SceCoredump

From Vita Development Wiki
Jump to navigation Jump to search

Module

Version World Privilege
1.69-3.60 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
1.69 SceCoredumpForDriver Non-secure Kernel 0xA351714A
3.60 SceCoredumpForDriver Non-secure Kernel 0xA351714A
3.60 SceCoredump Non-secure User 0xA143A77F
3.60 SceCoredumpNounlink Non-secure User 0x2646E9D8

Enabling more coredumps

Though it may be possible to enable some Coredump features via setting registry values, patching for creating full Coredumps on CEX is required. There are 2 key patches. In the SceCoredump module, there are two functions that read values from the registry. The registry key used is "/CONFIG/COREDUMP".

The first patch is to force the function (located at base+0x3070 on 1.50) that checks the key "enable_coredump" to return 1 (True).

The second patch is to force the function (located at base+0x3000 on 1.50) that checks the key "dump_level" to return 0xEF0 (full coredump).

Thread stopReason table

stopReason Description
0x10002 Nothing
0x10003 Nothing
0x10004 AppMgr detected hungup
0x10005 Spontaneous exit
0x10006 Stack overflow
0x10007 Syscall illegal context
0x10008 Syscall critical usage
0x10009 Syscall illegal number
0x20001 Hardware watchpoint
0x20002 Software watchpoint
0x20003 Hardware bkpt
0x20004 Software bkpt
0x20005 Startup failed
0x20006 Prx stop init
0x20007 Dtrace bkpt
0x30002 Undefined instruction exception
0x30003 Prefetch abort exception
0x30004 Data abort exception
0x40001 Fpu vfp
0x40002 Fpu neon
0x50001 Gpu exception
0x60080 Int div0
0x8XXXX Unrecoverable

SceCoredumpForDriver

sceCoredumpCafContextCreateForDriver

Version NID
3.60 0x2964AD0A

derived from SceVshBridge

Returns Caf context.

SceUID sceCoredumpCafContextCreateForDriver(void);

sceCoredumpCafContextDestroyForDriver

Version NID
3.60 0x95402BF3

derived from SceVshBridge

sceCoredumpCafCreateIvForDriver

Version NID
3.60 0xE1BCBE8F

sceCoredumpCafFinalForDriver

Version NID
3.60 0xC90F61AF

derived from SceVshBridge

sceCoredumpCafHeaderFinalForDriver

Version NID
3.60 0x65AA4991

derived from SceVshBridge

sceCoredumpCafHeaderInitForDriver

Version NID
3.60 0x7C8120C5

derived from SceVshBridge

sceCoredumpCafHeaderTransformForDriver

Version NID
3.60 0xAE2C2793

derived from SceVshBridge

sceCoredumpCafInitForDriver

Version NID
3.60 0x9336009B

derived from SceVshBridge

sceCoredumpCafSegmentFinalForDriver

Version NID
3.60 0xDF17420A

derived from SceVshBridge

int sceCoredumpCafSegmentFinalForDriver(SceUID ctx, void *buf, SceSize size);

sceCoredumpCafSegmentInitForDriver

Version NID
3.60 0x07185515

derived from SceVshBridge

base_key size is 0x10. It is the key that is sent to SceSblPostSsMgr for maybe some modification.

int sceCoredumpCafSegmentInitForDriver(SceUID ctx, int a2, int a3, int a4, void *base_key, SceSize size);

sceCoredumpCafSegmentTransformForDriver

Version NID
3.60 0xFB7AEBFE

derived from SceVshBridge

int sceCoredumpCafSegmentTransformForDriver(SceUID ctx, void *src, void *dst, SceSize size);

sceCoredumpCreateDumpForDriver

Version NID
3.60 0x0C10313F

derived from SceVshBridge

sceCoredumpDeleteCrashReportCafForDriver

Version NID
3.60 0xAD070837

derived from SceVshBridge

SceCoredumpForDriver_097AA37D

Version NID
3.60 0x097AA37D

Used in SceAppMgr

Used in SceAppMgrAbortHandler

Always returns 1.

SceBool SceCoredumpForDriver_097AA37D(void);

sceKernelCoredumpTriggerForDriver

Version NID
0.990-3.60 0xA7D214A7

Used in SceAppMgr

Used in SceAppMgrAbortHandler

typedef struct SceKernelCoredumpTriggerParam { // Size is 0x4 or 0x8 on FW 0.990
  SceSize size; // Size of this structure
  SceSize dumpLevel; // 0xF (minimal coredump), 0xEF0 (full coredump)
} SceKernelCoredumpTriggerParam;

int sceKernelCoredumpTriggerForDriver(SceUID pid, const void *update_cb, const void *finish_cb, SceKernelCoredumpTriggerParam *pParam);

sceKernelCoredumpCancelForDriver

Version NID
0.990-3.60 0x340856F7

Used by sceAppMgrFinishCoredumpForShell

Used in sceCoreDumpFinishCoredumpForShellForDriver

int sceKernelCoredumpCancelForDriver(int task_id);

SceCoredumpForDriver_unk_10863B61

Version NID
3.60 0x10863B61

SceCoredumpForDriver_unk_12392973

Version NID
3.60 0x12392973

SceCoredumpForDriver_D064F6DC

Version NID
0.990-3.60 0xD064F6DC

Calls SceCoredumpForDriver_A7D214A7.

int SceCoredumpForDriver_D064F6DC(int a1, int a2, int a3, SceCoredumpForDriver_A7D214A7_Opt *pOpt);

SceCoredumpForDriver_unk_EF20949F

Version NID
3.60 0xEF20949F

SceCoredumpForDriver_unk_13EF8516

Version NID
3.60 0x13EF8516

Probably opens/creates coredump file

SceCoredump

sceCoredumpRegisterCoredumpHandler

Version NID
3.60 0x031DC61E

Calls SceProcessmgr#sceKernelRegisterCoredumpHandlerForDriver.

int sceCoredumpRegisterCoredumpHandler(void *handler, SceSize size, void *memblock_addr);

sceCoredumpUnregisterCoredumpHandler

Version NID
3.60 0x6037A2C3

Calls SceProcessmgr#sceKernelUnregisterCoredumpHandlerForDriver.

int sceCoredumpUnregisterCoredumpHandler(void);

SceCoredumpNounlink

sceCoredumpWriteUserData

Version NID
3.60 0xDF335DCF
// Write user data to SceCoredump kernel heap
// Maximum theoretical size is 0x4000 bytes (heap size)
int sceCoredumpWriteUserData(const void *data, SceSize size);