PRX: Difference between revisions
Jump to navigation
Jump to search
(Created page with "scetool can decrypt SPRX's, producing an ELF... or is it? Not really. It has an ELF header but... First LOAD section, paddr points to what I'll call the module descriptor. S...") |
No edit summary |
||
| Line 7: | Line 7: | ||
NOTE: All addresses inside the file assume the ELF header isn't there (basically add 0xE0 to all addresses.) | NOTE: All addresses inside the file assume the ELF header isn't there (basically add 0xE0 to all addresses.) | ||
+0 | {| | ||
+4 | ! Offset | ||
+20 | ! Type | ||
+24 | ! Description | ||
+28 | |- | ||
+32 | | +0 | ||
+36 | | long | ||
| flags? Always 0x101 | |||
|- | |||
| +4 | |||
| char[always 16?] | |||
| Name of the module as a null-terminated string. | |||
|- | |||
| +20 | |||
| long | |||
| ????? | |||
|- | |||
| +24 | |||
| long | |||
| Points to start of symbol table header | |||
|- | |||
| +28 | |||
| long | |||
| Points to end of symbol table header | |||
|- | |||
| +32 | |||
| long | |||
| Points to start of first symbol defn | |||
|- | |||
| +36 | |||
| long | |||
| points to end of last symbol defn | |||
|} | |||
Symbol table header: | Symbol table header: | ||
+0 | {| | ||
+16 | ! Offset | ||
+24 | ! Type | ||
! Description | |||
|- | |||
| +0 | |||
| long[4] | |||
| ????? | |||
|- | |||
| +16 | |||
| quad or maybe a long preceded by zeroes? | |||
| Appears to point to a table of something crypto-looking... definitely intended to be an array of longs. The whole library gets six, and then each function gets ????? it varies. This pointer points to the first three. | |||
|- | |||
| +24 | |||
| long | |||
| ...and this points to the second three. | |||
|} | |||
Symbol defn: | Symbol defn: | ||
+0 | {| | ||
+8 | ! Offset | ||
+12 | ! Type | ||
+16 | ! Description | ||
+20 | |- | ||
+28 | | +0 | ||
+32 | | quad | ||
+36 | | Always zeroes | ||
|- | |||
| +8 | |||
| long | |||
| Always(?) 0x2C000001 | |||
|- | |||
| +12 | |||
| long | |||
| ????? Probably flags... | |||
|- | |||
| +16 | |||
| long | |||
| ????? Usually 0, but "paf" gets 0x60000 instead. | |||
|- | |||
| +20 | |||
| (quad or maybe a long preceded by zeroes?) | |||
| Pointer to the name of the function! As a null/terminated ASCII string. | |||
|- | |||
| +28 | |||
| long | |||
| Pointer to this function's section of the Big Mystery Table. The values are always big and always in ascending order... very odd. | |||
|- | |||
| +32 | |||
| long | |||
| Pointer to the (long) pointer to the entry point of this function! | |||
|- | |||
| +36 | |||
| long[2] | |||
| Appears to be for overflow for the Big Mystery Table. Zeroes if not needed. | |||
|} | |||
Two functions are ALWAYS present: "paf" and "SysPrxForUser". What do they do? Not sure. They are real functions with legitimate entry points, so they can't be some kind of metadata. Hm. | Two functions are ALWAYS present: "paf" and "SysPrxForUser". What do they do? Not sure. They are real functions with legitimate entry points, so they can't be some kind of metadata. Hm. | ||
Revision as of 05:05, 19 June 2013
scetool can decrypt SPRX's, producing an ELF... or is it? Not really. It has an ELF header but...
First LOAD section, paddr points to what I'll call the module descriptor.
Second LOAD section starts off with a list of the entry points for all the exposed functions and then some (more on that later). The remainder is garbage/padding.
NOTE: All addresses inside the file assume the ELF header isn't there (basically add 0xE0 to all addresses.)
| Offset | Type | Description |
|---|---|---|
| +0 | long | flags? Always 0x101 |
| +4 | char[always 16?] | Name of the module as a null-terminated string. |
| +20 | long | ????? |
| +24 | long | Points to start of symbol table header |
| +28 | long | Points to end of symbol table header |
| +32 | long | Points to start of first symbol defn |
| +36 | long | points to end of last symbol defn |
Symbol table header:
| Offset | Type | Description |
|---|---|---|
| +0 | long[4] | ????? |
| +16 | quad or maybe a long preceded by zeroes? | Appears to point to a table of something crypto-looking... definitely intended to be an array of longs. The whole library gets six, and then each function gets ????? it varies. This pointer points to the first three. |
| +24 | long | ...and this points to the second three. |
Symbol defn:
| Offset | Type | Description |
|---|---|---|
| +0 | quad | Always zeroes |
| +8 | long | Always(?) 0x2C000001 |
| +12 | long | ????? Probably flags... |
| +16 | long | ????? Usually 0, but "paf" gets 0x60000 instead. |
| +20 | (quad or maybe a long preceded by zeroes?) | Pointer to the name of the function! As a null/terminated ASCII string. |
| +28 | long | Pointer to this function's section of the Big Mystery Table. The values are always big and always in ascending order... very odd. |
| +32 | long | Pointer to the (long) pointer to the entry point of this function! |
| +36 | long[2] | Appears to be for overflow for the Big Mystery Table. Zeroes if not needed. |
Two functions are ALWAYS present: "paf" and "SysPrxForUser". What do they do? Not sure. They are real functions with legitimate entry points, so they can't be some kind of metadata. Hm.