webMAN-MOD
webMAN-MOD copied to clipboard
aldostools
Load Kernel plugins for PS3MAPI
Feature request
Like in PS3MAPI tab http://0.0.0.0/home.ps3mapi/sman.ps3/ -> 'VSH Plugins' can you add 'Kernel Plugins'. Maybe just a load and unload for one plugin or multiple if possible. you can avoid 'slot' and 'name' and only have the path and a way you can check if the plugin is loaded is by reading the LV2 memory address. And for the first slot you can have SYSCALL8_OPCODE_RUN_PAYLOAD and for any other slot use SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC
Question about boot_plugins_dex.txt
Why is there a boot_plugins_dex.txt? I was thinking why would anyone make a dex only plugin and why should I make a dex only plugin when I can just make a compatible plugin for CEX & DEX; Plus I have yet to see anyone use boot_plugins_dex.txt. I always use boot_plugins.txt even when on DEX
I like the idea about the kernel plugins in ps3mapi GUI. I'll try to add it some.
Thank for the report about boot_plugins_dex.txt, I just removed for the next build. It was a mistake.
Looking at Cobra's source code for Rebug REX or D-REX there is not a boot_plugins_dex.txt. Cobra only loads /dev_hdd0/boot_plugins.txt and /dev_hdd0/boot_plugins_kernel.txt https://github.com/Joonie86/COBRA-7.3/blob/master/484/REX/stage2/modulespatch.c#L26-L27 https://github.com/Joonie86/COBRA-7.3/blob/master/484/DEX/stage2/modulespatch.c#L26-L27
However in the nonCobra payload (used when Cobra is disabled), habib made a differentiation for CEX & DEX. https://github.com/Joonie86/COBRA-7.3/blob/master/484/REX/nocfw_kern_plugin/payload/main.c#L22-L26
For CEX: /dev_hdd0/boot_plugins_nocobra.txt /dev_hdd0/boot_plugins_kernel_nocobra.txt
For DEX: /dev_hdd0/boot_plugins_nocobra_dex.txt /dev_hdd0/boot_plugins_kernel_nocobra_dex.txt
The feature has been added. You can use the online updater or download the package from releases or brewology.
/kernelplugin.ps3mapi looks like this:
Do you have a kernel plugin that can be used for quick tests? Something that produce an output ? Maybe a beep?
I'm basically calling the fixed kernel payload the slot is 0 and dynamic payload if slot = 1. I added 1 or 2 beeps before, in case the payload crashes. Do you see something wrong in that code? I don't see it.
else if(uslot)
BEEP2; system_call_4(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC, (u64)(u32)prx_path, (u64)size, (u64)residence); kplugin_loaded = true;}
else
BEEP1; system_call_3(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_RUN_PAYLOAD, (u64)(u32)prx_path, (u64)size);}
I have a kernel plugin but it is meant for DEX only, it just has a simple kernel patch to test this feature. Looking at the source it seems like you have some parameters wrong.
in SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC 'residence' is a out parameter in both syscalls 'payload' instead of the file path it takes the binary data
int ps3mapi_load_kernel_plugin(uint8_t *payload, int size)
{
system_call_3(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_RUN_PAYLOAD, (uint64_t)payload, size);
return_to_user_prog(uint32_t);
}
int ps3mapi_load_dynamic_kernel_plugin(uint8_t *payload, int size, uint64_t *residence) // can't use printf & hooks? bc no kernal privileges
{
system_call_4(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC, (uint64_t)payload, size, (uint64_t)residence);
return_to_user_prog(uint32_t);
}
int ps3mapi_unload_dynamic_kernel_plugin(uint64_t residence)
{
system_call_2(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_UNLOAD_PAYLOAD_DYNAMIC, residence);
return_to_user_prog(uint32_t);
}
I fixed the crashing but the payload doesn't seem to load
if(strstr(param, "unload_slot="))
{
if ( uslot )
{system_call_2(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_UNLOAD_PAYLOAD_DYNAMIC, residence); kplugin_loaded = false;}
}
else
{
char *prx_path = tmp_filename;
if(get_param("prx=", prx_path, param, STD_PATH_LEN))
{
check_path_alias(prx_path);
size_t size = file_size(prx_path);
sys_addr_t payload = sys_mem_allocate(size);
if (read_file(prx_path, (char*)payload, size, 0))
{
if (size < 4) { BEEP3 }
else if (uslot)
{
BEEP2; system_call_4(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC, (u64)(u32)payload, size, &residence); kplugin_loaded = true;
}
else
{
BEEP1; system_call_3(SC_COBRA_SYSCALL8, SYSCALL8_OPCODE_RUN_PAYLOAD, (u64)(u32)payload, size);
}
}
if (payload)
sys_memory_free(payload);
}
sprintf(tmp_name, WMTMP "/kernel%i.txt", uslot);
save_file(tmp_name, prx_path, SAVE_ALL);
}
I see. I confused the parameter with vsh plugins.
Try changing the memory allocation. The function sys_mem_allocate use pages in multiple of 64K.
sys_addr_t payload = sys_mem_allocate(_64KB_ + (int)((size - 1) / _64KB_));
This commit has the fix above. You can use the online updater to test the new build.
I see. I confused the parameter with vsh plugins.
Try changing the memory allocation. The function sys_mem_allocate use pages in multiple of 64K.
sys_addr_t payload = sys_mem_allocate(_64KB_ + (int)((size - 1) / _64KB_));
This seems to fix loading kernel plugins. Unloading doesn't seem to work. Also I suggest removing 'addr=' since it is not a input value for the syscall or simply display the value 'residence' once the plugin is loaded without the ability to edit.
I will remove addr & unloading since they don't have any use. Thank you for your feedback.
I will remove addr & unloading since they don't have any use. Thank you for your feedback.
well I would keep the unloading for the dynamic payload but just make sure it works
Ok I only removed addr= and made residence address read-only. I think the unload could be fixed too. You can update again.
Thank you TheRouletteBoi. I got it working thanks to you & your feedback.