Handles for services are retrieved from the service manager port, "srv:". Services are an abstraction of ports, they operate the same way except regular ports can have their handles retrieved directly from a SVC(svcConnectToPort).
Processes with PID less than or equal to the number of NATIVE_FIRM built-in modules (fs, sm, pm, pxi, ldr) have access to all services.
Service Manager Port "srv:"
Command Header | Description |
---|---|
0x00010002 | Initialize |
0x00020000 | GetProcSemaphore (the handle from this gets signaled when notifications for this process gets triggered) |
0x00030100 | RegisterService (8-byte servicename, u32 strlen, u32 flags?) |
0x000400C0 | UnregisterService (8-byte servicename, u32 strlen) |
0x00050100 | GetServiceHandle (8-byte servicename, u32 strlen, u32 flags?) |
0x000600c2 | RegisterHandle? (8-byte servicename, u32 strlen, Handle h) |
0x0007.... | UnregisterHandle? (8-byte servicename, u32 strlen) |
0x0008.... | IsHandlePresent (8-byte servicename, u32 strlen,u32 flags) if flag is set it returns the handle? |
0x00090040 | Subscribe () This enables the specified notificationID for the current process. |
0x000A.... | This disables the specified notificationID for the current process (u32 ID) |
0x000B0000 | ReceiveNotification This returns the notificationID which was triggered, if any(see GetProcSemaphore). |
0x000C0080 | PublishToSubscriber(u32 ID,u32 flag) This can fire notificationID (Bit(0) only fire if not already fired, Bit(1) = return error if error happens, else it always returns 0) |
0x000D.... | This can fire notificationIDs and return the number of fired notificationID |
0x000E.... | returns 1 if the service is registered. 0 if not (8-byte servicename, u32 strlen) |
Service Manager Process-Manager Port "srv:pm"
Command Header, prior to 7.0.0-13 | Description |
---|---|
0x04030082 | RegisterProcess (u32 procid, u32 wordsz, ((wordsz<<16) | 2), serviceaccesscontrol*). |
0x04040040 | UnregisterProcess (u32 procid). |
The Register command registers a process with the service-manager, which includes registering the serviceaccesscontrol for the process which normally originates from the exheader.
Prior to to 7.0.0-13, the commands listed for "srv:" were also accessible under this port with the same command-headers. Starting with 7.0.0-13, the "srv:pm" port was changed to a service. With this change, commandIDs for these commands were changed. "srv:pm" was originally vulnerable, this was fixed with 7.0.0-13, see here. Originally any process could use "srv:pm", however starting with 7.0.0-13 only the built-in NATIVE_FIRM sysmodules have access to it. The only system title which uses "srv:pm" is the Process Manager.
Notifications
ID | Description |
---|---|
0x100 | This indicates that all processes must terminate: power-off, reboot, or FIRM-launch. |
0x204 | This indicates that the HOME button was pressed. |