Some calls dont get hooked (in vsh mode) (solved)

[kralyk]

Hi, Im having hard time hooking some of the calls vsh modules import.

I wanted to do a simple test: with my vsh plugin print on the display the name of file that photo, music, video, etc.. players currently open,
so I looked up the imports of those modules here: http://silverspring.lan.st/5.00/index.html

So for example lets take module msvideo_main_plugin, imports are here: http://silverspring.lan.st/5.00/vsh/mod ... ginimp.xml
It clearly imports sceIoOpen() from IoFileMgrForUser, but when I hook that func, it never gets called.
(Im sure msvideo_main_plugin gets loaded when you enter video in XMB, I checked that)

My hooking generally works, I can hook the controller func for example without any problems... only those functons like IoFileMgr etc. are still a problem...

What am I missing?

Thanks for any help...

[kralyk]

The problem seems to be that the address of the call is not found in syscall table.
I use this code:

Code: Select all

void* pspGetSysCallAddr(u32 addr)
{
  SyscallHeader *head;
  u32 *syscalls;
  void **ptr;
  int size;
  int i;

  if (!addr) return NULL;

  asm(
    "cfc0 %0, $12\n"
    : "=r"(ptr)
  );

  if(!ptr)
  {
    return NULL;
  }

  head = (struct SyscallHeader *) *ptr;
  syscalls = (u32*)(*ptr + 0x10);
  size = (head->size - 0x10);

  for&#40;i = 0; i < size; i++&#41;
  &#123;
    if&#40;syscalls&#91;i&#93; == addr&#41;
    &#123;
      return &syscalls&#91;i&#93;;
    &#125;
  &#125;

  return NULL;
&#125;

the address of sceIoOpen is found as 0x880544d0 for me,
but pspGetSysCallAddr return 0 for this... =(

[Torch]

Those syscalls are already hooked by M33/other CFW in the VSH for creating the virtual PBPs for showing ISOs in the game menu. You can't hook them again without some extra work, since their entries in the syscall table will be replaced with the export from vshctrl.prx.

You can check the vshctrl.prx exports and identify which one is the hooked sceIoOpen etc and search for THAT address in syscall table and hook it. You must then call THAT function from your hook function instead of sceIoOpen etc so that you don't break the M33 hook.

The best thing in the long run is to have a managed chain of hooks. M33/CFW should export a chain type PatchSyscall function similar to sctrlHENSetStartModuleHandler where each hook must call the previous hook. All plugin developers should then use this new function to allow multiple hooks of the same syscall.

[kralyk]

Thanks for all the information..

So when I cant find a syscall in syscall table it means its already hooked?
Because apart from IoFileMgr I also tried to hook some of the sceMpegVsh calls, but they could not have been found in syscalltable either...
Does CFW hook those as well? That'd be strange...

[Torch]

Thanks for all the information..

So when I cant find a syscall in syscall table it means its already hooked?
Because apart from IoFileMgr I also tried to hook some of the sceMpegVsh calls, but they could not have been found in syscalltable either...
Does CFW hook those as well? That'd be strange...

Yes if a function is a syscall and its address is not found in the table then it has been hooked (or module not loaded fully yet).

The sceMpeg* stuff are not syscalls. They are pure user function calls. To hook those look at Coldbird's user to kernel hook sample.

[kralyk]

Yes I read that tutorial by Coldbird, but Im afraid my func is ufortunatelly one of the unhookable ones, Ill try to figure out why...
Anyway, thanks for help...

EDIT: alright, I resolved the problem, the functions I need now get hooked ok.
Here's the link to Coldbird's sample in case someone came across this problem:
http://forums.ps2dev.org/viewtopic.php?t=11894