forums.ps2dev.org

[ne0h]

Hi,
I've writed down a library to interface sceCtrl with my program,
but now I need to execute a function (sceCtrlReadBufferPositive) with user privilege to read only user buttons...
How can I do that?
I think I could do that with sctrlKernelSetUserLevel, but what's the user level of user mode?
With sctrlKernelSetUserLevel(0) it haven't worked....
Thanks,

ne0h

EDIT:
That's the function:

[Jim]

Just use & to mask out the buttons you don't care about.
Jim
_________________
http://www.dbfinteractive.com

[ne0h]

I know, but that's not what I would do...
If is possible I'll use that in some other cases..
_________________
Get Xplora!

[m0skit0]

Can you please explain what do you mean by "read only user buttons"? Are there "kernel buttons"? When you are in kernel mode, you have user privileges + kernel privileges.
_________________

[phobox]

from pspctrl.h:

[ne0h]

Still doesn't works...
Have 0xdeadbeef on Buttons.
Anyway it doesn't matter,
I can simply bypass the problem....
_________________
Get Xplora!

[Coldbird]

Because I don't wish to create a own topic for something that has been asked before.

I thus claim this topic and revive it - someone has a idea how to call functions with usermode permission level from within kernel without having to route through a usermodule?
_________________
Been gone for some time. Now I'm back. Someone mind getting me up-2-date?

[Torch]

What happens if you just get the function address and make an appropriate jump into it after disabling memory protection (So that it can return back to a kernel address, or does protection not apply when the source was a kernel address? I don't know.)

If its a syscall, then the address of the function will be the same for user and kernel versions. I don't know how the function identifies whether it was called through a syscall or a jump, aside from the K1 register.

[Coldbird]

The mayor problem at hand is the following...

I hooked my way into the Utility modules, namely the sceUtilityLoadModule and sceUtilityLoadNetModule functions...

I want to force them to load infrastructure modules whenever it request a adhoc module... as its a part of my new adhoc tunnel hack.

The problem at hand is... I can manipulate the argument... but I can't do a successful call to the REAL sceUtilityLoadNetModule function that I backed up...

The whole thing errors out with the error code 88210800 (return value of the real sceUtilityLoadNetModule function called from within the kernel module containing the fake sceUtilityLoadNetModule function).

So I thought about ways to fake my module as being usermode... atleast to that specific call...

Got a idea how I could do that?
_________________
Been gone for some time. Now I'm back. Someone mind getting me up-2-date?

[Coldbird]

I've tried capturing some values by live debugging.

K1 inside the sceUtilityLoadNetModule function, if called normally from userspace is 0x130000 - inside the function it gets 16bit shifted to the right resulting in 0x13.

User Level of the calling thread is 0.

Based on those values I tried to mimic them, by setting the userlevel to zero and k1 to 0x130000 before calling the function... but it still returns the same error code.
_________________
Been gone for some time. Now I'm back. Someone mind getting me up-2-date?

[Torch]

If the function uses syscalls internally then I'm guessing it won't work.

[Coldbird]

So what's your suggestion on the matter Torch?
I need to get this sorted out... no matter what it involves.

I thought about using a combination of kernel module (for patching) and user module (for execution)...

Do you think that might be a acceptable solution? With syscalls exported from the kernel module for importing / synching with the usermode module?
_________________
Been gone for some time. Now I'm back. Someone mind getting me up-2-date?

[Torch]

Don't think there's anything you can do, seeing that other devs use user modules for VSH hooks. You don't technically need a "module" if you can allocate space and put relocated code there.

[Coldbird]

I do need a module as I want to implement the features all inside a .prx plugin for custom firmwares.

I've tried several methods to tunnel adhoc traffic directly on PSP over infrastructure. This time around using some even more dirtier hacks than before...

New hooking methods, game code scanning, etc...

So a module is absolutely necessary to make this tool available to the masses.

Right now I'm at this point...
I successfully load infrastructure modules in place of adhoc ones... by hooking and calling sceUtilityLoadModule and sceUtilityLoadNetModule...

Took me some time to get it to load properly but it did...
The problem is... the way I'm currently doing it is game dependant... as I need to manipulate real umd game code in memory to achieve a successful module load.

I want it to be universal though... so I can make sure it will work on any adhoc game thrown at it...
_________________
Been gone for some time. Now I'm back. Someone mind getting me up-2-date?

[Torch]

I mean only have a kernel module and make it inject user mode code where required.

What you're trying to do is much easier done with a PC like in XLink Kai. Having it entirely on the PSP seems pointless since you need to be within range of an access point and there is sure to be a laptop/PC with WiFi.

[Coldbird]

It isn't pointless.

In fact I think it's what the PSP is missing, built in TRUE infrastructure with every multiplayer game.

The reason Xlink Kai is such a pain in the butt is its limitations and hardware requirements...

Namely - HAVING TO BE WIRED (the PC) TO GET A GOOD PING - and of course requiring a promiscuous capture device...

Both of which we know arent really needed if we can just do the tunneling in a small PSP module. :D

Besides - I've already written a opensource implementation of Xlink Kai using PCAP myself.

I know its "easier" that way, but the limitations another hop in the middle brings with just doesnt cut it.
_________________
Been gone for some time. Now I'm back. Someone mind getting me up-2-date?