System Calls

From Xenon Wiki
Jump to navigation Jump to search

The means for unprivileged code to query the Hypervisor for privileged tasks.

Making a System Call

Anywhere in unprivileged code you can make a system call by loading r0 with the call ID and executing the 'sc' instruction. Some system calls take additional parameters in r3-r9 


    # Send 0xFF to POST output
    li r3, 0xFF
    li r0, 0xD
    sc
    blr

System Call Table

File Structure
ID Name Description
0x00 HvxGetVersions
0x01 HvxStartupProcessors
0x02 HvxQuiesceProcessor
0x03 HvxFlushEntireTb
0x04 HvxFlushSingleTb
0x05 HvxRelocateAndFlush
0x06 HvxGetSpecialPurposeRegister Disabled on retail, returns 0
0x07 HvxSetSpecialPurposeRegister Disabled on retail, returns 0
0x08 HvxGetSocRegister
0x09 HvxSetSocRegister
0x0A HvxSetTimeBaseToZero
0x0B HvxZeroPage
0x0C HvxFlushDcacheRange
0x0D HvxPostOutput Takes the bottom byte and sends it to the post output
0x0E HvxEnablePPUPerformanceMonitor Disabled on retail, returns 0
0x0F HvxGetImagePageTableEntry
0x10 HvxSetImagePageTableEntry
0x11 HvxCreateImageMapping
0x12 HvxMapImagePage
0x13 HvxCompleteImageMapping
0x14 HvxLoadImageData
0x15 HvxFinishImageDataLoad
0x16 HvxStartResolveImports
0x17 HvxResolveImports
0x18 HvxFinishImageLoad
0x19 HvxAbandonImageLoad
0x1A HvxUnmapImagePages
0x1B HvxUnmapImage
0x1C HvxUnmapImageRange
0x1D HvxCreateUserMode
0x1E HvxDeleteUserMode
0x1F HvxFlushUserModeTb
0x20 HvxSetPowerMode
0x21 HvxShadowBoot Disabled on retail, always branches to MACHINE_CHECK
0x22 HvxBlowFuses
0x23 HvxFsbInterrupt
0x24 HvxLockL2
0x25 HvxDvdAuthBuildNVPage
0x26 HvxDvdAuthVerifyNVPage
0x27 HvxDvdAuthRecordAuthenticationPage
0x28 HvxDvdAuthRecordXControl
0x29 HvxDvdAuthGetAuthPage
0x2A HvxDvdAuthVerifyAuthPage
0x2B HvxDvdAuthGetNextLBAIndex
0x2C HvxDvdAuthVerifyLBA
0x2D HvxDvdAuthClearDiscAuthInfo
0x2E HvxKeysInitialize
0x2F HvxKeysGetKeyProperties
0x30 HvxKeysGetStatus
0x31 HvxKeysGenerateRandomKey
0x32 HvxKeysGetFactoryChallenge
0x33 HvxKeysSetFactoryResponse
0x34 HvxKeysSaveBootLoader
0x35 HvxKeysSaveKeyVault
0x36 HvxKeysSetKey
0x37 HvxKeysGetKey
0x38 HvxKeysGetDigest
0x39 HvxKeysRsaPrvCrypt
0x3A HvxKeysHmacSha
0x3B HvxKeysAesCbc
0x3C HvxKeysDes2Cbc
0x3D HvxKeysDesCbc
0x3E HvxKeysObscureKey
0x3F HvxKeysSaveSystemUpdate
0x40 HvxKeysExecute Execute a payload in HV context
0x41 HvxDvdAuthTestMode
0x42 HvxEnableTimebase
0x43 HvxHdcpCalculateMi
0x44 HvxHdcpCalculateAKsvSignature
0x45 HvxHdcpCalculateBKsvSignature
0x46 HvxSetRevocationList
0x47 HvxEncryptedReserveAllocation
0x48 HvxEncryptedReleaseAllocation
0x49 HvxEncryptedEncryptAllocation
0x4A HvxEncryptedSweepAddressRange
0x4B HvxKeysExCreateKeyVault
0x4C HvxKeysExLoadKeyVault
0x4D HvxKeysExSaveKeyVault
0x4E HvxKeysExSetKey
0x4F HvxKeysExGetKey
0x50 HvxGetUpdateSequence
0x51 HvxSecurityInitialize
0x52 HvxSecurityLoadSettings
0x53 HvxSecuritySaveSettings
0x54 HvxSecuritySetDetected
0x55 HvxSecurityGetDetected
0x56 HvxSecuritySetActivated
0x57 HvxSecurityGetActivated
0x58 HvxSecuritySetStat
0x59 HvxGetProtectedFlags
0x5A HvxSetProtectedFlag
0x5B HvxDvdAuthGetAuthResults
0x5C HvxDvdAuthSetDriveAuthResult
0x5D HvxDvdAuthSetDiscAuthResult
0x5E HvxImageTransformImageKey
0x5F HvxImageXexHeader
0x60 HvxRevokeLoad
0x61 HvxRevokeSave
0x62 HvxRevokeUpdate
0x63 HvxDvdAuthGetMediaId
0x64 HvxKeysLoadKeyVault
0x65 HvxXexActivationGetNonce
0x66 HvxXexActivationSetLicense
0x67 HvxXexActivationVerifyOwnership
0x68 HvxIptvSetBoundaryKey
0x69 HvxIptvSetSessionKey
0x6A HvxIptvVerifyOmac1Signature
0x6B HvxIptvGetAesCtrTransform
0x6C HvxIptvGetSessionKeyHash
0x6D HvxImageDvdEmulationMode Disabled on retail, returns 0
0x6E HvxImageUserMode Disabled on retail, returns 0xC8004007
0x6F HvxImageShim
0x70 HvxExpansionInstall
0x71 HvxExpansionCall
0x72 HvxDvdAuthFwcr
0x73 HvxDvdAuthFcrt
0x74 HvxDvdAuthEx
0x75 HvxTest Disabled on retail, returns 0
0x76 HvxSetState Only on hacked images, does various things
Retrieved from "https://www.xenonwiki.com/index.php?title=System_Calls&oldid=4964"