vshmain replacement

[a_noob]

Ok, well I did a little digging, but not enough it seems. I want to replace vshmain.prx. However, I can't be arsed to reverse it. Especially since I am new at reversing. So that would take me for ever. Plus I don't exactly need the source of vshmain. But rather I need to know what makes it tick. So far I dug around a bit trying to get the propery thread and module attributes, but there is not really a clear definition. I read somewhere on here that 0x0800 is "VSH mode" (module) but psplink spits out 0x0000. So I went over to the asm and took a look at the only call the sceKernelCreateThread, and got the attr 0x4000, but psplink shows 0xC00040FF. I have tried mixed combinations of these, but to no avail when I replace vshmain.prx I get a black screen of death. However in psplink, if I run reset vsh thenn my module it works as intended. So my question is what am I missing at this point in time? Do I need to create a special export table of some sort? I mean I am not going to use any of the modules in flash0:/vsh/module so that shouldn't be necessary. Help would be appreciated.

Code: Select all

/*
 *  vshmain.c
 *  vshmain
 *
 *  Created by Zachry Thayer on 9/28/09.
 *  Copyright 2009 A_Nub. All rights reserved.
 *
 */

#include <pspkernel.h>
#include <pspctrl.h>
#include <pspidstorage.h>
#include <pspdisplay.h>

PSP_MODULE_INFO&#40;"VSH", 0x0000, 1, 1&#41;;
PSP_HEAP_SIZE_KB&#40;0x00010000&#41;;

#define SCR_WIDTH &#40;480&#41;
#define SCR_HEIGHT &#40;272&#41;
#define BUF_WIDTH &#40;512&#41;
#define PIXEL_SIZE &#40;4&#41;
#define FRAME_SIZE &#40;BUF_WIDTH * SCR_HEIGHT * PIXEL_SIZE&#41;

unsigned int *vramTop = &#40;unsigned int*&#41;0x04000000;

void clearScreen&#40;unsigned int col&#41;&#123;
	int y = 0,x = 0;
	for&#40;y = 0; y < SCR_HEIGHT; y++&#41;
		for&#40;x = 0; x < SCR_WIDTH; x++&#41;&#123;
			vramTop&#91;x + y * BUF_WIDTH&#93; = col;
		&#125;
&#125;

void putRect&#40;int X, int Y, int W, int H, unsigned int col&#41;&#123;
	int y = 0,x = 0;
	for&#40;y = Y; y < Y + H; y++&#41;
		for&#40;x = X; x < X + W; x++&#41;&#123;
			putPixel&#40;x,y,col&#41;;
		&#125;
&#125;

void putPixel&#40;int x, int y, unsigned int col&#41;&#123;
	if&#40;x < 0 || x > SCR_WIDTH&#41; return;
	if&#40;y < 0 || y > SCR_HEIGHT&#41; return;
	
	vramTop&#91;x + y * BUF_WIDTH&#93; = col;
&#125;

SceUID main_thread_uid;
int main_thread&#40;SceSize args, void *argp&#41;&#123;
	sceDisplaySetFrameBuf&#40;vramTop, BUF_WIDTH, PSP_DISPLAY_PIXEL_FORMAT_8888, PSP_DISPLAY_SETBUF_IMMEDIATE&#41;;
	sceDisplaySetMode&#40;0, SCR_WIDTH, SCR_HEIGHT&#41;;
	
	while&#40;1&#41;&#123;
		clearScreen&#40;0xff00ff00&#41;;
		putRect&#40;10,10,100,100,0xffff0000&#41;;
		sceKernelDelayThread&#40;1&#41;;
	&#125;
	
	return 0;
&#125;

int module_start&#40;SceSize args, void *argp&#41;&#123;
	main_thread_uid = sceKernelCreateThread&#40;"VSH_MAIN",main_thread, 32, 0x00010000, 0x4000, NULL&#41;;
	
	if&#40;main_thread_uid >= 0&#41;
		sceKernelStartThread&#40;main_thread_uid, 0, NULL&#41;;
	
	return 0;
&#125;

int module_stop&#40;SceSize args, void *argp&#41;&#123;
	sceKernelTerminateDeleteThread&#40;main_thread_uid&#41;;
	return 0;
&#125;

[Torch]

You can replace vshmain.prx with any ordinary user mode module. Just make it VSH mode 0x800. Don't allocate too big a heap depending on Phat/Slim since memory allocation is done before by paf.prx which is loaded before vshmain.prx. If you replace paf.prx you get the whole memory, but then for some reason the vshargs aren't received by vshmain.prx (or your replacement vshmain.prx) so it will appear to have cold rebooted everytime.

In case you want to load the real vshmain.prx later you must use a kernel module to unload your replacement vshmain.prx and only then load and start the real vshmain.prx so that the user memory doesn't get fragmented.

[a_noob]

Thanks for the reply, but I did try that as I stated. So do you think I am allocating too much memory? Hmm I should check how much vsh_module takes.

So far its not working. I just get a black screen. And I haven't a clue as to why. I mean my code is simple, I only rely on sceDisplay, which should be loaded before vshmain.prx otherwise there would be major problems.

It seems vsh_main loads the following kernel modules

Code: Select all

0x00037FF4:  "flash0:/kd/mpeg_vsh.prx"
0x0003800C: "flash0:/kd/usbstor.prx"
0x00038024: "flash0:/kd/usbstormgr.prx"
0x00038040: "flash0:/kd/mlnbridge.prx"
0x0003809C: "flash0:/kd/usbstorms.prx"
0x000380B8: "flash0:/kd/usbstorboot.prx"
0x000380D4: "flash0:/kd/lflash_fatfmt.prx"
0x0003AE2C: "flash0:/kd/ifhandle.prx"
0x0003AE44: "flash0:/kd/pspnet.prx"
0x0003AE5C: "flash0:/kd/pspnet_inet.prx"
0x0003AE78: "flash0:/kd/memab.prx"
0x0003AE90: "flash0:/kd/pspnet_adhoc.prx"
0x0003AEAC: "flash0:/kd/pspnet_adhoc_auth.prx"
0x0003AED0: "flash0:/kd/pspnet_adhocctl.prx"
0x0003AEF8: "flash0:/kd/pspnet_apctl.prx"
0x0003AF14: "flash0:/kd/pspnet_resolver.prx"
0x0003AF34: "flash0:/kd/libparse_http.prx"
0x0003AF54: "flash0:/kd/libparse_uri.prx"
0x0003AF70: "flash0:/kd/libhttp.prx"
0x0003AF88: "flash0:/kd/cert_loader.prx"
0x0003AFA4: "flash0:/kd/libssl.prx"
0x0003AFBC: "flash0:/kd/mcctrl.prx"
0x0003AFD4: "flash0:/kd/libdnas_core.prx"
0x0003AFF0: "flash0:/kd/libdnas.prx"
0x0003B008: "flash0:/kd/np_core.prx"
0x0003B020: "flash0:/kd/np.prx"
0x0003B034: "flash0:/kd/np_auth.prx"
0x0003B04C: "flash0:/kd/np_service.prx"
0x0003B068: "flash0:/kd/np_commerce2.prx"
0x0003B084: "flash0:/kd/np_commerce2_store.prx"
0x0003B0A8: "flash0:/kd/np_commerce2_regcam.prx"

To my knowledge none of these are required for a psp to run a simple program such as mine. Any thoughts as to why I am getting a black screen of death.

5.00 kernel btw. (M33-4)

Ok I did a little more digging. I adde some sceIo* to write a test file to see if my code was running. And it is. So it seems something is wrong with my direct framebuffer writing :/ I don't get it. Maybe I should try using the GU rather?

[a_noob]

If anyone was still wondering I actually got it to work by using the GU :D

heres the code for those interested

Code: Select all

/*
 *  vshmain.c
 *  vshmain
 *
 *  Created by Zachry Thayer on 9/28/09.
 *  Copyright 2009 A_Nub. All rights reserved.
 *
 */

#include <pspkernel.h>
#include <pspctrl.h>
#include <pspidstorage.h>
#include <pspdisplay.h>

PSP_MODULE_INFO&#40;"VSH", 0x800, 1, 1&#41;;
PSP_HEAP_SIZE_KB&#40;0x00010000&#41;;

#include <pspgu.h>
#include <pspgum.h>

static unsigned int __attribute__&#40;&#40;aligned&#40;16&#41;&#41;&#41; list&#91;262144&#93;;

#define BUF_WIDTH &#40;512&#41;
#define SCR_WIDTH &#40;480&#41;
#define SCR_HEIGHT &#40;272&#41;

struct Vertex
&#123;
	unsigned int color;
	float x, y, z;
&#125;;

struct Vertex __attribute__&#40;&#40;aligned&#40;16&#41;&#41;&#41; vertices&#91;1*3&#93; =
&#123;
	&#123;0xFF0000FF, 0.0f, -50.0f, 0.0f&#125;, // Top, red
	&#123;0xFF00FF00, 50.0f, 50.0f, 0.0f&#125;, // Right, green
	&#123;0xFFFF0000, -50.0f, 50.0f, 0.0f&#125;, // Left, blue
&#125;;

void start_gu&#40;&#41;&#123;
	
	sceGuInit&#40;&#41;;
	
	sceGuStart&#40;GU_DIRECT,list&#41;;
	sceGuDrawBuffer&#40;GU_PSM_8888,&#40;void*&#41;0,BUF_WIDTH&#41;;
	sceGuDispBuffer&#40;SCR_WIDTH,SCR_HEIGHT,&#40;void*&#41;0x88000,BUF_WIDTH&#41;;
	sceGuDepthBuffer&#40;&#40;void*&#41;0x110000,BUF_WIDTH&#41;;
	sceGuOffset&#40;2048 - &#40;SCR_WIDTH/2&#41;,2048 - &#40;SCR_HEIGHT/2&#41;&#41;;
	sceGuViewport&#40;2048,2048,SCR_WIDTH,SCR_HEIGHT&#41;;
	sceGuDepthRange&#40;65535,0&#41;;
	sceGuScissor&#40;0,0,SCR_WIDTH,SCR_HEIGHT&#41;;
	sceGuEnable&#40;GU_SCISSOR_TEST&#41;;
	sceGuFrontFace&#40;GU_CW&#41;;
	sceGuShadeModel&#40;GU_SMOOTH&#41;;
	sceGuDisable&#40;GU_TEXTURE_2D&#41;;
	sceGuFinish&#40;&#41;;
	sceGuSync&#40;0,0&#41;;
	
	sceDisplayWaitVblankStart&#40;&#41;;
	sceGuDisplay&#40;1&#41;;
	
&#125;


SceUID main_thread_uid;
int main_thread&#40;SceSize args, void *argp&#41;&#123;
	start_gu&#40;&#41;;
	
	ScePspFVector3 pos = &#123;240.0f, 136.0f, 0.0f&#125;;
	
	while&#40;1&#41;&#123;
		sceGuStart&#40;GU_DIRECT,list&#41;;
		
		sceGuClearColor&#40;0&#41;;
		sceGuClearDepth&#40;0&#41;;
		sceGuClear&#40;GU_COLOR_BUFFER_BIT|GU_DEPTH_BUFFER_BIT&#41;;
		
		sceGumMatrixMode&#40;GU_PROJECTION&#41;;
		sceGumLoadIdentity&#40;&#41;;
		sceGumOrtho&#40;0, 480, 272, 0, -1, 1&#41;;
		
		sceGumMatrixMode&#40;GU_VIEW&#41;;
		sceGumLoadIdentity&#40;&#41;;
		
		sceGumMatrixMode&#40;GU_MODEL&#41;;
		sceGumLoadIdentity&#40;&#41;;
		
		// Draw triangle
		
		sceGumTranslate&#40;&pos&#41;;
		
		sceGumDrawArray&#40;GU_TRIANGLES,GU_COLOR_8888|GU_VERTEX_32BITF|GU_TRANSFORM_3D,3,0,vertices&#41;;
		
		sceGuFinish&#40;&#41;;
		sceGuSync&#40;0,0&#41;;
	
		sceDisplayWaitVblankStart&#40;&#41;;
		sceGuSwapBuffers&#40;&#41;;
	&#125;
	
	return 0;
&#125;

int module_start&#40;SceSize args, void *argp&#41;&#123;
	main_thread_uid = sceKernelCreateThread&#40;"VSH_MAIN",main_thread, 32, 0x00010000, 0xC00040FF, NULL&#41;;
	
	if&#40;main_thread_uid >= 0&#41;
		sceKernelStartThread&#40;main_thread_uid, 0, NULL&#41;;
	
	return 0;
&#125;

int module_stop&#40;SceSize args, void *argp&#41;&#123;
	sceKernelTerminateDeleteThread&#40;main_thread_uid&#41;;
	return 0;
&#125;

So now I just need to customize and IPL to not load paf and such, since they are a waste of memory, since I am not using them, but rather linking in the pspsdk GU etc.

[Jim]

I think the original problem was you were using cached addresses for the screen and never flushing the dcache.

Jim

[a_noob]

Couldnt be cached. Its a global. That is set at compile time.

[Torch]

I think the original problem was you were using cached addresses for the screen and never flushing the dcache.

Jim

Even then only 3-4 rows of pixels would be missing at most and they'd start filling in on their own even when the CPU is idle.

Couldnt be cached. Its a global. That is set at compile time.

(unsigned int*)0x04000000; is a cached address, it goes through the CPU cache first before being written to VRAM and hence needs to be flushed. Using this with GU functions will cause a crash/artifacts since the GU only reads from vRam and won't see unflushed data in the CPU cache.

(unsigned int*)0x44000000; will write straight to vRam but is obviously slow.

[m0skit0]

Bit 30 in address controls caching: 0 -> use cache; 1 -> do not use cache.

[Torch]

Bit 30 in address controls caching: 0 -> use cache; 1 -> do not use cache.

When you start counting bits from from zero I assume.

[m0skit0]

Yes, as always xD