Talk:SPU Isolated Modules Reverse Engineering

From PS3 Developer wiki
Jump to: navigation, search

Debug messages[edit]

Address Message
? 3.41 ? 355 CEX
0x36f0 0x3570 "(spu)start aim spu module!\n"
0x3710 0x3590 "(spu) PU DMA area start address is not align 16byte\n"
0x3750 0x35d0 "(spu) PU EID area start address is not align 16byte\n"
0x3790 0x3610 "(spu) PU DMA area size is not equall to AIM_DMA_SIZE\n"

This messages are DMAed to the ppu if a debug output address is specified.


Address Message
? 3.41 ? 355 CEX
0x37e0 - Reference tool fallback IDPS
0x37f0 - ... 0x3650 - ... Start of EID keys
0x3ac0 0x3870 AES sbox (16*16 bytes)
0x3c70 0x3a20 AES inverse sbox (16*16 bytes)


this kinda looks how gameos applications load + execute isolated spu selfs (example: psp emulator)


 syscall(230, sys_spu_t *id,img &iso_spuSCEself,void *arg,0,0,0);
 sys_ppu_thread_create(sys_ppu_thread_t *thread_id,void* iso_spu_handler,sys_spu_t *id, 0x64, 0x1000, 2,"iso_spu_handler");
 syscall(233, sys_spu_t *id,2,0,sys_interrupt_tag_t intrtag);   //sys_iso_spu_create_interrupt_tag?
 sys_interrupt_thread_establish(sys_interrupt_thread_handle_t *ih,sys_interrupt_tag_t intrtag,sys_ppu_thread_t t_id, 
 sys_spu_t id,0);
 syscall(234, sys_spu_t *id,2,7); //sys_iso_spu_set_int_mask?
 syscall(232, sys_spu_t *id);     //sys_iso_spu_destroy?
 syscall(237, sys_spu_t id,2,void *out1);  // sys_iso_spu_get_int_stat?
 syscall(240, void *out2, out1);           // sys_iso_spu_mmio_read ?
 syscall(236, sys_spu_t id,2, out1)        // sys_iso_spu_set_int_stat?