Difference between revisions of "SVC"

From Nintendo Switch Brew
Jump to navigation Jump to search
(Page cleanup - the end)
Line 3: Line 3:
 
= System calls =
 
= System calls =
 
{| class=wikitable
 
{| class=wikitable
! Id || Name || In || Out
+
! Id || Name
 
|-
 
|-
|  0x1 || [[#SetHeapSize]] || ||
+
|  0x1 || [[#SetHeapSize]]
 
|-
 
|-
|  0x2 || [[#SetMemoryPermission]] || ||
+
|  0x2 || [[#SetMemoryPermission]]
 
|-
 
|-
|  0x3 || [[#SetMemoryAttribute]] || ||
+
|  0x3 || [[#SetMemoryAttribute]]
 
|-
 
|-
|  0x4 || [[#MapMemory]] || ||
+
|  0x4 || [[#MapMemory]]
 
|-
 
|-
|  0x5 || [[#UnmapMemory]] || ||
+
|  0x5 || [[#UnmapMemory]]
 
|-
 
|-
|  0x6 || [[#QueryMemory]] || ||
+
|  0x6 || [[#QueryMemory]]
 
|-
 
|-
|  0x7 || [[#ExitProcess]] || ||
+
|  0x7 || [[#ExitProcess]]
 
|-
 
|-
|  0x8 || [[#CreateThread]] || ||
+
|  0x8 || [[#CreateThread]]
 
|-
 
|-
|  0x9 || [[#StartThread]] || ||
+
|  0x9 || [[#StartThread]]
 
|-
 
|-
|  0xA || [[#ExitThread]] || ||
+
|  0xA || [[#ExitThread]]
 
|-
 
|-
|  0xB || [[#SleepThread]] || ||
+
|  0xB || [[#SleepThread]]
 
|-
 
|-
|  0xC || [[#GetThreadPriority]] || ||
+
|  0xC || [[#GetThreadPriority]]
 
|-
 
|-
|  0xD || [[#SetThreadPriority]] || ||
+
|  0xD || [[#SetThreadPriority]]
 
|-
 
|-
|  0xE || [[#GetThreadCoreMask]] || ||
+
|  0xE || [[#GetThreadCoreMask]]
 
|-
 
|-
|  0xF || [[#SetThreadCoreMask]] || ||
+
|  0xF || [[#SetThreadCoreMask]]
 
|-
 
|-
| 0x10 || [[#GetCurrentProcessorNumber]] || ||
+
| 0x10 || [[#GetCurrentProcessorNumber]]
 
|-
 
|-
| 0x11 || [[#SignalEvent]] || ||
+
| 0x11 || [[#SignalEvent]]
 
|-
 
|-
| 0x12 || [[#ClearEvent]] || ||
+
| 0x12 || [[#ClearEvent]]
 
|-
 
|-
| 0x13 || [[#MapSharedMemory]] || ||
+
| 0x13 || [[#MapSharedMemory]]
 
|-
 
|-
| 0x14 || [[#UnmapSharedMemory]] || ||
+
| 0x14 || [[#UnmapSharedMemory]]
 
|-
 
|-
| 0x15 || [[#CreateTransferMemory]] || ||
+
| 0x15 || [[#CreateTransferMemory]]
 
|-
 
|-
| 0x16 || [[#CloseHandle]] || ||
+
| 0x16 || [[#CloseHandle]]
 
|-
 
|-
| 0x17 || [[#ResetSignal]] || ||
+
| 0x17 || [[#ResetSignal]]
 
|-
 
|-
| 0x18 || [[#WaitSynchronization]] || ||
+
| 0x18 || [[#WaitSynchronization]]
 
|-
 
|-
| 0x19 || [[#CancelSynchronization]] || ||
+
| 0x19 || [[#CancelSynchronization]]
 
|-
 
|-
| 0x1A || [[#ArbitrateLock]] || ||
+
| 0x1A || [[#ArbitrateLock]]
 
|-
 
|-
| 0x1B || [[#ArbitrateUnlock]] || ||
+
| 0x1B || [[#ArbitrateUnlock]]
 
|-
 
|-
| 0x1C || [[#WaitProcessWideKeyAtomic]] || ||
+
| 0x1C || [[#WaitProcessWideKeyAtomic]]
 
|-
 
|-
| 0x1D || [[#SignalProcessWideKey]] || ||
+
| 0x1D || [[#SignalProcessWideKey]]
 
|-
 
|-
| 0x1E || [[#GetSystemTick]] || ||
+
| 0x1E || [[#GetSystemTick]]
 
|-
 
|-
| 0x1F || [[#ConnectToNamedPort]] || ||
+
| 0x1F || [[#ConnectToNamedPort]]
 
|-
 
|-
| 0x20 || [[#SendSyncRequestLight]] || ||
+
| 0x20 || [[#SendSyncRequestLight]]
 
|-
 
|-
| 0x21 || [[#SendSyncRequest]] || ||
+
| 0x21 || [[#SendSyncRequest]]
 
|-
 
|-
| 0x22 || [[#SendSyncRequestWithUserBuffer]] || ||
+
| 0x22 || [[#SendSyncRequestWithUserBuffer]]
 
|-
 
|-
| 0x23 || [[#SendAsyncRequestWithUserBuffer]] || ||
+
| 0x23 || [[#SendAsyncRequestWithUserBuffer]]
 
|-
 
|-
| 0x24 || [[#GetProcessId]] || ||
+
| 0x24 || [[#GetProcessId]]
 
|-
 
|-
| 0x25 || [[#GetThreadId]] || ||
+
| 0x25 || [[#GetThreadId]]
 
|-
 
|-
| 0x26 || [[#Break]] || ||
+
| 0x26 || [[#Break]]
 
|-
 
|-
| 0x27 || [[#OutputDebugString]] || ||
+
| 0x27 || [[#OutputDebugString]]
 
|-
 
|-
| 0x28 || [[#ReturnFromException]] || ||
+
| 0x28 || [[#ReturnFromException]]
 
|-
 
|-
| 0x29 || [[#GetInfo]] || ||
+
| 0x29 || [[#GetInfo]]
 
|-
 
|-
| 0x2A || [[#FlushEntireDataCache]] || ||
+
| 0x2A || [[#FlushEntireDataCache]]
 
|-
 
|-
| 0x2B || [[#FlushDataCache]] || ||
+
| 0x2B || [[#FlushDataCache]]
 
|-
 
|-
| 0x2C || [3.0.0+] [[#MapPhysicalMemory]] || ||
+
| 0x2C || [3.0.0+] [[#MapPhysicalMemory]]
 
|-
 
|-
| 0x2D || [3.0.0+] [[#UnmapPhysicalMemory]] || ||
+
| 0x2D || [3.0.0+] [[#UnmapPhysicalMemory]]
 
|-
 
|-
| 0x2E || [5.0.0+] [[#GetFutureThreadInfo]] || ||
+
| 0x2E || [5.0.0+] [[#GetFutureThreadInfo]]
 
|-
 
|-
| 0x2F || [[#GetLastThreadInfo]] || ||
+
| 0x2F || [[#GetLastThreadInfo]]
 
|-
 
|-
| 0x30 || [[#GetResourceLimitLimitValue]] || ||
+
| 0x30 || [[#GetResourceLimitLimitValue]]
 
|-
 
|-
| 0x31 || [[#GetResourceLimitCurrentValue]] || ||
+
| 0x31 || [[#GetResourceLimitCurrentValue]]
 
|-
 
|-
| 0x32 || [[#SetThreadActivity]] || ||
+
| 0x32 || [[#SetThreadActivity]]
 
|-
 
|-
| 0x33 || [[#GetThreadContext3]] || ||
+
| 0x33 || [[#GetThreadContext3]]
 
|-
 
|-
| 0x34 || [4.0.0+] [[#WaitForAddress]] || ||
+
| 0x34 || [4.0.0+] [[#WaitForAddress]]
 
|-
 
|-
| 0x35 || [4.0.0+] [[#SignalToAddress]] || ||
+
| 0x35 || [4.0.0+] [[#SignalToAddress]]
 
|-
 
|-
| 0x36 || [8.0.0+] [[#SynchronizePreemptionState]] || ||
+
| 0x36 || [8.0.0+] [[#SynchronizePreemptionState]]
 
|- style="border-top: double"
 
|- style="border-top: double"
| 0x3C || [4.0.0+] [[#KernelDebug]] ([1.0.0-3.0.2] [[#DumpInfo]]) || ||
+
| 0x3C || [4.0.0+] [[#KernelDebug]] ([1.0.0-3.0.2] [[#DumpInfo]])
 
|-
 
|-
| 0x3D || [4.0.0+] [[#ChangeKernelTraceState]] || ||
+
| 0x3D || [4.0.0+] [[#ChangeKernelTraceState]]
 
|- style="border-top: double"
 
|- style="border-top: double"
| 0x40 || [[#CreateSession]] || ||
+
| 0x40 || [[#CreateSession]]
 
|-
 
|-
| 0x41 || [[#AcceptSession]] || ||
+
| 0x41 || [[#AcceptSession]]
 
|-
 
|-
| 0x42 || [[#ReplyAndReceiveLight]] || ||
+
| 0x42 || [[#ReplyAndReceiveLight]]
 
|-
 
|-
| 0x43 || [[#ReplyAndReceive]] || ||
+
| 0x43 || [[#ReplyAndReceive]]
 
|-
 
|-
| 0x44 || [[#ReplyAndReceiveWithUserBuffer]] || ||
+
| 0x44 || [[#ReplyAndReceiveWithUserBuffer]]
 
|-
 
|-
| 0x45 || [[#CreateEvent]] || ||
+
| 0x45 || [[#CreateEvent]]
 
|- style="border-top: double"
 
|- style="border-top: double"
| 0x48 || [5.0.0+] [[#MapPhysicalMemoryUnsafe]] || ||
+
| 0x48 || [5.0.0+] [[#MapPhysicalMemoryUnsafe]]
 
|-
 
|-
| 0x49 || [5.0.0+] [[#UnmapPhysicalMemoryUnsafe]] || ||
+
| 0x49 || [5.0.0+] [[#UnmapPhysicalMemoryUnsafe]]
 
|-
 
|-
| 0x4A || [5.0.0+] [[#SetUnsafeLimit]] || ||
+
| 0x4A || [5.0.0+] [[#SetUnsafeLimit]]
 
|-
 
|-
| 0x4B || [4.0.0+] [[#CreateCodeMemory]] || ||
+
| 0x4B || [4.0.0+] [[#CreateCodeMemory]]
 
|-
 
|-
| 0x4C || [4.0.0+] [[#ControlCodeMemory]] || ||
+
| 0x4C || [4.0.0+] [[#ControlCodeMemory]]
 
|-
 
|-
| 0x4D || [[#SleepSystem]] || ||
+
| 0x4D || [[#SleepSystem]]
 
|-
 
|-
| 0x4E || [[#ReadWriteRegister]] || ||
+
| 0x4E || [[#ReadWriteRegister]]
 
|-
 
|-
| 0x4F || [[#SetProcessActivity]] || ||
+
| 0x4F || [[#SetProcessActivity]]
 
|-
 
|-
| 0x50 || [[#CreateSharedMemory]] || ||
+
| 0x50 || [[#CreateSharedMemory]]
 
|-
 
|-
| 0x51 || [[#MapTransferMemory]] || ||
+
| 0x51 || [[#MapTransferMemory]]
 
|-
 
|-
| 0x52 || [[#UnmapTransferMemory]] || ||
+
| 0x52 || [[#UnmapTransferMemory]]
 
|-
 
|-
| 0x53 || [[#CreateInterruptEvent]] || ||
+
| 0x53 || [[#CreateInterruptEvent]]
 
|-
 
|-
| 0x54 || [[#QueryPhysicalAddress]] || ||
+
| 0x54 || [[#QueryPhysicalAddress]]
 
|-
 
|-
| 0x55 || [[#QueryIoMapping]] || ||
+
| 0x55 || [[#QueryIoMapping]]
 
|-
 
|-
| 0x56 || [[#CreateDeviceAddressSpace]] || ||
+
| 0x56 || [[#CreateDeviceAddressSpace]]
 
|-
 
|-
| 0x57 || [[#AttachDeviceAddressSpace]] || ||
+
| 0x57 || [[#AttachDeviceAddressSpace]]
 
|-
 
|-
| 0x58 || [[#DetachDeviceAddressSpace]] || ||
+
| 0x58 || [[#DetachDeviceAddressSpace]]
 
|-
 
|-
| 0x59 || [[#MapDeviceAddressSpaceByForce]] || ||
+
| 0x59 || [[#MapDeviceAddressSpaceByForce]]
 
|-
 
|-
| 0x5A || [[#MapDeviceAddressSpaceAligned]] || ||
+
| 0x5A || [[#MapDeviceAddressSpaceAligned]]
 
|-
 
|-
| 0x5B || [[#MapDeviceAddressSpace]] || ||
+
| 0x5B || [[#MapDeviceAddressSpace]]
 
|-
 
|-
| 0x5C || [[#UnmapDeviceAddressSpace]] || ||
+
| 0x5C || [[#UnmapDeviceAddressSpace]]
 
|-
 
|-
| 0x5D || [[#InvalidateProcessDataCache]] || ||
+
| 0x5D || [[#InvalidateProcessDataCache]]
 
|-
 
|-
| 0x5E || [[#StoreProcessDataCache]] || ||
+
| 0x5E || [[#StoreProcessDataCache]]
 
|-
 
|-
| 0x5F || [[#FlushProcessDataCache]] || ||
+
| 0x5F || [[#FlushProcessDataCache]]
 
|-
 
|-
| 0x60 || [[#DebugActiveProcess]] || ||
+
| 0x60 || [[#DebugActiveProcess]]
 
|-
 
|-
| 0x61 || [[#BreakDebugProcess]] || ||
+
| 0x61 || [[#BreakDebugProcess]]
 
|-
 
|-
| 0x62 || [[#TerminateDebugProcess]] || ||
+
| 0x62 || [[#TerminateDebugProcess]]
 
|-
 
|-
| 0x63 || [[#GetDebugEvent]] || ||
+
| 0x63 || [[#GetDebugEvent]]
 
|-
 
|-
| 0x64 || [[#ContinueDebugEvent]] || ||
+
| 0x64 || [[#ContinueDebugEvent]]
 
|-
 
|-
| 0x65 || [[#GetProcessList]] || ||
+
| 0x65 || [[#GetProcessList]]
 
|-
 
|-
| 0x66 || [[#GetThreadList]] || ||
+
| 0x66 || [[#GetThreadList]]
 
|-
 
|-
| 0x67 || [[#GetDebugThreadContext]] || ||
+
| 0x67 || [[#GetDebugThreadContext]]
 
|-
 
|-
| 0x68 || [[#SetDebugThreadContext]] || ||
+
| 0x68 || [[#SetDebugThreadContext]]
 
|-
 
|-
| 0x69 || [[#QueryDebugProcessMemory]] || ||
+
| 0x69 || [[#QueryDebugProcessMemory]]
 
|-
 
|-
| 0x6A || [[#ReadDebugProcessMemory]] || ||
+
| 0x6A || [[#ReadDebugProcessMemory]]
 
|-
 
|-
| 0x6B || [[#WriteDebugProcessMemory]] || ||
+
| 0x6B || [[#WriteDebugProcessMemory]]
 
|-
 
|-
| 0x6C || [[#SetHardwareBreakPoint]] || ||
+
| 0x6C || [[#SetHardwareBreakPoint]]
 
|-
 
|-
| 0x6D || [[#GetDebugThreadParam]] || ||
+
| 0x6D || [[#GetDebugThreadParam]]
 
|- style="border-top: double"
 
|- style="border-top: double"
| 0x6F || [5.0.0+] [[#GetSystemInfo]] || ||
+
| 0x6F || [5.0.0+] [[#GetSystemInfo]]
 
|-
 
|-
| 0x70 || CreatePort || W2=max_sessions, W3=is_light, X4=name_ptr
+
| 0x70 || [[#CreatePort]]
R0=name_ptr, R2=max_sessions, R3=is_light
 
|| W0=result, W1=serverport_handle, W2=clientport_handle
 
 
|-
 
|-
| 0x71 || ManageNamedPort || X1=name_ptr, W2=max_sessions || W0=result, W1=serverport_handle
+
| 0x71 || [[#ManageNamedPort]]
 
|-
 
|-
| 0x72 || ConnectToPort || W1=clientport_handle || W0=result, W1=session_handle
+
| 0x72 || [[#ConnectToPort]]
 
|-
 
|-
| 0x73 || [[#SetProcessMemoryPermission]] || W0=process_handle, X1=addr, X2=size, W3=perm
+
| 0x73 || [[#SetProcessMemoryPermission]]
R0=process_handle, R1=size_lower32, R2=addr_lower32, R3=addr_upper32, R4=size_upper32, R5=perm
 
|| W0=result
 
 
|-
 
|-
| 0x74 || [[#MapProcessMemory]] || X0=dstaddr, W1=process_handle, X2=srcaddr, X3=size
+
| 0x74 || [[#MapProcessMemory]]
R0=dstaddr, R1=process_handle, R2=srcaddr_lower32, R3=srcaddr_upper32, R4=size
 
|| W0=result
 
 
|-
 
|-
| 0x75 || [[#UnmapProcessMemory]] || X0=dstaddr, W1=process_handle, X2=srcaddr, X3=size
+
| 0x75 || [[#UnmapProcessMemory]]
R0=dstaddr, R1=process_handle, R2=srcaddr_lower32, R3=srcaddr_upper32, R4=size
 
|| W0=result
 
 
|-
 
|-
| 0x76 || [[#QueryProcessMemory]] || X0=meminfo_ptr, W2=process_handle, X3=addr
+
| 0x76 || [[#QueryProcessMemory]]
R0=meminfo_ptr, R1=addr_lower32, R2=process_handle, R3=addr_upper32
 
|| W0=result, W1=pageinfo
 
 
|-
 
|-
| 0x77 || [[#MapProcessCodeMemory]] || W0=process_handle, X1=dstaddr, X2=srcaddr, X3=size
+
| 0x77 || [[#MapProcessCodeMemory]]
R0=process_handle, R1=srcaddr_lower32, R2=dstaddr_lower32, R3=dstaddr_upper32, R4=srcaddr_lower32, R5=size_lower32, R6=size_upper32
 
|| W0=result
 
 
|-
 
|-
| 0x78 || [[#UnmapProcessCodeMemory]] || W0=process_handle, X1=dstaddr, X2=srcaddr, X3=size
+
| 0x78 || [[#UnmapProcessCodeMemory]]
R0=process_handle, R1=srcaddr_lower32, R2=dstaddr_lower32, R3=dstaddr_upper32, R4=srcaddr_lower32, R5=size_lower32, R6=size_upper32
 
|| W0=result
 
 
|-
 
|-
| 0x79 || [[#CreateProcess]] || X1=procinfo_ptr, X2=caps_ptr, W3=cap_num ||  W0=result, W1=process_handle
+
| 0x79 || [[#CreateProcess]]
 
|-
 
|-
| 0x7A || StartProcess || W0=process_handle, W1=main_thread_prio, W2=default_cpuid, W3=main_thread_stacksz
+
| 0x7A || [[#StartProcess]]
R0=process_handle, R1=main_thread_prio, R2=default_cpuid, R3=main_thread_stacksz_lower32, R4=main_thread_stacksz_upper32
 
|| W0=result
 
 
|-
 
|-
| 0x7B || TerminateProcess || W0=process_handle || W0=result
+
| 0x7B || [[#TerminateProcess]]
 
|-
 
|-
| 0x7C || [[#GetProcessInfo]] || W0=process_handle, W1=[[#ProcessInfoType]]
+
| 0x7C || [[#GetProcessInfo]]
R1=process_handle, R2=[[#ProcessInfoType]]
 
|| W0=result, X1=[[#ProcessState]]
 
R0=result, R1=[[#ProcessState]]_lower32, R2=[[#ProcessState]]_upper32
 
 
|-
 
|-
| 0x7D || CreateResourceLimit || None || W0=result, W1=reslimit_handle
+
| 0x7D || [[#CreateResourceLimit]]
 
|-
 
|-
| 0x7E || SetResourceLimitLimitValue || W0=reslimit_handle, W1=[[#LimitableResource]], X2=value
+
| 0x7E || [[#SetResourceLimitLimitValue]]
R0=reslimit_handle, R1=[[#LimitableResource]], R2=value_lower32, R3=value_upper32
 
|| W0=result
 
 
|-
 
|-
| 0x7F || [[#CallSecureMonitor]] || X0=smc_sub_id, X1,X2,X3,X4,X5,X6,X7=smc_args
+
| 0x7F || [[#CallSecureMonitor]]
R0=smc_sub_id, R1, R2, R3=smc_args
 
|| X0,X1,X2,X3,X4,X5,X6,X7=result
 
R0,R1,R2,R3=result
 
 
|}
 
|}
  
Line 270: Line 246:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W1 || u64 || Size
+
| (In) W1 || uint32_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || u64 || OutAddr
+
| (Out) X1 || void* || HeapAddress
 
|}
 
|}
 
</div>
 
</div>
Line 282: Line 258:
 
Size must be a multiple of 0x200000 (2MB).
 
Size must be a multiple of 0x200000 (2MB).
  
On success, the heap base-address (which is fixed by kernel, aslr'd, and always in the Heap memory region) is written to OutAddr.
+
On success, the heap base-address (which is fixed by kernel, aslr'd, and always in the Heap memory region) is written to HeapAddress.
  
 
Uses current process pool partition. The memory allocated counts towards the caller's process Memory ResourceLimit.
 
Uses current process pool partition. The memory allocated counts towards the caller's process Memory ResourceLimit.
Line 307: Line 283:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || void* || Addr
+
| (In) X0 || void* || Address
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| (In) W2 || [[#Permission]] || Prot
+
| (In) W2 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 344: Line 320:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || void* || Addr
+
| (In) X0 || void* || Address
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| (In) W2 || u32 || State0
+
| (In) W2 || uint32_t || State0
 
|-
 
|-
| (In) W3 || u32 || State1
+
| (In) W3 || uint32_t || State1
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 378: Line 354:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || void* || DstAddr
+
| (In) X0 || void* || DstAddress
 
|-
 
|-
| (In) X1 || void* || SrcAddr
+
| (In) X1 || void* || SrcAddress
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 410: Line 386:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || void* || DstAddr
+
| (In) X0 || void* || DstAddress
 
|-
 
|-
| (In) X1 || void* || SrcAddr
+
| (In) X1 || void* || SrcAddress
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 432: Line 408:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || [[#MemoryInfo]]* || MemInfo
+
| (In) X0 || [[#MemoryInfo]]* || MemoryInfo
 
|-
 
|-
| (In) X2 || void* || Addr
+
| (In) X2 || void* || Address
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || PageInfo || PageInfo
+
| (Out) W1 || [[#PageInfo]] || PageInfo
 
|}
 
|}
 
</div>
 
</div>
Line 472: Line 448:
 
| (In) X3 || R3 || void* || StackTop
 
| (In) X3 || R3 || void* || StackTop
 
|-
 
|-
| (In) W4 || R0 || u32 || Priority
+
| (In) W4 || R0 || int32_t || Priority
 
|-
 
|-
| (In) W5 || R4 || u32 || ProcessorId
+
| (In) W5 || R4 || int32_t || ProcessorId
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || Handle<Thread> || Handle
+
| (Out) W1 || R1 || Handle<Thread> || ThreadHandle
 
|}
 
|}
 
</div>
 
</div>
Line 484: Line 460:
 
Creates a thread in the current process.
 
Creates a thread in the current process.
  
Processor_id must be 0,1,2,3 or -2, where -2 uses the default cpuid for process.
+
ProcessorId must be 0,1,2,3 or -2, where -2 uses the default CpuId for process.
  
 
== StartThread ==
 
== StartThread ==
Line 492: Line 468:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Thread> || Handle
+
| (In) W0 || Handle<Thread> || ThreadHandle
 
|-
 
|-
 
| (Out) None ||  ||
 
| (Out) None ||  ||
Line 520: Line 496:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || R0, R1 || s64 || Nanoseconds
+
| (In) X0 || R0, R1 || uint64_t || Nanoseconds
 
|}
 
|}
 
</div>
 
</div>
Line 547: Line 523:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W1|| Handle<Thread> || Handle
+
| (In) W1|| Handle<Thread> || ThreadHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || u64 || Priority
+
| (Out) W1 || int32_t || Priority
 
|}
 
|}
 
</div>
 
</div>
Line 563: Line 539:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0|| Handle<Thread> || Handle
+
| (In) W0|| Handle<Thread> || ThreadHandle
 
|-
 
|-
| (In) W1|| u32 || Priority
+
| (In) W1|| int32_t || Priority
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 581: Line 557:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W2 || R2 || Handle<Thread> || Handle
+
| (In) W2 || R2 || Handle<Thread> || ThreadHandle
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || u32 || CoreMask0
+
| (Out) W1 || R1 || int32_t || CoreMask0
 
|-
 
|-
| (Out) X2 || R2, R3 || u64 || CoreMask1
+
| (Out) X2 || R2, R3 || uint64_t || CoreMask1
 
|}
 
|}
 
</div>
 
</div>
Line 599: Line 575:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W0 || R0 || Handle<Thread> || Handle
+
| (In) W0 || R0 || Handle<Thread> || ThreadHandle
 
|-
 
|-
| (In) W1 || R1 || u32 || CoreMask0
+
| (In) W1 || R1 || int32_t || CoreMask0
 
|-
 
|-
| (In) X2 || R2, R3 || u64 || CoreMask1
+
| (In) X2 || R2, R3 || uint64_t || CoreMask1
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 619: Line 595:
 
| (In) None || ||  
 
| (In) None || ||  
 
|-
 
|-
| (Out) W0/X0 || u64 || CpuId
+
| (Out) W0 || uint32_t || CpuId
 
|}
 
|}
 
</div>
 
</div>
Line 633: Line 609:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<WritableEvent> || Event
+
| (In) W0 || Handle<WritableEvent> || EventHandle
 
|-
 
|-
 
| (Out) X0 || [[#Result]] || Result
 
| (Out) X0 || [[#Result]] || Result
Line 656: Line 632:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<WritableEvent> or Handle<ReadableEvent> || Event
+
| (In) W0 || Handle<WritableEvent> or Handle<ReadableEvent> || EventHandle
 
|-
 
|-
 
| (Out) X0 || [[#Result]] || Result
 
| (Out) X0 || [[#Result]] || Result
Line 677: Line 653:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<SharedMemory> || MemHandle
+
| (In) W0 || Handle<SharedMemory> || SharedMemoryHandle
 
|-
 
|-
| (In) X1 || void* || Addr
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
| (In) W3 || [[#Permission]] || Permissions
+
| (In) W3 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 699: Line 675:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<SharedMemory> || MemHandle
+
| (In) W0 || Handle<SharedMemory> || SharedMemoryHandle
 
|-
 
|-
| (In) X1 || void* || Addr
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 715: Line 691:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X1 || void* || Addr
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
| (In) W3 || [[#Permission]] || Permissions
+
| (In) W3 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || Handle<TransferMemory> || Handle
+
| (Out) W1 || Handle<TransferMemory> || TransferMemoryHandle
 
|}
 
|}
 
</div>
 
</div>
Line 776: Line 752:
 
| (In) X1 || R1 || Handle* || HandlesPtr
 
| (In) X1 || R1 || Handle* || HandlesPtr
 
|-
 
|-
| (In) W2 || R2 || u64 || HandlesNum
+
| (In) W2 || R2 || int32_t || HandlesNum
 
|-
 
|-
| (In) X3 || R0, R3 || u64 || Timeout
+
| (In) X3 || R0, R3 || int64_t || Timeout
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || u64 || HandleIndex
+
| (Out) W1 || R1 || uint64_t || HandleIndex
 
|}
 
|}
 
</div>
 
</div>
  
Works with num_handles <= 0x40.
+
Works with HandlesNum <= 0x40.
  
 
When zero handles are passed, this will wait forever until either timeout or cancellation occurs.
 
When zero handles are passed, this will wait forever until either timeout or cancellation occurs.
Line 799: Line 775:
 
'''KProcess:''' signals when the process undergoes a state change (retrievable via [[#GetProcessInfo]]).
 
'''KProcess:''' signals when the process undergoes a state change (retrievable via [[#GetProcessInfo]]).
  
'''KReadableEvent:''' signals when the event's corresponding KWritableEvent has been signaled via SignalEvent.
+
'''KReadableEvent:''' signals when the event's corresponding KWritableEvent has been signaled via [[#SignalEvent]].
  
 
'''KServerPort:''' signals when there is an incoming connection waiting to be [[#AcceptSession|accepted]].
 
'''KServerPort:''' signals when there is an incoming connection waiting to be [[#AcceptSession|accepted]].
Line 828: Line 804:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Thread> || Handle
+
| (In) W0 || Handle<Thread> || ThreadHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 850: Line 826:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Thread> || Handle
+
| (In) W0 || Handle<Thread> || ThreadHandle
 
|-
 
|-
| (In) X1 || void* || Addr
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) W2 || u32 || Tag
+
| (In) W2 || uint32_t || Tag
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 866: Line 842:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || void* || Addr
+
| (In) X0 || void* || Address
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 878: Line 854:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || R0 || void* || KeyAddr
+
| (In) X0 || R0 || void* || KeyAddress
 
|-
 
|-
| (In) X1 || R1 || void* || TagAddr
+
| (In) X1 || R1 || void* || TagAddress
 
|-
 
|-
| (In) W2 || R2 || u32 || Tag
+
| (In) W2 || R2 || uint32_t || Tag
 
|-
 
|-
| (In) X3 || R3, R4 || u64 || Timeout
+
| (In) X3 || R3, R4 || int64_t || Timeout
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 896: Line 872:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || void* || Addr
+
| (In) X0 || void* || Address
 
|-
 
|-
| (In) W1 || u32 || Value
+
| (In) W1 || int32_t || Value
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 910: Line 886:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (Out) X0 || R0, R1 || u64 || Ticks
+
| (Out) X0 || R0, R1 || uint64_t || Ticks
 
|}
 
|}
 
</div>
 
</div>
Line 930: Line 906:
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || Handle<Session> || Handle
+
| (Out) W1 || Handle<Session> || SessionHandle
 
|}
 
|}
 
</div>
 
</div>
Line 940: Line 916:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Session> || Handle
+
| (In) W0 || Handle<Session> || SessionHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 952: Line 928:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Session> || Handle
+
| (In) W0 || Handle<Session> || SessionHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 964: Line 940:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || void* || CmdPtr
+
| (In) X0 || void* || Address
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| (In) W2 || Handle<Session> || Handle
+
| (In) W2 || Handle<Session> || SessionHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 974: Line 950:
 
</div>
 
</div>
  
Size and CmdPtr must be 0x1000-aligned.
+
Size and Address must be 0x1000-aligned.
  
 
=== Result codes ===
 
=== Result codes ===
 
'''0x0:''' Success.
 
'''0x0:''' Success.
  
'''0xcc01:''' CmdPtr is not 0x1000-aligned.
+
'''0xcc01:''' Address is not 0x1000-aligned.
  
 
'''0xca01:''' Size is not 0x1000-aligned.
 
'''0xca01:''' Size is not 0x1000-aligned.
Line 993: Line 969:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X1 || void* || CmdPtr
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
| (In) W3 || Handle<Session> || Handle
+
| (In) W3 || Handle<Session> || SessionHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || Handle<ReadableEvent> || Event
+
| (Out) W1 || Handle<ReadableEvent> || EventHandle
 
|}
 
|}
 
</div>
 
</div>
  
Size and CmdPtr must be 0x1000-aligned.
+
Size and Address must be 0x1000-aligned.
 
 
|-
 
| 0x23 || || X1=cmdbufptr, X2=size, X3=handle || W0=result, W1=revent_handle
 
|-
 
  
 
== GetProcessId ==
 
== GetProcessId ==
Line 1,017: Line 989:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W1 || R1 || Handle<Process> || Handle
+
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || R1, R2 || u64 || ProcessId
+
| (Out) X1 || R1, R2 || uint64_t || ProcessId
 
|}
 
|}
 
</div>
 
</div>
Line 1,031: Line 1,003:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W1 || R1 || Handle<Thread> || Handle
+
| (In) W1 || R1 || Handle<Thread> || ThreadHandle
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || R1, R2 || u64 || ThreadId
+
| (Out) X1 || R1, R2 || uint64_t || ThreadId
 
|}
 
|}
 
</div>
 
</div>
Line 1,045: Line 1,017:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || u64 || Break Reason
+
| (In) X0 || [[#BreakReason]] || BreakReason
 
|-
 
|-
| (In) X1 || u64 ||
+
| (In) X1 || uint64_t ||
 
|-
 
|-
| (In) X2 || u64 || Info
+
| (In) X2 || uint64_t || Info
 
|-
 
|-
| (Out) W0 || [[#Result]] || 0 (Success)
+
| (Out) W0 || [[#Result]] || Result
 
|}
 
|}
 
</div>
 
</div>
  
If the process is attached, report the Break event. Then, if ContinueDebugEvent didn't apply IgnoreException on the thread: if TPIDR_EL0 is 0, adjust ELR_EL1 to retry to svc instruction (and set TPIDR_EL0 to 1).
+
If the process is attached, report the Break event. Then, if [[#ContinueDebugEvent]] didn't apply IgnoreException on the thread: if TPIDR_EL0 is 0, adjust ELR_EL1 to retry to svc instruction (and set TPIDR_EL0 to 1).
  
 
Otherwise, if bit31 in reason isn't set, perform crash reporting (see Exception Handling section below), if it doesn't terminate the process adjust ELR_EL1 as well.
 
Otherwise, if bit31 in reason isn't set, perform crash reporting (see Exception Handling section below), if it doesn't terminate the process adjust ELR_EL1 as well.
Line 1,069: Line 1,041:
 
| (In) X0 || char* || String
 
| (In) X0 || char* || String
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,081: Line 1,053:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (Out) X0 || [[#Result]] || Result
+
| (In) W0 || [[#Result]] || Result
 
|}
 
|}
 
</div>
 
</div>
Line 1,091: Line 1,063:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W1 || R1 || u32 || InfoId0
+
| (In) W1 || R1 || [[#InfoType]] || InfoType
 
|-
 
|-
 
| (In) W2 || R2 || Handle || Handle
 
| (In) W2 || R2 || Handle || Handle
 
|-
 
|-
| (In) X3 || R0, R3 || u64 || InfoId1
+
| (In) X3 || R0, R3 || uint64_t || InfoSubType
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || R1, R2 || u64 || Out
+
| (Out) X1 || R1, R2 || uint64_t || Info
 
|}
 
|}
 
</div>
 
</div>
  
{| class=wikitable
+
== FlushEntireDataCache ==
! Handle type || InfoId0 || InfoId1 || Description
+
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 
|-
 
|-
| Process || 0 || 0 || AllowedCpuIdBitmask
+
! Argument || Type || Name
 
|-
 
|-
| Process || 1 || 0 || AllowedThreadPrioBitmask
+
| (In) None || ||
 
|-
 
|-
| Process || 2 || 0 || AliasRegionBaseAddr
+
| (Out) None || ||
 +
|}
 +
</div>
 +
 
 +
== FlushDataCache ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 
|-
 
|-
| Process || 3 || 0 || AliasRegionSize
+
! Argument || Type || Name
|-
 
| Process || 4 || 0 || HeapRegionBaseAddr
 
 
|-
 
|-
| Process || 5 || 0 || HeapRegionSize
+
| (In) X0 || void* || Address
 
|-
 
|-
| Process || 6 || 0 || TotalMemoryAvailable. Total memory available(free+used).
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| Process || 7 || 0 || TotalMemoryUsage. Total used size of codebin memory + main-thread stack + allocated heap.
+
| (Out) W0 || [[#Result]] || Result
 +
|}
 +
</div>
 +
 
 +
== MapPhysicalMemory ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 
|-
 
|-
| Zero    || 8 || 0 || IsCurrentProcessBeingDebugged
+
! Argument || Type || Name
 
|-
 
|-
| Zero    || 9 || 0 || Returns ResourceLimit handle for current process. Used by [[Process_Manager_services|PM]].
+
| (In) X0 || void* || Address
 
|-
 
|-
| Zero    || 10 || -1, {current coreid} || IdleTickCount
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| Zero    || 11 || 0-3 || RandomEntropy from current process. TRNG. Used to seed usermode PRNGs.
+
| (Out) W0 || [[#Result]] || Result
 +
|}
 +
</div>
 +
 
 +
Acts like [[#SetHeapSize]] except you can allocate heap at any address you'd like.
 +
 
 +
Uses current process pool partition.
 +
 
 +
== UnmapPhysicalMemory ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 
|-
 
|-
| Process || 12 || 0 || [2.0.0+] AddressSpaceBaseAddr
+
! Argument || Type || Name
|-
 
| Process || 13 || 0 || [2.0.0+] AddressSpaceSize
 
 
|-
 
|-
| Process || 14 || 0 || [2.0.0+] StackRegionBaseAddr
+
| (In) X0 || void* || Address
 
|-
 
|-
| Process || 15 || 0 || [2.0.0+] StackRegionSize
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| Process || 16 || 0 || [3.0.0+] PersonalMmHeapSize
+
| (Out) W0 || [[#Result]] || Result
 +
|}
 +
</div>
 +
 
 +
== GetFutureThreadInfo ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 
|-
 
|-
| Process || 17 || 0 || [3.0.0+] PersonalMmHeapUsage
+
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| Process || 18 || 0 || [3.0.0+] TitleId
+
| (In) X3 || R0, R1 || uint64_t || Timeout
 
|-
 
|-
| Zero    || 19 || 0 || [4.0.0-4.1.0] PrivilegedProcessId_LowerBound
+
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| Zero    || 19 || 1 || [4.0.0-4.1.0] PrivilegedProcessId_UpperBound
+
| (Out) X1 || uint64_t || LastThreadContextParam0
 
|-
 
|-
| Process || 20 || 0 || [5.0.0+] UserExceptionContextAddr
+
| (Out) X2 || uint64_t || LastThreadContextParam1
 
|-
 
|-
| Process || 21 || 0 || [6.0.0+] TotalMemoryAvailableWithoutMmHeap
+
| (Out) X3 || uint64_t || LastThreadContextParam2
 
|-
 
|-
| Process || 22 || 0 || [6.0.0+] TotalMemoryUsedWithoutMmHeap
+
| (Out) X4 || uint64_t || LastThreadContextParam3
 
|-
 
|-
| Process || 23 || 0 || [9.0.0+] IsApplication
+
| (Out) X5 || uint64_t ||
 
|-
 
|-
| Thread  || 0xF0000002 || 0-3, -1 || Thread Ticks. When 0-3 are passed, gets specific core CPU ticks spent on thread. When -1 is passed, gets total CPU ticks spent on thread.
+
| (Out) W6 || uint32_t ||
 
|}
 
|}
 +
</div>
  
== FlushEntireDataCache ==
+
== GetLastThreadInfo ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,165: Line 1,163:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) None || ||
+
| (In) None || ||  
 +
|-
 +
| (Out) W0 || [[#Result]] || Result
 +
|-
 +
| (Out) X1 || uint64_t || LastThreadContextParam0
 
|-
 
|-
| (Out) None || ||
+
| (Out) X2 || uint64_t || LastThreadContextParam1
|}
 
</div>
 
 
 
== FlushDataCache ==
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
 
|-
 
|-
! Argument || Type || Name
+
| (Out) X3 || uint64_t || LastThreadContextParam2
 
|-
 
|-
| (In) X0 || u64 || Address
+
| (Out) X4 || uint64_t || LastThreadContextParam3
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (Out) X5 || uint64_t ||
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (Out) W6 || uint32_t ||
 
|}
 
|}
 
</div>
 
</div>
  
== MapPhysicalMemory ==
+
== GetResourceLimitLimitValue ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument || Type || Name
+
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || u64 || Address
+
| (In) W1 || R1 || Handle<ResourceLimit> || ResourceLimitHandle
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (In) W2 || R2 || [[#LimitableResource]] || LimitableResource
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (Out) W0 || R0 || [[#Result]] || Result
 +
|-
 +
| (Out) X1 || R1, R2 || int64_t || LimitValue
 
|}
 
|}
 
</div>
 
</div>
  
Acts like [[#SetHeapSize]] except you can allocate heap at any address you'd like.
+
== GetResourceLimitCurrentValue ==
 
 
Uses current process pool partition.
 
 
 
== UnmapPhysicalMemory ==
 
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument || Type || Name
+
! Argument64 || Argument32 || Type || Name
 +
|-
 +
| (In) W1 || R1 || Handle<ResourceLimit> || ResourceLimitHandle
 
|-
 
|-
| (In) X0 || u64 || Address
+
| (In) W2 || R2 || [[#LimitableResource]] || LimitableResource
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (Out) X1 || R1, R2 || int64_t || CurrentValue
 
|}
 
|}
 
</div>
 
</div>
  
== GetFutureThreadInfo ==
+
== SetThreadActivity ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument64 || Argument32 || Type || Name
+
! Argument || Type || Name
 
|-
 
|-
| (In) X3 || R0, R1 || u64 || Timeout
+
| (In) W0 || Handle<Thread> || ThreadHandle
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
 
|-
 
|-
| (Out) X1 || u64 || LastThreadContextParam0
+
| (In) W1 || [[#ThreadActivity]] || ThreadActivity
 
|-
 
|-
| (Out) X2 || u64 || LastThreadContextParam1
+
| (Out) W0 || [[#Result]] || Result
|-
 
| (Out) X3 || u64 || LastThreadContextParam2
 
|-
 
| (Out) X4 || u64 || LastThreadContextParam3
 
|-
 
| (Out) X5 || u64 ||
 
|-
 
| (Out) W6 || u32 ||
 
 
|}
 
|}
 
</div>
 
</div>
  
== GetLastThreadInfo ==
+
== GetThreadContext3 ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,247: Line 1,233:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) None || ||  
+
| (In) X0 || [[#ThreadContext]]* || ThreadContext
 +
|-
 +
| (In) W1 || Handle<Thread> || ThreadHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
|-
 
| (Out) X1 || u64 || LastThreadContextParam0
 
|-
 
| (Out) X2 || u64 || LastThreadContextParam1
 
|-
 
| (Out) X3 || u64 || LastThreadContextParam2
 
|-
 
| (Out) X4 || u64 || LastThreadContextParam3
 
|-
 
| (Out) X5 || u64 ||
 
|-
 
| (Out) W6 || u32 ||
 
 
|}
 
|}
 
</div>
 
</div>
  
== GetResourceLimitLimitValue ==
+
== WaitForAddress ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,271: Line 1,247:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W1 || R1 || Handle<ResourceLimit> || Handle
+
| (In) X0 || R0 || void* || Address
 +
|-
 +
| (In) W1 || R1 || [[#ArbitrationType]] || ArbitrationType
 
|-
 
|-
| (In) W2 || R2 || [[#LimitableResource]] || LimitableResource
+
| (In) W2 || R2 || uint32_t || Value
 
|-
 
|-
| (Out) W0 || R0 || [[#Result]] || Result
+
| (In) X3 || R3, R4 || uint64_t || Timeout
 
|-
 
|-
| (Out) X1 || R1, R2 || u64 || LimitValue
+
| (Out) None || || ||
 
|}
 
|}
 
</div>
 
</div>
  
== GetResourceLimitCurrentValue ==
+
== SignalToAddress ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,287: Line 1,265:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W1 || R1 || Handle<ResourceLimit> || Handle
+
| (In) X0 || R0 || void* || Address
 
|-
 
|-
| (In) W2 || R2 || [[#LimitableResource]] || LimitableResource
+
| (In) W1 || R1 || [[#SignalType]] || SignalType
 +
|-
 +
| (In) W2 || R2 || uint32_t || Value
 
|-
 
|-
| (Out) W0 || R0 || [[#Result]] || Result
+
| (In) W3 || R3 || uint32_t || NumToSignal
 
|-
 
|-
| (Out) X1 || R1, R2 || u64 || CurrentValue
+
| (Out) None || || ||
 
|}
 
|}
 
</div>
 
</div>
  
== SetThreadActivity ==
+
== SynchronizePreemptionState ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,303: Line 1,283:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Thread> || ThreadHandle
+
| (In) None || ||  
 
|-
 
|-
| (In) W1 || ThreadActivity || ThreadActivity
+
| (Out) None || ||  
|-
 
| (Out) W0 || [[#Result]] || Result
 
 
|}
 
|}
 
</div>
 
</div>
  
== GetThreadContext3 ==
+
== DumpInfo ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,317: Line 1,295:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || [[#ThreadContext]]* || ThreadContext
+
| (In) X0 || [[#DumpInfoType]] || DumpInfoType
 
|-
 
|-
| (In) W1 || Handle<Thread> || ThreadHandle
+
| (In) X1 || uint64_t || DumpInfoSubType
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,325: Line 1,303:
 
</div>
 
</div>
  
== WaitForAddress ==
+
Stubbed in retail kernel.
 +
 
 +
[4.0.0+] This function was removed and replaced by [[#KernelDebug]].
 +
 
 +
== KernelDebug ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument64 || Argument32 || Type || Name
+
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || R0 || u64 || Address
+
| (In) W0 || [[#KernelDebugType]] || KernelDebugType
 
|-
 
|-
| (In) W1 || R1 || [[#ArbitrationType]] || ArbitrationType
+
| (In) X1 || uint64_t ||  
 
|-
 
|-
| (In) W2 || R2 || u32 || Value
+
| (In) X2 || uint64_t ||  
 
|-
 
|-
| (In) X3 || R3, R4 || u64 || Timeout
+
| (In) X3 || uint64_t ||  
 
|-
 
|-
| (Out) None || || ||
+
| (Out) W0 || [[#Result]] || Result
 
|}
 
|}
 
</div>
 
</div>
  
== SignalToAddress ==
+
Stubbed in retail kernel.
 +
 
 +
== ChangeKernelTraceState ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument64 || Argument32 || Type || Name
+
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || R0 || u64 || Address
+
| (In) W0 || [[#KernelTraceState]] || KernelTraceState
 
|-
 
|-
| (In) W1 || R1 || [[#SignalType]] || SignalType
+
| (Out) W0 || [[#Result]] || Result
|-
 
| (In) W2 || R2 || u32 || Value
 
|-
 
| (In) W3 || R3 || u32 || NumToSignal
 
|-
 
| (Out) None || || ||
 
 
|}
 
|}
 
</div>
 
</div>
  
== SynchronizePreemptionState ==
+
Stubbed in retail kernel.
 +
 
 +
== CreateSession ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,367: Line 1,347:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) None || ||  
+
| (In) W2 || bool || IsLight
 +
|-
 +
| (In) X3 || uint64_t || Name
 
|-
 
|-
| (Out) None || ||  
+
| (Out) W0 || [[#Result]] || Result
|}
 
</div>
 
 
 
== DumpInfo ==
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
 
|-
 
|-
! Argument || Type || Name
+
| (Out) W1 || Handle<ServerSession> || ServerSessionHandle
|-
 
| (In) X0 || DumpInfoType || DumpInfoType
 
|-
 
| (In) X1 || u64 ||  
 
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (Out) W2 || Handle<ClientSession> || ClientSessionHandle
 
|}
 
|}
 
</div>
 
</div>
  
Stubbed in retail kernel.
+
== AcceptSession ==
 
 
[4.0.0+] This function was removed and replaced by [[#KernelDebug]].
 
 
 
== KernelDebug ==
 
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,397: Line 1,365:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || KernelDebugType || KernelDebugType
+
| (In) W1 || Handle<Port> || PortHandle
 
|-
 
|-
| (In) X1 || u64 ||  
+
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (In) X2 || u64 ||
+
| (Out) W1 || Handle<ServerSession> || ServerSessionHandle
|-
 
| (In) X3 || u64 ||
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
 
|}
 
|}
 
</div>
 
</div>
  
Stubbed in retail kernel.
+
=== Result codes ===
 +
'''0xf201:''' No session waiting to be accepted
  
== ChangeKernelTraceState ==
+
== ReplyAndReceiveLight ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,417: Line 1,382:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || KernelTraceState || KernelTraceState
+
| (In) W0 || Handle<Port> or Handle<ServerSession> || Handle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,423: Line 1,388:
 
</div>
 
</div>
  
Stubbed in retail kernel.
+
== ReplyAndReceive ==
 
 
== CreateSession ==
 
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument || Type || Name
+
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W2 || bool || IsLight
+
| (In) W1 || R1 || Handle<Port>* or Handle<ServerSession>* || Handles
 
|-
 
|-
| (In) X3 || u64 || Name
+
| (In) W2 || R2 || uint32_t || NumHandles
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (In) W3 || R3 || Handle<ServerSession> || ReplyTargetSessionHandle
 
|-
 
|-
| (Out) W1 || Handle<ServerSession> || ServerHandle
+
| (In) X4 || R0, R4 || uint64_t || Timeout
 
|-
 
|-
| (Out) W2 || Handle<ClientSession> || ClientHandle
+
| (Out) W0 || R0 || [[#Result]] || Result
 +
|-
 +
| (Out) W1 || R1 || uint32_t || HandleIndex
 
|}
 
|}
 
</div>
 
</div>
  
== AcceptSession ==
+
If ReplyTargetSessionHandle is not zero, a reply from the TLS will be sent to that session.
 +
Then it will wait until either of the passed sessions has an incoming message, is closed, a passed port has an incoming connection, or the timeout expires.
 +
If there is an incoming message, it is copied to the TLS.
 +
 
 +
If ReplyTargetSessionHandle is zero, the TLS should contain a blank message. If this message has a C descriptor, the buffer it points to will be used as the pointer buffer. See [[IPC_Marshalling#IPC_buffers]]. Note that a pointer buffer cannot be specified if ReplyTargetSessionHandle is not zero.
 +
 
 +
After being validated, passed handles will be enumerated in order; even if a session has been closed, if one that appears earlier in the list has an incoming message, it will take priority and a result code of 0x0 will be returned.
 +
 
 +
=== Result codes ===
 +
'''0x0:''' Success. Either a session has an incoming message or a port has an incoming connection. HandleIndex is set appropriately.
 +
 
 +
'''0xea01:''' Timeout. No handles were signalled before the timeout expired. HandleIndex is not updated.
 +
 
 +
'''0xf601:''' Port remote dead. One of the sessions has been closed. HandleIndex is set appropriately.
 +
 
 +
== ReplyAndReceiveWithUserBuffer ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument || Type || Name
+
! Argument64 || Argument32 || Type || Name
 +
|-
 +
| (In) X1 || R1 || void* || Address
 +
|-
 +
| (In) X2 || R2 || uint64_t || Size
 +
|-
 +
| (In) X3 || R3 || Handle<Port>* or Handle<ServerSession>* || Handles
 +
|-
 +
| (In) W4 || R0 || uint32_t || NumHandles
 +
|-
 +
| (In) W5 || R4 || Handle<ServerSession> || ReplyTargetSessionHandle
 
|-
 
|-
| (In) W1 || Handle<Port> || Port
+
| (In) X6 || R5, R6 || uint64_t || Timeout
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || Handle<ServerSession> || Session
+
| (Out) W1 || R1 || uint32_t || HandleIndex
 
|}
 
|}
 
</div>
 
</div>
  
=== Result codes ===
+
== CreateEvent ==
'''0xf201:''' No session waiting to be accepted
 
 
 
== ReplyAndReceiveLight ==
 
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,466: Line 1,453:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Port> or Handle<ServerSession> || Handle
+
| (In) None || ||
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 +
|-
 +
| (Out) W1 || Handle<WritableEvent> || WritableEventHandle
 +
|-
 +
| (Out) W2 || Handle<ReadableEvent> || ReadableEventHandle
 
|}
 
|}
 
</div>
 
</div>
  
== ReplyAndReceive ==
+
== MapPhysicalMemoryUnsafe ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument64 || Argument32 || Type || Name
+
! Argument || Type || Name
 
|-
 
|-
| (In) W1 || R1 || Handle<Port>* or Handle<ServerSession>* || Handles
+
| (In) X0 || void* || Address
 
|-
 
|-
| (In) W2 || R2 || u32 || NumHandles
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| (In) W3 || R3 || Handle<ServerSession> || ReplyTarget
+
| (Out) W0 || [[#Result]] || Result
|-
 
| (In) X4 || R0, R4 || u64 || Timeout
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
| (Out) W1 || R1 || u32 || HandleIndex
 
 
|}
 
|}
 
</div>
 
</div>
  
If ReplyTarget is not zero, a reply from the TLS will be sent to that session.
+
Same as [[#MapPhysicalMemory]] except it always uses pool partition 0.
Then it will wait until either of the passed sessions has an incoming message, is closed, a passed port has an incoming connection, or the timeout expires.
 
If there is an incoming message, it is copied to the TLS.
 
  
If ReplyTarget is zero, the TLS should contain a blank message. If this message has a C descriptor, the buffer it points to will be used as the pointer buffer. See [[IPC_Marshalling#IPC_buffers]]. Note that a pointer buffer cannot be specified if ReplyTarget is not zero.
+
== UnmapPhysicalMemoryUnsafe ==
 
 
After being validated, passed handles will be enumerated in order; even if a session has been closed, if one that appears earlier in the list has an incoming message, it will take priority and a result code of 0x0 will be returned.
 
 
 
=== Result codes ===
 
'''0x0:''' Success. Either a session has an incoming message or a port has an incoming connection. HandleIndex is set appropriately.
 
 
 
'''0xea01:''' Timeout. No handles were signalled before the timeout expired. HandleIndex is not updated.
 
 
 
'''0xf601:''' Port remote dead. One of the sessions has been closed. HandleIndex is set appropriately.
 
 
 
== ReplyAndReceiveWithUserBuffer ==
 
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument64 || Argument32 || Type || Name
+
! Argument || Type || Name
 
|-
 
|-
| (In) X1 || R1 || u64 || Address
+
| (In) X0 || void* || Address
 
|-
 
|-
| (In) X2 || R2 || u64 || Size
+
| (In) X1 || uint64_t || Size
 
|-
 
|-
| (In) X3 || R3 || Handle<Port>* or Handle<ServerSession>* || Handles
+
| (Out) W0 || [[#Result]] || Result
|-
 
| (In) W4 || R0 || u32 || NumHandles
 
|-
 
| (In) W5 || R4 || Handle<ServerSession> || ReplyTarget
 
|-
 
| (In) X6 || R5, R6 || u64 || Timeout
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
| (Out) W1 || R1 || u32 || HandleIndex
 
 
|}
 
|}
 
</div>
 
</div>
  
== CreateEvent ==
+
== SetUnsafeLimit ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,537: Line 1,499:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) None || ||
+
| (In) X0 || uint64_t || Limit
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
|-
 
| (Out) W1 || Handle<WritableEvent> || WritableEvent
 
|-
 
| (Out) W2 || Handle<ReadableEvent> || ReadableEvent
 
 
|}
 
|}
 
</div>
 
</div>
  
== MapPhysicalMemoryUnsafe ==
+
== CreateCodeMemory ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 1,553: Line 1,511:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || u64 || Address
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 +
|-
 +
| (Out) W1 || Handle<CodeMemory> || CodeMemoryHandle
 
|}
 
|}
 
</div>
 
</div>
  
Same as [[#MapPhysicalMemory]] except it always uses pool partition 0.
+
Takes an address range with backing memory to create the code memory object.
 +
 
 +
The memory is initially memset to 0xFF after being locked.
  
== UnmapPhysicalMemoryUnsafe ==
+
== ControlCodeMemory ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument || Type || Name
+
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || u64 || Address
+
| (In) W0 || R0 || Handle<CodeMemory> || CodeMemoryHandle
 
|-
 
|-
| (In) X1 || u64 || Size
+
| (In) W1 || R1 || [[#CodeMemoryOperation]] || CodeMemoryOperation
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (In) X2 || R2, R3 || void* || Address
|}
 
</div>
 
 
 
== SetUnsafeLimit ==
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
 
|-
 
|-
! Argument || Type || Name
+
| (In) X3 || R4, R5 || uint64_t || Size
 
|-
 
|-
| (In) X0 || u64 || Limit
+
| (In) W4 || R6 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
| (Out) W0 || [[#Result]] || Result
+
| (Out) W0 || R0 || [[#Result]] || Result
 
|}
 
|}
 
</div>
 
</div>
  
== CreateCodeMemory ==
+
Maps the backing memory for a CodeMemory object into the current process.
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
|-
 
! Argument || Type || Name
 
|-
 
| (In) X1 || u64 || Address
 
|-
 
| (In) X2 || u64 || Size
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
| (Out) W1 || Handle<CodeMemory> || Handle
 
|}
 
</div>
 
  
Takes an address range with backing memory to create the code memory object.
+
For [[#CodeMemoryOperation|MapOwner]], memory permission must be RW-.
  
The memory is initially memset to 0xFF after being locked.
+
For [[#CodeMemoryOperation|MapSlave]], memory permission must be R-- or R-X.
  
== ControlCodeMemory ==
+
Operations [[#CodeMemoryOperation|UnmapOwner/UnmapSlave]] unmap memory that was previously mapped this way.
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
|-
 
! Argument64 || Argument32 || Type || Name
 
|-
 
| (In) W0 || R0 || Handle<CodeMemory> || Handle
 
|-
 
| (In) W1 || R1 || [[#CodeMemoryOperation]] || CodeMemoryOperation
 
|-
 
| (In) X2 || R2, R3 || u64 || Address
 
|-
 
| (In) X3 || R4, R5 || u64 || Size
 
|-
 
| (In) W4 || R6 || MemoryPermission || Permission
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|}
 
</div>
 
 
 
Maps the backing memory for a Code memory object into the current process.
 
 
 
For [[#CodeMemoryOperation|CodeMemoryOperation_MapOwner]], memory permission must be RW-.
 
 
 
For [[#CodeMemoryOperation|CodeMemoryOperation_MapSlave]], memory permission must be R-- or R-X.
 
 
 
Operations [[#CodeMemoryOperation|CodeMemoryOperation_UnmapOwner/CodeMemoryOperation_UnmapSlave]] unmap memory that was previously mapped this way.
 
  
 
This allows one "secure JIT" process to map the code memory as RW-, and the other "slave" process to map it R-X.
 
This allows one "secure JIT" process to map the code memory as RW-, and the other "slave" process to map it R-X.
Line 1,659: Line 1,575:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || RegAddr
+
| (In) X1 || R2, R3 || uint64_t || RegisterAddress
 
|-
 
|-
| (In) W2 || R0 || u64 || RwMask
+
| (In) W2 || R0 || uint32_t || RwMask
 
|-
 
|-
| (In) W3 || R1 || u64 || InValue
+
| (In) W3 || R1 || uint32_t || InValue
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || u64 || OutValue
+
| (Out) W1 || R1 || uint32_t || OutValue
 
|}
 
|}
 
</div>
 
</div>
Line 1,703: Line 1,619:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || Handle<Process> ||  
+
| (In) W0 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) W1 || ProcessActivity || ProcessActivity
+
| (In) W1 || [[#ProcessActivity]] || ProcessActivity
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,717: Line 1,633:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W1 || u64 || Size
+
| (In) W1 || uint64_t || Size
 
|-
 
|-
| (In) W2 || MemoryPermission || LocalPerm
+
| (In) W2 || [[#MemoryPermission]] || LocalMemoryPermission
 
|-
 
|-
| (In) W3 || MemoryPermission || RemotePerm
+
| (In) W3 || [[#MemoryPermission]] || RemoteMemoryPermission
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || Handle<SharedMemory> || MemHandle
+
| (Out) W1 || Handle<SharedMemory> || SharedMemoryHandle
 
|}
 
|}
 
</div>
 
</div>
Line 1,739: Line 1,655:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || Handle<TransferMemory> || MemHandle
+
| (In) X0 || Handle<TransferMemory> || TransferMemoryHandle
 
|-
 
|-
| (In) X1 || void* || Addr
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
| (In) W3 || MemoryPermission || Permission
+
| (In) W3 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,761: Line 1,677:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || Handle<TransferMemory> || MemHandle
+
| (In) X0 || Handle<TransferMemory> || TransferMemoryHandle
 
|-
 
|-
| (In) X1 || void* || Addr
+
| (In) X1 || void* || Address
 
|-
 
|-
| (In) X2 || u64 || Size
+
| (In) X2 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,779: Line 1,695:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X1 || u64 || IrqNum
+
| (In) X1 || [[#Interrupt]] || Interrupt
 
|-
 
|-
| (In) W2 || bool || Flags
+
| (In) W2 || [[#InterruptType]] || InterruptType
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,789: Line 1,705:
 
</div>
 
</div>
  
Creates an event handle for the given IRQ number. Waiting on this handle will wait until the IRQ is triggered. The flags argument configures the triggering. If it is false, the IRQ is active HIGH level sensitive, if it is true it is rising-edge sensitive.
+
Creates an event handle for the given IRQ number. Waiting on this handle will wait until the IRQ is triggered. The InterruptType argument configures the triggering. If it is 0, the IRQ is active HIGH level sensitive, if it is 1 it is rising-edge sensitive.
  
 
=== Result codes ===
 
=== Result codes ===
Line 1,810: Line 1,726:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X1 || u64 || Addr
+
| (In) X1 || void* || VirtualAddress
 
|-
 
|-
 
| (Out) W0 || [[#Result]]|| Result
 
| (Out) W0 || [[#Result]]|| Result
 
|-
 
|-
| (Out) X1 || u64 || PhysAddr
+
| (Out) X1 || uint64_t || PhysicalMemoryInfoAddress
 
|-
 
|-
| (Out) X2 || u64 || BaseAddr
+
| (Out) X2 || uint64_t || PhysicalMemoryInfoBaseAddress
 
|-
 
|-
| (Out) X3 || u64 || Size
+
| (Out) X3 || uint64_t || PhysicalMemoryInfoSize
 
|}
 
|}
 
</div>
 
</div>
Line 1,824: Line 1,740:
 
Queries the physical address of a virtual address. Will always fetch the lowest page-aligned mapping that contains the provided physical address.
 
Queries the physical address of a virtual address. Will always fetch the lowest page-aligned mapping that contains the provided physical address.
  
The returned BaseAddr is the virtual address of that page-aligned mapping, while PhysAddr is the physical address of that page. Size is the amount of continuous physical memory in that mapping.
+
The returned PhysicalMemoryInfoBaseAddress is the virtual address of that page-aligned mapping, while PhysicalMemoryInfoAddress is the physical address of that page. PhysicalMemoryInfoSize is the amount of continuous physical memory in that mapping.
  
 
== QueryIoMapping ==
 
== QueryIoMapping ==
Line 1,832: Line 1,748:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || PhysAddr
+
| (In) X1 || R2, R3 || uint64_t || IoAddress
 
|-
 
|-
| (In) X2 || R0 || u64 || Size
+
| (In) X2 || R0 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || R1 || void* || VirtAddr
+
| (Out) X1 || R1 || void* || VirtualAddress
 
|}
 
|}
 
</div>
 
</div>
Line 1,850: Line 1,766:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || StartAddr
+
| (In) X1 || R2, R3 || uint64_t || DeviceAddressSpaceStartAddress
 
|-
 
|-
| (In) X2 || R0, R1 || u64 || EndAddr
+
| (In) X2 || R0, R1 || uint64_t || DeviceAddressSpaceEndAddress
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || Handle<DeviceAddressSpace> || AddressSpaceHandle
+
| (Out) W1 || R1 || Handle<DeviceAddressSpace> || DeviceAddressSpaceHandle
 
|}
 
|}
 
</div>
 
</div>
Line 1,870: Line 1,786:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || [[#DeviceName]] || DeviceId
+
| (In) W0 || [[#DeviceName]] || DeviceName
 
|-
 
|-
| (In) X1 || Handle<DeviceAddressSpace> || DeviceAsHandle
+
| (In) X1 || Handle<DeviceAddressSpace> || DeviceAddressSpaceHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,886: Line 1,802:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) W0 || [[#DeviceName]] || DeviceId
+
| (In) W0 || [[#DeviceName]] || DeviceName
 
|-
 
|-
| (In) X1 || Handle<DeviceAddressSpace> || DeviceAsHandle
+
| (In) X1 || Handle<DeviceAddressSpace> || DeviceAddressSpaceHandle
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 1,902: Line 1,818:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W0 || R0 || Handle<DeviceAddressSpace> || DeviceAsHandle
+
| (In) W0 || R0 || Handle<DeviceAddressSpace> || DeviceAddressSpaceHandle
 
|-
 
|-
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X2 || R2, R3 || void* || SrcAddr
+
| (In) X2 || R2, R3 || void* || Address
 
|-
 
|-
| (In) X3 || R4 || u64 || DeviceAsSize
+
| (In) X3 || R4 || uint64_t || DeviceAddressSpaceSize
 
|-
 
|-
| (In) X4 || R5, R6 || u64 || DeviceAsAddr
+
| (In) X4 || R5, R6 || uint64_t || DeviceAddressSpaceAddress
 
|-
 
|-
| (In) W5 || R7 || MemoryPermission || Permissions
+
| (In) W5 || R7 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 1,920: Line 1,836:
 
Maps an attached device address space to an userspace address.
 
Maps an attached device address space to an userspace address.
  
dev_map_addr is the userspace destination address, while dev_as_addr is the source address between dev_as_start_addr and dev_as_end_addr (passed to [[#CreateDeviceAddressSpace]]).
+
Address is the userspace destination address, while DeviceAddressSpaceAddress is the source address between DeviceAddressSpaceStartAddress and DeviceAddressSpaceEndAddress (passed to [[#CreateDeviceAddressSpace]]).
  
 
The userspace destination address must have the [[SVC#MemoryState|MapDeviceAllowed]] bit set. Bit [[SVC#MemoryAttribute|IsDeviceMapped]] will be set after mapping.
 
The userspace destination address must have the [[SVC#MemoryState|MapDeviceAllowed]] bit set. Bit [[SVC#MemoryAttribute|IsDeviceMapped]] will be set after mapping.
Line 1,930: Line 1,846:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W0 || R0 || Handle<DeviceAddressSpace> || DeviceAsHandle
+
| (In) W0 || R0 || Handle<DeviceAddressSpace> || DeviceAddressSpaceHandle
 
|-
 
|-
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X2 || R2, R3 || void* || SrcAddr
+
| (In) X2 || R2, R3 || void* || Address
 
|-
 
|-
| (In) X3 || R4 || u64 || DeviceAsSize
+
| (In) X3 || R4 || uint64_t || DeviceAddressSpaceSize
 
|-
 
|-
| (In) X4 || R5, R6 || u64 || DeviceAsAddr
+
| (In) X4 || R5, R6 || uint64_t || DeviceAddressSpaceAddress
 
|-
 
|-
| (In) W5 || R7 || MemoryPermission || Permission
+
| (In) W5 || R7 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 1,956: Line 1,872:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W1 || R1 || Handle<DeviceAddressSpace> || DeviceAsHandle
+
| (In) W1 || R1 || Handle<DeviceAddressSpace> || DeviceAddressSpaceHandle
 
|-
 
|-
 
| (In) W2 || R2 || Handle<Process> || ProcessHandle
 
| (In) W2 || R2 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X3 || R0, R3 || u64 || SrcAddr
+
| (In) X3 || R0, R3 || void* || Address
 
|-
 
|-
| (In) X4 || R4 || u64 || DeviceAsSize
+
| (In) X4 || R4 || uint64_t || DeviceAddressSpaceSize
 
|-
 
|-
| (In) X5 || R5, R6 || u64 || DeviceAsAddr
+
| (In) X5 || R5, R6 || uint64_t || DeviceAddressSpaceAddress
 
|-
 
|-
| (In) W6 || R7 || MemoryPermission || Permission
+
| (In) W6 || R7 || [[#MemoryPermission]] || MemoryPermission
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || R1 || u64 || MappedSize
+
| (Out) X1 || R1 || uint64_t || Size
 
|}
 
|}
 
</div>
 
</div>
Line 1,980: Line 1,896:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W0 || R0 || Handle<DeviceAddressSpace> || DeviceAsHandle
+
| (In) W0 || R0 || Handle<DeviceAddressSpace> || DeviceAddressSpaceHandle
 
|-
 
|-
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X2 || R2, R3 || void* || SrcAddr
+
| (In) X2 || R2, R3 || void* || Address
 
|-
 
|-
| (In) X3 || R4 || u64 || DeviceAsSize
+
| (In) X3 || R4 || uint64_t || DeviceAddressSpaceSize
 
|-
 
|-
| (In) X4 || R5, R6 || u64 || DeviceAsAddr
+
| (In) X4 || R5, R6 || uint64_t || DeviceAddressSpaceAddress
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,004: Line 1,920:
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || Address
+
| (In) X1 || R2, R3 || void* || Address
 
|-
 
|-
| (In) X2 || R1, R4 || u64 || Size
+
| (In) X2 || R1, R4 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,020: Line 1,936:
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || Address
+
| (In) X1 || R2, R3 || void* || Address
 
|-
 
|-
| (In) X2 || R1, R4 || u64 || Size
+
| (In) X2 || R1, R4 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,036: Line 1,952:
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || Address
+
| (In) X1 || R2, R3 || void* || Address
 
|-
 
|-
| (In) X2 || R1, R4 || u64 || Size
+
| (In) X2 || R1, R4 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,050: Line 1,966:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || ProcessId
+
| (In) X1 || R2, R3 || uint64_t || ProcessId
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,088: Line 2,004:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || [[#DebugEventInfo]]* || DebugEvents
+
| (In) X0 || [[#DebugEventInfo]]* || DebugEventInfo
 
|-
 
|-
 
| (In) W1 || Handle<Debug> || DebugHandle
 
| (In) W1 || Handle<Debug> || DebugHandle
Line 2,104: Line 2,020:
 
| (In) W0 || R0 || Handle<Debug> || DebugHandle
 
| (In) W0 || R0 || Handle<Debug> || DebugHandle
 
|-
 
|-
| (In) W1 || R1 || [[#ContinueDebugFlags]] ([1.0.0-2.3.0] [[#ContinueDebugFlagsOld]]) || DebugFlags
+
| (In) W1 || R1 || uint32_t || [[#ContinueDebugFlags]] ([1.0.0-2.3.0] [[#ContinueDebugFlagsOld]])
 
|-
 
|-
| (In) X2 || R2 ([1.0.0-2.3.0] R2, R3) || u64* ([1.0.0-2.3.0] u64)|| ThreadIdList ([1.0.0-2.3.0] ThreadId)
+
| (In) X2 || R2 ([1.0.0-2.3.0] R2, R3) || uint64_t* ([1.0.0-2.3.0] uint64_t)|| ThreadIdList ([1.0.0-2.3.0] ThreadId)
 
|-
 
|-
| (In) X3 || R3 || size_t || [3.0.0+] NumTids
+
| (In) X3 || R3 || uint64_t || [3.0.0+] NumThreadIds
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,114: Line 2,030:
 
</div>
 
</div>
  
Maximum NumTids is 64. 0 means "all threads".
+
Maximum NumThreadIds is 64. 0 means "all threads".
  
 
=== Result codes ===
 
=== Result codes ===
Line 2,129: Line 2,045:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X1 || R1 || u64* || ProcessIdBuffer
+
| (In) X1 || R1 || uint64_t* || ProcessIdBuffer
 
|-
 
|-
| (In) W2 || R2 || size_t || ProcessIdBufferSize
+
| (In) W2 || R2 || uint32_t || ProcessIdBufferSize
 
|-
 
|-
 
| (Out) X0 || R0 || [[#Result]] || Result
 
| (Out) X0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || size_t || NumProcesses
+
| (Out) W1 || R1 || uint32_t || NumProcesses
 
|}
 
|}
 
</div>
 
</div>
Line 2,141: Line 2,057:
 
Fills the provided array with the pids of currently living processes. A process "lives" so long as it is currently running or a handle to it still exists.
 
Fills the provided array with the pids of currently living processes. A process "lives" so long as it is currently running or a handle to it still exists.
  
It returns the total number of processes currently alive. If this number is bigger than the size of PidBuffer, the user won't have all the pids.
+
It returns the total number of processes currently alive. If this number is bigger than the size of ProcessIdBuffer, the user won't have all the pids.
  
 
=== Result codes ===
 
=== Result codes ===
Line 2,158: Line 2,074:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X1 || R1 || u64* || ThreadIdBuffer
+
| (In) X1 || R1 || uint64_t* || ThreadIdBuffer
 
|-
 
|-
| (In) W2 || R2 || size_t || ThreadIdBufferSize
+
| (In) W2 || R2 || uint32_t || ThreadIdBufferSize
 
|-
 
|-
 
| (In) W3 || R3 || Handle<Debug> || DebugHandle
 
| (In) W3 || R3 || Handle<Debug> || DebugHandle
Line 2,166: Line 2,082:
 
| (Out) X0 || R0 || [[#Result]] || Result
 
| (Out) X0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || size_t || NumThreads
+
| (Out) W1 || R1 || uint32_t || NumThreads
 
|}
 
|}
 
</div>
 
</div>
Line 2,176: Line 2,092:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || R0 || ThreadContext* || ThreadContextBuffer
+
| (In) X0 || R0 || [[#ThreadContext]]* || ThreadContext
 
|-
 
|-
 
| (In) X1 || R1 || Handle<Debug> || DebugHandle
 
| (In) X1 || R1 || Handle<Debug> || DebugHandle
 
|-
 
|-
| (In) X2 || R2, R3 || u64 || ThreadId
+
| (In) X2 || R2, R3 || uint64_t || ThreadId
 
|-
 
|-
| (In) W3 || R4 || u32 || [[#ThreadContextFlags]]
+
| (In) W3 || R4 || uint32_t || [[#ThreadContextFlags]]
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,196: Line 2,112:
 
| (In) W0 || R0 || Handle<Debug> || DebugHandle
 
| (In) W0 || R0 || Handle<Debug> || DebugHandle
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || ThreadId
+
| (In) X1 || R2, R3 || uint64_t || ThreadId
 
|-
 
|-
| (In) X2 || R1 || ThreadContext* || ThreadContextBuffer
+
| (In) X2 || R1 || [[#ThreadContext]]* || ThreadContext
 
|-
 
|-
| (In) W3 || R4 || u32 || [[#ThreadContextFlags]]
+
| (In) W3 || R4 || uint32_t || [[#ThreadContextFlags]]
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,212: Line 2,128:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || [[#MemoryInfo]]* || MemoryInfoBuffer
+
| (In) X0 || [[#MemoryInfo]]* || MemoryInfo
 
|-
 
|-
 
| (In) W2 || Handle<Debug> || DebugHandle
 
| (In) W2 || Handle<Debug> || DebugHandle
 
|-
 
|-
| (In) X3 || u64 || Address
+
| (In) X3 || void* || Address
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || PageInfo || PageInfo
+
| (Out) W1 || [[#PageInfo]] || PageInfo
 
|}
 
|}
 
</div>
 
</div>
Line 2,230: Line 2,146:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || u64 || MemoryBuffer
+
| (In) X0 || void* || MemoryBufferAddress
 
|-
 
|-
 
| (In) W1 || Handle<Debug> || DebugHandle
 
| (In) W1 || Handle<Debug> || DebugHandle
 
|-
 
|-
| (In) X2 || u64 || SrcAddress
+
| (In) X2 || void* || SrcAddress
 
|-
 
|-
| (In) X3 || u64 || Size
+
| (In) X3 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 2,250: Line 2,166:
 
| (In) W0 || Handle<Debug> || DebugHandle
 
| (In) W0 || Handle<Debug> || DebugHandle
 
|-
 
|-
| (In) X1 || u64 || MemoryBuffer
+
| (In) X1 || void* || MemoryBufferAddress
 
|-
 
|-
| (In) X2 || u64 || DstAddress
+
| (In) X2 || void* || DstAddress
 
|-
 
|-
| (In) X3 || u64 || Size
+
| (In) X3 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 2,266: Line 2,182:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W0 || R0 || HardwareBreakPointRegisterName || Name
+
| (In) W0 || R0 || [[#HardwareBreakPointRegisterName]] || Name
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || Flags
+
| (In) X1 || R2, R3 || uint64_t || Flags
 
|-
 
|-
| (In) X2 || R1, R4 || u64 || Value
+
| (In) X2 || R1, R4 || uint64_t || Value
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,294: Line 2,210:
 
| (In) X2 || R2 || Handle<Debug> || DebugHandle
 
| (In) X2 || R2 || Handle<Debug> || DebugHandle
 
|-
 
|-
| (In) X3 || R0, R1 || u64 || ThreadId
+
| (In) X3 || R0, R1 || uint64_t || ThreadId
 
|-
 
|-
| (In) W4 || R3 || [[#DebugThreadParam]] || Param
+
| (In) W4 || R3 || [[#DebugThreadParam]] || DebugThreadParam
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || R1, R2 || u64 || Out0
+
| (Out) X1 || R1, R2 || uint64_t || Out0
 
|-
 
|-
| (Out) W2 || R3 || u32 || Out1
+
| (Out) W2 || R3 || uint32_t || Out1
 
|}
 
|}
 
</div>
 
</div>
Line 2,312: Line 2,228:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X1 || u64 || InfoId
+
| (In) X1 || [[#SystemInfoType]] || SystemInfoType
 
|-
 
|-
 
| (In) W2 || Handle || Handle
 
| (In) W2 || Handle || Handle
 
|-
 
|-
| (In) X3 || u64 || InfoSubId
+
| (In) X3 || uint64_t || SystemInfoSubType
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1 || u64 || Out
+
| (Out) X1 || uint64_t || SystemInfo
 
|}
 
|}
 
</div>
 
</div>
  
{| class=wikitable
+
== CreatePort ==
! Handle type || Id0 || Id1 || Description
+
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 
|-
 
|-
| Zero    || 0 || 0 || TotalMemorySize_Application
+
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| Zero    || 0 || 1 || TotalMemorySize_Applet
+
| (In) W2 || R2 || int32_t || MaxSessions
 
|-
 
|-
| Zero    || 0 || 2 || TotalMemorySize_System
+
| (In) W3 || R3 || bool || IsLight
 
|-
 
|-
| Zero    || 0 || 3 || TotalMemorySize_SystemUnsafe
+
| (In) X4 || R0 || uint64_t || Name
 
|-
 
|-
| Zero    || 1 || 0 || CurrentMemorySize_Application
+
| (Out) W0 || R0 || [[#Result]] || Result
|-
 
| Zero    || 1 || 1 || CurrentMemorySize_Applet
 
|-
 
| Zero    || 1 || 2 || CurrentMemorySize_System
 
|-
 
| Zero    || 1 || 3 || CurrentMemorySize_SystemUnsafe
 
 
|-
 
|-
| Zero    || 2 || 0 || PrivilegedProcessId_LowerBound
+
| (Out) W1 || R1 || Handle<Port> || ServerPortHandle
 
|-
 
|-
| Zero    || 2 || 1 || PrivilegedProcessId_UpperBound
+
| (Out) W2 || R2 || Handle<Port> || ClientPortHandle
 
|}
 
|}
 +
</div>
  
== SetProcessMemoryPermission ==
+
== ManageNamedPort ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument64 || Argument32 || Type || Name
+
! Argument || Type || Name
|-
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || Addr
+
| (In) X1 || char* || Name
 
|-
 
|-
| (In) X2 || R1, R4 || u64 || Size
+
| (In) W2 || int32_t || MaxSessions
 
|-
 
|-
| (In) W3 || R5 || void* || Perm
+
| (Out) W0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W0 || R0 || [[#Result]] || Result
+
| (Out) W1 || Handle<Port> || ServerPortHandle
 
|}
 
|}
 
</div>
 
</div>
  
This sets the memory permissions for the specified memory with the supplied process handle.
+
== ConnectToPort ==
 
 
This throws an error(0xD801) when the input perm is >0x5, hence -WX and RWX are not allowed.
 
 
 
== MapProcessMemory ==
 
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Argument64 || Argument32 || Type || Name
+
! Argument || Type || Name
 
|-
 
|-
| (In) X0 || R0 || u64 || DstAddr
+
| (In) W1 || Handle<Port> || ClientPortHandle
 +
|-
 +
| (Out) W0 || [[#Result]] || Result
 +
|-
 +
| (Out) W1 || Handle<Session> || SessionHandle
 +
|}
 +
</div>
 +
 
 +
== SetProcessMemoryPermission ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 +
|-
 +
! Argument64 || Argument32 || Type || Name
 +
|-
 +
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 +
|-
 +
| (In) X1 || R2, R3 || void* || Addr
 +
|-
 +
| (In) X2 || R1, R4 || uint64_t || Size
 +
|-
 +
| (In) W3 || R5 || [[#MemoryPermission]] || MemoryPermission
 +
|-
 +
| (Out) W0 || R0 || [[#Result]] || Result
 +
|}
 +
</div>
 +
 
 +
This sets the memory permissions for the specified memory with the supplied process handle.
 +
 
 +
This throws an error(0xD801) when the input perm is >0x5, hence -WX and RWX are not allowed.
 +
 
 +
== MapProcessMemory ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 +
|-
 +
! Argument64 || Argument32 || Type || Name
 +
|-
 +
| (In) X0 || R0 || void* || DstAddress
 
|-
 
|-
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X2 || R2, R3 || void* || SrcAddr
+
| (In) X2 || R2, R3 || void* || SrcAddress
 
|-
 
|-
| (In) X3 || R4 || u64 || Size
+
| (In) X3 || R4 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,398: Line 2,340:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || R0 || void* || DstAddr
+
| (In) X0 || R0 || void* || DstAddress
 
|-
 
|-
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
| (In) W1 || R1 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X2 || R2, R3 || u64 || SrcAddr
+
| (In) X2 || R2, R3 || void* || SrcAddress
 
|-
 
|-
| (In) X3 || R4 || u64 || Size
+
| (In) X3 || R4 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,418: Line 2,360:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || R0 || [[#MemoryInfo]]* || MemInfoPtr
+
| (In) X0 || R0 || [[#MemoryInfo]]* || MemoryInfo
 
|-
 
|-
 
| (In) W2 || R2 || Handle<Process> || ProcessHandle
 
| (In) W2 || R2 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X3 || R1, R3 || u64 || Addr
+
| (In) X3 || R1, R3 || void* || Address
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) W1 || R1 || PageInfo || PageInfo
+
| (Out) W1 || R1 || [[#PageInfo]] || PageInfo
 
|}
 
|}
 
</div>
 
</div>
Line 2,440: Line 2,382:
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || DstAddr
+
| (In) X1 || R2, R3 || void* || DstAddress
 
|-
 
|-
| (In) X2 || R1, R4 || u64 || SrcAddr
+
| (In) X2 || R1, R4 || void* || SrcAddress
 
|-
 
|-
| (In) X3 || R5, R6 || u64 || Size
+
| (In) X3 || R5, R6 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,460: Line 2,402:
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X1 || R2, R3 || u64 || DstAddr
+
| (In) X1 || R2, R3 || void* || DstAddress
 
|-
 
|-
| (In) X2 || R1, R4 || u64 || SrcAddr
+
| (In) X2 || R1, R4 || void* || SrcAddress
 
|-
 
|-
| (In) X3 || R5, R6 || u64 || Size
+
| (In) X3 || R5, R6 || uint64_t || Size
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
Line 2,478: Line 2,420:
 
! Argument || Type || Name
 
! Argument || Type || Name
 
|-
 
|-
| (In) X1 || [[#CreateProcessInfo]]* || InfoPtr
+
| (In) X1 || [[#CreateProcessParameter]]* || CreateProcessParameter
 
|-
 
|-
| (In) X2 || u32* || CapabilitiesPtr
+
| (In) X2 || uint32_t* || Capabilities
 
|-
 
|-
| (In) X3 || u64 || CapabilitiesNum
+
| (In) X3 || int32_t || CapabilitiesNum
 
|-
 
|-
 
| (Out) W0 || [[#Result]] || Result
 
| (Out) W0 || [[#Result]] || Result
Line 2,490: Line 2,432:
 
</div>
 
</div>
  
Takes a [[#CreateProcessInfo]] as input.
+
Takes a [[#CreateProcessParameter]] as input.
CapabilitiesPtr points to an array of [[NPDM#Kernel_Access_Control|kernel capabilities]].
+
Capabilities points to an array of [[NPDM#Kernel_Access_Control|kernel capabilities]].
CapabilitiesNum is a number of capabilities in the CapabilitiesPtr array (number of element, not number of bytes).
+
CapabilitiesNum is a number of capabilities in the Capabilities array (number of element, not number of bytes).
  
 
=== Result codes ===
 
=== Result codes ===
Line 2,509: Line 2,451:
 
'''0xF001:''' Unused bits are set in mmuflags. Unknown address space type used.
 
'''0xF001:''' Unused bits are set in mmuflags. Unknown address space type used.
  
== GetProcessInfo ==
+
== StartProcess ==
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 2,515: Line 2,457:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) W0 || R1 || Handle<Process> || ProcessHandle
+
| (In) W0 || R0 || Handle<Process> || ProcessHandle
 +
|-
 +
| (In) W1 || R1 || int32_t || MainThreadPriority
 +
|-
 +
| (In) W2 || R2 || int32_t || DefaultCpuId
 
|-
 
|-
| (In) W1 || R2 || [[#ProcessInfoType]] || InfoType
+
| (In) X3 || R3, R4 || uint64_t || MainThreadStackSize
 
|-
 
|-
 
| (Out) W0 || R0 || [[#Result]] || Result
 
| (Out) W0 || R0 || [[#Result]] || Result
 +
|}
 +
</div>
 +
 +
== TerminateProcess ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 
|-
 
|-
| (Out) X1 || R1, R2 || [[#ProcessState]] || State
+
! Argument || Type || Name
 +
|-
 +
| (In) W0 || Handle<Process> || ProcessHandle
 +
|-
 +
| (Out) W0 || [[#Result]] || Result
 
|}
 
|}
 
</div>
 
</div>
  
Returns an enum with value 0-7.
+
== GetProcessInfo ==
 
 
== CallSecureMonitor ==
 
 
<div style="display: inline-block;">
 
<div style="display: inline-block;">
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 2,533: Line 2,487:
 
! Argument64 || Argument32 || Type || Name
 
! Argument64 || Argument32 || Type || Name
 
|-
 
|-
| (In) X0 || R0 || u64 || [[SMC#ID_0|Function ID]]
+
| (In) W0 || R1 || Handle<Process> || ProcessHandle
 
|-
 
|-
| (In) X1-X7 || R1-R7 || u64 || SMC sub-arguments
+
| (In) W1 || R2 || [[#ProcessInfoType]] || ProcessInfoType
 
|-
 
|-
| (Out) X0 || R0 || [[SMC#Errors|SMC Result]] || Result of SMC
+
| (Out) W0 || R0 || [[#Result]] || Result
 
|-
 
|-
| (Out) X1-X7 || R1-R7 || u64 || SMC sub-output
+
| (Out) X1 || R1, R2 || uint64_t || [[#ProcessState]]
 
|}
 
|}
 
</div>
 
</div>
  
Takes in a SMC function ID in X0, and arguments for that SMC function in X1-X7.
+
Returns an enum with value 0-7.
  
Passing an invalid SMC function ID or calling from a core other than core 3 will result in a secure monitor panic.
+
== CreateResourceLimit ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 +
|-
 +
! Argument || Type || Name
 +
|-
 +
| (In) None || ||
 +
|-
 +
| (Out) W0 || [[#Result]] || Result
 +
|-
 +
| (Out) W1 || Handle<ResourceLimit> || ResourceLimitHandle
 +
|}
 +
</div>
 +
 
 +
== SetResourceLimitLimitValue ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 +
|-
 +
! Argument64 || Argument32 || Type || Name
 +
|-
 +
| (In) W0 || R0 || Handle<ResourceLimit> || ResourceLimitHandle
 +
|-
 +
| (In) W1 || R1 || [[#LimitableResource]] || LimitableResource
 +
|-
 +
| (In) X2 || R2, R3 || int64_t || LimitValue
 +
|-
 +
| (Out) W0 || R0 || [[#Result]] || Result
 +
|}
 +
</div>
 +
 
 +
== CallSecureMonitor ==
 +
<div style="display: inline-block;">
 +
{| class="wikitable" border="1"
 +
|-
 +
! Argument64 || Argument32 || Type || Name
 +
|-
 +
| (In) X0 || R0 || uint64_t || [[SMC#Secure_Monitor_calls|FunctionId]]
 +
|-
 +
| (In) X1-X7 || R1-R7 || uint64_t || SMC arguments
 +
|-
 +
| (Out) X0 || R0 || [[SMC#Result|Result]] || SMC result
 +
|-
 +
| (Out) X1-X7 || R1-R7 || uint64_t || SMC output
 +
|}
 +
</div>
 +
 
 +
Takes in a SMC function ID in X0, and arguments for that SMC function in X1-X7.
 +
 
 +
Passing an invalid SMC function ID or calling from a core other than core 3 will result in a secure monitor panic.
  
 
The kernel parses bits 9-15 in the passed SMC function ID (per the ARM SMC calling convention), and when set uses as an indicator to translate a pointer in the associated register (X1-X7) to a physical address. The kernel will translate any address mapped as R-W, other addresses (R--, R-X, or invalid pointers) will be translated as 0/NULL.
 
The kernel parses bits 9-15 in the passed SMC function ID (per the ARM SMC calling convention), and when set uses as an indicator to translate a pointer in the associated register (X1-X7) to a physical address. The kernel will translate any address mapped as R-W, other addresses (R--, R-X, or invalid pointers) will be translated as 0/NULL.
Line 2,563: Line 2,565:
  
 
= Enum/Structures =
 
= Enum/Structures =
== ThreadContextFlags ==
+
== InfoType ==
Bitfield of one of more of these:
 
 
 
 
{| class=wikitable
 
{| class=wikitable
! Bit || Bitmask || Name || Description
+
! Handle type || InfoType || InfoSubType || Description
 
|-
 
|-
| 0 || 1 || General-purpose registers || If in 64-bit mode, GPRs 0–28 will be read/written. If in 32-bit mode, GPRs 0–12 will be read/written.
+
| Process || 0 || 0 || AllowedCpuIdBitmask
 
|-
 
|-
| 1 || 2 || Control registers || Reads/writes the FP, LR, PC, SP, PSTATE, and TPIDR registers.
+
| Process || 1 || 0 || AllowedThreadPrioBitmask
 
|-
 
|-
| 2 || 4 || Floating-point registers || Reads/writes the floating-point vector registers.
+
| Process || 2 || 0 || AliasRegionBaseAddr
 
|-
 
|-
| 3 || 8 || Floating-point control registers || Reads/writes the FPCR and FPSR registers.
+
| Process || 3 || 0 || AliasRegionSize
|}
 
 
 
== DeviceName ==
 
{| class=wikitable
 
! Value || Name
 
 
|-
 
|-
| 0 || AFI
+
| Process || 4 || 0 || HeapRegionBaseAddr
 
|-
 
|-
| 1 || AVPC
+
| Process || 5 || 0 || HeapRegionSize
 
|-
 
|-
| 2 || DC
+
| Process || 6 || 0 || TotalMemoryAvailable. Total memory available(free+used).
 
|-
 
|-
| 3 || DCB
+
| Process || 7 || 0 || TotalMemoryUsage. Total used size of codebin memory + main-thread stack + allocated heap.
 
|-
 
|-
| 4 || HC
+
| Zero    || 8 || 0 || IsCurrentProcessBeingDebugged
 
|-
 
|-
| 5 || HDA
+
| Zero    || 9 || 0 || Returns ResourceLimit handle for current process. Used by [[Process_Manager_services|PM]].
 
|-
 
|-
| 6 || ISP2
+
| Zero    || 10 || -1, {current coreid} || IdleTickCount
 
|-
 
|-
| 7 || MSENCNVENC
+
| Zero    || 11 || 0-3 || RandomEntropy from current process. TRNG. Used to seed usermode PRNGs.
 
|-
 
|-
| 8 || NV
+
| Process || 12 || 0 || [2.0.0+] AddressSpaceBaseAddr
 
|-
 
|-
| 9 || NV2
+
| Process || 13 || 0 || [2.0.0+] AddressSpaceSize
 
|-
 
|-
| 10 || PPCS
+
| Process || 14 || 0 || [2.0.0+] StackRegionBaseAddr
 
|-
 
|-
| 11 || SATA
+
| Process || 15 || 0 || [2.0.0+] StackRegionSize
 +
|-
 +
| Process || 16 || 0 || [3.0.0+] PersonalMmHeapSize
 +
|-
 +
| Process || 17 || 0 || [3.0.0+] PersonalMmHeapUsage
 +
|-
 +
| Process || 18 || 0 || [3.0.0+] ProgramId
 +
|-
 +
| Zero    || 19 || 0 || [4.0.0-4.1.0] PrivilegedProcessId_LowerBound
 +
|-
 +
| Zero    || 19 || 1 || [4.0.0-4.1.0] PrivilegedProcessId_UpperBound
 +
|-
 +
| Process || 20 || 0 || [5.0.0+] UserExceptionContextAddr
 +
|-
 +
| Process || 21 || 0 || [6.0.0+] TotalMemoryAvailableWithoutMmHeap
 +
|-
 +
| Process || 22 || 0 || [6.0.0+] TotalMemoryUsedWithoutMmHeap
 +
|-
 +
| Process || 23 || 0 || [9.0.0+] IsApplication
 +
|-
 +
| Thread  || 0xF0000002 || 0-3, -1 || Thread Ticks. When 0-3 are passed, gets specific core CPU ticks spent on thread. When -1 is passed, gets total CPU ticks spent on thread.
 +
|}
 +
 
 +
== SystemInfoType ==
 +
{| class=wikitable
 +
! Handle type || SystemInfoType || SystemInfoSubType|| Description
 +
|-
 +
| Zero    || 0 || 0 || TotalMemorySize_Application
 +
|-
 +
| Zero    || 0 || 1 || TotalMemorySize_Applet
 +
|-
 +
| Zero    || 0 || 2 || TotalMemorySize_System
 +
|-
 +
| Zero    || 0 || 3 || TotalMemorySize_SystemUnsafe
 +
|-
 +
| Zero    || 1 || 0 || CurrentMemorySize_Application
 +
|-
 +
| Zero    || 1 || 1 || CurrentMemorySize_Applet
 +
|-
 +
| Zero    || 1 || 2 || CurrentMemorySize_System
 +
|-
 +
| Zero    || 1 || 3 || CurrentMemorySize_SystemUnsafe
 +
|-
 +
| Zero    || 2 || 0 || PrivilegedProcessId_LowerBound
 +
|-
 +
| Zero    || 2 || 1 || PrivilegedProcessId_UpperBound
 +
|}
 +
 
 +
== ThreadContextFlags ==
 +
Bitfield of one of more of these:
 +
 
 +
{| class=wikitable
 +
! Bit || Bitmask || Name || Description
 +
|-
 +
| 0 || 1 || General-purpose registers || If in 64-bit mode, GPRs 0–28 will be read/written. If in 32-bit mode, GPRs 0–12 will be read/written.
 +
|-
 +
| 1 || 2 || Control registers || Reads/writes the FP, LR, PC, SP, PSTATE, and TPIDR registers.
 +
|-
 +
| 2 || 4 || Floating-point registers || Reads/writes the floating-point vector registers.
 +
|-
 +
| 3 || 8 || Floating-point control registers || Reads/writes the FPCR and FPSR registers.
 +
|}
 +
 
 +
== DeviceName ==
 +
{| class=wikitable
 +
! Value || Name
 +
|-
 +
| 0 || AFI
 +
|-
 +
| 1 || AVPC
 +
|-
 +
| 2 || DC
 +
|-
 +
| 3 || DCB
 +
|-
 +
| 4 || HC
 +
|-
 +
| 5 || HDA
 +
|-
 +
| 6 || ISP2
 +
|-
 +
| 7 || MSENCNVENC
 +
|-
 +
| 8 || NV
 +
|-
 +
| 9 || NV2
 +
|-
 +
| 10 || PPCS
 +
|-
 +
| 11 || SATA
 +
|-
 +
| 12 || VI
 +
|-
 +
| 13 || VIC
 +
|-
 +
| 14 || XUSB_HOST
 +
|-
 +
| 15 || XUSB_DEV
 +
|-
 +
| 16 || TSEC
 +
|-
 +
| 17 || PPCS1
 +
|-
 +
| 18 || DC1
 +
|-
 +
| 19 || SDMMC1A
 +
|-
 +
| 20 || SDMMC2A
 +
|-
 +
| 21 || SDMMC3A
 +
|-
 +
| 22 || SDMMC4A
 +
|-
 +
| 23 || ISP2B
 +
|-
 +
| 24 || GPU
 +
|-
 +
| 25 || GPUB
 +
|-
 +
| 26 || PPCS2
 +
|-
 +
| 27 || NVDEC
 +
|-
 +
| 28 || APE
 +
|-
 +
| 29 || SE
 +
|-
 +
| 30 || NVJPG
 +
|-
 +
| 31 || HC1
 +
|-
 +
| 32 || SE1
 +
|-
 +
| 33 || AXIAP
 +
|-
 +
| 34 || ETR
 +
|-
 +
| 35 || TSECB
 +
|-
 +
| 36 || TSEC1
 +
|-
 +
| 37 || TSECB1
 
|-
 
|-
| 12 || VI
+
| 38 || NVDEC1
 +
|}
 +
 
 +
== CodeMemoryOperation ==
 +
{| class=wikitable
 +
! Value || Name
 
|-
 
|-
| 13 || VIC
+
| 0 || MapOwner
 
|-
 
|-
| 14 || XUSB_HOST
+
| 1 || MapSlave
 
|-
 
|-
| 15 || XUSB_DEV
+
| 2 || UnmapOwner
 
|-
 
|-
| 16 || TSEC
+
| 3 || UnmapSlave
 +
|}
 +
 
 +
== LimitableResource ==
 +
{| class=wikitable
 +
! Value || Name || Description
 
|-
 
|-
| 17 || PPCS1
+
| 0 || PhysicalMemoryMax || Bytes of memory a process may allocate.
 
|-
 
|-
| 18 || DC1
+
| 1 || ThreadCountMax || Amount of threads a process can create.
 
|-
 
|-
| 19 || SDMMC1A
+
| 2 || EventCountMax || Amount of events a process can create through [[#CreateEvent]] or [[#SendAsyncRequestWithUserBuffer]].
 
|-
 
|-
| 20 || SDMMC2A
+
| 3 || TransferMemoryCountMax || Amount of TransferMemory a process can create through [[#CreateTransferMemory]].
 
|-
 
|-
| 21 || SDMMC3A
+
| 4 || SessionCountMax || Amount of session a process can create through [[#CreateSession]], [[#ConnectToPort]] or [[#ConnectToNamedPort]].
 +
|}
 +
 
 +
= ThreadActivity =
 +
{| class=wikitable
 +
! Value || Name
 
|-
 
|-
| 22 || SDMMC4A
+
| 0 || None
 
|-
 
|-
| 23 || ISP2B
+
| 1 || Runnable
|-
+
|}
| 24 || GPU
 
|-
 
| 25 || GPUB
 
|-
 
| 26 || PPCS2
 
|-
 
| 27 || NVDEC
 
|-
 
| 28 || APE
 
|-
 
| 29 || SE
 
|-
 
| 30 || NVJPG
 
|-
 
| 31 || HC1
 
|-
 
| 32 || SE1
 
|-
 
| 33 || AXIAP
 
|-
 
| 34 || ETR
 
|-
 
| 35 || TSECB
 
|-
 
| 36 || TSEC1
 
|-
 
| 37 || TSECB1
 
|-
 
| 38 || NVDEC1
 
|}
 
  
== CodeMemoryOperation ==
+
== ProcessActivity ==
 
{| class=wikitable
 
{| class=wikitable
 
! Value || Name
 
! Value || Name
 
|-
 
|-
| 0 || MapOwner
+
| 0 || None
|-
 
| 1 || MapSlave
 
|-
 
| 2 || UnmapOwner
 
 
|-
 
|-
| 3 || UnmapSlave
+
| 1 || Runnable
|}
 
 
 
== LimitableResource ==
 
{| class=wikitable
 
! Value || Name || Note
 
|-
 
| 0 || Memory || Bytes of memory a process may allocate.
 
|-
 
| 1 || Threads || Amount of threads a process can create.
 
|-
 
| 2 || Events || Amount of events a process can create through [[#CreateEvent]] or [[#SendAsyncRequestWithUserBuffer]].
 
|-
 
| 3 || TransferMemories || Amount of TransferMemory a process can create through [[#CreateTransferMemory]].
 
|-
 
| 4 || Sessions || Amount of session a process can create through [[#CreateSession]], [[#ConnectToPort]] or [[#ConnectToNamedPort]].
 
 
|}
 
|}
  
Line 2,706: Line 2,808:
 
| 2 || Started ||
 
| 2 || Started ||
 
|-
 
|-
| 3 || Crashed || Processes will not enter this state unless they were created with [[#CreateProcessInfo|EnableDebug]].
+
| 3 || Crashed || Processes will not enter this state unless they were created with [[#CreateProcessParameter|EnableDebug]].
 
|-
 
|-
 
| 4 || StartedAttached ||
 
| 4 || StartedAttached ||
Line 2,743: Line 2,845:
 
AffinityMask: output in out1
 
AffinityMask: output in out1
  
== CreateProcessInfo ==
+
== CreateProcessParameter ==
 
{| class=wikitable
 
{| class=wikitable
 
! Offset || Length || Bits || Description
 
! Offset || Length || Bits || Description
Line 2,759: Line 2,861:
 
| 0x24 || 4 || || Flags
 
| 0x24 || 4 || || Flags
 
|-
 
|-
| || || Bit0 || IsAarch64
+
| || || Bit0 || Is64BitInstruction
 
|-
 
|-
 
| || || Bit3-1 || [[#AddressSpaceType]]
 
| || || Bit3-1 || [[#AddressSpaceType]]
Line 2,771: Line 2,873:
 
| || || Bit7 || [4.0.0] UseSecureMemory
 
| || || Bit7 || [4.0.0] UseSecureMemory
 
|-
 
|-
| || || Bit10-7 || [5.0.0+] PoolPartition (0=Application, 1=Applet, 2=Sysmodule, 3=Nvservices)
+
| || || Bit10-7 || [5.0.0+] MemoryRegion (0 = Application, 1 = Applet, 2 = SecureSystem, 3 = NonSecureSystem)
 
|-
 
|-
| || || Bit11 || [7.0.0+] OptimizeMemoryAllocation (Only allowed in combination with IsApplication).
+
| || || Bit11 || [7.0.0+] OptimizeMemoryAllocation (only allowed in combination with IsApplication)
 
|-
 
|-
| 0x28 || 4 || || ResourceLimitHandle or zero
+
| 0x28 || 4 || || ResourceLimitHandle (can be zero)
 
|-
 
|-
 
| 0x2C || 4 || || [3.0.0+] SystemResourceNumPages
 
| 0x2C || 4 || || [3.0.0+] SystemResourceNumPages
 
|}
 
|}
  
On [1.0.0] there's only one pool.
+
On [1.0.0] there's only one MemoryRegion.
  
On [2.0.0-4.0.0] PoolPartition is 1 for built-ins and 0 for rest.
+
On [2.0.0-4.0.0] MemoryRegion is 1 for built-ins and 0 for rest.
  
On [5.0.0] PoolPartition is specified in CreateProcessArgs. There are now 4 pool partitions.
+
On [5.0.0] MemoryRegion is specified in CreateProcessArgs. There are now 4 pool partitions.
  
 
On [5.0.0] (maybe lower?) a zero ResourceLimitHandle defaults to sysmodule limits and 0x12300000 bytes of memory.
 
On [5.0.0] (maybe lower?) a zero ResourceLimitHandle defaults to sysmodule limits and 0x12300000 bytes of memory.
Line 2,797: Line 2,899:
 
! Type || Name || Width || Description
 
! Type || Name || Width || Description
 
|-
 
|-
| 0 || Normal_32Bit || 32 ||
+
| 0 || AddressSpace32Bit || 32 ||
 
|-
 
|-
| 1 || Normal_36Bit || 36 ||
+
| 1 || AddressSpace64BitOld || 36 ||
 
|-
 
|-
| 2 || WithoutMap_32Bit || 32 || Appears to be missing map region [?]
+
| 2 || AddressSpace32BitNoReserved || 32 || Appears to be missing map region [?]
 
|-
 
|-
| 3 || [2.0.0+] Normal_39Bit || 39 ||
+
| 3 || [2.0.0+] AddressSpace64Bit || 39 ||
 
|}
 
|}
  
Line 2,814: Line 2,916:
 
| 8 || 8 || Size
 
| 8 || 8 || Size
 
|-
 
|-
| 0x10 || 4 || MemoryType: lower 8 bits of [[#MemoryState]]
+
| 0x10 || 4 || [[#MemoryType]]
 
|-
 
|-
 
| 0x14 || 4 || [[#MemoryAttribute]]
 
| 0x14 || 4 || [[#MemoryAttribute]]
 
|-
 
|-
| 0x18 || 4 || Permission (bit0: R, bit1: W, bit2: X)
+
| 0x18 || 4 || [[#MemoryPermission]]
 
|-
 
|-
 
| 0x1C || 4 || IpcRefCount
 
| 0x1C || 4 || IpcRefCount
Line 2,825: Line 2,927:
 
|-
 
|-
 
| 0x24 || 4 || Padding: always zero
 
| 0x24 || 4 || Padding: always zero
 +
|}
 +
 +
== MemoryPermission ==
 +
{| class=wikitable
 +
! Bits || Name || Description
 +
|-
 +
| 0 || Read || Can be set by [[#SetMemoryPermission]].
 +
|-
 +
| 1 || Write || Can be set by [[#SetMemoryPermission]].
 +
|-
 +
| 2 || Execute || Can be set by [[#SetProcessMemoryPermission]] and [[#ControlCodeMemory]].
 
|}
 
|}
  
Line 2,831: Line 2,944:
 
! Bits || Name || Description
 
! Bits || Name || Description
 
|-
 
|-
| 0 || IsBorrowed || Used by MapMemory, as an async IPC user buffer,
+
| 0 || IsMapped || Used by MapMemory, as an async IPC user buffer.
 
|-
 
|-
| 1 || IsIpcLocked || True when IpcRefCount > 0
+
| 1 || IpcLocked || True when IpcRefCount > 0.
 
|-
 
|-
| 2 || IsDeviceShared || True when DeviceRefCount > 0
+
| 2 || DeviceShared || True when DeviceRefCount > 0.
 
|-
 
|-
 
| 3 || IsUncached ||  
 
| 3 || IsUncached ||  
Line 2,885: Line 2,998:
 
! Value || Type || Meaning
 
! Value || Type || Meaning
 
|-
 
|-
| 0x00000000 || Unmapped ||
+
| 0x00000000 || Free ||
 
|-
 
|-
 
| 0x00002001 || Io || Mapped by kernel capability parsing in [[#CreateProcess]].  
 
| 0x00002001 || Io || Mapped by kernel capability parsing in [[#CreateProcess]].  
 
|-
 
|-
| 0x00042002 || Normal || Mapped by kernel capability parsing in [[#CreateProcess]].
+
| 0x00042002 || Static || Mapped by kernel capability parsing in [[#CreateProcess]].
 
|-
 
|-
| 0x00DC7E03 || CodeStatic || Mapped during [[#CreateProcess]].
+
| 0x00DC7E03 || Code || Mapped during [[#CreateProcess]].
 
|-
 
|-
 
| [1.0.0+]
 
| [1.0.0+]
Line 2,900: Line 3,013:
  
 
0x03FEBD04
 
0x03FEBD04
|| CodeMutable || Transition from 0xDC7E03 performed by [[#SetProcessMemoryPermission]].
+
|| CodeData || Transition from 0xDC7E03 performed by [[#SetProcessMemoryPermission]].
 
|-
 
|-
 
| [1.0.0+]
 
| [1.0.0+]
Line 2,908: Line 3,021:
  
 
0x037EBD05
 
0x037EBD05
|| Heap || Mapped using [[#SetHeapSize]].
+
|| Normal || Mapped using [[#SetHeapSize]].
 
|-
 
|-
| 0x00402006 || SharedMemory || Mapped using [[#MapSharedMemory]].
+
| 0x00402006 || Shared || Mapped using [[#MapSharedMemory]].
 
|-
 
|-
 
| 0x00482907 || [1.0.0] Alias || Mapped using [[#MapMemory]].
 
| 0x00482907 || [1.0.0] Alias || Mapped using [[#MapMemory]].
 
|-
 
|-
| 0x00DD7E08 || ModuleCodeStatic || Mapped using [[#MapProcessCodeMemory]].
+
| 0x00DD7E08 || AliasCode || Mapped using [[#MapProcessCodeMemory]].
 
|-
 
|-
 
| [1.0.0+]
 
| [1.0.0+]
Line 2,923: Line 3,036:
  
 
0x03FFBD09
 
0x03FFBD09
|| ModuleCodeMutable || Transition from 0xDD7E08 performed by [[#SetProcessMemoryPermission]].
+
|| AliasCodeData || Transition from 0xDD7E08 performed by [[#SetProcessMemoryPermission]].
 
|-
 
|-
 
| 0x005C3C0A || [[IPC_Marshalling|Ipc]] || IPC buffers with descriptor flags=0.
 
| 0x005C3C0A || [[IPC_Marshalling|Ipc]] || IPC buffers with descriptor flags=0.
Line 2,931: Line 3,044:
 
| 0x0040200C || [[Thread Local Storage|ThreadLocal]] || Mapped during [[#CreateThread]].
 
| 0x0040200C || [[Thread Local Storage|ThreadLocal]] || Mapped during [[#CreateThread]].
 
|-
 
|-
| 0x015C3C0D || TransferMemoryIsolated || Mapped using [[#MapTransferMemory]] when the owning process has perm=0.
+
| 0x015C3C0D || Transfered || Mapped using [[#MapTransferMemory]] when the owning process has perm=0.
 
|-
 
|-
| 0x005C380E || TransferMemory || Mapped using [[#MapTransferMemory]] when the owning process has perm!=0.
+
| 0x005C380E || ShTransfered || Mapped using [[#MapTransferMemory]] when the owning process has perm!=0.
 
|-
 
|-
| 0x0040380F || ProcessMemory || Mapped using [[#MapProcessMemory]].
+
| 0x0040380F || SharedCode || Mapped using [[#MapProcessMemory]].
 
|-
 
|-
 
| 0x00000010 || Reserved ||
 
| 0x00000010 || Reserved ||

Revision as of 22:33, 7 January 2020


System calls

Id Name
0x1 #SetHeapSize
0x2 #SetMemoryPermission
0x3 #SetMemoryAttribute
0x4 #MapMemory
0x5 #UnmapMemory
0x6 #QueryMemory
0x7 #ExitProcess
0x8 #CreateThread
0x9 #StartThread
0xA #ExitThread
0xB #SleepThread
0xC #GetThreadPriority
0xD #SetThreadPriority
0xE #GetThreadCoreMask
0xF #SetThreadCoreMask
0x10 #GetCurrentProcessorNumber
0x11 #SignalEvent
0x12 #ClearEvent
0x13 #MapSharedMemory
0x14 #UnmapSharedMemory
0x15 #CreateTransferMemory
0x16 #CloseHandle
0x17 #ResetSignal
0x18 #WaitSynchronization
0x19 #CancelSynchronization
0x1A #ArbitrateLock
0x1B #ArbitrateUnlock
0x1C #WaitProcessWideKeyAtomic
0x1D #SignalProcessWideKey
0x1E #GetSystemTick
0x1F #ConnectToNamedPort
0x20 #SendSyncRequestLight
0x21 #SendSyncRequest
0x22 #SendSyncRequestWithUserBuffer
0x23 #SendAsyncRequestWithUserBuffer
0x24 #GetProcessId
0x25 #GetThreadId
0x26 #Break
0x27 #OutputDebugString
0x28 #ReturnFromException
0x29 #GetInfo
0x2A #FlushEntireDataCache
0x2B #FlushDataCache
0x2C [3.0.0+] #MapPhysicalMemory
0x2D [3.0.0+] #UnmapPhysicalMemory
0x2E [5.0.0+] #GetFutureThreadInfo
0x2F #GetLastThreadInfo
0x30 #GetResourceLimitLimitValue
0x31 #GetResourceLimitCurrentValue
0x32 #SetThreadActivity
0x33 #GetThreadContext3
0x34 [4.0.0+] #WaitForAddress
0x35 [4.0.0+] #SignalToAddress
0x36 [8.0.0+] #SynchronizePreemptionState
0x3C [4.0.0+] #KernelDebug ([1.0.0-3.0.2] #DumpInfo)
0x3D [4.0.0+] #ChangeKernelTraceState
0x40 #CreateSession
0x41 #AcceptSession
0x42 #ReplyAndReceiveLight
0x43 #ReplyAndReceive
0x44 #ReplyAndReceiveWithUserBuffer
0x45 #CreateEvent
0x48 [5.0.0+] #MapPhysicalMemoryUnsafe
0x49 [5.0.0+] #UnmapPhysicalMemoryUnsafe
0x4A [5.0.0+] #SetUnsafeLimit
0x4B [4.0.0+] #CreateCodeMemory
0x4C [4.0.0+] #ControlCodeMemory
0x4D #SleepSystem
0x4E #ReadWriteRegister
0x4F #SetProcessActivity
0x50 #CreateSharedMemory
0x51 #MapTransferMemory
0x52 #UnmapTransferMemory
0x53 #CreateInterruptEvent
0x54 #QueryPhysicalAddress
0x55 #QueryIoMapping
0x56 #CreateDeviceAddressSpace
0x57 #AttachDeviceAddressSpace
0x58 #DetachDeviceAddressSpace
0x59 #MapDeviceAddressSpaceByForce
0x5A #MapDeviceAddressSpaceAligned
0x5B #MapDeviceAddressSpace
0x5C #UnmapDeviceAddressSpace
0x5D #InvalidateProcessDataCache
0x5E #StoreProcessDataCache
0x5F #FlushProcessDataCache
0x60 #DebugActiveProcess
0x61 #BreakDebugProcess
0x62 #TerminateDebugProcess
0x63 #GetDebugEvent
0x64 #ContinueDebugEvent
0x65 #GetProcessList
0x66 #GetThreadList
0x67 #GetDebugThreadContext
0x68 #SetDebugThreadContext
0x69 #QueryDebugProcessMemory
0x6A #ReadDebugProcessMemory
0x6B #WriteDebugProcessMemory
0x6C #SetHardwareBreakPoint
0x6D #GetDebugThreadParam
0x6F [5.0.0+] #GetSystemInfo
0x70 #CreatePort
0x71 #ManageNamedPort
0x72 #ConnectToPort
0x73 #SetProcessMemoryPermission
0x74 #MapProcessMemory
0x75 #UnmapProcessMemory
0x76 #QueryProcessMemory
0x77 #MapProcessCodeMemory
0x78 #UnmapProcessCodeMemory
0x79 #CreateProcess
0x7A #StartProcess
0x7B #TerminateProcess
0x7C #GetProcessInfo
0x7D #CreateResourceLimit
0x7E #SetResourceLimitLimitValue
0x7F #CallSecureMonitor

SetHeapSize

Argument Type Name
(In) W1 uint32_t Size
(Out) W0 #Result Result
(Out) X1 void* HeapAddress

Sets the process heap to a given Size. It can both extend and shrink the heap.

Size must be a multiple of 0x200000 (2MB).

On success, the heap base-address (which is fixed by kernel, aslr'd, and always in the Heap memory region) is written to HeapAddress.

Uses current process pool partition. The memory allocated counts towards the caller's process Memory ResourceLimit.

[2.0.0+] Size must be less than or equal to 4GB.

Result codes

0x0: Success.

0xCA01: Invalid size passed. It's either bigger than 4GB, or misaligned.

0xD001: Size is bigger than the Heap Region size.

0xCE01: KMemoryBlockAllocator slab allocator exhausted.

0xD401: The memory region is in an invalid state. Likely because a mapping was made in the heap region.

0x10801: Memory resource limit reached.

SetMemoryPermission

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(In) W2 #MemoryPermission MemoryPermission
(Out) W0 #Result Result

Changes permission of page-aligned memory region.

Bit2 of permission (exec) is not allowed. Setting write-only is not allowed either (bit1).

This can be used to move back and forth between ---, r-- and rw-.

Result codes

0x0: Success. The memory region was reprotected.

0xCC01: Unaligned address specified.

0xCA01: Unaligned or zero size specified.

0xD401: The provided memory region does not fall within the userland address space.

0xD801: Invalid permission specified. Valid permissions are ---, r-- and rw-.

0xD401: The provided memory region was in an invalid state. The region must have the PermissionChangeAllowed bit set in its #MemoryState, and must not have the IsBorrowed or IsUncached #MemoryAttribute.

0xCE01: Kernel resource exhausted.

SetMemoryAttribute

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(In) W2 uint32_t State0
(In) W3 uint32_t State1
(Out) W0 #Result Result

Changes attribute of page-aligned memory region.

This is used to turn on/off caching for a given memory area. Useful when talking to devices such as the GPU.

What happens "under the hood" is the "Memory Attribute Indirection Register" index is changed from 2 to 3 in the MMU descriptor.

State0 State1 Action
0 0 Clear bit3 in #MemoryAttribute.
8 0 Clear bit3 in #MemoryAttribute.
8 8 Set bit3 in #MemoryAttribute.

MapMemory

Argument Type Name
(In) X0 void* DstAddress
(In) X1 void* SrcAddress
(In) X2 uint64_t Size
(Out) W0 #Result Result

Maps a memory range into a different range.

Mainly used for adding guard pages around stack.

Source range gets reprotected to --- (it can no longer be accessed), and bit0 is set in the source #MemoryAttribute.

[1.0.0] This could be used to map into either the Alias Region or the Stack region.

[2.0.0+] This can only be used to map into the Stack region.

Code can get the range of the Alias region from #GetInfo id0=2,3, and on 2.0.0+ the range of the Stack region via #GetInfo id0=14, 15 (on 1.0.0, the Stack region had hardcoded limits).

When mapped into the Alias region, the mapped memory will have state 0x482907.

When mapped into the Stack region, the mapped memory will have state 0x5C3C0B.

UnmapMemory

Argument Type Name
(In) X0 void* DstAddress
(In) X1 void* SrcAddress
(In) X2 uint64_t Size
(Out) W0 #Result Result

Unmaps a region that was previously mapped with #MapMemory.

It's possible to unmap ranges partially, you don't need to unmap the entire range "in one go".

The srcaddr/dstaddr must match what was given when the pages were originally mapped.

QueryMemory

Argument Type Name
(In) X0 #MemoryInfo* MemoryInfo
(In) X2 void* Address
(Out) W0 #Result Result
(Out) W1 #PageInfo PageInfo

Queries information about an address. Will always fetch the lowest page-aligned mapping that contains the provided address.

Outputs a #MemoryInfo struct.

ExitProcess

Argument Type Name
(In) None
(Out) None

Exits the current process.

CreateThread

Argument64 Argument32 Type Name
(In) X1 R1 void(*)(void*) Entry
(In) X2 R2 void* ThreadContext
(In) X3 R3 void* StackTop
(In) W4 R0 int32_t Priority
(In) W5 R4 int32_t ProcessorId
(Out) W0 R0 #Result Result
(Out) W1 R1 Handle<Thread> ThreadHandle

Creates a thread in the current process.

ProcessorId must be 0,1,2,3 or -2, where -2 uses the default CpuId for process.

StartThread

Argument Type Name
(In) W0 Handle<Thread> ThreadHandle
(Out) None

Starts the thread for the provided handle.

ExitThread

Argument Type Name
(In) None
(Out) None

Exits the current thread.

SleepThread

Argument64 Argument32 Type Name
(In) X0 R0, R1 uint64_t Nanoseconds

Sleeps for a specified amount of time, or yields the thread.

Setting nanoseconds to 0, -1, or -2 indicates a yielding type.

Value Type
0 Yielding without core migration
-1 Yielding with core migration
-2 Yielding to any other thread

GetThreadPriority

Argument Type Name
(In) W1 Handle<Thread> ThreadHandle
(Out) W0 #Result Result
(Out) W1 int32_t Priority

Gets the priority of provided thread handle.

SetThreadPriority

Argument Type Name
(In) W0 Handle<Thread> ThreadHandle
(In) W1 int32_t Priority
(Out) W0 #Result Result

Sets the priority of provided thread handle.

Priority is a number 0-0x3F. Lower value means higher priority.

GetThreadCoreMask

Argument64 Argument32 Type Name
(In) W2 R2 Handle<Thread> ThreadHandle
(Out) W0 R0 #Result Result
(Out) W1 R1 int32_t CoreMask0
(Out) X2 R2, R3 uint64_t CoreMask1

Gets the affinity mask of provided thread handle.

SetThreadCoreMask

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Thread> ThreadHandle
(In) W1 R1 int32_t CoreMask0
(In) X2 R2, R3 uint64_t CoreMask1
(Out) W0 R0 #Result Result

Sets the affinity mask of provided thread handle.

GetCurrentProcessorNumber

Argument Type Name
(In) None
(Out) W0 uint32_t CpuId

Gets which cpu is executing the current thread.

CpuId is an integer in the range 0-3.

SignalEvent

Argument Type Name
(In) W0 Handle<WritableEvent> EventHandle
(Out) X0 #Result Result

Puts the given event in the signaled state.

Will wake up any thread currently waiting on this event. Can potentially trigger a reschedule.

Any calls to #WaitSynchronization on this handle will return immediately, until the event's signaled state is reset.

Result codes

0x0: Success. Event is now in signaled state.

0xE401: Invalid handle. The handle either does not exist, or is not a WritableEvent.

ClearEvent

Argument Type Name
(In) W0 Handle<WritableEvent> or Handle<ReadableEvent> EventHandle
(Out) X0 #Result Result

Takes the given event out of the signaled state.

Result codes

0x0: Success, the event is now in the not-signaled state.

0xE401: Invalid handle. The handle either does not exist, or is not a ReadableEvent nor a WritableEvent.

0xFA01: The handle was not in a signaled state.

MapSharedMemory

Argument Type Name
(In) W0 Handle<SharedMemory> SharedMemoryHandle
(In) X1 void* Address
(In) X2 uint64_t Size
(In) W3 #MemoryPermission MemoryPermission
(Out) W0 #Result Result

Maps the block supplied by the handle. The required permissions are different for the process that created the handle and all other processes.

Increases reference count for the KSharedMemory object. Thus in order to release the memory associated with the object, all handles to it must be closed and all mappings must be unmapped.

UnmapSharedMemory

Argument Type Name
(In) W0 Handle<SharedMemory> SharedMemoryHandle
(In) X1 void* Address
(In) X2 uint64_t Size
(Out) W0 #Result Result

CreateTransferMemory

Argument Type Name
(In) X1 void* Address
(In) X2 uint64_t Size
(In) W3 #MemoryPermission MemoryPermission
(Out) W0 #Result Result
(Out) W1 Handle<TransferMemory> TransferMemoryHandle

This one reprotects the src block with perms you give it. It also sets bit0 into #MemoryAttribute.

Executable bit perm not allowed.

Closing all handles automatically causes the bit0 in #MemoryAttribute to clear, and the permission to reset.

CloseHandle

Argument Type Name
(In) W0 Handle Handle
(Out) W0 #Result Result

ResetSignal

Argument Type Name
(In) W0 Handle<ReadableEvent> or Handle<Process> Handle
(Out) W0 #Result Result

Resets the signal on the given handle, ensuring future calls to #WaitSynchronization on this handle will sleep until the handle is signaled again. If the handle is a ReadableEvent, this is equivalent to calling ClearEvent() on the handle.

If the handle is a Process, it will clear the signaled state (which is set when the process changes #ProcessState. Once the process enters the Exited state, calling ResetSignal on the process will no longer have an effect (the process is permanently signaled), and the syscall will return 0xFA01.

Result codes

0x0: Success. The signal was reset.

0xE401: The handle is invalid or of the wrong type.

0xFA01: The handle was not signaled, or the process is in exited state, causing it to be permanently signaled.

WaitSynchronization

Argument64 Argument32 Type Name
(In) X1 R1 Handle* HandlesPtr
(In) W2 R2 int32_t HandlesNum
(In) X3 R0, R3 int64_t Timeout
(Out) W0 R0 #Result Result
(Out) W1 R1 uint64_t HandleIndex

Works with HandlesNum <= 0x40.

When zero handles are passed, this will wait forever until either timeout or cancellation occurs.

Does not accept 0xFFFF8001 or 0xFFFF8000 as handles.

Object types

KDebug: signals when there is a new DebugEvent (retrievable via #GetDebugEvent).

KClientPort: signals when the number of sessions is less than the maximum allowed.

KProcess: signals when the process undergoes a state change (retrievable via #GetProcessInfo).

KReadableEvent: signals when the event's corresponding KWritableEvent has been signaled via #SignalEvent.

KServerPort: signals when there is an incoming connection waiting to be accepted.

KServerSession: signals when there is an incoming message waiting to be received or the pipe is closed.

KThread: signals when the thread has exited.

Result codes

0x0: Success. One of the objects was signaled before the timeout expired, or one of the objects is a Session with a closed remote. Handle index is updated to indicate which object signaled.

0x7601: Thread termination requested. Handle index is not updated.

0xe401: Invalid handle. Returned when one of the handles passed is invalid. Handle index is not updated.

0xe601: Invalid address. Returned when the handles pointer is not a readable address. Handle index is not updated.

0xea01: Timeout. Returned when no objects have been signaled within the timeout. Handle index is not updated.

0xec01: Interrupted. Returned when another thread uses #CancelSynchronization to cancel this thread. Handle index is not updated.

0xee01: Too many handles. Returned when the number of handles passed is > 0x40.

CancelSynchronization

Argument Type Name
(In) W0 Handle<Thread> ThreadHandle
(Out) W0 #Result Result

If the referenced thread is currently in a synchronization call (#WaitSynchronization, #ReplyAndReceive or #ReplyAndReceiveLight), that call will be interrupted and return 0xec01. If that thread is not currently executing such a synchronization call, the next call to a synchronization call will return 0xec01.

This doesn't take force-pause (activity/debug pause) into account.

Result codes

0x0: Success. The thread was either interrupted or has had its flag set.

0xe401: Invalid handle. The handle given was either invalid or not a thread handle.

ArbitrateLock

Argument Type Name
(In) W0 Handle<Thread> ThreadHandle
(In) X1 void* Address
(In) W2 uint32_t Tag
(Out) W0 #Result Result

ArbitrateUnlock

Argument Type Name
(In) X0 void* Address
(Out) W0 #Result Result

WaitProcessWideKeyAtomic

Argument64 Argument32 Type Name
(In) X0 R0 void* KeyAddress
(In) X1 R1 void* TagAddress
(In) W2 R2 uint32_t Tag
(In) X3 R3, R4 int64_t Timeout
(Out) W0 R0 #Result Result

SignalProcessWideKey

Argument Type Name
(In) X0 void* Address
(In) W1 int32_t Value
(Out) W0 #Result Result

GetSystemTick

Argument64 Argument32 Type Name
(Out) X0 R0, R1 uint64_t Ticks

Returns the value of cntpct_el0.

The frequency is 19200000 Hz (constant from official sw).

Official sw reads cntpct_el0 directly from usermode without using this SVC. sdk-nso has this SVC, but it's not known to be called anywhere.

ConnectToNamedPort

Argument Type Name
(In) X1 char* PortName
(Out) W0 #Result Result
(Out) W1 Handle<Session> SessionHandle

SendSyncRequestLight

Argument Type Name
(In) W0 Handle<Session> SessionHandle
(Out) W0 #Result Result

SendSyncRequest

Argument Type Name
(In) W0 Handle<Session> SessionHandle
(Out) W0 #Result Result

SendSyncRequestWithUserBuffer

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(In) W2 Handle<Session> SessionHandle
(Out) W0 #Result Result

Size and Address must be 0x1000-aligned.

Result codes

0x0: Success.

0xcc01: Address is not 0x1000-aligned.

0xca01: Size is not 0x1000-aligned.

0xce01: KSessionRequest allocation failed (unlikely) or pointer buffer size exceeded.

0xe401: Handles does not exist, or handle is not an instance of KClientSession.

SendAsyncRequestWithUserBuffer

Argument Type Name
(In) X1 void* Address
(In) X2 uint64_t Size
(In) W3 Handle<Session> SessionHandle
(Out) W0 #Result Result
(Out) W1 Handle<ReadableEvent> EventHandle

Size and Address must be 0x1000-aligned.

GetProcessId

Argument64 Argument32 Type Name
(In) W1 R1 Handle<Process> ProcessHandle
(Out) W0 R0 #Result Result
(Out) X1 R1, R2 uint64_t ProcessId

GetThreadId

Argument64 Argument32 Type Name
(In) W1 R1 Handle<Thread> ThreadHandle
(Out) W0 R0 #Result Result
(Out) X1 R1, R2 uint64_t ThreadId

Break

Argument Type Name
(In) X0 #BreakReason BreakReason
(In) X1 uint64_t
(In) X2 uint64_t Info
(Out) W0 #Result Result

If the process is attached, report the Break event. Then, if #ContinueDebugEvent didn't apply IgnoreException on the thread: if TPIDR_EL0 is 0, adjust ELR_EL1 to retry to svc instruction (and set TPIDR_EL0 to 1).

Otherwise, if bit31 in reason isn't set, perform crash reporting (see Exception Handling section below), if it doesn't terminate the process adjust ELR_EL1 as well.

Otherwise just return 0.

OutputDebugString

Argument Type Name
(In) X0 char* String
(In) X1 uint64_t Size
(Out) W0 #Result Result

ReturnFromException

Argument Type Name
(In) W0 #Result Result

GetInfo

Argument64 Argument32 Type Name
(In) W1 R1 #InfoType InfoType
(In) W2 R2 Handle Handle
(In) X3 R0, R3 uint64_t InfoSubType
(Out) W0 R0 #Result Result
(Out) X1 R1, R2 uint64_t Info

FlushEntireDataCache

Argument Type Name
(In) None
(Out) None

FlushDataCache

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(Out) W0 #Result Result

MapPhysicalMemory

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(Out) W0 #Result Result

Acts like #SetHeapSize except you can allocate heap at any address you'd like.

Uses current process pool partition.

UnmapPhysicalMemory

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(Out) W0 #Result Result

GetFutureThreadInfo

Argument64 Argument32 Type Name
(In) X3 R0, R1 uint64_t Timeout
(Out) W0 R0 #Result Result
(Out) X1 uint64_t LastThreadContextParam0
(Out) X2 uint64_t LastThreadContextParam1
(Out) X3 uint64_t LastThreadContextParam2
(Out) X4 uint64_t LastThreadContextParam3
(Out) X5 uint64_t
(Out) W6 uint32_t

GetLastThreadInfo

Argument Type Name
(In) None
(Out) W0 #Result Result
(Out) X1 uint64_t LastThreadContextParam0
(Out) X2 uint64_t LastThreadContextParam1
(Out) X3 uint64_t LastThreadContextParam2
(Out) X4 uint64_t LastThreadContextParam3
(Out) X5 uint64_t
(Out) W6 uint32_t

GetResourceLimitLimitValue

Argument64 Argument32 Type Name
(In) W1 R1 Handle<ResourceLimit> ResourceLimitHandle
(In) W2 R2 #LimitableResource LimitableResource
(Out) W0 R0 #Result Result
(Out) X1 R1, R2 int64_t LimitValue

GetResourceLimitCurrentValue

Argument64 Argument32 Type Name
(In) W1 R1 Handle<ResourceLimit> ResourceLimitHandle
(In) W2 R2 #LimitableResource LimitableResource
(Out) W0 R0 #Result Result
(Out) X1 R1, R2 int64_t CurrentValue

SetThreadActivity

Argument Type Name
(In) W0 Handle<Thread> ThreadHandle
(In) W1 #ThreadActivity ThreadActivity
(Out) W0 #Result Result

GetThreadContext3

Argument Type Name
(In) X0 #ThreadContext* ThreadContext
(In) W1 Handle<Thread> ThreadHandle
(Out) W0 #Result Result

WaitForAddress

Argument64 Argument32 Type Name
(In) X0 R0 void* Address
(In) W1 R1 #ArbitrationType ArbitrationType
(In) W2 R2 uint32_t Value
(In) X3 R3, R4 uint64_t Timeout
(Out) None

SignalToAddress

Argument64 Argument32 Type Name
(In) X0 R0 void* Address
(In) W1 R1 #SignalType SignalType
(In) W2 R2 uint32_t Value
(In) W3 R3 uint32_t NumToSignal
(Out) None

SynchronizePreemptionState

Argument Type Name
(In) None
(Out) None

DumpInfo

Argument Type Name
(In) X0 #DumpInfoType DumpInfoType
(In) X1 uint64_t DumpInfoSubType
(Out) W0 #Result Result

Stubbed in retail kernel.

[4.0.0+] This function was removed and replaced by #KernelDebug.

KernelDebug

Argument Type Name
(In) W0 #KernelDebugType KernelDebugType
(In) X1 uint64_t
(In) X2 uint64_t
(In) X3 uint64_t
(Out) W0 #Result Result

Stubbed in retail kernel.

ChangeKernelTraceState

Argument Type Name
(In) W0 #KernelTraceState KernelTraceState
(Out) W0 #Result Result

Stubbed in retail kernel.

CreateSession

Argument Type Name
(In) W2 bool IsLight
(In) X3 uint64_t Name
(Out) W0 #Result Result
(Out) W1 Handle<ServerSession> ServerSessionHandle
(Out) W2 Handle<ClientSession> ClientSessionHandle

AcceptSession

Argument Type Name
(In) W1 Handle<Port> PortHandle
(Out) W0 #Result Result
(Out) W1 Handle<ServerSession> ServerSessionHandle

Result codes

0xf201: No session waiting to be accepted

ReplyAndReceiveLight

Argument Type Name
(In) W0 Handle<Port> or Handle<ServerSession> Handle
(Out) W0 #Result Result

ReplyAndReceive

Argument64 Argument32 Type Name
(In) W1 R1 Handle<Port>* or Handle<ServerSession>* Handles
(In) W2 R2 uint32_t NumHandles
(In) W3 R3 Handle<ServerSession> ReplyTargetSessionHandle
(In) X4 R0, R4 uint64_t Timeout
(Out) W0 R0 #Result Result
(Out) W1 R1 uint32_t HandleIndex

If ReplyTargetSessionHandle is not zero, a reply from the TLS will be sent to that session. Then it will wait until either of the passed sessions has an incoming message, is closed, a passed port has an incoming connection, or the timeout expires. If there is an incoming message, it is copied to the TLS.

If ReplyTargetSessionHandle is zero, the TLS should contain a blank message. If this message has a C descriptor, the buffer it points to will be used as the pointer buffer. See IPC_Marshalling#IPC_buffers. Note that a pointer buffer cannot be specified if ReplyTargetSessionHandle is not zero.

After being validated, passed handles will be enumerated in order; even if a session has been closed, if one that appears earlier in the list has an incoming message, it will take priority and a result code of 0x0 will be returned.

Result codes

0x0: Success. Either a session has an incoming message or a port has an incoming connection. HandleIndex is set appropriately.

0xea01: Timeout. No handles were signalled before the timeout expired. HandleIndex is not updated.

0xf601: Port remote dead. One of the sessions has been closed. HandleIndex is set appropriately.

ReplyAndReceiveWithUserBuffer

Argument64 Argument32 Type Name
(In) X1 R1 void* Address
(In) X2 R2 uint64_t Size
(In) X3 R3 Handle<Port>* or Handle<ServerSession>* Handles
(In) W4 R0 uint32_t NumHandles
(In) W5 R4 Handle<ServerSession> ReplyTargetSessionHandle
(In) X6 R5, R6 uint64_t Timeout
(Out) W0 R0 #Result Result
(Out) W1 R1 uint32_t HandleIndex

CreateEvent

Argument Type Name
(In) None
(Out) W0 #Result Result
(Out) W1 Handle<WritableEvent> WritableEventHandle
(Out) W2 Handle<ReadableEvent> ReadableEventHandle

MapPhysicalMemoryUnsafe

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(Out) W0 #Result Result

Same as #MapPhysicalMemory except it always uses pool partition 0.

UnmapPhysicalMemoryUnsafe

Argument Type Name
(In) X0 void* Address
(In) X1 uint64_t Size
(Out) W0 #Result Result

SetUnsafeLimit

Argument Type Name
(In) X0 uint64_t Limit
(Out) W0 #Result Result

CreateCodeMemory

Argument Type Name
(In) X1 void* Address
(In) X2 uint64_t Size
(Out) W0 #Result Result
(Out) W1 Handle<CodeMemory> CodeMemoryHandle

Takes an address range with backing memory to create the code memory object.

The memory is initially memset to 0xFF after being locked.

ControlCodeMemory

Argument64 Argument32 Type Name
(In) W0 R0 Handle<CodeMemory> CodeMemoryHandle
(In) W1 R1 #CodeMemoryOperation CodeMemoryOperation
(In) X2 R2, R3 void* Address
(In) X3 R4, R5 uint64_t Size
(In) W4 R6 #MemoryPermission MemoryPermission
(Out) W0 R0 #Result Result

Maps the backing memory for a CodeMemory object into the current process.

For MapOwner, memory permission must be RW-.

For MapSlave, memory permission must be R-- or R-X.

Operations UnmapOwner/UnmapSlave unmap memory that was previously mapped this way.

This allows one "secure JIT" process to map the code memory as RW-, and the other "slave" process to map it R-X.

[5.0.0+] Error 0xE401 is now returned when the process owner of the Code memory object is the same as the current process.

SleepSystem

Argument Type Name
(In) None
(Out) None

ReadWriteRegister

Argument64 Argument32 Type Name
(In) X1 R2, R3 uint64_t RegisterAddress
(In) W2 R0 uint32_t RwMask
(In) W3 R1 uint32_t InValue
(Out) W0 R0 #Result Result
(Out) W1 R1 uint32_t OutValue

Read/write IO registers with a hardcoded whitelist. Input address is physical-address and must be aligned to 4.

rw_mask is 0 for reading and 0xffffffff for writing. You can also write individual bits by using a mask value.

You can only write to registers inside physical pages 0x70019000 (MC), 0x7001C000 (MC0), 0x7001D000 (MC1), and they all share the same whitelist.

The whitelist is same for writing as for reading.

The whitelist is:

0x054, 0x090, 0x094, 0x098, 0x09c, 0x0a0, 0x0a4, 0x0a8, 0x0ac, 0x0b0, 0x0b4, 0x0b8, 0x0bc, 0x0c0, 0x0c4, 0x0c8, 0x0d0, 0x0d4, 0x0d8, 0x0dc, 0x0e0, 0x100, 0x108, 0x10c, 0x118, 0x11c, 0x124, 0x128, 0x12c, 0x130, 0x134, 0x138, 0x13c, 0x158, 0x15c, 0x164, 0x168, 0x16c, 0x170, 0x174, 0x178, 0x17c, 0x200, 0x204, 0x2e4, 0x2e8, 0x2ec, 0x2f4, 0x2f8, 0x310, 0x314, 0x320, 0x328, 0x344, 0x348, 0x370, 0x374, 0x37c, 0x380, 0x390, 0x394, 0x398, 0x3ac, 0x3b8, 0x3bc, 0x3c0, 0x3c4, 0x3d8, 0x3e8, 0x41c, 0x420, 0x424, 0x428, 0x42c, 0x430, 0x44c, 0x47c, 0x480, 0x484, 0x50c, 0x554, 0x558, 0x55c, 0x670, 0x674, 0x690, 0x694, 0x698, 0x69c, 0x6a0, 0x6a4, 0x6c0, 0x6c4, 0x6f0, 0x6f4, 0x960, 0x970, 0x974, 0xa20, 0xa24, 0xb88, 0xb8c, 0xbc4, 0xbc8, 0xbcc, 0xbd0, 0xbd4, 0xbd8, 0xbdc, 0xbe0, 0xbe4, 0xbe8, 0xbec, 0xc00, 0xc5c, 0xcac

[2.0.0+] Whitelist was extended with 0x4c4, 0x4c8, 0x4cc, 0x584, 0x588, 0x58c.

[2.0.0+] The IO registers in range 0x7000E400 (PMC) size 0xC00 skip the whitelist, and do a TrustZone call using ReadWriteRegister.

[4.0.0+] Access to the Memory Controller (0x70019000) also uses smcReadWriteRegister.

Here is the whitelist imposed by that SMC, relative to the start of the PMC registers:

0x000, 0x00c, 0x010, 0x014, 0x01c, 0x020, 0x02c, 0x030, 0x034, 0x038, 0x03c, 0x040, 0x044, 0x048, 0x0dc, 0x0e0, 0x0e4, 0x160, 0x164, 0x168, 0x170, 0x1a8, 0x1b8, 0x1bc, 0x1c0, 0x1c4, 0x1c8, 0x2b4, 0x2d4, 0x440, 0x4d8

Here is the whitelist imposed by the SMC ReadWriteRegister (checked in addition to the whitelist in the ReadWriteRegister SVC), relative to the start of the MC registers:

0x000, 0x004, 0x008, 0x00C, 0x010, 0x01C, 0x020, 0x030, 0x034, 0x050, 0x054, 0x090, 0x094, 0x098, 0x09C, 0x0A0, 0x0A4, 0x0A8, 0x0AC, 0x0B0, 0x0B4, 0x0B8, 0x0BC, 0x0C0, 0x0C4, 0x0C8, 0x0D0, 0x0D4, 0x0D8, 0x0DC, 0x0E0, 0x100, 0x108, 0x10C, 0x118, 0x11C, 0x124, 0x128, 0x12C, 0x130, 0x134, 0x138, 0x13C, 0x158, 0x15C, 0x164, 0x168, 0x16C, 0x170, 0x174, 0x178, 0x17C, 0x200, 0x204, 0x238, 0x240, 0x244, 0x250, 0x254, 0x258, 0x264, 0x268, 0x26C, 0x270, 0x274, 0x280, 0x284, 0x288, 0x28C, 0x294, 0x2E4, 0x2E8, 0x2EC, 0x2F4, 0x2F8, 0x310, 0x314, 0x320, 0x328, 0x344, 0x348, 0x370, 0x374, 0x37C, 0x380, 0x390, 0x394, 0x398, 0x3AC, 0x3B8, 0x3BC, 0x3C0, 0x3C4, 0x3D8, 0x3E8, 0x41C, 0x420, 0x424, 0x428, 0x42C, 0x430, 0x44C, 0x47C, 0x480, 0x484, 0x4C4, 0x4C8, 0x4CC, 0x50C, 0x554, 0x558, 0x55C, 0x584, 0x588, 0x58C, 0x670, 0x674, 0x690, 0x694, 0x698, 0x69C, 0x6A0, 0x6A4, 0x6C0, 0x6C4, 0x6F0, 0x6F4, 0x960, 0x970, 0x974, 0x9B8, 0xA20, 0xA24, 0xA88, 0xA94, 0xA98, 0xA9C, 0xAA0, 0xAA4, 0xAA8, 0xAAC, 0xAB0, 0xAB4, 0xAB8, 0xABC, 0xAC0, 0xAC4, 0xAC8, 0xACC, 0xAD0, 0xAD4, 0xAD8, 0xADC, 0xAE0, 0xB88, 0xB8C, 0xBC4, 0xBC8, 0xBCC, 0xBD0, 0xBD4, 0xBD8, 0xBDC, 0xBE0, 0xBE4, 0xBE8, 0xBEC, 0xC00, 0xC5C, 0xCAC

SetProcessActivity

Argument Type Name
(In) W0 Handle<Process> ProcessHandle
(In) W1 #ProcessActivity ProcessActivity
(Out) W0 #Result Result

CreateSharedMemory

Argument Type Name
(In) W1 uint64_t Size
(In) W2 #MemoryPermission LocalMemoryPermission
(In) W3 #MemoryPermission RemoteMemoryPermission
(Out) W0 #Result Result
(Out) W1 Handle<SharedMemory> SharedMemoryHandle

Other perm can be used to enforce permission 1, 3, or 0x10000000 if don't care.

Allocates memory from the current process' pool partition.

MapTransferMemory

Argument Type Name
(In) X0 Handle<TransferMemory> TransferMemoryHandle
(In) X1 void* Address
(In) X2 uint64_t Size
(In) W3 #MemoryPermission MemoryPermission
(Out) W0 #Result Result

The newly mapped pages will have #MemoryState type 0xE.

You must pass same size and permissions as given in #CreateTransferMemory, otherwise error.

UnmapTransferMemory

Argument Type Name
(In) X0 Handle<TransferMemory> TransferMemoryHandle
(In) X1 void* Address
(In) X2 uint64_t Size
(Out) W0 #Result Result

Size must match size given in map syscall, otherwise there's an invalid-size error.

CreateInterruptEvent

Argument Type Name
(In) X1 #Interrupt Interrupt
(In) W2 #InterruptType InterruptType
(Out) W0 #Result Result
(Out) W1 Handle<ReadableEvent> ReadableEventHandle

Creates an event handle for the given IRQ number. Waiting on this handle will wait until the IRQ is triggered. The InterruptType argument configures the triggering. If it is 0, the IRQ is active HIGH level sensitive, if it is 1 it is rising-edge sensitive.

Result codes

0x0: Success.

0xF001: Flags was > 1

0xF201: IRQ above 0x3FF or outside the IRQ access mask was given.

0xCE01: A SlabHeap was exhausted (too many interrupts created).

0xF401: IRQ already has an event registered.

0xD201: The handle table is full. Try closing some handles.

QueryPhysicalAddress

Argument Type Name
(In) X1 void* VirtualAddress
(Out) W0 #Result Result
(Out) X1 uint64_t PhysicalMemoryInfoAddress
(Out) X2 uint64_t PhysicalMemoryInfoBaseAddress
(Out) X3 uint64_t PhysicalMemoryInfoSize

Queries the physical address of a virtual address. Will always fetch the lowest page-aligned mapping that contains the provided physical address.

The returned PhysicalMemoryInfoBaseAddress is the virtual address of that page-aligned mapping, while PhysicalMemoryInfoAddress is the physical address of that page. PhysicalMemoryInfoSize is the amount of continuous physical memory in that mapping.

QueryIoMapping

Argument64 Argument32 Type Name
(In) X1 R2, R3 uint64_t IoAddress
(In) X2 R0 uint64_t Size
(Out) W0 R0 #Result Result
(Out) X1 R1 void* VirtualAddress

Returns a virtual address mapped to a given IO range.

CreateDeviceAddressSpace

Argument64 Argument32 Type Name
(In) X1 R2, R3 uint64_t DeviceAddressSpaceStartAddress
(In) X2 R0, R1 uint64_t DeviceAddressSpaceEndAddress
(Out) W0 R0 #Result Result
(Out) W1 R1 Handle<DeviceAddressSpace> DeviceAddressSpaceHandle

Creates a virtual address space for binding device address spaces and returns a handle.

StartAddr is normally set to 0 and EndAddr is normally set to 0xFFFFFFFF.

AttachDeviceAddressSpace

Argument Type Name
(In) W0 #DeviceName DeviceName
(In) X1 Handle<DeviceAddressSpace> DeviceAddressSpaceHandle
(Out) W0 #Result Result

Attaches a device address space to a device.

DetachDeviceAddressSpace

Argument Type Name
(In) W0 #DeviceName DeviceName
(In) X1 Handle<DeviceAddressSpace> DeviceAddressSpaceHandle
(Out) W0 #Result Result

Detaches a device address space from a device.

MapDeviceAddressSpaceByForce

Argument64 Argument32 Type Name
(In) W0 R0 Handle<DeviceAddressSpace> DeviceAddressSpaceHandle
(In) W1 R1 Handle<Process> ProcessHandle
(In) X2 R2, R3 void* Address
(In) X3 R4 uint64_t DeviceAddressSpaceSize
(In) X4 R5, R6 uint64_t DeviceAddressSpaceAddress
(In) W5 R7 #MemoryPermission MemoryPermission
(Out) W0 R0 #Result Result

Maps an attached device address space to an userspace address.

Address is the userspace destination address, while DeviceAddressSpaceAddress is the source address between DeviceAddressSpaceStartAddress and DeviceAddressSpaceEndAddress (passed to #CreateDeviceAddressSpace).

The userspace destination address must have the MapDeviceAllowed bit set. Bit IsDeviceMapped will be set after mapping.

MapDeviceAddressSpaceAligned

Argument64 Argument32 Type Name
(In) W0 R0 Handle<DeviceAddressSpace> DeviceAddressSpaceHandle
(In) W1 R1 Handle<Process> ProcessHandle
(In) X2 R2, R3 void* Address
(In) X3 R4 uint64_t DeviceAddressSpaceSize
(In) X4 R5, R6 uint64_t DeviceAddressSpaceAddress
(In) W5 R7 #MemoryPermission MemoryPermission
(Out) W0 R0 #Result Result

Maps an attached device address space to an userspace address.

Same as #MapDeviceAddressSpaceByForce, but the userspace destination address must have the MapDeviceAlignedAllowed bit set instead.

MapDeviceAddressSpace

Argument64 Argument32 Type Name
(In) W1 R1 Handle<DeviceAddressSpace> DeviceAddressSpaceHandle
(In) W2 R2 Handle<Process> ProcessHandle
(In) X3 R0, R3 void* Address
(In) X4 R4 uint64_t DeviceAddressSpaceSize
(In) X5 R5, R6 uint64_t DeviceAddressSpaceAddress
(In) W6 R7 #MemoryPermission MemoryPermission
(Out) W0 R0 #Result Result
(Out) X1 R1 uint64_t Size

UnmapDeviceAddressSpace

Argument64 Argument32 Type Name
(In) W0 R0 Handle<DeviceAddressSpace> DeviceAddressSpaceHandle
(In) W1 R1 Handle<Process> ProcessHandle
(In) X2 R2, R3 void* Address
(In) X3 R4 uint64_t DeviceAddressSpaceSize
(In) X4 R5, R6 uint64_t DeviceAddressSpaceAddress
(Out) W0 R0 #Result Result

Unmaps an attached device address space from an userspace address.

InvalidateProcessDataCache

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Process> ProcessHandle
(In) X1 R2, R3 void* Address
(In) X2 R1, R4 uint64_t Size
(Out) W0 R0 #Result Result

StoreProcessDataCache

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Process> ProcessHandle
(In) X1 R2, R3 void* Address
(In) X2 R1, R4 uint64_t Size
(Out) W0 R0 #Result Result

FlushProcessDataCache

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Process> ProcessHandle
(In) X1 R2, R3 void* Address
(In) X2 R1, R4 uint64_t Size
(Out) W0 R0 #Result Result

DebugActiveProcess

Argument64 Argument32 Type Name
(In) X1 R2, R3 uint64_t ProcessId
(Out) W0 R0 #Result Result
(Out) W1 R1 Handle<Debug> DebugHandle

BreakDebugProcess

Argument Type Name
(In) W0 Handle<Debug> DebugHandle
(Out) W0 #Result Result

TerminateDebugProcess

Argument Type Name
(In) W0 Handle<Debug> DebugHandle
(Out) W0 #Result Result

GetDebugEvent

Argument Type Name
(In) X0 #DebugEventInfo* DebugEventInfo
(In) W1 Handle<Debug> DebugHandle
(Out) W0 #Result Result

ContinueDebugEvent

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Debug> DebugHandle
(In) W1 R1 uint32_t #ContinueDebugFlags ([1.0.0-2.3.0] #ContinueDebugFlagsOld)
(In) X2 R2 ([1.0.0-2.3.0] R2, R3) uint64_t* ([1.0.0-2.3.0] uint64_t) ThreadIdList ([1.0.0-2.3.0] ThreadId)
(In) X3 R3 uint64_t [3.0.0+] NumThreadIds
(Out) W0 R0 #Result Result

Maximum NumThreadIds is 64. 0 means "all threads".

Result codes

0x0: Success. The process has been resumed.

0xe401: Invalid debug handle.

0xf401: Process has debug events queued or is already running.

GetProcessList

Argument64 Argument32 Type Name
(In) X1 R1 uint64_t* ProcessIdBuffer
(In) W2 R2 uint32_t ProcessIdBufferSize
(Out) X0 R0 #Result Result
(Out) W1 R1 uint32_t NumProcesses

Fills the provided array with the pids of currently living processes. A process "lives" so long as it is currently running or a handle to it still exists.

It returns the total number of processes currently alive. If this number is bigger than the size of ProcessIdBuffer, the user won't have all the pids.

Result codes

0x0: Success.

0xd401: The provided buffer is outside the process address space.

0xe601: copyToUser failed. The provided buffer is not user-accessible.

0xee01: The provided buffer size is too big. Max value is 0xFFFFFFF.

GetThreadList

Argument64 Argument32 Type Name
(In) X1 R1 uint64_t* ThreadIdBuffer
(In) W2 R2 uint32_t ThreadIdBufferSize
(In) W3 R3 Handle<Debug> DebugHandle
(Out) X0 R0 #Result Result
(Out) W1 R1 uint32_t NumThreads

GetDebugThreadContext

Argument64 Argument32 Type Name
(In) X0 R0 #ThreadContext* ThreadContext
(In) X1 R1 Handle<Debug> DebugHandle
(In) X2 R2, R3 uint64_t ThreadId
(In) W3 R4 uint32_t #ThreadContextFlags
(Out) W0 R0 #Result Result

SetDebugThreadContext

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Debug> DebugHandle
(In) X1 R2, R3 uint64_t ThreadId
(In) X2 R1 #ThreadContext* ThreadContext
(In) W3 R4 uint32_t #ThreadContextFlags
(Out) W0 R0 #Result Result

QueryDebugProcessMemory

Argument Type Name
(In) X0 #MemoryInfo* MemoryInfo
(In) W2 Handle<Debug> DebugHandle
(In) X3 void* Address
(Out) W0 #Result Result
(Out) W1 #PageInfo PageInfo

ReadDebugProcessMemory

Argument Type Name
(In) X0 void* MemoryBufferAddress
(In) W1 Handle<Debug> DebugHandle
(In) X2 void* SrcAddress
(In) X3 uint64_t Size
(Out) W0 #Result Result

WriteDebugProcessMemory

Argument Type Name
(In) W0 Handle<Debug> DebugHandle
(In) X1 void* MemoryBufferAddress
(In) X2 void* DstAddress
(In) X3 uint64_t Size
(Out) W0 #Result Result

SetHardwareBreakPoint

Argument64 Argument32 Type Name
(In) W0 R0 #HardwareBreakPointRegisterName Name
(In) X1 R2, R3 uint64_t Flags
(In) X2 R1, R4 uint64_t Value
(Out) W0 R0 #Result Result

Sets one of the AArch64 hardware breakpoints. The nintendo switch has 6 hardware breakpoints, and 4 hardware watchpoints. The syscall has two behaviors depending on the value of HardwareBreakPointRegisterName:

If HardwareBreakPointRegisterName < 0x10, then it sets one of the AArch64 hardware breakpoints. Flags will go to DBGBCRn_EL1, and value to DBGBVRn_EL1. The only flags the user is allowed to set are those in the bitmask 0x7F01E1. Furthermore, the kernel will or it with 0x4004, in order to set various security flags to guarantee the watchpoints only triggers for code in EL0. If the user asks for a Breakpoint Type of ContextIDR match, the kernel shall use the given DebugHandle to set DBGBVRn_EL1 to the ContextID of the debugged process.

If HardwareBreakPointRegisterName is between 0x10 and 0x20 (exclusive), then it sets one of the AArch64 hardware watchpoints. Flags will go to DBGWCRn_EL1, and the value to DBGWVRn_EL1. The only flags the user is allowed to set are those in the bitmask 0xFF0F1FF9. Furthermore, the kernel will or it with 0x104004. This will set various security flags, and set the watchpoint type to be a Linked Watchpoint. This means that you need to link it to a Linked ContextIDR breakpoint. Check the ARM documentation for more information.

Note that HardwareBreakPointRegisterName 0 to 4 match only to Virtual Address, while HardwareBreakPointRegisterName 5 and 6 match against either Virtual Address, ContextID, or VMID. As such, if you are configuring a breakpoint to link for a watchpoint, make sure you use hardware_breakpoint_id 5 or 6.

For more documentation for hardware breakpoints, check out the AArch64 documentation for the DBGBCRn_EL1 register and the DBGWCRn_EL1 register

GetDebugThreadParam

Argument64 Argument32 Type Name
(In) X2 R2 Handle<Debug> DebugHandle
(In) X3 R0, R1 uint64_t ThreadId
(In) W4 R3 #DebugThreadParam DebugThreadParam
(Out) W0 R0 #Result Result
(Out) X1 R1, R2 uint64_t Out0
(Out) W2 R3 uint32_t Out1

GetSystemInfo

Argument Type Name
(In) X1 #SystemInfoType SystemInfoType
(In) W2 Handle Handle
(In) X3 uint64_t SystemInfoSubType
(Out) W0 #Result Result
(Out) X1 uint64_t SystemInfo

CreatePort

Argument64 Argument32 Type Name
(In) W2 R2 int32_t MaxSessions
(In) W3 R3 bool IsLight
(In) X4 R0 uint64_t Name
(Out) W0 R0 #Result Result
(Out) W1 R1 Handle<Port> ServerPortHandle
(Out) W2 R2 Handle<Port> ClientPortHandle

ManageNamedPort

Argument Type Name
(In) X1 char* Name
(In) W2 int32_t MaxSessions
(Out) W0 #Result Result
(Out) W1 Handle<Port> ServerPortHandle

ConnectToPort

Argument Type Name
(In) W1 Handle<Port> ClientPortHandle
(Out) W0 #Result Result
(Out) W1 Handle<Session> SessionHandle

SetProcessMemoryPermission

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Process> ProcessHandle
(In) X1 R2, R3 void* Addr
(In) X2 R1, R4 uint64_t Size
(In) W3 R5 #MemoryPermission MemoryPermission
(Out) W0 R0 #Result Result

This sets the memory permissions for the specified memory with the supplied process handle.

This throws an error(0xD801) when the input perm is >0x5, hence -WX and RWX are not allowed.

MapProcessMemory

Argument64 Argument32 Type Name
(In) X0 R0 void* DstAddress
(In) W1 R1 Handle<Process> ProcessHandle
(In) X2 R2, R3 void* SrcAddress
(In) X3 R4 uint64_t Size
(Out) W0 R0 #Result Result

Maps the src address from the supplied process handle into the current process.

This allows mapping code and rodata with RW- permission.

UnmapProcessMemory

Argument64 Argument32 Type Name
(In) X0 R0 void* DstAddress
(In) W1 R1 Handle<Process> ProcessHandle
(In) X2 R2, R3 void* SrcAddress
(In) X3 R4 uint64_t Size
(Out) W0 R0 #Result Result

Unmaps what was mapped by #MapProcessMemory.

QueryProcessMemory

Argument64 Argument32 Type Name
(In) X0 R0 #MemoryInfo* MemoryInfo
(In) W2 R2 Handle<Process> ProcessHandle
(In) X3 R1, R3 void* Address
(Out) W0 R0 #Result Result
(Out) W1 R1 #PageInfo PageInfo

Equivalent to #QueryMemory except takes a process handle.

MapProcessCodeMemory

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Process> ProcessHandle
(In) X1 R2, R3 void* DstAddress
(In) X2 R1, R4 void* SrcAddress
(In) X3 R5, R6 uint64_t Size
(Out) W0 R0 #Result Result

Takes a process handle, and maps normal heap in that process as executable code in that process. Used when loading NROs. This does not support using the current-process handle alias.

UnmapProcessCodeMemory

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Process> ProcessHandle
(In) X1 R2, R3 void* DstAddress
(In) X2 R1, R4 void* SrcAddress
(In) X3 R5, R6 uint64_t Size
(Out) W0 R0 #Result Result

Unmaps what was mapped by #MapProcessCodeMemory.

CreateProcess

Argument Type Name
(In) X1 #CreateProcessParameter* CreateProcessParameter
(In) X2 uint32_t* Capabilities
(In) X3 int32_t CapabilitiesNum
(Out) W0 #Result Result
(Out) W1 Handle<Process> ProcessHandle

Takes a #CreateProcessParameter as input. Capabilities points to an array of kernel capabilities. CapabilitiesNum is a number of capabilities in the Capabilities array (number of element, not number of bytes).

Result codes

0x0: Success.

0xCA01: Attempted to map more code pages than available in address space.

0xCC01: Provided CodeAddr is invalid (make sure it's in range?)

0xE401: The resource handle passed is invalid.

0xE601: Attempt to copy procinfo from user-supplied pointer failed. Attempt to copy capabilities_num from user-supplied pointer failed.

0xE801: Attempted to create a 32-bit process with a 36-bit address space.

0xF001: Unused bits are set in mmuflags. Unknown address space type used.

StartProcess

Argument64 Argument32 Type Name
(In) W0 R0 Handle<Process> ProcessHandle
(In) W1 R1 int32_t MainThreadPriority
(In) W2 R2 int32_t DefaultCpuId
(In) X3 R3, R4 uint64_t MainThreadStackSize
(Out) W0 R0 #Result Result

TerminateProcess

Argument Type Name
(In) W0 Handle<Process> ProcessHandle
(Out) W0 #Result Result

GetProcessInfo

Argument64 Argument32 Type Name
(In) W0 R1 Handle<Process> ProcessHandle
(In) W1 R2 #ProcessInfoType ProcessInfoType
(Out) W0 R0 #Result Result
(Out) X1 R1, R2 uint64_t #ProcessState

Returns an enum with value 0-7.

CreateResourceLimit

Argument Type Name
(In) None
(Out) W0 #Result Result
(Out) W1 Handle<ResourceLimit> ResourceLimitHandle

SetResourceLimitLimitValue

Argument64 Argument32 Type Name
(In) W0 R0 Handle<ResourceLimit> ResourceLimitHandle
(In) W1 R1 #LimitableResource LimitableResource
(In) X2 R2, R3 int64_t LimitValue
(Out) W0 R0 #Result Result

CallSecureMonitor

Argument64 Argument32 Type Name
(In) X0 R0 uint64_t FunctionId
(In) X1-X7 R1-R7 uint64_t SMC arguments
(Out) X0 R0 Result SMC result
(Out) X1-X7 R1-R7 uint64_t SMC output

Takes in a SMC function ID in X0, and arguments for that SMC function in X1-X7.

Passing an invalid SMC function ID or calling from a core other than core 3 will result in a secure monitor panic.

The kernel parses bits 9-15 in the passed SMC function ID (per the ARM SMC calling convention), and when set uses as an indicator to translate a pointer in the associated register (X1-X7) to a physical address. The kernel will translate any address mapped as R-W, other addresses (R--, R-X, or invalid pointers) will be translated as 0/NULL.

Output is returned raw from the Secure Monitor; X0 will be the untranslated SMC result and X1-X7 will contain other SMC output (or be unchanged, depending on the SMC).

Debugging

[2.0.0+] Exactly 6 debug SVCs require that IsDebugMode is non-zero. Error 0x4201 is returned otherwise.

  • BreakDebugProcess
  • ContinueDebugEvent
  • WriteDebugProcessMemory
  • SetDebugThreadContext
  • TerminateDebugProcess
  • SetHardwareBreakPoint

DebugActiveProcess stops execution of the target process, the normal method for resuming it requires ContinueDebugEvent(see above). Closing the debug handle also results in execution being resumed.

Enum/Structures

InfoType

Handle type InfoType InfoSubType Description
Process 0 0 AllowedCpuIdBitmask
Process 1 0 AllowedThreadPrioBitmask
Process 2 0 AliasRegionBaseAddr
Process 3 0 AliasRegionSize
Process 4 0 HeapRegionBaseAddr
Process 5 0 HeapRegionSize
Process 6 0 TotalMemoryAvailable. Total memory available(free+used).
Process 7 0 TotalMemoryUsage. Total used size of codebin memory + main-thread stack + allocated heap.
Zero 8 0 IsCurrentProcessBeingDebugged
Zero 9 0 Returns ResourceLimit handle for current process. Used by PM.
Zero 10 -1, {current coreid} IdleTickCount
Zero 11 0-3 RandomEntropy from current process. TRNG. Used to seed usermode PRNGs.
Process 12 0 [2.0.0+] AddressSpaceBaseAddr
Process 13 0 [2.0.0+] AddressSpaceSize
Process 14 0 [2.0.0+] StackRegionBaseAddr
Process 15 0 [2.0.0+] StackRegionSize
Process 16 0 [3.0.0+] PersonalMmHeapSize
Process 17 0 [3.0.0+] PersonalMmHeapUsage
Process 18 0 [3.0.0+] ProgramId
Zero 19 0 [4.0.0-4.1.0] PrivilegedProcessId_LowerBound
Zero 19 1 [4.0.0-4.1.0] PrivilegedProcessId_UpperBound
Process 20 0 [5.0.0+] UserExceptionContextAddr
Process 21 0 [6.0.0+] TotalMemoryAvailableWithoutMmHeap
Process 22 0 [6.0.0+] TotalMemoryUsedWithoutMmHeap
Process 23 0 [9.0.0+] IsApplication
Thread 0xF0000002 0-3, -1 Thread Ticks. When 0-3 are passed, gets specific core CPU ticks spent on thread. When -1 is passed, gets total CPU ticks spent on thread.

SystemInfoType

Handle type SystemInfoType SystemInfoSubType Description
Zero 0 0 TotalMemorySize_Application
Zero 0 1 TotalMemorySize_Applet
Zero 0 2 TotalMemorySize_System
Zero 0 3 TotalMemorySize_SystemUnsafe
Zero 1 0 CurrentMemorySize_Application
Zero 1 1 CurrentMemorySize_Applet
Zero 1 2 CurrentMemorySize_System
Zero 1 3 CurrentMemorySize_SystemUnsafe
Zero 2 0 PrivilegedProcessId_LowerBound
Zero 2 1 PrivilegedProcessId_UpperBound

ThreadContextFlags

Bitfield of one of more of these:

Bit Bitmask Name Description
0 1 General-purpose registers If in 64-bit mode, GPRs 0–28 will be read/written. If in 32-bit mode, GPRs 0–12 will be read/written.
1 2 Control registers Reads/writes the FP, LR, PC, SP, PSTATE, and TPIDR registers.
2 4 Floating-point registers Reads/writes the floating-point vector registers.
3 8 Floating-point control registers Reads/writes the FPCR and FPSR registers.

DeviceName

Value Name
0 AFI
1 AVPC
2 DC
3 DCB
4 HC
5 HDA
6 ISP2
7 MSENCNVENC
8 NV
9 NV2
10 PPCS
11 SATA
12 VI
13 VIC
14 XUSB_HOST
15 XUSB_DEV
16 TSEC
17 PPCS1
18 DC1
19 SDMMC1A
20 SDMMC2A
21 SDMMC3A
22 SDMMC4A
23 ISP2B
24 GPU
25 GPUB
26 PPCS2
27 NVDEC
28 APE
29 SE
30 NVJPG
31 HC1
32 SE1
33 AXIAP
34 ETR
35 TSECB
36 TSEC1
37 TSECB1
38 NVDEC1

CodeMemoryOperation

Value Name
0 MapOwner
1 MapSlave
2 UnmapOwner
3 UnmapSlave

LimitableResource

Value Name Description
0 PhysicalMemoryMax Bytes of memory a process may allocate.
1 ThreadCountMax Amount of threads a process can create.
2 EventCountMax Amount of events a process can create through #CreateEvent or #SendAsyncRequestWithUserBuffer.
3 TransferMemoryCountMax Amount of TransferMemory a process can create through #CreateTransferMemory.
4 SessionCountMax Amount of session a process can create through #CreateSession, #ConnectToPort or #ConnectToNamedPort.

ThreadActivity

Value Name
0 None
1 Runnable

ProcessActivity

Value Name
0 None
1 Runnable

ProcessInfoType

Value Name
0 ProcessState

ProcessState

Value Name Notes
0 Created
1 CreatedAttached
2 Started
3 Crashed Processes will not enter this state unless they were created with EnableDebug.
4 StartedAttached
5 Exiting
6 Exited
7 DebugSuspended

DebugThreadParam

Value Name
0 DynamicPriority
1 SchedulingStatus
2 PreferredCpuCore
3 CurrentCpuCore
4 AffinityMask

Dynamic priority: output in out2

Scheduling status: out1 contains bit0: is debug-suspended, bit1: is user-suspended (#SetThreadActivity 1 or #SetProcessActivity 1). Out2 contains {suspended, idle, running, terminating} => {5, 0, 1, 4}

PreferredCpuCore: output in out2

CurrentCpuCore: output in out2

AffinityMask: output in out1

CreateProcessParameter

Offset Length Bits Description
0 12 ProcessName (doesn't have to be null-terminated)
0x0C 4 ProcessCategory (0: regular title, 1: kernel built-in)
0x10 8 TitleId
0x18 8 CodeAddr
0x20 4 CodeNumPages
0x24 4 Flags
Bit0 Is64BitInstruction
Bit3-1 #AddressSpaceType
Bit4 [2.0.0+] EnableDebug
Bit5 EnableAslr
Bit6 IsApplication
Bit7 [4.0.0] UseSecureMemory
Bit10-7 [5.0.0+] MemoryRegion (0 = Application, 1 = Applet, 2 = SecureSystem, 3 = NonSecureSystem)
Bit11 [7.0.0+] OptimizeMemoryAllocation (only allowed in combination with IsApplication)
0x28 4 ResourceLimitHandle (can be zero)
0x2C 4 [3.0.0+] SystemResourceNumPages

On [1.0.0] there's only one MemoryRegion.

On [2.0.0-4.0.0] MemoryRegion is 1 for built-ins and 0 for rest.

On [5.0.0] MemoryRegion is specified in CreateProcessArgs. There are now 4 pool partitions.

On [5.0.0] (maybe lower?) a zero ResourceLimitHandle defaults to sysmodule limits and 0x12300000 bytes of memory.

The PersonalMmHeap are allocated as follows:

  • For the application, normal insecure pool is used. Carveout 5 is used to provide protection.
  • For the applet, a pre-allocated secure pool segment of size 0x400000 is used.
  • For sysmodules, secure pool is allocated.

AddressSpaceType

Type Name Width Description
0 AddressSpace32Bit 32
1 AddressSpace64BitOld 36
2 AddressSpace32BitNoReserved 32 Appears to be missing map region [?]
3 [2.0.0+] AddressSpace64Bit 39

MemoryInfo

Offset Length Description
0 8 BaseAddress
8 8 Size
0x10 4 #MemoryType
0x14 4 #MemoryAttribute
0x18 4 #MemoryPermission
0x1C 4 IpcRefCount
0x20 4 DeviceRefCount
0x24 4 Padding: always zero

MemoryPermission

Bits Name Description
0 Read Can be set by #SetMemoryPermission.
1 Write Can be set by #SetMemoryPermission.
2 Execute Can be set by #SetProcessMemoryPermission and #ControlCodeMemory.

MemoryAttribute

Bits Name Description
0 IsMapped Used by MapMemory, as an async IPC user buffer.
1 IpcLocked True when IpcRefCount > 0.
2 DeviceShared True when DeviceRefCount > 0.
3 IsUncached

MemoryState

Bits Description Meaning
7-0 #MemoryType
8 PermissionChangeAllowed
9 ForceReadWritableByDebugSyscalls Allows using #WriteDebugProcessMemory on segments mapped read-only.
10 IpcSendAllowed Allows sending this region as an IPC A/B/W buffer with flags=0.
11 NonDeviceIpcSendAllowed Allows sending this region as an IPC A/B/W buffer with flags=1.
12 NonSecureIpcSendAllowed Allows sending this region as an IPC A/B/W buffer with flags=3.
14 ProcessPermissionChangeAllowed
15 MapAllowed
16 UnmapProcessCodeMemoryAllowed
17 TransferMemoryAllowed
18 QueryPhysicalAddressAllowed
19 MapDeviceAllowed (#MapDeviceAddressSpace and #MapDeviceAddressSpaceByForce)
20 MapDeviceAlignedAllowed
21 IpcBufferAllowed
22 IsPoolAllocated/IsReferenceCounted The physical memory blocks backing this region are refcounted.
23 MapProcessAllowed
24 AttributeChangeAllowed
25 [4.0.0+] CodeMemoryAllowed

MemoryType

Value Type Meaning
0x00000000 Free
0x00002001 Io Mapped by kernel capability parsing in #CreateProcess.
0x00042002 Static Mapped by kernel capability parsing in #CreateProcess.
0x00DC7E03 Code Mapped during #CreateProcess.
[1.0.0+]

0x01FEBD04

[4.0.0+]

0x03FEBD04

CodeData Transition from 0xDC7E03 performed by #SetProcessMemoryPermission.
[1.0.0+]

0x017EBD05

[4.0.0+]

0x037EBD05

Normal Mapped using #SetHeapSize.
0x00402006 Shared Mapped using #MapSharedMemory.
0x00482907 [1.0.0] Alias Mapped using #MapMemory.
0x00DD7E08 AliasCode Mapped using #MapProcessCodeMemory.
[1.0.0+]

0x01FFBD09

[4.0.0+]

0x03FFBD09

AliasCodeData Transition from 0xDD7E08 performed by #SetProcessMemoryPermission.
0x005C3C0A Ipc IPC buffers with descriptor flags=0.
0x005C3C0B Stack Mapped using #MapMemory.
0x0040200C ThreadLocal Mapped during #CreateThread.
0x015C3C0D Transfered Mapped using #MapTransferMemory when the owning process has perm=0.
0x005C380E ShTransfered Mapped using #MapTransferMemory when the owning process has perm!=0.
0x0040380F SharedCode Mapped using #MapProcessMemory.
0x00000010 Reserved
0x005C3811 NonSecureIpc IPC buffers with descriptor flags=1.
0x004C2812 NonDeviceIpc IPC buffers with descriptor flags=3.
0x00002013 KernelStack Mapped in kernel during #CreateThread.
0x00402214 [4.0.0+] CodeReadOnly Mapped in kernel during #ControlCodeMemory.
0x00402015 [4.0.0+] CodeWritable Mapped in kernel during #ControlCodeMemory.

ArbitrationType

Value Type
0x0 WaitIfLessThan
0x1 DecrementAndWaitIfLessThan
0x2 WaitIfEqual

SignalType

Value Type
0x0 Signal
0x1 SignalAndIncrementIfEqual
0x2 SignalAndModifyBasedOnWaitingThreadCountIfEqual

ContinueDebugFlagsOld

[1.0.0-2.3.0]

Bit Bitmask Description
0 1 IgnoreException (note: ResumeAllThreads or debug-suspended-thread-id needed)
1 2 SwallowException
2 4 ResumeAllThreads

ContinueDebugFlags

[3.0.0+]

Bit Bitmask Description
0 1 IgnoreException (note: doesn't need to be set in the same call than Resume)
1 2 DontCatchExceptions
2 4 Resume
3 8 IgnoreOtherThreadsExceptions

IgnoreExceptionsOfOthers is like IgnoreException but acts on all threads that aren't in the input list. The affected threads are resumed.

Only one of of Resume and IgnoreOtherThreadsExceptions can be set at a time.

If the input number of threads is 0, this means "all threads".

DebugEventInfo

The below table is for the Aarch64 version of the system call. For A32, all u64 fields but title/process/thread id are actually u32, making the structure 0x28-byte-big (0x40 for a64).

Size: 0x40

Offset Length Description
0 u32 EventType
4 u32 Flags (bit0: NeedsContinue)
8 u64 ThreadId
0x10 PerTypeSpecifics

AttachProcess specific:

Offset Length Description
0x10 u64 TitleId
0x18 u64 ProcessId
0x20 char[12] ProcessName
0x2C u32 MmuFlags
0x30 u64 [5.0.0+] UserExceptionContextAddr

AttachThread specific:

Offset Length Description
0x10 u64 ThreadId
0x18 u64 TlsPtr
0x20 u64 Entrypoint

Exit specific:

Offset Length Description
0x10 u32 Type (0=PausedThread, 1=RunningThread, 2=ExitedProcess, 3=TerminatedProcess)

Exception specific:

Offset Length Description
0x10 u32 ExceptionType
0x18 u64 FaultRegister
0x20 PerExceptionSpecifics

DebugEventType

Value Name
0 AttachProcess
1 AttachThread
2 ExitProcess
3 ExitThread
4 Exception

DebugExceptionType

Value Name
0 Trap (*)
1 InstructionAbort
2 DataAbortMisc (**)
3 PcSpAlignmentFault
4 DebuggerAttached
5 BreakPoint
6 UserBreak
7 DebuggerBreak
8 BadSvcId
9 [2.0.0+] SError

* Undefined instructions, software breakpoints, some other traps.

** Data aborts, FP traps, and everything else that doesn't belong to any of the above.

Trap specifics:

Offset Length Description
0x20 u32 Opcode

BreakPoint specifics:

Offset Length Description
0x20 u32 IsWatchpoint

UserBreak specifics:

Offset Length Description
0x20 u32 Info0
0x28 u64 Info1
0x30 u64 Info2

BadSvcId specifics:

Offset Length Description
0x20 u32 SvcId

Exception handling

First of all, a function that might be called by synchronous exception handler and that is called by the SError handler fetches the exception info, adjusts PC, panics on exceptions taken from EL1, then dispatches the exception.

The dispatcher has two mutually exclusive exception reporting methods:

  • by storing information at the start of the process's TLS memregion (TPIDRRO_EL0) and jumping back to the crt0
  • by using KDebug

KDebug dispatching is used when at least one of the following conditions are met:

  • SMC ConfigItem KernelMemConfig bit 1 is NOT set (it isn't on retail), unless: this is a software or hardware breakpoint, or a watchpoint, or [4.0.0+?] the process is attached and this is a Google PNaCl trap instruction (see LLVM source)
  • FAR doesn't point to a valid address in mapped-readable CodeStatic memory (i.e. this is the case for NRO and JIT memory) or this is one of the following exceptions (it particular, that doesn't include FP exceptions occurring in CodeStatic memory):
    • Uncategorized
    • IllegalState
    • SupervisorCallA32
    • SupervisorCallA64
    • PCAlignment
    • SPAlignment
    • SError
    • BreakpointLowerEl
    • SoftwareStepLowerEl (note: no way set single-step flag; not parsed)
    • WatchpointLowerEl
    • SoftwareBreakpointA32 (note: not parsed)
    • SoftwareBreakpointA64 (note: not parsed)

In all other cases the userland-handled exception path is taken.

KDebug path:

If the process is attached, the exception is reported to the KDebug. If the thread was continued using flag IgnoreExceptions, it returns from the exception as if nothing happened.

If the latter is not the case, or if the process isn't attached, proceed to [2.0.0+] crash reporting (or in [1.0.0] just terminate the process): if EnableDebug is set, and depending on the process state (more than one crash per process isn't permitted) it may signal itself with ProcessState_Crashed so that PM asks NS to start creport so that creport attaches to it and reports the crashes. Otherwise, just terminate.

Userland reporting path and #ReturnFromException:

TLS region start (A64):

Offset Length Description
0x0 0x148 Exception stack
0x148 0x78 ExceptionFrameA64

ExceptionFrameA64:

Offset Length Description
0x0 0x48 (8*9) GPRs 0..8.
0x48 0x8 lr
0x50 0x8 sp
0x58 0x8 pc (elr_el1)
0x60 0x4 pstate & 0xFF0FFE20
0x64 0x4 afsr0
0x68 0x4 afsr1
0x6C 0x4 esr
0x70 0x8 far

TLS region start (A32):

Offset Length Description
0x0 0x178 Exception stack
0x148 0x44 ExceptionFrameA32

ExceptionFrameA32:

Offset Length Description
0x0 0x20 (8*4) GPRs 0..7.
0x20 0x4 sp
0x24 0x4 lr
0x28 0x4 pc (elr_el1)
0x2C 0x4 tpidr_el0 = 1
0x30 0x4 cpsr & 0xFF0FFE20
0x34 0x4 afsr0
0x38 0x4 afsr1
0x3C 0x4 esr
0x40 0x4 far

In that case, after storing the regs in the TLS, the exception handler returns to the application's crt0 (entrypoint), with X0=<error description code> (see below) and X1=SP=frame=<stack top> (see above)

Desc. code Meaning
0x100 Instruction abort
0x102 Misaligned PC
0x103 Misaligned SP
0x106 [2.0.0+] SError
0x301 Bad SVC
0x104 Uncategorized, CP15RTTrap, CP15RRTTrap, CP14RTTrap, CP14RRTTrap, IllegalState, SystemRegisterTrap
0x101 None of the above, EC <= 0x34 and not a breakpoint

(During normal app boot the process is invoked with X0=0 and X1=main_thread_handle. The crt0 of retail apps determines whether to boot normally or handle an exception if X0 is set to 0 or not)

The application is supposed to promptly update the contents of elr_el1 to a user handler (and any other regs it sees fit) and call #ReturnFromException (error code) to call that handler. The latter is then expected to promptly abort the program.

#ReturnFromException updates the contents of the kernel stack frame with what the user provided in the TLS structure, sets TPIDR_EL0 to 1, then:

  • if the provided error code is 0, gracefully pivots and returns from exception
  • if it is not, replays the exception and pass it to the KDebug (see above). One can pass 0x10001 to prevent process termination. If the process is attached, this also prevents crash-collection/termination (different from the exception handler behavior)

If an exception occurs from the above user handler, the entire exception handling process will repeat with the new exception.

Note that if a thread that wasn't faulting calls #ReturnFromException, it signals an "invalid syscall" exception

Note that IsDebugMode is not used during exception-handling, except for enabling printing a message to UART-A. This UART code causes a system-hang on retail (likely due to a loop that doesn't exit). This printing doesn't seem to run when the process is attached for debugging?