taiHEN  1.0
CFW framework for PS Vita
Modules | Data Structures | Macros | Typedefs
API Interface

CFW framework for Vita. More...

Modules

 Hooks Interface
 Patches functions.
 
 Injection Interface
 Inject raw data into a module.
 

Data Structures

struct  _tai_module_info
 Extended module information. More...
 
struct  _tai_hook_args
 Pass hook arguments to kernel. More...
 
struct  _tai_offset_args
 Pass offset arguments to kernel. More...
 
struct  _tai_module_args
 Pass module arguments to kernel. More...
 

Macros

#define KERNEL_PID   0x10005
 
#define TAI_ANY_LIBRARY   0xFFFFFFFF
 
#define TAI_IGNORE_MODULE_NID   0xFFFFFFFF
 
#define TAI_MAIN_MODULE   ((void *)0)
 
#define HELPER   inline static __attribute__((unused))
 

Typedefs

typedef struct _tai_module_info tai_module_info_t
 Extended module information. More...
 
typedef struct _tai_hook_args tai_hook_args_t
 Pass hook arguments to kernel.
 
typedef struct _tai_offset_args tai_offset_args_t
 Pass offset arguments to kernel.
 
typedef struct _tai_module_args tai_module_args_t
 Pass module arguments to kernel.
 

Plugin loading

Kernel plugin loading plugins manually

int taiLoadPluginsForTitleForKernel (SceUID pid, const char *titleid, int flags)
 Parses the taiHEN config and loads all plugins for a titleid to a process. More...
 

Skprx Load

Kernel module loading exports to user

SceUID taiLoadKernelModule (const char *path, int flags, void *opt)
 Loads a kernel module. More...
 
int taiStartKernelModuleForUser (SceUID modid, tai_module_args_t *args, void *opt, int *res)
 Starts a kernel module. More...
 
SceUID taiLoadStartKernelModuleForUser (const char *path, tai_module_args_t *args)
 Loads and starts a kernel module. More...
 
SceUID taiLoadStartModuleForPidForUser (const char *path, tai_module_args_t *args)
 Loads and starts a user module for another process. More...
 
int taiStopKernelModuleForUser (SceUID modid, tai_module_args_t *args, void *opt, int *res)
 Stops a kernel module. More...
 
int taiUnloadKernelModule (SceUID modid, int flags, void *opt)
 Unloads a kernel module directly. More...
 
int taiStopUnloadKernelModuleForUser (SceUID modid, tai_module_args_t *args, void *opt, int *res)
 Stops and unloads a kernel module. More...
 
int taiStopModuleForPidForUser (SceUID modid, tai_module_args_t *args, void *opt, int *res)
 Stops a user module for another process. More...
 
int taiUnloadModuleForPid (SceUID pid, SceUID modid, int flags, void *opt)
 Unloads a user module for a process directly. More...
 
int taiStopUnloadModuleForPidForUser (SceUID modid, tai_module_args_t *args, void *opt, int *res)
 Stops and unloads a user module for a process. More...
 
HELPER int taiStartKernelModule (SceUID modid, int args, void *argp, int flags, void *opt, int *res)
 Helper function for taiStartKernelModuleForUser. More...
 
HELPER SceUID taiLoadStartKernelModule (const char *path, int args, void *argp, int flags)
 Helper function for taiLoadStartKernelModuleForUser. More...
 
HELPER SceUID taiLoadStartModuleForPid (SceUID pid, const char *path, int args, void *argp, int flags)
 Helper function for taiLoadStartModuleForPidForUser. More...
 
HELPER int taiStopKernelModule (SceUID modid, int args, void *argp, int flags, void *opt, int *res)
 Helper function for taiStopKernelModuleForUser. More...
 
HELPER int taiStopUnloadKernelModule (SceUID modid, int args, void *argp, int flags, void *opt, int *res)
 Helper function for taiStopUnloadKernelModuleForUser. More...
 
HELPER int taiStopModuleForPid (SceUID pid, SceUID modid, int args, void *argp, int flags, void *opt, int *res)
 Helper function for taiStopModuleForPidForUser. More...
 
HELPER int taiStopUnloadModuleForPid (SceUID pid, SceUID modid, int args, void *argp, int flags, void *opt, int *res)
 Helper function for taiStopUnloadModuleForPidForUser. More...
 

Peek/Poke

Read/write kernel memory (no MMU bypass)

int taiMemcpyUserToKernel (void *kernel_dst, const void *user_src, size_t len)
 Copies data from user to kernel. More...
 
int taiMemcpyKernelToUser (void *user_dst, const void *kernel_src, size_t len)
 Copies data from kernel to user. More...
 

Detailed Description

CFW framework for Vita.

Provides basic helper utilities for plugins that aid in user to kernel interaction.

taiHEN proves three types of exports. First is a patch system for modifying code and read-only data. Second is basic peek/poke for the kernel. Third is support for loading kernel modules.

A common question is: when should I use hooks, injections, and peek/poke? If you wish to patch writable data in the kernel and you know the address, then taiMemcpyKernelToUser works. If you don't know the address but you know the offset from its ELF segment then use an injection. If it is read-only data, then use an injection. Finally, if you wish to patch a function to run your own code, you should use a hook.

Macro Definition Documentation

§ HELPER

#define HELPER   inline static __attribute__((unused))

Functions for calling the syscalls with arguments

Definition at line 46 of file taihen.h.

§ KERNEL_PID

#define KERNEL_PID   0x10005

PID for kernel process

Definition at line 34 of file taihen.h.

§ TAI_ANY_LIBRARY

#define TAI_ANY_LIBRARY   0xFFFFFFFF

Fake library NID indicating that any library NID would match.

Definition at line 37 of file taihen.h.

§ TAI_IGNORE_MODULE_NID

#define TAI_IGNORE_MODULE_NID   0xFFFFFFFF

Fake module NID indicating that any module NID would match.

Definition at line 40 of file taihen.h.

§ TAI_MAIN_MODULE

#define TAI_MAIN_MODULE   ((void *)0)

Fake module name indicating the current process's main module.

Definition at line 43 of file taihen.h.

Typedef Documentation

§ tai_module_info_t

Extended module information.

This supplements the output of sceKernelGetModuleInfo

Function Documentation

§ taiLoadKernelModule()

SceUID taiLoadKernelModule ( const char *  path,
int  flags,
void *  opt 
)

Loads a kernel module.

Parameters
[in]pathThe path to the skprx
[in]flagsThe flags
optOptional arguments, set to NULL
Returns
A module reference on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if opt is not NULL
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 373 of file taihen-user.c.

§ taiLoadPluginsForTitleForKernel()

int taiLoadPluginsForTitleForKernel ( SceUID  pid,
const char *  titleid,
int  flags 
)

Parses the taiHEN config and loads all plugins for a titleid to a process.

Parameters
[in]pidThe pid to load to
[in]titleidThe title to read from the config
[in]flagsThe flags
Returns
Zero on success, < 0 on error
  • TAI_ERROR_SYSTEM if the config file is invalid

Definition at line 270 of file taihen.c.

§ taiLoadStartKernelModule()

HELPER SceUID taiLoadStartKernelModule ( const char *  path,
int  args,
void *  argp,
int  flags 
)

Helper function for taiLoadStartKernelModuleForUser.

See also
taiLoadStartKernelModuleForUser
Parameters
[in]pathThe path of the skprx
[in]argsThe size of the arguments
argpThe arguments
[in]flagsThe flags

Definition at line 472 of file taihen.h.

§ taiLoadStartKernelModuleForUser()

SceUID taiLoadStartKernelModuleForUser ( const char *  path,
tai_module_args_t args 
)

Loads and starts a kernel module.

Parameters
[in]pathThe path of the skprx
[in]argsThe arguments
Returns
A module reference on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if args is too large
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 469 of file taihen-user.c.

§ taiLoadStartModuleForPid()

HELPER SceUID taiLoadStartModuleForPid ( SceUID  pid,
const char *  path,
int  args,
void *  argp,
int  flags 
)

Helper function for taiLoadStartModuleForPidForUser.

See also
taiLoadStartModuleForPidForUser
Parameters
[in]pidThe pid to load to
[in]pathThe path of the suprx
[in]argsThe size of the arguments
argpThe arguments
[in]flagsThe flags

Definition at line 492 of file taihen.h.

§ taiLoadStartModuleForPidForUser()

SceUID taiLoadStartModuleForPidForUser ( const char *  path,
tai_module_args_t args 
)

Loads and starts a user module for another process.

Parameters
[in]pathThe path of the skprx
[in]argsThe arguments
Returns
A module reference on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if args is too large
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 522 of file taihen-user.c.

§ taiMemcpyKernelToUser()

int taiMemcpyKernelToUser ( void *  user_dst,
const void *  kernel_src,
size_t  len 
)

Copies data from kernel to user.

Does not bypass the MMU!

See also
taiInjectData
Parameters
user_dstThe user address
[in]kernel_srcThe kernel address
[in]lenThe length
Returns
Zero on success, < 0 on error
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 916 of file taihen-user.c.

§ taiMemcpyUserToKernel()

int taiMemcpyUserToKernel ( void *  kernel_dst,
const void *  user_src,
size_t  len 
)

Copies data from user to kernel.

Parameters
kernel_dstThe kernel address
[in]user_srcThe user address
[in]lenThe length
Returns
Zero on success, < 0 on error
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 884 of file taihen-user.c.

§ taiStartKernelModule()

HELPER int taiStartKernelModule ( SceUID  modid,
int  args,
void *  argp,
int  flags,
void *  opt,
int *  res 
)

Helper function for taiStartKernelModuleForUser.

See also
taiStartKernelModuleForUser
Parameters
[in]modidThe id from taiLoadKernelModule
[in]argsThe size of the arguments
argpThe arguments
[in]flagsThe flags
optOptional arguments, set to NULL
resReturn value of module_start

Definition at line 453 of file taihen.h.

§ taiStartKernelModuleForUser()

int taiStartKernelModuleForUser ( SceUID  modid,
tai_module_args_t args,
void *  opt,
int *  res 
)

Starts a kernel module.

Parameters
[in]modidThe id from taiLoadKernelModule
[in]argsThe arguments
optOptional arguments, set to NULL
resReturn value of module_start
Returns
Zero on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 416 of file taihen-user.c.

§ taiStopKernelModule()

HELPER int taiStopKernelModule ( SceUID  modid,
int  args,
void *  argp,
int  flags,
void *  opt,
int *  res 
)

Helper function for taiStopKernelModuleForUser.

See also
taiStopKernelModuleForUser
Parameters
[in]modidThe loaded module reference
[in]argsThe size of the arguments to module_stop
argpThe arguments to module_stop
[in]flagsThe flags
optOptional arguments, set to NULL
resReturn value of module_stop

Definition at line 514 of file taihen.h.

§ taiStopKernelModuleForUser()

int taiStopKernelModuleForUser ( SceUID  modid,
tai_module_args_t args,
void *  opt,
int *  res 
)

Stops a kernel module.

Parameters
[in]modidThe loaded module reference
[in]argsThe arguments
optOptional arguments, set to NULL
resReturn value of module_stop
Returns
Zero on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 576 of file taihen-user.c.

§ taiStopModuleForPid()

HELPER int taiStopModuleForPid ( SceUID  pid,
SceUID  modid,
int  args,
void *  argp,
int  flags,
void *  opt,
int *  res 
)

Helper function for taiStopModuleForPidForUser.

See also
taiStopModuleForPidForUser
Parameters
[in]pidThe pid
[in]modidThe loaded module reference
[in]argsThe size of the arguments to module_stop
argpThe arguments to module_stop
[in]flagsThe flags
optOptional arguments, set to NULL
resReturn value of module_stop

Definition at line 557 of file taihen.h.

§ taiStopModuleForPidForUser()

int taiStopModuleForPidForUser ( SceUID  modid,
tai_module_args_t args,
void *  opt,
int *  res 
)

Stops a user module for another process.

Parameters
[in]modidThe loaded module reference
[in]argsThe arguments
optOptional arguments, set to NULL
resReturn value of module_stop
Returns
Zero on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 734 of file taihen-user.c.

§ taiStopUnloadKernelModule()

HELPER int taiStopUnloadKernelModule ( SceUID  modid,
int  args,
void *  argp,
int  flags,
void *  opt,
int *  res 
)

Helper function for taiStopUnloadKernelModuleForUser.

See also
taiStopUnloadKernelModuleForUser
Parameters
[in]modidThe loaded module reference
[in]argsThe size of the arguments to module_stop
argpThe arguments to module_stop
[in]flagsThe flags
optOptional arguments, set to NULL
resReturn value of module_stop

Definition at line 535 of file taihen.h.

§ taiStopUnloadKernelModuleForUser()

int taiStopUnloadKernelModuleForUser ( SceUID  modid,
tai_module_args_t args,
void *  opt,
int *  res 
)

Stops and unloads a kernel module.

Parameters
[in]modidThe loaded module reference
[in]argsThe arguments
optOptional arguments, set to NULL
resReturn value of module_stop
Returns
Zero on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 675 of file taihen-user.c.

§ taiStopUnloadModuleForPid()

HELPER int taiStopUnloadModuleForPid ( SceUID  pid,
SceUID  modid,
int  args,
void *  argp,
int  flags,
void *  opt,
int *  res 
)

Helper function for taiStopUnloadModuleForPidForUser.

See also
taiStopUnloadModuleForPidForUser
Parameters
[in]pidThe pid
[in]modidThe loaded module reference
[in]argsThe size of the arguments to module_stop
argpThe arguments to module_stop
[in]flagsThe flags
optOptional arguments, set to NULL
resReturn value of module_stop

Definition at line 580 of file taihen.h.

§ taiStopUnloadModuleForPidForUser()

int taiStopUnloadModuleForPidForUser ( SceUID  modid,
tai_module_args_t args,
void *  opt,
int *  res 
)

Stops and unloads a user module for a process.

Parameters
[in]modidThe loaded module reference
[in]argsThe arguments
optOptional arguments, set to NULL
resReturn value of module_stop
Returns
Zero on success, < 0 on error
  • TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 829 of file taihen-user.c.

§ taiUnloadKernelModule()

int taiUnloadKernelModule ( SceUID  modid,
int  flags,
void *  opt 
)

Unloads a kernel module directly.

Parameters
[in]modidThe loaded module reference
[in]flagsThe flags
optSet to NULL
Returns
Zero on success, < 0 on error
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 633 of file taihen-user.c.

§ taiUnloadModuleForPid()

int taiUnloadModuleForPid ( SceUID  pid,
SceUID  modid,
int  flags,
void *  opt 
)

Unloads a user module for a process directly.

Parameters
[in]modidThe loaded module reference
[in]flagsThe flags
optSet to NULL
Returns
Zero on success, < 0 on error
  • TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 789 of file taihen-user.c.