I am currently working on some evolutions for "FakeCamera" plugin: I try to put a user image as camera output.
I made a code following sceCamera API specifications (which I found on some leaked Vita SDK documentation): it only works on some rare titles.
The sceCamera API should get everytime a "pIBase" buffer to write output data (some camera format could also need "pUBase" and "pVBase" additional buffers). This buffer pointer can be given by "SceCameraInfo" at camera open or by "SceCameraRead" at camera read call.
Unfortunatly, most titles (where my code fails) doesn't follow this specification. On camera open call, I get null pointers which means I should wait camera read call to get the pointers. But on camera read call, I get a null pointer too for "pIBase" and "pVBase" and I get "0x12c000" value for "pUBase" (gotten on Tearaway and Welcome Park "Snap + Slide" mini-game). This "0x12c000" value is definily not a pointer I can write (the application crashes if I try to write a single byte at this address).
Do you have any idea about expected behavior when this "0x12c000" is sent to the sceCamera API? Low level framebuffer output? Where should I write my image data when I see this "sceCameraOpen/sceCameraRead" pattern?
I also noticed that most official application send a "SceCameraRead->size" of 72 bytes which is 16 bytes bigger than the structure we have in "psp2/camera.h" (the structure in the leaked documentation is the same). When a known pattern is followed, those 16 bytes contains some "0xdead" data so it is definitly trash. However, when there is a pattern involving "0x12c000", I got those data from "Welcome Park" (I didn't have time to test other titles):
{0x43656b61, 0x72656d61, 0x4c412f61, 0x61425f4c}
Any idea about this data meaning? Does it look like trash? (the first 3 values aren't aligned so I would assume they are not valid pointers and directly writing to the address interpreted from the 4th one leads to a crash)
Thank you for your help!
Advertising