Note: The Entry Point member of this header must also be encoded as described earlier in this document.Īddress to the Non-Kernel Import Directory. In the case of CXBX, the import table entry at which (KernelThunkTable & 0x1FF = 0xFF) will be replaced by &cxbx_PsCreateSystemThreadEx (which is a wrapper function). XBE is loaded by the OS (or the CXBX Emulator), all kernel imports are replaced by a valid function or data type address. So, for example, the import PsCreateSystemThreadEx, which has a thunk value of 255 (0xFF) would be. KernelThunkTable = ImportThunk + 0x80000000 Typically the values in this table can be generated with the following formula:
There are 366 possible imports, and the table is terminated with a zero dword (0x00000000). The Kernel Thunk Table itself is simply an array of pointers to Kernel imports.
If it is not, then you try again with the retail key. To decode a kernel thunk address, you XOR with the debug key, then check if it is a valid address. To encode a kernel thunk address, you simply XOR the real address with either Debug or Retail key, depending on if you want the XBox to see this as a Debug or Retail executable. XBE files import kernel functions and data. L"simpsons.exe")Īddress to the Kernel Image Thunk Table, after the. "simpsons.exe")Īddress to the UTF-16 debug filename (i.e.
"D:\Nightlybuilds\011026.0\code\build\xbox\Release\simpsons.exe").Īddress to the debug filename (i.e. XBE was created from.Īddress to the debug pathname (i.e. As the Xbox does not allow for stacks to grow, this needs to be copied from the SizeOfStackReserve PE field, not SizeOfStackCommit!Ĭopied from the PE file this. Note: The Kernel Image Thunk Address member of this header must also be encoded as described later in this document.Īddress to a TLS (Thread Local Storage) structure.ĭefault stack size. To decode an entry point, you XOR with the debug key, then check if it is a valid entry point. To encode an entry point, you simply XOR the real entry point with either Debug or Retail key, depending on if you want the XBox to see this as a Debug or Retail executable. XBE files without adding another field to the. Considering this is far too weak to be considered security, I assume this XOR is a clever method for discerning between Debug/Retail. Known flags are:Īddress to the Image entry point, after the. XBE.Īddress to an array of SectionHeader structures, after the.
CXBX EMULATOR GAMES XBE WINDOWS
Standard windows format.Īddress to a Certificate structure, after the. Time and Date when this image was created. The header size varies by XDK version, but is at least 0x178. Number of bytes that should be reserved for the image header. Number of bytes that should be reserved for this image. Number of bytes that should be reserved for headers. Only on officially signed games is this field worthwhile.Īddress at which to load this. This field must always equal 0x48454258 ("XBEH")Ģ56 Bytes. It has the following layout (all fields are little-endian): The image header contains the information that describes where the other parts of the executable are located within the file, and how the executable should be treated and loaded.
0 kommentar(er)
