How to manually call a callback function?

[Torch]

From my kernel prx I want to invoke a callback function of another user prx. I have the function address and I'm trying to call it with the callback prototype but it crashes, because of kernel to user call I think. I also have its cbid in case its useful. How do I call it, and pass my own args?

[ne0h]

You have to probably normalize the address...
Some days ago I've got the same thing but with a variable, maybe the solution is the same!
This is how to get a user address form a kernel addr:

Code: Select all

char* data = "AbCd?";
return (char*)(((int)data)&~0x80000000);

[Torch]

All that does is remove the leading 0x8.

The function address is in user memory, so its already in 0x0..... form.

[ne0h]

All that does is remove the leading 0x8

Yes I know, is the same as

Code: Select all

((int)data) - 0x80000000

The function address is in user memory, so its already in 0x0..... form.

I think that to call a user address from kernel mode you have to add 0x8...

[Torch]

You can only read contents of user memory addresses. The code can't jump into user space instructions (normally).

There has to be a method for invoking callbacks, after all they are invoked by the kernel normally...

[ne0h]

I think that sceKernelNotifyCallback go to resume a callback, but you can pass to the function only the 2nd arg...

[Torch]

Yes I've seen that. But I need to forward all 3 args from the power callback.

[ne0h]

How does the fw call a callback and send all the args?
Maybe a little reverse on this can help you!
But where I can find this call?

But I need to forward all 3 args from the power callback.

So you need to hook the power callback and replace it with another callback?
For this you can register your power callback!
Anyway I think that this is not what you want to do...

[TyRaNiD]

You can't in any meaningful sense, just call Notify with arg2 of the callback (the actual unique value) and the other two will handle themselves.

[Torch]

I want the power callbacks in the game to be invoked only when some conditions are met.

I've hooked scePowerRegisterCallback, and instead of calling the original function, my PRX maintains a table of all the callbacks the game tries to register and returns successful value to the game. The table is also updated on scePowerUnregist(its)erCallback.
My PRX registers itself in the power callback just once.

When the PSP is suspended, I want to forward the suspend power callbacks by manually calling it.
When the PSP is resumed (my app detects this by resume_complete), I freeze all the game threads (I will not forward the resuming or resume_complete callbacks).
My app asks for password, if the password is right it should forward the resume callbacks now and unfreeze the game.
The user should be able to suspend the PSP again without entering correct password also (without unfreezing threads).

The problem before was that the game would not suspend while the threads were frozen if the power switch was pressed. It would start suspending with a blank screen and the LED would just keep blinking until it crashed. I'm ASSUMING this was because the game received the resume callback and tried to resume its stuff, but couldn't because the threads were frozen. I'm ASSUMING that if it never receives the resume callbacks, then it will still be in a suspend-friendly state as it wouldn't have done anything since the last suspend and can be suspended again while the threads are frozen.

Time to try some experiments with NotifyCallback now..

[Torch]

I've succeeded :D using sceKernelNotifyCallback to send the resuming and resume_complete signals whenever I want after hooking the register callback functions so that the real ones aren't sent. The game can be frozen properly and even put into standby and resumed multiple times :D