Processor Communications (an implementation of Inter Processor Communications - IPC) on Qualcomm System-on-Chip devices that have a privileged modem (a.k.a. baseband or radio) processor and less privileged applications processor is via shared memory and interrupts.
Devices based on the Qualcomm MSM and QSD SoC designs also use the Qualcomm-provided modem operating system REX and the Advanced Mobile Subscriber Service (AMSS) application running on the privileged processor - usually an ARM9 design.
Proc comm allows the applications processor to do Remote Procedure Calls (RPC) to the modem processor and receive the results in the shared memory (SMEM) channel buffer - just an area of Random Access Memory (RAM) set aside for the purpose.
In analysing devices using proc comm it is possible to determine the RPC calls that can be made since the commands and their arguments are sent as pure text using the sprintf() function. On the modem side sscanf() is used to decode the RPC and translate it into a local function call.
I'm publishing this list of commands immediately so that others may see the possibilities. It'll take me some time to document the legal parameters that each command requires and expected return values. These are valid for an HTC Vision but should for the most part be applicable to most REX/AMSS devices:
osbl_dload osbl_hash osbl_auth GO2AMSS radata rcdata rseed pmic_vib_off pmic_vreg pmic_level checksum pmic_vib_on powerdown rpass setboot setbattflag bwriteconfig setmpatch version rdemmc platformid setpid rskuid wskuid pm_vid_enable pm_vid_disable rserase pmic_mic_off clock_config nvbak rtcchk pmic_mic_level rtcalarm pmic_mic_on echo_on rminfo cego getallgpio getgpio setgpio bootadsp emmcwp pmic_status rtc_get_status format pmic_reset reboot ram_test emmctest ledtest autoboottest mputest inpdw outpdw inpw outpw mcpy emmc_pgwrite emmc_ptwrite ruuwrite queryparti rrinfo emmc_pgdump