|
|
| Line 164: |
Line 164: |
| | | | |
| | This uses the hardware registers via the vaddr loaded with __OSPhysicalToEffectiveUncached(0x0C200000). The coreinit register r/w access code for this will only access the registers if OSIsECOMode() returns 0(when reading it would always return value 0 if that func-call returns non-zero). Internally the coreinit reg-access functions for this use word-offsets for the registers. The registers are accessed from there with the following: above_vaddr_base + (screenid<<9) + reg_wordoffset. | | This uses the hardware registers via the vaddr loaded with __OSPhysicalToEffectiveUncached(0x0C200000). The coreinit register r/w access code for this will only access the registers if OSIsECOMode() returns 0(when reading it would always return value 0 if that func-call returns non-zero). Internally the coreinit reg-access functions for this use word-offsets for the registers. The registers are accessed from there with the following: above_vaddr_base + (screenid<<9) + reg_wordoffset. |
| | + | |
| | + | OSFatal does the following for initializing the framebuffer addresses: "OSScreenSetBufferEx(0, 0xF4000000)" and "OSScreenSetBufferEx(1, 0xF4000000 + OSScreenGetBufferSizeEx(0))". |
| | + | |
| | + | The framebuffer addresses passed to OSScreenSetBufferEx must be 0x100-byte aligned(bitmask 0xff clear). The byte-size of each scanline in the framebuffers are 0x100-byte aligned as well. |
| | | | |
| | {| class="wikitable" | | {| class="wikitable" |
Revision as of 06:03, 10 December 2015
coreinit.rpl is the the system library that provides direct access to Cafe OS services. It provides kernel calls, thread scheduling, memory management, and filesystem services. coreinit is the first RPL loaded by the loader, even before the main executable itself.
Functions
Cache
| Name
|
Prototype
|
Description
|
| DCFlushRange
|
void DCFlushRange(const void *addr, size_t length);
|
Flush the specified data cache blocks to memory
|
| DCInvalidateRange
|
void DCInvalidateRange(void *addr, size_t length);
|
Invalidate the specified data cache blocks
|
| ICInvalidateRange
|
void ICInvalidateRange(const void *addr, size_t length);
|
Invalidate the specified instruction cache blocks
|
Disassembler
| Name
|
Prototype
|
Description
|
| DisassemblePPCOpcode
|
void DisassemblePPCOpcode(uint32_t *addr, char *instr_buf, int instr_len, find_symbol_t sym_func, int flags);
|
Disassemble a PPC opcode at addr and place it into instr_buf (instr_len must be 0x40 or lower)
|
| DisassemblePPCRange
|
void DisassemblePPCRange(uint32_t *start, uint32_t *end, printf_t printf_func, find_symbol_t sym_func, int flags);
|
Disassemble PPC instructions from start to end, printing them using printf_func() with various flags applied
|
Dynamic Linking
| Name
|
Prototype
|
Description
|
| OSDynLoad_Acquire
|
void OSDynLoad_Acquire(const char *rplname, uint32_t *handle);
|
Acquire a handle to an RPL by name
|
| OSDynLoad_FindExport
|
void OSDynLoad_FindExport(uint32_t handle, bool isdata, const char *symname, void **address);
|
Get a symbol address from a loaded RPL
|
Error
| Name
|
Prototype
|
Description
|
| OSFatal
|
void OSFatal(const char *msg);
|
Print a message to the screen and halts the system
|
Filesystem
| Name
|
Prototype
|
Description
|
Notes
|
| FSInit
|
void FSInit(void);
|
Initializes the FS library.
|
Must be called before anything else! Can be called multiple times safely.
|
| FSAddClient
|
int FSAddClient(void *client, int ret_flag);
|
Registers a new client for use.
|
Returns 0 if successful. Client size is 0x1700 bytes, should be 0x20 byte padded.
|
| FSInitCmdBlock
|
void FSInitCmdBlock(void *block);
|
Initializes a command block for use.
|
Command Block size is 0xA80 bytes, should be 0x20 byte padded.
|
Internal
| Name
|
Prototype
|
Description
|
| __os_snprintf
|
int __os_snprintf(char *buf, size_t n, const char *format, ... );
|
Format a string and place it in a buffer (just like snprintf())
|
Threads
| Name
|
Prototype
|
Description
|
| OSCreateThread
|
bool OSCreateThread(OSThread *thread, void (*entry)(int,void*), int argc, void *args, void *stack, size_t stack_size, int32_t priority, int16_t affinity);
|
Create a (initially-paused) thread that starts at the specified entry point
|
| OSResumeThread
|
void OSResumeThread(OSThread *thread);
|
Resume a paused thread, causing it to be scheduled
|
| OSYieldThread
|
void OSYieldThread(void);
|
Yield control of the CPU, allowing another thread to run
|
| OSGetCurrentThread
|
OSThread *OSGetCurrentThread(void);
|
Get the OSThread structure ptr for the current thread.
|
| OSSetThreadAffinity
|
uint32_t OSSetThreadAffinity(OSThread* thread, int16_t affinity);
|
Sets the affinity for the specified thread. Returns 0 for failure, 1 for success.
|
| OSGetCoreId
|
uint32_t OSGetCoreId(void);
|
Returns the PowerPC coreid this code is running on(value of spr1007).
|
Codegen
These functions are used for managing the codegen/JIT area which begins at virtual-memory address 0x01800000. The codegen area size, whether codegen can be used at all, and permissions/etc are loaded from cos.xml for the process. Hence, almost all processes which don't use WebKit don't have access to codegen. These permissions include the coreid which is allowed to use codegen at all(with Internet Browser this is core1). These permissions also seem to include whether the process is allowed to use OSCodegenCopy(Internet Browser isn't allowed to use it).
| Name
|
Prototype
|
Description
|
| OSGetCodegenVirtAddrRange
|
void OSGetCodegenVirtAddrRange(uint32_t *outaddr, uint32_t *outsize);
|
This calls syscall 0x4e00 then writes the output r3/r4 from the syscall, to outaddr/outsize. The outaddr value is codegen+0, outsize is the size of the entire codegen memory that's currently mapped. When codegen isn't available, the output values are all-zero.
|
| OSGetCodegenCore
|
uint32_t OSGetCodegenCore(void);
|
This returns (syscall_7600() & 0x3), which is the coreid that's allowed to use codegen.
|
| OSGetCodegenMode
|
uint32_t OSGetCodegenMode(void);
|
This returns (syscall_7600() & ~0x3), which contains some of the flags used by the kernel for codegen permission checking. The only bits which the kernel can ever set here are for bitmask 0xC0000000.
|
| OSSwitchSecCodeGenMode
|
uint32_t OSSwitchSecCodeGenMode(bool flag);
|
This adjusts the entire codegen memory permissions, if codegen is available. 0: RW- permissions. Non-zero: R-X permissions. This returns 0 for failure, non-zero for success.
|
| OSGetSecCodeGenMode
|
uint32_t OSGetSecCodeGenMode(void);
|
This just calls syscall 0x7700. Which then returns 1 when codegen is available+mapped, 0 otherwise.
|
| OSCodegenCopy
|
uint32_t OSCodegenCopy(uint32_t *dstaddr, uint32_t *srcaddr, uint32_t size);
|
In coreinit this just executes syscall 0x7800. This returns 0 for failure, 1 for success. The dstaddr(+size) must be within the codegen memory(integer overflow with dstaddr+size is checked for). If all of the permissions/bounds checks pass(size must not be zero), the kernel will then set the codegen permissions to RW- with code used by SwitchSecCodeGenMode internally. Then it copies the input data from userland memory to the dstaddr with the specified size. Lastly, the codegen permissions are set to R-X with the previously mentioned internal function.
|
Screen
"bufferNum" is the screenid, see the below screen defines for that. OSScreen *only* supports values 0-1 for screenid. "colour" in the form stored in memory is RGBA8. These functions can't be used without crashing, unless OSScreen was properly initialized. The below functions will immediately return if x/y is out-of-bounds.
This uses the hardware registers via the vaddr loaded with __OSPhysicalToEffectiveUncached(0x0C200000). The coreinit register r/w access code for this will only access the registers if OSIsECOMode() returns 0(when reading it would always return value 0 if that func-call returns non-zero). Internally the coreinit reg-access functions for this use word-offsets for the registers. The registers are accessed from there with the following: above_vaddr_base + (screenid<<9) + reg_wordoffset.
OSFatal does the following for initializing the framebuffer addresses: "OSScreenSetBufferEx(0, 0xF4000000)" and "OSScreenSetBufferEx(1, 0xF4000000 + OSScreenGetBufferSizeEx(0))".
The framebuffer addresses passed to OSScreenSetBufferEx must be 0x100-byte aligned(bitmask 0xff clear). The byte-size of each scanline in the framebuffers are 0x100-byte aligned as well.
| Name
|
Prototype
|
Description
|
| OSScreenInit
|
void OSScreenInit(void)
|
This is the main initialization function, this must be called before any of the other OSScreen functions. This includes register writes which will enable framebuffer display, via the same bit OSScreenEnableEx() uses.
|
| OSScreenShutdown
|
void OSScreenShutdown(void);
|
This just does the following two function calls: "OSScreenEnableEx(0, 0)" and "OSScreenEnableEx(1, 0)".
|
| OSScreenEnableEx
|
void OSScreenEnableEx(int bufferNum, bool flag)
|
flag0: disable framebuffer display(solid-black is displayed instead). flag1: enable framebuffer display. There's no need to call this right after OSScreenInit() for enabling framebuf display, see above.
|
| OSScreenGetBufferSizeEx
|
uint32_t OSScreenGetBufferSizeEx(int bufferNum)
|
This returns the total byte-size of the primary+secondary framebuffers for the specified screen(single_framebufsize*2).
|
| OSScreenSetBufferEx
|
void OSScreenSetBufferEx(int bufferNum, uint32_t *vaddr_framebufptr)
|
This sets the framebuffer addresses for the specified screen(only in coreinit state). primary_framebuf = vaddr_framebufptr+0, secondary_framebuf = vaddr_framebufptr+single_framebuf_bytesize. The physical framebuffer addresses in hardware won't get updated until OSScreenFlipBuffersEx() is called. This function must be called before using any of the other OSScreen functions with this screen(besides OSScreenEnableEx), otherwise a crash will occur due to the framebuf addrs not being initialized.
|
| OSScreenFlipBuffersEx
|
void OSScreenFlipBuffersEx(int bufferNum);
|
Do a buffer-swap, which results in the buffer previously being drawn to being displayed. This flushes data-cache for the framebuffer and updates coreinit + hw-regs state.
|
| OSScreenClearBufferEx
|
void OSScreenClearBufferEx(int bufferNum, uint32_t colour);
|
Fill the specified buffer with a certain color. This writes the input u32 value to coreinit screen state, then copies that u32 in state to every u32 in the single framebuffer(calculated with the total bytesize of a single framebuffer).
|
| OSScreenPutPixelEx
|
void OSScreenPutPixelEx(int bufferNum, uint32_t posX, uint32_t posY, uint32_t colour);
|
Draw a pixel of a certain color to the specified coordinates. This just writes the input u32 to the target location in the framebuffer, nothing is done with the data already stored in the framebuffer.
|
| OSScreenPutFontEx
|
void OSScreenPutFontEx(int bufferNum, uint32_t posX, uint32_t posY, const char *str);
|
Write text to the specified buffer; unlike OSFatal() this doesn't halt your system.
|
Structures
Threads
| Name
|
Prototype
|
| OSThread
|
typedef struct {
char tag[8]; /* 0x000 "OSContxt" */
int32_t gpr[32]; /* 0x008 from OSDumpContext */
uint32_t cr; /* 0x088 from OSDumpContext */
uint32_t lr; /* 0x08c from OSDumpContext */
uint32_t ctr; /* 0x090 from context switch code */
uint32_t xer; /* 0x094 from context switch code */
uint32_t srr0; /* 0x098 from OSDumpContext */
uint32_t srr1; /* 0x09c from OSDumpContext */
char _unknowna0[0xb8 - 0xa0];
uint64_t fpr[32]; /* 0x0b8 from OSDumpContext */
int16_t spinLockCount; /* 0x1b8 from OSDumpContext */
char _unknown1ba[0x1bc - 0x1ba]; /* 0x1ba could genuinely be padding? */
uint32_t gqr[8]; /* 0x1bc from OSDumpContext */
char _unknown1dc[0x1e0 - 0x1dc];
uint64_t psf[32]; /* 0x1e0 from OSDumpContext */
int64_t coretime[3]; /* 0x2e0 from OSDumpContext */
int64_t starttime; /* 0x2f8 from OSDumpContext */
int32_t error; /* 0x300 from OSDumpContext */
char _unknown304[0x6a0 - 0x304];
} OSThread; /* 0x6a0 total length from RAM dumps */ |
Defines
Disassembler
printf_func() and find_symbol() have the following types:
typedef int (*printf_t)(char *fmt, ...);
typedef uint32_t (*find_symbol_t)(uint32_t addr, char *name_buf, int name_len);
The flags argument of DisassemblePPCRange() and DisassemblePPCOpcode() is a bitmask of the following options:
#define DISASM_OMIT_ADDR 0x40 /* Don't print the address of the instruction */
#define DISASM_OMIT_OPCODE 0x80 /* Don't print the opcode of the instruction */
#define DISASM_GETSYM 0x100 /* Print the nearest symbol and the instruction's offset from it */
Screen
| Name
|
Value
|
Description
|
| SCREEN_BUF_TV
|
0
|
The buffer number for the TV
|
| SCREEN_BUF_DRC0
|
1
|
The buffer number for the first Gamepad
|