A plugin for the PSP which analyzes the attributes of custom modules
C Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src
CHANGELOG.txt
README.txt

README.txt

Originally written by Felix-Dev

This program will analyze custom modules (i.e. game modules, homebrew modules,etc...). It will map imported sce functions to their stub addresses, meaning that you know where a function stub is located in memory. This is useful for people who want to call imported sce functions of a game through MIPS ASM code using a cheat device. (If you know the program prxtool, you should have an imagination, what I am talking about.)

Furthermore, this program will show you where module_start, module_stop of a game is located in user memory, thus helping you to start reversing the game.

How to use:

1) Put module_analyzer.prx into your seplugins folder located on the root of your memstick.

2) Add the line "ms0:/seplugins/module_analyzer.prx 1" into the game.txt file in your seplugins folder.

3) Start the PSP Program you want to have analyzed (it can be a game, homebrew,...).

4) Wait until you are in the main menu of that program. (Optionally, you can let the game running, thus the program will collect other modules being loaded during this time. Like network modules, if you start Multiplayer on a game.)

5) Exit the program.

6) Connect your PSP with your PC and go to the folder "Module_Analyzer" (located on the root of your Memstick).

7) You now see a folder called "ProgramXYZ" or "GAME-ID", where GAME-ID is the id of the game you just loaded. Go into that folder and you see at least three files. "modules.txt", "XXX_imports.txt" and "XXX_exports.txt".

About the files:

"modules.txt" contains all the modules which have been loaded during the program boot process. It shows you if a module is a SONY OFW module and or a custom module (i.e. a game module, homebrew module).

If the module is a custom module, you will see information about its .text segment (the segment where the executable code of the program is stored in), its .stub segment (where the imported libraries are), its entry address (where the program execution routine starts) and its global pointer value.

The "_imports.txt" file will show you the NIDs of imported sce functions used by the game and the address of their stubs. If you want to call an imported function, like sceKernelExitGame, simply JAL to its stub address. The file also shows you what library imports what NID.

The "_exports.txt" file shows you the exported functions/variables of your program. For example, where the function module_start is located, so you can jump into reversing the game directly from the root. It also shows you where the .rodata.sceModuleInfo section is stored in user memory.

In order to understand, what NID belongs to what sce function you need to check the NIDs in a file called "psplibdoc-xml". Open that file and search for the NID you want to know the function it represents.

Below is an example of the output from running various homebrew.

Example: http://i.imgur.com/9VqauLQ.png