VSMX
Description
Virtual Script Machine Instructions (VSMX) compiled file. The file extension is .jsx after compiled, and .js before compiled)
- http://endlessparadigm.com/forum/showthread.php?tid=21485 (History)
- http://playstationhax.it/forums/topic/1060-jsxviewer/ (discussion, tool) http://tizzyt-archive.blogspot.co.uk/2015/05/release-jsxviewer-05b-source.html (source)
Rcomage has partial support to compile/decompile VSMX files for PS3 (is needed to change the VSMX version at header offset 0x04... from 2.0 to 1.0 because rcomage was originally intended for PSP only). Also the official VSMX format 2.0 (intended for PS3) has some additional opcodes that didnt existed in PSP. it's very buggy and usually doesn't work right
- VSMX files are used on:
- PSP - Inside .rco file-format (used on video/music UMDs, and the two firmware files: lftv_tuner_jp_jp.rco and lftv_tuner_us_en.rco in path flash0/vsh/resource/)
- PS3 - Inside .raf file-format (used on coldboot.raf, and the background scene for PS3 dynamic themes)
- PSVita & PS4 (unknown yet, but probable)
VSMX Structure
Some compiler/decompiler code samples can be seen: managunz, rcomage
Header
| Offset | Size | Example (hex) from coldboot.jsx |
Value | Notes |
|---|---|---|---|---|
| 0x00 | 0x04 | 0x56534D58 | VSMX | Magic |
| 0x04 | 0x04 | 0x00000200 | 2.0 | Mayor version.Minor version (PSP=1.0) (PS3=2.0) |
| 0x08 | 0x04 | 0x34000000 | 0x34 | absolute offset of OPCODE table (also, header length) |
| 0x0C | 0x04 | 0x30100000 | 0x1030 | length of OPCODE table (also, number of entries = length / 8) |
| 0x10 | 0x04 | 0x64100000 | 0x1064 | absolute offset of STRING table |
| 0x14 | 0x04 | 0x7A000000 | 0x7A | length of STRING table |
| 0x18 | 0x04 | 0x08000000 | 0x8 | number of entries inside STRING table |
| 0x1C | 0x04 | 0xDE100000 | 0x10DE | absolute offset of ATTR table |
| 0x20 | 0x04 | 0xA2000000 | 0xA2 | length of ATTR table |
| 0x24 | 0x04 | 0x09000000 | 0x9 | number of entries inside ATTR table |
| 0x28 | 0x04 | 0x80110000 | 0x1180 | absolute offset of GLOBAL table |
| 0x2C | 0x04 | 0x70010000 | 0x170 | length of GLOBAL table |
| 0x30 | 0x04 | 0x23000000 | 0x23 | number of entries inside GLOBAL table |
- Table access related opcodes: (this is here by now just as an argument of why to choose this names for the tables, if there are better names please suggest/discuss or change them)
- 0x28 PUSH_STRING
- 0x2F GETATTR, 0x30 GETATTR_KEEPOBJ
- 0x2E PUSH_GLOBAL
OPCODE Table
The table is composed by several entries, and every entry is composed by 8 bytes:
1byte(opcode)+1byte(arguments)+1byte(unknown)+1byte(variables)+4bytes(value)
See Pastebin (without the header) of the coldboot.
| OpCode (1 byte) |
Args (1 byte) |
Unkown (1 byte) |
Vars (1 byte) |
Value (4 bytes) |
Mnemonics (official) |
Mnemonics (rcomage) |
Syntax (PSJS) |
Notes |
|---|---|---|---|---|---|---|---|---|
| Assignment Operators ? | ||||||||
| 0x00 | No | No | No | No | NOP | UNKNOWN_0 | ||
| 0x01 | No | No | No | No | ASSGN | ASSIGN | = | |
| Arithmetic Operators | ||||||||
| 0x02 | No | No | No | No | ADD | ADD | + | |
| 0x03 | No | No | No | No | SUB | SUBTRACT | - | |
| 0x04 | No | No | No | No | MUL | MULTIPLY | * | |
| 0x05 | No | No | No | No | DIV | DIVIDE | / | |
| 0x06 | No | No | No | No | MOD | MODULUS | % | |
| 0x07 | No | No | No | No | TO_NUMBER | POSITIVE | ||
| 0x08 | No | No | No | No | CSIGN | NEGATE | -i | |
| 0x09 | No | No | No | No | NOT | NOT | ||
| 0x0A | No | No | No | No | INC | PRE_INCREMENT | ++i | |
| 0x0B | No | No | No | No | DEC | PRE_DECREMENT | --i | |
| 0x0C | No | No | No | No | POST_INC | INCREMENT | i++ | |
| 0x0D | No | No | No | No | POST_DEC | DECREMENT | i-- | |
| Compare Operators | ||||||||
| 0x0E | No | No | No | No | CMPEQ | TEST_EQUAL | == | |
| 0x0F | No | No | No | No | CMPNEQ | TEST_NOT_EQUAL | != | |
| 0x10 | No | No | No | No | CMPSEQ | TEST_IDENTITY | === | |
| 0x11 | No | No | No | No | CMPSNEQ | TEST_NON_IDENTITY | !== | |
| 0x12 | No | No | No | No | CMPLT | TEST_LESS_THAN | < | |
| 0x13 | No | No | No | No | CMPLE | TEST_LESS_EQUAL_THAN | <= | |
| 0x14 | No | No | No | No | CMPGE | TEST_MORE_EQUAL_THAN | >= | |
| 0x15 | No | No | No | No | CMPGT | TEST_MORE_THAN | > | |
| Bitwise Operators ? | ||||||||
| 0x16 | No | No | No | No | INSTANCEOF | UNKNOWN_16 | ||
| 0x17 | No | No | No | No | IN | UNKNOWN_17 | ||
| 0x18 | No | No | No | No | TYPEOF | TYPEOF | ||
| 0x19 | No | No | No | No | BIT_AND | BINARY_AND | & | |
| 0x1A | No | No | No | No | BIT_XOR | BINARY_XOR | ^ | |
| 0x1B | No | No | No | No | BIT_OR | BINARY_OR | | | |
| 0x1C | No | No | No | No | BIT_NOT | BINARY_NOT | ~ | |
| 0x1D | No | No | No | No | LSHIFT | LSHIFT | << | |
| 0x1E | No | No | No | No | S_RSHIFT | RSHIFT | >> | |
| 0x1F | No | No | No | No | U_RSHIFT | UNSIGNED_RSHIFT | ||
| ? | ||||||||
| 0x20 | No | No | No | No | COPY | STACK_PUSH | ||
| 0x21 | No | No | No | No | SWAP | UNKNOWN_21 | ||
| 0x22 | No | No | No | No | REMOVE | END_STATEMENT | ; | |
| Data Types | ||||||||
| 0x23 | No | No | No | Yes | PUSH_UNDEFINED | CONST_NULL | ||
| 0x24 | No | No | No | Yes | PUSH_NULL | CONST_EMPTY_ARRAY | ||
| 0x25 | No | No | No | Yes | PUSH_BOOL | CONST_BOOL | true / false | |
| 0x26 | No | No | No | Yes | PUSH_INT | CONST_INT | 1 | |
| 0x27 | No | No | No | Yes | PUSH_FLOAT | CONST_FLOAT | 0.1 | |
| 0x28 | No | No | No | Yes | PUSH_STRING | CONST_STRING | ("string") | |
| Complex Data Types | ||||||||
| 0x29 | No | No | No | Yes | PUSH_OBJECT | CONST_OBJECT | object | |
| 0x2A | Yes | No | Yes | Yes | PUSH_FUNC | FUNCTION | function | |
| 0x2B | No | No | No | Yes | PUSH_ARRAY | CONST_ARRAY | array | |
| 0x2C | No | No | No | Yes | PUSH_THIS | THIS_OBJECT | ||
| 0x2D | No | No | No | Yes | PUSH_LOCAL | UNNAMED_VARIABLE | var | variable declared inside a function,object, etc... (local scope) |
| 0x2E | No | No | No | Yes | PUSH_GLOBAL | NAME | var | variable declared at top of the script (global scope) |
| Attributes related | ||||||||
| 0x2F | No | No | No | Yes | GETATTR | PROPERTY | ||
| 0x30 | No | No | No | Yes | GETATTR_KEEPOBJ | METHOD | ||
| 0x31 | No | No | No | Yes | SETATTR | SET | ||
| 0x32 | No | No | No | Yes | DELATTR | UNSET | ||
| 0x33 | No | No | No | Yes | APPEND_ATTR | OBJECT_ADD_ATTRIBUTE | ||
| Items related | ||||||||
| 0x34 | No | No | No | Yes | GETITEM | ARRAY_INDEX | ||
| 0x35 | No | No | No | Yes | GETITEM_KEEPOBJ | UNKNOWN_35 | ||
| 0x36 | No | No | No | Yes | SETITEM | ARRAY_INDEX_ASSIGN | ||
| 0x37 | No | No | No | Yes | DELITEM | UNKNOWN_37 | ||
| 0x38 | No | No | No | Yes | APPEND_ITEM | ARRAY_PUSH | ||
| if/else/for (opcode jumps) | ||||||||
| 0x39 | No | No | No | Yes | JUMP | JUMP | ||
| 0x3A | No | No | No | Yes | JUMPT | JUMP_IF_TRUE | ||
| 0x3B | No | No | No | Yes | JUMPF | JUMP_IF_FALSE | ||
| Code structure builders | ||||||||
| 0x3C | No | No | No | No | CALL_FUNC | CALL_FUNCTION | function() | |
| 0x3D | No | No | No | No | CALL_METHOD | CALL_METHOD | ||
| 0x3E | No | No | No | Yes | CALL_CONSTRUCTOR | CALL_INBUILT / CALL_NEW | (i) | |
| 0x3F | No | No | No | No | RET | RETURN | return | |
| 0x40 | No | No | No | No | THROW | UNKNOWN_40 | ||
| 0x41 | No | No | No | No | TRYBLK_IN | UNKNOWN_41 | ||
| 0x42 | No | No | No | No | TRYBLK_OUT | UNKNOWN_42 | ||
| 0x43 | No | No | No | No | CATCH_FINALLYBLK_IN | UNKNOWN_43 | ||
| 0x44 | No | No | No | No | CATCH_FINALLYBLK_OUT | UNKNOWN_44 | ||
| 0x45 | No | No | No | No | HALT | END_SCRIPT | ||
| Debug | ||||||||
| 0x46 | No | No | No | No | DEBUG_FILE | DEBUG_FILE | ||
| 0x47 | No | No | No | No | DEBUG_LINE | DEBUG_LINE | ||
| VSMX v2 (new opcodes for PS3) ? | ||||||||
| 0x48 | No | No | No | Yes | GETITEM_KEEPOBJNAME | UNKNOWN_48 | ||
| 0x49 | No | No | No | Yes | PUSH_VECTOR | UNKNOWN_49 / MAKE_FLOAT_ARRAY | <i> | |
| 0x4A | No | No | No | Yes | GET_VECTOR_ELEMENT | UNKNOWN_4a | ||
| 0x4B | No | No | No | Yes | GET_VECTOR_ELEMENT_KEEPVECTOR | UNKNOWN_4b | ||
| 0x4C | No | No | No | Yes | ASSGN_VECTOR_ELEMENT | UNKNOWN_4c | ||
| 0x4D | No | No | Yes | Yes | SETATTR_VECTOR_ELEMENT | UNKNOWN_4d | -> | byte 4 is an identifyer from a vector (x,y,z) (r,g,b,a) etc... |
| 0x4E | No | No | No | Yes | SETITEM_VECTOR_ELEMENT | UNKNOWN_4e | ||
- cells marked with yes/no are speculative, based in how the opcodes are grouped and how other known opcodes works
Arithmetic Operators
May be move later to PlayStation JavaScript or make it as template
Arithmetic operators are used to perform arithmetic between variables and/or values.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| 0x02 | ADD | + | Addition |
| 0x03 | SUB | - | Subtraction |
| 0x04 | MUL | * | Multiplication |
| 0x05 | DIV | / | Division |
| 0x06 | MOD | % | Modulus (division remainder) |
| 0x0A | INC | ++ | Increment |
| 0x0B | DEC | -- | Decrement |
| 0x0C | POST_INC | ++ | Increment |
| 0x0D | POST_DEC | -- | Decrement |
Bitwise Operators
Bit operators work on 32 bits numbers.
Any numeric operand in the operation is converted into a 32 bit number.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| 0x19 | BIT_AND | & | AND |
| 0x1A | BIT_XOR | ^ | XOR |
| 0x1B | BIT_OR | | | OR |
| 0x1C | BIT_NOT | ~ | NOT |
| 0x1D | LSHIFT | << | Left Shift |
| 0x1E | S_RSHIFT | >> | Right Shift |
Compare Operators
Comparison and Logical operators are used to test for true or false.
Comparison operators are used in logical statements to determine equality or difference between variables or values.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| 0x0E | CMPEQ | == | Equality |
| 0x0F | CMPNEQ | != | Inequality |
| 0x10 | CMPSEQ | === | Strict Equal value and equal type |
| 0x11 | CMPSNEQ | !== | Strict not equal value or not equal type |
| 0x12 | CMPLT | < | Less Than |
| 0x13 | CMPLE | <= | Less Than or Equal To |
| 0x14 | CMPGE | >= | Greater Than or Equal To |
| 0x15 | CMPGT | > | Greater Than |
- http://es5.github.io/#x11.9.3 The Abstract Equality Comparison Algorithm
- http://es5.github.io/#x11.9.6 The Strict Equality Comparison Algorithm
Logical Operators
Comparison and Logical operators are used to test for true or false.
Logical operators are used to determine the logic between variables or values.
| OpCode (VSMX) | Mnemonics (VSMX) | Syntax (PSJS) | Description: |
|---|---|---|---|
| - | || | or | |
| - | && | and |
STRING table
ATTR Table
GLOBAL Table
VSMX Decompilation sample
This is an example of the decodification and decompilation made with the VSMX script contained inside coldboot.raf. The decompilation has been made by hand because the vsmx decompiler by ZiNgA BuRgA doesnt supports vectors and crashes, the purpose is to serve as an explain of how the opcodes works, the features that was added to VSMX v2 format for PS3, and as an overall explain of how to decompile other VSMX files
The file can be saved as .js and compiled directlly (there is no need to remove the comments), for a better view of the decompiled code without the comments in PlayStation JavaScript format see coldboot.raf page
- Form left to right:
- NUM - Is the opcode number (important because the JUMPS are pointers to other opcodes identifyed by his number)
- OPCODE - The hex value that identifyes the opcode (first byte)... second byte reserved?... third byte unknown... fourth byte argument
- VALUE - Any value, or pointer to internal VSMX tables (4 bytes)
- OPCODE NAME - Self explanatory, is a direct conversion from the hex value to the name
- VALUES CONVERSION - For pointers are text strings extracted from internal VSMX tables, Data types are the conversion from hex, JUMPS and FUNCTS contains also identifyers for other opcodes and arguments
- DECOMPILED PSJS CODE - The source code in PlayStation JavaScript format ready to compile, it will generate a coldboot.jsx exactly like the one extracted from coldboot.raf by the CXML decompiler tool
Code Sample
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
