Advertising (This ad goes away for registered users. You can Login or Register)

hbl porting help

Half Byte loader is an open source tool to load homebrews on all models of PSPs
Half Byte Loader can be downloaded at //wololo.net/wagic/hbl
User avatar
Kankertje
Moderator
Posts: 830
Joined: Mon Apr 23, 2012 12:22 pm
Contact:

hbl porting help

Post by Kankertje » Sun Jan 13, 2013 3:36 pm

Hey

I'm having problem porting hbl to some user exploits
first issue:

Code: Select all

->Module information:
Name: JGEApp_Title
Version: 0x00000101
Attributes: 0x00000000
Lib entry: 0x000A61AC
Lib stubs: 0x000A61C4
Lib stubs end: 0x000A62DC
gp: 0x000CA710
Address to allocate from: 0x08900000
-->ALLOCATING MEMORY @ 0x08900000 size 0x001DC1B0... call to sceKernelAllocParti
tionMemory partitionId: 2, name: ELFMemory, type:2, size:1950128, addr:0x0890000
0
-> final allocation made for 1560128 of 1950128 requested bytes with result 0x80
0200D9
FAILED: 0x800200D9
Failed to allocate memory for the module
ERROR 0x80020001 loading main module
When running the test homebrew from hbl's svn which tests cpu speed and memory available
It outputs

Code: Select all

sceKernelMaxFreeMemSize > 20MB...ok
However, i was only able to load some old version of wmenu 0.2, anything else fails to allocate enough memory
I tried freemem.rb script

Only functions for dcache imported by game are
sceKernelDcacheWritebackRange and sceKernelDcacheWritebackAll, no invalidate cache ones, so im using

Code: Select all

#define CLEAR_CACHE sceKernelDcacheWritebackAll()
#define HOOK_sceKernelDcacheWritebackInvalidateAll_WITH_sceKernelDcacheWritebackAll
In exploit config
Also I have manually defined some functions that are in sdk.s but non in sdk_hbl.s
Could any of those cause problem ?

also :
I have disabled p5_stubs because it gets stuck when it enters the save dialog loop for second time (First time it goes through it fine)
[spoiler]

Code: Select all

Loader running
Detected firmware version is 0x06060010
p5_get_stubs
entering savedata dialog loop
status changed from -1 to 2
status changed from 2 to 3
status changed from 3 to 0
dialog has shut down
Relocating stub addresses from 0x08414A0C to 0x09D70000
current stub: 0x08414AFC 0x00000011 0x00004001 0x00000005 0x00000006 0x08414CA4
0x08414930
relocated to: 0x09D700F0 0x09D70298 0x09D6FF24
current stub: 0x08414B0C 0x00000011 0x00004001 0x00000005 0x0000000E 0x08414CCC
0x08414980
relocated to: 0x09D70100 0x09D702C0 0x09D6FF74
current stub: 0x08414B24 0x00000011 0x00004001 0x00000005 0x00000001 0x08414CC0
0x08414968
relocated to: 0x09D70118 0x09D702B4 0x09D6FF5C
current stub: 0x08414B30 0x00000011 0x00004001 0x00000005 0x00000001 0x08414CBC
0x08414960
relocated to: 0x09D70124 0x09D702B0 0x09D6FF54
current stub: 0x08414B40 0x00000011 0x00004000 0x00000005 0x00000003 0x08414C2C
0x08414840
relocated to: 0x09D70134 0x09D70220 0x09D6FE34
current stub: 0x08414B58 0x00000011 0x00004001 0x00000005 0x00000011 0x08414BD8
0x08414798
relocated to: 0x09D7014C 0x09D701CC 0x09D6FD8C
current stub: 0x08414B70 0x00000011 0x00000001 0x00000005 0x00000004 0x08414C1C
0x08414820
relocated to: 0x09D70164 0x09D70210 0x09D6FE14
current stub: 0x08414B84 0x00000011 0x00004000 0x00000005 0x00000002 0x08414CC4
0x08414970
relocated to: 0x09D70178 0x09D702B8 0x09D6FF64
current stub: 0x08414B9C 0x00000011 0x00004001 0x00000005 0x0000001B 0x08414C38
0x08414858
relocated to: 0x09D70190 0x09D7022C 0x09D6FE4C
entering savedata dialog loop
status changed from -1 to 2
[/spoiler]
---------------------------------------------------------------------------------------------------------------------------
issue with another game:

Code: Select all

Starting HBL R162 http://code.google.com/p/valentine-hbl
DEBUG version (+NIDS)
Firmware 6.6x detected
No error on psp, no error in psplink, anyway to easily find where's the problem ?
Same result with p5 stubs enabled/disabled
heres the log
[spoiler]

Code: Select all

Detected firmware version is 0x06060010
Loading HBL
HBL loaded to allocated memory @ 0x09E54300
Copying & resolving HBL stubs
Config file:ms0:/PSP/SAVEDATA/censored/imports.dat
--> HBL imports from imports.config: 64
1. 0x109F50BC
2. 0x42EC03AC
3. 0x810C4BC3
4. 0x27EB27B8
5. 0x6A638D83
6. 0xB29DDF9C
7. 0xE3EB004C
8. 0xEB092469
9. 0x54F5FB11
10. 0x55F4717D
11. 0x779103A0
12. 0x06A70004
13. 0x2E0911AA
14. 0xD8B73127
15. 0x8F2DF740
16. 0x79D1C3FA
17. 0x34B9FA9E
18. 0xCEADEB47
19. 0x446D8DE6
20. 0x616403BA
21. 0x383F7BCC
22. 0x809CE29B
23. 0x9FA03CD3
24. 0x28B6489C
25. 0xEF9E4C70
26. 0xEDBA5844
27. 0xAA73C935
28. 0x68DA9E36
29. 0x82826F70
30. 0x876DBFAD
31. 0x884C9F90
32. 0xDF52098F
33. 0x293B45B8
34. 0xE81CAF8F
35. 0x3F53E640
36. 0x4E3A1105
37. 0xD6DA4BA1
38. 0x9944F31F
39. 0x75156E8F
40. 0x6D212BAC
41. 0x05572A5F
42. 0x4AC57943
43. 0x237DBD4F
44. 0x9D9A5BA1
45. 0xB6D61D02
46. 0x289D82FE
47. 0x984C27E7
48. 0x1F803938
49. 0x3A622550
50. 0xBD2BDE07
51. 0x6FC46853
52. 0xB011922F
53. 0x136CAF51
54. 0x13F592BC
55. 0x5EC81C55
56. 0xE7C27D1B
57. 0xEBD177D6
58. 0x2A2B3DE0
59. 0xE49BFE92
60. 0x67AF3428
61. 0x9A1C91D7
62. 0x95FC253B
63. 0x2AD8E239
64. 0xE47E40E4
Loading 0x00000100
...Already loaded
Loading 0x00000101
...Already loaded
Loading 0x00000102
Loading 0x00000103
Loading 0x00000104
Loading 0x00000105
Loading 0x00000106
...Error 0x800200D9 Loading 0x00000106
Loading 0x00000200
Loading 0x00000201
Loading 0x00000202
Loading 0x00000203
Loading 0x00000301
...Already loaded
Loading 0x00000302
...Already loaded
Loading 0x00000303
...Already loaded
Loading 0x00000304
Loading 0x00000305
...Already loaded
Loading 0x00000306
Loading 0x00000307
Loading 0x00000400
...Error 0x800200D9 Loading 0x00000400
Loading 0x00000401
...Error 0x800200D9 Loading 0x00000401
Loading 0x00000402
...Error 0x800200D9 Loading 0x00000402
Loading 0x00000500
Loading 0x00000600
Found Stubs at 0x088009A0
Found Stubs at 0x089B6310
Found Stubs at 0x09E13D30
Found Stubs at 0x09E1BF30
Found Stubs at 0x09E2A614
Found Stubs at 0x09E2A640
Found Stubs at 0x09E3B8F0
Found Stubs at 0x09E41D70
Found Stubs at 0x09E48610
Found Stubs at 0x09E4CA90
Found Stubs at 0x09E4DF3C
Found Stubs at 0x09E94274
Found Stubs at 0x09EAAD78
Found Stubs at 0x09EAADB0
Found Stubs at 0x09EB4F8C
Found Stubs at 0x09EBE43C
Found Stubs at 0x09EC259C
Found Stubs at 0x09EDB8A0
Found Stubs at 0x09EEE750
Found Stubs at 0x09EF1300
Found 20 stubs
ENTERING search_game_stubs() 0x088009A0
ENTERING search_game_stubs() 0x089B6310
nid:0x2A2B3DE0, address:0x089B62C4 call:0x03E00008 0x00090F4C
nid:0xE49BFE92, address:0x089B62EC call:0x03E00008 0x0009214C
nid:0x1F803938, address:0x089B62B4 call:0x03E00008 0x0008CDCC
nid:0x289D82FE, address:0x089B6294 call:0x03E00008 0x0008C94C
nid:0x984C27E7, address:0x089B629C call:0x03E00008 0x0008C5CC
nid:0xE47E40E4, address:0x089B6284 call:0x03E00008 0x0008B40C
nid:0x42EC03AC, address:0x089B61D4 call:0x03E00008 0x0008874C
nid:0x6A638D83, address:0x089B61DC call:0x03E00008 0x00087F4C
nid:0x779103A0, address:0x089B61E4 call:0x03E00008 0x0008800C
nid:0x810C4BC3, address:0x089B61EC call:0x03E00008 0x0008804C
nid:0x109F50BC, address:0x089B6204 call:0x03E00008 0x000885CC
nid:0x27EB27B8, address:0x089B620C call:0x03E00008 0x0008868C
nid:0x05572A5F, address:0x089B61C4 call:0x03E00008 0x0008B0CC
nid:0x4AC57943, address:0x089B61CC call:0x03E00008 0x0008B18C
nid:0x2E0911AA, address:0x089B618C call:0x03E00008 0x00088BCC
nid:0xD8B73127, address:0x089B619C call:0x03E00008 0x000888CC
nid:0x8F2DF740, address:0x089B61B4 call:0x03E00008 0x00088D0C
nid:0x237DBD4F, address:0x089B614C call:0x03E00008 0x00089BCC
nid:0x9D9A5BA1, address:0x089B615C call:0x03E00008 0x00089ECC
nid:0xB6D61D02, address:0x089B6164 call:0x03E00008 0x00089FCC
nid:0xCEADEB47, address:0x089B6094 call:0x03E00008 0x0008778C
nid:0xD6DA4BA1, address:0x089B609C call:0x03E00008 0x000878CC
nid:0xE81CAF8F, address:0x089B60A4 call:0x03E00008 0x00087B0C
nid:0xEDBA5844, address:0x089B60B4 call:0x03E00008 0x000855CC
nid:0x28B6489C, address:0x089B60C4 call:0x03E00008 0x00085D4C
nid:0x293B45B8, address:0x089B60CC call:0x03E00008 0x00085DCC
nid:0x3F53E640, address:0x089B60E4 call:0x03E00008 0x0008620C
nid:0x446D8DE6, address:0x089B60EC call:0x03E00008 0x0008628C
nid:0x4E3A1105, address:0x089B60F4 call:0x03E00008 0x0008634C
nid:0x616403BA, address:0x089B60FC call:0x03E00008 0x0008664C
nid:0x68DA9E36, address:0x089B6104 call:0x03E00008 0x000867CC
nid:0x9FA03CD3, address:0x089B610C call:0x03E00008 0x000870CC
nid:0xAA73C935, address:0x089B6114 call:0x03E00008 0x0008724C
nid:0xEF9E4C70, address:0x089B6124 call:0x03E00008 0x0008560C
nid:0x79D1C3FA, address:0x089B607C call:0x03E00008 0x0008AA8C
nid:0x136CAF51, address:0x089B602C call:0x03E00008 0x0008E38C
nid:0x13F592BC, address:0x089B6034 call:0x03E00008 0x0008E3CC
nid:0x5EC81C55, address:0x089B603C call:0x03E00008 0x0008E54C
nid:0x6FC46853, address:0x089B6044 call:0x03E00008 0x0008E64C
nid:0xB011922F, address:0x089B6054 call:0x03E00008 0x0008E0CC
ENTERING search_game_stubs() 0x09E13D30
nid:0x34B9FA9E, address:0x09E13C2C call:0x03E00008 0x0008A5CC
ENTERING search_game_stubs() 0x09E1BF30
ENTERING search_game_stubs() 0x09E2A614
ENTERING search_game_stubs() 0x09E2A640
ENTERING search_game_stubs() 0x09E3B8F0
ENTERING search_game_stubs() 0x09E41D70
ENTERING search_game_stubs() 0x09E48610
ENTERING search_game_stubs() 0x09E4CA90
ENTERING search_game_stubs() 0x09E4DF3C
ENTERING search_game_stubs() 0x09E94274
ENTERING search_game_stubs() 0x09EAAD78
ENTERING search_game_stubs() 0x09EAADB0
ENTERING search_game_stubs() 0x09EB4F8C
ENTERING search_game_stubs() 0x09EBE43C
ENTERING search_game_stubs() 0x09EC259C
ENTERING search_game_stubs() 0x09EDB8A0
ENTERING search_game_stubs() 0x09EEE750
ENTERING search_game_stubs() 0x09EF1300
 ****STUBS SEARCHED
HBL Function missing at 0x00010028, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010030, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010038, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010040, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010048, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010058, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100A0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100A8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100E0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100E8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100F0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000100F8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010128, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010130, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010138, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010180, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x00010188, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101B8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101C0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101D8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101E0, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101E8, this could lead to trouble if syscall estimates do not work
HBL Function missing at 0x000101F0, this could lead to trouble if syscall estimates do not work
UnLoading 0x00000600
UnLoading 0x00000500
UnLoading 0x00000402
...Error 0x80111103 Unloading 0x00000402
UnLoading 0x00000401
...Error 0x80111103 Unloading 0x00000401
UnLoading 0x00000400
...Error 0x80111103 Unloading 0x00000400
UnLoading 0x00000307
UnLoading 0x00000306
UnLoading 0x00000305
UnLoading 0x00000304
UnLoading 0x00000303
UnLoading 0x00000302
UnLoading 0x00000301
UnLoading 0x00000203
UnLoading 0x00000202
UnLoading 0x00000201
UnLoading 0x00000200
UnLoading 0x00000106
...Error 0x80111103 Unloading 0x00000106
UnLoading 0x00000105
UnLoading 0x00000104
UnLoading 0x00000103
UnLoading 0x00000102
UnLoading 0x00000101
UnLoading 0x00000100
HBL stubs copied, running eLoader
Starting HBL R162 http://code.google.com/p/valentine-hbl
DEBUG version (+NIDS)
Firmware 6.6x detected
[/spoiler]
Advertising

wololo
Site Admin
Posts: 3619
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: hbl porting help

Post by wololo » Mon Jan 14, 2013 10:59 am

The most likely issue at this point is that some small memory block is still allocated right after 0x08900000.

after HBL fails to load wMenu (I am assuming this is wMenu failing to load?), you could run a "uidlist" and investigate the Memory blocks being used. Please copy/paste the result of uidlist (only the memory blocks section is ok) here as well, I might be able to help, to some extent
Advertising
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!

User avatar
Kankertje
Moderator
Posts: 830
Joined: Mon Apr 23, 2012 12:22 pm
Contact:

Re: hbl porting help

Post by Kankertje » Mon Jan 14, 2013 11:11 am

wololo wrote:The most likely issue at this point is that some small memory block is still allocated right after 0x08900000.

after HBL fails to load wMenu (I am assuming this is wMenu failing to load?), you could run a "uidlist" and investigate the Memory blocks being used. Please copy/paste the result of uidlist (only the memory blocks section is ok) here as well, I might be able to help, to some extent
yep its wmenu, here's the memoryblock part from uidlist
http://pastebin.com/shgNu75Z

edit: hm i think i did it wrong because it exits to vsh right after so i'm unable to get the uidlists after the error, i probably need a breakpoint

wololo
Site Admin
Posts: 3619
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: hbl porting help

Post by wololo » Mon Jan 14, 2013 11:27 am

Yeah the list you sent doesn't look like a typical VHBL session. either add a breakpoint at that part in the HBL code (I think typing BREAK; should do it as I believe we have a macro), or remove the line that probably says something like "exit_with_log"
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!

User avatar
Kankertje
Moderator
Posts: 830
Joined: Mon Apr 23, 2012 12:22 pm
Contact:

Re: hbl porting help

Post by Kankertje » Mon Jan 14, 2013 11:55 am

wololo wrote:Yeah the list you sent doesn't look like a typical VHBL session. either add a breakpoint at that part in the HBL code (I think typing BREAK; should do it as I believe we have a macro), or remove the line that probably says something like "exit_with_log"
Should be good now
http://pastebin.com/bHvtxu6h

While doing this i also noticed many

Code: Select all

converted lib name scePower into NT2XKDOpening ms0:/PSP/SAVEDATA/censored/NT2XK
D.nid
which failed to open,figured i need the libs in vita format in same dir, no error now but didnt help with the issue

also theres this exception during hbl loading

Code: Select all

Call to sceKernelTotalFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
 FREE MEM AFTER CLEANING: 25019392 (max: 23104512)
 -- Done
Callback Thread Created
  thid=0481AE25
Setup HBL Callback:
  cbid=04807E31
  ret=00000000
START HBL
Exception - Bus error (instr)
Thread ID - 0x0481AE25
Th Name   - HBLexitcallbackthread
EPC       - 0x080316F0
Cause     - 0x10000018
BadVAddr  - 0x00000000
Status    - 0x00088613
zr:0x00000000 at:0x00000001 v0:0x00000000 v1:0x00000001
a0:0xDEADBEEF a1:0xDEADBEEF a2:0xDEADBEEF a3:0xDEADBEEF
t0:0xDEADBEEF t1:0xDEADBEEF t2:0xDEADBEEF t3:0xDEADBEEF
t4:0x882FC200 t5:0x00088613 t6:0x00004000 t7:0x080316F0
s0:0x04807E31 s1:0xDEADBEEF s2:0xDEADBEEF s3:0xDEADBEEF
s4:0xDEADBEEF s5:0xDEADBEEF s6:0xDEADBEEF s7:0xDEADBEEF
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FFFF00 k1:0x00000000
gp:0x00000000 sp:0x09FFFEB8 fp:0x09FFFEC0 ra:0x09F1E36C
Call to sceKernelTotalFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Call to sceKernelMaxFreeMemSize()
Attempt to Load Config file: ms0:/PSP/SAVEDATA/xxxxx/hblconf.txt
Couldn't load config file, error 0x80010002 (that's usually not an issue)
Loading Menu
-Test sceIoDopen
--success
-Test sceIoDread
--success
host0:/>
--success
EBOOT path: ms0:/PSP/SAVEDATA/xxxxxxxx/EBOOT.PBP
Attempt to Load Config file: ms0:/PSP/SAVEDATA/xxxxxxx/hblconf.txt
Couldn't load config file, error 0x80010002 (that's usually not an issue)
Loading module


->Entering load_module...
Reading ELF header...

wololo
Site Admin
Posts: 3619
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: hbl porting help

Post by wololo » Mon Jan 14, 2013 12:21 pm

"Audio Player Com Pipe" seems to be a potential issue. there might be an audio thread not being closed or something like that. you have to "figure out" how to close this one.
first step is to look for the UID in user ram to see if you find where it is being defined.
Note that "gen_exploit_config.rb" should find this for you, if it doesn't, we are in one of these tricky cases were we do not know exactly how/where the memory block is being allocated
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!

User avatar
Kankertje
Moderator
Posts: 830
Joined: Mon Apr 23, 2012 12:22 pm
Contact:

Re: hbl porting help

Post by Kankertje » Mon Jan 14, 2013 1:02 pm

wololo wrote:"Audio Player Com Pipe" seems to be a potential issue. there might be an audio thread not being closed or something like that. you have to "figure out" how to close this one.
first step is to look for the UID in user ram to see if you find where it is being defined.
Note that "gen_exploit_config.rb" should find this for you, if it doesn't, we are in one of these tricky cases were we do not know exactly how/where the memory block is being allocated
Unfortunately gen_exploit_config.rb and freemem.rb didnt help, got a memdump and uidlist from same session but im unable to find the UID in the memdump

Code: Select all

(UID): 0x0410B20B, (entry): 0x88208590, (size): 28, (attr): 0xFF, (Name): Audio Player Com Pipe
Do i look for 0410B20B(0B B2 10 04) ?
No matches :x

wololo
Site Admin
Posts: 3619
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: hbl porting help

Post by wololo » Mon Jan 14, 2013 1:11 pm

yeah, 0B B2 10 04 is what you should be looking for (in the same session as the one you made the call to uidlist.txt, of course)

It would also be interesting to get more info about that block (can't remember the psplink command) just to see if it is indeed the one that's blocking you.

It is possible that this block is created by something else, and that closing that "something else" will free that block. Could be an audio thread, etc...

An alternative is to try and find "heuristics" about the UID of that block (I've found that in general they are not "that" random, and try to bruteforce close it (loop on a range that is likely to contain that UID, or something like that...)
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!

User avatar
Kankertje
Moderator
Posts: 830
Joined: Mon Apr 23, 2012 12:22 pm
Contact:

Re: hbl porting help

Post by Kankertje » Mon Jan 14, 2013 10:01 pm

i created list of 20 session's UIDs of that Audio Player Com Pipe and got only 5 unique UID's
so i put in some code to free them, it fixed the issue(based on luck i guess) :)
wmenu sucesfully allocated enough but it now crashes on some HBLexitcallbackthread
gonna investigate a bit then edit this post

edit: now i have different problem, gen_exploit_config and freemem scripts are outputting very different files than before, it creates functions in sdk_hbl.s that game doesnt import, when compiling im getting errors from parts of code which shouldnt even compile because they are not defined
this now happens with multiple different userexploits i tried
i tried getting fresh hbl sources, fresh memdump and uidlist, no change . I'm really confused and have no idea why it happens, might be dumb mistake like using wrong sdk.s from different game but i still didnt find it :?

edit2: figured out what caused it, i have to take the uidlist and memdump while crashed on invalid ra, not while ingame menu, i hope ill make some progress today

User avatar
Kankertje
Moderator
Posts: 830
Joined: Mon Apr 23, 2012 12:22 pm
Contact:

Re: hbl porting help

Post by Kankertje » Wed Jan 16, 2013 12:02 am

Okay now im getting error with "power callback"
heres the log:
http://pastebin.com/gaX8G4ke
[spoiler]

Code: Select all

-->Starting module ID: 0x10000000

->Module entry:
ID: 0x10000000
ELF type: 0x0000FFA0
State: 0
Size: 0x00234E80
Text address: 0x08900000
Entry point: 0x089000AC
.lib.stub address: 0x089EE868
GP: 0x08A224A0
API returned 047FF063
Set array
Pending threads: 1
lptr: 09FB740E
new larglen: 0000002E
argv[0]: 'ms0:/PSP/SAVEDATA/censored/EBOOT.PBP'
argc:  0000002E
->MODULE MAIN THID: 0x047FF063 Enter hookRunThread: 047FF063
Number of pending threads: 00000001
Pending threads: 0
Number of running threads: 00000000
Running threads: 1
Exit hookRunThread: 047FF063
Exception - Breakpoint
Thread ID - 0x0481D15B
Th Name   - HBL
EPC       - 0x088912E4
Cause     - 0x10000024
BadVAddr  - 0x00000000
Status    - 0x00088613
zr:0x00000000 at:0xDEADBEEF v0:0x088912E4 v1:0x00000001
a0:0x001E8480 a1:0xDEADBEEF a2:0xDEADBEEF a3:0xDEADBEEF
API returned 047FAB3D
t0:0xDEADBEEF t1:0xDEADBEEF t2:0xDEADBEEF t3:0xDEADBEEF
t4:0xDEADBEEF t5:0xDEADBEEF t6:0xDEADBEEF t7:0xDEADBEEF
s0:0x09F30000 s1:0x000116EC s2:0x00010200 s3:0x0000001D
s4:0x09F2A0FC s5:0x09F2A120 s6:0x09F2A10C s7:0x09F2A0F4
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FB7B00 k1:0x00000000
gp:0x00000000 sp:0x09FB7868 fp:0x09FB7AC0 ra:0x09F1E5B4
0x088912E4: 0x0000004D 'M...' - break      0x1
Set array
Pending threads: 1
Enter hookRunThread: 047FAB3D
Number of pending threads: 00000001
Pending threads: 0
Number of running threads: 00000001
Running threads: 2
Exit hookRunThread: 047FAB3D
Call to sceKernelMaxFreeMemSize()
call to sceKernelAllocPartitionMemory partitionId: 2, name: block, type:0, size:
20615424, addr:0x00000000
-> final allocation made for 20615424 of 20615424 requested bytes with result 0x
0481A761
Num tracked OS blocks now: 00000002
sceIoDopen_Vita start
sceIoDopen_Vita Done
sceIoDclose_Vita start
sceIoDclose_Vita Done
_hook_sceIoChdir start
-->ALLOCATING MEMORY from partition 2, size 0x0000001C... Found free block 0
Got block from kernel with UID 0x0481651F
_hook_sceIoChdir: ms0:/PSP/SAVEDATA/censored becomes ms0:/PSP/SAVEDATA/censored
API returned 047F662D
Set array
Pending threads: 1
Enter hookRunThread: 047F662D
Number of pending threads: 00000001
Pending threads: 0
Number of running threads: 00000002
Running threads: 3
Exit hookRunThread: 047F662D
Enter createcallback: Exit Callback
_hook_sceKernelLoadModule
Exit createcallback: Exit Callback ID: 04810569
Attempting to load exception.prx
Enter registerexitCB: 04810569
-->ALLOCATING MEMORY from partition 2, size 0x0000002A... Found matching CB, fun
c: 08900B80
Found free block 1
Exit registerexitCB: 04810569
Got block from kernel with UID 0x04815C1F
Enter createcallback: Power Callback
sceIoOpen override: exception.prx become ms0:/PSP/SAVEDATA/censored/exception.p
rx
Exit createcallback: Power Callback ID: 047F4227
Error 0x80010002 opening requested module exception.prx
Exception - Bus error (instr)
Thread ID - 0x047F662D
Th Name   - update_thread
EPC       - 0x080316F0
Cause     - 0x10000018
BadVAddr  - 0x00000000
Status    - 0x00088613
zr:0x00000000 at:0x00000001 v0:0x00000000 v1:0x00000001
a0:0xDEADBEEF a1:0xDEADBEEF a2:0xDEADBEEF a3:0xDEADBEEF
t0:0xDEADBEEF t1:0xDEADBEEF t2:0xDEADBEEF t3:0xDEADBEEF
t4:0x882F7F00 t5:0x00088613 t6:0x00004000 t7:0x080316F0
s0:0xDEADBEEF s1:0xDEADBEEF s2:0xDEADBEEF s3:0xDEADBEEF
s4:0xDEADBEEF s5:0xDEADBEEF s6:0xDEADBEEF s7:0xDEADBEEF
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FBDF00 k1:0x00000000
gp:0x08A224A0 sp:0x09FBDEB8 fp:0x09FBDEC0 ra:0x08900AF8
sceIoDopen_Vita start
sceIoDopen_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDread_Vita start
sceIoDread_Vita Done
sceIoDclose_Vita start
sceIoDclose_Vita Done

[/spoiler]

Post Reply

Return to “Half Byte Loader”