMemBlockInfoForDriver
Temp name was sceKernelMemBlockGetInfoExForVisibilityLevelForDriver.

sceKernelIncRefCountMemBlockForDriver
Temp name was sceKernelMemBlockIncRefCounterAndReleaseUidForDriver.

sceKernelUserUnmapForDriver
Temp name was sceKernelMemBlockReleaseForDriver.

sceKernelUnlockRangeForDriver
Temp name was sceKernelMemRangeReleaseForDriver.

sceKernelUnlockRangeProcForDriver
This is a guessed name. Temp name was sceKernelMemRangeReleaseForPidForDriver.

sceKernelUnlockRangeWithPermForDriver
This is a guessed name. Temp name was sceKernelMemRangeReleaseWithPermForDriver.

Decrease references to pages.

sceKernelLockRangeForDriver
Temp name was sceKernelMemRangeRetainForDriver.

sceKernelLockRangeProcForDriver
This is a guessed name. Temp name was sceKernelMemRangeRetainForPidForDriver.

sceKernelLockRangeWithPermForDriver
This is a guessed name. Temp name was sceKernelMemRangeRetainWithPermForDriver.

Increase references to pages.

sceKernelCopyToUserProcDomainForDriver
Temp names were sceKernelRoMemcpyKernelToUserForPidForDriver, sceKernelProcCopyToUserRoForDriver.

Same as sceKernelCopyToUserProc, but sets DACR to 0xFFFFFFFF (ignore access permission bits in page table) before the copy then restores it. Use this function instead of sceKernelCopyToUserProc if you need to write data to read-only pages.

sceKernelCopyToUserForDriver
Temp name was sceKernelMemcpyKernelToUserForDriver.

Copies  bytes from a kernel buffer to a user buffer. Writes to  are performed using  -type instructions which cause a Data Abort if the pages are not user-accessible. If any Data Abort occurs during the operation, the exception is swallowed and an error is returned. Otherwise, the function returns.

sceKernelCopyToUserProcForDriver
Temp name was sceKernelMemcpyKernelToUserForPidForDriver, sceKernelProcCopyToUserForDriver.

Temporarily switches to specified process' address space for a call to sceKernelCopyToUser.

sceKernelCopyFromUserForDriver
Temp name was sceKernelMemcpyUserToKernelForDriver.

Copies  bytes from a user buffer to a kernel buffer. Reads from  are performed using  -type instructions which cause a Data Abort if the pages are not user-accessible. If any Data Abort occurs during the operation, the exception is swallowed and an error is returned. Otherwise, the function returns.

sceKernelCopyFromUserProcForDriver
Temp names were sceKernelMemcpyUserToKernelForPidForDriver, sceKernelProcCopyFromUserForDriver.

Temporarily switches to specified process' address space for a call to sceKernelCopyFromUser.

sceKernelUserCopyForDriver
Temp name was sceKernelMemcpyUserToUserForDriver.

sceKernelProcUserCopyForDriver
Temp name was sceKernelMemcpyUserToUserForPidForDriver.

sceKernelUserStrnlenForDriver
Temp name was sceKernelStrnlenFromUserForDriver.

sceKernelUserStrncpyForDriver
Returns 0 on success.

sceKernelStrncpyFromUserForDriver
Temp name was sceKernelStrncpyUserToKernelForDriver.

sceKernelProcStrncpyFromUserForDriver
Temp name was sceKernelStrncpyUserForPidForDriver.

sceKernelStrncpyToUserForDriver
Temp name was sceKernelStrncpyKernelToUserForDriver.

sceKernelProcStrncpyToUserForDriver
Temp name was sceKernelMemcpyKernelToUserForPidUncheckedForDriver.

sceUIDOpenByNameForDriver
Calls sceGUIDOpenByNameForDriver.

sceGUIDOpenByNameForDriver
Temp name was sceKernelOpenUidForNameForDriver.

sceKernelRemapMemBlockForDriver
This can be used to remap RW memory as RX. To do this, first allocate a memory block of type. After you are done writing, call sceKernelRemapMemBlockForDriver with type.

sceKernelPartialRemapMemBlockForDriver
Temp name was sceKernelRemapBlockForDriver, sceKernelRemapMemBlockForDriver.

This can be used to remap RW memory as RX. To do this, first allocate a memory block of type. After you are done writing, call sceKernelPartialRemapMemBlockForDriver with type.

scePUIDSetNameForDriver
Temp name was sceKernelSetNameForPidForUidForDriver.

sceGUIDSetNameForDriver
Temp name was sceKernelSetObjectForUidForDriver. Wrongfully named scePUIDSetNameForDriver.

Calls the same routine as sceGUIDSetForKernel, but passes NULL for pClass and pObject.

sceGUIDReleaseObjectForDriver
Temp name was sceKernelUidReleaseForDriver.

sceKernelGetPhysicalMemoryTypeForDriver
Temp name was sceKernelVaddrMaybeGetSectionTypeForDriver

some_memblock_operation
Same as above but with different flags.

some_memblock_operation
Same as above but with different flags.

some_memblock_operation
Same as above but with different flags.

some_memblock_operation
Same as above but with different flags.

some_memblock_operation
Same as above but with different flags.

SceSysmemForDriver_856FA2E3
Seems related to heap.

SceSysmemForDebugger
This library was removed on FW 1.80.

sceKernelGetPhysicalAddressSpaceForDebugger
In FW 0.931, it calls sceKernelPhysicalAddressSpaceStartForDebugger.

sceKernelIsAccessibleRangeProcForDebugger
?Returns 0 on success (if is accessible range)?

sceKernelIsAccessibleRangeForDebugger
?Returns 0 on success (if is accessible range)?

SceSysmem
The SceSysmem library is responsible for both low-level and high-level memory management. There are functions for allocating raw blocks of memory (similar to Linux ) as well as functions for maintaining a heap-like structure (similar to  ) for kernel, however SceLibKernel implements a proper heap and that is used for user code.

sceKernelGetDipswInfoForDriver
This is a guessed name (cannot find an evidence).

info_id:
 * 0: CP timestamp 1
 * 1: CP Version, CP Board ID
 * 2: CP timestamp 2
 * 3: ASLR Seed

See KBL Param.

sceKernelUartInitForKernel
Temp name was sceUartInitForKernel.

It initializes the clock generator registers for the UART. See UART Registers. The default baud rate is 115200 for ports 0-5 and 250000 for port 6.

sceKernelUartReadAvailableForKernel
Temp name was sceUartReadAvailableForKernel.

Returns the number of words available to read from the read FIFO.

sceKernelUartReadForKernel
Temp name was sceUartReadForKernel.

sceKernelUartWriteForKernel
Temp name was sceUartWriteForKernel.

SceCpu
This library provides wrapper for much ARM CP15 co-processor access as well as low level support of spinlocks and other synchronization primitives.

sceKernelCpuId
Return the CPU ID of the current core.

sceKernelRoundupDCacheLineForKernel
Calls the function previously registered by SceSysmem.

sceKernelSetRoundupDCacheLineFuncForKernel
Uses CTR and CTR-DMINLINE to determine which function to return.

sceKernelMMUL1GetInfoForKernel
Parses a L1PT for information about a specific entry. Pass the address of the L1PT in. Used by sceKernelAddressSpaceGetMMUL1InfoForKernel.

SceCpuForKernel_CA4124DE
Returns 1, 2 or 6 based on some page/section properties.

sceKernelMMUGetContextForKernel
Temp name was sceKernelCpuSaveContextForKernel.

sceKernelMMUChangeContextForKernel
Temp name was sceKernelCpuRestoreContextForKernel.

sceKernelMMUVAtoPAWithModeForKernel
Temp name was sceKernelCpuGetPaddrWithMaskForKernel.

mode (maskPAR) is usually 0x33, sometimes 2.

sceKernelMMUCheckRangeWithModeForKernel
Return 0 if all pages are valid, < 0 else.

sceKernelMMUVAtoPAForKernel
Temp name was sceKernelCpuGetPaddrForKernel.

Uses mode (maskPAR) 0x33.

This will write the physical address for a virtual address  to memory pointed to by.

Returns <0 on error, values >=0 indicate success.

sceKernelCpuGetCONTEXTIDRForKernel
The CONTEXTIDR, bits [31:0] contain the process ID number.

sceKernelDcacheCleanInvalidateAll
Flushes PLE then cleans and invalidates L1 Dcache and L2 cache in this order.

sceKernelL1DcacheInvalidateRangeForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheInvalidateMVACRangeForKernel.

sceKernelL1DcacheCleanInvalidateRangeForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheCleanInvalidateMVACRangeForKernel, sceKernelCpuDcacheWritebackInvalidateRangeForKernel, sceKernelDcacheWritebackInvalidateRangeForKernel.

sceKernelL1DcacheInvalidateAllForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheInvalidateSWForKernel.

sceKernelL1DcacheCleanAllForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheCleanSWForKernel.

sceKernelL1DcacheCleanInvalidateAllForKernel
Guessed name was sceKernelCpuDcacheCleanInvalidateSWForKernel.

sceKernelL1DcacheCleanRangeForKernel
Guessed name was sceKernelCpuDcacheCleanMVACRangeForKernel.

sceKernelL1DcacheInvalidateRangeForKernel
This is a guessed name. Temp name was sceKernelCpuDcacheCleanInvalidateMVACForKernel.

sceKernelL1IcacheInvalidateEntireAllCoreForKernel
Guessed name was sceKernelCpuIcacheInvalidateAllUISForKernel.

Invalidates the L1 Icache for all cores.

sceKernelL1CacheInvalidateEntireForKernel
This is a guessed name. Temp name was sceKernelCpuIcacheInvalidateAllUForKernel.

Invalidates the entire L1 Icache of this core.

sceKernelL1IcacheInvalidateRangeForKernel
Temp name was sceKernelCpuIcacheInvalidateRangeForKernel, sceKernelCpuIcacheInvalidateMVAURange.

Invalidates a range in L1 Icache of this core.

sceKernelIcacheInvalidateRangeForKernel
Temp name was sceKernelCpuIcacheAndL2InvalidateMVAURangeForKernel, sceKernelCpuIcacheAndL2WritebackInvalidateRangeForKernel.

Cleans and invalidates range in L2 cache, then in L1 Icache of core.

sceKernelPleFlushRequest
Temporary name was.


 * NSACR (Non-Secure Access Control Register)
 * Test bit NS access to the Preload Engine resources
 * [>] PLEFF (Preload Engine FIFO flush operation)
 * [>] PLEKC (Preload Engine kill channel operation)
 * [<] PLEASR (Preload Engine Activity Status Register)

sceKernelDomainTextMemcpyForKernel
Guessed name was.

Unrestricted memcpy by first setting the  register to   and then doing a memcpy.

In old firmware (0.931),  is set to   instead and interrupts are disabled for the operation.

sceKernelCpuForKernel_9B8173F4
Might be get_vaddr_memory_type.

Return value can be:
 * 2
 * 8
 * 0x40
 * 0x80
 * 0xD0
 * 0x80022007 (SCE_KERNEL_ERROR_VA2PA_FAULT)

sceKernelCoreSyncAllForKernel
This is a guessed name. Temp name was sceKernelWaitCore3ForKernel.

sceKernelCoreSyncWaitForKernel
This is a temp name.

sceKernelInitCpuCoreSyncCtxForKernel
This is a temp name.

SceCpuForKernel_43CC6E20
DACR off

Does some memory copies between the args.

sceCpuUnrestrictedBzeroIntForKernel
DACR off

SceCpuForKernel_337473B5
DACR off

If addr.unk_0 equals 0, changes addr.unk_0 to new_val, else increase addr.unk_4.

sceKernelCpuAtomicSubIfGreater64ForKernel
DACR is not disabled

sceKernelCpuAtomicLimit64ForKernel
DACR is not disabled

sceKernelCpuAtomicAdd32AndGet64InRangeForKernel
DACR is not disabled

sceKernelCpuAtomicAdd32AndGet64InHiLoRangeForKernel
DACR is not disabled

sceKernelCpuAtomicGet32AndSet64ForKernel
DACR is not disabled

sceKernelCpuAtomicGet32AndSet64_2ForKernel
Exact same code as SceCpuForKernel_4553FBDE.

DACR is not disabled

sceKernelCpuAtomicDecIfLowPositive32ForKernel
DACR is not disabled

sceKernelCpuAtomicHiLoAlgorithmForKernel
DACR is not disabled

Returns current value (high + low), and sets it to max_low.

sceKernelCpuAtomicAddAndGetPositive32InRangeForKernel
DACR is not disabled

If val is negative, returns 2 and does not override val.

SceCpuForKernel_6C7E7B57
Set TTBR lower value (0x4A).

SceCpuForKernel_AED8F8D7
Initialize TTBR.

SceCpuForKernel_9A3281C0
Gets start and end of a special code area in which the kernel<->user memory copy routines reside. See SceExcpmgr page for more information about how this is used.

In older firmware, this function also provides the start and end of the "memory access error range" code area (see SceExcpmgrForKernel_C45C0D3D for what this range is for).

sceKernelCpuIdForDriver
Return the CPU ID of the current core.

sceKernelCpuAtomicAddAndGet32ForDriver
Adds  to   atomically, and returns the result.

sceKernelDcacheInvalidateRangeForDriver
Temp name was sceKernelDcacheInvalidateRange_1ForDriver, sceKernelCpuDcacheAndL2InvalidateMVACRange_1ForDriver, sceKernelCpuDcacheAndL2InvalidateRangeForDriver.

sceKernelDcacheInvalidateRangeForL2WBWAForDriver
Temp name was sceKernelDcacheInvalidateRange_0x10ForDriver, sceKernelCpuDcacheAndL2InvalidateMVACRange_10ForDriver.

sceKernelDcacheInvalidateRangeForL1WBWAForDriver
Temp name was sceKernelDcacheInvalidateRange_0x20ForDriver, sceKernelCpuDcacheInvalidateRangeForDriver, sceKernelCpuDcacheAndL2InvalidateMVACRange_20ForDriver.

sceKernelDcacheCleanInvalidateRangeForDriver
Temp name was sceKernelDcacheCleanInvalidateRange_1ForDriver, sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_1ForDriver, sceKernelCpuDcacheAndL2WritebackInvalidateRangeForDriver.

sceKernelDcacheCleanInvalidateRangeForL2WBWAForDriver
Temp name was sceKernelDcacheCleanInvalidateRange_0x10ForDriver.

sceKernelDcacheCleanInvalidateRangeForL1WBWAForDriver
Temp name was sceKernelDcacheCleanInvalidateRange_0x20ForDriver, sceKernelCpuDcacheAndL2CleanInvalidateMVACRange_20ForDriver.

sceKernelDcacheCleanRangeForDriver
Temp name was sceKernelDcacheCleanRange_1ForDriver, sceKernelCpuDcacheAndL2WritebackRangeForDriver, sceKernelCpuDcacheAndL2CleanMVACRange_1ForDriver.

sceKernelDcacheCleanRangeForL2WBWAForDriver
Temp name was sceKernelDcacheCleanRange_0x10ForDriver.

sceKernelDcacheCleanRangeForL1WBWAForDriver
Temp name was sceKernelCpuDcacheWritebackRangeForDriver, flush_dcache, sceKernelDcacheCleanRange_0x20ForDriver, sceKernelCpuDcacheAndL2CleanMVACRange_20ForDriver.

SceCpuForDriver_E813EBB2
Cleans L2 memory? A name could be sceKernelWaitL2CacheReg.

sceKernelIsUncacheAddressInTmpFsGameForDriver
Temp name was sceKernelCpuIsVaddrMappedForDriver.

sceKernelCpuSuspendIntrForDriver
Temp name was sceKernelCpuDisableInterruptsForDriver.

Disables IRQ (FIQ are not disabled, but they're routed to Secure state anyways...) and returns previous interrupt bit status (either 0 or 0x80).

sceKernelCpuResumeIntrForDriver
Temp name was sceKernelCpuEnableInterruptsForDriver.

Restore previous IRQ state. Pass the return value of the previous call to sceKernelCpuSuspendIntrForDriver.

Spinlock functions

The following functions implement a simple mutal exclusion mechanism using atomic operation (LDREX/STREX). Spinlocks are owned by a single thread or CPU at a time. Unlike other lock/sync objects of the kernel, spinlocks can be used under any context. Use spinlocks if the data to protect may be accessed from an IRQ or exception handler.

There are two version of the Spinlock functions: normal functions do not change the CPU state, while the  functions ensure the CPU cannot be interrupted while the lock is held.

The same type of function must be used to lock and unlock a spinlock: for example, calling  followed by   is an invalid usage of this API.

sceKernelSpinlockLowLockForDriver
Temp name was sceKernelCpuLockStoreLRForDriver.

Acquires a spinlock.

sceKernelSpinlockLowTryLockForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockStoreLRForDriver.

Attempts to acquire a spinlock.

sceKernelSpinlockLowUnlockForDriver
Temp name was sceKernelCpuUnlockStoreLRForDriver.

Unlocks a spinlock previously acquired with either sceKernelSpinlockLowLockForDriver or sceKernelSpinlockLowTryLockForDriver.

sceKernelSpinlockLowLockCpuSuspendIntrForDriver
Temp name was sceKernelCpuSuspendIntrForDriver, sceKernelCpuLockSuspendIntrStoreLRForDriver.

Acquires a spinlock and suspend interrupts if necessary.

sceKernelSpinlockLowTryLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockSuspendIntrStoreLRForDriver.

Attempts to acquire a spinlock. If successfully acquired, suspends interrupts if necessary.

sceKernelSpinlockLowUnlockCpuResumeIntrForDriver
Temp name was sceKernelCpuUnlockResumeIntrStoreLRForDriver, sceKernelCpuResumeIntrForDriver.

Unlocks a spinlock previously acquired with either sceKernelSpinlockLowLockCpuSuspendIntrForDriver or sceKernelSpinlockLowTryLockCpuSuspendIntrForDriver and resumes interrupts if necessary.

If interrupts were disabled before acquiring the spinlock, they will remain disabled after this call.

RW Spinlock functions

The following functions implement RW spinlocks. This variant of the spinlock allows multiple threads/CPUs to access data at the same time as long as only reads are performed. When acquired for writing, a single thread at a time can access the data and is thus free to modify it. Like regular spinlocks, the RW spinlocks can be used under any context. Use RW spinlocks if the data to protect may be accessed from an IRQ or exception handler.

Like for regular spinlocks, all RWSpinlock functions are available in a normal and  version. Additionally, every function exists in  and   variants, depending on whether the caller wants to read or write to the object protected by the lock.

Like for regular spinlocks, the same type of function must be used to lock and unlock a RW spinlock. Calling  followed by   is an invalid usage of this API. Calling  followed by    is also an invalid usage of this API.

sceKernelRWSpinlockLowReadLockForDriver
This is a guessed name. Temp name was sceKernelCpuSpinLockStoreLRForDriver.

Acquires a RW spinlock for reading data. Modifying the data protected by the spinlock is not allowed.

sceKernelRWSpinlockLowTryReadLockForDriver
This is a guessed name. Temp name was sceKernelCpuTrySpinLockStoreLRForDriver.

Attempts to acquire a RW spinlock for reading data.

Even if the spinlock is acquired, modifying the data protected by the spinlock is not allowed.

sceKernelRWSpinlockLowReadUnlockForDriver
Temp name was sceKernelCpuSpinUnlockStoreLRForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowReadLockForDriver or sceKernelRWSpinlockLowTryReadLockForDriver.

sceKernelRWSpinlockLowWriteLockForDriver
This is a guessed name. Temp name was sceKernelCpuLockStoreFlagForDriver.

Acquires a RW spinlock for writing data.

sceKernelRWSpinlockLowTryWriteLockForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockStoreFlagForDriver.

Attempts to acquire a RW spinlock for writing data.

sceKernelRWSpinlockLowWriteUnlockForDriver
Temp name was sceKernelCpuUnlockStoreFlagForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowWriteLockForDriver or sceKernelRWSpinlockLowTryWriteLockForDriver.

sceKernelRWSpinlockLowReadLockCpuSuspendIntr
This is a guessed name. Temp name was sceKernelCpuSpinLockSuspendIntrStoreLRForDriver.

Acquires a RW spinlock for reading data and suspends interrupts if necessary.

sceKernelRWSpinlockLowTryReadLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuTrySpinLockSuspendIntrStoreLRForDriver.

Attempts to acquire a RW spinlock for reading data. If successfully acquired, suspends interrupts if necessary.

sceKernelRWSpinlockLowReadUnlockCpuResumeIntrForDriver
Temp name was sceKernelCpuSpinUnlockResumeIntrStoreLRForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowReadLockCpuSuspendIntrForDriver or sceKernelRWSpinlockLowTryReadLockCpuSuspendIntrForDriver, and resumes interrupts if necessary.

If interrupts were disabled before acquiring the spinlock, they will remain disabled after this call.

sceKernelRWSpinlockLowWriteLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuLockSuspendIntrStoreFlagForDriver.

Acquires a RW spinlock for writing data and suspends interrupts if necessary.

sceKernelRWSpinlockLowTryWriteLockCpuSuspendIntrForDriver
This is a guessed name. Temp name was sceKernelCpuTryLockSuspendIntrStoreFlagForDriver.

Attempts to acquire a RW spinlock for writing data. If successfully acquired, suspends interrupts if necessary.

sceKernelRWSpinlockLowWriteUnlockCpuResumeIntrDriver
Temp name was sceKernelCpuUnlockResumeIntrStoreFlagForDriver.

Unlocks a RW spinlock previously acquired with either sceKernelRWSpinlockLowWriteLockCpuSuspendIntrForDriver or sceKernelRWSpinlockLowTryWriteLockCpuSuspendIntrForDriver, and resumes interrupts if necessary.

If interrupts were disabled before acquiring the spinlock, they will remain disabled after this call.

SceSysclibForKernel
This library was removed on FW 1.80.

SceSysclibForKernel_FA746181
return a1 * (- 0x6e19295b) - 0x6e19295b;

In SceSysmem, it is used internally to modify a global variable, like a multiplication hash function would do.

SceSysclibForDriver
The C standard library for use in kernel only. Usermode has access to SceLibKernel, which confusingly is usermode only.

Includes standard string functions (no insecure variants like ).

sortof_vsnprintf
This is a guessed name.

sortof_vsnprintf_2
This is a guessed name.

SceSysclibForDriver_33388DBC
Calculates xor of a1 and a2, then does some calculation with a3.

SceSysclibForDriver_32373DF7
Helper for strtol in base 10.

__aeabi_uldivmod
Returns the 64-bit quotient of the division of dividend by divisor.

Used for example to convert SceRtc ticks to a simpler format (divide by time unit in ms) or to compute the number of storage device blocks in SceSdstor (divide by block size).

__aeabi_lasr
Temp name was rshift.

__stack_chk_guard
This is a variable.

__vsnprintf_internal
Supported formats:

timingsafe_memcmp
timing constant memcmp

memmove
On FW 1.69, this seems to be implemented incorrectly.

SceSysrootForKernel_611F17A4
Registers the function called by.

SceSysrootForKernel_118657C6
Calls the function registered by.

Used in SceExcpmgr.

SceSysrootForKernel_081F2C20
Registers sceKernelGetProcessId_2 from SceKernelThreadMgr.

SceSysrootForKernel_C5EAF5F7
Registers the function called by.

SceSysrootForKernel_47724459
Calls the function registered by.

SceSysrootForKernel_8747D415
Registers the function used by.

SceSysrootForKernel_B27B7530
Calls the function registered by.

Used by SceKernelBusError.

SceSysrootForKernel_82FC6405
Registers the function used by.

Used by SceKernelBusError.

SceSysrootForKernel_CD4B84F7
Calls the function registered by.

Used by SceKernelBusError.

SceSysrootForKernel_733C243E
Registers many Sysroot SceProcessmgr callbacks.

SceSysrootForKernel_7334F1E8
Calls SceProcessmgr function registered by.

SceSysrootForKernel_D29BCA77
Registers many Sysroot SceProcessmgr callbacks.

SceSysrootForKernel_DD7821AA
Register the function called by.

SceSysrootForKernel_340575CB
Return some PID.

sceKernelSysrootSetCheckRemapCodeForUserFuncForKernel
Registers the function called by.

sceKernelSysrootCorelockUnlockForKernel
Calls.

SceSysrootForKernel_21F5790B
Registers a function related to kernel panic.

SceSysrootForKernel_0DF574A9
Calls the function related to kernel panic registered by.

SceSysrootForKernel_2D6B2A79
Registers a function related to kernel panic, called by.

SceSysrootForKernel_CC7A0E63
Calls a function related to kernel panic, registered by.

SceSysrootForKernel_1D84C4D4
Get module name, dbgFingerprint and base from address.

SceSysrootForKernel_5B5EBFB1
Registers pointer to SceLT5 used by.

SceSysrootForKernel_41636522
Returns current SceLT5 value pointed by pointer registered using. Long/low (64bit) time in microseconds. It is about "awake" uptime from system boot.

SceSysrootForKernel_E20F6FC8
Same as but "asynchronous".

Used by SceDebug Kernel Exceptions handlers.

SceSysrootForKernel_1D8DB3A5
Same as but "asynchronous".

Returns 0 on success, 0x80020006 if pTime is a NULL pointer.

sceKernelSysrootCorelockLockForKernel
Calls SceCpuForKernel_9D72DD1B.

SceSysrootForKernel_06182D59
Reimplementation:

SceSysrootForKernel_7385CADE
Get current syscall PID.

SceSysrootForKernel_D441DC34
Executes a function registered by, related to syscall frame printing on kernel panic.

get_SceKernelSysrootClass_itemsize
On FW 0.990 return hardcoded value 0x470.

On FW 3.60 return hardcoded value 0x41C.

sceKernelSysrootGetLibraryDBForKernel
Maybe returns a pointer to the library stub structure. See Modules.

sceKernelSysrootAllocForKernel
Allocate memory from the "Sysroot heap". The Sysroot heap is located after  structure and consumes the rest of the page. Allocations from this "heap" are permanent and cannot be returned - there is no.

Usage of this function is not recommended. Use SceSysmem instead.

sceKernelSysrootAssertSysrootForKernel
Check sysroot->magic (offset 0xC must be 0xBA97F5A1) and sysroot->magic2 (offset 0x20C must be 0xA008B0C3‬).

sceKernelSysrootGetCurrentProcessForKernel
Return the current process id.

sceKernelSysrootTrapThreadAfterSyscallForKernel
Calls a callback registered by.

Prints syscall_critical_usage.

sceKernelSysrootReturnFromExcpToThreadForKernel
Used in SceExcpmgr.

sceKernelSysrootBacktraceForKernel
See also SceKernelModulemgr.

sceKernelSysrootPrintBacktraceForKernel
See also SceKernelModulemgr.

sceKernelSysrootGetCurrentAddressSpaceCBForKernel
Calls the function registered by.

SceSysrootForKernel_BF82931F
Calls the function registered by.

No usage seen on CEX OS. Maybe used in DEX/TOOL OS.

SceSysrootForKernel_6D111FA7
Calls the function registered by.

Used only in SceCoredump.

SceSysrootForKernel_2A03DFA1
Calls the function registered by.

Used only in SceCoredump.

sceKernelSysrootGetCachedSecureModuleInfoForKernel
Temp name was sceKernelSysrootGetSmSelfInfoForKernel.

sceKernelSysrootGetProcessSelfAuthInfoForKernel
Temp name was sceSysrootGetSelfAuthInfoForKernel.

sceKernelSysrootGetProcessTitleIdForKernel
Temp name was sceSysrootGetProcessTitleIdForPidForKernel.

sceKernelSysrootGetFunctionNameByNIDForKernel
Mirror of SceSysLibTrace.

SceSysrootForKernel_26458702
Registers some functions.

SceSysrootForKernel_B171CC2D
Seems to be used to register some functions.

used by SceKernelModulemgr

sceKernelSysrootGetVbaseResetVectorForKernel
Returns the exception vectors base address. The address of the exception vectors for the CPU  is:.

sceKernelSysrootSetLicMgrGetLicenseStatusFuncForKernel
Registers SceSblPostSsMgr.

sceKernelSysrootLicMgrGetLicenseStatusForKernel
Called by sceSblAuthMgrAuthHeaderForKernel before Cmep request.

sceKernelSysrootGetSysrootForKernel
Temp name was sceKernelGetSysbaseForKernel.

sceKernelSysrootGetKblParamForKernel
Temp name was sceKernelGetSysrootBufferForKernel, sceSysrootGetSysrootBufferForKernel.

Returns pointer to KBL Param.

sceKernelSysrootGetSoCRevisionForKernel
return pSysroot->soc_revision;

sceKernelSysrootGetPervasiveUnkDwordForKernel
This is a guessed name.

Returns value initially read from physical address 0xE3100004 (ScePervasiveMisc + 0x4).

return pSysroot->pervasive_unk_dword;

sceKernelSysrootGetKermitRevisionForKernel
return pSysroot->kermit_revision;

Used by SceKernelBusError, SceSysStateMgr.

sceKernelSysrootGetErnieSleepFactorForKernel
This is a guessed name.

See KBL Param.

return kbl_param->sleep_factor;

sceKernelSysrootGetErnieWakeupFactorForKernel
This is official name. Temp name was sceSysrootGetWakeupFactorForKernel.

See KBL Param.

return kbl_param->wakeup_factor;

sceKernelSysrootGetSessionIdForKernel
Writes kbl_param->session_id to buffer.

pSessionId buffer size is 0x10 bytes.

sceKernelSysrootIsExternalBootModeForKernel
return *(int *)(kbl_param->boot_type_indicator_1) & 1;

sceKernelSysrootIsSomeBootModeForKernel
This is a guessed name. A possible name is sceKernelIsAllowSdCardFromMgmt.

Used by SceSdif, SceExfatfs.

return (*(int *)(kbl_param->boot_type_indicator_1) >> 19) & 1;

Returns true if boot_type_indicator_1 has flag 0x80000 ?sd mode? - (Mgmt bit 1)

sceKernelSysrootIsExternalBootMode2ForKernel
This is a guessed name. Temp name was sceSysrootIsSomeBootMode2ForKernel. A possible name is sceKernelIsAllowFwCheckSkip.

return kbl_param->boot_type_indicator_1[2] & 1;

Return true if boot_type_indicator_1 has flag 0x10000 but it seems to be never set in external (release) second_loader. It allows to bypass current fw version check for module loading.

sceKernelSysrootIsUartModeForKernel
This is a guessed name. Temp name was sceSysrootIsSomeModeForKernel.

Returns true if (kbl_param->boot_flags[1] != 0xFF).

Used to check if UART must be initialized or not.

sceKernelSysrootIsBsodRebootForKernel
return ((pKblParam->wakeup_factor) & 0x7Fu) == 0x17;

sceKernelSysrootIsUnknownRebootForKernel
return (*(int *)(kbl_param->wakeup_factor) & 0x7Fu) <= 1;

sceKernelSysrootIsManufacturingModeForKernel
This is a guessed name. Temp name was sceSysrootUseExternalStorageForKernel.

When returns true it allows loading sd0:psp2config.skprx.

Returns true when Manufacturing Mode flag is set:

return (*(int *)(kbl_param->boot_type_indicator_1) >> 2) & 1;

sceKernelSysrootUseInternalStorageForKernel
Returns true when use internal storage flag is not set:

return *(char *)(kbl_param->boot_flags[5]) & 1 ^ 1;

sceKernelSysrootGetThreadAccessLevelForKernel
Calls int (__cdecl *GetThreadAccessLevel); // 0x344 on 3.60

sceKernelSysrootAllocRemoteProcessHeapForKernel
Temp name was sceKernelAllocHeapMemoryForKernel.

Same as  but does set   to 0x1000B.

Checks that pid is 0x10013 or 0x10005 (kernel).

sceKernelSysrootGetModulePrivateForKernel
data : 3: system memory (0xDC-bytes), 7: some process data (?-bytes), 9: kbl module cb (0xAC-bytes)

sceKernelSysrootGetSecureStatusForKernel
return *(uint *)some_buf->field_0x28 & 1;

sceKernelSysrootIsSecureStateForKernel
return (*(uint *)some_buf->field_0x28 ^ 1) & 1;

sceKernelSysrootIsColdBootForKernel
return (*(uint *)some_buf->field_0x28 & 10; // FW 3.60 in IDA PRO

return ((*(uint *)some_buf->field_0x28 ^ 0x10) << 0x1b) >> 0x1f; // FW 0.940 in Ghidra

SceSysrootForDriver_6219CC14
Used in SceUlobjMgr.

SceSysrootForDriver_F804F761
Used with GCSD SCE MBR second part.

This function always returns 0 on FW 3.60.

sceKernelSysrootSetVipRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootClearVipRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootGetVipRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootSetVeneziaRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootClearVeneziaRpcDebugFuncForDriver
This is a guessed name.

sceKernelSysrootGetVeneziaRpcDebugFuncForDriver
This is a guessed name.

sceKernelApiDeclareTypeUInt64ForDriver
Sets a value to 3.

sceKernelSysrootGetTimebaseClockFrequencyForDriver
Calls the function registered by.

Functions are registered only in DevKit.

Used by SceGpuEs4.

SceSysrootForDriver_C94C76FA
Registers some Sysroot functions.

SceSysrootForDriver_2BE874EF
Registers the function called by.

Used only in SceAppMgr.

SceSysrootForDriver_3B19B06B
Registers the function called by.

Used only in SceAppMgr.

SceSysrootForDriver_70AD47A9
Registers the function called by.

Used only in SceAppMgr.

SceSysrootForDriver_AA770EF7
Registers the function called by.

The function is registered from SceTty2uart only if DIP Switch 211 is set.

SceSysrootForDriver_591BB490
Calls the function registered by.

Gets tty2uart information into a 0x1000-sized buffer, similarly to. Returns some size, maybe size of the written tty2uart buffer.

Used only in SceCoredump.

SceSysrootForDriver_C5EAF5F7
Registers the function called by.

SceSysrootForDriver_47724459
Calls the function registered by.

SceSysrootForDriver_F9FB9A2A
Registers the function called by.

SceSysrootForDriver_40F28DC6
Calls the function registered by.

sceKernelSysrootGetCompiledSdkVersionByPidForDriver
Temp name was sceKernelGetProcessHeapIDForDriver.

Calls the function registered by.

Used in SceKernelModulemgr functions that load modules, for example SceKernelModulemgr.

SceSysrootForDriver_8747D415
Used by SceDeci4pSDfMgr.

Registers the function called by.

SceSysrootForDriver_B27B7530
Calls the function registered by.

sceKernelSysrootSetGetBuserrorDataFuncForDriver
This is a guessed name.

Registers the function called by.

sceKernelSysrootGetBuserrorDataForDriver
This is a guessed name.

Calls the function registered by.

SceSysrootForDriver_FF2DD7AB
Registers something.

SceSysrootForDriver_3AE319DA
Used by SceSyscon.

Get something registered by.

sceKernelSysrootGetHardwareFlagsForDriver
This is a guessed name. Temp name was sceSysrootIsAuCodecIcConexantForDriver.

Writes kbl_param->hardware_flags to buffer.

pFlags buffer size is 0x10 bytes.

sceKernelSysrootGetHardwareInfoForDriver
return kbl_param->hardware_info;

sceKernelSysrootSetUtMgrGetTrilithiumBufferFuncForDriver
Registers the function called by.

sceKernelSysrootSetSceSblPostSsMgrForDriver_A12C9950FuncForDriver
Registers the function called by.

The function is SceSblPostSsMgr.

sceKernelSysrootSceSblPostSsMgrForDriver_56D85EB0ForDriver
Used by SceSblACMgr.

Calls the function registered by.

The function is SceSblPostSsMgr.

sceKernelSysrootSetSblUtMgrHasUNK1FlagFuncForDriver
Registers the functions called by.

sceKernelSysrootSblUtMgrHasUNK1FlagForDriver
Calls the function registered by.

sceKernelSysrootSetSblUtMgrHasUNK2FlagFuncForDriver
Registers the function called by.

sceKernelSysrootSblUtMgrHasUNK2FlagForDriver
Calls the function registered by.

Used by SceSblACMgr.

SceSysrootForDriver_2D6B2A79
Registers a function related to kernel panic, called by or.

SceSysrootForDriver_CC7A0E63
Calls a function related to kernel panic, registered by or.

sceKernelSysrootDisableAutoClockDownForDriver
Derived from SceVshBridge.

return sceKernelCpuAtomicGetAndAdd32ForDriver(&a_flag_based_on_mgmt_bit0, 0x10);

Adds 0x10 from a SceSysmem global variable and returns it.

sceKernelSysrootEnableAutoClockDownForDriver
Derived from SceVshBridge.

return sceKernelCpuAtomicGetAndAdd32ForDriver(&a_flag_based_on_mgmt_bit0, 0xfffffff0);

Subtracts 0x10 from a SceSysmem global variable and returns it.

Used by SceCompat, ScePower, SceKernelDmacMgr, SceSblAuthMgr, SceSblSmschedProxy, SceSblSsSmComm.

SceSysrootForDriver_6050A467
Debug related. Returns an error when called because there is no handler set for retail.

SceSysrootForDriver_F4340469
Coredump related. Called during process load. something is same as in SceSysrootForDriver_6050A467.

sceKernelSysrootCoredumpTriggerForDriver
Used by SceDeci4pDbgp.

sceKernelSysrootSetProcessHandlerForDriver
Registers some handlers.

SceSysrootForDriver_421EFC96
Calls a function registered by.

Used only by SceAppMgr and called on process creation.

Hooked in: to make it return 0 (success).
 * HENkaku payload by Team Molecule
 * update365 by TheFloW

sceKernelSysrootSetGetSystemSwVersionFuncForDriver
Temp name was sceKernelSysrootSetSystemSwVersionForDriver.

Used by SceSblUpdateMgr.

sceKernelSysrootGetSystemSwVersionForDriver
Returns System Software version as int from SceSysmem memory. For exemple: 0x0365000 on 3.65.

sceKernelSysrootGetModelInfoForDriver
This is a guessed name, based on "sysroot->model_info".

Returns sysroot->model_info.

Used only in SceProcessmgr initializeBudget on module start. According to model_info, ScePhyMemPartShell is allocated with different parameters.

sceKernelSysrootCheckModelCapabilityForDriver
1: Support multi-controllers

0xB: Unknown. Related to sdio debug.

sceKernelSysrootInvokeInitCallbackExForDriver
This is a guessed name.

sceAesDecrypt1ForDriver
Perform normal AES decrypt.

sceAesDecrypt2ForDriver
Perform AES decrypt using encryption round key.

sceAesEncrypt1ForDriver
Perform AES encrypt. There are two functions that are the same on 1.69.

sceAesEncrypt2ForDriver
Perform AES encrypt. Similar to sceAesEncrypt1ForDriver.

sceAesInit1ForDriver
This sets up the AES engine. is a 0x3C0 byte buffer (on FW 1.69). and  values are in bits. 128/196/256 are supported values.

last arg to subroutine is 0

sceAesInit2ForDriver
last arg to subroutine is 1

sceAesInit3ForDriver
last arg to subroutine is 2

SceKernelUtilsForDriver_C76A7685
Looks like it relates to AES InvMixColumns.

SceKernelUtilsForDriver_60ED6EA9
Equivalent to AES getSBox32Value

sceMt19937GlobalInitForDriver
cp_timestamp_2 is gotten from SceKblParam.

sceMt19937GlobalUIntInRangeForDriver
Temp name was sceMt19937GlobalUninitForDriver.

sceXorshift128ForDriver
Similar implementation as xorshift128.

SceKernelUtilsForDriver_B55C69B7
If buffer is full of zeroes, then each of the four dwords of buffer are set to 1. Always success and always return 0.

Used in SceProcessmgr.

SceZlibForDriver
This library was moved to SceSblPostSsMgr on FW 1.80.

zlib compression library.

SceZlibForDriver_20A122F8
May be an initialization function.

Used by SceCoredump.

SceZlibForDriver_5492B3F2
Used by SceCoredump.

SceZlibForDriver_5B718E55
Used by SceCoredump.

SceKernelSuspendForDriver
Used to register handlers for handling suspend/resume related events.

sceKernelPowerLockForDriver
This is a guessed name.

Used in SceProcessmgr.

sceKernelPowerUnlockForDriver
This is a guessed name.

Used in SceProcessmgr.

SceKernelSuspendForDriver_4DF40893
Locks something.

Called in SceProcessmgr and SceProcessmgr just before starting a process.

Called just before NVS write.

SceKernelSuspendForDriver_2BB92967
Unlocks something.

Called in SceProcessmgr and SceProcessmgr just after starting a process.

Called just after NVS write.

sceKernelRegisterSysEventHandlerForDriver
Temp name was sceKernelSuspendRegisterCallbackForDriver.

Registers a function for handling suspend/resume. is 0 if we are currently suspending and 1 if we are currently resuming. is passed from the registration. Registration adds an entry to a linked list and returns the block id for the new entry.

Returns the suspend_handler_id.

SceKernelSuspendForDriver_CE7A2207
Registers a handler.

SceKernelSuspendForDriver_105C5752
Registers a handler.

SceKernelSuspendForDriver_D4958E6F
Dispatch handlers registered by.

sceKernelUnregisterSysEventHandlerForDriver
Call with the id returned from  to remove the entry from the linked list and free the memory.

sceKernelSysEventDispatchForDriver
This will go through the linked list and call each handler. If  is set, then the first handler that returns a negative value will stop the call chain and return the block id of the handler that broke the chain. Otherwise, this function will invoke each handler and return zero.

sceKernelPowerTickForDriver
Cancel specified idle timers to prevent entering in power save processing.

Returns 0 on success.

SceQafMgrForDriver
Provides many device permission checks including running app privilege checks, debugging enabled checks, and so on.

SceQafMgrForDriver_082A4FC2
Temp name was sceSblQafMgrIsAllowHost0AccessForDriver.

Used by sceSblFwLoaderLockForDriver, SceKernelModulemgr, SceSysStateMgr and SceSblPostSsMgr.

Used by sceSblSpsfoMgrOpenForDriver.

When this flag is set, it allows for example to load spsfo from host0:, and host0:psp2config.skprx.

SceQafMgrForDriver_694D1096
Only used by SceSblACMgr.

Might be something like sceSblQafMgrIsAllowUserAppDebug.

SceQafMgrForDriver_0E588747
Only used by SceRegistryMgr.

Returns true if the PSVita is an "Internal system".

sceSblQafMgrIsAllowSystemAppDebugForDriver
Used by SceDeci4pDtracep and SceSblACMgr.

If it returns false, syscalls debug trace printf is disabled.

sceSblQafMgrIsAllowKernelDebugForDriver
Used by SceKernelModulemgr, SceExcpmgr, SceCrashDump, SceHdmi, SceKernelBlueScreenOfDeath.

sceQafMgrIsAllowQAUpdateForDriver
Only used by SceSblUpdateMgr.

sceSblQafMgrIsAllowForceUpdateForDriver
Only used by SceSblUpdateMgr.

SceQafMgrForDriver_52B4E164
Only used by SceWlanBt and SceEnumWakeUp.

SceQafMgrForDriver_883E9465
Temp name was sceSblQafMgrIsAllowDecryptedBootConfigLoadForDriver.

Used by SceSysStateMgr.

Allows loading raw (unencrypted) psp2config.txt.

SceQafMgrForDriver_B9770A13
Needed to be enabled to work with DIPSW 251 (Enable "dummytty0:"). Needed by SceSysStateMgr to allow loading.

Used by SceKernelModulemgr and SceSysmodule.

SceQafMgrForDriver_AE033133
Only used by SceNpDrm.

SceQafMgrForDriver_DEC6DF4E
Only used by SceNpDrm.

SceQafMgrForDriver_41E04800
Only used by SceAppMgr.

SceQafMgrForDriver_7B14DC45
Only used by SceAppMgr.

scePmMgrGetProductModeForDriver
Returns 0 on success, 0x800f0a29 on failure.

Gets kbl_param using sceKernelSysrootGetKblParamForKernel.

result = ((int *)(kbl_param->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag

scePmMgrIsExternalBootModeForDriver
Gets kbl_param using sceKernelSysrootGetKblParamForKernel.

return (int *)(kbl_param->boot_type_indicator_1) & 1; // external boot mode flag

sceSblAIMgrGetSMIForDriver
SMI means Service / Manufacturing Information.

SMI is read from SceKblParam->min_fw_version.

sceSblAIMgrGetProductCodeForDriver
Temp name was sceSblAIMgrGetTargetIdForDriver.

Product Code = Target Id

sceSblAIMgrGetProductSubCodeForDriver
Product Sub Code = model revision

sceSblAIMgrIsTestForDriver
TEST = Internal Test Unit

Returns true if PsCode Product Code == 0x100.

sceSblAIMgrIsToolForDriver
TOOL = DevKit

Returns true if PsCode Product Code == 0x101.

sceSblAIMgrIsDEXForDriver
Returns true if PsCode Product Code == 0x102.

sceSblAIMgrIsCEXForDriver
Returns true if PsCode Product Code 0x103-0x111 AND sceSblAIMgrIsSpecialCEXForDriver returns false.

sceSblAIMgrIsVITAForDriver
Returns sceSblAIMgrIsGenuineVITAForDriver.

sceSblAIMgrIsDolceForDriver
Returns sceSblAIMgrIsGenuineDolceForDriver if returns true else returns sceKernelCheckDipswForDriver(0x98).

sceSblAIMgrIsGenuineVITAForDriver
Returns true if:
 * PsCode Product Code <= 0x111 AND sceSblAIMgrIsGenuineDolceForDriver returns false
 * sceSblAIMgrIsSpecialCEXForDriver returns true AND HardwareInfo != 0x700000 != 0x720000 != 0x510000

sceSblAIMgrIsDiagForDriver
Temp name was sceSblAIMgrIsSpecialCEXForDriver, sceSblAIMgrIsCEXJpFatForDriver.

Returns true if PsCode Product Code == 0x103 (Japan), PsCode Product Sub Code == 0x10 (FAT chassis) and PsCode Factory Code == 0x24 (SCE labs).

sceSblAIMgrIsToolDVT1ForDriver
Returns true if PsCode Product Code == 0x101 and PsCode Product Sub Code == 3.

sceSblAIMgrIsToolRev4ForDriver
Returns true if PsCode Product Code == 0x101 and PsCode Product Sub Code == 4.

sceSblAIMgrIsToolDVT2ForDriver
Returns true if PsCode Product Code == 0x101 and PsCode Product Sub Code == 5.

sceSblAIMgrIsCEXPrototypeRev2ForDriver
Returns true if PsCode Product Code == 0x103 and PsCode Product Sub Code == 2.

sceSblAIMgrIsCEXPrototypeRev7ForDriver
Returns true if PsCode Product Code == 0x103 and PsCode Product Sub Code == 7.

sceKernelUnregisterProcEventHandlerForDriver
Previous name was sceProcEventDeleteUidForDriver.

Wrapper to sceGUIDCloseForDriver.

sceKernelRegisterProcEventHandlerForDriver
Previous name was sceProcEventCreateEventForDriver

Uses sceKernelCreateEventForDriver.

Returns uid.

sceKernelInvokeProcEventHandlerForDriver
Uses suspend/resume LR.

SceDebugLedForDriver
GPI stands for General Purpose Input, and GPO stands for General Purpose Output.

sceKernelGetGPIForDriver
Only SceDebugLedForDriver function used by SceCoredump.

sceKernelRegisterKprintfHandlerForKernel
Temp name was sceDebugSetHandlersForKernel.

sceKernelGetDebugPutcharForKernel
Temp name was sceDebugGetPutcharHandlerForKernel.

Returns pointer to current debug putchar handler.

sceKernelRegisterDebugPutcharForKernel
Temp name was sceDebugRegisterPutcharHandlerForKernel.

Set debug print char handler.

sceKernelDebugPutcharForKernel
Temp name was sceDebugPutcharForKernel.

Print character.

Return 1.

sceKernelTtyPutcharForKernel
This is a guessed name.

Prints a character to the 0x1000-byte buffer returned by SceSysmem.

On success, returns printed size (always 1).

panic_on_kernel_exception
Prints information about a Kernel Exception, ?and certainly calls SceCoredump?, then calls SceSysrootForKernel_0DF574A9 in an infinite loop.

This function doesn't return.

See SceExcpmgr for the meaning of excpcode.

register_unk_handler
used by SceDeci4pSDbgp.

handler definition:

set_info_dump_flag
Temp name was sceDebugDisableInfoDumpForKernel.

Returns previous info dump flag.

start_logging
Returns 1 if logging has been started successfully, -1 else.

stop_logging
If state is not zero, stops logging and return 1, else does nothing and return 0.

Returns 1 if logging has been stopped, 0 else.

_sceKernelPrintDebugLogForKernel
If a2 is not zero, the current log buffer address is updated, else it is unchanged.

maxNum is guessed to be either the number of entries or the index of the chosen entry. Entry size is 0x40 bytes.

Uses sceKernelPrintfLevelForDriver to print.

sceKernelPrintDebugLogForKernel
Calls _sceKernelPrintDebugLogForKernel with maxNum = (log_buf_end - log_buf_start) / 0x40.

sceKernelPrintfCore0ForKernel
Same as sceKernelPrintfForDriver but only prints if CPU ID is 0.

sceKernelPrintfLevelCore0ForKernel
Same as sceKernelPrintfLevelForDriver but only prints if CPU ID is 0.

sceKernelGetMinimumLogLevelForKernel
Returns the minimumLogLevel set by sceKernelSetMinimumLogLevelForKernel.

sceKernelSetAssertLevelForKernel
Temp name was sceKernelSetMinimumAssertionLevelForKernel.

Overrides in memory g_assertLevel set by DIP switches 201 and 202.

Returns the previous assert level.

sceKernelGetAssertLevelForKernel
Temp name was sceKernelGetMinimumAssertionLevelForKernel.

Returns g_assertLevel from memory.

sceDebugRegisterBacktraceInternalForKernel
This is a guessed name.

Registers a callback for SceKernelModulemgr.

If callback runs successfully (returns >= 0), value of pNumReturn is used as third argument of PrintBacktrace, else PrintBacktrace is not called at all.

sceDebugRegisterPrintBacktraceForKernel
This is a guessed name.

Registers a callback for SceKernelModulemgr.

SceDebugForKernel_F1F861CF
Registers a callback that is called when a crash occur.

Used by SceKernelBlueScreenOfDeath.

sceKernelPrintfForDriver
Temp name was sceDebugPrintfForDriver.

sceKernelVprintfLevelWithCtxForDriver
Temp name was sceDebugPrintf2ForDriver.

sceKernelAssertForDriver
Temp name was sceDebugPrintKernelAssertionForDriver.

sceKernelVprintfAssertLevelForDriver
Temp name was sceDebugPrintfKernelAssertionForDriver.

sceKernelGetAssertLevelForDriver
Temp name was sceKernelGetMinimumAssertionLevelForDriver.

Returns g_assertLevel from memory.

sceKernelPanicForDriver
Temp name was sceDebugPrintKernelPanicForDriver.

sceKernelGetTtyInfoForDriver
This is a guessed name.

_sceEventLogPutForDriver
Derived from SceVshBridge.

Calls SceSysmem with KERNEL PID and SceSysmem return value as second argument.

sceEventLogPutForDriver
This is a guessed name.

sceEventLogGetInfoForDriver
This is a guessed name.

Copy by blocks of 0x30 bytes (or maybe 0xC0 bytes).

sceKernelAllocPartitionMemBlockForTZS
Temp name was sceKernelAllocMemBlockForPidForTZS.

sceKernelVAtoPAForTZS
This will write the physical address for a virtual address  to memory pointed to by.

Returns <0 on error, values >=0 indicate success.

sceKernelDebugPutcharForTZS
Print character.

sceKernelGetAssertLevelForTZS
Returns g_assertLevel from memory.

sceKernelPrintfCore0ForTZS
Same as sceKernelPrintfForTZS but only prints if CPU ID is 0.

sceKernelPrintfLevelCore0ForTZS
Same as sceKernelPrintfLevelForTZS but only prints if CPU ID is 0.

stop_logging
If state is not zero, stops logging and return 1, else does nothing and return 0.

Returns 1 if logging has been stopped, 0 else.

register_unk_cb
The callback has this definition:

If unk_cb runs successfully (return >= 0), pOut is used as third argument of unk_cb2, else unk_cb2 is not called at all.

register_unk_cb2
The callback has this definition:

SceCpuForTZS

 * 0.931: 0xACA39932: unknown, save context that will be restored with 0xCA74C9A2
 * 0.931: 0xCA74C9A2: unknown, restore context saved with 0xACA39932
 * 0.931: 0xE0B34336: unknown, same as SceCpuForKernel_9D72DD1B
 * 0.931-0.990: 0x40DEC1B6: sceKernelWaitForEvent
 * 0.931-0.990: 0xF42F079B: sceKernelSendEvent
 * 0.940: 0x1266F962: sceKernelAbort
 * 0.931-0.940: 0x98BF47D3: sceKernelGetVmaccessRange
 * 0.931: 0x49AD8B60: sceKernelSetFIQModeStack
 * 0.931: 0xC2A428F3: sceKernelSetMonModeStack
 * 0.931: 0xD9013440: sceKernelSetIRQModeStack
 * 0.931: 0xDF17E4A3: sceKernelSetUndModeStack
 * 0.931: 0xF832C341: sceKernelSetAbtModeStack
 * 0.931: 0xFB1D3114: sceKernelSetSvcModeStack
 * 0.931: 0xF6CE21EA: sceKernelPrintCpuMode
 * 3.60: 0x31E78A4B: unknown
 * 3.60: 0x4FED4BCE: unknown
 * 3.60: 0x7548CBCF: unknown
 * 3.60: 0xD4E7413D: unknown

1.80:     NID 0: 0x0A15B41C: sceKernelL1DcacheCleanInvalidateAll NID 1: 0x17A88E69: sceKernelL1DcacheCleanRange NID 2: 0x190D96D5: sceKernelDcacheCleanRange NID 3: 0x2A0A3DC6 NID 4: 0x2B6403F8: on FW 3.60, does nothing and returns -1 NID 5: 0x2FE24445: sceKernelCpuAtomicSet32 NID 6: 0x308D7ABE: sceKernelCpuDcacheInvalidateMVACRange NID 7: 0x324727D1: sceKernelGetCpsr NID 8: 0x39FCFCC2: sceKernelDomainTextMemcpy NID 9: 0x44C423D3: sceKernelCpuId NID 10: 0x49B11FF8 NID 11: 0x71FD9AB5: sceKernelSpinlockLowLock NID 12: 0x72CA4F7A: sceKernelGetSpsr NID 13: 0x75D87321: sceKernelCpuAtomicOrAndGet32 NID 14: 0x7A5373EB: sceKernelDcacheCleanInvalidateRange NID 15: 0x7CCE9480: sceKernelDcacheCleanInvalidateAll NID 16: 0x864E3DED NID 17: 0x9E4C0D0D: on FW 3.60, does nothing and returns -1 NID 18: 0xA5965CBF: sceKernelL1IcacheInvalidateEntireAllCore NID 19: 0xACF209F3: sceKernelSpinlockLowTrylockCpuSuspendIntr NID 20: 0xB421FAFD: sceKernelL1IcacheInvalidateRange NID 21: 0xB8F00FBE: sceKernelSpinlockLowUnlockCpuResumeIntr NID 22: 0xC4137AED: sceKernelPleFlushRequest NID 23: 0xCD98416C: sceKernelSpinlockLowUnlock NID 24: 0xCDD46655: sceKernelDcacheInvalidateRange NID 25: 0xD67A4356: sceKernelSpinlockLowLockCpuSuspendIntr NID 26: 0xEFD6F289: sceKernelCpuAtomicCompareAndSet8

__stack_chk_guard
This is a variable.

sceKernelSysrootGetKblParamForTZS
Returns pointer to KBL Param buffer.

sceSblQafManagerIsAllowKernelDebugForTZS
return *(char *)(sceKernelSysrootGetKblParamForTZS + 0x2D) & 1;