|
|
| (19 intermediate revisions by 8 users not shown) |
| Line 1: |
Line 1: |
| − | {{stub}}
| + | #REDIRECT [[IOS]] |
| − | There are 2 types of syscalls:
| |
| − | | |
| − | 1. Syscalls using undefined ARM instruction.
| |
| − | | |
| − | 2. Syscalls using ARM syscall instruction.
| |
| − | | |
| − | == Syscalls (via undefined instructions) ==
| |
| − | Similarly to the Wii's IOS, the IOSU uses a syscall table that is stored toward the end of the kernel area inside the main ARM binary (fw.img).
| |
| − | | |
| − | The second vector is the invalid instruction handler, which is used to implement syscalls:
| |
| − | fw:FFFF0000 LDR PC, =_reset
| |
| − | fw:FFFF0004 LDR PC, =starbuck_syscall_handler
| |
| − | | |
| − | The Starbuck syscall handler:
| |
| − | starbuck_syscall_handler
| |
| − | STMFA SP, {R0-LR}^
| |
| − | MRS R8, SPSR
| |
| − | STR R8, [SP]
| |
| − | STR LR, [SP,#0x40]
| |
| − | LDR R10, [LR,#-4] ; R10 = E7F0XXXX (the invalid instruction)
| |
| − | BIC R9, R10, #0xFF00
| |
| − | LDR R8, =0xE7F000F0 ; Syscall base
| |
| − | CMP R9, R8 ; Were any bits set other than the syscall number
| |
| − | BNE invalid_syscall
| |
| − | MOV R10, R10,ASR#8
| |
| − | AND R10, R10, #0xFF
| |
| − | CMP R10, #0x94 ; Max index of syscall (can possibly vary)
| |
| − | BGT return_to_caller
| |
| − | MOV R8, SP
| |
| − | MOV R11, #0x1F
| |
| − | MSR CPSR_c, R11 ; Switch to system mode and disable FIQ/IRQ
| |
| − | LDR R8, [R8,#0x44]
| |
| − | LDR R11, =syscall_stack_arg_counts
| |
| − | LDR R11, [R11,R10,LSL#2] ; Number of args on stack for this syscall
| |
| − | ADD SP, SP, R11,LSL#2
| |
| − | get_stack_arg
| |
| − | CMP R11, #0
| |
| − | BEQ find_syscall_and_jump
| |
| − | LDR R9, [SP,#-4]! ; Copy argument value
| |
| − | STR R9, [R8,#-4]!
| |
| − | SUB R11, R11, #1
| |
| − | B get_stack_arg
| |
| − | find_syscall_and_jump
| |
| − | MOV SP, R8
| |
| − | LDR R11, =syscall_table
| |
| − | LDR R11, [R11,R10,LSL#2]
| |
| − | MOV LR, PC
| |
| − | BX R11
| |
| − | return_to_caller
| |
| − | MOV R11, #0xDB ; Switch to undefined mode and re-enable FIQ/IRQ
| |
| − | MSR CPSR_c, R11
| |
| − | LDR R11, [SP]
| |
| − | MSR SPSR_cxsf, R11
| |
| − | MOV LR, R0
| |
| − | LDMED SP, {R0-LR}^
| |
| − | NOP
| |
| − | MOV R0, LR
| |
| − | LDR LR, [SP,#0x40]
| |
| − | MOVS PC, LR ; Return
| |
| − | invalid_syscall
| |
| − | LDR SP, =current_thread_ctx_addr
| |
| − | LDR SP, [SP]
| |
| − | STR LR, [SP,#0x40]
| |
| − | ADD SP, SP, #0x40
| |
| − | STMFD SP, {R0-LR}^
| |
| − | SUB R0, SP, #0x40
| |
| − | MOV LR, #6 ; STATE_FAULTED
| |
| − | STR LR, [R0,#0x50]
| |
| − | LDR SP, =debug_args_addr
| |
| − | BL debug_print ; Illegal Instruction:tid=%d,pid=%d,pc=0x%08x,sp=0x%08x
| |
| − | B schedule_yield
| |
| − | | |
| − | Syscalls are invoked by way of the invalid instruction handler; syscalls take the form 0xE7F000F0 | (syscall_num << 8). (E.g. E7F000F0 is syscall 0, E7F036F0 is syscall 0x36, etc.).<br>
| |
| − | The IOSU currently has 0x94 available syscalls (the number of installed syscalls can vary between system versions).<br><br>
| |
| − | NOTE: Official syscall names begin with "IOS_", the rest are merely educated guesses.
| |
| − | | |
| − | {|border=1
| |
| − | |-
| |
| − | ! ID # !! Internal name !! Description !! Return value
| |
| − | |-
| |
| − | | 0x00 || int IOS_CreateThread(u32 (*proc)(void* arg), void* arg, u32* stack_top, u32 stacksize, int priority, BOOL detached) || Creates a thread (in paused state) || New threadid or error (negative value)
| |
| − | |-
| |
| − | | 0x01 || int thread_join(int threadid, u32 *returned_value) || Waits for a thread to finish executing || 0 on success
| |
| − | |-
| |
| − | | 0x02 || int thread_cancel(int threadid, u32 unk) || Cancels an active thread || 0 on success
| |
| − | |-
| |
| − | | 0x03 || int get_tid() || Get the current thread's ID || Current threadid
| |
| − | |-
| |
| − | | 0x04 || void* access_ipc_buffer_pool() || Gets the per-thread IPC buffer pool's address || The IPC buffer pool address value
| |
| − | |-
| |
| − | | 0x05 || int get_pid() || Get the current process' ID || Current processid
| |
| − | |-
| |
| − | | 0x06 || int get_process_name(int pid, char *out_buffer, u32 out_size) || Get the specified process' name string || 0 on success
| |
| − | |-
| |
| − | | 0x07 || int IOS_StartThread(int threadid) || Resume the specified thread || 0 on success
| |
| − | |-
| |
| − | | 0x08 || int thread_suspend(int threadid) || Suspend the specified thread || 0 on success
| |
| − | |-
| |
| − | | 0x09 || int thread_yield() || Yield execution to any higher priority threads || 0 on success
| |
| − | |-
| |
| − | | 0x0A || int IOS_GetThreadPriority(int threadid) || Get the priority of the specified thread || The thread's priority or error (negative value)
| |
| − | |-
| |
| − | | 0x0B || int IOS_SetThreadPriority(int threadid, int priority) || Set the priority of the specified thread || 0 on success
| |
| − | |-
| |
| − | | 0x0C || int IOS_CreateMessageQueue(u32 *ptr, u32 n_msgs) || Create a queue at ptr, for n_msgs messages || The queue ID
| |
| − | |-
| |
| − | | 0x0D || int IOS_DestroyMessageQueue(int queueid) || Destroy a message queue || 0 on success
| |
| − | |-
| |
| − | | 0x0E || int IOS_SendMessage(int queueid, u32 message, u32 flags) || Add a message to the end queue || 0 on success
| |
| − | |-
| |
| − | | 0x0F || int IOS_JamMessage(int queueid, u32 message, u32 flags) || Add a message to the front of a queue || 0 on success
| |
| − | |-
| |
| − | | 0x10 || int IOS_ReceiveMessage(int queueid, u32 *message, u32 flags) || Fetch a message from the front of a queue || 0 on success
| |
| − | |-
| |
| − | | 0x11 || int IOS_HandleEvent(int device, int queueid, int message) || Register queueid as a handler for interrupts generated by device (sends message to queueid when device's interrupt is triggered) || 0 on success
| |
| − | |-
| |
| − | | 0x12 || int unregister_event_handler(int device) || Unregister handler for device || 0 on success
| |
| − | |-
| |
| − | | 0x13 || int IOS_CreateTimer(int time_us, int repeat_time_us, int queueid, u32 message) || Create a timer that sends a message to a queue after the elapsed period(s) || Timerid or error (negative value)
| |
| − | |-
| |
| − | | 0x14 || int IOS_RestartTimer(int timerid, int time_us, int repeat_time_us) || Restart a timer using the specified period(s) || 0 on success
| |
| − | |-
| |
| − | | 0x15 || int IOS_StopTimer(int timerid) || Pauses the specified timer || 0 on success
| |
| − | |-
| |
| − | | 0x16 || int IOS_DestroyTimer(int timerid) || Destroys the specified timer || 0 on success
| |
| − | |-
| |
| − | | 0x17 || u32 get_timestamp() || Get the current timestamp || The current timestamp value
| |
| − | |-
| |
| − | | 0x18 || u32 time_now() || Fetch the current value of the Starbuck's timer || The current value of the timer register
| |
| − | |-
| |
| − | | 0x19 || int IOS_GetUpTimeStruct(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x1A || int IOS_GetUpTime64(u64 *out_buf) || Returns the current time in wide format || 0 on success
| |
| − | |-
| |
| − | | 0x1B || int set_rtc_counter(u64 *in_buf) || Sets the RTC counter used by MCP (can only be called by MCP) || 0 on success
| |
| − | |-
| |
| − | | 0x1C || int IOS_GetAbsTimeCalendar(void *out_buf) || Returns the current date and time in a 0x18 sized struct (0x00: year; 0x04: day; 0x08: month; 0x0C: hour; 0x10: minute; 0x14: second) || 0 on success
| |
| − | |-
| |
| − | | 0x1D || int IOS_GetAbsTime64(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x1E || int IOS_GetAbsTimeStruct(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x1F || int set_fault_behavior(int pid, u32 flag) || Enables or disables raising a panic when a system fault occurs in the specified process || 0 on success
| |
| − | |-
| |
| − | | 0x20 || int get_key_type() || Gets the key type from the OTP (only 0 is valid) || 0 on success
| |
| − | |-
| |
| − | | 0x21 || int check_jtag() || Get the current status of the JTAG || 0 if JTAG is enabled or -4 if disabled
| |
| − | |-
| |
| − | | 0x22 || int read_otp(int index, void *out_buf, u32 size) || Read data from the OTP || 0 on success
| |
| − | |-
| |
| − | | 0x23 || int heap_create(void *ptr, int size) || Create a new heap at ptr of size bytes || The heapid or error (negative value)
| |
| − | |-
| |
| − | | 0x24 || int IOS_CreateLocalProcessHeap(void *ptr, int size) || Create a new local process heap of size bytes || The heap ID or error (negative value)
| |
| − | |-
| |
| − | | 0x25 || int IOS_CreateCrossProcessHeap(int size) || Create a new cross process heap of size bytes || The heap ID or error (negative value)
| |
| − | |-
| |
| − | | 0x26 || int heap_destroy(int heapid) || Destroy the specified heap || 0 on success
| |
| − | |-
| |
| − | | 0x27 || void* IOS_Alloc(int heapid, u32 size) || Allocate size bytes from the specified heap || Pointer to memory
| |
| − | |-
| |
| − | | 0x28 || void* heap_alloc_aligned(int heapid, u32 size, u32 align) || Allocate size bytes from the specified heap with the requested alignment || Pointer to aligned memory
| |
| − | |-
| |
| − | | 0x29 || void IOS_Free(int heapid, void *ptr) || Release allocated memory back to the heap || 0 on success
| |
| − | |-
| |
| − | | 0x2A || void heap_free_and_clear(int heapid, void *ptr) || Same as IOS_Free, but clears the contents of ptr || 0 on success
| |
| − | |-
| |
| − | | 0x2B || int heap_expand(int heapid, void *ptr, u32 size) || Expands an allocated memory block by size bytes || 0 on success
| |
| − | |-
| |
| − | | 0x2C || int IOS_RegisterResourceManager(const char* device, int queueid) || Registers device to the device tree, so it can be opened (from ARM and PPC) || 0 on success
| |
| − | |-
| |
| − | | 0x2D || int device_associate(const char* device, int internal_id) || Associates a device to the specified internal IOS ID || 0 on success
| |
| − | |-
| |
| − | | 0x2E || int device_set_flags(const char* device, u32 flags) || Sets some flags in the device's internal structure || 0 on success
| |
| − | |-
| |
| − | | 0x2F || int set_client_capabilities(int client_pid, int feature_id, u32 *masks) || Sets the client's capability masks/permissions (can only be called by MCP) || 0 on success
| |
| − | |-
| |
| − | | 0x30 || int clear_client_capabilities(int client_pid) || Clears the client's capability masks/permissions (can only be called by MCP) || 0 on success
| |
| − | |-
| |
| − | | 0x31 || int query_client_capabilities(int client_pid, int feature_id, void *out_buffer) || Gets the client's capability masks/permissions (out_buffer gets 0x08 bytes; mask1 and mask2) || 0 on success
| |
| − | |-
| |
| − | | 0x32 || int query_feature_id(int feature_id, int out_count, void *out_buffer) || Retrieves information associated with a feature_id (out_buffer receives out_count * 0x34 bytes structures with the client pid, busy close violations count, active TXN count and open handles count) || 0 on success
| |
| − | |-
| |
| − | | 0x33 || int IOS_Open(const char* device, int mode) || Similar to IOS_Open on PPC, except now internal to the IOSU system || Returns an fd or error (negative)
| |
| − | |-
| |
| − | | 0x34 || int IOS_Close(int fd) || Close a previously opened fd || 0 on success
| |
| − | |-
| |
| − | | 0x35 || int IOS_Read(int fd, void *buf, u32 len) || Read len bytes from fd into buf || The number of bytes read or error
| |
| − | |-
| |
| − | | 0x36 || int IOS_Write(int fd, const void *buf, u32 len) || Write len bytes to fd from buf || The number of bytes written or error
| |
| − | |-
| |
| − | | 0x37 || int IOS_Seek(int fd, int offset, int origin) || Seek to offset relative to origin || The new absolute offset or error
| |
| − | |-
| |
| − | | 0x38 || int IOS_Ioctl(int fd, u32 request, void *input_buffer, u32 input_buffer_len, void *output_buffer, u32 output_buffer_len) || Perform the requested IOCTL || Return value from IOCTL
| |
| − | |-
| |
| − | | 0x39 || int IOS_Ioctlv(int fd, u32 request, u32 vector_count_in, u32 vector_count_out, struct iovec *vector) || Perform the requested IOCTL || Return value from IOCTL
| |
| − | |-
| |
| − | | 0x3A || int IOS_OpenAsync(const char* device, int mode, int queueid, ipcmessage *message) || Async implementation of IOS_Open || 0 on success, ipcmessage is sent to the queue with the command's return value
| |
| − | |-
| |
| − | | 0x3B || int IOS_CloseAsync(int fd, int queueid, ipcmessage *message) || Async implementation of IOS_Close || 0 on success
| |
| − | |-
| |
| − | | 0x3C || int IOS_ReadAsync(int fd, void *buf, u32 len, int queueid, ipcmessage *message) || Async implementation of IOS_Read || 0 on success
| |
| − | |-
| |
| − | | 0x3D || int IOS_WriteAsync(int fd, const void *buf, u32 len, int queueid, ipcmessage *message) || Async implementation of IOS_Write || 0 on success
| |
| − | |-
| |
| − | | 0x3E || int IOS_SeekAsync(int fd, int offset int origin, int queueid, ipcmessage *message) || Async implementation of IOS_Seek || 0 on success
| |
| − | |-
| |
| − | | 0x3F || int IOS_IoctlAsync(int fd, u32 request, void *input_buffer, u32 input_buffer_len, void *output_buffer, u32 output_buffer_len, int queueid, ipcmessage *message) || Async implementation of IOS_Ioctl || 0 on success
| |
| − | |-
| |
| − | | 0x40 || int IOS_IoctlvAsync(int fd, u32 request, u32 vector_count_in, u32 vector_count_out, struct iovec *vector, int queueid, ipcmessage *message) || Async implementation of IOS_Ioctlv || 0 on success
| |
| − | |-
| |
| − | | 0x41 || int open_as_async(???) || ||
| |
| − | |-
| |
| − | | 0x42 || int write_as_async(???) || ||
| |
| − | |-
| |
| − | | 0x43 || int ipc_resume(???) || ||
| |
| − | |-
| |
| − | | 0x44 || int ipc_suspend(???) || ||
| |
| − | |-
| |
| − | | 0x45 || int ipc_svcmsg(???) || ||
| |
| − | |-
| |
| − | | 0x46 || int ipc_resume_async(???) || ||
| |
| − | |-
| |
| − | | 0x47 || int ipc_suspend_async(???) || ||
| |
| − | |-
| |
| − | | 0x48 || int ipc_svcmsg_async(???) || ||
| |
| − | |-
| |
| − | | 0x49 || int IOS_ResourceReply(void *ipc_handle, u32 result) || Reply back through the IPC handle || 0 on success
| |
| − | |-
| |
| − | | 0x4A || int set_proc_unk_params(int pid, u32 param1, u32 param2, u32 param3) || Sets some unknown parameters on the specified process' internal structure || 0 on success
| |
| − | |-
| |
| − | | 0x4B || int get_proc_unk_params(int pid, u32 *out_buf1, u32 *out_buf2) || Gets some unknown parameters from the specified process' internal structure || 0 on success
| |
| − | |-
| |
| − | | 0x4C || int ahbMemFlush(int ahb_dev) || Performs some additional checks and calls ahb_flush_from || 0 on success
| |
| − | |-
| |
| − | | 0x4D || int ahb_flush_from(int ahb_dev) || Performs AHB memory flushing || 0 on success
| |
| − | |-
| |
| − | | 0x4E || int ahb_flush_check(int ahb_dev) || Checks for valid device masks || 0 on success
| |
| − | |-
| |
| − | | 0x4F || int ahb_flush_to(int ahb_dev) || Performs AHB memory flushing || 0 on success
| |
| − | |-
| |
| − | | 0x50 || int IOS_ClearandEnable(int id) || Enables hardware interrupts (IRQs) for the specified device || 0 on success
| |
| − | |-
| |
| − | | 0x51 || int access_iobuf_pool(int unk) || Unused || Always 0
| |
| − | |-
| |
| − | | 0x52 || struct iobuf *alloc_iobuf(int unk, u32 buf_size) || Allocate an iobuf || NULL on error
| |
| − | |-
| |
| − | | 0x53 || int free_iobuf(struct iobuf *iob) || Free an allocated iobuf || 0 on success
| |
| − | |-
| |
| − | | 0x54 || void iobuf_log_header_info() || Unused || Nothing
| |
| − | |-
| |
| − | | 0x55 || void iobuf_log_buffer_info() || Unused || Nothing
| |
| − | |-
| |
| − | | 0x56 || void *extend_iobuf(struct iobuf *iob, unsigned short num) || Extend the data in the buffer by num bytes || Pointer to extended area
| |
| − | |-
| |
| − | | 0x57 || void *IOS_PushIob(struct iobuf *iob, unsigned short num) || Move head pointer num bytes towards the buffer end || Old head pointer
| |
| − | |-
| |
| − | | 0x58 || void *IOS_PullIob(struct iobuf *iob, unsigned short num) || Move head pointer num bytes towards the buffer start || Old head pointer
| |
| − | |-
| |
| − | | 0x59 || int verify_iobuf(struct iobuf *iob) || Verify if the argument points to an iobuf || 0 on success
| |
| − | |-
| |
| − | | 0x5A || struct iobuf *copy_iobuf(struct iobuf *iob) || Copy an iobuf into the pool || Itself
| |
| − | |-
| |
| − | | 0x5B || void IOS_InvalidateDCache(void *ptr, unsigned int len) || Invalidate data cache || Nothing
| |
| − | |-
| |
| − | | 0x5C || void IOS_FlushDCache(void *ptr, unsigned int len) || Flush data cache || Nothing
| |
| − | |-
| |
| − | | 0x5D || int execute_privileged(void *address) || Disables memory protection, cleans up executable memory areas and branches to the specified address || 0 on success
| |
| − | |-
| |
| − | | 0x5E || int get_unk_flags1(u32 *out_buf1, u16 *out_buf2) || Gets (u32*)out_buf1 = 0x03; (u16*)out_buf2 = 0x00 || 0 on success
| |
| − | |-
| |
| − | | 0x5F || int get_unk_flags2(u32 *out_buf1, u16 *out_buf2) || Gets (u32*)out_buf1 = 0x01; (u16*)out_buf2 = 0x00 || 0 on success
| |
| − | |-
| |
| − | | 0x60 || void* virt_to_phys(void *address) || Translate a virtual address to physical || The translated address
| |
| − | |-
| |
| − | | 0x61 || int IOS_CreateSemaphore(???) || ||
| |
| − | |-
| |
| − | | 0x62 || int IOS_WaitSemaphore(???) || ||
| |
| − | |-
| |
| − | | 0x63 || int IOS_SignalSemaphore(???) || ||
| |
| − | |-
| |
| − | | 0x64 || int IOS_DestroySemaphore(???) || ||
| |
| − | |-
| |
| − | | 0x65 || int flush_ipc_server() || Resets the ARM IPC control register's flags || 0 on success
| |
| − | |-
| |
| − | | 0x66 || int set_bsp_ready() || Tells the IOSU that BSP is ready || 0 on success
| |
| − | |-
| |
| − | | 0x67 || int check_ios_addr_range(void *address, u32 size, u32 rw_flags) || Checks an IOSU address range for read/write permissions || 0 on success
| |
| − | |-
| |
| − | | 0x68 || int check_ppc_addr_range(void *address, u32 size) || Checks if a PPC address range is registered in the IOSU's address table || 0 on success
| |
| − | |-
| |
| − | | 0x69 || int init_mem1_ppc() || Fills range 0x00000000 to 0x00002000 in MEM1 with empty PPC branches || Always 0
| |
| − | |-
| |
| − | | 0x6A || int get_iop_cpu_utilization(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x6B || int get_thread_stack_info(int tid, u32 *out_buf) || Gets information on the specified thread's stack:<br>0x00(out_buf) == sys stack base<br> 0x04(out_buf) == sys stack size (0x400)<br>0x08(out_buf) == sys stack used space<br>0x0C(out_buf) == user stack base<br>0x10(out_buf) == user stack size<br>0x14(out_buf) == user stack used space || 0 on success
| |
| − | |-
| |
| − | | 0x6C || int IOS_ThreadProfileCommand(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x6D || int IOS_GetThreadUtilization(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x6E || int dump_thread_context(int tid, u32 *out_buf) || Dumps the specified thread's context structure || 0 on success
| |
| − | |-
| |
| − | | 0x6F || int dump_thread_profile(int tid_count, u32 *out_buf) || Dumps profiling information for each thread up to a specified count || Number of dumped threads
| |
| − | |-
| |
| − | | 0x70 || int dump_iobuf_context(int iobuf_id, u32 *out_buf) || Dumps the specified iobuf's context structure || 0 on success
| |
| − | |-
| |
| − | | 0x71 || int IOS_GetIobPoolsUtilization(int iobuf_count, u32 *out_buf) || Dumps iobuf's pools utilization for each iobuf up to a specified count || Size of each used pool
| |
| − | |-
| |
| − | | 0x72 || int IOS_GetMessageUtilization(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x73 || int get_aggregate_resource_utilization(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x74 || int get_per_process_resource_utilization(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x75 || int IOS_GetTimerUtilization(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x76 || int IOS_GetSemaphoreUtilization(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x77 || int get_heap_profile(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x78 || int set_iop2x_state(u32 state) || Sets the state of an unknown feature from BSP || 0 on success
| |
| − | |-
| |
| − | | 0x79 || int set_ppc_boot_params(void *params) || Registers the supplied address as a pointer for setting up the PPC boot parameters || 0 on success
| |
| − | |-
| |
| − | | 0x7A || void get_debug_register_value() || Stores the value from LT_DEBUG register in the IOSU heap || Nothing
| |
| − | |-
| |
| − | | 0x7B || void clear_debug_register_value() || Clears the LT_DEBUG register || Nothing
| |
| − | |-
| |
| − | | 0x7C || void set_debug_register_value(u32 value) || Sets the value of the LT_DEBUG register || Nothing
| |
| − | |-
| |
| − | | 0x7D || int check_debug_flag(u32 flag) || Checks if the supplied flag is enabled in the LT_DEBUG register copy on the IOSU heap || The flag value if enabled or 0 if disabled
| |
| − | |-
| |
| − | | 0x7E || void ios_reset(int unk) || Resets the IOSU || Nothing
| |
| − | |-
| |
| − | | 0x7F || void ios_panic(char *panic_desc, u32 panic_desc_size) || Issues a system panic (with optional description string) || Nothing
| |
| − | |-
| |
| − | | 0x80 || void ios_shutdown() || Issues a shutdown request || Nothing
| |
| − | |-
| |
| − | | 0x81 || void set_panic_behavior(int flag) || Changes the system behavior on panic:<br>flag is 0 -> crash on panic<br>flag is 1 -> reset on panic<br>flag is 2 -> reset EXI as well || Nothing
| |
| − | |-
| |
| − | | 0x82 || int set_syslog_buffer(void *log_buf) || Sets up the system log buffer in the IOSU heap || 0 on success
| |
| − | |-
| |
| − | | 0x83 || int load_ppc_kernel(u32 address, u32 size) || Maps the PPC kernel image memory:<br>address == 0x08000000<br>size == 0x00120000 || 0 on success
| |
| − | |-
| |
| − | | 0x84 || int load_ppc_app(int mem_id, u32 addr1, u32 size1, u32 addr2, u32 size2) || Maps the PPC user application memory:<br>mem_id == 0x02<br>addr1 == 0x00<br>size1 == 0x00<br>addr2 == 0xA8000000<br>size2 == 0x28000000 || 0 on success
| |
| − | |-
| |
| − | | 0x85 || int set_security_level(int level) || Sets the master title security level:<br>0x1E is normal<br>0x0A is TEST<br>0x14 is unknown || 0 on success
| |
| − | |-
| |
| − | | 0x86 || int get_security_level() || Gets the master title security level || The security level
| |
| − | |-
| |
| − | | 0x87 || int get_open_resource_handles(int out_count, void *out_buffer, int pid) || Finds open resource handles for the specified pid (out_buffer receives out_count * 0x2C bytes structures with the handle number, handle path and more) || 0 on success
| |
| − | |-
| |
| − | | 0x88 || int set_main_title_sdk_version(int version) || Sets the master title's SDK/kernel version || 0 on success
| |
| − | |-
| |
| − | | 0x89 || int get_main_title_sdk_version() || Gets the master title's SDK/kernel version || The SDK/kernel version
| |
| − | |-
| |
| − | | 0x8A || int get_dynamic_heap_access(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x8B || int start_gpu_config_validation(void *out_buf, u32 size, int queue_id, int unk) || Validates the current GPU configuration using a message queue. Sends a pointer that is populated by the IOSU with the GPU configuration parameters (using GPIO) || 0 on success
| |
| − | |-
| |
| − | | 0x8C || int finish_gpu_config_validation(int queue_id, bool do_panic) || Resets the buffer sent to the IOSU and invalidates the associated queue ID. Also looks for any errors raised due to a bad configuration state and throws a panic if specifically told to do so || 0 on success
| |
| − | |-
| |
| − | | 0x8D || int return_null() || Unused || Always 0
| |
| − | |-
| |
| − | | 0x8E || int get_resource_violations(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x8F || int device_get_client_handles(char *dev_node) || Returns the number of client handles created in the specified dev node || The number of active client handles
| |
| − | |-
| |
| − | | 0x90 || int device_disable_registration(bool do_disable) || Prevents any future dev node from being registered || An error code (0xFFFFFFE3)
| |
| − | |-
| |
| − | | 0x91 || int get_pending_resource_requests(???) || || 0 on success
| |
| − | |-
| |
| − | | 0x92 || int load_cafe2wii() || Maps the cafe2wii image memory || 0 on success
| |
| − | |-
| |
| − | | 0x93 || void exi_reset() || Resets the EXI for the PPC side || Nothing
| |
| − | |}
| |
| − | | |
| − | == Syscalls (via ARM syscall instruction) ==
| |
| − | These types of syscalls are created with the ARM syscall instruction. The exception handler is empty and just do nothing and returns. These syscalls are [http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0471c/Bgbjhiea.html RealView semihosting operations] that allow communication with a debugger.<br>
| |
| − | Currently only syscall 0x04 is still used in production versions of IOSU.
| |
| − | | |
| − | <source lang="c">
| |
| − | MOVS r0, #syscall_number
| |
| − | SVC 0xAB
| |
| − | </source>
| |
| − | | |
| − | Register r0 takes the syscall number.<br>
| |
| − | Register r1 takes the first parameter.
| |
| − | | |
| − | {|border=1
| |
| − | |-
| |
| − | ! ID # !! Internal name !! Description !! Return value
| |
| − | |-
| |
| − | | 0x01 || || unused ||
| |
| − | |-
| |
| − | | 0x02 || || unused ||
| |
| − | |-
| |
| − | | 0x03 || || unused ||
| |
| − | |-
| |
| − | | 0x04 || write(const char *string) || Prints a null-terminated debug message || None
| |
| − | |-
| |
| − | | 0x05 || || unused ||
| |
| − | |-
| |
| − | | 0x06 || || unused ||
| |
| − | |-
| |
| − | | 0x07 || || unused ||
| |
| − | |-
| |
| − | | 0x08 || || unused ||
| |
| − | |-
| |
| − | | 0x09 || || unused ||
| |
| − | |-
| |
| − | | 0x0A || || unused ||
| |
| − | |-
| |
| − | | 0x0C || || unused ||
| |
| − | |-
| |
| − | | 0x0D || || unused ||
| |
| − | |-
| |
| − | | 0x0E || || unused ||
| |
| − | |-
| |
| − | | 0x0F || || unused ||
| |
| − | |-
| |
| − | | 0x10 || || unused ||
| |
| − | |-
| |
| − | | 0x11 || || unused ||
| |
| − | |-
| |
| − | | 0x12 || || unused ||
| |
| − | |-
| |
| − | | 0x13 || || unused ||
| |
| − | |-
| |
| − | | 0x15 || || unused ||
| |
| − | |-
| |
| − | | 0x16 || || unused ||
| |
| − | |-
| |
| − | | 0x30 || || unused ||
| |
| − | |-
| |
| − | | 0x31 || || unused ||
| |
| − | |}
| |