• PS3HEN is now supporting 4.93 Firmware

    View Official Release Post for additional information HERE

PS3HEN PS3HEN Open Beta Testing [For Advanced Users Only]

esc0rtd3w said:
I'll chime in just about the xai plugin part.

It is still in progress. It was originally using hen xai as base, which is based on old source from mysis. I was having problems with malloc and a few other things.

I have now forked nats xai as base to test with, since its codebase is much more current.

Hopefully should have it working this week. I am testing in between IRL stuff.
Click to expand...

Is there any other option available for OC with BADWDSD besides ps3HEN test#13?
As I can see #14 does not have OC anymore and links to #13 are invalid.

Is there any way to access #13 of the beta test at this time if no other option exists?
 
aomsin2526 said:
Use webman, It worked just like cfw.
Click to expand...
Thank you, I missed the new fields in webman setup page.
Is VRAM OC non-functional on 40xx models? Cause I got heavy artifacting setting to 800MHz and I remember seeing some replies in this direction. (and I assume by default that a super-slim would be able to OC vram up to that)

EDIT: 725MHz is the highest VRAM stable frequency
 
Last edited:
mitrut0123 said:
Thank you, I missed the new fields in webman setup page.
Is VRAM OC non-functional on 40xx models? Cause I got heavy artifacting setting to 800MHz and I remember seeing some replies in this direction. (and I assume by default that a super-slim would be able to OC vram up to that)

EDIT: 725MHz is the highest VRAM stable frequency
Click to expand...

Current overclock code doesn't work well for gddr5.
 
@esc0rtd3w @aomsin2526, the lv1_peeked code causes the "disable syscalls" function to hang — the system gets stuck with the spinning clock indefinitely. Esc0 had commented out that code in a previous version, and it worked again. But in the latest version, even after commenting it out, the system still hangs.
 
LuanTeles said:
@esc0rtd3w @aomsin2526, the lv1_peeked code causes the "disable syscalls" function to hang — the system gets stuck with the spinning clock indefinitely. Esc0 had commented out that code in a previous version, and it worked again. But in the latest version, even after commenting it out, the system still hangs.
Click to expand...
If you are not compiling yourself from latest source, then thats why. Kafuu made a PR that adds proper lv1 peek/poke in recent commit.

I will post new beta test pkgs this weekend.

Edit: so it hangs on newest build from source too?
 
esc0rtd3w said:
If you are not compiling yourself from latest source, then thats why. Kafuu made a PR that adds proper lv1 peek/poke in recent commit.

I will post new beta test pkgs this weekend.

Edit: so it hangs on newest build from source too?
Click to expand...

Yeap, i compiled the newest build.

I'll recompile and report again.
 
LuanTeles said:
Yeap, i compiled the newest build.

I'll recompile and report again.
Click to expand...
Can you check debug version and see if any output thats useful? There should be dprintf statements for the peek/poke operations.

Edit: I'll also add your xml fix to new beta pkgs.
 
LuanTeles said:
@esc0rtd3w @aomsin2526, the lv1_peeked code causes the "disable syscalls" function to hang — the system gets stuck with the spinning clock indefinitely. Esc0 had commented out that code in a previous version, and it worked again. But in the latest version, even after commenting it out, the system still hangs.
Click to expand...

This made no sense, lv1 peek/poke will return 0 or do nothing if no modchip.

Maybe it caused by fps counter? This spinning clock thing happens with xai often if fps counter is active. even on qCFW.
 
aomsin2526 said:
This made no sense, lv1 peek/poke will return 0 or do nothing if no modchip.

Maybe it caused by fps counter? This spinning clock thing happens with xai often if fps counter is active. even on qCFW.
Click to expand...

Do you have any idea of why it happens?

I'm struggling to make my fork work with the FPS counter, but I keep getting a spinning clock (although your changes have helped a lot) or issues when exiting a game (if i unload the plugin before exiting the game, i can get to XMB just fine, if not, most of the time i'll get the xmb waves and no XMB at all, the plugin will hang with 0 values)
 
Last edited:
LuanTeles said:
Do you have any idea of why it happens?

I'm struggling to make my fork work with the FPS counter, but I keep getting a spinning clock (although your changes have helped a lot) or issues when exiting a game (if i unload the plugin before exiting the game, i can get to XMB just fine, if not, most of the time i'll get the xmb waves and no XMB at all, the plugin will hang with 0 values)
Click to expand...

Just a guess but one of major difference between HEN and Cobra is that on HEN, when appldr is used, it will revert kernel change, wait for a bit, then redo change again. This is required to bypass appldr lv2 memory check. maybe custom syscalls being used at this wait period?

CFW/qCFW doesn't need this
 
Maybe you can add a flag here, that if true not do custom syscalls
LV2_HOOKED_FUNCTION_PRECALL_2(int, post_lv1_call_99_wrapper, (uint64_t *spu_obj, uint64_t *spu_args))

set to true before suspend_intr() and set false after the resume_intr() call

@LuanTeles

EDIT: or maybe we should just add one by default

Edit2: Actually those are used all over to suspend and resume. Maybe can just add flag set to true/false inside each of the 2 functions

Edit3: Well, those are assembly in lv2/src/interrupt.S

Edit4: You can try this and see if it works. Something like this maybe.

while(appldr_bypass) {
// Wait for flag to clear
}

/lv2/include/lv2/interrupt.h
Code: 
#ifndef __LV2_INTERRUPT_H__
#define __LV2_INTERRUPT_H__

#include <lv2/lv2.h>

void suspend_intr(void);
void resume_intr(void);
void ioctl_patched(void);

LV2_EXPORT uint64_t spin_lock_irqsave_ex(void *ta);
LV2_EXPORT void spin_unlock_irqrestore_ex(void *ta, uint64_t restore, int zero);

uint64_t spin_lock_irqsave(void);
void spin_unlock_irqrestore(uint64_t restore);

extern volatile uint32_t appldr_bypass;// Flag used for knowing when patches are enabled or disabled [0=OFF 1=ON]

#endif /* __LV2_INTERRUPT_H__ */

/lv2/src/interrupt.S
Code: 
#include <lv2/macros.h.S>
#include <lv2/symbols.h>

#define CALL_NORET(addr) \
    MEM_BASE(%r0); \
    LOAD_LABEL(%r0, %r0, addr); \
    mtctr    %r0; \
    bctr;

.global suspend_intr
.global resume_intr
.global ioctl_patched

ioctl_patched:
    mflr %r0
    std %r0, 0x10(%r1)
    stdu %r1, -0x80(%r1)
    std    %r31, 0x78(%r1)
    std    %r30, 0x70(%r1)
    std    %r29, 0x68(%r1)
    b 3f
    lis       %r31, 0x8000000000650000@highest
    ori       %r31, %r31, 0x8000000000650000@higher
    rldicr    %r31, %r31,32,31
    oris      %r31, %r31,0x8000000000650000@h
    ori       %r31, %r31,0x8000000000650000@l
    lis       %r30, 0x8000000000700000@highest
    ori       %r30, %r30, 0x8000000000700000@higher
    rldicr    %r30, %r30,32,31
    oris      %r30, %r30,0x8000000000700000@h
    ori       %r30, %r30,0x8000000000700000@l
    ld    %r29,0x18(%r28)
    cmpd cr7, %r29, %r30
    ble cr7, 2f
    mr    %r11, %r29
1:
    ld %r31, 0x78(%r1)
    ld %r30, 0x70(%r1)
    ld %r29, 0x68(%r1)
    addi %r1, %r1, 0x80
    ld %r0, 0x10(%r1)
    mtlr    %r0
    blr
2:
    cmpd cr7, %r29, %r31
    bge    cr7, 3f
    b 1b
3:
    ld %r31, 0x78(%r1)
    ld %r30, 0x70(%r1)
    ld %r29, 0x68(%r1)
    addi %r1, %r1, 0x80
    ld %r0, 0x10(%r1)
    ld %r3, -0x1e88(%r2)
    li %r5,0
    li %r6,0
    CALL_NORET(0x123fa0)

suspend_intr:
    li %r6, 1
    MEM_BASE(%r7)
    LOAD_LABEL(%r7, %r7, appldr_bypass)
    stw %r6, 0(%r7)
    mfsprg0 %r9
    ld    %r3, 0x48(%r9)
    li    %r0, 2
    mtmsrd  %r0, 1
    blr
 
resume_intr:
    li %r6, 0
    MEM_BASE(%r7)
    LOAD_LABEL(%r7, %r7, appldr_bypass)
    stw %r6, 0(%r7)
    mfsprg0 %r9
    ld    %r3, 0x48(%r9)
    li    %r0, 0
    ori    %r0, %r0, 0x8002
    lwsync
    mtmsrd  %r0, 1
    blr
 
LV2_FUNCTION(spin_lock_irqsave_ex, spin_lock_irqsave_ex_symbol)
LV2_FUNCTION(spin_unlock_irqrestore_ex, spin_unlock_irqrestore_ex_symbol)

.align  2
.global appldr_bypass
.lcomm  appldr_bypass,4
 

Attachments

Last edited:
esc0rtd3w said:
Maybe you can add a flag here, that if true not do custom syscalls
LV2_HOOKED_FUNCTION_PRECALL_2(int, post_lv1_call_99_wrapper, (uint64_t *spu_obj, uint64_t *spu_args))

set to true before suspend_intr() and set false after the resume_intr() call

@LuanTeles

EDIT: or maybe we should just add one by default

Edit2: Actually those are used all over to suspend and resume. Maybe can just add flag set to true/false inside each of the 2 functions

Edit3: Well, those are assembly in lv2/src/interrupt.S

Edit4: You can try this and see if it works. Something like this maybe.

while(appldr_bypass) {
// Wait for flag to clear
}

/lv2/include/lv2/interrupt.h
Code: 
#ifndef __LV2_INTERRUPT_H__
#define __LV2_INTERRUPT_H__

#include <lv2/lv2.h>

void suspend_intr(void);
void resume_intr(void);
void ioctl_patched(void);

LV2_EXPORT uint64_t spin_lock_irqsave_ex(void *ta);
LV2_EXPORT void spin_unlock_irqrestore_ex(void *ta, uint64_t restore, int zero);

uint64_t spin_lock_irqsave(void);
void spin_unlock_irqrestore(uint64_t restore);

extern volatile uint32_t appldr_bypass;// Flag used for knowing when patches are enabled or disabled [0=OFF 1=ON]

#endif /* __LV2_INTERRUPT_H__ */

/lv2/src/interrupt.S
Code: 
#include <lv2/macros.h.S>
#include <lv2/symbols.h>

#define CALL_NORET(addr) \
    MEM_BASE(%r0); \
    LOAD_LABEL(%r0, %r0, addr); \
    mtctr    %r0; \
    bctr;

.global suspend_intr
.global resume_intr
.global ioctl_patched

ioctl_patched:
    mflr %r0
    std %r0, 0x10(%r1)
    stdu %r1, -0x80(%r1)
    std    %r31, 0x78(%r1)
    std    %r30, 0x70(%r1)
    std    %r29, 0x68(%r1)
    b 3f
    lis       %r31, 0x8000000000650000@highest
    ori       %r31, %r31, 0x8000000000650000@higher
    rldicr    %r31, %r31,32,31
    oris      %r31, %r31,0x8000000000650000@h
    ori       %r31, %r31,0x8000000000650000@l
    lis       %r30, 0x8000000000700000@highest
    ori       %r30, %r30, 0x8000000000700000@higher
    rldicr    %r30, %r30,32,31
    oris      %r30, %r30,0x8000000000700000@h
    ori       %r30, %r30,0x8000000000700000@l
    ld    %r29,0x18(%r28)
    cmpd cr7, %r29, %r30
    ble cr7, 2f
    mr    %r11, %r29
1:
    ld %r31, 0x78(%r1)
    ld %r30, 0x70(%r1)
    ld %r29, 0x68(%r1)
    addi %r1, %r1, 0x80
    ld %r0, 0x10(%r1)
    mtlr    %r0
    blr
2:
    cmpd cr7, %r29, %r31
    bge    cr7, 3f
    b 1b
3:
    ld %r31, 0x78(%r1)
    ld %r30, 0x70(%r1)
    ld %r29, 0x68(%r1)
    addi %r1, %r1, 0x80
    ld %r0, 0x10(%r1)
    ld %r3, -0x1e88(%r2)
    li %r5,0
    li %r6,0
    CALL_NORET(0x123fa0)

suspend_intr:
    li %r6, 1
    MEM_BASE(%r7)
    LOAD_LABEL(%r7, %r7, appldr_bypass)
    stw %r6, 0(%r7)
    mfsprg0 %r9
    ld    %r3, 0x48(%r9)
    li    %r0, 2
    mtmsrd  %r0, 1
    blr
 
resume_intr:
    li %r6, 0
    MEM_BASE(%r7)
    LOAD_LABEL(%r7, %r7, appldr_bypass)
    stw %r6, 0(%r7)
    mfsprg0 %r9
    ld    %r3, 0x48(%r9)
    li    %r0, 0
    ori    %r0, %r0, 0x8002
    lwsync
    mtmsrd  %r0, 1
    blr
 
LV2_FUNCTION(spin_lock_irqsave_ex, spin_lock_irqsave_ex_symbol)
LV2_FUNCTION(spin_unlock_irqrestore_ex, spin_unlock_irqrestore_ex_symbol)

.align  2
.global appldr_bypass
.lcomm  appldr_bypass,4
Click to expand...

When entering a game now the console turns off.
 
Fan/Temps are 0

8CbIwoD.png
 
You must log in or register to reply here.

Similar threads

Back
Top