Some new nids (sceNand, ModuleMgrForKernel, ...)

moonlight · Post by **moonlight** » Tue Sep 19, 2006 7:58 am

Today i felt like wanting to hunt nids :P

sceNand (all firmwares):
C478C1DE - sceNandReadPagesRawAll
E05AE88D - sceNandReadPagesRawExtra
BADD5d46 - sceNandWritePagesRawAll
8932166A - sceNandWritePagesRawExtra

ModuleMgrForKernel(2.00+):
0x3E4FEDDC - sceKernelLoadModuleToBlock
0x61EC6AB0 - sceKernelModuleMgrMode
0xF80F3C96 - sceKernelLoadModuleBufferBootInitConfig

LoadCoreForKernel(2.00+):
0x3BB7AC18 - sceKernelLoadCoreMode

IoFileMgrForKernel(2.80+):
0x5216CE3F - sceIoTerminateFd (this one requires confirmation)

sceIoFilemgrDNAS_driver (2.7X only, since in 2.80 the module has changed and doesn't export anything):
0x0144AFDA - sceIoLseekDNAS
0x4B4AAA29 - sceIoEndDNAS
0x79A425A4 - sceIoInitDNAS
0x8E56CAA1 - sceIoReadDNAS
0x9F645A9C - sceIoCloseDNAS

These ones seem to be used to open files protected with some kind of drm. sceIoFilemgrDNAS_driver_AA46A25E would be like "sceIoOpenDNAS", although that's not the name.

adrahil · Post by **adrahil** » Tue Sep 19, 2006 9:48 am

Niice :)
About nids, tell me , do you know why in the sc_sascore.prx which is in flash0 there are none of the functions which are in the sc_sascore.prx which is in the umds. Hereafter is the list of function names of the umd sascore:

Code: Select all

sceSasCore
sceSasExit
sceSasGetEndFlag
sceSasGetEnvelopeHeight
sceSasInit
sceSasRevEVOL
sceSasRevParam
sceSasRevType
sceSasRevVON
sceSasSetADSR
sceSasSetADSRmode
sceSasSetEffect
sceSasSetEffectType
sceSasSetEffectVolume
sceSasSetKeyOff
sceSasSetKeyOn
sceSasSetNoise
sceSasSetPitch
sceSasSetSimpleADSR
sceSasSetSL
sceSasSetVoice
sceSasSetVolume

0okm0000 · Post by **0okm0000** » Wed Sep 20, 2006 12:23 am

moonlight wrote:Today i felt like wanting to hunt nids :P

sceNand (all firmwares):
C478C1DE - sceNandReadPagesRawAll
E05AE88D - sceNandReadPagesRawExtra
BADD5d46 - sceNandWritePagesRawAll
8932166A - sceNandWritePagesRawExtra

ModuleMgrForKernel(2.00+):
0x3E4FEDDC - sceKernelLoadModuleToBlock
0x61EC6AB0 - sceKernelModuleMgrMode
0xF80F3C96 - sceKernelLoadModuleBufferBootInitConfig

LoadCoreForKernel(2.00+):
0x3BB7AC18 - sceKernelLoadCoreMode

IoFileMgrForKernel(2.80+):
0x5216CE3F - sceIoTerminateFd (this one requires confirmation)

sceIoFilemgrDNAS_driver (2.7X only, since in 2.80 the module has changed and doesn't export anything):
0x0144AFDA - sceIoLseekDNAS
0x4B4AAA29 - sceIoEndDNAS
0x79A425A4 - sceIoInitDNAS
0x8E56CAA1 - sceIoReadDNAS
0x9F645A9C - sceIoCloseDNAS

These ones seem to be used to open files protected with some kind of drm. sceIoFilemgrDNAS_driver_AA46A25E would be like "sceIoOpenDNAS", although that's not the name.

Great :D
can you add Search function in your "PSP PRX Documentation project" :)

laichung · Post by **laichung** » Tue Sep 26, 2006 2:15 pm

in 2.8 usbacc.prx

0x2E251404 sceUsbAccRegisterType
0x18b04c82 sceUsbAccUnregisterType

usb.prx

0x616f2b61 sceUsbWaitStateCB

laichung · Post by **laichung** » Fri Sep 29, 2006 4:12 pm

in 2.8 libasfparser.prx

0x2CB147F7 sceAsfGetFrameData
0x8B08301F sceAsfParserEndEntry
0xB9E4BD9E sceAsfParserStartEntry

in 2.8 usbmic

0x63400E20 sceUsbMicGetInputLength
(p.s. only one functions is left unknow.)

I have a question. There are many strings inside the string-dump of the prx, some of them look likes a function name but it is not (it not pass the NIDs search). Are they the internal function name?

adrahil · Post by **adrahil** » Fri Sep 29, 2006 9:25 pm

Yes, they're internal functions. You could trace them and give thir addresses though :)
It may also be possible that those functions are inline, like the sceSas, or some sceMSCM functions.

moonlight · Post by **moonlight** » Fri Sep 29, 2006 10:22 pm

Good find. they will be added soon to my page.

laichung · Post by **laichung** » Fri Sep 29, 2006 10:49 pm

Just for fun

from 2.8 usbgps.prx

0x6EED4811 sceUsbGpsClose
0x7C16AC3A sceUsbGpsGetState
0x934EC2B2 sceUsbGpsGetData
0x9F267D34 sceUsbGpsOpen

moonlight wrote:Good find. they will be added soon to my page.

laichung · Post by **laichung** » Fri Sep 29, 2006 11:01 pm

Thanks for information

Also some functions look have problem under ps2dis , for examples:

Code: Select all

sceUsbBus_driver_90B82F55&#58;
     li v0 , $00000001
     lui a0 $0000
     jr ra
     sw v0 $00000604

My understanding is , after jr ra is called, the function should jump back to the orginial function, and the last command should not run, right? Does it mean the last command is not belong to sceUsbBus_driver_90B82F55 but the next function sceUsbBus_driver_7B87815D? or the prxtool generate the wrong address inside the map file?

adrahil wrote:Yes, they're internal functions. You could trace them and give thir addresses though :)
It may also be possible that those functions are inline, like the sceSas, or some sceMSCM functions.

jimparis · Post by **jimparis** » Sat Sep 30, 2006 3:32 am

MIPS loads and branches have a delay slot, so the "sw" line is executed. See e.g. http://www.go-ecs.com/mips/miptek1.htm#DS

adrahil · Post by **adrahil** » Sat Sep 30, 2006 4:00 am

- a normal ''branch'' instruction does something like:

Code: Select all

if&#40;condition&#41;&#123;
delay_instruction&#40;&#41;;
goto whatever_address;
&#125; else &#123;
delay_instruction&#40;&#41;;
&#125;

examples: J, JR, BEQ, BNE, BGEZ,...

- however, the ''branch likely'' instructions are of this form:

Code: Select all

if&#40;condition&#41;&#123;
delay_instruction&#40;&#41;;
goto whatever_address;
&#125;

examples: BEQL, BNEL, ...

laichung · Post by **laichung** » Sat Sep 30, 2006 12:32 pm

Thanks all information~~

forums.ps2dev.org

Some new nids (sceNand, ModuleMgrForKernel, ...)

Some new nids (sceNand, ModuleMgrForKernel, ...)

Re: Some new nids (sceNand, ModuleMgrForKernel, ...)