PRX

From PS3 Developer wiki
Revision as of 03:57, 19 June 2013 by Anonymous (Privacy policy) (Created page with "scetool can decrypt SPRX's, producing an ELF... or is it? Not really. It has an ELF header but... First LOAD section, paddr points to what I'll call the module descriptor. S...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

scetool can decrypt SPRX's, producing an ELF... or is it? Not really. It has an ELF header but...

First LOAD section, paddr points to what I'll call the module descriptor.

Second LOAD section starts off with a list of the entry points for all the exposed functions and then some (more on that later). The remainder is garbage/padding.

NOTE: All addresses inside the file assume the ELF header isn't there (basically add 0xE0 to all addresses.)

+0: (long) flags? Always 0x101 +4: (char[always 16?]) Name of the module +20: (long) ????? +24: (long) Points to start of symbol table header +28: (long) Points to end of symbol table header +32: (long) Points to start of first symbol defn +36: (long) points to end of last symbol defn

Symbol table header: +0: (long[4]) ????? +16: (quad or maybe a long preceded by zeroes?) Appears to point to a table of something crypto-looking... definitely intended to be an array of longs. The whole library gets six, and then each function gets ????? it varies. This pointer points to the first three. +24: (long) ...and this points to the second three.

Symbol defn: +0: (quad) Always zeroes +8: (long) Always(?) 0x2C000001 +12: (long) ????? Probably flags... +16: (long) Usually 0, but "paf" gets 0x60000 instead. +20: (quad or maybe a long preceded by zeroes?) Pointer to the name of the function! As a null/terminated ASCII string. +28: Pointer to this function's section of the Big Mystery Table. The values are always big and always in ascending order... very odd. +32: (long) Pointer to the (long) pointer to the entry point of this function! +36: (long[2]) Appears to be for overflow for the Big Mystery Table. Zeroes if not needed.


Two functions are ALWAYS present: "paf" and "SysPrxForUser". What do they do? Not sure. They are real functions with legitimate entry points, so they can't be some kind of metadata. Hm.