Talk:Hypervisor Reverse Engineering
Jump to navigation
Jump to search
emer init.self
Program 1
Crossreference: gitbrew.org::emer_init.self:Program_1
0x40000 # bind object to subchannel 0 0x31337000 0x3C0180 0x66604200 0xFEED0000 0xFEED0001 0xFEED0000 0x0 0xFEED0000 0xFEED0000 0xFEED0000 0xFEED0001 0x66606660 0x66626660 0x0 0x0 0xFEED0000 0xFEED0000 0x40060 0x66616661 0x340200 0x0 0x0 0x121 0x40 0x0 0x0 0x0 0x40 0x1 0x80 0x100 0x40 0x0 0x100280 0x40 0x40 0x0 0x0 0x41D80 0x3 0x4802B8 0x0 0x0 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0x81D98 0xFFF0000 0xFFF0000 0x41DA4 0x0 0x403B0 0x10 0x41454 0x0 0x41FF4 0x3FFFFF 0x181FC0 0x0 0x6144321 0xEDCBA987 0x6F 0x171615 0x1B1A19 0x280B40 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x40A0C 0x0 0xC0A60 0x0 0x0 0x0 0x80A78 0x0 0x0 0x41428 0x1 0x41D88 0x1000 0x41E94 0x11 0x41450 0x80003 0x41FE0 0x2000000 0x400B00 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x1008CC 0x800 0x0 0x0 0x0 0x100240 0xFFFF 0x0 0x0 0x0 0x0 0xC003C0 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x9AABAA98 0x66666789 0x98766666 0x89AABAA9 0x99999999 0x88888889 0x98888888 0x99999999 0x56676654 0x33333345 0x54333333 0x45667665 0xAABBBA99 0x66667899 0x99876666 0x99ABBBAA 0x81738 0x0 0x0 0x4E000 # bind object to subchannel 7 0xCAFEBABE
Program 2
Crossreference: gitbrew.org::emer_init.self:Program_2
0x80308 0x207 0x0 0x40304 0x0 0xC0350 0x207 0x0 0xFF 0x4034C 0xFF 0xC035C 0x1E00 0x1E00 0x1E00 0x4031C 0x0 0x4037C 0x0 0x40310 0x0 0x4036C 0x0 0x40320 0x80068006 0x80314 0x10001 0x0 0x41D8C 0xFFFFFF00 0x41D94 0x0 0x40100 0x0 0x40324 0x1010101 0x4183C 0x0 0x41830 0x405 0x80384 0x0 0x3F800000 0x40380 0x0 0x40A6C 0x201 0x40A70 0x1 0x40A74 0x0 0x40300 0x1 0x41FEC 0x0 0x41FC0 0x0 0x41834 0x901 0x403B8 0x8 0x40374 0x0 0x40378 0x1503 0x41EE0 0x3F800000 0x40A68 0x0 0x80A78 0x0 0x0 0x41DAC 0x0 0x41DB0 0xFFFFFFFF 0x808C0 0x10000000 0x10000000 0x40368 0x1D01 0xC0330 0x207 0x0 0xFF 0x4032C 0xFF 0xC033C 0x1E00 0x1E00 0x1E00 0x40328 0x0 for (x = 0; x < 16; x++) { 0x41A08 + (x * 0x20) 0x30101 0x41A1C + (x * 0x20) 0x0 0x41A0C + (x * 0x20) 0x60000 0x41A14 + (x * 0x20) 0x2052000 } 0x40348 0x0 for (x = 0; x < 16; x++) { 0x41740 + (x * 0x4) 0x2 0x41680 + (x * 0x4) 0x0 } 0x80A00 0x10000000 0x10000000 0x80394 0x0 0x3F800000 0x200A20 2048.0 2048.0 0.5 0x0 2048.0 2048.0 0.5 0x0 0x200A20 2048.0 2048.0 0.5 0x0 2048.0 2048.0 0.5 0x0 0x41D7C 0xFFFF0000 0x4182C 0x1B02 0x41D90 0x0 0x40370 0x0 0x41828 0x1B02 0x403BC 0x0 0x41DB4 0x0 0x41EE4 0x0 0x41EE8 0x0 0x41838 0x0 0x4147C 0x0 0x41E98 0x1000000 0x41478 0x0 0x41FF0 0xFFFF 0x417CC 0x0 for (x = 0; x < 16; x++) { 0x40908 + (x * 0x20) 0x101 0x4091C + (x * 0x20) 0x0 0x4090C + (x * 0x20) 0x60000 0x40914 + (x * 0x20) 0x0 } 0x40238 0x0 0x41D78 0x1 0x4142C 0x0 0x41FF8 0x0 0x41FE8 0x0
Program 3
Crossreference: gitbrew.org::emer_init.self:Program_2
0x42000 # bind object to subchannel 1 0x31337303 0xC2180 # method of subchannel 1 0x66604200 0xFEED0001 0xFEED0000 0x46000 # bind object to subchannel 3 0x313371C3 0xC6180 # method of subchannel 3 0x66604200 0xFEED0000 0xFEED0000 0x4A000 # bind object to subchannel 5 0x31337808 0x20A180 # method of subchannel 5 0x66604200 0x0 0x0 0x0 0x0 0x0 0x0 0x313371C3 0x8A2FC # method of subchannel 5 0x3 0x4 0x48000 # bind object to subchannel 4 0x31337A73 0x88180 # method of subchannel 4 0x66604200 0xFEED0000 0x4C000 # bind object to subchannel 6 0x3137AF00 0x4C180 # method of subchannel 6 0x66604200
RSXFIFOCommands
Crossreference: gitbrew.org::RSXFIFOCommands
Crossreference: ps3devwiki::RSXFIFOCommands
Commands
NOP (0x00000100)
- Nop
0x00000100
CALL (0x00000002)
- Calls a function at the specified offset.
- Command size is 0.
- The parameter is offset in FIFO buffer.
<offset> | 0x00000002
RET (0x00020000)
- Returns from a function.
- Command size is 0.
0x00020000
JMP (0x20000000)
- Jumps to the specified offset.
- Command size is 0.
- The parameter is offset in FIFO buffer.
0x20000000 | <offset>
COLOR MASK (0x00040324)
- Sets color mask.
- Command size is 1.
- The parameter is color mask.
0x00040324 <color mask>
COLOR MASK MRT (0x00040370)
0x00040370 <color mask>
CLEAR COLOR (0x00041D90)
0x00041D90 <value>
FRONT POLYGON MODE (0x00041828)
- Sets front polygon mode.
- Command size is 1.
- The parameter is front polygon mode.
0x00041828 <front polygon mode>
SET REF (0x00040050)
- Sets value of REF control register
0x00040050 <value>
libgcm Commands
SetNopCommand
0x00000000
SetReferenceCommand
0x00040050 <param>
SetJumpCommand
0x20000000 | <param>
SetCallCommand
0x00000002 | <param>
SetReturnCommand
0x00002000
SetLogicOp
- Sets pixel logical operation
0x00040378 <param>
SetLogicOpEnable
- Enables/Disables pixel logical operation
0x00040374 <param>
SetColorMask
0x00040324 <param>
SetColorMaskMrt
0x00040370 <param>
SetClearColor
0x00041D90 <param>
SetClearDepthStencil
0x00041D8C <param>
SetClearSurface
0x00041D94 <param> 0x00040100 <param>
SetFrontPolygonMode
0x00041828 <param>
SetFrontFace
0x00041834 <param>
SetAlphaTestEnable
0x00040304 <param>
SetAlphaFunc
0x00080308 <param1> <param2>
SetDepthTestEnable
0x00040A74 <param>
SetDepthFunc
0x00040A6C <param>
SetDepthBounds
0x00080384 <param1> <param2>
SetBlendEnable
0x00040310 <param>
SetBlendFunc
0x00080314 <param1> <param2>
SetBlendColor
0x0004031C <param> 0x0004037C <param>
SetBlendEquation
0x00040320 <param>
SetClipMinMax
- Sets Z clipping values
0x00080394 <param1> <param2>
SetZcullEnable
- Enables/Disables Zcull/Scull
0x00041D84 <param>
SetPointSize
0x00041EE0 <param>
SetWriteCommandLabel
0x00040064 <param> 0x0004006C <param>
SetWaitLabel
0x00040064 <param> 0x00040068 <param>
SetWaitForIdle
0x00040110 0x00000000
SetReportLocation
0x000401A8 <param>
SetReport
0x00041800 <param>
SetTimeStamp
0x00041800 <param>
SetClearReport
0x000417c8 <param>
SetCullFace
- Specifies culling face (front or back)
0x00041830 <param>
SetCullFaceEnable
- Enables/Disables face culling
0x0004183C <param>
SetViewport
0x00080A00 <param1> <param2> 0x00080394 <param1> <param2> 0x200A20 <param1> <param2> <param3> <param4> <param5> <param6> <param7> <param8> 0x200A20 <param1> <param2> <param3> <param4> <param5> <param6> <param7> <param8>
SetLineWidth
0x000403B8 <param>
SetLineSmoothEnable
0x000403BC <param>
SetTextureAddress
0x00041A08 + (param1 << 5) <param2>
SetTextureControl
0x00041A0C + (param1 << 5) <param2>
SetTextureFilter
0x00041A14 + (param1 << 5) <param2>
SetFogMode
0x000408CC <param>
SetNotifyIndex
0x00040180 0x6660420F - <param>
SetNotify
0x00040104 0x00000000 0x00040100 0x00000000
SetTransferData
0x00082184 <source> # 0xFEED0000 - local memory, 0xFEED0001 - system memory <destination> # 0xFEED0000 - local memory, 0xFEED0001 - system memory 0x0020230C TODO
SetSurfaceWindow
0x00040194 <param> 0x0004018C <param> 0x000801B4 <param1> <param2> 0x00040198 <param> TODO