ScePfsMgr

Crypto engine
heavily uses crypto API from SceSblSsMgrForDriver.

There is a separate thread in  that is called.

Almost all calls to the crypto API are done from this single thread.

uses a crypto task dispatch mechanism based on mutexes and conditions.

It uses a  structure for dispatching the task.

Pointer to that structure is written at offset 0x158 of data section (this needs confirmation).

For dispatching the task  uses subroutine located at offset 0xBD88.

When task is dispatched  mutex is locked,   condition is signaled,   is unlocked.

For waiting till task is completed  uses subroutine located at offset 0xBEA0.

Then  mutex is locked, wait happens on   condition,   mutex is unlocked.

Meanwhile  runs.

It locks  mutex, waits for   condition, unlocks   mutex.

When task is finished  locks   mutex, signals   to specific thread, unlocks   mutex.

Thread id for signaling  is stored in.

VFS node functions
Dispatching mechanism is used only by VFS node functions.

Nodes that are used:


 * PFS_GDSD_INF
 * PFS_AC_INF

Node functions that are used:


 * 5 - sceIoReadForDriver
 * 6 - sceIoWriteForDriver
 * 16 - sceIoChstatForDriver
 * 19 - sceIoPreadForDriver
 * 20 - sceIoPwriteForDriver
 * 26 - sceIoChstatByFdForDriver

note
There is a debug pfs allow check by sceSblAimgrIsCEX.

If debug pfs and sceSblAimgrIsCEX returns non-zero, pfs mount will fail with error code 0x80010016.

scePfsApproveForKernel

 * find pfs_pmi_buffer_list_ctx* by mount_point
 * check auth ids
 * set unk_94 flag

scePfsAcidDirMountForKernel

 * open mountpoint/dlc_folder directory
 * execute ioctl command 0x4402 with klicensee input
 * close mountpoint/dlc_folder directory

scePfsAcidDirUnmountForKernel

 * open mountpoint/dlc_folder directory
 * execute ioctl command 0x4404
 * close mountpoint/dlc_folder directory

scePfsAcidDirApproveForKernel

 * open mountpoint/dlc_folder directory
 * execute ioctl command 0x4403
 * close mountpoint/dlc_folder directory

savedata_ioctl_0x4410
execute 0x4410 command on 0: get 8 bytes of result

t_scePfsFacadeReadForDriver
This is a thread callback used by

This function is not implemented and throws  error

t_scePfsFacadeWriteForDriver
This is a thread callback used by

t_scePfsFacadePreadForDriver
This is a thread callback used by

t_scePfsFacadePwriteForDriver
This is a thread callback used by