mathewwi / valentine-hbl Goto Github PK

The particular example of T.O.M.E. is good because (as I mentionned it 
before) it is a game with simple functions, yet it is quite big, and well 
programmed, enough to let us know what's going on. + it's open source 
which helps debugging.

In rev49 if I run T.O.M.E, it gives a "core failed" message. Which is 
actually because of a malloc failure (quite easy to trace but I'll upload 
a lightly modified EBOOT later).

The way malloc works in the PSPSDK is this way:
The first time malloc is called, the SDK does:
1) a call to maxFreeMemory
2) a call to sceKernelPartitionAlloc(maxMemory)

then an internal data structure handles the following calls.

the "FAKEMEM" macro in HBL creates fake functions for maxFreeMem and 
sceKernelPartitionAlloc, in order to overcome the problem that we have not 
enough free ram (actually we do but the system doesn't seem to realize it).

We believed that unloading the "Labo" module would solve that problem, 
which is not entirely true: PSPLINK now sees the memory as freed, but 
Homebrews don't.

We need to investigate and fix this issue. as a workaround, the "FAKEMEM" 
system is still a valid alternative, but needs to be improved to be more 
robust and clean.

The weird thing: we have no problem calling sceKernelPartitionAlloc from 
the HBL, so why is malloc failing in homebrews ? a problem with 
maxFreeMem ?

What causes the widespread error "CANNOT DELETE THREAD user_main"? Please
comment about what issues could be causing this.

I've located a few lowest syscalls in kernel memory, but as it only works
on PSP Go,I need to distinguish between Go and other PSP models to access
kernel syscall tables. Otherwise non-Go models will just crash.

Any ideas about this?

Fork from issue 17:

Wololo:
However To confirm some of my suspicions: right now we even assign a
syscall to a
function B, when we ALREADY know that this syscall is assigned to a function A.
For example:

0x369ED59D 0x00002154 (imported function sceKernelGetSystemTimeLow)

but later we do the following estimation:
=ESTIMATING ThreadManForUser : 0x94416130
--LOWEST SYSCALL ON LIBRARY:  0x00002100
--ESTIMATED  0x00002154

Which is of course wrong :)

We should move all files except h.bin into an hbl subfolder so that
people's MS root becomes a bit cleaner

What steps will reproduce the problem?
1. load rev40 through exploit
2. loads up and frees memory but gives "Error no files found (sceIoDopen 
Sytemcall estim"

What is the expected output? What do you see instead? hbl menu like r38


What version of the product are you using? On what operating system?

 psp 3000 6.20 r40

much encouragement, I hope soon we can all enjoy their "Final Release".

when exiting a game, its threads should be exited properly, which is not
the case right now.
We also need to make sure the menu and HBL threads are deleted when necessary.

Weinersyum, you probably don't want to mess up with a system owned by 
google. 

Check other user mode modules to have more libraries and syscalls, thus
improving syscall estimation.

We definitely need a logo for HBL xD

I've started a contest here:
http://daxhordes.org/forum/viewtopic.php?f=14&t=2900. Click on the spoiler
on the first post to check out proposed logos. 

All developers are invited to vote on their favorites! ;)

Check if the .nids files are correct.

This is not really a problem but something I think you all should take a
look at. I tested the HBL Rev49 on my PSPGo (6.20) and It would not load
the menu or any hb like it did on Rev41. I decided to try HBL Rev 49 using
the h.bin from Rev41 to find that it will load the Menu and I can choose a
homebrew and play. Doing it this way I was successful in loading
BreakOut4PSP and Squarez Puzzle which would not run previously. This means
there are going to be Hombrew compatibility on the PSPGo with 6.20.
Just thought I would let you know. 

I always get errors when deleting callbacks:

--> ERROR 0x800201A1 DELETING MS CALLBACK
--> ERROR 0x800201A1 DELETING UMD CALLBACK
--> ERROR 0x80010016 GETTING MS CALLBACK 2
--> ERROR 0x800201A1 DELETING MS CALLBACK 2

0x800201A1 -> SCE_KERNEL_ERROR_UNKNOWN_CBIDç

This most likely means the CB ID is incorrect, thus the pointers we have on
the free_game_memory() function are incorrect.

0x80010016 -> what this error code stands for?

r39 is a working revision (see dbglog in the attachments), but where do I
place the hombrew files?

We should erase the contents of dbglog when the eLoader start, to ease the
testing work

http://advancedpsp.tk/foro_es/viewtopic.php?p=3850#p3850

Need confirmation about this patch

revision 37 introduces new config files that eLoaderconf.rb should be able
to generate.

1. Start Patapon 2, load exploit savedata (new)
2. Press "R" and it loads HBL r35
3. HBL ==> Build nids table ==> Resolving missing stubs ==> Free memory ==>
No freeze, no exit to XMB, but just Patapon 2's annoying music -.-"
And if I press the "PS" button (I have PSP 3004 with OFW 6.20, and PS
button = Home button), it freezes and shutting down. And here is what I do
(I was wrong or the HBL r35 was wrong?):
1. cd [HBL\eLoader directory]
2. make clean
3. cd [HBL\eLoader\tools\umem dumper directory]
4. make clean
5. cd [HBL directory]
6. TortoiseProc.exe /command:update /closeonend:1 /path:"c:\PspHbl\" (SVN
update)
7. cd [HBL\eLoader directory]
8. Copy files to the PSP (I:\ is my PSP drive):
   cd C:\PspHbl\eLoader\config
   COPY imports.config_6xx i:\hbl\config\imports.config_6xx /y
   COPY imports.config_50x i:\hbl\config\imports.config_50x /y
   COPY imports.config_55x i:\hbl\config\imports.config_55x /y
   COPY imports.config_570 i:\hbl\config\imports.config_570 /y
   cd C:\PspHbl\eLoader
   XCOPY libs_6xx i:\hbl\libs_6xx /y /e
   XCOPY libs_5xx i:\hbl\libs_5xx /y /e
   XCOPY tools i:\hbl\tools /y /e
   COPY hbl.bin i:\hbl\hbl.bin /y
   COPY menu.bin i:\hbl\menu.bin /y
   COPY h.bin i:\ /y
9. Run the exploit on the PSP

Add sceHprm.nids for 6.XX libs.

Being able to re-estimate syscalls if they fail. Should the process be
automatical (how?) or manual?

Create a Homebrew folder and only list this folder.

I have too many games and demos and the list its too longer.

Thanks for the job.

HBL get stuck on "Build Nids table" on 6.XX. This is most likely because on
6.XX the other user modules have different addresses and/or different
.lib.stub addresses.

6.20 FW seems not to like the way we free memory. Hangs there most of the time.

Maybe it's a problem with hardcoded addresses, which may differ in 6.20.

Why homebrews get stuck on "Please Wait" screen to exit?

After saying "Resolving missing stubs", it quits to the XMB. I have a PSP
3004 with OFW 6.20. Dbglog: ...ERROR: CANNOT OPEN .NIDS FILE
ms0:/hbl/libs/IoFileMgrForUser.nids (full dbglog:
http://www.mediafire.com/?mmgmt3fwjmw)
So, I think, You need to create a mechanism that copies your firmware's
needed files to libs. Example: [if 6.xx OFW] Copy ms0:/hbl/libs_6xx to
ms0:/hbl/libs and copy ms0:/hbl/config/imports.config_6xx to
ms0:/hbl/config/imports.config.
I'm not a PSP developer, it is just an idea.

Keep up the good work and have a nice day!
jojatekok

The Homebrew Menu says: Error, no files found (sceIoOpen syscall...). But
ms0:/PSP/GAME/ is not empty.

Weinersyum, you probably don't want to mess up with a system owned by 
google. 

This is definitely an enhancement.

A menu application that is capable of loading other applications and modules. 
Similar to that of the 
old eloader emenu--.

The current menu is simply impractical.

This is an enhancement.

Many homebrews have been unable to load because they consist of multiple 
modules. The initial 
main module may load fine but when attempting to load external modules it 
errors out or crashes 
the system.

If this is fixed, many homebrew will successfully run.

Weinersyum, you probably don't want to mess up with a system owned by 
google. 

char file_path[MAX_LIBRARY_NAME_LENGTH + 4];

Obviously toooooo small. I had some NID value corruption, most likely a
stack buffer overflow.

HBL doesn't resolve user mode system calls (using J instruction, not
SYSCALL). This can be done analyzing user mode loaded modules for exports.

Weinersyum, you probably don't want to mess up with a system owned by 
google. 

We should be able to unload the game main module and maintain HBL running
somehow. For now, wololo succeded at stop/unload Labo, but HBL also
stopped. Wololo if you can, please reproduce this.

After 24 revisions PSP hangs at the stage of the withdrawal inscription
"build nids tables".

PSP OFW 5.51

Please Help!

2010/04/17 (CoD3r-D)
- Added gfx.c & gfx.h
- Fixed syscall.c & syscall.h
- Added more functions
- Fixed config.h & added new functions
- Changed LICENCE
- Added checkhomb.exe (Work or not work pbps)
- Added kernel.h (Only TEST) User mode to kernel mode
- Added MAC address grabber (Prints your MAC address in ms0:/mac.txt)

Download 
http://www.multiupload.com/6RX2TOOUFS
Download (Source Code)
http://www.multiupload.com/VV741SM1S9

Seems syscall randomization has been changed again on 6.XX FW. Thus our
estimation method do not work as expected.

Based on ab5000 analysis here:
http://advancedpsp.tk/foro_es/viewtopic.php?p=1301#p1301

Please don't fool around with the bug tracker, you're wasting our time.

In the line:   #define ELF_PATH HBL_ROOT"GAMEeboot.elf" missing sign "/"

It must be so: #define ELF_PATH HBL_ROOT"GAME/eboot.elf"
;)

Hi! Sorry, but I have to announce this:
I made a HBL auto-compiler system for people who can't compile the files.
Compiler in the attachment ;)

Currently people have to manually change some settings based on their
firmware (copy nids for 5.xx and 6.xx).
Let's try to figure out an automated way of detecting the firmware running HBL

I guess the summary says it all

Ok so i have a PSPGo OFW 6.20

When i load the savegame in Patapon from my MS, then press R my PSPGo will
freeze (No black screen or anything will appear from HBL i still see the
patapon game screen) then PSPGo shuts itself off.

dbglog says: Loader running

If i try like 7 times it will then say Loader running Loader running Loader
running Loader running ETC ETC.

BUT if i load it all from the PSPGo's System storage it runs fine and
detects my correct firmware and PSP Type (Go)....

All the other revisions (Tested from Rev 49 and down) worked on my PSPGo in
the past on both MS and System Storage so i dunno why this one will not.

firmware 6.20 PSP 3001

Seems that on r41 menu works just fine on 5.00. But sometimes it just hangs
when you try to load a homebrew, but psplink gives no exception, so there's
something wrong with the way we launch the ELF, or some syscall is badly
estimated (I don't think so because on earlier HBL versions these homebrews
worked just fine).

sceHPRM NID is not present in the libs file causing future incompatibility for 
SDL projects.

Any way to reset sound hardware when HBL loads? This may get rid of sound
problems. But I don't have any experience with PSP sound functions, so I
don't know how this can be done :P

sceAudioChRelease()? sceAudioSRCChRelease()? 

What steps will reproduce the problem?
1. Executing the HBL
2. The pspgo Crashes
3. PspGo writes on screen "Error file not found scdeIOpen"

What is the expected output? What do you see instead?
Error file not found scdeIOpen

What version of the product are you using? On what operating system?
6.20 PSPGO

Please provide any additional information below.
This error its from the first version of hbl.