215
edits
Changes
Jump to navigation
Jump to search
mLine 9:
Line 9: − + − + − + − + − + − + − + − + − + − + − + − + − + Line 55:
Line 55: + + + + + + + + + + + + + + + + + + + + + + + + + +
Complete the IPC signature for Command 5
| 0x0001....
| 0x0001....
| [[1.0.0-0]]
| [[1.0.0-0]]
| ?
| Shuts down LgyP9, puts ARM9 into a <code>while(1) svcSleepThread(1*1000*1000);</code> loop at the end of <code>main()</code>
|-
|-
| 0x00020080
| 0x00020080
| [[1.0.0-0]]
| [[1.0.0-0]]
| (u64 application_titleID) This launches the specified TWL title. Eventually this will wait for command 0x00040080 to be sent.
| PrepareArm9ForTwl(u64 application_titleID) This launches the specified TWL title.
|-
|-
| 0x00030080
| 0x00030080
| [[1.0.0-0]]
| [[1.0.0-0]]
| (u64 application_titleID) This launches the specified GBA VC title.
| PrepareArm9ForAgb(u64 application_titleID) This launches the specified GBA VC title. On success, returns u64 GBA VC title exeFS .code length in cmdbuf[2].
|-
|-
| 0x00040080
| 0x00040080
| [[1.0.0-0]]
| [[1.0.0-0]]
|
| Process9 will eventually wait for the ARM11 to send this command, see [[FIRM|here]]. The command input parameters are not used.
|-
|-
| 0x0005....
| 0x00050040
| [[1.0.0-0]]
| [[1.0.0-0]]
| ?
| (u8 unk) Does some lowlevel sd/emmc register setting (different for unk=0 and unk=1). If unk=1, sets a flag, code ran during the pxi main-func loop detects this and calls <code>svcKernelSetState(2,0)</code>.
|-
|-
| 0x0006....
| 0x0006....
| [[1.0.0-0]]
| [[1.0.0-0]]
| ?
| (DateTime datetimetoset,u8 shouldRead) - Sets the P9 date/time (calling the same function used by cmd 0xA for this), then reads (if shouldRead is not 0) or writes (if shouldRead is 0) ARM7_RTC_LO/HI registers to or from agbsave_in_ram+0x60. AgbBg doesn't appear to use this command at all.
|-
|-
| 0x0007....
| 0x0007....
| [[1.0.0-0]]
| [[1.0.0-0]]
| ?
| Returns u8, IsSdCardInserted maybe?
|-
|-
| 0x0008....
| 0x0008....
| [[1.0.0-0]]
| [[1.0.0-0]]
| ?
| Stubbed, returns 0xE0C0EC03...
|-
|-
| 0x0009....
| 0x0009....
| [[1.0.0-0]]
| [[1.0.0-0]]
| ?
| Stubbed, returns 0xE0C0EC03...
|-
|-
| 0x000A....
| 0x000A....
| [[1.0.0-0]]
| [[1.0.0-0]]
| ?
| Sets Process9's internal date/time, see below.
|-
|-
| 0x000B0040
| 0x000B0240
| [[1.0.0-0]]
| [[1.0.0-0]]
| This is used for TWL initialization, prior to using command 0x00020080.
| This is used for TWL initialization, prior to using command 0x00020080. Arguments: u8 <2 if card, else 3>, u8 <bit 1 from firmlaunchparams+0x460>, u64 tid, u8 bannerHmac[0x14]
|-
|-
| 0x000C0800
| 0x000C0800
| This writes the input 0x80-byte ASCII data to [[Flash_Filesystem|nand:/rw/sys/lgy.log]].
| This writes the input 0x80-byte ASCII data to [[Flash_Filesystem|nand:/rw/sys/lgy.log]].
|}
|}
This PXI service seems to be based on [[Development Services PXI]]. Commands 0x8 and 0x9 in both are stubbed with the same function (returns 0xE0C0EC03), commands that seem useless under NATIVE_FIRM have a purpose on legacy FIRMs (command 0xC does some "unnecessary copying to stack" on NATIVE_FIRM, but this same copy (0x80-bytes) is used to write to lgy.log on legacy FIRMs), and commands that are essential (and only useful) on legacy FIRMs (0x2 and 0x3) are stubbed completely on NATIVE_FIRM.
=Command 0x2=
This does the following:
* Waits for an u8 state field to become non-zero.
* Clears DSi memory, etc.
* Loads the DS(i) application specified by the command request titleID. If this fails, it immediately returns the error for this.
* Initializes the DSi memory at 0x02fe7000 and 0x02fffc00.
* Loads the TWL launcher located at physical address [[Memory_layout|0x27C00000]], which was written there by the TwlBg ARM11 process.
* Loads the TWL bootloader, see [[FIRM|here]].
* Initializes DSi memory/keys, [[IO_Registers|0x10018000]] registers, etc.
* Writes value 0x3 to [[CONFIG_Registers|REG_BOOTENV]], and value 0x1 to an u8 state field.
* Uses [[SVC|svcSignalEvent]], then returns.
=Command 0xA=
This takes 3 arguments, which are the following structure packed into 12 bytes (no padding):
s32 year;
s8 month;
s8 day;
s8 day_of_week; // Sunday = 0, up to Saturday = 6
s8 hour;
s8 minute;
s8 second;
s16 ms;
This should be the current date/time (AgbBg seems to get it from MCU); it's converted from this structure into milliseconds, and saved into .data. Another .data variable is set from svcGetSystemTick by this command, and another function in (LGY) P9 essentially does <code>return date_time_set_from_this_command + ticks_to_ms(svcGetSystemTick() - systemtick_from_this_command);</code> to get the current date&time.