219
edits
Changes
→ELF format
Line 3:
Line 3:
== ELF format ==
== ELF format ==
IOS modules, at least, use bare ELF files. The files seem to be compiled with GCC 3.4.3, and they are EABI compliant. The file is in big endian format. All ELF files are stripped and don't include function names or symbols.
IOS modules, at least, use bare ELF files. The files seem to be compiled with GCC 3.4.3, and they are EABI compliant. The file is in big endian format. All ELF files are stripped and don't include function names or symbols.
+
+=== ELF Note Structure ===
+IOS modules are loaded by the kernel (syscall load_module) according to an ELF note. There are exactly as many IOSELFNoteData as threads created by IOS.
+
+<source lang="c">
+struct IOSELFNoteData
+{
+ u32 version_maybe; // always 0x0b?
+ u32 pid;
+ u32 unk2; // unused
+ u32 entry_point;
+ u32 unk4; // unused
+ u32 priority;
+ u32 unk6; // unused
+ u32 stack_size;
+ u32 unk8; // unused
+ u32 stack_top;
+};
+
+struct IOSELFNote
+{
+ // Standard ELF note header
+ u32 name_size; // always 0x0
+ u32 descriptor_size;
+ u32 note_type; // always 0x6
+
+ // IOS specific data
+ IOSELFNoteData data[];
+};
+</source>
== ELFLOADER format ==
== ELFLOADER format ==