Changes

Jump to navigation Jump to search
140 bytes added ,  21:37, 23 July 2016
no edit summary
| 0xD0
| 0x04
| Named Export Table 1 offset
|-
| 0xD4
| 0x04
| Named Export Table 1 num (size = num * 8)
|-
| 0xD8
| 0x04
| Indexed Export Table 2 offset
|-
| 0xDC
| 0x04
| Indexed Export Table 2 num (size = num * 4)
|-
| 0xE0
| 0xE8
| 0x04
| Export Tree offset (fast lookups based on strlena trie-like structure)
|-
| 0xEC
| 0x100
| 0x04
| Named Import Table 1 offset
|-
| 0x104
| 0x04
| Named Import Table 1 num (size = num * 8)
|-
| 0x108
| 0x04
| Indexed Import Table 2 offset
|-
| 0x10C
| 0x04
| Indexed Import Table 2 num (size = num * 8)
|-
| 0x110
| 0x04
| Anonymous Import Table 3 offset
|-
| 0x114
| 0x04
| Anonymous Import Table 3 num (size = num * 8)
|-
| 0x118
| 0x8
| 0x4
| Segment id (0= .text, 1= .rodata, 2= .data, 3 = .bss)
|}
Named Export Table entry (8 bytes)
{| class="wikitable" border="1"
! Offset
|}
Named Import Table entry (8 bytes)
{| class="wikitable" border="1"
! Offset
| 0x6
| 0x1
| 1 is written to last first entry if all symbols loaded successfully.
|-
| 0x7
The first hash-table entry hashes the 0x100-byte header following the hash-table. The following hash-table entries hash the sections specified in the header.
When the RO module loads the entire CRO into process memory(mapped in the 0x00100000-0x04000000 region), it modifies the mapped CRO data. The magic field is also changed to "FIXD"if fix level is not 0.
Upon loading, the RO module will look for symbol "__aeabi_atexit" or "nnroAeabiAtexit_".
For dumping symbols and loading a CRO into IDA, see [https://github.com/plutooo/ctr/].
242

edits

Navigation menu