NSKBL: Difference between revisions
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) (→Types) |
||
| Line 18: | Line 18: | ||
<source lang="C"> | <source lang="C"> | ||
typedef struct SceNskblModuleInfo { // Size is 0xC on FWs 0.940-0.990 | |||
typedef struct SceNskblModuleInfo { | char* moduleName; // Raw SKPRX file name (e.g. "sysmem.skprx"). Modules are loaded either from os0:kd/ or host0:module/. | ||
char* moduleName; //Raw SKPRX name (e.g. "sysmem.skprx") | SceUID moduleId; // SCE_UID_INVALID_UID. It gets filled when loading. | ||
SceUID moduleId; //SCE_UID_INVALID_UID | SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule. | ||
SceUInt32 loadFlags; //Passed as flags to | |||
} SceNskblModuleInfo; | } SceNskblModuleInfo; | ||
Revision as of 00:42, 28 May 2022
Non-Secure Kernel Boot Loader (NSKBL) is a Non-Secure world program that performs eMMC setup, base kernel modules loading, etc. during PSVita boot.
Module
The NSKBL contains subroutines that are stripped versions of the non-secure kernel ones found in SceSysmem, SceKernelModulemgr, SceSblSmschedProxy, SceExcpmgr, SceKernelIntrMgr, SceSblAuthMgr, SceProcessmgr (maybe), SceSdif, SceIofilemgr (simple version?), and some other core drivers.
Notes
How to debug NSKBL
NSKBL supports sd0: for debugging. pKblParam->boot_type_indicator_1 = 0x40000 is required.
sceIoOpen(?) error code 0x803FF007
This error can occur if the file is fragmented.
Types
typedef struct SceNskblModuleInfo { // Size is 0xC on FWs 0.940-0.990
char* moduleName; // Raw SKPRX file name (e.g. "sysmem.skprx"). Modules are loaded either from os0:kd/ or host0:module/.
SceUID moduleId; // SCE_UID_INVALID_UID. It gets filled when loading.
SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule.
} SceNskblModuleInfo;
/* Many pointers are NSKBL heap relationships */
typedef struct SceNskblSysrootInfo { // size is at least 0xC8 on FW 3.60
SceUID unk_0x00; // maybe some PID. ex: 0x10089
int unk_0x04;
void *unk_0x08;
void *unk_0x0C;
void *unk_0x10;
void *unk_0x14;
void *unk_0x18;
void *unk_0x1C;
void *unk_0x20;
void *unk_0x24;
void *unk_0x28;
void *unk_0x2C;
SceUID unk_0x30; // maybe some PID. ex: 0x1000B
const void *unk_0x34; // mapped paddr in vaddr
const void *unk_0x38; // mapped paddr in vaddr
void *unk_0x3C;
int unk_0x40; // ex: 0x80000000
int unk_0x44; // ex: 0x20000000
void *unk_0x48;
void *unk_0x4C;
void *unk_0x50;
void *unk_0x54;
void *unk_0x58;
void *unk_0x5C;
void *unk_0x60;
void *unk_0x64;
void *unk_0x68;
void *unk_0x6C;
void *unk_0x70;
void *unk_0x74;
void *unk_0x78;
void *unk_0x7C;
void *unk_0x80;
void *unk_0x84;
void *unk_0x88;
void *unk_0x8C;
void *unk_0x90;
void *unk_0x94;
void *unk_0x98;
SceUInt32 magic; // 0x 19442EA8
int unk_0xA0; // ex: 0x1000
int unk_0xA4; // ex: 0x1000
int unk_0xA8; // ex: 0x40000
int unk_0xAC; // ex: 0x200000
int unk_0xB0; // ex: 7
int unk_0xB4;
int unk_0xB8; // ex: 0x80
sysroot_t *pSysroot;
void *unk_0xC0;
void *unk_0xC4;
// more...?
} SceNskblSysrootInfo; // 3.60
SceNskblSysrootInfo *nskbl_sysroot_info = (SceNskblSysrootInfo *)(0x51000000 + 0x138980); // 3.60
Libraries
Known NIDs
| Version | Name | World | Visibility | NID |
|---|---|---|---|---|
| 0.940-3.65 | SceKblForKernel | Non-secure | Kernel | 0xD0FC2991 |
SceKblForKernel
sceSDrfpStartForKernel
| Version | NID |
|---|---|
| 0.940-0.990 | 0x230456F3 |
| 3.60 | not present |
sceSDbgSdioStartForKernel
| Version | NID |
|---|---|
| 0.940-0.990 | 0x29A8524D |
| 3.60 | not present |
Requires DIPSW 193.
SceInt32 sceSDbgSdioStartForKernel(void);
SceKblForKernel_99B2F981
| Version | NID |
|---|---|
| 0.940-0.990 | 0x99B2F981 |
| 3.60 | not present |
On FW 0.940, it calls a routine that simply executes cpsid i then returns 0.
CPSID i ; Disable all interrupts except NMI (set PRIMASK)
Disables IRQ interrupts by setting the I-bit in the CPSR.
BootModulesForKernel
| Version | NID |
|---|---|
| 0.940-0.990 | 0xA7D60F71 |
| 3.60 | not present |
Runs the entrypoint of all modules in provided list. The list end is marked by an entry with moduleId = SCE_UID_INVALID_UID.
// If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and // module_bootstart is executed on all cores SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);
sceSDfMgrStartForKernel
| Version | NID |
|---|---|
| 0.940-0.990 | 0xAA8005E4 |
| 3.60 | not present |
LoadModulesForKernel
| Version | NID |
|---|---|
| 0.940-0.990 | 0xFAE33FDD |
| 3.60 | not present |
Load all modules from the provided list. The list end is marked by an entry with moduleName = NULL.
Module GUIDs are populated into the list, so it must be writeable.
SceInt32 LoadModules(SceNskblModuleInfo* module_list);
sceKblPutcharForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x08E9FAEB |
This is a guessed name.
This function is at 0x510172BD in FW 3.60 and at 0x51003BE0 in FW 0.940.040.
int sceKblPutcharForKernel(void *args, char c);
sceKernelPrintfForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x13A5ABEF |
In FW 3.60 this function is at 0x510137A9.
int sceKernelPrintfForKernel(const char *fmt, ...);
sceKernelPrintfLevelForKernel
| Version | NID |
|---|---|
| 0.940 | Not present |
| 0.990-3.60 | 0x752E7EEC |
In FW 3.60 this function is at 0x51013841.
int sceKernelPrintfLevelForKernel(int level, const char *fmt, ...);
sceKernelGetDebugLevelForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0xC011935A |
Temp name was sceKblGetMinimumLogLevel.
In FW 3.60 this function is at 0x51013921.
int sceKernelGetDebugLevelForKernel(void);
sceKernelGetDebugPutcharForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x9B868276 |
In FW 3.60 this function is at 0x51013765.
void *sceKernelGetDebugPutcharForKernel(void);
sceKernelSysrootProcessmgrStart2ForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x161D6FCC |
In FW 3.60 this function is at 0x510123DD.
int sceKernelSysrootProcessmgrStart2ForKernel(void);
sceKernelSysrootThreadMgrStartAfterProcessForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x1DB28F02 |
In FW 3.60 this function is at 0x510123A1.
int sceKernelSysrootThreadMgrStartAfterProcessForKernel(void);
sceKernelSysrootIofilemgrStartForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0xC7B77991 |
In FW 3.60 this function is at 0x5101297D.
int sceKernelSysrootIofilemgrStartForKernel(void);
sceKernelSysrootCorelockUnlockForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x314AA770 |
In FW 3.60 this function is at 0x510124FD.
void sceKernelSysrootCorelockUnlockForKernel(void);
sceKernelSysrootCorelockLockForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x807B4437 |
In FW 3.60 this function is at 0x510124E5.
void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);
sceKblCpuDisableIrqInterruptsForKernel
| Version | NID |
|---|---|
| 0.940-0.990 | Not present |
| 3.60 | 0xDDB3A1A8 |
This is a guessed name. Temp name was sceKblCpuSwitchInterruptsForKernel.
In FW 3.60 this function is at 0x51003554.
void sceKblCpuDisableIrqInterruptsForKernel(void);
sceSblAimgrIsCEXForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x8A416887 |
In FW 3.60 this function is at 0x510171B5.
int sceSblAimgrIsCEXForKernel(void);
sceSblAimgrIsDiagForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0xC3DDDE15 |
In FW 3.60 this function is at 0x51017175.
int sceSblAimgrIsDiagForKernel(void);
sceSblAimgrIsDEXForKernel
| Version | NID |
|---|---|
| 0.940-0.990 | Not present |
| 3.60 | 0x5945F065 |
In FW 3.60 this function is at 0x51017159.
int sceSblAimgrIsDEXForKernel(void);
sceSblAimgrIsToolForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0xB6C9ACF1 |
In FW 3.60 this function is at 0x51017139.
int sceSblAimgrIsToolForKernel(void);
sceSblAimgrIsTestForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0x943E7537 |
In FW 3.60 this function is at 0x5101711D.
int sceSblAimgrIsTestForKernel(void);
sceSblAimgrIsVITAForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0x838466E9 |
In FW 3.60 this function is at 0x51017299.
int sceSblAimgrIsVITAForKernel(void);
sceSblAimgrIsDolceForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0xA7BD4417 |
In FW 3.60 this function is at 0x510172A1.
int sceSblAimgrIsDolceForKernel(void);
sceSblAimgrIsGenuineDolceForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0xB6D00D6D |
In FW 3.60 this function is at 0x510171E5.
int sceSblAimgrIsGenuineDolceForKernel(void);
sceKblLoadModuleForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0x6D7A1F18 |
This is a guessed name.
In FW 3.60 this function is at 0x51001551.
typedef struct SceModuleLoadList {
const char *filename;
} __attribute__((packed)) SceModuleLoadList;
int sceKblLoadModuleForKernel(const SceModuleLoadList *pList, SceUID *pUidList, SceUInt32 count, SceBool use_tool_extended_memory);
sceKblStartModuleForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0x9A92436E |
This is a guessed name.
In FW 3.60 this function is at 0x51001571.
int sceKblStartModuleForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);
sceKblAuthMgrCloseForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0x79241ACF |
This is a guessed name.
In FW 3.60 this function is at 0x51001345.
int sceKblAuthMgrCloseForKernel(void);
sceKblSetNonSyncModuleStartForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0x9F4F3F98 |
This is a guessed name.
In FW 3.60 this function is at 0x51001561.
int sceKblSetNonSyncModuleStartForKernel(void);
sceKernelCpuIdForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0xB506A10E |
In FW 3.60 this function is at 0x510147C9.
int sceKernelCpuIdForKernel(void);
sceKernelCheckDipswForKernel
| Version | NID |
|---|---|
| 0.990-3.60 | 0xC8F4DE71 |
In FW 3.60 this function is at 0x51015851.
int sceKernelCheckDipswForKernel(int bit);
sceSblQafManagerIsAllowKernelDebugForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0xCE94F329 |
In FW 3.60 this function is at 0x51016FD1.
int sceSblQafManagerIsAllowKernelDebugForKernel(void);
sceKblGetHardwareFlagsForKernel
| Version | NID |
|---|---|
| 0.990 | not present |
| 3.60 | 0xD3A516D5 |
This is a guessed name.
In FW 3.60 this function is at 0x510128AD.
typedef struct SceHardwareFlags {
uint32_t data[4];
} __attribute__((packed)) SceHardwareFlags;
int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);
sceKblInitDeviceForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0xF7AF8690 |
This is a guessed name.
Some device init function. On FW 0.940 it initializes and mounts os0: (eMMC) and sd0: (GCSD).
In FW 3.60 this function is at 0x5100124D.
int sceKblInitDeviceForKernel(void);
sceKblFreeFileSystemCtxForKernel
| Version | NID |
|---|---|
| 0.940-3.60 | 0x261F2747 |
This is a guessed name.
Cleanup state created by NSKBL#sceKblInitDeviceForKernel.
In FW 3.60 this function is at 0x51001321.
int sceKblFreeFileSystemCtxForKernel(void);