Changes

== ELF format ==

== ELF format ==

IOS modules, at least, use bare ELF files. The files seem to be compiled with GCC 3.4.3, and they are EABI compliant. The file is in big endian format. All ELF files are stripped and don't include function names or symbols.

Individual IOS modules use bare [[ELF]] files. The files seem to be compiled with GCC 3.4.3, and they are EABI compliant. The file is in big endian format. All ELF files are stripped and don't include function names or symbols.

 

 

 

 

== ELFLOADER format ==

== ELFLOADER format ==

| 0x010

| 0x010

| 0x004

| 0x004

| 0x00 padding / unused

| Unknown "ddrInit", set to 0 on boot

|-

|-

| 0x010

| 0x010

|}

|}

=== BOOT2 elf loader ===

=== Official ELF loaders ===

The BOOT2 elf stub loader sets up a stack, calculates its own address, and switches to THUMB mode. Then it does the following:

The official ELF loaders set up a stack and calculate their own address, switches to THUMB mode, and then they do the following:

<source lang="c">

<source lang="c">

</source>

</source>

0xD800000 seems to be the start of the (a?) hardware register space.

This sets the [[Hollywood/Registers#HW_SRNPROT|HW_SRNPROT]] register to enable the [[Starlet/Main Memory|SRAM]] mirror at 0xFFFE0000.

After this, it loads the ELF file, and then '''zeroes out the memory area where the ELF file resides'''. Then it goes back to ARM mode and vectors to 0xFFFF0000 (the entrypoint of the ARM / vector table). The entire BOOT2 code seems to be position-independent: it can be loaded at any address and will still work, as long as it doesn't overlap with the destination of the ELF load. The entire BOOT2 file cleartext is loaded and then the loader is called, so the loader can calculate the offset of the header simply by subtracting 0x10 from the PC at its entrypoint.

After this, it loads the ELF file, and then '''zeroes out the memory area where most of the ELF loader resides'''. Then it goes back to ARM mode and vectors to 0xFFFF0000 (the entrypoint of the ARM / vector table). The entire BOOT2 file cleartext is loaded and then the loader is called, so the loader can calculate the offset of the header simply by subtracting 0x10 from the PC at its entrypoint.

=== Embedded Broadway Code ===

=== Embedded Broadway Code ===

=== Dynamic Linker ===

=== Dynamic Linker ===

In later IOS versions (after IOS21?) the single IOS ARM binary was devided into several modules/libraries. The modules are loaded dynamically. The code is statically linked to a fixed address. Each module can register driver entry points at the operating systems. Functions of other modules are not directly called. Syscalls are used to communicate with other modules. The calls are forwarded to the approperiate module function.

In later IOS versions ([[IOS28]] and later) the single monolithic IOS ARM binary was split into individual dynamically loaded modules. The main kernel is the only file to include the ELFLOADER header and stub; each individual module is a regular ELF file, loaded dynamically by the kernel to a fixed address specified in the ELF header. No functions are called directly between modules - [[IOS/Syscalls#Syscalls_.28via_undefined_instructions.29|Syscalls]] are used for individual modules to communicate with the main kernel, and resource managers are used for modules to communicate between each other (such as [[:/dev/di|DI]] interfacing with [[:/dev/es]] for ticket verification)

=== Extract ELF file ===

=== Extract ELF file ===

#include <stdio.h>

#include <stdio.h>

#include <stdint.h>

#include <stdint.h>

#include <malloc.h>

#include <stdlib.h>

#include <netinet/in.h>

#include <netinet/in.h>

</source>

</source>

[[Category:Software]]

[[Category:File formats]]