Reading the HOME button in user mode

[JJS]

This post made me aware of the fact that gpSPkai 3.4 test 152 can obviously enable/disable the home menu at will and also read the status of the HOME button from user mode when the home menu is disabled.

Both of these things are impossible in user mode, I believed. I thought that unregistering the exit callback is not possible in user mode, at least I had no luck with sceKernelUnregisterExitCallback() which is kernel mode only.

The amazing thing is that whatever gpsp does, it is a permanent effect, this means the home button stays available after it has exited. So e.g. in PSPdisp the HOME button is still available for popping up the menu. The way I had done this on CFW was to not register an exit callback (to avoid the exit screen) and to create a kernel mode prx with sceCtrlReadBufferPositive() in it. When run through HBL I just live with the fact that the exit screen has to be dismissed every time HOME is pressed.

I would really like to know how gpsp does this. Any ideas? Or is the source code available? I couldn't find it, at least not for this version.


An interesting observation is also that the HOME button works as described above on my PSP GO 5.70, but on my 1000 with 5.50 GEN-D3 and PSPLink (may be important?) the button doesn't seem to be readable. Enabling/disabling the exit screen is possible though.


Edit: I see nothing suspicious in the imports of gpsp.
[spoiler]PRXTool v1.1 : (c) TyRaNiD 2k6
Built: Mar 23 2010 00:31:13
Loaded PRX data.psp successfully
Module information

Name: gpSP
Attrib: 0000
Version: 3.4
GP: 08A2BAB0

Exports:
Export 0, Name syslib, Functions 1, Variables 1, flags 80000000
Functions:
0xD632ACDB [0x08900040] - module_start
Variables:
0xF01D73A7 [0x08A125E0] - module_info

Imports:
Import 0, Name pspDveManager, Functions 2, Variables 0, flags 40090000
Functions:
0x2ACFCB6D [0x08A121E4] - pspDveManager_2ACFCB6D
0xF9C86C73 [0x08A121EC] - pspDveManager_F9C86C73
Import 1, Name homehook, Functions 2, Variables 0, flags 40090000
Functions:
0xDDC19F6B [0x08A121F4] - homehook_DDC19F6B
0x40DC34E4 [0x08A121FC] - homehook_40DC34E4
Import 2, Name sceRtc, Functions 7, Variables 0, flags 40010000
Functions:
0x3F7AD767 [0x08A12204] - sceRtcGetCurrentTick
0x4CFA57B0 [0x08A1220C] - sceRtcGetCurrentClock
0xE7C27D1B [0x08A12214] - sceRtcGetCurrentClockLocalTime
0x34885E0D [0x08A1221C] - sceRtcConvertUtcToLocalTime
0x57726BC1 [0x08A12224] - sceRtcGetDayOfWeek
0x7ED29E40 [0x08A1222C] - sceRtcSetTick
0x6FF40ACC [0x08A12234] - sceRtcGetTick
Import 3, Name sceAudio, Functions 3, Variables 0, flags 40010000
Functions:
0x13F592BC [0x08A1223C] - sceAudioOutputPannedBlocking
0x5EC81C55 [0x08A12244] - sceAudioChReserve
0x5C37C0AE [0x08A1224C] - sceAudio_5C37C0AE
Import 4, Name scePower, Functions 4, Variables 0, flags 40010000
Functions:
0x2085D15D [0x08A12254] - scePowerGetBatteryLifePercent
0x8EFB3FA2 [0x08A1225C] - scePowerGetBatteryLifeTime
0x04B7766E [0x08A12264] - scePowerRegisterCallback
0x737486F2 [0x08A1226C] - scePowerSetClockFrequency
Import 5, Name KUBridge, Functions 1, Variables 0, flags 40090000
Functions:
0x24331850 [0x08A12274] - KUBridge_24331850
Import 6, Name sceDisplay, Functions 3, Variables 0, flags 40010000
Functions:
0x0E20F177 [0x08A1227C] - sceDisplaySetMode
0x289D82FE [0x08A12284] - sceDisplaySetFrameBuf
0x984C27E7 [0x08A1228C] - sceDisplayWaitVblankStart
Import 7, Name sceGe_user, Functions 6, Variables 0, flags 40010000
Functions:
0xE47E40E4 [0x08A12294] - sceGeEdramGetAddr
0xAB49E76A [0x08A1229C] - sceGeListEnQueue
0xE0D68148 [0x08A122A4] - sceGeListUpdateStallAddr
0x03444EB4 [0x08A122AC] - sceGeListSync
0xB287BD61 [0x08A122B4] - sceGeDrawSync
0xA4FC06A4 [0x08A122BC] - sceGeSetCallback
Import 8, Name sceCtrl, Functions 3, Variables 0, flags 40010000
Functions:
0x6A2774F3 [0x08A122C4] - sceCtrlSetSamplingCycle
0x1F4011E6 [0x08A122CC] - sceCtrlSetSamplingMode
0x3A622550 [0x08A122D4] - sceCtrlPeekBufferPositive
Import 9, Name sceUtility, Functions 1, Variables 0, flags 40010000
Functions:
0xA5DA2406 [0x08A122DC] - sceUtilityGetSystemParamInt
Import 10, Name IoFileMgrForUser, Functions 11, Variables 0, flags 40010000
Functions:
0x810C4BC3 [0x08A122E4] - sceIoClose
0x109F50BC [0x08A122EC] - sceIoOpen
0x6A638D83 [0x08A122F4] - sceIoRead
0x42EC03AC [0x08A122FC] - sceIoWrite
0x27EB27B8 [0x08A12304] - sceIoLseek
0x68963324 [0x08A1230C] - sceIoLseek32
0xB29DDF9C [0x08A12314] - sceIoDopen
0xE3EB004C [0x08A1231C] - sceIoDread
0xEB092469 [0x08A12324] - sceIoDclose
0x55F4717D [0x08A1232C] - sceIoChdir
0xACE946E8 [0x08A12334] - sceIoGetstat
Import 11, Name ModuleMgrForUser, Functions 3, Variables 0, flags 40010000
Functions:
0x977DE386 [0x08A1233C] - sceKernelLoadModule
0x50F0C1EC [0x08A12344] - sceKernelStartModule
0xD675EBB8 [0x08A1234C] - sceKernelSelfStopUnloadModule
Import 12, Name StdioForUser, Functions 3, Variables 0, flags 40010000
Functions:
0x172D316E [0x08A12354] - sceKernelStdin
0xA6BAB2E9 [0x08A1235C] - sceKernelStdout
0xF78BA90A [0x08A12364] - sceKernelStderr
Import 13, Name SysMemUserForUser, Functions 5, Variables 0, flags 40000000
Functions:
0xA291F107 [0x08A1236C] - sceKernelMaxFreeMemSize
0x237DBD4F [0x08A12374] - sceKernelAllocPartitionMemory
0xB6D61D02 [0x08A1237C] - sceKernelFreePartitionMemory
0x9D9A5BA1 [0x08A12384] - sceKernelGetBlockHeadAddr
0x3FC9AE6A [0x08A1238C] - sceKernelDevkitVersion
Import 14, Name ThreadManForUser, Functions 15, Variables 0, flags 40010000
Functions:
0xE81CAF8F [0x08A12394] - sceKernelCreateCallback
0x82826F70 [0x08A1239C] - sceKernelSleepThreadCB
0xCEADEB47 [0x08A123A4] - sceKernelDelayThread
0x55C20A00 [0x08A123AC] - sceKernelCreateEventFlag
0x1FB15A32 [0x08A123B4] - sceKernelSetEventFlag
0x7C0DC2A0 [0x08A123BC] - sceKernelCreateMsgPipe
0xF0B7DA1C [0x08A123C4] - sceKernelDeleteMsgPipe
0x876DBFAD [0x08A123CC] - sceKernelSendMsgPipe
0x884C9F90 [0x08A123D4] - sceKernelTrySendMsgPipe
0x74829B76 [0x08A123DC] - sceKernelReceiveMsgPipe
0xDF52098F [0x08A123E4] - sceKernelTryReceiveMsgPipe
0x33BE4024 [0x08A123EC] - sceKernelReferMsgPipeStatus
0x446D8DE6 [0x08A123F4] - sceKernelCreateThread
0xF475845D [0x08A123FC] - sceKernelStartThread
0xAA73C935 [0x08A12404] - sceKernelExitThread
Import 15, Name UtilsForUser, Functions 2, Variables 0, flags 40010000
Functions:
0xC8186A58 [0x08A1240C] - sceKernelUtilsMd5Digest
0x79D1C3FA [0x08A12414] - sceKernelDcacheWritebackAll
Import 16, Name InterruptManager, Functions 2, Variables 0, flags 40000000
Functions:
0xCA04A2B9 [0x08A1241C] - sceKernelRegisterSubIntrHandler
0xFB8E22EC [0x08A12424] - sceKernelEnableSubIntr
Import 17, Name LoadExecForUser, Functions 2, Variables 0, flags 40010000
Functions:
0x05572A5F [0x08A1242C] - sceKernelExitGame
0x4AC57943 [0x08A12434] - sceKernelRegisterExitCallback
Import 18, Name sceImpose, Functions 1, Variables 0, flags 40010011
Functions:
0x5595A71A [0x08A1243C] - sceImpose_5595A71A
Done[/spoiler]

Advertising

[m0skit0]

I thought that unregistering the exit callback is not possible in user mode

Maybe registering another exit callback overrides the previous one?

Advertising

[JJS]

Maybe I didn't write this clear enough. I am talking about the situation that gpsp is running through HBL and can still do this. Therefore:

Maybe registering another exit callback overrides the previous one?

HBL hooks the sceKernelRegisterExitCallback() function. This means gpsps exit callback is not even known to the kernel. HBL registers its own callback that overrides the one by the exploitet game.

Edit: Now that I think about it. Gpsp doesn't unregister and reregister the callback. If it would do this, the hooked sceKernelRegisterExitCallback() function would leave a trace of that in the debug log.

[Nymphaea]

It uses "sceImposeSetHomePopup(0)" to turn off the home menu, I've yet to figure out how to get the button press though. I've attempted just disabling it and you can't pickup the button, using sceImposeSetHomePopup(0) right when the home menu is detected doesn't close it.

It mentions user mode in this part, seems to be implying unloading modules helps somehow, it is commented out though in my copy(using #if 0)

Code: Select all

	// user mode????????????????

	// Home????????????????????

	// AdHoc??????????????????????
	SceUID modIDs[16];

	int count;



	if (sceKernelGetModuleIdList(modIDs, 16, &count) < 0)

	{

		sceKernelStopModule(modIDs[1], 0, NULL, NULL, NULL);

		sceKernelDelayThread(500*1000);

		sceKernelUnloadModule(modIDs[1]);

	}

[JJS]

Interesting, thank you!

I will mess around a bit with sceImposeSetHomePopup() and see what I get.



Edit: Awesome. I just added sceImposeSetHomePopup(0) at the start of my main() function in PSPdisp and sceImposeSetHomePopup(1) before calling sceKernelExitGame() and reading the HOME button works perfectly. Only tried it on the GO with Patapon.


Edit 2: Tried it on CFW now and I see what you mean. The exit screen is not shown but the button press is not registered either.