Library function list

[Herben]

Starting a new thread for people to paste library and function names. I assume that atleast some of you have started such lists, so please post them here. If not, I'll start doing some extractions myself. You don't need to include the SHA1 hash keys.

[nem]

some stub as follows:

Code: Select all

	STUB_START	"sceCtrl",0x40010000,0x00020005
	STUB_FUNC	0x6A2774F3,sceCtrlSetSamplingCycle
	STUB_FUNC	0x1F803938,sceCtrlReadBufferPositive
	STUB_END

	STUB_START	"sceDisplay",0x40010000,0x00030005
	STUB_FUNC	0x0E20F177,sceDisplaySetMode
	STUB_FUNC	0x289D82FE,sceDisplaySetFrameBuf
	STUB_FUNC	0x984C27E7,sceDisplayWaitVblankStart
	STUB_END

	STUB_START	"IoFileMgrForUser",0x40010000,0x00050005
	STUB_FUNC	0x6A638D83,sceIoRead
	STUB_FUNC	0x42EC03AC,sceIoWrite
	STUB_FUNC	0x27EB27B8,sceIoLseek
	STUB_FUNC	0x810C4BC3,sceIoClose
	STUB_FUNC	0x109F50BC,sceIoOpen
	STUB_END

	STUB_START	"Kernel_Library",0x00010000,0x00020005
	STUB_FUNC	0x092968F4,sceKernelCpuSuspendIntr
	STUB_FUNC	0x5F10D406,sceKernelCpuResumeIntr
	STUB_END

	STUB_START	"ModuleMgrForUser",0x40010000,0x00010005
	STUB_FUNC	0xD675EBB8,sceKernelSelfStopUnloadModule
	STUB_END

	STUB_START	"StdioForUser",0x40010000,0x00030005
	STUB_FUNC	0x172D316E,sceKernelStdin
	STUB_FUNC	0xA6BAB2E9,sceKernelStdout
	STUB_FUNC	0xF78BA90A,sceKernelStderr
	STUB_END

	STUB_START	"SysMemUserForUser",0x40000000,0x00030005
	STUB_FUNC	0x237DBD4F,sceKernelAllocPartitionMemory
	STUB_FUNC	0xB6D61D02,sceKernelFreePartitionMemory
	STUB_FUNC	0x9D9A5BA1,sceKernelGetBlockHeadAddr
	STUB_END

	STUB_START	"ThreadManForUser",0x40010000,0x00090005
	STUB_FUNC	0x446D8DE6,sceKernelCreateThread
	STUB_FUNC	0xF475845D,sceKernelStartThread
	STUB_FUNC	0xAA73C935,sceKernelExitThread
	STUB_FUNC	0x9ACE131E,sceKernelSleepThread
	STUB_FUNC	0x55C20A00,sceKernelCreateEventFlag
	STUB_FUNC	0xEF9E4C70,sceKernelDeleteEventFlag
	STUB_FUNC	0x1FB15A32,sceKernelSetEventFlag
	STUB_FUNC	0x812346E4,sceKernelClearEventFlag
	STUB_FUNC	0x402FCF22,sceKernelWaitEventFlag
	STUB_END

	STUB_START	"UtilsForUser",0x40010000,0x00040005
	STUB_FUNC	0x91E4F6A7,sceKernelLibcClock
	STUB_FUNC	0x27CC57F0,sceKernelLibcTime
	STUB_FUNC	0x71EC4271,sceKernelLibcGettimeofday
	STUB_FUNC	0x79D1C3FA,sceKernelDcacheWritebackAll
	STUB_END

	STUB_START	"sceGe_user",0x40010000,0x000A0005
	STUB_FUNC	0xE47E40E4,sceGeEdramGetAddr
	STUB_FUNC	0xAB49E76A,sceGeListEnQueue
	STUB_FUNC	0x1C0D95A6,sceGeListEnQueueHead
	STUB_FUNC	0xE0D68148,sceGeListUpdateStallAddr
	STUB_FUNC	0x03444EB4,sceGeListSync
	STUB_FUNC	0xB287BD61,sceGeDrawSync
	STUB_FUNC	0xB448EC0D,sceGeBreak
	STUB_FUNC	0x4C06E472,sceGeContinue
	STUB_FUNC	0xA4FC06A4,sceGeSetCallback
	STUB_FUNC	0x05DB22CE,sceGeUnsetCallback
	STUB_END

[Warren]

Module names and corresponding PRXes I've mapped out so far based on Wipeout Pure ELF. More to come.

Code: Select all

Module Name             PRX File                PRX Location    Encrypted       Status
=========================================================================================
IoFileMgrForUser        iofilemgr.prx           firmware        ??              assumed
ModuleMgrForUser        modulemgr.prx           firmware        ??              assumed
StdioForUser            stdio.prx               firmware        ??              assumed
SysMemUserForUser       sysmem.prx              firmware        ??              assumed
ThreadManForUser        threadman.prx           firmware        ??              assumed
UtilsForUser            utils.prx               firmware        ??              assumed
sceCtrl                 ctrl.prx                firmware        ??              assumed
sceDisplay              display.prx             firmware        ??              assumed
sceGe_user              ge.prx                  firmware        ??              assumed
Kernel_Library          
LoadExecForUser         loadexec.prx            firmware                        assumed
sceSuspendForUser       
sceSasCore              sc_sascore.prx          umd             no              confirmed
sceAudio                audio.prx               firmware                        confirmed
sceNetAdhoc             pspnet_adhoc.prx        umd             no              confirmed
sceNetAdhocctl          pspnet_adhocctl.prx     umd             no              confirmed
sceNet                  pspnet.prx              umd             no              confirmed
sceWlanDrv              wlan.prx                firmware        ??              assumed
sceAtrac3plus           libatrac3plus.prx       umd             no              confirmed
sceUmdUser              umdman.prx              firmware        ??              not sure
sceUtility              utility.prx             firmware        ??              assumed
scePower                power.prx               firmware        ??              assumed
sceOpenPSID             openpsid.prx            firmware        ??              assumed
sceNetInet              pspnet_inet.prx         umd             no              confirmed
sceNetResolver          pspnet_resolver.prx     umd             no              confirmed
sceNetApctl             pspnet_apctl.prx        umd             no              confirmed
sceMpeg                 mpeg.prx                umd             no              confirmed
sceHttp                 libhttp_rfc.prx         umd             no              confirmed
sceParseHttp            libparse_http.prx       umd             no              confirmed
sceParseUri             libparse_uri.prx        umd             no              confirmed
sceSsl                  libssl.prx              umd             no              confirmed
sceRtc                  rtc.prx                 firmware        ??              assumed

[Vampire]

Code: Select all

ADLER32_Library             libadler.prx               umd             no
sceATRAC3plus_Library       libatrac3plus.prx          umd             no
SceBase64_Library           libbase64.prx              umd             no
SceFont_Library             libfont.prx                umd             no
FPU_Library                 libfpu.prx                 umd             no
SceHttp_Library             libhttp.prx                umd             no
SceHttp_Library             libhttp_rfc.prx            umd             no
MT19937_Library             libmt19937.prx             umd             no
netcnf                      libnetcnf.prx              umd             no
SceParseHTTPheader_Library  libparse_http.prx          umd             no
SceParseURI_Library         libparse_uri.prx           umd             no
SceQpCode_Library           libqpcode.prx              umd             no
sceSsl_Module               libssl.prx                 umd             no
sceMpeg_library             mpeg.prx                   umd             no
sceNet_Library              pspnet.prx                 umd             no
sceNetAdhoc_Library         pspnet_adhoc.prx           umd             no
sceNetAdhocDownload_Library pspnet_adhoc_download.prx  umd             no
sceNetAdhocMatching_Library pspnet_adhoc_matching.prx  umd             no
sceNetAdhocctl_Library      pspnet_adhocctl.prx        umd             no
sceNetApDialogDummy_Library pspnet_ap_dialog_dummy.prx umd             no
sceNetApctl_Library         pspnet_apctl.prx           umd             no
sceNetInet_Library          pspnet_inet.prx            umd             no
sceNetResolver_Library      pspnet_resolver.prx        umd             no
sceInitRegistry             rinit.prx                  umd             no
Pspnet_Scan                 scan.prx                   umd             no
Pspnet_Show_MacAddr         show_macaddr.prx           umd             no

sceAudiocodec_Driver        audiocodex.prx             umd             yes
sceCert_Loader              cert_loader.prx            umd             yes
sceNetIfhandle_Service      ifhandle.prx               umd             yes
sceMemab                    memab.prx                  umd             yes
sceMpegbase_Driver          mpegbase.prx               umd             yes
OpenPSID_Service            openpsid.prx               umd             yes
sceNetAdhocAuth_Service     pspnet_adhoc_auth.prx      umd             yes
sceSAScore                  sc_sascore.prx             umd             yes
USBBusDriver                usb.prx                    umd             yes
sceUSB_PSPComm_Driver       usbpspcm.prx               umd             yes
sceVideocodec_Driver        videocodec.prx             umd             yes

[djhuevo]

Code: Select all

0xd70d4847 sceHttpGetProxy
0x4cc7d78f sceHttpGetStatusCode
0xedeeb999 sceHttpReadData
0xa6800c34 sceHttpInitCache
0xab1abe07 sceHttpInit
0xbb70706f sceHttpSendRequest
0xa5512e01 sceHttpDeleteRequest
0x15540184 sceHttpDeleteHeader
0x5152773b sceHttpDeleteConnection
0x8acd1f73 sceHttpSetConnectTimeOut
0x9988172d sceHttpSetSendTimeOut
0xf0f46c62 sceHttpSetProxy
0x0dafa58f sceHttpEnableCookie
0x78a0d3ec sceHttpEnableKeepAlive
0x59e6d16f sceHttpEnableCache
0x0b12abfb sceHttpDisableCookie
0xc7ef2559 sceHttpDisableKeepAlive
0xccbd167a sceHttpDisableCache 

[djhuevo]

Code: Select all

0x71bc9871 sceKernelChangeThreadPriority
0x7e65b999 sceKernelCancelAlarm
0xaa73c935 sceKernelExitThread
0x809ce29b sceKernelExitDeleteThread
0x293b45b8 sceKernelGetThreadId
0x1fb15a32 sceKernelSetEventFlag
0x6652b8ca sceKernelSetAlarm
0x812346e4 sceKernelClearEventFlag
0x9fa03cd3 sceKernelDeleteThread
0x28b6489c sceKernelDeleteSema
0xef9e4c70 sceKernelDeleteEventFlag
0xd59ead2f sceKernelWakeupThread
0x9944f31f sceKernelSuspendThread
0x3ad58b8c sceKernelSuspendDispatchThread
0x9ace131e sceKernelSleepThread
0x75156e8f sceKernelResumeThread
0x27e22ec2 sceKernelResumeDispatchThread
0x616403ba sceKernelTerminateThread
0x383f7bcc sceKernelTerminateDeleteThread
0xf475845d sceKernelStartThread
0x3f53e640 sceKernelSignalSema

[djhuevo]

Time to get a place like a mysql database + simple php to submit these informations maybe ?

good idea pixel, I can do the mysql stuff, but need some hosting.
BTW if anybody has access to IDLE computer time can give me a hand bruteforcing names yourself.. the program for the dictionary attack is here
http://www.ps2reality.net/forum/viewtop ... 061#321061

I think we must have to use oficial function names always as is a third party one and not ours.

[minddog]

Well heres an attempt at a very basic manager....

http://plutonicnetworks.net/psp/symlib/index.php

I'll actually make it searchable, dynamically generated docbook, html, wiki-style, whatever, if everyone wants to use it. I'll rip off that PN stuff as soon as I come up with a psp dev site. Anyways, any takers?

[Pikoro]

Just dump it all into the wiki:

http://wiki.psphacks.net

That's what it's there for... the dev forums.

[mrbrown]

Stickied.

[Guest]

good idea pixel, I can do the mysql stuff, but need some hosting.

Ask Neovanglist. He is happy to host ps2dev related stuff :)

[djhuevo]

neofar is currently working in the web proyect, will be posted soon at http://pspdev.ofcode.com

[sq377]

BTW if anybody has access to IDLE computer time can give me a hand bruteforcing names yourself.. the program for the dictionary attack is here
http://www.ps2reality.net/forum/viewtop ... 061#321061

give me exact instructions, and i have a good amount of time my computer can run this stuff. I cant' help much with coding, so maybe this.

[djhuevo]

give me exact instructions, and i have a good amount of time my computer can run this stuff. I cant' help much with coding, so maybe this.

thank :) but we now have much more machine process (program optimized) and a distributed aplication, really is fast enough.

[ector]

** found: sceKernelRotateThreadReadyQueue 0x912354a7 **
** found: sceKernelWaitSema 0x4e3a1105 **
** found: sceKernelPollSema 0x58b1f937 **
** found: sceKernelReferSemaStatus 0xbc6febc5 **
** found: sceKernelReferThreadStatus 0x17c1684e **

There could be false positives from this bruteforcing method but these look legit. djhuevo, I have doubts about your "sceKernelInsertCacheDispatchingNext" though :P

BTW, it appears that sceKernelCreateThread takes (char *threadname, void *entrypoint); where entrypoint is where to begin executing. Don't know why threads need a name. The function returns some kind of thread ID.

sceKernelStartThread takes two parameters: (int threadID, int unknown).

[mrbrown]

All of the thread manager creation routines take a name now:
sceKernelCreateThread
sceKernelCreateSema
sceKernelCreateEventFlag
sceKernelCreateVpl
sceKernelCreateCallback
etc.

You new guys should hone up on the kernels for the PS2's EE and (especially) IOP. There's a lot of the same concepts that will make figuring things out easier.

[TyRaNiD]

sceKernelCreateThread definetly takes more than two parameters. Based on what I have seen the prototype is close to

sceKernelCreateThread(const char *name, void *func, int initpriority, int stacksize, int extra1, int extra2). Extra 1 and 2 seem to almost always be zero it seems. Also bear in mind like the ps2 the psp seems to have co-operative threading which means you either need to call sceKernelRotateThreadReadyQueue to switch to the next thread or sleep etc. And priorities are lowest is highest ;)

Oh and sceKernelStartThread takes three parameters, though seems the second and third are always zero in anything I have seen :)

Have fun.[/code]

[Herben]

wonder if "extra1" is "stack" and extra2 is "gp"? perhaps it defaults to a kernel-specified stack area if you specify a NULL pointer for stack.

[TyRaNiD]

Not sure, seems that extra1 is some attribute thing, as for extra2 I haven't been able to change that without the psp dying :)

Anyway some more stuff to add to the mix. Where no sce prefix is present I do not know the name :)

Code: Select all

	STUB_START	"LoadExecForUser",0x40010000,0x20005
	STUB_FUNC	0x5572A5F,sceKernelExitGame
	STUB_FUNC	0x4AC57943,sceKernelRegisterExitCallback
	STUB_END

	STUB_START	"scePower",0x40010000,0x10005
	STUB_FUNC	0x4B7766E,scePowerRegisterCallback
	STUB_END

// ThreadManForUser
	STUB_FUNC	0x82826F70,KernelPollCallbacks
	STUB_FUNC	0xE81CAF8F,sceKernelCreateCallback

void sceKernelExitGame(void);
void sceKernelRegisterExitCallback(int cbid);
void scePowerRegisterCallback(int zero, int cbid);
void KernelPollCallbacks(void);
int   sceKernelCreateCallbacks(const char *name, void *func);

Of course there is a reason for me posting these imports ;)

[skippy911]

some info from boot.bin of ridge racers. If there was a function call on the same line I included it here:

mscmhc0: ms0: ULJS00001 %03d DATA.BIN sceUtilitySavedataInitStart failed %d
sceUtilitySavedataUpdate failed - %d
SCE_UTILITY_COMMON_STATUS_NONE
SCE_UTILITY_COMMON_STATUS_FINISHED
sceUtilitySavedataShutdownStart failed - %d
SCE_UTILITY_COMMON_STATUS_SHUTDOWN

disc0:/PSP_GAME/USRDIR/Data/%s ERROR : sceIoOpen(%x)
ERROR : Cannot open write file ERROR : sceIoOpenAsync(%x)
ERROR : Cannot open file for writing ERROR : sceIoSetAsyncCallback(%x)

ERROR : Invalid mode Cannot write!! ERROR : sceKernelCreateCallback(%x)

sceAtracSetData

[Vampire]

sceAtracSetData
sceIoAssign
sceIoOpen
sceIoOpenAsync
sceIoSetAsyncCallback
sceKerelLoadMoule
sceKernelCreateCallback
sceKernelStartModule
sceUtilitySavedataInitStart
sceUtilitySavedataShutdownStart
sceUtilitySavedataUpdate

sceNetAdhocInit
sceNetAdhocTerm
sceNetAdhocctlConnect
sceNetAdhocctlDelHandler
sceNetAdhocctlDisconnect
sceNetAdhocctlInit
sceNetAdhocctlTerm
sceNetInit
sceNetSdhocctlAddHandler
sceNetTerm

[Vampire]

Ridge Racers:

Code: Select all

//sceAtrac3plus
0x0E2A73AB,sceAtracSetData

//IoFileMgrForUser
0xB2A628C1,sceIoAssign
0x109F50BC,sceIoOpen
0x89AA9906,sceIoOpenAsync
0xA12A0514,sceIoSetAsyncCallback

//ModuleMgrForUser
0x977DE386,sceKernelLoadMoule

//ThreadManForUser
0xE81CAF8F,sceKernelCreateCallback

//ModuleMgrForUser
0x50F0C1EC,sceKernelStartModule

//sceUtility
0x50C4CD57,sceUtilitySavedataInitStart
0x9790B33C,sceUtilitySavedataShutdownStart
0xD4B95FFB,sceUtilitySavedataUpdate

[Vampire]

Wipeout Pure:

Code: Select all

//sceNetAdhoc
0xE1D621D7,sceNetAdhocInit
0xA62C6F57,sceNetAdhocTerm
0x0AD043ED,sceNetAdhocctlConnect

//sceNetAdhocctl
0x6402490B,sceNetAdhocctlDelHandler
0x34401D65,sceNetAdhocctlDisconnect
0xE26F226E,sceNetAdhocctlInit
0x9D689E13,sceNetAdhocctlTerm

//sceNet
0x39AF39A6,sceNetInit

//sceNetAdhocctl
0x20B317A0,sceNetAdhocctlAddHandler

//sceNet
0x281928A9,sceNetTerm

[Vampire]

Code: Select all

int sceKernelCpuSuspendIntr(void);
int sceKernelCpuResumeIntr(int oldstat);
int sceKernelGetThreadId(void);
int sceKernelCreateSema(const char *s, int flg, int val, int max, const void *p);
int sceKernelDeleteSema(int id);
int sceKernelWaitSema(int id, int count, void *p);
int sceKernelPollSema(int id, int count);
int sceKernelSignalSema(int id, int count);

Code: Select all

//Kernel_Library
0x092968F4,sceKernelCpuSuspendIntr
0x5F10D406,sceKernelCpuResumeIntr

//ThreadManForUser
0x293B45B8,sceKernelGetThreadId
0xD6DA4BA1,sceKernelCreateSema
0x28B6489C,sceKernelDeleteSema
0x4E3A1105,sceKernelWaitSema
0x58B1F937,sceKernelPollSema
0x3F53E640,sceKernelSignalSema

[steddy]

Sorry for the dumb question, but what is the SHA-1 hash you are referring too actually used for in the context of function names and why are the numbers below only 32bits?

A standard SHA-1 hash function produces a 160 bit hash which is 20 bytes. All the values below are 32bits. Are you actually referring to CRC's or do you actually mean SHA-1?

Cheers
Steddy

[Herben]

A hash key is produced by doing SHA1 on the function name and keeping the lowest 32 bits. It's used for dynamic linking of libaries.

[steddy]

How Bizarre. I would imagine only 32 bits of the hash doesn't guarantee uniqueness anyway and its easily reversible.

Could have used a much simpler hashing algorithm than SHA1. This suggests its the only algorithm available to the PSP and also means it will be used in creation of the digital signature in encrypted executables (ie Sony Hash the binary data with SHA1 then encrypt it with the Private key, the PSP contains the Public key in the certs directory in ROM).

Thanks for the explanation.

Steddy

[Vampire]

How Bizarre. I would imagine only 32 bits of the hash doesn't guarantee uniqueness anyway and its easily reversible.

Could have used a much simpler hashing algorithm than SHA1. This suggests its the only algorithm available to the PSP and also means it will be used in creation of the digital signature in encrypted executables (ie Sony Hash the binary data with SHA1 then encrypt it with the Private key, the PSP contains the Public key in the certs directory in ROM).

Thanks for the explanation.

Steddy

it's just a simple 32bit ID used for dynamic linking ... no algorithms are needed for that on the PSP ;-)

[jimbo]

Here's a simple searchable, sortable front end to a SQL db of module and function names:

http://www.jimbomania.com/psp/psp_module_list.php

All the info contained therein came directly from this thread.

[florinsasu]

sceNetAdhocAuth_lib (prefix: sceNetAdhocAuth)
86004235 sceNetAdhocAuthInit

sceOpenPSID
C69BEBCE sceOpenPSIDGetOpenPSID

sceAudiocodec
9D3F790C
5B37EB1D sceAudiocodecInit
70A703F8 sceAudiocodecDecode
8ACA11D5 sceAudiocodecGetInfo
6CD2A861
59176A0F
3A20A200
29681260

sceVideocodec
2D31F5B1
4F160BF4
C01EC829 sceVideocodecOpen
17099F0A sceVideocodecInit
DBA273FA sceVideocodecDecode
A2F0564E sceVideocodecStop
307E6E1C sceVideocodecDelete
745A7B7A
2F385E7F
26927D19