Changes

2,563 bytes added ,  14:34, 20 March 2019
fix notif 0x10C
Line 1: Line 1: −
Services are an abstraction of ports and are the commonly used way of inter-process communication outside of the kernel. While handles of regular ports are retrieved from [[SVC]](svcConnectToPort), service handles are retrieved through the port ''srv:'' ("service manager").
+
Services are an abstraction of ports and are the commonly used way of inter-process communication outside of the kernel. While handles of regular ports are retrieved from [[SVC|svcConnectToPort]], service handles are retrieved through the port ''srv:'' ("service manager").
   −
Processes with PID less than or equal to the number of NATIVE_FIRM built-in modules (fs, sm, pm, pxi, ldr) have access to all services.
+
When a service is registered, [[SVC|svcCreatePort]] is used without a port-name. This means that the port is inaccessible via the port SVCs outside of sm-module. See below for getting a session handle for sending commands to services.
 +
 
 +
Processes with PID less than or equal to the number of NATIVE_FIRM built-in modules (fs, sm, pm, pxi, ldr) have access to all services. This value is obtained from [[SVC|svcGetSystemInfo]]. Other processes are limited to access services listed in their [[NCCH/Extended_Header#ARM11_Local_System_Capabilities|service access control list]], as passed to [[SRVPM:RegisterProcess]].
 +
 
 +
Attempting to use [[SRV:GetServiceHandle|GetServiceHandle]] with a service that the process has access to when that service isn't registered will block until it is registered.
    
==Service Manager Port "srv:"==
 
==Service Manager Port "srv:"==
Line 10: Line 14:  
|-
 
|-
 
| 0x00010002
 
| 0x00010002
| Initialize
+
| [[SRV:RegisterClient|RegisterClient]]
 
|-
 
|-
 
| 0x00020000
 
| 0x00020000
| GetProcSemaphore (the handle from this gets signaled when notifications for this process gets triggered)
+
| [[SRV:EnableNotification|EnableNotification]]
 
|-
 
|-
 
| 0x00030100
 
| 0x00030100
| RegisterService (8-byte servicename, u32 strlen, u32 flags?)
+
| [[SRV:RegisterService|RegisterService]]
 
|-
 
|-
 
| 0x000400C0
 
| 0x000400C0
| UnregisterService (8-byte servicename, u32 strlen)
+
| [[SRV:UnregisterService|UnregisterService]]
 
|-
 
|-
 
| 0x00050100
 
| 0x00050100
| GetServiceHandle (8-byte servicename, u32 strlen, u32 flags?)
+
| [[SRV:GetServiceHandle|GetServiceHandle]]
 
|-
 
|-
| 0x000600c2
+
| 0x000600C2
| RegisterHandle? (8-byte servicename, u32 strlen, Handle h)
+
| [[SRV:RegisterPort|RegisterPort]]
 
|-
 
|-
| 0x0007....
+
| 0x000700C0
| UnregisterHandle? (8-byte servicename, u32 strlen)
+
| [[SRV:UnregisterPort|UnregisterPort]]
 
|-
 
|-
| 0x0008....
+
| 0x00080100
| IsHandlePresent (8-byte servicename, u32 strlen,u32 flags) if flag is set it returns the handle?
+
| [[SRV:GetPort|GetPort]]
 
|-
 
|-
 
| 0x00090040
 
| 0x00090040
| Subscribe () This enables the specified notificationID for the current process.
+
| [[SRV:Subscribe|Subscribe]]
 
|-
 
|-
 
| 0x000A0040
 
| 0x000A0040
| This disables the specified notificationID for the current process (u32 ID)
+
| [[SRV:Unsubscribe|Unsubscribe]]
 
|-
 
|-
 
| 0x000B0000
 
| 0x000B0000
| ReceiveNotification This returns the notificationID which was triggered, if any(see GetProcSemaphore).
+
| [[SRV:ReceiveNotification|ReceiveNotification]]
 
|-
 
|-
 
| 0x000C0080
 
| 0x000C0080
| PublishToSubscriber(u32 ID,u32 flag) This can fire notificationID (Bit(0) only fire if not already fired, Bit(1) = return error if error happens, else it always returns 0)
+
| [[SRV:PublishToSubscriber|PublishToSubscriber]]
 
|-
 
|-
| 0x000D....
+
| 0x000D0040
| This can fire notificationIDs and return the number of fired notificationID
+
| [[SRV:PublishAndGetSubscriber|PublishAndGetSubscriber]]
 
|-
 
|-
| 0x000E....
+
| 0x000E00C0
| returns 1 if the service is registered. 0 if not (8-byte servicename, u32 strlen)
+
| [[SRV:IsServiceRegistered|IsServiceRegistered]]
 
|}
 
|}
   −
==Service Manager Process-Manager Port "srv:pm"==
+
It appears these "port" commands can be used for transferring arbitrary handles, however [[SRV:GetPort|GetPort]] still uses the same service-access-control validation as [[SRV:GetServiceHandle|GetServiceHandle]]. Despite this fact, it appears that a "port" and a service with the same name can coexist independently.
 +
 
 +
==Service Manager Process-Manager Port/Service "srv:pm"==
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
!  Command Header, prior to [[7.0.0-13]]
+
!  Command Header (port), prior to [[7.0.0-13]]
 +
!  Command Header (service), post [[7.0.0-13]]
 
!  Description
 
!  Description
 +
|-
 +
| 0x04010042
 +
| 0x00010042
 +
| [[SRVPM:PublishToProcess|PublishToProcess]]
 +
|-
 +
| 0x04020040
 +
| 0x00020040
 +
| [[SRVPM:PublishToAll|PublishToAll]]
 
|-
 
|-
 
| 0x04030082
 
| 0x04030082
| RegisterProcess (u32 procid, u32 wordsz, <nowiki>((wordsz<<16) | 2)</nowiki>, serviceaccesscontrol*).
+
| 0x00030082
 +
| [[SRVPM:RegisterProcess|RegisterProcess]]
 
|-
 
|-
 
| 0x04040040
 
| 0x04040040
| UnregisterProcess (u32 procid).
+
| 0x00040040
 +
| [[SRVPM:UnregisterProcess|UnregisterProcess]]
 
|}
 
|}
  −
The Register command registers a process with the service-manager, which includes registering the serviceaccesscontrol for the process which normally originates from the [[NCCH/Extended_Header|exheader]].
      
Prior to to [[7.0.0-13]], the commands listed for "srv:" were also accessible under this port with the same command-headers. Starting with [[7.0.0-13]], the "srv:pm" port was changed to a service. With this change, commandIDs for these commands were changed. "srv:pm" was originally vulnerable, this was fixed with [[7.0.0-13]], see [[3DS_exploits|here]]. Originally any process could use "srv:pm", however starting with [[7.0.0-13]] only the built-in NATIVE_FIRM sysmodules have access to it. The only system title which uses "srv:pm" is the [[Process_Manager_Services|Process Manager]].
 
Prior to to [[7.0.0-13]], the commands listed for "srv:" were also accessible under this port with the same command-headers. Starting with [[7.0.0-13]], the "srv:pm" port was changed to a service. With this change, commandIDs for these commands were changed. "srv:pm" was originally vulnerable, this was fixed with [[7.0.0-13]], see [[3DS_exploits|here]]. Originally any process could use "srv:pm", however starting with [[7.0.0-13]] only the built-in NATIVE_FIRM sysmodules have access to it. The only system title which uses "srv:pm" is the [[Process_Manager_Services|Process Manager]].
Line 76: Line 91:  
|-
 
|-
 
| 0x100
 
| 0x100
| This indicates that all processes must terminate: power-off, reboot, or [[FIRM]]-launch.
+
| This indicates that the recipient must terminate. Does not require subscription.
 +
|-
 +
| 0x101
 +
| Signaled to NS on sleep mode entry.
 +
|-
 +
| 0x103
 +
| Fired on sleep mode entry, subscribed to by NS, CSND, NWM, AC and NIM.
 +
|-
 +
| 0x104
 +
| This indicates that the system is entering sleep mode. (PTM:NotifySleepPreparationComplete needed for this and the following?)
 +
|-
 +
| 0x105
 +
| This indicates that the system has exited sleep mode.
 +
|-
 +
| 0x106
 +
| Fired after sleep mode exit, subscribed to by NS, MIC, AC, NEWS, CECD and BOSS.
 +
|-
 +
| 0x107
 +
| Unknown. Subscribed to by CECD module.
 
|-
 
|-
 
| 0x108
 
| 0x108
 
| error at boot?
 
| error at boot?
 +
|-
 +
| 0x109
 +
| ? (Subscribed to by GSP)
 +
|-
 +
| 0x10C
 +
| Sent by PM after it starts a regular application.
 +
|-
 +
| 0x110-0x11F
 +
| Sent to NS on application exit. See [[PMApp:LaunchTitle#Launch_Flags|PM launch flags]].
 +
|-
 +
| 0x179
 +
| Unknown.
 +
|-
 +
| 0x200
 +
| Signaled just before sleep mode is exited from, subscribed to by NS.
 +
|-
 +
| 0x202
 +
| POWER button pressed
 +
|-
 +
| 0x203
 +
| POWER button held long
 
|-
 
|-
 
| 0x204
 
| 0x204
| This indicates that the HOME button was pressed.
+
| HOME button pressed
 +
|-
 +
| 0x205
 +
| HOME button released
 +
|-
 +
| 0x206
 +
| This is signaled by [[NWMEXT:ControlWirelessEnabled]] and when the physical Wi-Fi slider is enabled
 +
|-
 +
| 0x207
 +
| SD card inserted
 +
|-
 +
| 0x208
 +
| Game cartridge inserted
 +
|-
 +
| 0x209
 +
| SD card removed
 +
|-
 +
| 0x20A
 +
| Game cartridge removed
 +
|-
 +
| 0x211
 +
| Battery Related? (Published by PTM module)
 +
|-
 +
| 0x212
 +
| Battery Related? (Published by PTM module)
 +
|-
 +
| 0x20B
 +
| Game cartridge inserted or removed
 +
|-
 +
| 0x20C
 +
| mcu-module publishes this on a (fatal) hardware condition?, ptm throws fatal error F960D407 in receipt of this
 +
|-
 +
| 0x20D
 +
| Charger plugged out
 +
|-
 +
| 0x20E
 +
| Charger plugged in
 +
|-
 +
| 0x213
 +
| Signaled after exiting sleep mode and early during system boot. Subscribed to by CODEC, HID, GSP, CAMERA, MIC, NDM and PTM. GSP powers LCD on in receipt to this, etc.
 +
|-
 +
| 0x214
 +
| Signaled before entering sleep mode. Subscribed to by CODEC, HID, GSP, CAMERA, MIC, NDM and PTM. GSP shutdowns LCD in receipt to this, etc.
 +
|-
 +
| 0x300
 +
| Signaled after sleep mode exit and during system boot, subscribed to by NDM.
 +
|-
 +
| 0x301
 +
| Signaled just before sleep mode is exited from, subscribed to by FRIENDS and NDM.
 +
|-
 +
| 0x302
 +
| Unknown. Signaled by nwm/AC module.
 +
|-
 +
| 0x303
 +
| Unknown. Subscribed to by CECD module.
 +
|-
 +
| 0x304
 +
| Unknown. Subscribed to by CECD module.
 
|}
 
|}