Talk:Hypervisor Reverse Engineering

From PS3 Developer wiki
Revision as of 10:19, 30 September 2011 by Euss (talk | contribs)
Jump to navigation Jump to search

emer init.self

Program 1

Crossreference: gitbrew.org::emer_init.self:Program_1

0x40000                          # bind object to subchannel 0
0x31337000

0x3C0180
0x66604200
0xFEED0000
0xFEED0001
0xFEED0000
0x0
0xFEED0000
0xFEED0000
0xFEED0000
0xFEED0001
0x66606660
0x66626660
0x0
0x0
0xFEED0000
0xFEED0000

0x40060
0x66616661

0x340200
0x0
0x0
0x121
0x40
0x0
0x0
0x0
0x40
0x1
0x80
0x100
0x40
0x0

0x100280
0x40
0x40
0x0
0x0

0x41D80
0x3

0x4802B8
0x0
0x0
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000

0x81D98
0xFFF0000
0xFFF0000

0x41DA4
0x0

0x403B0
0x10

0x41454
0x0

0x41FF4
0x3FFFFF

0x181FC0
0x0
0x6144321
0xEDCBA987
0x6F
0x171615
0x1B1A19

0x280B40
0x0
0x0
0x0
0x0
0x0
0x0
0x0
0x0
0x0
0x0

0x40A0C
0x0

0xC0A60
0x0
0x0
0x0

0x80A78
0x0
0x0

0x41428
0x1

0x41D88
0x1000

0x41E94
0x11

0x41450
0x80003

0x41FE0
0x2000000

0x400B00
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8

0x1008CC
0x800
0x0
0x0
0x0

0x100240
0xFFFF
0x0
0x0
0x0
0x0

0xC003C0
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x9AABAA98
0x66666789
0x98766666
0x89AABAA9
0x99999999
0x88888889
0x98888888
0x99999999
0x56676654
0x33333345
0x54333333
0x45667665
0xAABBBA99
0x66667899
0x99876666
0x99ABBBAA

0x81738
0x0
0x0

0x4E000                          # bind object to subchannel 7
0xCAFEBABE

Program 2

Crossreference: gitbrew.org::emer_init.self:Program_2

0x80308
0x207
0x0

0x40304
0x0

0xC0350
0x207
0x0
0xFF

0x4034C
0xFF

0xC035C
0x1E00
0x1E00
0x1E00

0x4031C
0x0

0x4037C
0x0

0x40310
0x0

0x4036C
0x0

0x40320
0x80068006

0x80314
0x10001
0x0

0x41D8C
0xFFFFFF00

0x41D94
0x0

0x40100
0x0

0x40324
0x1010101

0x4183C
0x0

0x41830
0x405

0x80384
0x0
0x3F800000

0x40380
0x0

0x40A6C
0x201

0x40A70
0x1

0x40A74
0x0

0x40300
0x1

0x41FEC
0x0

0x41FC0
0x0

0x41834
0x901

0x403B8
0x8

0x40374
0x0

0x40378
0x1503

0x41EE0
0x3F800000

0x40A68
0x0

0x80A78
0x0
0x0

0x41DAC
0x0

0x41DB0
0xFFFFFFFF

0x808C0
0x10000000
0x10000000

0x40368
0x1D01

0xC0330
0x207
0x0
0xFF

0x4032C
0xFF

0xC033C
0x1E00
0x1E00
0x1E00

0x40328
0x0

for (x = 0; x < 16; x++)
{
    0x41A08 + (x * 0x20)
    0x30101

    0x41A1C + (x * 0x20)
    0x0

    0x41A0C + (x * 0x20)
    0x60000

    0x41A14 + (x * 0x20)
    0x2052000
}

0x40348
0x0

for (x = 0; x < 16; x++)
{
    0x41740 + (x * 0x4)
    0x2

    0x41680 + (x * 0x4)
    0x0
}

0x80A00
0x10000000
0x10000000

0x80394
0x0
0x3F800000

0x200A20
2048.0
2048.0
0.5
0x0
2048.0
2048.0
0.5
0x0

0x200A20
2048.0
2048.0
0.5
0x0
2048.0
2048.0
0.5
0x0

0x41D7C
0xFFFF0000

0x4182C
0x1B02

0x41D90
0x0

0x40370
0x0

0x41828
0x1B02

0x403BC
0x0

0x41DB4
0x0

0x41EE4
0x0

0x41EE8
0x0

0x41838
0x0

0x4147C
0x0

0x41E98
0x1000000

0x41478
0x0

0x41FF0
0xFFFF

0x417CC
0x0

for (x = 0; x < 16; x++)
{
    0x40908 + (x * 0x20)
    0x101

    0x4091C + (x * 0x20)
    0x0

    0x4090C + (x * 0x20)
    0x60000

    0x40914 + (x * 0x20)
    0x0
}

0x40238
0x0

0x41D78
0x1

0x4142C
0x0

0x41FF8
0x0

0x41FE8
0x0

Program 3

Crossreference: gitbrew.org::emer_init.self:Program_2

0x42000                       # bind object to subchannel 1
0x31337303

0xC2180                       # method of subchannel 1
0x66604200
0xFEED0001
0xFEED0000

0x46000                       # bind object to subchannel 3
0x313371C3

0xC6180                       # method of subchannel 3
0x66604200
0xFEED0000
0xFEED0000

0x4A000                       # bind object to subchannel 5
0x31337808

0x20A180                      # method of subchannel 5
0x66604200
0x0
0x0
0x0
0x0
0x0
0x0
0x313371C3

0x8A2FC                       # method of subchannel 5
0x3
0x4

0x48000                       # bind object to subchannel 4
0x31337A73

0x88180                       # method of subchannel 4
0x66604200
0xFEED0000

0x4C000                       # bind object to subchannel 6
0x3137AF00

0x4C180                       # method of subchannel 6
0x66604200



RSXFIFOCommands

Crossreference: gitbrew.org::RSXFIFOCommands
Crossreference: ps3devwiki::RSXFIFOCommands

Commands

NOP (0x00000100)

  • Nop
0x00000100

CALL (0x00000002)

  • Calls a function at the specified offset.
  • Command size is 0.
  • The parameter is offset in FIFO buffer.
<offset> | 0x00000002

RET (0x00020000)

  • Returns from a function.
  • Command size is 0.
0x00020000

JMP (0x20000000)

  • Jumps to the specified offset.
  • Command size is 0.
  • The parameter is offset in FIFO buffer.
0x20000000 | <offset>

COLOR MASK (0x00040324)

  • Sets color mask.
  • Command size is 1.
  • The parameter is color mask.
0x00040324
<color mask>

COLOR MASK MRT (0x00040370)

0x00040370
<color mask>

CLEAR COLOR (0x00041D90)

0x00041D90
<value>

FRONT POLYGON MODE (0x00041828)

  • Sets front polygon mode.
  • Command size is 1.
  • The parameter is front polygon mode.
0x00041828
<front polygon mode>

SET REF (0x00040050)

  • Sets value of REF control register
0x00040050
<value>

libgcm Commands

SetNopCommand

0x00000000

SetReferenceCommand

0x00040050
<param>

SetJumpCommand

0x20000000 | <param>

SetCallCommand

0x00000002 | <param>

SetReturnCommand

0x00002000

SetLogicOp

  • Sets pixel logical operation
0x00040378
<param>

SetLogicOpEnable

  • Enables/Disables pixel logical operation
0x00040374
<param>

SetColorMask

0x00040324
<param>

SetColorMaskMrt

0x00040370
<param>

SetClearColor

0x00041D90
<param>

SetClearDepthStencil

0x00041D8C
<param>

SetClearSurface

0x00041D94
<param>
0x00040100
<param>

SetFrontPolygonMode

0x00041828
<param>

SetFrontFace

0x00041834
<param>

SetAlphaTestEnable

0x00040304
<param>

SetAlphaFunc

0x00080308
<param1>
<param2>

SetDepthTestEnable

0x00040A74
<param>

SetDepthFunc

0x00040A6C
<param>

SetDepthBounds

0x00080384
<param1>
<param2>

SetBlendEnable

0x00040310
<param>

SetBlendFunc

0x00080314
<param1>
<param2>

SetBlendColor

0x0004031C
<param>
0x0004037C
<param>

SetBlendEquation

0x00040320
<param>

SetClipMinMax

  • Sets Z clipping values
0x00080394
<param1>
<param2>

SetZcullEnable

  • Enables/Disables Zcull/Scull
0x00041D84
<param>

SetPointSize

0x00041EE0
<param>

SetWriteCommandLabel

0x00040064
<param>
0x0004006C
<param>

SetWaitLabel

0x00040064
<param>
0x00040068
<param>

SetWaitForIdle

0x00040110
0x00000000

SetReportLocation

0x000401A8
<param>

SetReport

0x00041800
<param>

SetTimeStamp

0x00041800
<param>

SetClearReport

0x000417c8
<param>

SetCullFace

  • Specifies culling face (front or back)
0x00041830
<param>

SetCullFaceEnable

  • Enables/Disables face culling
0x0004183C
<param>

SetViewport

0x00080A00
<param1>
<param2>
0x00080394
<param1>
<param2>
0x200A20
<param1>
<param2>
<param3>
<param4>
<param5>
<param6>
<param7>
<param8>
0x200A20
<param1>
<param2>
<param3>
<param4>
<param5>
<param6>
<param7>
<param8>

SetLineWidth

0x000403B8
<param>

SetLineSmoothEnable

0x000403BC
<param>

SetTextureAddress

0x00041A08 + (param1 << 5)
<param2>

SetTextureControl

0x00041A0C + (param1 << 5)
<param2>

SetTextureFilter

0x00041A14 + (param1 << 5)
<param2>

SetFogMode

0x000408CC
<param>

SetNotifyIndex

0x00040180
0x6660420F - <param>

SetNotify

0x00040104
0x00000000
0x00040100
0x00000000

SetTransferData

0x00082184
<source>                 # 0xFEED0000 - local memory, 0xFEED0001 - system memory
<destination>            # 0xFEED0000 - local memory, 0xFEED0001 - system memory

0x0020230C

TODO

SetSurfaceWindow

0x00040194
<param>
0x0004018C
<param>
0x000801B4
<param1>
<param2>
0x00040198
<param>

TODO