SceSblSsSmComm

SceSblSsSmComm is a kernel module that is primary responsible for sending F00D commands.

Module

Known NIDs

Libraries

Known NIDs

Types

/* example of caller_self_info
char data[0x90] =
{
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00,
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
}; */

typedef struct SceSblSmCommContext130 // size is 0x130 as its name indicates
{
   uint32_t unk_0;
   uint32_t self_type; // kernel = 0, user = 1, SM = 2
   SceSelfAuthInfo caller_self_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo called_self_info; // set by F00D in F00D SceSblSmCommContext130 response
   uint32_t pathId; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   uint32_t unk_12C; // if (kbl_param->boot_type_1 & 0x40) == true set unk_12C to 1, else set to 0xA
} SceSblSmCommContext130;

SceSblSmCommForKernel

sceSblSmCommStopSmForKernel

This function calls sceSblSmCommCallFuncForKernel with -1 as command_id and then calls sceSblSmSchedProxyWaitForKernel.

int sceSblSmCommStopSmForKernel(int id, int result[2]);

sceSblSmCommStartSmFromDataForKernel

// Priority is binary: 1 = low, 0 = high. Running a high priority SM module while
// a low priority one is currently running will [[F00D Processor|suspend]] it.
int sceSblSmCommStartSmFromDataForKernel(int priority, const char *sm_self_data, int sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, int* id);

sceSblSmCommStartSmForKernel

cmd_id is the F00D command ID. For exemple in 0.940 ss_mgr.skprx, when loading "os0:sm/qaf_sm.self", cmd_id = -1, 0, 1, 4, 5, 6, 7.

// Priority is binary: 1 = low, 0 = high. Running a high priority SM module while
// a low priority one is currently running will [[F00D Processor|suspend]] the low one.
int sceSblSmCommStartSmForKernel(int priority, char* sm_self_path, int cmd_id, SceSblSmCommContext130* ctx_130, int* id);

sceSblSmCommCallFuncForKernel

sm_comm_context is described more here

f00d_resp comes from Request Buffer from offset 0x08

gc_param is generated by game card and has value 0x01

typedef struct SceSblSmCommGcData {
	int unk_0; // 1
	int command;
	char data[0x800];
	int key_id;
	int size;
	int unk_810; // 0
} SceSblSmCommGcData; /* size = 0x814 */

typedef struct SceSblSmCommMsifData {
	unsigned int unk00;
	unsigned int unk04;
	unsigned int unk08;
	unsigned int unk0C;
	unsigned int unk10;
	unsigned int unk14;
	unsigned int unk18;
	unsigned int unk1C;
} SceSblSmCommMsifData; /* size = 0x20 */

int sceSblSmCommCallFuncForKernel(int id, int service_id, int *f00d_resp, void *data, int size);

SceSblSsSmComm

This library is present on 1.69 but is not present on 3.60.

sceSblSmCommStopSm

sceSblSmCommStartSm_

sceSblSmCommCallFunc_

   sceSblSmCommStopComm 0xC35FB95A