8 #include <psp2kern/types.h> 9 #include <psp2kern/sblacmgr.h> 10 #include <psp2kern/kernel/cpu.h> 11 #include <psp2kern/kernel/modulemgr.h> 12 #include <psp2kern/kernel/sysmem.h> 13 #include <psp2kern/kernel/threadmgr.h> 14 #include <psp2/kernel/error.h> 19 #include "taihen_internal.h" 22 #define MAX_NAME_LEN 256 25 #define MAX_ARGS_SIZE 256 47 const void *hook_func;
49 char k_module[MAX_NAME_LEN];
57 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
58 if (kargs.size ==
sizeof(kargs)) {
59 pid = sceKernelGetProcessId();
61 if (main_mod || sceKernelStrncpyUserToKernel(k_module, (uintptr_t)kargs.module, MAX_NAME_LEN) < MAX_NAME_LEN) {
64 sceKernelMemcpyKernelToUser((uintptr_t)p_hook, &k_ref,
sizeof(*p_hook));
65 ret = sceKernelCreateUserUid(pid, kid);
66 LOG(
"kernel uid: %x, user uid: %x", kid, ret);
71 ret = TAI_ERROR_USER_MEMORY;
74 LOG(
"invalid args size: %x", kargs.size);
75 ret = TAI_ERROR_USER_MEMORY;
108 char k_module[MAX_NAME_LEN];
114 ENTER_SYSCALL(state);
115 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
116 if (kargs.size ==
sizeof(kargs)) {
117 pid = sceKernelGetProcessId();
119 if (main_mod || sceKernelStrncpyUserToKernel(k_module, (uintptr_t)kargs.module, MAX_NAME_LEN) < MAX_NAME_LEN) {
122 sceKernelMemcpyKernelToUser((uintptr_t)p_hook, &k_ref,
sizeof(*p_hook));
123 ret = sceKernelCreateUserUid(pid, kid);
124 LOG(
"kernel uid: %x, user uid: %x", kid, ret);
129 ret = TAI_ERROR_USER_MEMORY;
132 LOG(
"invalid args size: %x", kargs.size);
133 ret = TAI_ERROR_USER_MEMORY;
163 ENTER_SYSCALL(state);
165 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
166 if (kargs.size ==
sizeof(kargs)) {
167 pid = sceKernelGetProcessId();
168 kid = sceKernelKernelUidForUserUid(pid, kargs.modid);
172 sceKernelMemcpyKernelToUser((uintptr_t)p_hook, &k_ref,
sizeof(*p_hook));
173 ret = sceKernelCreateUserUid(pid, ret);
174 LOG(
"user uid: %x", ret);
177 LOG(
"Error getting kernel uid for %x: %x", kargs.modid, kid);
181 LOG(
"invalid args size: %x", kargs.size);
182 ret = TAI_ERROR_USER_MEMORY;
211 char k_module[MAX_NAME_LEN];
217 ENTER_SYSCALL(state);
218 pid = sceKernelGetProcessId();
220 if (main_mod || sceKernelStrncpyUserToKernel(k_module, (uintptr_t)module, MAX_NAME_LEN) < MAX_NAME_LEN) {
221 sceKernelMemcpyUserToKernel(&k_info, (uintptr_t)info,
sizeof(
size_t));
222 if (k_info.
size ==
sizeof(k_info)) {
224 sceKernelMemcpyKernelToUser((uintptr_t)info, &k_info, k_info.
size);
226 ret = TAI_ERROR_USER_MEMORY;
229 ret = TAI_ERROR_USER_MEMORY;
251 ENTER_SYSCALL(state);
252 pid = sceKernelGetProcessId();
253 kid = sceKernelKernelUidForUserUid(pid, tai_uid);
256 sceKernelDeleteUserUid(pid, tai_uid);
282 ENTER_SYSCALL(state);
283 pid = sceKernelGetProcessId();
286 ret = sceKernelCreateUserUid(pid, ret);
287 LOG(
"user uid: %x", ret);
311 ENTER_SYSCALL(state);
313 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
314 if (kargs.size ==
sizeof(kargs)) {
315 pid = sceKernelGetProcessId();
316 ret = sceKernelKernelUidForUserUid(pid, kargs.modid);
319 ret =
taiInjectDataForKernel(pid, kargs.modid, kargs.segidx, kargs.offset, kargs.source, kargs.source_size);
321 ret = sceKernelCreateUserUid(pid, ret);
322 LOG(
"user uid: %x", ret);
325 LOG(
"Error getting kernel uid for %x: %x", kargs.modid, ret);
328 LOG(
"invalid args size: %x", kargs.size);
329 ret = TAI_ERROR_USER_MEMORY;
349 ENTER_SYSCALL(state);
350 pid = sceKernelGetProcessId();
351 kid = sceKernelKernelUidForUserUid(pid, tai_uid);
354 sceKernelDeleteUserUid(pid, tai_uid);
375 char k_path[MAX_NAME_LEN];
379 ENTER_SYSCALL(state);
380 pid = sceKernelGetProcessId();
381 if (sceSblACMgrIsShell(0)) {
383 if (sceKernelStrncpyUserToKernel(k_path, (uintptr_t)path, MAX_NAME_LEN) < MAX_NAME_LEN) {
384 ret = sceKernelLoadModuleForDriver(k_path, flags, NULL);
385 LOG(
"loaded %s: %x", k_path, ret);
387 ret = sceKernelCreateUserUid(pid, ret);
388 LOG(
"user uid: %x", ret);
391 ret = TAI_ERROR_USER_MEMORY;
394 ret = TAI_ERROR_INVALID_ARGS;
397 ret = TAI_ERROR_NOT_ALLOWED;
418 char buf[MAX_ARGS_SIZE];
424 ENTER_SYSCALL(state);
425 pid = sceKernelGetProcessId();
426 if (sceSblACMgrIsShell(0)) {
428 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
429 if (kargs.size ==
sizeof(kargs)) {
430 if (kargs.args <= MAX_ARGS_SIZE && opt == NULL) {
431 ret = sceKernelKernelUidForUserUid(pid, modid);
434 ret = sceKernelMemcpyUserToKernel(buf, (uintptr_t)kargs.argp, kargs.args);
437 ret = sceKernelStartModuleForDriver(modid, kargs.args, buf, kargs.flags, NULL, &k_res);
439 sceKernelMemcpyKernelToUser((uintptr_t)res, &k_res,
sizeof(*res));
443 LOG(
"Error getting kernel uid for %x: %x", modid, ret);
446 LOG(
"invalid args size: %x", kargs.size);
447 ret = TAI_ERROR_USER_MEMORY;
450 ret = TAI_ERROR_INVALID_ARGS;
453 ret = TAI_ERROR_NOT_ALLOWED;
471 char buf[MAX_ARGS_SIZE];
472 char k_path[MAX_NAME_LEN];
478 ENTER_SYSCALL(state);
479 pid = sceKernelGetProcessId();
480 if (sceSblACMgrIsShell(0)) {
482 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
483 if (kargs.size ==
sizeof(kargs)) {
484 if (kargs.args <= MAX_ARGS_SIZE) {
485 ret = sceKernelMemcpyUserToKernel(buf, (uintptr_t)kargs.argp, kargs.args);
487 if (sceKernelStrncpyUserToKernel(k_path, (uintptr_t)path, MAX_NAME_LEN) < MAX_NAME_LEN) {
488 ret = sceKernelLoadStartModuleForDriver(k_path, kargs.args, buf, kargs.flags, NULL, NULL);
489 LOG(
"loaded %s: %x", k_path, ret);
491 ret = sceKernelCreateUserUid(pid, ret);
492 LOG(
"user uid: %x", ret);
495 ret = TAI_ERROR_USER_MEMORY;
499 ret = TAI_ERROR_INVALID_ARGS;
502 LOG(
"invalid args size: %x", kargs.size);
503 ret = TAI_ERROR_USER_MEMORY;
506 ret = TAI_ERROR_NOT_ALLOWED;
524 char buf[MAX_ARGS_SIZE];
525 char k_path[MAX_NAME_LEN];
531 ENTER_SYSCALL(state);
532 if (sceSblACMgrIsShell(0)) {
534 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
535 if (kargs.size ==
sizeof(kargs)) {
536 if (kargs.args <= MAX_ARGS_SIZE) {
537 ret = sceKernelMemcpyUserToKernel(buf, (uintptr_t)kargs.argp, kargs.args);
539 if (sceKernelStrncpyUserToKernel(k_path, (uintptr_t)path, MAX_NAME_LEN) < MAX_NAME_LEN) {
540 ret = sceKernelLoadStartModuleForPid(kargs.pid, k_path, kargs.args, buf, kargs.flags, NULL, NULL);
541 LOG(
"loaded %s: %x", k_path, ret);
543 ret = sceKernelCreateUserUid(kargs.pid, ret);
544 LOG(
"user uid: %x", ret);
547 ret = TAI_ERROR_USER_MEMORY;
551 ret = TAI_ERROR_INVALID_ARGS;
554 LOG(
"invalid args size: %x", kargs.size);
555 ret = TAI_ERROR_USER_MEMORY;
558 ret = TAI_ERROR_NOT_ALLOWED;
578 char buf[MAX_ARGS_SIZE];
585 ENTER_SYSCALL(state);
586 pid = sceKernelGetProcessId();
587 if (sceSblACMgrIsShell(0)) {
589 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
590 if (kargs.size ==
sizeof(kargs)) {
591 if (kargs.args <= MAX_ARGS_SIZE && opt == NULL) {
592 kid = sceKernelKernelUidForUserUid(pid, modid);
594 ret = sceKernelMemcpyUserToKernel(buf, (uintptr_t)kargs.argp, kargs.args);
597 ret = sceKernelStopModuleForDriver(kid, kargs.args, buf, kargs.flags, NULL, &k_res);
599 sceKernelMemcpyKernelToUser((uintptr_t)res, &k_res,
sizeof(*res));
602 sceKernelDeleteUserUid(pid, modid);
606 LOG(
"Error getting kernel uid for %x: %x", modid, kid);
610 ret = TAI_ERROR_INVALID_ARGS;
613 LOG(
"invalid args size: %x", kargs.size);
614 ret = TAI_ERROR_USER_MEMORY;
617 ret = TAI_ERROR_NOT_ALLOWED;
639 ENTER_SYSCALL(state);
640 pid = sceKernelGetProcessId();
641 if (sceSblACMgrIsShell(0)) {
643 kid = sceKernelKernelUidForUserUid(pid, modid);
645 ret = sceKernelUnloadModuleForDriver(kid, flags, NULL);
647 sceKernelDeleteUserUid(pid, modid);
650 LOG(
"Error getting kernel uid for %x: %x", modid, kid);
654 ret = TAI_ERROR_INVALID_ARGS;
657 ret = TAI_ERROR_NOT_ALLOWED;
677 char buf[MAX_ARGS_SIZE];
684 ENTER_SYSCALL(state);
685 pid = sceKernelGetProcessId();
686 if (sceSblACMgrIsShell(0)) {
688 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
689 if (kargs.size ==
sizeof(kargs)) {
690 if (kargs.args <= MAX_ARGS_SIZE && opt == NULL) {
691 kid = sceKernelKernelUidForUserUid(pid, modid);
693 ret = sceKernelMemcpyUserToKernel(buf, (uintptr_t)kargs.argp, kargs.args);
696 ret = sceKernelStopUnloadModuleForDriver(kid, kargs.args, buf, kargs.flags, NULL, &k_res);
698 sceKernelMemcpyKernelToUser((uintptr_t)res, &k_res,
sizeof(*res));
701 sceKernelDeleteUserUid(pid, modid);
705 LOG(
"Error getting kernel uid for %x: %x", modid, kid);
709 ret = TAI_ERROR_INVALID_ARGS;
712 LOG(
"invalid args size: %x", kargs.size);
713 ret = TAI_ERROR_USER_MEMORY;
716 ret = TAI_ERROR_NOT_ALLOWED;
736 char buf[MAX_ARGS_SIZE];
742 ENTER_SYSCALL(state);
743 if (sceSblACMgrIsShell(0)) {
745 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
746 if (kargs.size ==
sizeof(kargs)) {
747 if (kargs.args <= MAX_ARGS_SIZE && opt == NULL) {
748 kid = sceKernelKernelUidForUserUid(kargs.pid, modid);
750 ret = sceKernelMemcpyUserToKernel(buf, (uintptr_t)kargs.argp, kargs.args);
753 ret = sceKernelStopModuleForPid(kargs.pid, kid, kargs.args, buf, kargs.flags, NULL, &k_res);
755 sceKernelMemcpyKernelToUser((uintptr_t)res, &k_res,
sizeof(*res));
758 sceKernelDeleteUserUid(kargs.pid, modid);
762 LOG(
"Error getting kernel uid for %x: %x", modid, kid);
766 ret = TAI_ERROR_INVALID_ARGS;
769 LOG(
"invalid args size: %x", kargs.size);
770 ret = TAI_ERROR_USER_MEMORY;
773 ret = TAI_ERROR_NOT_ALLOWED;
794 ENTER_SYSCALL(state);
795 if (sceSblACMgrIsShell(0)) {
797 kid = sceKernelKernelUidForUserUid(pid, modid);
799 ret = sceKernelUnloadModuleForPid(pid, kid, flags, NULL);
801 sceKernelDeleteUserUid(pid, modid);
804 LOG(
"Error getting kernel uid for %x: %x", modid, kid);
808 ret = TAI_ERROR_INVALID_ARGS;
811 ret = TAI_ERROR_NOT_ALLOWED;
831 char buf[MAX_ARGS_SIZE];
837 ENTER_SYSCALL(state);
838 if (sceSblACMgrIsShell(0)) {
840 sceKernelMemcpyUserToKernel(&kargs, (uintptr_t)args,
sizeof(kargs));
841 if (kargs.size ==
sizeof(kargs)) {
842 if (kargs.args <= MAX_ARGS_SIZE && opt == NULL) {
843 kid = sceKernelKernelUidForUserUid(kargs.pid, modid);
845 ret = sceKernelMemcpyUserToKernel(buf, (uintptr_t)kargs.argp, kargs.args);
848 ret = sceKernelStopUnloadModuleForPid(kargs.pid, kid, kargs.args, buf, kargs.flags, NULL, &k_res);
850 sceKernelMemcpyKernelToUser((uintptr_t)res, &k_res,
sizeof(*res));
853 sceKernelDeleteUserUid(kargs.pid, modid);
857 LOG(
"Error getting kernel uid for %x: %x", modid, kid);
861 ret = TAI_ERROR_INVALID_ARGS;
864 LOG(
"invalid args size: %x", kargs.size);
865 ret = TAI_ERROR_USER_MEMORY;
868 ret = TAI_ERROR_NOT_ALLOWED;
888 ENTER_SYSCALL(state);
889 if (sceSblACMgrIsShell(0)) {
892 ret = TAI_ERROR_NOT_ALLOWED;
896 return sceKernelMemcpyUserToKernel(kernel_dst, (uintptr_t)user_src, len);
920 ENTER_SYSCALL(state);
921 if (sceSblACMgrIsShell(0)) {
924 ret = TAI_ERROR_NOT_ALLOWED;
928 return sceKernelMemcpyKernelToUser((uintptr_t)user_dst, kernel_src, len);
940 int taiReloadConfig(
void) {
944 ENTER_SYSCALL(state);
945 if (sceSblACMgrIsShell(0)) {
948 ret = TAI_ERROR_NOT_ALLOWED;
SceUID taiLoadStartModuleForPidForUser(const char *path, tai_module_args_t *args)
Loads and starts a user module for another process.
int taiMemcpyKernelToUser(void *user_dst, const void *kernel_src, size_t len)
Copies data from kernel to user.
SceUID taiHookFunctionExportForKernel(SceUID pid, tai_hook_ref_t *p_hook, const char *module, uint32_t library_nid, uint32_t func_nid, const void *hook_func)
Add a hook to a module function export.
int taiHookReleaseForKernel(SceUID tai_uid, tai_hook_ref_t hook)
Release a hook.
Extended module information.
int taiMemcpyUserToKernel(void *kernel_dst, const void *user_src, size_t len)
Copies data from user to kernel.
uintptr_t tai_hook_ref_t
Hook information.
SceUID taiHookFunctionImportForKernel(SceUID pid, tai_hook_ref_t *p_hook, const char *module, uint32_t import_library_nid, uint32_t import_func_nid, const void *hook_func)
Add a hook to a module function import.
SceUID taiHookFunctionExportForUser(tai_hook_ref_t *p_hook, tai_hook_args_t *args)
Add a hook to a module function export for the calling process.
int taiStopKernelModuleForUser(SceUID modid, tai_module_args_t *args, void *opt, int *res)
Stops a kernel module.
SceUID taiHookFunctionOffsetForKernel(SceUID pid, tai_hook_ref_t *p_hook, SceUID modid, int segidx, uint32_t offset, int thumb, const void *hook_func)
Add a hook to a module manually with an offset.
int taiInjectReleaseForKernel(SceUID tai_uid)
Release an injection.
SceUID taiInjectDataForUser(tai_offset_args_t *args)
Inject data into the current process bypassing MMU flags given an offset.
SceUID taiHookFunctionImportForUser(tai_hook_ref_t *p_hook, tai_hook_args_t *args)
Add a hook to a module function import for the calling process.
int taiHookRelease(SceUID tai_uid, tai_hook_ref_t hook)
Release a hook for the calling process.
int taiGetModuleInfo(const char *module, tai_module_info_t *info)
Gets information on a currently loaded module.
int taiStartKernelModuleForUser(SceUID modid, tai_module_args_t *args, void *opt, int *res)
Starts a kernel module.
int taiUnloadModuleForPid(SceUID pid, SceUID modid, int flags, void *opt)
Unloads a user module for a process directly.
int hen_load_config(void)
Load tai config file.
int taiInjectRelease(SceUID tai_uid)
Release an injection for the calling process.
SceUID taiInjectAbsForKernel(SceUID pid, void *dest, const void *src, size_t size)
Injects data into a process bypassing MMU flags.
Pass offset arguments to kernel.
Pass module arguments to kernel.
SceUID taiLoadKernelModule(const char *path, int flags, void *opt)
Loads a kernel module.
SceUID taiInjectAbs(void *dest, const void *src, size_t size)
Injects data into the current process bypassing MMU flags.
SceUID taiInjectDataForKernel(SceUID pid, SceUID modid, int segidx, uint32_t offset, const void *data, size_t size)
Inject data into a process bypassing MMU flags given an offset.
Pass hook arguments to kernel.
int taiUnloadKernelModule(SceUID modid, int flags, void *opt)
Unloads a kernel module directly.
int taiStopModuleForPidForUser(SceUID modid, tai_module_args_t *args, void *opt, int *res)
Stops a user module for another process.
int taiGetModuleInfoForKernel(SceUID pid, const char *module, tai_module_info_t *info)
Gets information on a currently loaded module.
size_t size
Structure size, set to sizeof(tai_module_info_t)
SceUID taiLoadStartKernelModuleForUser(const char *path, tai_module_args_t *args)
Loads and starts a kernel module.
int taiStopUnloadModuleForPidForUser(SceUID modid, tai_module_args_t *args, void *opt, int *res)
Stops and unloads a user module for a process.
SceUID taiHookFunctionOffsetForUser(tai_hook_ref_t *p_hook, tai_offset_args_t *args)
Add a hook to a module manually with an offset for the calling process.
int taiStopUnloadKernelModuleForUser(SceUID modid, tai_module_args_t *args, void *opt, int *res)
Stops and unloads a kernel module.
