Legacy FIRM PXI: Difference between revisions
Created page with "This page describes the PXI commands for TWL_FIRM/AGB_FIRM. {| class="wikitable" border="1" |- ! Command Header ! Available since system version ! Description |- | 0x0001......." |
m Complete the IPC signature for Command 5 |
||
| (13 intermediate revisions by 5 users not shown) | |||
| Line 9: | Line 9: | ||
| 0x0001.... | | 0x0001.... | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| | | Shuts down LgyP9, puts ARM9 into a <code>while(1) svcSleepThread(1*1000*1000);</code> loop at the end of <code>main()</code> | ||
|- | |- | ||
| 0x00020080 | | 0x00020080 | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| (u64 application_titleID) This launches the specified TWL title | | PrepareArm9ForTwl(u64 application_titleID) This launches the specified TWL title. | ||
|- | |- | ||
| 0x00030080 | | 0x00030080 | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| (u64 application_titleID) This launches the specified GBA VC title. | | PrepareArm9ForAgb(u64 application_titleID) This launches the specified GBA VC title. On success, returns u64 GBA VC title exeFS .code length in cmdbuf[2]. | ||
|- | |- | ||
| 0x00040080 | | 0x00040080 | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| | | Process9 will eventually wait for the ARM11 to send this command, see [[FIRM|here]]. The command input parameters are not used. | ||
|- | |- | ||
| | | 0x00050040 | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| | | (u8 unk) Does some lowlevel sd/emmc register setting (different for unk=0 and unk=1). If unk=1, sets a flag, code ran during the pxi main-func loop detects this and calls <code>svcKernelSetState(2,0)</code>. | ||
|- | |- | ||
| 0x0006.... | | 0x0006.... | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| | | (DateTime datetimetoset,u8 shouldRead) - Sets the P9 date/time (calling the same function used by cmd 0xA for this), then reads (if shouldRead is not 0) or writes (if shouldRead is 0) ARM7_RTC_LO/HI registers to or from agbsave_in_ram+0x60. AgbBg doesn't appear to use this command at all. | ||
|- | |- | ||
| 0x0007.... | | 0x0007.... | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| ? | | Returns u8, IsSdCardInserted maybe? | ||
|- | |- | ||
| 0x0008.... | | 0x0008.... | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| | | Stubbed, returns 0xE0C0EC03... | ||
|- | |- | ||
| 0x0009.... | | 0x0009.... | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| | | Stubbed, returns 0xE0C0EC03... | ||
|- | |- | ||
| 0x000A.... | | 0x000A.... | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| | | Sets Process9's internal date/time, see below. | ||
|- | |- | ||
| | | 0x000B0240 | ||
| [[1.0.0-0]] | | [[1.0.0-0]] | ||
| This is used for TWL initialization, prior to using command 0x00020080. | | This is used for TWL initialization, prior to using command 0x00020080. Arguments: u8 <2 if card, else 3>, u8 <bit 1 from firmlaunchparams+0x460>, u64 tid, u8 bannerHmac[0x14] | ||
|- | |- | ||
| 0x000C0800 | | 0x000C0800 | ||
| Line 55: | Line 55: | ||
| This writes the input 0x80-byte ASCII data to [[Flash_Filesystem|nand:/rw/sys/lgy.log]]. | | This writes the input 0x80-byte ASCII data to [[Flash_Filesystem|nand:/rw/sys/lgy.log]]. | ||
|} | |} | ||
This PXI service seems to be based on [[Development Services PXI]]. Commands 0x8 and 0x9 in both are stubbed with the same function (returns 0xE0C0EC03), commands that seem useless under NATIVE_FIRM have a purpose on legacy FIRMs (command 0xC does some "unnecessary copying to stack" on NATIVE_FIRM, but this same copy (0x80-bytes) is used to write to lgy.log on legacy FIRMs), and commands that are essential (and only useful) on legacy FIRMs (0x2 and 0x3) are stubbed completely on NATIVE_FIRM. | |||
=Command 0x2= | |||
This does the following: | |||
* Waits for an u8 state field to become non-zero. | |||
* Clears DSi memory, etc. | |||
* Loads the DS(i) application specified by the command request titleID. If this fails, it immediately returns the error for this. | |||
* Initializes the DSi memory at 0x02fe7000 and 0x02fffc00. | |||
* Loads the TWL launcher located at physical address [[Memory_layout|0x27C00000]], which was written there by the TwlBg ARM11 process. | |||
* Loads the TWL bootloader, see [[FIRM|here]]. | |||
* Initializes DSi memory/keys, [[IO_Registers|0x10018000]] registers, etc. | |||
* Writes value 0x3 to [[CONFIG_Registers|REG_BOOTENV]], and value 0x1 to an u8 state field. | |||
* Uses [[SVC|svcSignalEvent]], then returns. | |||
=Command 0xA= | |||
This takes 3 arguments, which are the following structure packed into 12 bytes (no padding): | |||
s32 year; | |||
s8 month; | |||
s8 day; | |||
s8 day_of_week; // Sunday = 0, up to Saturday = 6 | |||
s8 hour; | |||
s8 minute; | |||
s8 second; | |||
s16 ms; | |||
This should be the current date/time (AgbBg seems to get it from MCU); it's converted from this structure into milliseconds, and saved into .data. Another .data variable is set from svcGetSystemTick by this command, and another function in (LGY) P9 essentially does <code>return date_time_set_from_this_command + ticks_to_ms(svcGetSystemTick() - systemtick_from_this_command);</code> to get the current date&time. | |||