int prx_stop_module_with_thread(sys_prx_id_t id, process_t process, uint64_t flags, uint64_t arg) { int ret; uint64_t meminfo[5]; uint32_t toc[2]; thread_t thread; uint64_t exit_code; meminfo[0] = sizeof(meminfo); meminfo[1] = 1; ret = prx_stop_module(id, process, flags, meminfo); if (ret != 0) return ret; ret = copy_from_process(process, (void *)meminfo[2], toc, sizeof(toc)); if (ret != 0) return ret; ret = ppu_user_thread_create(process, &thread, toc, arg, 0, 0x1000, PPU_THREAD_CREATE_JOINABLE, ""); if (ret != 0) return ret; return ppu_thread_join(thread, &exit_code); }
int sys_psp_set_umdfile(char *file, char *id, int prometheus) { int ret; file = get_secure_user_ptr(file); id = get_secure_user_ptr(id); if (file == NULL) { if (umd_file) { dealloc(umd_file, 0x27); umd_file = NULL; } if (mutex) { if (user_mutex) user_mutex = 0; else mutex_destroy(mutex); mutex = NULL; } if (patches_backup) { for (int i = 0; patches_backup[i].offset != 0; i++) copy_to_process(vsh_process, &patches_backup[i].data, (void *)(uint64_t)(0x10000+patches_backup[i].offset), 4); dealloc(patches_backup, 0x27); patches_backup = NULL; } condition_psp_iso = 0; condition_psp_dec = 0; condition_psp_keys = 0; condition_psp_prometheus = 0; return 0; } strncpy(psp_id, id, 10); psp_id[10] = 0; if (strlen(psp_id) != 10) return EINVAL; ret = pathdup_from_user(file, &umd_file); if (ret != 0) return ret; condition_psp_iso = 1; condition_psp_prometheus = prometheus; #ifdef DEBUG if (prometheus) DPRINTF("Using prometheus patch.\n"); #endif if (!patches_backup) { switch(vsh_check) { case VSH_HASH: #ifdef DEBUG DPRINTF("Now patching PSP DRM In Retail VSH..\n"); #endif patches_backup = alloc(sizeof(psp_drm_patches), 0x27); memcpy(patches_backup, &psp_drm_patches, sizeof(psp_drm_patches)); for (int i = 0; psp_drm_patches[i].offset != 0; i++) { #ifdef DEBUG DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)psp_drm_patches[i].offset, (uint32_t)psp_drm_patches[i].data); #endif copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+psp_drm_patches[i].offset), 4) != 0) fatal("copy_to_process failed, you forgot to make vsh text writable, retard!\n"); } break; default: #ifdef DEBUG DPRINTF("Unknown VSH HASH, PSP DRM was not patched!\n"); #endif break; } } return 0; }
int sys_psp_set_umdfile(char *file, char *id, int prometheus) { int ret; file = get_secure_user_ptr(file); id = get_secure_user_ptr(id); if (file == NULL) { if (umd_file) { dealloc(umd_file, 0x27); umd_file = NULL; } if (mutex) { if (user_mutex) { user_mutex = 0; } else { mutex_destroy(mutex); } mutex = NULL; } if (patches_backup) { for (int i = 0; patches_backup[i].offset != 0; i++) { copy_to_process(vsh_process, &patches_backup[i].data, (void *)(uint64_t)(0x10000+patches_backup[i].offset), 4); } dealloc(patches_backup, 0x27); patches_backup = NULL; } condition_psp_iso = 0; condition_psp_dec = 0; condition_psp_keys = 0; condition_psp_prometheus = 0; return 0; } strncpy(psp_id, id, 10); psp_id[10] = 0; if (strlen(psp_id) != 10) return EINVAL; ret = pathdup_from_user(file, &umd_file); if (ret != 0) return ret; condition_psp_iso = 1; condition_psp_prometheus = prometheus; #ifdef DEBUG if (prometheus) { DPRINTF("Using prometheus patch.\n"); } #endif if (!patches_backup) { switch(vsh_check) { case VSH_HASH: DPRINTF("Now patching PSP DRM into spoofed DEBUG VSH..\n"); patches_backup = alloc(sizeof(psp_drm_patches), 0x27); memcpy(patches_backup, &psp_drm_patches, sizeof(psp_drm_patches)); for (int i = 0; psp_drm_patches[i].offset != 0; i++) { DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)psp_drm_patches[i].offset, (uint32_t)psp_drm_patches[i].data); copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+psp_drm_patches[i].offset), 4) != 0) { fatal("copy_to_process failed, you forgot to make spoofed DEBUG VSH text writable, retard!\n"); } } break; case VSH_NRM_HASH: DPRINTF("Now patching PSP DRM into normal DEBUG VSH..\n"); patches_backup = alloc(sizeof(psp_drm_patches), 0x27); memcpy(patches_backup, &psp_drm_patches, sizeof(psp_drm_patches)); for (int i = 0; psp_drm_patches[i].offset != 0; i++) { DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)psp_drm_patches[i].offset, (uint32_t)psp_drm_patches[i].data); copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+psp_drm_patches[i].offset), 4) != 0) { fatal("copy_to_process failed, you forgot to make normal DEBUG VSH text writable, retard!\n"); } } break; case VSH_CEX_HASH: DPRINTF("Now patching PSP DRM into spoofed RETAIL VSH..\n"); patches_backup = alloc(sizeof(cex_psp_drm_patches), 0x27); memcpy(patches_backup, &cex_psp_drm_patches, sizeof(cex_psp_drm_patches)); for (int i = 0; cex_psp_drm_patches[i].offset != 0; i++) { DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)cex_psp_drm_patches[i].offset, (uint32_t)cex_psp_drm_patches[i].data); copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &cex_psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+cex_psp_drm_patches[i].offset), 4) != 0) { fatal("copy_to_process failed, you forgot to make spoofed RETAIL VSH text writable, retard!\n"); } } break; default: DPRINTF("WARNING: Unknown VSH loaded.\n Cannot patch PSP DRM into vsh.self\n"); break; } } return 0; }