Closed jogolden closed 8 years ago
Fire30
commented
8 years ago I see it! don't worry lol. This will be helpful, and I will definitely merge.
I guess the one thing that I noticed, going from here is that we shouldn't just have everything that we can do being put at the end of the file as an example. But I guess that is a fix to make later.
jogolden
commented
8 years ago I think there is a lot to fix with this, just there is also so much work! Inconsistency with semicolons etc, idk what your style is! I actually dont care! This is a sweet project mate!
Im working on dumping libkernel, you think they are hiding it? I want to get a jit mapping and native code executing.
Fire30
commented
8 years ago Yeah not really a js programmer so idk what I am doing lol. Thanks though.
Did you forget to add something, for example the variable name is never defined so your call does not actually work? I will go ahead and fix that.
jogolden
commented
8 years ago Yeah probably sorry lol
jogolden
commented
8 years ago https://i.gyazo.com/aa2bceacf5e5f45a15495fcdb79585cb.png new syscalls?
Fire30
commented
8 years ago Yeah there are new ones. I haven't done too much analysis to them, but if you go to #ps4dev on efnet someone might.
ghost
commented
8 years ago seg000:0000000000004FDE aLibscevrtracker db 'libSceVrTracker',0 :+1:
Zer0xFF
commented
8 years ago 
// 0x3 = libSceFios2.sprx
// 0xB = libSceAvSetting.sprx
// 0x1B = libSceUserService.sprx
// 0x33 = libSceNgs2.sprx
// 0x4B = libScePadTracker.sprx
// 0x53 = libSceFontFt.sprx
// 0x63 = libSceMsgDialog.sprx
// 0x6B = libSceNpCommerce.sprx
// 0x73 = libSceVideoCoreInterface.sprx
// 0x93 = libScePsm.sprx
// 0xA3 = libSceVideodec2.sprx
// 0xB3 = libSceVrTracker.sprx
// 0xBB = libSceAudiodecCpuHevag.sprx
// 0xC3 = libSceJson2.sprx
// 0xD3 = libSceSocialScreen.sprxthese are all the loadable module i could find.
and this is just a quick way to iterate through the module IDs note 0x2080 is just the offset for the sceSysmoduleLoadModule() method on 3.15. and anything i > 20 causes a segfault.
and as for the if (i !=), these are just 2 exception i found that cause sig fault. they could just be 2 modules that have been deleted, or that we have no access to.
for (var i = 0; i < 19; i++) {
if (i != 4) {
r = new RopChain();
r.call(libSceSysmodule_base.add(0x2080), i*0x10 + 0x3, 0, 0, 0);
r.execute();
}
if (i != 5) {
r = new RopChain();
r.call(libSceSysmodule_base.add(0x2080), i*0x10 + 0xb, 0, 0, 0);
r.execute();
}
}
you can download my dump of libSceSysmodule.sprx: load in ida and rebase image to address in file name! https://www.mediafire.com/?esj2mmhp5k5b4bw (Edit->Segments->Rebase program...) https://i.gyazo.com/b9f182885baa980e7726ac4abe6fa600.png
paste of some modules found in libSceSysmodule.sprx: http://pastebin.com/NG5UeAe7
sceSysmoduleLoadModule would be at 0x836D7A0A0 I set my compiler to AMD (* something other text *), 64 bit mode to decompile, make sure you are in 64 bit ida then goto Options->Compiler (https://i.gyazo.com/a1f9490d456042aa4ee13c8b3d781b94.png) Set the compiler to GNU C++ and pointer size to 64 bit press f5, see if it works if not then goto 0x836D7A799 (example for sceSysmoduleLoadModule) change the nop to a ret, 0x90 to 0xC3 in the hex view then keep changes pics: https://i.gyazo.com/6ac4757728bb6af698130af9cedc822a.png https://i.gyazo.com/2642d83e726023e1df1e62ce4de77d0b.png https://i.gyazo.com/95fefff36e7e9c8f05d8f1dc265b8599.png https://i.gyazo.com/972991abf050826412f34d0b20bb592c.png https://i.gyazo.com/606736e8a1e2c8570c4f56047468a496.png (will say this but will also decompile!)
https://i.gyazo.com/e00408e2af16d6b40723cafe81deb8c5.png
wonder if anyone will see this? lmfao