3 NIDs - what is this doing?

Draan · Post by **Draan** » Wed Nov 04, 2009 6:41 am

All I know is:

char* path = SystemCtrlForKernel_AC56B90B(); //returning a string (i'm sure)
SysMemForKernel_C7E57B9C (0x00000E30); //returning nothing or nothing important

unk = SystemCtrlForKernel_F9584CAD (0x00000800); //this is compared with zero in next line
if (!(unk != 0x00000000))

0x00000800 - maybe vsh mode, so it's maybe something like sceKernelCheckModuleAttr(u32 attr)?

Anyone knows what is this? Thanks for help.

a_noob · Post by **a_noob** » Wed Nov 04, 2009 6:54 am

Well it says SystemCtrl meaning input, so I assume PSP_CTRL_START = 0x000008 and the function to be int sceCtrl_driver_5E77BC8A (unsigned int mask) which gets the given mask, so this essentially is saying

if PSP_CTRL_START is masked

But I could most certainly be mistaken

Draan · Post by **Draan** » Wed Nov 04, 2009 7:02 am

Well, thanks for reply, but I think you're wrong. It's from galaxy.prx, so it's not doing anything with buttons.

Davee · Post by **Davee** » Wed Nov 04, 2009 9:56 am

That sysmem function is "sceKernelSetQTGP3".

void *SystemCtrlForKernel_F9584CAD(u32 size);
This allocs memory from systemctrl's special heap. Errors when return 0.

victorprosa · Post by **victorprosa** » Wed Nov 04, 2009 10:06 am

I don't know very much about NIDs (i am a beginner at this part), but i tried to search it for you, the only reference I found is here at PS2DEV, i think that it might help you...

http://forums.ps2dev.org/viewtopic.php? ... 3d436655a6

Draan · Post by **Draan** » Thu Nov 05, 2009 1:29 am

Thanks Davee!
Ok, I've created the stubs file for me, and I'll try what's doing the last needed function...

How to find how many and which arguments does the function need?

(I'm noob in reverse engineering, I'm using PSPDecompiler and trying to make something useful with output)
reversed subroutine 0x0000032C (module_start)

Code: Select all

int module_start&#40;SceSize args, void *argp&#41;
&#123;
  u32* mod = sceKernelFindModuleByName&#40;"sceThreadManager"&#41;;
  u32 text_addr = *&#40;mod+27&#41;;
  _sw&#40;sceKernelCreateThread_fake, text_addr+0x17DEC&#41;;
  _sw&#40;sceKernelStartThread_fake, text_addr+0x17F88&#41;;
  clearCache&#40;&#41;;
  while&#40;1&#41;&#123;
    char* path = SystemCtrlForKernel_AC56B90B&#40;&#41;; //here is our function, i'm not sure it's with no arguments
    SceUID file = sceIoOpen&#40;path, PSP_O_RDONLY, NULL&#41;;
    if &#40;file >= 0&#41; break;
    sceKernelDelayThread&#40;10000&#41;;
  &#125;
  sceIoClose &#40;file&#41;;
  return 0;
&#125;

Draan · Post by **Draan** » Mon Nov 09, 2009 3:56 am

I found it!

from hostcore by poison:

getUmdFile = ( void * )findProc( "SystemControl", "SystemCtrlForKernel", 0xAC56B90B );

This is it!
But it isn't sctrlGetUmdFile, nor sctrlSEGetUmdFile, nor getUmdFile...
(cracking nids for dax's functions - yeach)