Difference between revisions of "Loader services"

From Nintendo Switch Brew
Jump to navigation Jump to search
(→‎ldr:ro: LoadNrrEx is a really weird command.)
Line 173: Line 173:
 
| 4 || [[#Initialize]]
 
| 4 || [[#Initialize]]
 
|-
 
|-
| 10 || [7.0.0+] ? (Takes a total of 0x18-bytes of input, an input handle and PID, no output)
+
| 10 || [7.0.0+] [[#LoadNrrEx]]
 
|}
 
|}
  
Line 205: Line 205:
  
 
== LoadNrr ==
 
== LoadNrr ==
 +
[7.0.0+] A new 8-bit field at NRR + 0x33C (previously padding) must be 0 for this function to succeed.
 +
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 250: Line 252:
 
| 2 || Always 0.
 
| 2 || Always 0.
 
|}
 
|}
 +
 +
== LoadNrrEx ==
 +
Takes in a u64 nrr_address, a u64 nrr_size, a pid descriptor, and a process handle.
 +
 +
First, this validates that the pid descriptor matches the pid for the process handle sent to this->Initialize() earlier.
 +
 +
Then, this calls the same function as LoadNrr, except using the passed process handle instead of the one sent to Initialize.
 +
 +
When called from an ro:1 session, the field at NRR header + 0x33C must be 0x1. When called from ldr:ro session, the field at NRR header + 0x33C must be 0x0.
  
 
= ro:1 =
 
= ro:1 =

Revision as of 23:41, 29 January 2019

ldr:dmnt

This is "nn::ldr::detail::IDebugMonitorInterface".

Cmd Name
0 AddProcessToDebugLaunchQueue
1 ClearDebugLaunchQueue
2 GetNsoInfos

AddProcessToDebugLaunchQueue

Same as AddProcessToLaunchQueue but for processes marked as debug.

ClearDebugLaunchQueue

Same as ClearLaunchQueue.

GetNsoInfos

Takes in a u64 ProcessID, and a C descriptor. Returns the number of NsoInfos copied to output.

NsoInfo has the following layout:

Offset Size Description
0x0 0x20 "Build ID", from NSO header+0x40.
0x20 0x8 Mapped address for this NSO
0x28 0x8 Mapped size for this NSO


ldr:pm

This is "nn::ldr::detail::IProcessManagerInterface".

Cmd Name
0 CreateProcess
1 #GetProgramInfo
2 #RegisterTitle
3 #UnregisterTitle

GetProgramInfo

Takes a TitleId + StorageId, parses the NPDM, and writes output to a C descriptor buffer as follows:

Offset Size Description
0x0 0x1 MainThreadPrio. Arg1 to svcStartProcess
0x1 0x1 DefaultCpuId. Arg2 to svcStartProcess
0x2 0x1 ApplicationType, see here.
0x3 0x1 Padding
0x4 0x4 MainThreadStackSize. Arg3 to svcStartProcess
0x8 0x8 TitleIdRange_Min
0x10 0x4 ACID Service Access Control list size
0x14 0x4 ACI0 Service Access Control list size
0x18 0x4 ACID FS Access Control buffer size
0x1C 0x4 ACI0 FS Access Control buffer size
0x20 <Varies> ACID Service Access Control list
<Varies> <Varies> ACI0 Service Access Control list
<Varies> <Varies> ACID FS Access Control buffer
<Varies> <Varies> ACI0 FS Access Control

RegisterTitle

Takes a TitleId + StorageId, returns an index.

UnregisterTitle

Takes the index from #RegisterTitle.

ldr:shel

This is "nn::ldr::detail::IShellInterface".

Cmd Name
0 #AddProcessToLaunchQueue
1 #ClearLaunchQueue

AddProcessToLaunchQueue

Takes a type-0x19 input buffer with launch arguments (as string), an u32 (size of arguments string), and an input title-id.

Loads a process for the specified title-id and passes along the supplied arguments. Loaded processes are kept in a queue waiting for PM to launch them. The maximum number of waiting processes in this list is 10.

ClearLaunchQueue

Clears the loaded processes waiting queue.

ldr:ro

[1.0.0-2.3.0] This is "nn::ldr::detail::IRoInterface"

[3.0.0+] This is "nn::ro::detail::IRoInterface".

Cmd Name
0 #LoadNro
1 UnloadNro
2 #LoadNrr
3 UnloadNrr
4 #Initialize
10 [7.0.0+] #LoadNrrEx

LoadNro

Word Value
0 0x00000004
1 0x80000012
2 0x00000001
0-1 Pid
0 "SCFI"
1 0x00000000
2 Always 0.
3 Nro heap address
4 Nro size
5 Bss backing heap address
6 Bss size

LoadNrr

[7.0.0+] A new 8-bit field at NRR + 0x33C (previously padding) must be 0 for this function to succeed.

Word Value
0 0x00000004
1 0x8000000E
2 0x00000001
0-1 Pid
0 "SFCI"
1 0x00000002
2 Always 0.
3 Nrr address
4 Nrr size

Initialize

Word Value
0 0x00000004
1 0x8000000A
2 0x00000003
0-1 Pid
2 Process handle (0xFFFF8001)
0 "SFCI"
1 0x00000004
2 Always 0.

LoadNrrEx

Takes in a u64 nrr_address, a u64 nrr_size, a pid descriptor, and a process handle.

First, this validates that the pid descriptor matches the pid for the process handle sent to this->Initialize() earlier.

Then, this calls the same function as LoadNrr, except using the passed process handle instead of the one sent to Initialize.

When called from an ro:1 session, the field at NRR header + 0x33C must be 0x1. When called from ldr:ro session, the field at NRR header + 0x33C must be 0x0.

ro:1

Added to ro-sysmodule with 7.0.0. This doesn't seem to have a cmd-handler (?).