how to let psp reboot ?
If you want a full power off reboot, then you can always trigger something like an uncaught null pointer exception - this will force the PSP to power off after a certain delay. It won't power back on without manual intervention though. That's about the most major reboot I can think of.
For softer reboot, wouldn't sceKernelExitGame() be sufficient?
For softer reboot, wouldn't sceKernelExitGame() be sufficient?
Got a v2.0-v2.80 firmware PSP? Download the eLoader here to run homebrew on it!
The PSP Homebrew Database needs you!
The PSP Homebrew Database needs you!
Fanjita wrote:If you want a full power off reboot, then you can always trigger something like an uncaught null pointer exception - this will force the PSP to power off after a certain delay. It won't power back on without manual intervention though. That's about the most major reboot I can think of.
For softer reboot, wouldn't sceKernelExitGame() be sufficient?
thank youGhozt wrote:If you just want to reboot your own application you can just use sceKernelLoadExec(). But you probably ment reboot the whole system.
but i want "cool boot"
like reboot after "Restore Default Setting" or "Update FW"
PSP hardware hack
http://0okm.blogspot.com/
http://0okm.blogspot.com/
it is not possible for a "cool boot" as of yet
maybe you only want vsh to reboot ....then
take a look at psplinks dir called scripts ...there
is a script called loadvsh.sh ...if you open with
text editor its pretty simple what it does ....maybe
you could use to load those modules after youve
done your "update FW" or restore default settings
maybe you only want vsh to reboot ....then
take a look at psplinks dir called scripts ...there
is a script called loadvsh.sh ...if you open with
text editor its pretty simple what it does ....maybe
you could use to load those modules after youve
done your "update FW" or restore default settings
10011011 00101010 11010111 10001001 10111010
That's a cool reboot, except that it's not a reboot :D, and the kernel has not been restarteddot_blank wrote:it is not possible for a "cool boot" as of yet
maybe you only want vsh to reboot ....then
take a look at psplinks dir called scripts ...there
is a script called loadvsh.sh ...if you open with
text editor its pretty simple what it does ....maybe
you could use to load those modules after youve
done your "update FW" or restore default settings
The vsh uses the function vshKernelExitVSHVSH (which simply calls to the kernel function sceKernelExitVSHVSH)
Calling sceKernelExitVSHVSH(0) inside a game has the same effect that calling sceKernelExitGame.
Anyways, i think i have exactly what 0okm needs:
Code: Select all
#define PATH "flash0:/vsh/module/vshmain.prx"
struct SceKernelLoadExecParam param;
memset(¶m, 0, sizeof(param));
param.size = sizeof(param);
param.argp = PATH;
param.args = strlen(PATH) + 1;
param.key = "vsh";
sceKernelLoadExec(PATH, ¶m);
Thank you ^o^moonlight wrote:...
Anyways, i think i have exactly what 0okm needs:
Code: Select all
#define PATH "flash0:/vsh/module/vshmain.prx" struct SceKernelLoadExecParam param; memset(¶m, 0, sizeof(param)); param.size = sizeof(param); param.argp = PATH; param.args = strlen(PATH) + 1; param.key = "vsh"; sceKernelLoadExec(PATH, ¶m);
PSP hardware hack
http://0okm.blogspot.com/
http://0okm.blogspot.com/
could anyone explain how this is different from simply exiting an app (which has previously started with loadexec as usual) because i cant see any difference. (this will manually load the vsh, which is exactly what happens when you exit an app :=))
however, since after a firmware update there might be a new ipl which in turn is needed to decode the rest, the update must pretty much initiate a "cold" reboot.... would be quite interisting to know how that is done.
however, since after a firmware update there might be a new ipl which in turn is needed to decode the rest, the update must pretty much initiate a "cold" reboot.... would be quite interisting to know how that is done.
That's the cause because i couldn't sleep yesterday :)groepaz wrote: however, since after a firmware update there might be a new ipl which in turn is needed to decode the rest, the update must pretty much initiate a "cold" reboot.... would be quite interisting to know how that is done.
I was thinking that if the update makes a soft reset, then we could be able to survive that using the now famous technique of surviving loadexec, and we could execute kernel code in the new firmware until the psp is shut down. :D
But then i realized that there is a new ipl and in some cases, with new keys. Is it really a hardware reboot what the update does or it is something different?
I'll take a look on that, not sure if i will be able to find something.
It's more or less the same. Except that this make appear the $CE logo, so it is more "cool" :)groepaz wrote: could anyone explain how this is different from simply exiting an app (which has previously started with loadexec as usual) because i cant see any difference. (this will manually load the vsh, which is exactly what happens when you exit an app :=))
moonlight wrote:...Code: Select all
#define PATH "flash0:/vsh/module/vshmain.prx" struct SceKernelLoadExecParam param; memset(¶m, 0, sizeof(param)); param.size = sizeof(param); param.argp = PATH; param.args = strlen(PATH) + 1; param.key = "vsh"; sceKernelLoadExec(PATH, ¶m);
Well, if someone is interested in rebooting the vsh with sceKernelLoadExec without showing the $CE logo, this is the way:
Code: Select all
#define PATH "flash0:/vsh/module/vshmain.prx"
u8 vshmain_args[0x0400] =
{
0x00, 0x04, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
struct SceKernelLoadExecParam param;
memset(¶m, 0, sizeof(param));
param.size = sizeof(param);
param.args = 0x0400;
param.argp = vshmain_args;
param.key = "vsh";
sceKernelLoadExec(PATH, ¶m);
No, i don't know what that argument for vshmain exactly means, but i have seen them passed to the module.
Also i have found out that the extra parameters of the SceKernelLoadExecVSH structure are related with this:
Code: Select all
/** Structure for LoadExecVSH* functions */
struct SceKernelLoadExecVSHParam
{
/** Size of the structure in bytes */
SceSize size;
/** Size of the arguments string */
SceSize args;
/** Pointer to the arguments strings */
void * argp;
/** The key, usually "game", "updater" or "vsh" */
const char * key;
/** The size of the vshmain arguments */
u32 vshmain_args_size;
/** vshmain arguments that will be passed to vshmain after the program has exited */
void *vshmain_args;
/** unknown, set it to 0 */
u32 unk3;
/** unknown, set it to 0 */
u32 unk4;
/** unknown, set it to 0 */
u32 unk5;
};
Code: Select all
#define PATH "ms0:/PSP/GAME/MYAPP/EBOOT.PBP"
struct SceKernelLoadExecVSHParam params;
memset(¶m, 0, sizeof(param));
param.size = sizeof(param);
param.args = strlen(PATH)+1;
param.argp = PATH;
param.key = "game";
sceKernelLoadExecVSHMs2(PATH, ¶m);
Code: Select all
#define PATH "ms0:/PSP/GAME/MYAPP/EBOOT.PBP"
struct SceKernelLoadExecVSHParam params;
memset(¶m, 0, sizeof(param));
param.size = sizeof(param);
param.args = strlen(PATH)+1;
param.argp = PATH;
param.key = "game";
param.vshmain_args_size = 0x0400;
param.vshmain_args = vshmain_args;
sceKernelLoadExecVSHMs2(PATH, ¶m);
I have found the way to make a true hardware reset... in the faked 2.50.
Function scePower_0442D852 (user) or scePower_driver_ 0442D852(kernel) (available from 2.00 and greater)
the usage is more than simple:
scePower_0442D852 (0); -> and voila, a real reboot, where resident programs like that firmware emulator can't survive.
I discovered an import to this function in the 2.60 updater, in its file coldreset_update.prx (with vsh flags, 0x0800).
But then this arises some questions:
- If the function only exists in 2.00 and greater... how the hell is called when updating from 1.00/1.50 to 2.60? (that if it's called..., but if it isn't called how are then 1.00/1.50 hardware-rebooted?
- How the 2.00 updater reboots the psp? (this one doesn't have that coldreset prx, and the only imports from scePower that i have seen in their modules are those to check battery.
The mistery on the updaters continue :)
Function scePower_0442D852 (user) or scePower_driver_ 0442D852(kernel) (available from 2.00 and greater)
the usage is more than simple:
scePower_0442D852 (0); -> and voila, a real reboot, where resident programs like that firmware emulator can't survive.
I discovered an import to this function in the 2.60 updater, in its file coldreset_update.prx (with vsh flags, 0x0800).
But then this arises some questions:
- If the function only exists in 2.00 and greater... how the hell is called when updating from 1.00/1.50 to 2.60? (that if it's called..., but if it isn't called how are then 1.00/1.50 hardware-rebooted?
- How the 2.00 updater reboots the psp? (this one doesn't have that coldreset prx, and the only imports from scePower that i have seen in their modules are those to check battery.
The mistery on the updaters continue :)
Well I did a quick bit of digging based on the info you provided, I dont know how the updater does it but it is really simple to reset and even power off the PSP, how I didn't see this before I will never know ;)
Basically here are two useful functions.
void sceSysconPowerStandby(void) - Call this and the PSP shuts down
void sceSysconResetDevice(int unk1, int unk2) - Call this with parameters of 1 and 1 and the system resets.
There we go, finally a power off function for psplink ;) Of course worth bearing in mind that the power driver does go through some hoops before actually calling these functions so it is possible that doing so directly could cause unpleasentness such as MS corruption, time issues and all manner of other stuff so use with caution.
N.B. it looks like power.prx in 1.5 never calls reset device therefore it is possible that something in the updater calls it directly, not really sure on that, and in some ways not sure I am that bothered. Also reset device is also called with 1, 2 as the parameters, when passing 2 it plays with the MS power control as well so...
N.B2 for a cleaner (and probably safer) standby there is the user/kernel mode call scePowerRequestStandby() or the corresponding scePowerRequestSuspend() for suspending the PSP. The only places in the entire kernel which call ResetDevice is UMD and WLAN drivers, whether that just resets a particular device or whether there are calls inside those drivers which reset the PSP I cannot be certain without more digging, which I dont feel like doing :)
N.B3 okay so curiosity got the better of me, I looked at UMD Manager and that calls ResetDevice with 2, 1 as parameters so I would guess the first parameter is the device to reset and the second param is reset type possibly, no doubt the WLAN driver also resets its own device using a different first parameter.
Basically here are two useful functions.
void sceSysconPowerStandby(void) - Call this and the PSP shuts down
void sceSysconResetDevice(int unk1, int unk2) - Call this with parameters of 1 and 1 and the system resets.
There we go, finally a power off function for psplink ;) Of course worth bearing in mind that the power driver does go through some hoops before actually calling these functions so it is possible that doing so directly could cause unpleasentness such as MS corruption, time issues and all manner of other stuff so use with caution.
N.B. it looks like power.prx in 1.5 never calls reset device therefore it is possible that something in the updater calls it directly, not really sure on that, and in some ways not sure I am that bothered. Also reset device is also called with 1, 2 as the parameters, when passing 2 it plays with the MS power control as well so...
N.B2 for a cleaner (and probably safer) standby there is the user/kernel mode call scePowerRequestStandby() or the corresponding scePowerRequestSuspend() for suspending the PSP. The only places in the entire kernel which call ResetDevice is UMD and WLAN drivers, whether that just resets a particular device or whether there are calls inside those drivers which reset the PSP I cannot be certain without more digging, which I dont feel like doing :)
N.B3 okay so curiosity got the better of me, I looked at UMD Manager and that calls ResetDevice with 2, 1 as parameters so I would guess the first parameter is the device to reset and the second param is reset type possibly, no doubt the WLAN driver also resets its own device using a different first parameter.
Good find Tyranid.
I now see that the leptonupdater for 150 from the 2.00 updater imports the sceSysconResetDevice.
Btw this requires kernel mode, as opposite to that power function.
What i don't know is why the 2.60 updater has two different ways of reseting the psp, when one of them should work in all versions. Well, it doesn't matter anyways :)
I now see that the leptonupdater for 150 from the 2.00 updater imports the sceSysconResetDevice.
Btw this requires kernel mode, as opposite to that power function.
What i don't know is why the 2.60 updater has two different ways of reseting the psp, when one of them should work in all versions. Well, it doesn't matter anyways :)
A bit offtopic
These guys of Sony are so retard...
texure_loader -> testmode
texseq_counter -> ipl_update
setdisplaybuffer -> secure_rtcreset
checkswtimer -> leptonupdate150
convert_tex -> leptonupdate103
update_driver -> umdex_driver
network_update -> coldreset_update
They think that faking module names in the last updaters can avoid people from looking at them. A bit pathetic... :)
These guys of Sony are so retard...
texure_loader -> testmode
texseq_counter -> ipl_update
setdisplaybuffer -> secure_rtcreset
checkswtimer -> leptonupdate150
convert_tex -> leptonupdate103
update_driver -> umdex_driver
network_update -> coldreset_update
They think that faking module names in the last updaters can avoid people from looking at them. A bit pathetic... :)
may be one of the reason is , THEY ARE JAPANESE~~
Poor English at all.......haha~
Poor English at all.......haha~
moonlight wrote:A bit offtopic
These guys of Sony are so retard...
texure_loader -> testmode
texseq_counter -> ipl_update
setdisplaybuffer -> secure_rtcreset
checkswtimer -> leptonupdate150
convert_tex -> leptonupdate103
update_driver -> umdex_driver
network_update -> coldreset_update
They think that faking module names in the last updaters can avoid people from looking at them. A bit pathetic... :)
Not that it holds much interest now but:
Code: Select all
/** Structure for LoadExecVSH* functions */
struct SceKernelLoadExecVSHParam {
/** Size of the structure in bytes */
SceSize size;
/** Size of the arguments string */
SceSize args;
/** Pointer to the arguments strings */
void * argp;
/** The key, usually "game", "updater" or "vsh" */
const char * key;
/** The size of the vshmain arguments */
u32 vshmain_args_size;
/** vshmain arguments that will be passed to vshmain after the program has exited */
void *vshmain_args;
/* "/kd/pspbtcnf_game.txt" or "/kd/pspbtcnf.txt" if not supplied (max. 256 chars)
used by:
sceKernelLoadExecVSHDisc()
sceKernelLoadExecBufferVSHUsbWlan()
sceKernelLoadExecBufferVSHUsbWlanDebug()
sceKernelLoadExecVSHDisc()
sceKernelLoadExecVSHDiscUpdater()
sceKernelLoadExecVSHDiscDebug()
LoadExecForKernel_31DF42BF()
LoadExecForKernel_28D0D249()
LoadExecForKernel_70901231()
*/
u32 unk3;
/* An unknown string (max. 256 chars) probably used in 2nd stage of loadexec */
u32 unk4;
/* unknown flag default value = 0x10000 */
u32 unk5;
};
Btw, hitchhikr, the nids of 3 functions you have put are already known.
LoadExecForKernel_31DF42BF -> sceKernelLoadExecVshMs1
LoadExecForKernel_28D0D249 -> sceKernelLoadExecVshMs2
LoadExecForKernel_70901231 -> sceKernelLoadExecVshMs3
hitchhikr, are you able to return to the vsh in 2.60 after the kernel hack? I've tried sceKernelExitGame and other functions in 1.50 with dh, but no luck, it makes the psp crash.
LoadExecForKernel_31DF42BF -> sceKernelLoadExecVshMs1
LoadExecForKernel_28D0D249 -> sceKernelLoadExecVshMs2
LoadExecForKernel_70901231 -> sceKernelLoadExecVshMs3
hitchhikr, are you able to return to the vsh in 2.60 after the kernel hack? I've tried sceKernelExitGame and other functions in 1.50 with dh, but no luck, it makes the psp crash.
That function only exists in 2.XX and it's not included in the pspsdk yet.jas0nuk wrote:How could I use this?moonlight wrote:the usage is more than simple:
scePower_0442D852 (0);
On compiling, I always get aI have already included psppower.hwarning: implicit declaration of function 'scePower_0442D852'
To use it under 2.XX with the kernel exploit, you'll have to find the address of the function, for example using the FindProc function of PspPet's PSAR Dumper. (btw, after the kernel exploit, it seems that this function is broken, at least in the fake 2.50)
I'm trying to use it through DevHook's "VSH Extender" module in 2.50 which has kernel access anyway, as it is loaded with the VSH in the pspbtcnf files.
The 'sceSysconResetDevice' function works but gives a disc read error, as apparently the UMD hardware is not rebooted, so it gets out of sync.
BTW, I'm quite a noob when it comes to this sort of thing... how would I pass the correct parameters to find the address of 'scePower_0442D852'?
Is it as simple as
How would I use the result to actually run the function?
The 'sceSysconResetDevice' function works but gives a disc read error, as apparently the UMD hardware is not rebooted, so it gets out of sync.
BTW, I'm quite a noob when it comes to this sort of thing... how would I pass the correct parameters to find the address of 'scePower_0442D852'?
Is it as simple as
Code: Select all
FindProc(NULL,NULL,0442D852);