09-18-2010 #21b. the on-the-fly patching part of the code is probably called on virtual memory page remapping and does additional patching in-place. it identifies if the pages requires patching byt calculating it's "hash" and comparing to the table entries. one of the patches enables developer menu/settings called "category_game_tool2.xml#root" which probably enables support of the pkgs and other dev stuff.
Beside that: where I can find the disassembler/debugger for the self/elf files of PS3?
As for the debugger/disassembler: they're part of the SDK. But I guess the debugger (gdb) won't work without a PS3 TEST since it has to do remote debugging. You can disassemble elf files with ppu-lv2-objdump and spu-lv2-objdump.
Also - are you talking about stock gdb available with open-source PS3 toolchain or is gdb part of leaked SDK? Open-source version does not rely on anything from PS3 TEST FW - once the binaries produced by toolchain are happily running on RETAIL PS3s there will be way of running them under gdb (similarly as psp-gdb runs on retail PSPs).
The GDB binaries from the leaked SDK (ppu-lv2-gdb, spu-lv2-gdb) seem to rely on a separate communication manager for communication with the console. The counterpart of this communication manager is most likely only contained in debug FW.
Thanks for the objdump hint. I figured it out that debugging is only possible remotely but I'm used to gdb for disassembling as well (mainly using x/10i or something similiar).
And I got another idea. If someone has a running console with OtherOS capability and thus working Linux we might try to to debug (an run portions of its code to analyze) the GameOS under it.
Lot of hacking would be needed to tweak GameOS to run in user space (something like User Mode Linux) but it should be easier to analyze a function if can actually run it in virtualized environment. It's just an idea. Unfortunately I've lot access to Linux on my PS3 while upgraded to 3.41
I have no time to verify it but will the ppu-lv2-objdump be of any use if I want to deal with GameOS memory dump? Doesn't it work with ELF files only?
You can also disassemble raw binaries directly with objdump: ppu-objdump -b binary -m powerpc:common64 -d <file>
You can see the supported object formats and architectures like this: ppu-objdump -i
Thanks guys I think that I should have read man objdump before asking dumb questions
Don't forget to specify the endianness - you might get unexpected results otherwise.
The ppu-lv2-objdump supports Cell:PPU as architecture. So this would be the way to disassemble PPE memdumps with ppu-lv2-objdump:
ppu-lv2-objdump -b binary -m Cell:PPU -EB -D <file.bin> > <file.asm>
I have a lot of question, and i hope some one here can help me answere them
The last week i have been playing around with xml files and xRegistry file. I think that i partly understand the xml files, and what they do. They are the connection between the GameOS and the FW files.
I have been able to add some "new shortcuts", move them around between the different category's and change there function.
But then there are the category_sysconf.xml file... it does nothing, you can delete it, and nothing happens. Why? Is it loaded during the booting, because it is alredy loaded when you enter the menu screen, and the other category's are not. Or are the file not in use any more, "leftovers" from an older FW? But then it shoulda contained the OtherOS launch command...
And the commands from category_sysconf.xml, wont run i any other category xml file. The icons wont showe up, you only see the loading circle on all the "shortcuts". And it is not possible to start them, but it is possible to "browse" two of them, total 18. There are 13 and 5 in twoes thats you can "browse". edyviewer and tool_debug_settings?
If it is loaded during booting, what needs to be done to enable the debug setting, xRegistry don't seme to do any thing... Or is this because the Settings menu is LV1.
How is the TEST fw different from the RETAIL, does it containe more files? Or do they containe the same files, but configurated different?
If they are completely different fw's, why does the Retail fw containe the referanses to the debug setting, in the category_sysconf.xml and in the xRegistry?
Does the retail containe a "light" version of the debug settings? Can even sony use the debug settings on a retail, has anybody heard aboute this being don?
Have anyone ever been able to extract the dev_flash and the xRegistry from a TEST unit? If so, does the xRegistry file contain the same options? And i haven't seen the otherOS any where in this files
If the "Settings" category needs LV1 to be changed, then no "sony OtherOS" in fw3.41. But if it is only loaded during the boot sequence, maybe PSGroove can be modyfied to do the same jobb as the "usb firm loader"? And we will be able to add and modify the Settings category.