2,956
edits
Changes
no edit summary
! Cmd || Name
! Cmd || Name
|-
|-
| 0 || [[#InitUsbTransferPipeFsFile|InitUsbTransferPipeFsFile]]
| 0 || [[#InitializeForUfio|InitializeForUfio]]
|-
|-
| 1 || [[#FsFile_Exists|FsFile_Exists]]
| 1 || [[#GetFileSize|GetFileSize]]
|-
|-
| 2 || [[#FsFile_Read|FsFile_Read]]
| 2 || [[#ReadFromHost|ReadFromHost]]
|-
|-
| 3 || [[#FsFile_Write|FsFile_Write]]
| 3 || [[#WriteToHost|WriteToHost]]
|-
|-
| 4 || [[#InitUsbTransferPipeRaw|InitUsbTransferPipeRaw]]
| 4 || [[#InitializeForUsbTransfer|InitializeForUsbTransfer]]
|-
|-
| 5 || [[#Raw_Read|Raw_Read]]
| 5 || [[#UsbRead|UsbRead]]
|-
|-
| 6 || [[#Raw_Write|Raw_Write]]
| 6 || [[#UsbWrite|UsbWrite]]
|-
|-
| 7 || [7.0.0+]
| 7 || [7.0.0+]
|-
|-
| 8 || [7.0.0+]
| 8 || [14.0.0+]
|}
|}
SerialNumber: "SerialNumber"
SerialNumber: "SerialNumber"
[[SystemInitializer]] only uses cmd1..cmd3.
[7.0.0+] USB is now configured as:
VID: 0x057E (Nintendo Co., Ltd)
PID: 0x3003
bcdDevice: 0x0100 (1.00)
Manufacturer: "Nintendo"
Product: "NintendoSdkManufacturing"
SerialNumber: "SerialNumber"
== InitializeForUfio ==
Takes an input u32. No output.
Configures a transfer pipe over [[USB_services|usb:ds]] for file access mode.
== FsFile_Exists ==
== GetFileSize ==
Takes an input path string (type-0x9 buffer), returns 8-bytes for the output u8 flag.
Takes a type-0x9 input buffer containing a path string. Returns an output u64.
Checks whether the specified file exists.
Checks whether the specified file exists.
== ReadFromHost ==
Takes a type-0x6 output buffer, a type-0x9 input buffer containing a path string and three u64s '''OutSize''', '''Offset''' and '''InSize'''. No output.
== FsFile_Read ==
Takes a type-0x6 output buffer and a type-0x9 input string path buffer, and 3 u64s: <same size value from databuf>, unk, <same size value from databuf>. Where unk is probably offset?
Reads data from the specified file.
Reads data from the specified file.
== FsFile_Write ==
== WriteToHost ==
Takes a type-0x5 input buffer, a type-0x9 input buffer containing a path string and three u64s '''OutSize''', '''Offset''' and '''InSize'''. No output.
Writes data to the specified file.
Writes data to the specified file.
== InitializeForUsbTransfer ==
Takes an input u32. No output.
Configures a transfer pipe over [[USB_services|usb:ds]] for raw access mode.
== Raw_Read ==
== UsbRead ==
Takes a type-0x6 output buffer and 2 u64s: '''offset''' and '''size'''.
Takes a type-0x6 output buffer and two u64s '''Offset''' and '''Size'''. No output.
Reads raw data from the device.
Reads raw data from the device.
== Raw_Write ==
== UsbWrite ==
Takes a type-0x5 input buffer and 2 u64s: '''offset''' and '''size'''.
Takes a type-0x5 input buffer and two u64s '''Offset''' and '''Size'''. No output.
Writes raw data to the device.
Writes raw data to the device.
== Cmd7 ==
Takes a type-0x9 input buffer containing a path string. No output.
== Cmd8 ==
Takes a type-0x9 input buffer containing a path string. No output.
= Protocol =
== CommandId ==
{| class="wikitable" border="1"
|-
! Value || Name
|-
| 1 || [[#GetFileSize|GetFileSize]]
|-
| 2 || [[#ReadFromHost|ReadFromHost]]
|-
| 3 || [[#WriteToHost|WriteToHost]]
|-
| 4 || [[#Cmd7]]
|-
| 5 || [[#Cmd8]]
|}
== ServerCommandId ==
{| class="wikitable" border="1"
|-
! Value || Name
|-
| 1 || LaunchProgram
|-
| 2 || Shutdown
|-
| 3 || Reboot
|-
| 5 || GetReports
|}
Unofficial names.
Unrecognized commands are handled by just returning 0.
Shutdown/Reboot were added at some point after LaunchProgram, these are present in [9.1.0] (exact version which added these is unknown). These call the SystemApplet Main() func (also used by qlaunch) with a funcptr to call the relevant [[Applet_Manager_services|am]] IGlobalStateController StartShutdownSequence/StartRebootSequence cmd.
=== LaunchProgram ===
This essentially supports launching a specified program ([[NS_services|ns:dev]], [[PGL_services|pgl]] in newer versions) with the input arguments passed to [[Loader_services|ldr:shel]], etc.
The u64 at [[#Command|payload]]+0 is the ProgramId, while the rest of the data is passed as the ldr:shel arguments buffer (size is determined from the payload size).
This first terminates the previously launched process, if the PID field is still set (TerminateProcess). Then the arguments are passed to ldr:shel (SetProgramArgument), if required FlushArguments is used then SetProgramArgument is used again. Then LaunchProgram is used with the input ProgramId and BuiltInSystem, launch_flags=0x1, and pgl_launch_flags=0x0. Then SetProgramArgument is used to clear the program arguments (empty string is passed).
Then pgl IEventObserver is used to wait on process events. When events Exited/DebugRunning occur for the launched program, TerminateProcess is used with that PID with the stored PID being cleared, then the wait loop exits. Other events result in the wait loop continuing. Event-wait timeout will result in breaking from the loop, without process-termination. The timeout in nanoseconds is 10 days.
Lastly cleanup is done, then the func returns.
=== GetReports ===
This was added at some point after Shutdown/Reboot, this is present in [14.0.0] (exact version which added this is unknown). The command payload data contains a s32 path_size, followed by a NUL-terminated string with that size. After loading the input string, a handler func is called with this string.
This essentially loads the error reports from [[Error_Report_services|erpt:r]] (GetReportList and reads each report). Once finished it calls the IPC vfunc for [[#WriteFile|WriteFile]] with the data buffer, and with the path from: <code>nn::util::SNPrintf(out, 0x100, "%s/%s", inarg_path, tmpstr);</code> Where tmpstr is from the following earlier: <code>nn::util::SNPrintf(tmpstr, 0x20, "%s%02d.txt", "_report", cur_report_index);</code>
== Command ==
{| class="wikitable" border="1"
|-
! Offset || Size || Description
|-
| 0x0 || 0x8 || Magicnum (0xDEADCAFEDEADCAFE)
|-
| 0x8 || 0x4 || [[#CommandId|CommandId]] when sent to the remote device, [[#ServerCommandId|ServerCommandId]] for received commands.
|-
| 0xC || 0x4 || Padding
|-
| 0x10 || 0x8 || Payload size
|}
The payload data with the above size follows.
After [[#WriteFile|WriteFile]] sends the file-data, it reads an additional [[#Response|Response]].
== Response ==
{| class="wikitable" border="1"
|-
! Offset || Size || Description
|-
| 0x0 || 0x8 || Ignored by manu.
|-
| 0x8 || 0x4 || Status, non-zero indicates error.
|-
| 0xC || 0x4 || Padding
|-
| 0x10 || 0x8 || Output value if any. May be returned by the service commands.
|}
[[#ReadFile|ReadFile]] additionally returns the requested file-data, followed by another [[#Response|Response]].
== CommandServerStatus ==
{| class="wikitable" border="1"
|-
! Offset || Size || Description
|-
| 0x0 || 0x4 || Status, non-zero indicates error.
|}
== CommandServerResponse ==
{| class="wikitable" border="1"
|-
! Offset || Size || Description
|-
| 0x0 || 0x4 || Status, non-zero indicates error.
|-
| 0x4 || 0x4 || Padding
|-
| 0x8 || 0x4 || Result from handling the [[#ServerCommandId|ServerCommandId]].
|}
= Notes =
There's a total of 3 threads: 2 for the IPC handler threads (which send commands to the remote device and gets the response). And there's the separate nn::manu::CommandServer::RunThread, which receives commands from the remote device and sends replies. This latter thread runs regardless of any service commands being used.
[[Category:Services]]
[[Category:Services]]