Editing Talk:PRX
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 18: | Line 18: | ||
So as of now is it not possible to get function addresses using the FNID? Right now I can hook functions but only for a normal game(e.g. using .lib.stub to parse all entries and then I use library name+fnid and I get a pointer that points to the normal stub entry in the ELF, eg the one with the bctr instruction) However I would like to also hook VSH calls to prxs and sadly vsh uses some VERY strange method to load and call prxs. So what I would like to do is get the VA of the PRX function itself(the value in ctr). Of course this can too be done be automatically disassembling the stub jumper(bctr) as it's just a hardcoded jump address ORIS R12,R12,hi lwz r12, lo(r12) and then r12 is a pointer to the func entry address; but alas this too applies only for normal game ELFs. We can get the PRX image in RAM so how the hell are NIDs used??[[User:Pspdude|Pspdude]] 18:36, 25 June 2013 (MSK) | So as of now is it not possible to get function addresses using the FNID? Right now I can hook functions but only for a normal game(e.g. using .lib.stub to parse all entries and then I use library name+fnid and I get a pointer that points to the normal stub entry in the ELF, eg the one with the bctr instruction) However I would like to also hook VSH calls to prxs and sadly vsh uses some VERY strange method to load and call prxs. So what I would like to do is get the VA of the PRX function itself(the value in ctr). Of course this can too be done be automatically disassembling the stub jumper(bctr) as it's just a hardcoded jump address ORIS R12,R12,hi lwz r12, lo(r12) and then r12 is a pointer to the func entry address; but alas this too applies only for normal game ELFs. We can get the PRX image in RAM so how the hell are NIDs used??[[User:Pspdude|Pspdude]] 18:36, 25 June 2013 (MSK) | ||
There is some basic info about vsh/sprx in wiki and has been tolk several times with different people to expand all pages related, the initial attempt was to make a tree of pages dependand of [[XMB]]. Most specifically the pages: [[VSH]] that is a bit empty, [[ | There is some basic info about vsh/sprx in wiki and has been tolk several times with different people to expand all pages related, the initial attempt was to make a tree of pages dependand of [[XMB]]. Most specifically the pages: [[VSH]] that is a bit empty, [[VSH_module-action]] with a list of modules availables from xmb_plugin.sprx and/or xmb_ingame.sprx, [[XMB_XML_Coding]] and [[XMB_modding]] about how modules are called from xmb .xml files (theoricaly you could make a call to a custom sprx if is correctly indexed from a custom XMB icon) --[[User:Sandungas|Sandungas]] 20:07, 25 June 2013 (MSK) | ||
Sandungas: Hmm yes I see what you mean about the custom XMB icon, however I can also just load_start by placing it as proxy eg. in the place of sacd.sprx and then load_start sacd_orig.sprx(or not). I think it would be useful to be able to intercept calls to eg. cellHttps library. --[[User:Pspdude|Pspdude]] 21:47, 25 June 2013 (MSK) | Sandungas: Hmm yes I see what you mean about the custom XMB icon, however I can also just load_start by placing it as proxy eg. in the place of sacd.sprx and then load_start sacd_orig.sprx(or not). I think it would be useful to be able to intercept calls to eg. cellHttps library. --[[User:Pspdude|Pspdude]] 21:47, 25 June 2013 (MSK) | ||
Line 25: | Line 25: | ||
lv2: prolly calculation via elf header and descriptors, its all in there -- [[User:Mysis|Mysis]] | lv2: prolly calculation via elf header and descriptors, its all in there -- [[User:Mysis|Mysis]] | ||
= FNID generation = | |||
here's some code in c# with the example "sys_crash_dump_get_user_log_area" | |||
<pre> | |||
void main() | |||
{ | |||
byte[] input = GetBytes(BitConverter.ToString(Encoding.UTF8.GetBytes("sys_crash_dump_get_user_log_area")).Replace("-","") + "6759659904250490566427499489741A"); | |||
Console.WriteLine(BitConverter.ToInt32( SHA1CryptoServiceProvider.Create().ComputeHash(input) ,0 ).ToString("X0")); | |||
} | |||
byte[] GetBytes(string str) | |||
{ | |||
byte[] bytes = new byte[str.Length / 2]; | |||
for (int i = 0; i < str.Length; i += 2) | |||
bytes[i / 2] = byte.Parse(str.Substring(i, 2), System.Globalization.NumberStyles.HexNumber); | |||
return bytes; | |||
} | |||
</pre> | |||
= PPURELA Segment = | |||
I am not sure why hasn't this been mentioned yet. Its PHDR type value is: 0x700000A4 (PT_SCE_PPURELA). | |||
<pre> | |||
struct | |||
{ | |||
u64 offset; // Offset in the second load segment | |||
u16 unk0; // ??? | |||
u8 index; // Seems that: 0 -> First LOAD segment, 1 -> Second LOAD segment | |||
u8 type; // ??? Not sure what happens when type != 1. | |||
u32 unk1; // ??? | |||
u64 ptr; // Offset of the pointer (while patching add the base address where the segment was allocated). | |||
}; | |||
</pre> | |||
My guess is that this segment is used to patch the addresses of the second LOAD segments like this (this may be wrong, but so far it has been proven to work for my emulator's dynamic loader): | |||
<pre> | |||
for (auto& rel : ppurela_table) { | |||
if (rel.type == 1) { | |||
const u32 addr = prx->load_segments[1].addr + rel.offset; | |||
const u32 value = prx->load_segments[rel.index].addr + rel.ptr; | |||
write32(addr, value); | |||
} | |||
} | |||
</pre> | |||
Has anyone worked on this previously? / Can someone confirm this? -- [[User:AlexAltea|AlexAltea]] |