Skip to content
This repository was archived by the owner on Dec 7, 2025. It is now read-only.
/ kstuff Public archive
forked from EchoStretch/kstuff

9.05 #3

Merged
LightningMods merged 2 commits into from
Nov 16, 2025
+349 −2
Merged

9.05 #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f3191ac
Update print statement from 'Hello' to 'Goodbye'
LightningMods Nov 16, 2025
7ebd250
9.05 support
LightningMods Nov 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
285 changes: 284 additions & 1 deletion prosper0gdb/offsets.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2597,6 +2597,100 @@ DEF(lapic_map, 0x27af838)
#include "offset_list.txt"
END_FW()

START_FW(905)
DEF(allproc, 0x2755d50)
DEF(idt, 0x2d94300)
DEF(gdt_array, 0x2d955e0)
DEF(tss_array, 0x2d96fe0)
DEF(pcpu_array, 0x2da8f00)
DEF(doreti_iret, -0xa52e93)
DEF(add_rsp_iret, doreti_iret - 7)
DEF(swapgs_add_rsp_iret, doreti_iret - 10)
DEF(rep_movsb_pop_rbp_ret, -0xa167e6)
DEF(rdmsr_start, -0xa545ca)
DEF(wrmsr_ret, -0xa5599c)
DEF(nop_ret, wrmsr_ret + 2)
DEF(dr2gpr_start, -0xa59fd3)
DEF(gpr2dr_1_start, -0xa59eba)
DEF(gpr2dr_2_start, -0xa59dc7)
DEF(mov_cr3_rax_mov_ds, -0xa59a29)
DEF(mov_rax_cr3, -0x3C660F)
DEF(cpu_switch, -0xa5a1c0)
DEF(mprotect_fix_start, -0x98e1a3)
DEF(mprotect_fix_end, mprotect_fix_start+6)

DEF(mmap_self_fix_1_start, 0x0)
DEF(mmap_self_fix_1_end, mmap_self_fix_1_start+2)
DEF(mmap_self_fix_2_start, 0x0)
DEF(mmap_self_fix_2_end, mmap_self_fix_2_start+2)

DEF(aslr_fix_start, -0x8D9064)
DEF(aslr_fix_end, aslr_fix_start+2)

DEF(sigaction_fix_start, -0x72b4b0)
DEF(sigaction_fix_end, -0x72b491)
DEF(sysents, 0x1aac10)
DEF(sysents_ps4, 0x1a2600)
DEF(sysentvec, 0xdba648)
DEF(sysentvec_ps4, 0xdba7c0)
DEF(sceSblServiceMailbox, -0x6e7a10)
DEF(sceSblAuthMgrSmIsLoadable2, -0x928ce0)
DEF(mdbg_call_fix, -0x68A549)
DEF(syscall_before, -0x87e2b1)
DEF(syscall_after, -0x87e28d)
DEF(malloc, -0xbcfa0)
DEF(M_something, 0x14070d0)
DEF(loadSelfSegment_epilogue, -0x928551)
DEF(loadSelfSegment_watchpoint, -0x2F9228)
DEF(loadSelfSegment_watchpoint_lr, -0x928827)
DEF(decryptSelfBlock_watchpoint_lr, -0x9284BE)
DEF(decryptSelfBlock_epilogue, -0x928400)
//DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x92FF81) //403
DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x927D88) //505
DEF(decryptMultipleSelfBlocks_epilogue, -0x927B57)
DEF(sceSblServiceMailbox_lr_verifyHeader, -0x9289c7)
DEF(sceSblServiceMailbox_lr_loadSelfSegment, -0x928653)
DEF(sceSblServiceMailbox_lr_decryptSelfBlock, -0x92809d)
DEF(sceSblServiceMailbox_lr_decryptMultipleSelfBlocks, -0x9278B3)
DEF(sceSblServiceMailbox_lr_sceSblAuthMgrSmFinalize, -0x928d58)
DEF(sceSblServiceMailbox_lr_verifySuperBlock, -0x9CF350)
DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_1, -0x9CF8D1)
DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_2, -0x9CF865)
DEF(sceSblServiceMailbox_lr_npdrm_cmd_5, -0x34AA73)
DEF(sceSblServiceMailbox_lr_npdrm_cmd_6, -0x34A845)
//DEF(sceSblPfsSetKeys, -0x9D5930) //403
DEF(sceSblPfsSetKeys, -0x9D0440)
DEF(sceSblServiceCryptAsync, -0x970020)
DEF(sceSblServiceCryptAsync_deref_singleton, -0x96FFE3)
DEF(copyin, -0xa170b0)
DEF(copyout, -0xa17160)
DEF(crypt_message_resolve, -0x4AEFB0)
DEF(justreturn, -0xa530c0)
DEF(justreturn_pop, justreturn+8)
DEF(mini_syscore_header, 0xe89518)
DEF(pop_all_iret, -0xa52ef2)
DEF(pop_all_except_rdi_iret, pop_all_iret+4)
DEF(push_pop_all_iret, -0x9f5078)
DEF(kernel_pmap_store, 0x2d28b78)
DEF(crypt_singleton_array, 0x2c6da30)
DEF(security_flags, 0xD73064)
DEF(targetid, 0xD7306D)
DEF(qa_flags, 0xD73088)
DEF(utoken, 0xD730F0)
DEF(mov_rax_cr0, -0xa5a121)
DEF(mov_cr0_rax, -0xa5a11c)
DEF(mov_rdi_cr2, -0xa5634a)
DEF(lgdt_rdi, -0xa169c0)
DEF(lidt_lldt, -0xa59971)
DEF(ltr_ax, -0xa5994f)
DEF(kproc_shutdown, -0x9f20b8)
DEF(s_shutdown_final, 0x36B132)
DEF(eventhandler_register, -0x55E8B0)
DEF(strlen_trap, -0x47D938)
DEF(lapic_map, 0x27af838)
#include "offset_list.txt"
END_FW()

START_FW(920)
DEF(allproc, 0x2755d50)
DEF(idt, 0x2d94300)
Expand Down Expand Up @@ -2879,6 +2973,192 @@ DEF(lapic_map, 0x27af838)
#include "offset_list.txt"
END_FW()

START_FW(1000)
DEF(allproc, 0x2765d70)
DEF(idt, 0x2d5c300)
DEF(gdt_array, 0x2d5d5e0)
DEF(tss_array, 0x2d5efe0)
DEF(pcpu_array, 0x2d70f00)
DEF(doreti_iret, -0xa6eb13)
DEF(add_rsp_iret, doreti_iret - 7)
DEF(swapgs_add_rsp_iret, doreti_iret - 10)
DEF(rep_movsb_pop_rbp_ret, -0xa32466)
DEF(rdmsr_start, -0xa7024a)
DEF(wrmsr_ret, -0xa7161c)
DEF(nop_ret, wrmsr_ret + 2)
DEF(dr2gpr_start, -0xa75c53)
DEF(gpr2dr_1_start, -0xa75b3a)
DEF(gpr2dr_2_start, -0xa75a47)
DEF(mov_cr3_rax_mov_ds, -0xa756a9)
DEF(mov_rax_cr3, -0x3C9A2F)
DEF(cpu_switch, -0xa75e40)
DEF(mprotect_fix_start, -0x9a8293)
DEF(mprotect_fix_end, mprotect_fix_start+6)

DEF(mmap_self_fix_1_start, 0x0)
DEF(mmap_self_fix_1_end, mmap_self_fix_1_start+2)
DEF(mmap_self_fix_2_start, 0x0)
DEF(mmap_self_fix_2_end, mmap_self_fix_2_start+2)

DEF(aslr_fix_start, -0x8F033D)
DEF(aslr_fix_end, aslr_fix_start+2)

DEF(sigaction_fix_start, -0x73d979)
DEF(sigaction_fix_end, -0x73D959)
DEF(sysents, 0x1ad100)
DEF(sysents_ps4, 0x1a4bb0)
DEF(sysentvec, 0xdba6d8)
DEF(sysentvec_ps4, 0xdba850)
DEF(sceSblServiceMailbox, -0x6f8b10)
DEF(sceSblAuthMgrSmIsLoadable2, -0x941160)
DEF(mdbg_call_fix, -0x6995e9)
DEF(syscall_before, -0x893e21)
DEF(syscall_after, -0x893ded)
DEF(malloc, -0xbb850)
DEF(M_something, 0x1407470)
DEF(loadSelfSegment_epilogue, -0x940A67)
DEF(loadSelfSegment_watchpoint, -0x2FC6A7)
DEF(loadSelfSegment_watchpoint_lr, -0x940CA7)
DEF(decryptSelfBlock_watchpoint_lr, -0x94093E)
DEF(decryptSelfBlock_epilogue, -0x9408DB)
DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x940209)
DEF(decryptMultipleSelfBlocks_epilogue, -0x93FFEF)
DEF(sceSblServiceMailbox_lr_verifyHeader, -0x940e47)
DEF(sceSblServiceMailbox_lr_loadSelfSegment, -0x940ad4)
DEF(sceSblServiceMailbox_lr_decryptSelfBlock, -0x94051d)
DEF(sceSblServiceMailbox_lr_decryptMultipleSelfBlocks, -0x93FD52)
DEF(sceSblServiceMailbox_lr_sceSblAuthMgrSmFinalize, -0x9411d8)
DEF(sceSblServiceMailbox_lr_verifySuperBlock, -0x9EA679)
DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_1, -0x9EACF2)
DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_2, -0x9EAC8D)
DEF(sceSblServiceMailbox_lr_npdrm_cmd_5, -0x34D98A)
DEF(sceSblServiceMailbox_lr_npdrm_cmd_6, -0x34D755)
//DEF(sceSblPfsSetKeys, -0x9EA920) //403
DEF(sceSblPfsSetKeys, -0x9EB870) //505
DEF(sceSblServiceCryptAsync, -0x98A590)
DEF(sceSblServiceCryptAsync_deref_singleton, -0x98A556)
DEF(copyin, -0xa32d30)
DEF(copyout, -0xa32de0)
DEF(crypt_message_resolve, -0x4B5A50)
DEF(justreturn, -0xa6ed40)
DEF(justreturn_pop, justreturn+8)
DEF(mini_syscore_header, 0xe896d8)
DEF(pop_all_iret, -0xa6eb72)
DEF(pop_all_except_rdi_iret, pop_all_iret+4)
DEF(push_pop_all_iret, -0xa106b8)
DEF(kernel_pmap_store, 0x2cf0ef8)
DEF(crypt_singleton_array, 0x2c35d70)
DEF(security_flags, 0xD79064)
DEF(targetid, 0xD7906D)
DEF(qa_flags, 0xD79088)
DEF(utoken, 0xD790F0)
DEF(mov_rax_cr0, -0xa75da1)
DEF(mov_cr0_rax, -0xa75d9c)
DEF(mov_rdi_cr2, -0xa71fca)
DEF(lgdt_rdi, -0xa32640)
DEF(lidt_lldt, -0xa755f1)
DEF(ltr_ax, -0xa755cf)
DEF(kproc_shutdown, -0xa0d090)
DEF(s_shutdown_final, 0x36dc89)
DEF(eventhandler_register, -0x568300)
DEF(strlen_trap, -0x483f88)
DEF(lapic_map, 0x27bf858)
#include "offset_list.txt"
END_FW()

START_FW(1001)
DEF(allproc, 0x2765d70)
DEF(idt, 0x2d5c300)
DEF(gdt_array, 0x2d5d5e0)
DEF(tss_array, 0x2d5efe0)
DEF(pcpu_array, 0x2d70f00)
DEF(doreti_iret, -0xa6eb13)
DEF(add_rsp_iret, doreti_iret - 7)
DEF(swapgs_add_rsp_iret, doreti_iret - 10)
DEF(rep_movsb_pop_rbp_ret, -0xa32466)
DEF(rdmsr_start, -0xa7024a)
DEF(wrmsr_ret, -0xa7161c)
DEF(nop_ret, wrmsr_ret + 2)
DEF(dr2gpr_start, -0xa75c53)
DEF(gpr2dr_1_start, -0xa75b3a)
DEF(gpr2dr_2_start, -0xa75a47)
DEF(mov_cr3_rax_mov_ds, -0xa756a9)
DEF(mov_rax_cr3, -0x3C9A2F)
DEF(cpu_switch, -0xa75e40)
DEF(mprotect_fix_start, -0x9a8293)
DEF(mprotect_fix_end, mprotect_fix_start+6)

DEF(mmap_self_fix_1_start, 0x0)
DEF(mmap_self_fix_1_end, mmap_self_fix_1_start+2)
DEF(mmap_self_fix_2_start, 0x0)
DEF(mmap_self_fix_2_end, mmap_self_fix_2_start+2)

DEF(aslr_fix_start, -0x8F033D)
DEF(aslr_fix_end, aslr_fix_start+2)

DEF(sigaction_fix_start, -0x73d979)
DEF(sigaction_fix_end, -0x73D959)
DEF(sysents, 0x1ad100)
DEF(sysents_ps4, 0x1a4bb0)
DEF(sysentvec, 0xdba6d8)
DEF(sysentvec_ps4, 0xdba850)
DEF(sceSblServiceMailbox, -0x6f8b10)
DEF(sceSblAuthMgrSmIsLoadable2, -0x941160)
DEF(mdbg_call_fix, -0x6995e9)
DEF(syscall_before, -0x893e21)
DEF(syscall_after, -0x893ded)
DEF(malloc, -0xbb850)
DEF(M_something, 0x1407470)
DEF(loadSelfSegment_epilogue, -0x940A67)
DEF(loadSelfSegment_watchpoint, -0x2FC6A7)
DEF(loadSelfSegment_watchpoint_lr, -0x940CA7)
DEF(decryptSelfBlock_watchpoint_lr, -0x94093E)
DEF(decryptSelfBlock_epilogue, -0x9408DB)
DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x940209)
DEF(decryptMultipleSelfBlocks_epilogue, -0x93FFEF)
DEF(sceSblServiceMailbox_lr_verifyHeader, -0x940e47)
DEF(sceSblServiceMailbox_lr_loadSelfSegment, -0x940ad4)
DEF(sceSblServiceMailbox_lr_decryptSelfBlock, -0x94051d)
DEF(sceSblServiceMailbox_lr_decryptMultipleSelfBlocks, -0x93FD52)
DEF(sceSblServiceMailbox_lr_sceSblAuthMgrSmFinalize, -0x9411d8)
DEF(sceSblServiceMailbox_lr_verifySuperBlock, -0x9EA679)
DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_1, -0x9EACF2)
DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_2, -0x9EAC8D)
DEF(sceSblServiceMailbox_lr_npdrm_cmd_5, -0x34D98A)
DEF(sceSblServiceMailbox_lr_npdrm_cmd_6, -0x34D755)
//DEF(sceSblPfsSetKeys, -0x9EA920) //403
DEF(sceSblPfsSetKeys, -0x9EB870) //505
DEF(sceSblServiceCryptAsync, -0x98A590)
DEF(sceSblServiceCryptAsync_deref_singleton, -0x98A556)
DEF(copyin, -0xa32d30)
DEF(copyout, -0xa32de0)
DEF(crypt_message_resolve, -0x4B5A50)
DEF(justreturn, -0xa6ed40)
DEF(justreturn_pop, justreturn+8)
DEF(mini_syscore_header, 0xe896d8)
DEF(pop_all_iret, -0xa6eb72)
DEF(pop_all_except_rdi_iret, pop_all_iret+4)
DEF(push_pop_all_iret, -0xa10540)
DEF(kernel_pmap_store, 0x2cf0ef8)
DEF(crypt_singleton_array, 0x2c35d70)
DEF(security_flags, 0xD79064)
DEF(targetid, 0xD7906D)
DEF(qa_flags, 0xD79088)
DEF(utoken, 0xD790F0)
DEF(mov_rax_cr0, -0xa75da1)
DEF(mov_cr0_rax, -0xa75d9c)
DEF(mov_rdi_cr2, -0xa71fca)
DEF(lgdt_rdi, -0xa32640)
DEF(lidt_lldt, -0xa755f1)
DEF(ltr_ax, -0xa755cf)
DEF(kproc_shutdown, -0xa0b100)
DEF(s_shutdown_final, 0x36dcc5)
DEF(eventhandler_register, -0x568300)
DEF(strlen_trap, -0x483f88)
DEF(lapic_map, 0x27bf858)
#include "offset_list.txt"
END_FW()

void* dlsym(void*, const char*);

int set_offsets(void)
Expand Down Expand Up @@ -2914,12 +3194,15 @@ int set_offsets(void)
case 0x840: set_offsets_840(); break;
case 0x860: set_offsets_860(); break;
case 0x900: set_offsets_900(); break;
case 0x905: set_offsets_905(); break;
case 0x920: set_offsets_920(); break;
case 0x940: set_offsets_940(); break;
case 0x960: set_offsets_960(); break;
case 0x1000: set_offsets_1000(); break;
case 0x1001: set_offsets_1001(); break;
#endif
default: return -1;
}
return 0;
}

}
Loading