Is there a list of 2.60 syscalls available?
Thanks in advance, although I doubt that this firmware is well-documented...
2.60 syscalls
That code causes a crash. It could be that scePower_service/scePower_driver no longer applies, or the function has been entirely removed, as you said.
I will try to use asm("syscall 0x2198"); instead as this is the same function.
(btw, for anyone who doesn't know what I'm on about, I'm talking about using scePower_0442D852)
I will try to use asm("syscall 0x2198"); instead as this is the same function.
(btw, for anyone who doesn't know what I'm on about, I'm talking about using scePower_0442D852)
You can't use fixed syscall IDs on 2.5 or 2.6.
See the older thread about coding for the GTA exploit, but basically there's a random offset applied to the syscall ID (not entirely sure when it changes, probably at each reboot).
You need to find some way of calibrating the syscall IDs. The typical way is to find the link table in some preloaded module elsewhere in RAM, and to determine the ID of a known NID from there.
BTW there's a simple syscall list in that thread, with all the syscalls that are used by GTA.
See the older thread about coding for the GTA exploit, but basically there's a random offset applied to the syscall ID (not entirely sure when it changes, probably at each reboot).
You need to find some way of calibrating the syscall IDs. The typical way is to find the link table in some preloaded module elsewhere in RAM, and to determine the ID of a known NID from there.
BTW there's a simple syscall list in that thread, with all the syscalls that are used by GTA.
Got a v2.0-v2.80 firmware PSP? Download the eLoader here to run homebrew on it!
The PSP Homebrew Database needs you!
The PSP Homebrew Database needs you!
Thanks for the list. BTW, this code is to be used within a PRX which is loaded by DevHook on top of the 2.60/2.71 VSH, so we're in kernel mode and not restrained by the GTA eLoader environment :)
After looking at the list I realised that the syscall for the scePower_0442D852 function is 0x2197 and not 0x2198.. I must have been looking at the wrong row :/
Anyway, I changed my code toyet it still crashes.
However, scePower_0442D852 needs to be called as "scePower_0442D852(0);" but I'm not sure how to do this using inline asm.
Hope someone can help me with this :s
After looking at the list I realised that the syscall for the scePower_0442D852 function is 0x2197 and not 0x2198.. I must have been looking at the wrong row :/
Anyway, I changed my code to
Code: Select all
__asm__ volatile("syscall 0x2197");However, scePower_0442D852 needs to be called as "scePower_0442D852(0);" but I'm not sure how to do this using inline asm.
Hope someone can help me with this :s
If you're in kernel mode then you can use a kernel mode function (sorry, I forget the name, I've never used it personally) to retrieve the syscall ID for a given NID.
On 2.5+, the syscalls are not constant - so as I said before, you can't rely on using a fixed syscall number every time.
On 2.5+, the syscalls are not constant - so as I said before, you can't rely on using a fixed syscall number every time.
Got a v2.0-v2.80 firmware PSP? Download the eLoader here to run homebrew on it!
The PSP Homebrew Database needs you!
The PSP Homebrew Database needs you!
Hmm, that's unfortunate, I was hoping to look into using that function at some point in the near future.PspPet wrote:sceKernelQuerySystemCall and related sceKernelRegisterSystemCallTable
IIRC 'sceKernelQuerySystemCall' takes a pointer to the real function in (kernel) memory
Anyway not very useful in most cases for the reasons stated.
Still, I guess it's possible to RE the table in kmem and retrieve the syscall from there. Or perhaps to use QueryModuleInfo to look through the export info of the module concerned.
Got a v2.0-v2.80 firmware PSP? Download the eLoader here to run homebrew on it!
The PSP Homebrew Database needs you!
The PSP Homebrew Database needs you!