Overview

Signed PPU Relocatable Executable (SPRX)

Structure

First LOAD segment p_paddr points to module info.

Module Info

Exports

Imports

Relocations

Relocations can be found in either PT_SCE_PPURELA segments or SHT_SCE_PPURELA / SHT_RELA sections. RELA relocations are standard relocations while PPURELA relocations have 2 segment (program header) indexes stored in r_sym of r_info.

• The first index can be extracted with 0x7FFFFF00 as a mask and is used as a base address for r_addend. This sum will be the value applied to the patch.
• The second index can be extracted with 0x000000FF as a mask and is used as a base address for the target segment to patch and is added to r_offset.
• The first bit (0x80000000) is also set on earlier PRX's but it is currently unknown what it is used for.

FNID generation

symbol name suffix

symbol_name_suffix: 6759659904250490566427499489741A

To calculate FNID value of exported/imported symbol from .PRX you need to take SHA-1 hash over concatenation of symbol's name and symbol_name_suffix and then grab first 4 bytes from it and reverse these bytes (because of little-endian). Let's take, for example, _sys_sprintf:

 SHA1('_sys_sprintf' + '\x67\x59\x65\x99\x04\x25\x04\x90\x56\x64\x27\x49\x94\x89\x74\x1A') = FEEAF9A123D7D1A7619B40CD52500F9735A852A4
 FNID('_sys_sprintf') = swap_uint32(0xFEEAF9A1) = 0xA1F9EAFE.

For C++ functions you should use mangled representation of symbol's name. For example, mangled name of std::runtime_error::what() const is _ZNKSt13runtime_error4whatEv and FNID('_ZNKSt13runtime_error4whatEv') = 0x5333BDC9. More complex example: FNID(mangle('std::basic_filebuf<wchar_t, std::char_traits<wchar_t> >::seekpos(std::fpos<std:: _Mbstatet>, std::_Iosb<int>::_Openmode)')) = FNID('_ZNSt13basic_filebufIwSt11char_traitsIwEE7seekposESt4fposISt9_MbstatetENSt5_IosbIiE9_OpenmodeE') = 0xB6A4D760

noname_nid_suffix: 0xbc5eba9e042504905b64274994d9c41f

For import stub's with no names, you must use SHA1 over concatenation of symbol's name and noname_nid_suffix as an ascii string. Some examples of noname imports are module_start, module_info, and module_stop.

 SHA1('module_info' + '0xbc5eba9e042504905b64274994d9c41f') = 1630f4d70bf3df419db9d481983411fd3130482a = 0xD7F43016

v e File Formats SCE File Types Certified File Certified File · SELF - SPRX · Capability Flags · PRX · Program Type · SELFs inside ELFs · Revision versus Version NPDRM NPDRM · App Types · ACT.DAT · RIF PKG PKG files · PKG DIGEST.DAT EDAT EDAT files RCOXML Resource Container (RCO) Rcomage · GimConv · Graphic Image Map (GIM) · MFAudio · Languages · XMB Fonts · XMB Layouts RCOXML Coding RCOXML Script · RCOXML Images · RCOXML Fonts · RCOXML Texts · RCOXML Models · RCOXML Sounds · RCOXML Objects · RCOXML Animations RCOXML Examples RCOXML ofw animations · RCOXML ofw sounds CXML Qt Resource Container (QRC) Canyon.qrc · Earth.qrc · Icons.qrc · Icontex.qrc · Lines.qrc · Raf.qrc · Rhm.qrc · Store.qrc PlayStation 3 Theme (P3T) 01.p3t · raf_debug.p3t Rich Appearance Format (RAF) coldboot.raf · mustache.raf · PlayStation JavaScript · VSMX XMBML XMB Config XMB-Users · XMB-Settings · XMB-Photo · XMB-Music · XMB-Video · XMB-TV · XMB-Game · XMB-Network · XMB-PSN · XMB-Friends DB Config registory.xml · upload_list.xml · download_list.xml · playlist.xml · videodownloader_list.xml · savedata_list.xml XMBML Coding XMBML Functions XMBML Examples XMBML Folder Trees · XMBML module-action · XMBML Mountpoints · XMBML Database Access Databases XRegistry.sys · XMB database · Project Database (PDB) · MMS · XIL System Data XMB Preload Content Information Files · PARAM.HIS · PARAM.PFD · PARAM.SFO · PS3_DISC.SFB Licences LIC.DAT · LICENSE.DAT · LICENSE.INFO Game Data  · Game Saves PS3 Savedata · PS2 Savedata · PS1 Savedata · PSP Savedata Trophy Data Trophy livelist · TROPHY.TRP · Trophy Games/Apps PS3 BDemu Drive Format · PlayStation archive (PSARC) Emulators Eboot.PBP · PSISOIMG0000 · ISO.BIN.EDAT Web SILKPADD Unsorted archive.dat · bootflag.dat · lv0ldr · lv0 · lv1.self · SIG File Format · PS2bootparam.dat · vm0