VSH: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 27: Line 27:
|-
|-
| sys_fs || - || - || -
| sys_fs || - || - || -
|-
| sys_fs || 0x18DD4604 || cellFsOpen2 || -
|-
|-
| sys_fs_ps2disc || 0x8160A811|| switches /dev_ps2disc(1) mount? ||
| sys_fs_ps2disc || 0x8160A811|| switches /dev_ps2disc(1) mount? ||

Revision as of 13:03, 11 March 2014

VSH is the internal name used by Sony for the VShell aka VirtualShell. It then loads up the XMB you know.XrossMediaBar (XMB). This, is a user space executable (vsh.self), loaded by lv2_kernel/sys_init_osd.

from here several other functions/syscalls to other modules are made, e.g. lv2 (SELF decryption), lv1 (Secure_RTC, Storage_Manager, Gelic_Device, BD_Drive) etc.

not much is documented (yet) about this module. Please fill in where possible.

Modes

possible arguments to pass when executing vsh.self:

  • --mode=gametool
  • --mode=gametool2
  • --arcade=true

Offsets

Function 3.55 3.41 3.15 Notes
- - - - -
sub_308EE4 check_Is_Act_Dat_for_This_Acc_ID

Exports

Export Library Export NID Notes Usage
sys_io - - -
sys_fs - - -
sys_fs 0x18DD4604 cellFsOpen2 -
sys_fs_ps2disc 0x8160A811 switches /dev_ps2disc(1) mount?
vsh - -
vsh 0xF48562D cellSsAimIsCEX
vsh 0x145991B4 cellSsAimIsArcade
vsh 0x172B05CD update_mgr_write_eprom syscall
vsh 0x1B890AD2 update_mgr_get_token_seed syscall
vsh 0x1F80E287 cellSsAimIsTool
vsh 0x2C563C92 update_mgr_read_eprom syscall
vsh 0x3231E012 vtrm_Decrypt_Master syscall
vsh 0x349F1535 update_mgr_set_token syscall
vsh 0x3B4A1AC4 AIM GetDeviceId syscall
vsh 0x3F062337 AIM GetPsCode syscall
vsh 0xE44F29F4 cellFsUtilMount syscall
vsh 0xE7C34044 retrieves vsh memory container by "id" 0=game,1=app,2=debug,3=fg, 4=bg sys_memory_container_t vsh_E7C34044(int id)
vsh 0xE932A8C0 reboot and show minimum version
char can be "text whatever you like", no check etc.
int vsh_E932A8C0(char * )
vsh 0xFF4A1633 cellFsUtilMount syscall
vsh 0x7D73E7CD inflate_init
vsh 0x4DB8DD87 inflate_end
vsh 0x20215547 inflate_buffer
vsh 0x1C68CC75 inflate
sdk - -
sdk 0x5FAFE92B cellCryptoPuSha1Hash
sdk 0xB45387CD AesCbcCfb128Decrypt
sdk 0x55ACAB8A sha1_init
sdk 0x831E89EE sha1_update
sdk 0x3CABD075 sha1_final
sdk 0x4484A101 sha1_hmac_update
sdk 0x547B602C sha1_hmac_init
sdk 0x300B99F2 sha1_hmac_final
sdk 0x74A2A1FE sha1_hmac_buffer
sdk 0x68B630D5 aes_omac_mode1
paf - -
paf 0x65BE85B3 _UnloadView _paf_65BE85B3(char * plugin_name,0,0)
paf 0x350B4536 Job_Start
paf 0xFE0C1F10 Job_Queue
paf 0xA1DC401 sets Interface from plugin uint32_t SetInterface(unknown, uint32_t identifier, void * ptr_structure)
paf 0x23AFB290 gets Interface from plugin, should allow calling its exports/funcs uint32_t plugin->GetInterface(uint32_t return from paf_F21655F3, uint32_t identifier)
paf 0x3A8454FC finds/gets Texture/Resource Example: out: uint32_t*, return from paf_F21655F3, "tex_notification_info"
paf 0x3CEC3833 sets up a plugin widget ? (page_...)
paf 0x794CEACB finds widget in a plugin Example: plugin->FindWidget(return from paf_F21655F3, "page_autooff_guide")
paf 0x89B67B9C gets msg_ text from plugin resource Example: (w)char (return from paf_F21655F3, "msg_help_system_off_soon_by_setting")
paf 0xF21655F3 finds a loaded plugin Example: uint32_t paf::View::Find("system_plugin")
vshcommon - -
vshcommon 0x16106ACD returns "impose_plugin" interface 1 uint vshcommon_16106ACD()
vshcommon 0x8B2110D5 reads boot_history.dat
vshcommon 0x9A43140 adds info to /pushlist/patch.dat
vshcommon 0x9EA67737 adds? titleid to boot_history.dat (creates if not present)
vshcommon 0xCC2C67F2 reads /pushlist/patch.dat vshcommon_CC2C67F2(int* count,uint8_t buf[0x680])
x3 - -
x3 0x16FA740A xCore_GetInterface() uint32_t* interface xCore_GetInterface()
x3 0x11409ED3 xRegistryGetDefaultInstance int xRegistryGetDefaultInstance (1, &handle)
x3 0x9C246A91 xBDVDGetInstance
x3 0xCB1D791D Obtains SS Key
x3 0xECACA8AD xRegistry SetValue Example: int SetValue(handle, "/setting/categoryVersion", 0,0,0)
vshnet - -
vshnet 0x50EE5602 gets updatelist txt and compares version
vshnet 0x731E546F prints Firmware version ("%02d.%02d) int vshnet_731E546F(out: const char*)
vshmain - -
vshmain 0xAE35CF2D Executes Action based on Input (More Info: XMB Plugin XMM0 Interface 23)

Example:

"http://www.psdevwiki.com",0
"copy:device",1 
"regcam:reg?",1
int vshmain_AE35CF2D(char *, int value)
vshmain 0xD609A2F6 shows up XMB Login?
vshmain 0xF3F75BE sysutil::BeginService
vshmain 0x505FA917 cxmlutil::GetFile
vshmain 0x7606AF6F VersionFile::Get
vshmain 0x981D7E9F Gets ScreenShot Flag int vshmain_981D7E9F()
vshtask - -
vshtask 0xA02D46E7 Displays a notification in XMB int vshtask_A02D46E7(0 /*ignored*/, "your text" )
cellHttp 0x8FC281F7 cellHttpCookieFlush
cellHttp 0xDCDF003A cellHttpAuthCacheFlush

To help documenting offsets+exports, you can use this dumper tool for vsh (actually,no need to dump anymore).

Display Buffers

VSH uses 2 of 8 available display buffers. Information about them can be aquired by vsh plugins using this code snippet: [[1]]
In FW 4.46 DEX the buffer info looks like this (for 1920x1080):

Type This
GCMBUFINFO 0
offset: 0xdc80000
pitch: 0x2000
width: 0x780
height: 0x438

GCMBUFINFO 1
offset: 0xe500000
pitch: 0x2000
width: 0x780
height: 0x438