Forum rules: Forum rule Nº 15 is strictly enforced in this subforum.
#257676 by hgoel0974
Tue Apr 09, 2013 5:30 pm
Is there a list of all the syscalls and their respective codes for $v0 anywhere?
Advertising
#257711 by preloader
Tue Apr 09, 2013 7:20 pm
İt is a bit complicated. You can try disassemble exploits and checking assembly files for syscalls. If you want to improve yourself and try to something you should take a look at MARS MIPS Simulator you can find more informations about MARS here: http://courses.missouristate.edu/kenvol ... /index.htm
Advertising
#257762 by hgoel0974
Tue Apr 09, 2013 8:36 pm
preloader wrote:İt is a bit complicated. You can try disassemble exploits and checking assembly files for syscalls. If you want to improve yourself and try to something you should take a look at MARS MIPS Simulator you can find more informations about MARS here: http://courses.missouristate.edu/kenvol ... /index.htm

I learned assembly using MARS. Although I feel that the codes might be the same because in the end, it is still MIPS but I am not sure.
#257769 by preloader
Tue Apr 09, 2013 8:52 pm
Originally posted by m0skit0 on advancedpsp.tk, and recreated by ultimakillz. Taken from : http://forums.pspslimhacks.com/threads/ ... mips.7573/
Code shown below maybe it can help you.

Code: Select all// sceIoOpen
lui $a0, 0x08C1
ori $a0, $zr, 0x2345
li $a1, 1
li $a2, 0x1FF
jal 0x08A885C8
nop

// sceIoRead
or $a0, $zr, $v0
lui $a1, 0x08D0
li $a3, 0x6051
jal 0x08A88578
nop

// sceIoClose
jal 0x08A88590
nop

// sceKernelDcacheWritebackInvalidateAll
jal 0x08A887C0
nop

// Jump to our loaded code
lui $a0, 0x08D0
jr $a0
nop
#257794 by hgoel0974
Tue Apr 09, 2013 9:32 pm
preloader wrote:Originally posted by m0skit0 on advancedpsp.tk, and recreated by ultimakillz. Taken from : http://forums.pspslimhacks.com/threads/ ... mips.7573/
Code shown below maybe it can help you.

Code: Select all// sceIoOpen
lui $a0, 0x08C1
ori $a0, $zr, 0x2345
li $a1, 1
li $a2, 0x1FF
jal 0x08A885C8
nop

// sceIoRead
or $a0, $zr, $v0
lui $a1, 0x08D0
li $a3, 0x6051
jal 0x08A88578
nop

// sceIoClose
jal 0x08A88590
nop

// sceKernelDcacheWritebackInvalidateAll
jal 0x08A887C0
nop

// Jump to our loaded code
lui $a0, 0x08D0
jr $a0
nop


I think m0skit0 also posted this here, and well,I already know this, it isn't what I am talking about, syscalls are like

Code: Select allli $v0,1
li $a0,10
syscall


which takes the value in $v0 and based on it decides which syscall we are making, in this case, $v0 is 1 which tells the MARS simulator to write the value stored in $a0 (argument 1) to the screen, what I'd like to know is if this exact same code will work, are the $v0 codes the same as the MARS simulator's codes?
#260248 by wololo
Thu Apr 18, 2013 1:51 pm
Acid, you mean syscall estimates
syscalls, obviously, still work, as they are at the core of how everything works in user mode on the psp or the psp emu.

I know that's what you meant, but remember everything we say here could be misunderstood by many people who will repeat that without questionning what they read

Edit: hgoel: syscalls on the psp are not fixed, so there isn't a list of them. Syscalls are semi randomly generated by the kernel. What does not change are the nids, and you can find lists of nids on silverspring's site.

Edit2: details on syscall randomization here: http://wololo.net/2012/06/07/syscall-internals/
#260292 by JJS
Thu Apr 18, 2013 5:54 pm
It should be noted that there are different ways to do syscalls for different MIPS processor revisions. On the PSP you specify the syscall number in the syscall instruction instead of loading it into register v0. See also here: viewtopic.php?f=5&t=740#p7977

Actually let me expand on this a bit: Because, as wololo said, syscalls are not fixed you usually do not call a syscall directly from your code. Instead you have the import stubs which are resolved by the kernel when your module loads. So on loading, the kernel writes the correct syscall instruction into this table. Your own code only performs a jump to this import code. This is also what the code preloader posted does. The jal goes to the import stub.

Who is online

Users browsing this forum: No registered users and 0 guests