From WiiUBrew
Jump to navigation Jump to search

RPL and RPX executables are modified ELF shared objects used by Cafe OS.

They differ from regular ELF files in a few significant ways:

  • some sections are zlib-compressed
  • there are no program headers (section headers are used to load the executable into memory instead)
  • dynamic linking imports are done with import/export tables (similar to Windows PE, according to the fail0verflow presentation)


.fexports/.dexports sections

Each export table section is composed of an 8-byte header, a list of export entries (8 bytes each), 8 bytes of padding, and a nametable.

fexports is used for code; dexports is used for data.


uint32_t num_entries; // 0
uint32_t checksum?; // 4

Export entry:

uint32_t addr; // 0
uint32_t name_offset; // 4: offset of the name from the start of the section

8 bytes of padding: all zeroes; comes after the entries and before the nametable

nametable: a table of null-terminated strings

.fimport_(*)/.dimport_(*) sections

The section contains a header:

uint32_t num_entries; //0
uint32_t checksum?; // 4
char library_name[]; // 8

library_name is a null terminated string. The rest of the section is padded with zeroes. There are relocations into this section, which is marked alloc and execute for fimport and alloc for dimport: the runtime loader probably populates this area after load with PLT or GOT entries.