Changes

SVC (edit)

Revision as of 06:34, 2 October 2017

3,366 bytes added , 06:34, 2 October 2017

→‎GetProcessInfo

Line 433: Line 433:

| style="background: green" | Yes

| Break(BreakReason reason)

−

Break(BreakReason debugReason, ~~u32 debugParameter1~~, u32 ~~debugParameter2~~)

+

Break(BreakReason debugReason, const void* croInfo, u32 croInfoSize)

|

|-

Line 510: Line 510:

| style="background: red" | No

−

| Result [[IPC|ReplyAndReceive]](s32* index, Handle* handles, s32 handleCount, Handle replyTarget)

+

| Result [[IPC#svcReplyAndReceive|ReplyAndReceive]](s32* index, Handle* handles, s32 handleCount, Handle replyTarget)

|

|-

Line 575: Line 575:

| RestartDma(Handle, void *, void const*, unsigned int, signed char)

|

+

|-

+

| 0x59

+

| style="background: green" | Yes

+

| style="background: red" | No?

+

| style="background: red" | No

+

| SetGpuProt(s8 input_flag). Implemented with [[11.3.0-36|11.3.0-X]], see below.

+

|-

+

| 0x5A

+

| style="background: green" | Yes

+

| style="background: red" | No?

+

| style="background: red" | No

+

| SetWifiEnabled(s0 input_flag). Implemented with [[11.4.0-37|11.4.0-X]], see below.

|- style="border-top: double"

| 0x60

Line 636: Line 648:

| style="background: red" | No

−

| Result SetDebugThreadContext(Handle debug, u32 threadId, ThreadContext* context, u32 controlFlags)

+

| Result SetDebugThreadContext(Handle debug, u32 threadId, const ThreadContext* context, u32 controlFlags)

|

|-

Line 650: Line 662:

| style="background: red" | No

−

| Result ~~ReadDebugProcessMemory~~(void* buffer, Handle debug, u32 addr, u32 size)

+

| Result ReadProcessMemory(void* buffer, Handle debug, u32 addr, u32 size)

|

|-

Line 657: Line 669:

| style="background: red" | No

−

| Result ~~WriteDebugProcessMemory~~(Handle debug, void const* buffer, u32 addr, u32 size)

+

| Result WriteProcessMemory(Handle debug, void const* buffer, u32 addr, u32 size)

|

|-

Line 671: Line 683:

| style="background: red" | No

−

| [[Multi-threading#GetDebugThreadParam|~~GetDebugThreadParameter~~]](s64* unused, u32* out, Handle kdebug, u32 threadId, DebugThreadParameter param)

+

| [[Multi-threading#GetDebugThreadParam|GetDebugThreadParam]](s64* unused, u32* out, Handle kdebug, u32 threadId, DebugThreadParameter param)

|

|- style="border-top: double"

Line 685: Line 697:

| style="background: red" | No

−

| Result [[Memory Management#Memory_Mapping|MapProcessMemory]](Handle ~~KProcess~~, ~~unsigned int StartAddr~~, ~~unsigned int EndAddr~~)

+

| Result [[Memory Management#Memory_Mapping|MapProcessMemory]](Handle process, u32 startAddr, u32 size)

|

|-

Line 692: Line 704:

| style="background: red" | No

−

| Result [[Memory Management#Memory_Mapping|UnmapProcessMemory]](Handle ~~KProcess~~, ~~unsigned int StartAddr~~, ~~unsigned int EndAddr~~)

+

| Result [[Memory Management#Memory_Mapping|UnmapProcessMemory]](Handle process, u32 startAddr, u32 size)

|

|-

Line 860: Line 872:

|-

| u32

−

| Flags. Bit0 means that svcContinueDebugEvent needs to be called for this event ~~(except for EXIT PROCESS events, for which you need to call svcContinueDebugEvent even if this bit is clear)~~

+

| Flags. Bit0 means that svcContinueDebugEvent needs to be called for this event

|-

| u8[4]

Line 882: Line 894:

| 2

|-

−

| EXIT PROCESS

+

| EXIT PROCESS (1)

| 3

|-

Line 888: Line 900:

| 4

|-

−

| DLL LOAD *

+

| DLL LOAD (3)

| 5

|-

−

| DLL UNLOAD *

+

| DLL UNLOAD (3)

| 6

|-

−

| SCHEDULE IN **

+

| SCHEDULE IN (1) (2)

| 7

|-

−

| SCHEDULE OUT *

+

| SCHEDULE OUT (1) (2)

| 8

|-

−

| SYSCALL IN *

+

| SYSCALL IN (1) (2)

| 9

|-

−

| SYSCALL OUT *

+

| SYSCALL OUT (1) (2)

| 10

|-

Line 909: Line 921:

| 11

|-

−

| MAP *

+

| MAP (1) (2)

| 12

|}

−

<nowiki>*</nowiki> ~~Unused~~

+

<nowiki>(1)</nowiki> Non-blocking: all other events preempt and block all the threads of their process until they are continued.

+

<nowiki>(2)</nowiki> There is handling code in the kernel but nothing signal those events.

−

<nowiki>**</nowiki> ~~Referenced~~ but ~~never~~ used in ~~practise~~

+

<nowiki>(3)</nowiki> Completely removed from the kernel, but referenced in DMNT. Stubbed relocation code (e.g., in Process9 and in PXI sysmodule) and even whole libraries (e.g., in PXI sysmodule's .rodata section) seem to indicate that Nintendo used dynamic libraries early in system development.

When calling svcDebugActiveProcess, an ATTACH PROCESS debug event is signaled, then ATTACH THREAD for each of its opened threads, then finally ATTACH BREAK.

Line 989: Line 1,003:

| 1

|-

−

| ~~UNHANDLED EXCEPTION~~

+

| DEBUG TERMINATE

| 2

|}

Line 1,073: Line 1,087:

|-

| u32[2]

−

| ~~User-provided parameters~~ for ~~debug reasons, or 0~~

+

| Info for LOAD_RO and UNLOAD_RO

|}

Line 1,090: Line 1,104:

| 2

|-

−

| ~~DEBUG_ASSERT~~

+

| LOAD_RO

| 3

|-

−

| ~~DEBUG_USER~~

+

| UNLOAD_RO

| 4

|}

Line 1,102: Line 1,116:

! Field

|-

−

| [[KThread]]*[4]

+

| s32[4]

−

| ~~Pointers to~~ the attached process's that were running, on each core, at the time svcBreakDebugProcess ~~was called~~

+

| IDs of the attached process's threads that were running on each core at the time of the @ref svcBreakDebugProcess call, or -1 (only the first 2 values are meaningful on O3DS).

−

~~Only~~ the first ~~two entries~~ are ~~relevant~~ on O3DS.

|}

Line 1,270: Line 1,283:

| Yes

| No

−

| Arguments : <code>u64 firmTitleID</code> (~~O3DS~~) ~~or <code>u64 firmTitleID~~, ~~u32 unknown</code> (N3DS~~, ~~pm-module uses value 0 with this~~)

+

| Arguments : <code>u64 firmTitleID</code> (the high 32-bits of that title ID (0 when using N3DS pm) have a special meaning on N3DS, they're otherwise ignored, see below).

−

This initializes the programID for launching [[FIRM]], then triggers launching [[FIRM]]. With New3DS kernel, it forces the ~~programIDlow~~ to be the New3DS NATIVE_FIRM, when the input ~~programIDlow~~ is ~~for the Old3DS NATIVE_FIRM and Param2==0~~. On New3DS, the kernel disables the additional New3DS cache hw prior to calling the firmlaunch function from the <handler for the KernelSetState-types called via funcptr>.

+

This initializes the programID for launching [[FIRM]], then triggers launching [[FIRM]]. With New3DS kernel, it forces the firm title ID to be the New3DS NATIVE_FIRM, when the input firm title ID is 2. The high firm title ID is always set to 0x40138. On New3DS, the kernel disables the additional New3DS cache hw prior to calling the firmlaunch function from the <handler for the KernelSetState-types called via funcptr>.

|-

| 1

Line 1,300: Line 1,313:

| Used by kernelpanic. This makes core0 enter a WFI/B infinite loop. Threads that were created on core1 or core2 have their priority set to 0x3F, except if the thread was created on core1 and whose parent process (if any) has the "Runnable on sleep" [[NCCH/Extended_Header#ARM11_Kernel_Flags|ARM11 kernel flag]] set. Core1 threads with a priority of 0x40 without a parent process have their priority set to 0x3E.

−

Prior to first invoking this handler, ~~if and only if both~~ UNITINFO ~~and [[Configuration_Memory#0x1FF80015|0x1FF80015]] are not~~ 0, and if there is no [[LCD_Registers#Fill_Color|LCD fill]] set at the time kernelpanic is called, kernelpanic ~~fill~~ the top screen with ~~white (it does the same for~~ the bottom screen if the current process is running under the APPLICATION memregion).

+

Prior to first invoking this handler, the global variable holding <code>UNITINFO != 0</code> is true, and if there is no [[LCD_Registers#Fill_Color|LCD fill]] set at the time kernelpanic is called, kernelpanic fills the top screen with red and the bottom screen with either yellow (if the current process was running under the APPLICATION memregion) or red.

Before invoking this handler a second time, kernelpanic wait for the user to hold L+R+Start+Select down.

Line 1,308: Line 1,321:

| No

| Arguments: <code>u32 what, u64 val</code>

−

~~[[Configuration_Memory|0x1FF80015]] ("is devmode enabled")~~ needs to be ~~true~~.

+

UNITINFO needs to be non-zero for <code>what</code> 1 and 2.

If <code>what</code> is 0 or any invalid value, nothing is done.

−

If it is 1, <code>val != 0</code> is written to the global variable enabling ERR:F-format register dumps on user-mode CPU/VFP exceptions (the VFP exception handler acts as if this variable was always true and works on retail environments). The ~~function~~ handling ~~it reads fields from~~ the ~~faulted~~ or the main thread's TLS and ~~most often writes~~ the ~~data~~ structure on the ~~faulted thread's stack~~.

+

If it is 1, <code>val != 0</code> is written to the global variable enabling ERR:F-format register dumps on user-mode CPU/VFP exceptions (the VFP exception handler acts as if this variable was always true and works on retail environments). The user handler, stack pointer to use for exception handling, and pointer to use for the exception info structure are contiguously located in either the thread's TLS, or if the handler is NULL, in the main thread's TLS, at offset 0x40. If the specified stack pointer is 1, sp_usr - 0x5c is used instead; if the specified exception info buffer is 1, sp_usr - 0x5c is used instead, and if it is 0, <specified stack> - 0x5c is used (0x5c is the size of the exception info structure that is being pushed). Configured by NS on startup on dev-units (default being 0 on non-debugger/jtag units) using the 0x000F0000 configuration block in the [[Config_Savegame|config savegame]].

−

If 2, kernelpanic will be called when svcBreak is used by a non-attached process

+

If 2, kernelpanic will be called when svcBreak is used by a non-attached process. Configured by NS on startup on dev-units (default being 0 on non-debugger/jtag units) using the 0x000F0000 configuration block in the [[Config_Savegame|config savegame]].

If 3, this changes the scheduling/preemption mode (when no threads are being preempted, otherwise returns error 0xC8A01414), see [[KResourceLimit]] for more details.

Line 1,332: Line 1,345:

| Yes, implemented at some point after system-version v4.5.

| ?

−

| Argumens: <code>u64 ~~unk~~</code>.

+

| Argumens: <code>u64 titleID</code>.

−

~~Writes~~ <code>~~unk~~</code> ~~to some global variable, but~~ the ~~latter doesn't seem to be used anywhere else~~.

+

When creating a process, if the process has a non-zero TID equal to the parameter above (which is stored in a global variable), then KProcessHwInfo+0x32 ("process is the currently running app") is set to <code>true</code>.

+

Used by NS conditionally based on the contents of the [[NS CFA]].

|-

| 10

Line 1,423: Line 1,437:

| 7

|

−

| Returns 0

+

| Returns the number of threads of the process

|-

| 8

Line 1,429: Line 1,443:

| Returns the maximum number of threads which can be opened by this process (always 0)

|-

−

| 9-19

+

| 9-18

| [[8.0.0-18]]

| This only returns error 0xD8E007ED.

+

|-

+

| 19

+

| Stub: [[8.0.0-18]]. Implementation: [[11.3.0-36|11.3.0-X]].

+

| Originally this only returned 0xD8E007ED. Now with v11.3 this returns the memregion for the process: out low u32 = [[KProcess]] "Kernel flags from the exheader kernel descriptors" & 0xF00. High out u32 = 0.

|-

| 20

Line 1,460: Line 1,478:

|-

| 1

−

| Get internal refcount-1 for kernel object (~~u32~~), ~~and also a boolean if the refcount~~-~~1 is negative~~ (~~u32~~).

+

| Get internal refcount for kernel object (not counting the one this SVC adds internally to operate), sign-extended to 64 bits.

+

|-

+

| 2

+

| Unimplemented, returns an uninitialized u64 variable (corresponding to r5-r6, which were not altered outside of userland).

|-

| 0x32107

Line 1,468: Line 1,489:

= svc7B Backdoor =

This saves SVC-mode SP+LR on the user-mode stack, then sets the SVC-mode SP to the user-mode SP. This then calls the specified code in SVC-mode. Once the called code returns, this pops the saved SP+LR off the stack for restoring the SVC-mode SP, then returns from the svc7b handler. Note that this svc7b handler does not disable IRQs, if any IRQs/context-switches occur while the SVC-mode SP is set to the user-mode one here, the ARM11-kernel will crash(which hangs the whole ARM11-side system).

+

= svc 0x59 =

+

Implemented with [[11.3.0-36|11.3.0-X]]. Used with GSP module starting with that version. This always returns 0.

+

When input_flag is not 0x1, it will use value 0x0 internally. When a state field already matches input_flag, this will immediately return. Otherwise, after this SVC finishes running, it will write input_flag to this state field. GSP module uses 0x0 for APPLICATION-memregionid and 0x1 for non-APPLICATION-memregionid.

+

This writes "<nowiki>0x100 | <val></nowiki>" to [[CONFIG11_Registers#CFG11_GPUPROT|pdnregbase+0x140]], where val depends on input_flag and a kernel state field for [[Configuration_Memory|APPMEMTYPE]].

+

When input_flag is 0x1 val is fixed:

+

* Old3DS: 0x3

+

* New3DS: 0x460

+

Otherwise, val depends on the kernel APPMEMTYPE state field:

+

{| class="wikitable" border="1"

+

|-

+

! FIRM

+

! [[Memory_layout|APPMEMTYPE]]

+

! val

+

|-

+

| Old3DS

+

| 2

+

| 0x3

+

|-

+

| Old3DS

+

| 3

+

| 0x5

+

|-

+

| Old3DS

+

| 4

+

| 0x6

+

|-

+

| Old3DS

+

| Non-value-{2/3/4}

+

| 0x7

+

|-

+

| New3DS

+

| 7

+

| 0x490

+

|-

+

| New3DS

+

| Non-value-7

+

| 0x4F0

+

|}

+

This same register is also initialized during kernel boot starting with [[3.0.0-5]], with the following values:

+

* Old3DS: 0x103

+

* New3DS: 0x550

+

= svc 0x5A =

+

Like what NWM did previously, this one does the following:

+

if (in_flag)

+

CFG11_WIFICNT |= 1;

+

else

+

CFG11_WIFICNT &= ~1;

= Kernel error-codes =

Subv

68

edits

Changes

SVC (edit)

Revision as of 06:34, 2 October 2017

Navigation menu

Search