extended example in kernel-run to include some more fn

Author: hitodama

kernel/kernel-run/include/kmain.h

@@ -1,6 +1,10 @@
 #ifndef KMainH
 #define KMainH
 
+typedef int (*RunnableInt)();
+
 int kmain(int argc, char **argv);
+int kmain2(int argc, char **argv);
+int kmain3(int argc, char **argv);
 
 #endif

kernel/kernel-run/source/kmain.c

@@ -37,5 +37,7 @@ int kmain(int argc, char **argv)
 
 	free(kmoo, mt);
 
-	return 42; // important notice from kernel!
+	RunnableInt sceSblACMgrIsVideoplayerProcess = (RunnableInt)ps4KernelDlSym("sceSblACMgrIsVideoplayerProcess");
+
+	return sceSblACMgrIsVideoplayerProcess(); //see kmain2's content & return
 }

kernel/kernel-run/source/kmain2.c

@@ -0,0 +1,31 @@
+#undef _SYS_CDEFS_H_
+#undef _SYS_TYPES_H_
+#undef _SYS_PARAM_H_
+#undef _SYS_MALLOC_H_
+
+#define _XOPEN_SOURCE 700
+#define __BSD_VISIBLE 1
+#define _KERNEL
+#define _WANT_UCRED
+#include <sys/cdefs.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/systm.h>
+#include <sys/malloc.h>
+
+#undef offsetof
+#include <kernel.h>
+#include <ps4/kernel.h>
+#include <ps4/internal/kernelexploit.h>
+
+#include "kmain.h"
+
+// kernel functions called, in user-land function ... yay for evil voodoo Oo?!
+int kmain2(int argc, char **argv)
+{
+	RunnableInt sceSblACMgrIsVideoplayerProcess = (RunnableInt)ps4KernelDlSym("sceSblACMgrIsVideoplayerProcess");
+	ps4KernelPatchToTruthFunction((void *)sceSblACMgrIsVideoplayerProcess);
+
+	return sceSblACMgrIsVideoplayerProcess(); // important notice from kernel!
+}

kernel/kernel-run/source/kmain3.c

@@ -0,0 +1,32 @@
+#undef _SYS_CDEFS_H_
+#undef _SYS_TYPES_H_
+#undef _SYS_PARAM_H_
+#undef _SYS_MALLOC_H_
+
+#define _XOPEN_SOURCE 700
+#define __BSD_VISIBLE 1
+#define _KERNEL
+#define _WANT_UCRED
+#include <sys/cdefs.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/systm.h>
+#include <sys/malloc.h>
+
+#undef offsetof
+#include <kernel.h>
+#include <ps4/kernel.h>
+#include <ps4/internal/kernelexploit.h>
+
+#include "kmain.h"
+
+// kernel functions called, in user-land function ... yay for evil voodoo Oo?!
+int kmain3(int argc, char **argv)
+{
+	RunnableInt sceSblACMgrIsVideoplayerProcess = (RunnableInt)ps4KernelDlSym("sceSblACMgrIsVideoplayerProcess");
+	void *sceSblACMgrIsShellcoreProcess = ps4KernelDlSym("sceSblACMgrIsShellcoreProcess");
+	ps4KernelHookFunction((void *)sceSblACMgrIsVideoplayerProcess, sceSblACMgrIsShellcoreProcess);
+
+	return sceSblACMgrIsVideoplayerProcess();
+}

kernel/kernel-run/source/main.c

@@ -9,6 +9,7 @@
 #include <sys/syscall.h>
 
 #include <ps4/kernel.h>
+#include <ps4/internal/asmpayload.h>
 
 #include "kmain.h"
 
@@ -17,23 +18,24 @@ int main(int argc, char **argv)
 	int kargc = 1;
 	char *kargv[2];
 	char *moo = malloc(32); // A moo!! :D
+	int i;
 
 	kargv[0] = moo;
 	kargv[1] = NULL;
 
 	printf("uid: %zu\n", getuid());
-	// this syscall turns to return 0 after the first ps4KernelExecute
-	// do not call it directly - use the patching ps4KernelExecute
-	printf("sys: %i\n", syscall(SYS_ps4_kernel_execute, NULL));
+	// this syscall returns 0 after the first ps4KernelRun (see in a rerun process)
+	// do not use this directly (just for show and tell here)
+	// use the self-patching ps4KernelRun wrapper instead
+	printf("sys: %i\n", syscall(SYS_ps4_kernel_run, NULL));
 
 	strcpy(moo, "Hmm ... ? *yum, grass*");
 	int r = ps4KernelRun(kmain, kargc, kargv);
-	printf("return: %i\n", r);
+	printf("return (sceSblACMgrIsVideoplayerProcess): %i\n", r);
 	printf("moo: %s\n", moo);
-	free(moo); //Bye moo :(
 
 	printf("uid: %zu\n", getuid());
-	printf("sys: %i\n", syscall(SYS_ps4_kernel_execute, NULL));
+	printf("sys: %i\n", syscall(SYS_ps4_kernel_run, NULL));
 
 	printf("ps4KernelIsInKernel(): %i\n", ps4KernelIsInKernel());
 	printf("ps4KernelDlSym(kernel_map): %p\n", ps4KernelDlSym("kernel_map"));
@@ -42,5 +44,33 @@ int main(int argc, char **argv)
 	ps4KernelEscalatePrivileges();
 	printf("uid: %zu\n", getuid());
 
+	//ps4KernelUARTEnable();
+
+	// and some patching
+	memset(moo, '\0', 32);
+	void *sceSblACMgrIsVideoplayerProcess = ps4KernelDlSym("sceSblACMgrIsVideoplayerProcess");
+	ps4KernelMemcpy(moo, sceSblACMgrIsVideoplayerProcess, 32);
+	for(i = 0; i < 32; ++i)
+		printf("%02X", ((unsigned char *)moo)[i]);
+	printf("\n");
+
+	r = ps4KernelRun(kmain2, kargc, kargv);
+	printf("return2 (sceSblACMgrIsVideoplayerProcess): %i\n", r);
+
+	ps4KernelMemcpy(moo, sceSblACMgrIsVideoplayerProcess, 32);
+	for(i = 0; i < 32; ++i)
+		printf("%02X", ((unsigned char *)moo)[i]);
+	printf("\n");
+
+	r = ps4KernelRun(kmain3, kargc, kargv);
+	printf("return3 (sceSblACMgrIsVideoplayerProcess): %i\n", r);
+
+	ps4KernelMemcpy(moo, sceSblACMgrIsVideoplayerProcess, 32);
+	for(i = 0; i < 32; ++i)
+		printf("%02X", ((unsigned char *)moo)[i]);
+	printf("\n");
+
+	free(moo); //Bye moo, you did real good :(~
+
 	return EXIT_SUCCESS;
 }