anyway to unload modules without sceUtilityUnloadModule?

[wololo]

As you might have guessed by the title, an exploit I am working on does not import sceUtilityUnloadModule.
I've used my trick from last month to load as much as I can and retrieve some essential nids from additional modules (+ p5 stubs), but that function is nowhere to be found. For now I can probably try to live without it, but it would be great to be able to unload modules though... at least the one from the game...

Advertising

[wololo]

Update:
I have access to SysMemUserForUser_35669D4C which seems to be an equivalent for sceKernelSelfStopUnloadModule.

Not sure how I can leverage that though, I assume to stop the game module I need to be in the game's thread, and if I do that, then some things will stop working...
An idea is probably to force each module/thread to jump to that function from within its own memory space...

I think I have the idea but if somebody has the actual code to handle that I would be super grateful.

TL,DR: the game is to reimplement sceUtilityUnloadModule with sceKernelSelfStopUnloadModule (or, in my case, SysMemUserForUser_35669D4C)

Advertising

[JJS]

I am not sure the kernel will like that. It probably thinks that the utility module is still loaded and you won't be able to reload it later with sceUtilityLoadModule.

This is only my guess though. Maybe you should test this on a PSP with CFW first by writing a small program that loads a utility with sceUtilityLoadModule. Then you unload the module through PSPLink (easier than trying to get the module id and doing it in the program I think). And then have the program try to load the utility module again.

[m0skit0]

I'm not so sure you can't reload it later. Savegame module for example loads and unloads a lot of times (not sure if this is what you mean though).

[wololo]

I'm not so sure you can't reload it later. Savegame module for example loads and unloads a lot of times (not sure if this is what you mean though).

That's not what he meant. He meant that if the module is not unloaded properly, the kernel might think it is still loaded, and therefore refuse to load it a second time.

JJS: at the very least if I can unload the game's main module, I'll free somewhere between 5 and 10MB, which will put me in a more acceptable situation. And this one, I never need to reload

[wololo]

Sigh, I just can't get it to work.
I wasted close to 10 hours on this lead. I'm sure there has to be a way to stop that module, and it's probably a simple mistake on my end, but it just refuses to stop.

For now I'll assume that a game that does not import sceUtilityUnloadModule is probably a no go.
It sucks because I did manage to load homebrews with that exploit, just not complicated ones

[wololo]

Hmm, my problem is elsewhere. sceUtitlityUnloadModule is only to unload those external user mode modules.
Now I realize I have only 15MB of contiguous ram after freeing, despite having 24MB total. A few "small" things are in the middle of the user ram and not getting freed, this could be one of my issues

[vonjack]

Oh, I encountered the same question as wololo.
Can ModuleMgrForUser_8F2DF740 unload modules correctly ?
And I've found p5_stubs contains "sceKernelLoadModule", can we use this syscall to replace "sceUtilityLoadModule" (use /kd/.prx in flash0 et al.).
Thank you very much!

[qwikrazor87]

In usermode the only place you'll be able to load modules from is disc0:/
loading from any other place (flash0, ms0) will return error 0x80020146 (ERROR_KERNEL_PROHIBIT_LOADMODULE_DEVICE)

[vonjack]

In usermode the only place you'll be able to load modules from is disc0:/
loading from any other place (flash0, ms0) will return error 0x80020146 (ERROR_KERNEL_PROHIBIT_LOADMODULE_DEVICE)

Oh, Thank you very much!
I found after I used ModuleMgrForUser_8F2DF740 to stopunload module, and reload module (0x300) use sceUtilityLoadModule, it still return "Already Loaded" in VHBL.
It seems that not to unload module, VHBL is also running regular, so I'll give up to unload module. xD