how to let psp reboot ?

0okm0000 · Post by **0okm0000** » Wed May 31, 2006 2:44 am

thank you ^^

Fanjita · Post by **Fanjita** » Wed May 31, 2006 3:09 am

If you want a full power off reboot, then you can always trigger something like an uncaught null pointer exception - this will force the PSP to power off after a certain delay. It won't power back on without manual intervention though. That's about the most major reboot I can think of.

For softer reboot, wouldn't sceKernelExitGame() be sufficient?

Ghozt · Post by **Ghozt** » Wed May 31, 2006 6:28 am

If you just want to reboot your own application you can just use sceKernelLoadExec(). But you probably ment reboot the whole system.

0okm0000 · Post by **0okm0000** » Wed May 31, 2006 12:10 pm

Fanjita wrote:If you want a full power off reboot, then you can always trigger something like an uncaught null pointer exception - this will force the PSP to power off after a certain delay. It won't power back on without manual intervention though. That's about the most major reboot I can think of.

For softer reboot, wouldn't sceKernelExitGame() be sufficient?

Ghozt wrote:If you just want to reboot your own application you can just use sceKernelLoadExec(). But you probably ment reboot the whole system.

thank you
but i want "cool boot"
like reboot after "Restore Default Setting" or "Update FW"

dot_blank · Post by **dot_blank** » Thu Jun 01, 2006 8:09 am

it is not possible for a "cool boot" as of yet
maybe you only want vsh to reboot ....then
take a look at psplinks dir called scripts ...there
is a script called loadvsh.sh ...if you open with
text editor its pretty simple what it does ....maybe
you could use to load those modules after youve
done your "update FW" or restore default settings

groepaz · Post by **groepaz** » Thu Jun 01, 2006 8:43 am

reverse engineering the VSH or the updater might give some insight on this.... mmmh :)

moonlight · Post by **moonlight** » Thu Jun 01, 2006 9:10 am

dot_blank wrote:it is not possible for a "cool boot" as of yet
maybe you only want vsh to reboot ....then
take a look at psplinks dir called scripts ...there
is a script called loadvsh.sh ...if you open with
text editor its pretty simple what it does ....maybe
you could use to load those modules after youve
done your "update FW" or restore default settings

That's a cool reboot, except that it's not a reboot :D, and the kernel has not been restarted

The vsh uses the function vshKernelExitVSHVSH (which simply calls to the kernel function sceKernelExitVSHVSH)

Calling sceKernelExitVSHVSH(0) inside a game has the same effect that calling sceKernelExitGame.

Anyways, i think i have exactly what 0okm needs:

Code: Select all

#define PATH "flash0&#58;/vsh/module/vshmain.prx"

struct SceKernelLoadExecParam param;

memset&#40;&param, 0, sizeof&#40;param&#41;&#41;;

param.size = sizeof&#40;param&#41;;
param.argp = PATH;
param.args = strlen&#40;PATH&#41; + 1;
param.key = "vsh";

sceKernelLoadExec&#40;PATH, &param&#41;;

0okm0000 · Post by **0okm0000** » Thu Jun 01, 2006 12:30 pm

moonlight wrote:...
Anyways, i think i have exactly what 0okm needs:

Code: Select all

#define PATH "flash0&#58;/vsh/module/vshmain.prx"

struct SceKernelLoadExecParam param;

memset&#40;&param, 0, sizeof&#40;param&#41;&#41;;

param.size = sizeof&#40;param&#41;;
param.argp = PATH;
param.args = strlen&#40;PATH&#41; + 1;
param.key = "vsh";

sceKernelLoadExec&#40;PATH, &param&#41;;

Thank you ^o^

dot_blank · Post by **dot_blank** » Fri Jun 02, 2006 8:18 am

ahh i see ..i had assumed he ment reboot like
psp power off and then possibly have app loaded
while it boots ...similar to how ipl loads modules

moony: that is a very nice way to reboot :) very nice indeed

groepaz · Post by **groepaz** » Fri Jun 02, 2006 8:41 am

could anyone explain how this is different from simply exiting an app (which has previously started with loadexec as usual) because i cant see any difference. (this will manually load the vsh, which is exactly what happens when you exit an app :=))

however, since after a firmware update there might be a new ipl which in turn is needed to decode the rest, the update must pretty much initiate a "cold" reboot.... would be quite interisting to know how that is done.

moonlight · Post by **moonlight** » Fri Jun 02, 2006 8:53 am

groepaz wrote: however, since after a firmware update there might be a new ipl which in turn is needed to decode the rest, the update must pretty much initiate a "cold" reboot.... would be quite interisting to know how that is done.

That's the cause because i couldn't sleep yesterday :)

I was thinking that if the update makes a soft reset, then we could be able to survive that using the now famous technique of surviving loadexec, and we could execute kernel code in the new firmware until the psp is shut down. :D

But then i realized that there is a new ipl and in some cases, with new keys. Is it really a hardware reboot what the update does or it is something different?
I'll take a look on that, not sure if i will be able to find something.

groepaz wrote: could anyone explain how this is different from simply exiting an app (which has previously started with loadexec as usual) because i cant see any difference. (this will manually load the vsh, which is exactly what happens when you exit an app :=))

It's more or less the same. Except that this make appear the $CE logo, so it is more "cool" :)

dot_blank · Post by **dot_blank** » Fri Jun 02, 2006 9:07 am

moonlight cool points: 128
dot_blank cool points: 88

after posting this message
dot_blank cool points: -20 :D

knowing that cool points are not cool: priceless

moonlight · Post by **moonlight** » Fri Jun 16, 2006 9:24 pm

moonlight wrote:...

Code: Select all

#define PATH "flash0&#58;/vsh/module/vshmain.prx"

struct SceKernelLoadExecParam param;

memset&#40;&param, 0, sizeof&#40;param&#41;&#41;;

param.size = sizeof&#40;param&#41;;
param.argp = PATH;
param.args = strlen&#40;PATH&#41; + 1;
param.key = "vsh";

sceKernelLoadExec&#40;PATH, &param&#41;;

Well, if someone is interested in rebooting the vsh with sceKernelLoadExec without showing the $CE logo, this is the way:

Code: Select all

#define PATH "flash0&#58;/vsh/module/vshmain.prx"

u8 vshmain_args&#91;0x0400&#93; = 
&#123;
	0x00, 0x04, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 
	0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
&#125;;

struct SceKernelLoadExecParam param;

memset&#40;&param, 0, sizeof&#40;param&#41;&#41;;

param.size = sizeof&#40;param&#41;;
param.args = 0x0400;
param.argp = vshmain_args;
param.key = "vsh";

sceKernelLoadExec&#40;PATH, &param&#41;;

But probably it's easier to call sceKernelExitGame :D
No, i don't know what that argument for vshmain exactly means, but i have seen them passed to the module.

Also i have found out that the extra parameters of the SceKernelLoadExecVSH structure are related with this:

Code: Select all

/** Structure for LoadExecVSH* functions */
struct SceKernelLoadExecVSHParam 
&#123;
/** Size of the structure in bytes */
    SceSize     size; 
/** Size of the arguments string */
    SceSize     args;
/** Pointer to the arguments strings */
    void * argp;
/** The key, usually "game", "updater" or "vsh" */
    const char * key;
/** The size of the vshmain arguments */
    u32 vshmain_args_size;
/** vshmain arguments that will be passed to vshmain after the program has exited */
    void *vshmain_args;
/** unknown, set it to 0 */
    u32 unk3;
/** unknown, set it to 0 */
    u32 unk4;
/** unknown, set it to 0 */
    u32 unk5;
&#125;;

And in the strange case that you are running a module in the vsh, you can do the following to execute a homebrew and returning showing the $CE logo:

Code: Select all

#define PATH "ms0&#58;/PSP/GAME/MYAPP/EBOOT.PBP"

struct SceKernelLoadExecVSHParam params;

memset&#40;&param, 0, sizeof&#40;param&#41;&#41;;
param.size = sizeof&#40;param&#41;;
param.args = strlen&#40;PATH&#41;+1;
param.argp = PATH;
param.key = "game";

sceKernelLoadExecVSHMs2&#40;PATH, &param&#41;;

Or if you want to do it normally, so the SCE logo is not showed, this is how the VSH does it:

Code: Select all

#define PATH "ms0&#58;/PSP/GAME/MYAPP/EBOOT.PBP"

struct SceKernelLoadExecVSHParam params;

memset&#40;&param, 0, sizeof&#40;param&#41;&#41;;
param.size = sizeof&#40;param&#41;;
param.args = strlen&#40;PATH&#41;+1;
param.argp = PATH;
param.key = "game";
param.vshmain_args_size = 0x0400;
param.vshmain_args = vshmain_args;

sceKernelLoadExecVSHMs2&#40;PATH, &param&#41;;

0okm0000 · Post by **0okm0000** » Sat Jun 17, 2006 11:04 am

Thanks a lot ^o^

dot_blank · Post by **dot_blank** » Sat Jun 17, 2006 4:37 pm

ahh thanx ..second option is a much easier way
instead of having a module handle loadexec
moonlight cool points++ :)

moonlight · Post by **moonlight** » Wed Jun 21, 2006 9:14 pm

I have found the way to make a true hardware reset... in the faked 2.50.

Function scePower_0442D852 (user) or scePower_driver_ 0442D852(kernel) (available from 2.00 and greater)

the usage is more than simple:

scePower_0442D852 (0); -> and voila, a real reboot, where resident programs like that firmware emulator can't survive.

I discovered an import to this function in the 2.60 updater, in its file coldreset_update.prx (with vsh flags, 0x0800).

But then this arises some questions:

- If the function only exists in 2.00 and greater... how the hell is called when updating from 1.00/1.50 to 2.60? (that if it's called..., but if it isn't called how are then 1.00/1.50 hardware-rebooted?

- How the 2.00 updater reboots the psp? (this one doesn't have that coldreset prx, and the only imports from scePower that i have seen in their modules are those to check battery.

The mistery on the updaters continue :)

Post by **TyRaNiD** » Thu Jun 22, 2006 3:00 am

Well I did a quick bit of digging based on the info you provided, I dont know how the updater does it but it is really simple to reset and even power off the PSP, how I didn't see this before I will never know ;)

Basically here are two useful functions.

void sceSysconPowerStandby(void) - Call this and the PSP shuts down
void sceSysconResetDevice(int unk1, int unk2) - Call this with parameters of 1 and 1 and the system resets.

There we go, finally a power off function for psplink ;) Of course worth bearing in mind that the power driver does go through some hoops before actually calling these functions so it is possible that doing so directly could cause unpleasentness such as MS corruption, time issues and all manner of other stuff so use with caution.

N.B. it looks like power.prx in 1.5 never calls reset device therefore it is possible that something in the updater calls it directly, not really sure on that, and in some ways not sure I am that bothered. Also reset device is also called with 1, 2 as the parameters, when passing 2 it plays with the MS power control as well so...

N.B2 for a cleaner (and probably safer) standby there is the user/kernel mode call scePowerRequestStandby() or the corresponding scePowerRequestSuspend() for suspending the PSP. The only places in the entire kernel which call ResetDevice is UMD and WLAN drivers, whether that just resets a particular device or whether there are calls inside those drivers which reset the PSP I cannot be certain without more digging, which I dont feel like doing :)

N.B3 okay so curiosity got the better of me, I looked at UMD Manager and that calls ResetDevice with 2, 1 as parameters so I would guess the first parameter is the device to reset and the second param is reset type possibly, no doubt the WLAN driver also resets its own device using a different first parameter.

moonlight · Post by **moonlight** » Thu Jun 22, 2006 4:34 am

Good find Tyranid.

I now see that the leptonupdater for 150 from the 2.00 updater imports the sceSysconResetDevice.
Btw this requires kernel mode, as opposite to that power function.
What i don't know is why the 2.60 updater has two different ways of reseting the psp, when one of them should work in all versions. Well, it doesn't matter anyways :)

0okm0000 · Post by **0okm0000** » Thu Jun 22, 2006 3:31 pm

THANK YOU moonlight & TyRaNiD ^o^

moonlight · Post by **moonlight** » Thu Jun 22, 2006 4:08 pm

A bit offtopic

These guys of Sony are so retard...

texure_loader -> testmode
texseq_counter -> ipl_update
setdisplaybuffer -> secure_rtcreset
checkswtimer -> leptonupdate150
convert_tex -> leptonupdate103
update_driver -> umdex_driver
network_update -> coldreset_update

They think that faking module names in the last updaters can avoid people from looking at them. A bit pathetic... :)

laichung · Post by **laichung** » Thu Jun 22, 2006 5:41 pm

may be one of the reason is , THEY ARE JAPANESE~~
Poor English at all.......haha~

moonlight wrote:A bit offtopic

These guys of Sony are so retard...

texure_loader -> testmode
texseq_counter -> ipl_update
setdisplaybuffer -> secure_rtcreset
checkswtimer -> leptonupdate150
convert_tex -> leptonupdate103
update_driver -> umdex_driver
network_update -> coldreset_update

They think that faking module names in the last updaters can avoid people from looking at them. A bit pathetic... :)

jas0nuk · Post by **jas0nuk** » Sat Jul 08, 2006 10:14 pm

moonlight wrote:the usage is more than simple:

scePower_0442D852 (0);

How could I use this?

On compiling, I always get a

warning: implicit declaration of function 'scePower_0442D852'

I have already included psppower.h

hitchhikr · Post by **hitchhikr** » Sat Jul 08, 2006 10:16 pm

Not that it holds much interest now but:

Code: Select all

/** Structure for LoadExecVSH* functions */
struct SceKernelLoadExecVSHParam &#123;
/** Size of the structure in bytes */
    SceSize     size;
/** Size of the arguments string */
    SceSize     args;
/** Pointer to the arguments strings */
    void * argp;
/** The key, usually "game", "updater" or "vsh" */
    const char * key;
/** The size of the vshmain arguments */
    u32 vshmain_args_size;
/** vshmain arguments that will be passed to vshmain after the program has exited */
    void *vshmain_args;

/* "/kd/pspbtcnf_game.txt" or "/kd/pspbtcnf.txt" if not supplied &#40;max. 256 chars&#41;
used by&#58;
sceKernelLoadExecVSHDisc&#40;&#41; 
sceKernelLoadExecBufferVSHUsbWlan&#40;&#41;
sceKernelLoadExecBufferVSHUsbWlanDebug&#40;&#41;
sceKernelLoadExecVSHDisc&#40;&#41;
sceKernelLoadExecVSHDiscUpdater&#40;&#41;
sceKernelLoadExecVSHDiscDebug&#40;&#41;
LoadExecForKernel_31DF42BF&#40;&#41;
LoadExecForKernel_28D0D249&#40;&#41;
LoadExecForKernel_70901231&#40;&#41;
*/
    u32 unk3;
/* An unknown string &#40;max. 256 chars&#41; probably used in 2nd stage of loadexec */
    u32 unk4;
/* unknown flag default value = 0x10000 */
    u32 unk5;
&#125;;

moonlight · Post by **moonlight** » Sat Jul 08, 2006 10:26 pm

Btw, hitchhikr, the nids of 3 functions you have put are already known.

LoadExecForKernel_31DF42BF -> sceKernelLoadExecVshMs1
LoadExecForKernel_28D0D249 -> sceKernelLoadExecVshMs2
LoadExecForKernel_70901231 -> sceKernelLoadExecVshMs3

hitchhikr, are you able to return to the vsh in 2.60 after the kernel hack? I've tried sceKernelExitGame and other functions in 1.50 with dh, but no luck, it makes the psp crash.

moonlight · Post by **moonlight** » Sat Jul 08, 2006 10:31 pm

jas0nuk wrote:
moonlight wrote:the usage is more than simple:

scePower_0442D852 (0);
How could I use this?

On compiling, I always get a
warning: implicit declaration of function 'scePower_0442D852'
I have already included psppower.h

That function only exists in 2.XX and it's not included in the pspsdk yet.

To use it under 2.XX with the kernel exploit, you'll have to find the address of the function, for example using the FindProc function of PspPet's PSAR Dumper. (btw, after the kernel exploit, it seems that this function is broken, at least in the fake 2.50)

jas0nuk · Post by **jas0nuk** » Sat Jul 08, 2006 10:58 pm

I'm trying to use it through DevHook's "VSH Extender" module in 2.50 which has kernel access anyway, as it is loaded with the VSH in the pspbtcnf files.
The 'sceSysconResetDevice' function works but gives a disc read error, as apparently the UMD hardware is not rebooted, so it gets out of sync.

BTW, I'm quite a noob when it comes to this sort of thing... how would I pass the correct parameters to find the address of 'scePower_0442D852'?

Is it as simple as

Code: Select all

FindProc&#40;NULL,NULL,0442D852&#41;;

How would I use the result to actually run the function?

moonlight · Post by **moonlight** » Sun Jul 09, 2006 1:03 am

FindProc("scePower_Service", "scePower_driver", 0x0442D852);

jas0nuk · Post by **jas0nuk** » Sun Jul 09, 2006 2:10 am

Thanks

etenia · Post by **etenia** » Sun Sep 10, 2006 1:28 am

Is it possible to reboot the PSP in Usermode?

thanks

moonlight · Post by **moonlight** » Sun Sep 10, 2006 6:37 pm

etenia wrote:Is it possible to reboot the PSP in Usermode?

thanks

scePower_0442D852 can be called in user mode. But since pspsdk doesn't support it yet, you'll have to create the stub yourself.