Problem with prxtool release 245x

[coyotebean]

Any person using prxtool release 2457/2458/2459, the version with updated reloc format?

I don't known if an issue with MinGW or prxtool, when I tried to dump files from 3.71 and above (e.g. the simple clockgen.prx), prxtool have (slightly) random crash which seems to be releated to memory. This file is using 0x700000A1 reloc format from 3.71 onwards.

my problem:
prxtool -d -s lxsir 300/clockgen.prx is fine
prxtool -d -s lxsir 371/clockgen.prx crashes
prxtool -d -s lxsir 400/clockgen.prx crashes
prxtool -d -s lxsir 500/clockgen.prx crashes

Code: Select all

3.71 debug out...

Debug: 98: [R_MIPS_32] SW(0000083C,0000083C)
Debug: 98: addr 000007C0, target 0000083C, text 0
Debug: 99: [R_MIPS_32] SW(00000858,00000858)
Debug: 99: addr 000007D4, target 00000858, text 0
Debug: 100: [R_MIPS_32] SW(0000072C,0000072C)
Debug: 100: addr 000007BC, target 0000072C, text 0
Debug: 101: [R_MIPS_32] SW(000008FC,000008FC)
Debug: 101: addr 000007B8, target 000008FC, text 0
Debug: 102: [R_MIPS_32] SW(00000754,00000754)
Debug: 102: addr 000007E4, target 00000754, text 0
Debug: 103: [R_MIPS_32] SW(00000910,00000910)
Debug: 103: addr 000007E0, target 00000910, text 0
Debug:

Code: Select all

4.00 debug output...

Debug: 98: [R_MIPS_32] SW(00000718,00000718)
Debug: 98: addr 000007A4, target 00000718, text 0
Debug: 99: [R_MIPS_32] SW(000008D0,000008D0)
Debug: 99: addr 000007A0, target 000008D0, text 0
Debug: 100: [R_MIPS_32] SW(00000730,00000730)
Debug: 100: addr 00000790, target 00000730, text 0
Debug: 101: [R_MIPS_32] SW(000008DC,000008DC)
Debug: 101: addr 0000078C, target 000008DC, text 0
Debug: 102: [R_MIPS_32] SW(00008050,00008950)
Debug: 102: addr 000007CC, target 00008950, text 0
Debug: 103: [R_MIPS_32] SW(00000744,00000744)
Debug: 103: addr 000007D0, target 00000744, text 0
Debug: 104: [R_MIPS_32] SW(00000764,00000764)
Debug: 104: addr 000007D4, target 00000764, text 0
Debug: 105: [R_MIPS_32] SW(0000076C,0000076C)
Debug: 105: addr 000007D8, target 0000076C, text 0
Debug: 106: [R_MIPS_32] SW(000007A8,000007A8)
Debug: 106: addr 000007DC, target 000007A8, text 0
Debug: 107: [R_MIPS_32] SW(000002D0,000002D0)
Debug: 107: addr 00000838, target 000002D0, text 0
Debug: 108: [R_MIPS_32] SW(0000

Code: Select all

5.00 debug output...

Debug: 98: [R_MIPS_32] SW(00000718,00000718)
Debug: 98: addr 000007A8, target 00000718, text 0
Debug: 99: [R_MIPS_32] SW(000008D4,000008D4)
Debug: 99: addr 000007A4, target 000008D4, text 0
Debug: 100: [R_MIPS_32] SW(00000730,00000730)
Debug: 100: addr 00000794, target 00000730, text 0
Debug: 101: [R_MIPS_32] SW(000008E0,000008E0)
Debug: 101: addr 00000790, target 000008E0, text 0
Debug: 102: [R_MIPS_32] SW(00008040,00008950)
Debug: 102: addr 000007D0, target 00008950, text 0
Debug: 103: [R_MIPS_32] SW(00000744,00000744)
Debug: 103: addr 000007D4, target 00000744, text 0
Debug: 104: [R_MIPS_32] SW(00000764,00000764)
Debug: 104: addr 000007D8, target 00000764, text 0
Debug: 105: [R_MIPS_32] SW(0000076C,0000076C)
Debug: 105: addr 000007DC, target 0000076C, text 0
Debug: 106: [R_MIPS_32] SW(000007AC,000007AC)
Debug: 106: addr 000007E0, target 000007AC, text 0
Debug: 107: [R_MIPS_32] SW(000002D0,000002D0)
Debug: 107: addr 0000083C, target 000002D0, text 0
Debug: 108: [R_MIPS_32] SW(000003

Oh, just now, I tried disasm and it ran fine.
So, it maybe only some issue with serialize.
Damn, I was misled by the stupid crash

Another things is that it didn't disasm sysmem.prx properly (probably from 3.71 and above) I guess that's just a small bug in the calculation of the active "text" range.

[coyotebean]

I see, originally there was a bug in CountRelocs which causes disasm of 5.00 clockgen.prx to fail which I had fixed. So my current version disasm successfully.

Code: Select all

Original errorneous code:

				pos += (part1 & 0x06);
				if ((part1 & 0x01) != 0) {
					if (part1 & 0x38 == 0x10) {
						pos += 2;
					} else if (part1 & 0x38 == 0x18) {
						pos += 4;
					}
				}

pos += (part1 & 0x06) is incorrect.

Code: Select all

Updated code:

				if ( (part1 & 0x01) == 0 ) {
					if ( ( part1 & 0x06 ) == 4 ) {
						pos += 4;
					}
				}
				else {
					switch (part1 & 0x06) {
					case 2:
						pos += 2;
						break;
					case 4:
						pos += 4;
						break;
					}
					switch (part1 & 0x38) {
					case 0x10:
						pos += 2;
						break;
					case 0x18:
						pos += 4;
						break;
					}
				}

[coyotebean]

A quick look review end of text section is calculated from imports, it will have problem with any file with no imports like sysmem.prx.

"ModuleInfo" is probably a good point to split code and data.

[coyotebean]

This is ".lib.ent.top" (the end of .sceSub.text) it seems

Code: Select all

m_stubBottom = m_modInfo.info.exports - 4;

[coyotebean]

hehe~ another issue noticed (possible for 0x700000A1 relocs only)

The target of reloc type 0xE(R_MIPS_X_J26) are "lui" instrution, applying a "J26" type reloc trash the instruction.

The target of reloc type 0x2(R_MIPS_32) are "j" instrution...

The target of reloc type 0x6(R_MIPS_LO16) feels like they are meant for (R_MIPS_32)....

The action of reloc type are different between chkreg.prx/loadexec.prx and sysmem.prx/loadcore.prx in firmware 5.00 !?!?!?

[coyotebean]

Some quick test indicate that 0x700000A1 was introduced with 3.70
sysmem.prx & loadcore.prx upto 6.20 seems to be using the old reloc type (possibly because it is handled by IPL so the reloc type hasn't changed)
All the order files with 0x700000A1 reloc table format use the new reloc type.