www.xbdev.net xbdev - software development
Friday December 14, 2018
home | about | contact | Donations

     
 

XBOX Programming

More than just a hobby...

 

Whats an XBE?

 

{Under Construction - I'll be adding details of the workings of the xbe later on.. why etc... but its good to see some of the code for now}

 

File Format:

 

Well you can find the xbe exectuable file format details on the internet easily details, but the best place is probably the xbox linux project - which I must say is the best for information on the xbox......

 

Link: xbox linux project documentation

 

 

Dumping a simple xbe...

 

Well before I started creating an xbe from scratch, I had to write a simple program that would dump some basic file information to a text file so I could examin some typical values.  Believe me, it helps so much more than just using a hex editor and looking at the values... of course I could be wrong... different people prefair different methods.

 

Of course I did cheat, rather than used a default.xbe that someone else had made, I compiled the following xbe using the xdk - then set about looking at its inner workings...

 

// Simple entry point.

void main()

{

  _asm

  {

        push eax

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        mov eax, ebx

        pop eax

  }

 

}

 

 

What the!!... why did I do code like that... well when I came to finding my code in the created xbe, it won't be mistaken...  Now the code is really really simple to follow I think... it reads the bytes in and then dumps them to a simple text file called 'output.txt'...  Then I can sort of examin the juicy info at the end.

 

 

#include <windows.h>

#include <stdio.h>

 

// Output to a text file.

void output(char* str)

{

      FILE *fp = fopen("output.txt", "a+");

      fprintf(fp, "%s\n", str);

      fclose(fp);

}

 

char buff[500];

 

// Entry point (its a windows entry point).

int _stdcall WinMain(HINSTANCE, HINSTANCE, char* k, int l)

{

      // Open our file called simple.exe

      FILE *pFile = fopen("simple.xbe", "rb");

 

      char XBE_SIG[4];

      fread(&XBE_SIG, 4, 1, pFile);

      sprintf(buff, "XBE Signature: %c%c%c%c", XBE_SIG[0],XBE_SIG[1],XBE_SIG[2],XBE_SIG[3]);

      output(buff);

 

      unsigned int temparray[0x100];

      fread(&temparray, 0x100, 1, pFile); // skip 100 byte xbe sec sig.

 

      unsigned int iBaseAddress;

      fread(&iBaseAddress, 4, 1, pFile);

      sprintf(buff, "Base address of image :0x%x", iBaseAddress);

      output(buff);

 

      unsigned int temp;

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Size of headers :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Size of image :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Size of image header :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Time Date Stamp :0x%x", temp);

      output(buff);

 

      unsigned int iCertAddress;

      fread(&iCertAddress, 4, 1, pFile);

      sprintf(buff, "Certificate area address :0x%x", iCertAddress);

      output(buff);

 

      unsigned int iNumSections;

      fread(&iNumSections, 4, 1, pFile);

      sprintf(buff, "Number of sections :0x%x", iNumSections);

      output(buff);

 

      unsigned int iSectionAddress;

      fread(&iSectionAddress, 4, 1, pFile);

      sprintf(buff, "Section headers address :0x%x", iSectionAddress);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Initialisation flags :0x%x", temp);

      output(buff);

 

      int EntryPoint;

      fread(&EntryPoint, 4, 1, pFile);

      sprintf(buff, "Entry point address :0x%x", EntryPoint); // entry point of our code

                                                              // XOR real entry point with:

      output(buff);                                           // Debug = 0x94859D4B, Retail = 0xA8FC57AB

                                                              // e.g. 0xa8fd4724 is really: 0x1108F e.g. 108F

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Thread local storage directory address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Size of stack commit :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Size of heap reserve :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Size of heap commit :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Original base address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Original size of image :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Original checksum :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Original time date stamp :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Debug path name address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Kernel image thunk address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Non-kernel import directory address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Number of library versions :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Library versions area addresses :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Kernel library version address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "XAPI library version address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Logo bitmap address :0x%x", temp);

      output(buff);

 

      fread(&temp, 4, 1, pFile);

      sprintf(buff, "Logo bitmap size :0x%x", temp);

      output(buff);

 

      //<- HEADER SECTIONS ------------------------------------------>

 

      //iBaseAddress

      //iNumSections

      //iSectionAddress

     

      // Seek to the start of headers.

      fseek(pFile, iSectionAddress - 0x10000, SEEK_SET);

 

      sprintf(buff, "\n\nSECTIONS Start: 0x%x\n", iSectionAddress-0x10000);

      output(buff);

 

 

      struct stSectionHeader

      {

            unsigned int Flags;

            unsigned int Virtual_Address;

            unsigned int Virtual_Size;

            unsigned int File_Pointer_Data;

            unsigned int Size_Data;

            unsigned int unknown1;

            unsigned int unknown2;

 

            unsigned int head_count_address;

            unsigned int tail_count_address;

 

            unsigned int unknown3[5];

      };

     

 

      stSectionHeader header;

      fread(&header, sizeof(stSectionHeader), 1, pFile);

 

      sprintf(buff, "size of header :0x%x\n\n", sizeof(stSectionHeader));

      output(buff);

 

      sprintf(buff, "Flags :0x%x", header.Flags);

      output(buff);

      sprintf(buff, "Virtual Address :0x%x", header.Virtual_Address);

      output(buff);

      sprintf(buff, "Virtual Size :0x%x", header.Virtual_Size);

      output(buff);

      sprintf(buff, "File Pointer Raw Data :0x%x", header.File_Pointer_Data);

      output(buff);

      sprintf(buff, "Size of Raw Data :0x%x", header.Size_Data);

      output(buff);

      sprintf(buff, "head_count_address :0x%x", header.head_count_address);

      output(buff);

      sprintf(buff, "tail_count_address :0x%x", header.tail_count_address);

      output(buff);

 

      output("\n");

      fread(&header, sizeof(stSectionHeader), 1, pFile);

 

      sprintf(buff, "Flags :0x%x", header.Flags);

      output(buff);

      sprintf(buff, "Virtual Address :0x%x", header.Virtual_Address);

      output(buff);

      sprintf(buff, "Virtual Size :0x%x", header.Virtual_Size);

      output(buff);

      sprintf(buff, "File Pointer Raw Data :0x%x", header.File_Pointer_Data);

      output(buff);

      sprintf(buff, "Size of Raw Data :0x%x", header.Size_Data);

      output(buff);

      sprintf(buff, "head_count_address :0x%x", header.head_count_address);

      output(buff);

      sprintf(buff, "tail_count_address :0x%x", header.tail_count_address);

      output(buff);

 

      output("\n");

      fread(&header, sizeof(stSectionHeader), 1, pFile);

 

      sprintf(buff, "Flags :0x%x", header.Flags);

      output(buff);

      sprintf(buff, "Virtual Address :0x%x", header.Virtual_Address);

      output(buff);

      sprintf(buff, "Virtual Size :0x%x", header.Virtual_Size);

      output(buff);

      sprintf(buff, "File Pointer Raw Data :0x%x", header.File_Pointer_Data);

      output(buff);

      sprintf(buff, "Size of Raw Data :0x%x", header.Size_Data);

      output(buff);

      sprintf(buff, "head_count_address :0x%x", header.head_count_address);

      output(buff);

      sprintf(buff, "tail_count_address :0x%x", header.tail_count_address);

      output(buff);

 

      //<-- CERTIFICATE DATA ---------------------------------------->

     

      //iCertAddress;

 

      fseek(pFile, iCertAddress - 0x10000, SEEK_SET);

 

      sprintf(buff, "\n\nCERTIFICATE DATA Start: 0x%x\n", iCertAddress-0x10000);

      output(buff);

 

      struct stCERTIFICATE

      {

            unsigned int size_cert;

            unsigned int date_stamp;

            unsigned int title_id;

            char     title_name[0x50];

 

            unsigned int title_alt[40];

            unsigned int allowed_media;

            unsigned int game_region;

            unsigned int game_rating;

            unsigned int disk_num;

            unsigned int version;

            unsigned char lan[0x10];

            unsigned char sig_key[0x10];

            unsigned char alt_sig[0x100];

      };

 

      stCERTIFICATE cert;

 

      fread(&cert, sizeof(stCERTIFICATE), 1, pFile);

 

      sprintf(buff, "size_cert :0x%x", cert.size_cert);

      output(buff);

      sprintf(buff, "date_stamp :0x%x", cert.date_stamp);

      output(buff);

      sprintf(buff, "title_id :0x%x", cert.title_id);

      output(buff);

      sprintf(buff, "title name :");

      output(buff);

      output(cert.title_name);

 

      sprintf(buff, "title_alt :0x%x", cert.title_alt);

      output(buff);

      sprintf(buff, "allowed_media :0x%x", cert.allowed_media);

      output(buff);

      sprintf(buff, "game_region :0x%x", cert.game_region);

      output(buff);

      sprintf(buff, "game_rating :0x%x", cert.game_rating);

      output(buff);

 

      sprintf(buff, "disk_num :0x%x", cert.disk_num);

      output(buff);

      sprintf(buff, "version :0x%x", cert.version);

      output(buff);

      sprintf(buff, "lan :0x%.1x,0x%.1x,0x%.1x,...", cert.lan[0],cert.lan[2],cert.lan[2]);

      output(buff);

 

      sprintf(buff, "sig_key :0x%.1x,0x%.1x,0x%.1x,...", cert.sig_key[0],cert.sig_key[1],cert.sig_key[2]);

      output(buff);

      sprintf(buff, "alt_sig :0x%.1x,0x%.1x,0x%.1x,...", cert.alt_sig[0],cert.alt_sig[1],cert.alt_sig[2]);

      output(buff);

 

      fclose(pFile);

 

      return 0;

}

 

 

// Demo File 'simple.xbe' - 40,960 bytes - 0xA000 bytes

 

/*

XBE File Format

by Andrew de Quincey and Lucien Murray-Pitt, 5 May 2002

 

XBE executable file format v0.2

Andrew de Quincey (adq@tardis.ed.ac.uk)

Lucien Murray-Pitts (lamp@tardis.ed.ac.uk)

  

HEADER AREA

  

0x000 4 "XBEH"

0x004 0x100 UNKNOWN: Could this be a digital signature?

0x104 4 Base address of image

0x108 4 Size of headers

0x10C 4 Size of image

0x110 4 Size of image header

0x114 4 Time Date Stamp (unix time)

0x118 4 Certificate area address

0x11C 4 Number of sections

0x120 4 Section headers address (array of individual section headers)

0x124 4 Initialisation flags

    Bit 0: Mount utility drive

    Bit 1: Format utility drive

    Bit 2: Limit development kit memory

    Bit 3: Don't setup hard disk

0x128 4 Entry point address

0x12C 4 Thread local storage directory address

0x130 4 Size of stack commit

0x134 4 Size of heap reserve

0x138 4 Size of heap commit

0x13C 4 Original base address (of source PE file I assume)

0x140 4 Original size of image (of source PE file I assume)

0x144 4 Original checksum (of source PE file I assume)

0x148 4 Original time date stamp (unix time) (of source PE file I assume)

0x14C 4 Debug path name address (0==missing)

0x150 4 Debug file name address

0x158 4 Kernel image thunk address

0x15C 4 Non-kernel import directory address

0x160 4 Number of library versions

0x164 4 Library versions area addresses (Array of Library version)

0x168 4 Kernel library version address

0x16C 4 XAPI library version address

0x170 4 Logo bitmap address

0x174 4 Logo bitmap size

  

 

CERTIFICATE AREA

  

0x000 4 size of certificate

0x004 4 Date time stamp (unix time)

0x008 4 Title ID

0x00C 0x50 Title name (UNICODE, zero terminated)

0x05C 4 Non-zero=>Title alternative title ID 0 (and alt signature 0 present)

0x060 4 Non-zero=>Title alternative title ID 1 (and alt signature 1 present)

0x064 4 Non-zero=>Title alternative title ID 2 (and alt signature 2 present)

0x068 4 Non-zero=>Title alternative title ID 3 (and alt signature 3 present)

0x06C 4 Non-zero=>Title alternative title ID 4 (and alt signature 4 present)

0x070 4 Non-zero=>Title alternative title ID 5 (and alt signature 5 present)

0x074 4 Non-zero=>Title alternative title ID 6 (and alt signature 6 present)

0x078 4 Non-zero=>Title alternative title ID 7 (and alt signature 7 present)

0x07C 4 Non-zero=>Title alternative title ID 8 (and alt signature 8 present)

0x080 4 Non-zero=>Title alternative title ID 9 (and alt signature 9 present)

0x084 4 Non-zero=>Title alternative title ID 10 (and alt signature 10 present)

0x088 4 Non-zero=>Title alternative title ID 11 (and alt signature 11 present)

0x08C 4 Non-zero=>Title alternative title ID 12 (and alt signature 12 present)

0x090 4 Non-zero=>Title alternative title ID 13 (and alt signature 13 present)

0x094 4 Non-zero=>Title alternative title ID 14 (and alt signature 14 present)

0x098 4 Non-zero=>Title alternative title ID 15 (and alt signature 15 present)

0x09C 4 Allowed media types

0x0A0 4 Game region

0x0A4 4 Game ratings

0x0A8 4 Disk number

0x0AC 4 Version

0x0B0 0x10 LAN key

0x0C0 0x10 Signature key

0x0D0 0x10 Alternative signature 0 (if alt title ID 0 non-zero)

0x0E0 0x10 Alternative signature 1 (if alt title ID 1 non-zero)

0x0F0 0x10 Alternative signature 2 (if alt title ID 2 non-zero)

0x100 0x10 Alternative signature 3 (if alt title ID 3 non-zero)

0x110 0x10 Alternative signature 4 (if alt title ID 4 non-zero)

0x120 0x10 Alternative signature 5 (if alt title ID 5 non-zero)

0x130 0x10 Alternative signature 6 (if alt title ID 6 non-zero)

0x140 0x10 Alternative signature 7 (if alt title ID 7 non-zero)

0x150 0x10 Alternative signature 8 (if alt title ID 8 non-zero)

0x160 0x10 Alternative signature 9 (if alt title ID 9 non-zero)

0x170 0x10 Alternative signature 10 (if alt title ID 10 non-zero)

0x180 0x10 Alternative signature 11 (if alt title ID 11 non-zero)

0x190 0x10 Alternative signature 12 (if alt title ID 12 non-zero)

0x1A0 0x10 Alternative signature 13 (if alt title ID 13 non-zero)

0x1B0 0x10 Alternative signature 14 (if alt title ID 14 non-zero)

0x1C0 0x10 Alternative signature 15 (if alt title ID 15 non-zero)

  

  

LIBRARY VERSION

  

0x000 0x8 Name of section (padded with zero)

0x008 0x2 Version part 1 XXX.0.0.0

0x00A 0x2 Version part 2 0.XXX.0.0

0x00C 0x2 Version part 3 0.0.XXX.0

0x00E 0x2 Version part 4 and flags:

    Bits 0-8: Version part 4 0.0.0.XXX

    Bits 9-12: Unknown

    Bits 13,14: approval status (0: unapproved, 1: possibly approved, 2: approved, 3:UNKNOWN)

    Bit 15: Flag indicating library is debug version

  

  

THREAD LOCAL STORAGE DIRECTORY

  

0x000 4 Raw data start address

0x004 4 Raw data end address

0x008 4 TLS index address

0x00C 4 TLS callbacks address

0x010 4 Size of zero fill

0x014 4 Characteristics

  

  

SECTION HEADER

  

0x000 4 Flags

    Bit 0: Writeable

    Bit 1: Preload

    Bit 2: Executable

    Bit 3: Inserted file

    Bit 4: Head page read only

    Bit 5: Tail page read only

    Bits 6-31: Unknown

0x004 4 Virtual address

0x008 4 Virtual size

0x00C 4 File pointer to raw data

0x010 4 Size of raw data

0x014 4 Unknown - address of section name

0x018 4 Unknown

0x01C 4 head shared page reference count address

0x020 4 tail shared page reference count address

0x024 4 Unknown

0x028 4 Unknown

0x02C 4 Unknown

0x030 4 Unknown

0x034 4 Unknown

 

*/

 

 

And after its all over...we have the following data in a text file as shown below.  But please feel free to experiment further, and discover more information.

 

Output Text File:
XBE Signature: XBEH
Base address of image :0x10000
Size of headers :0x770
Size of image :0x9360
Size of image header :0x178
Time Date Stamp :0x3f181715
Certificate area address :0x10178
Number of sections :0x3
Section headers address :0x10354
Initialisation flags :0x1
Entry point address :0xa8fd4764
Thread local storage directory address :0x17694
Size of stack commit :0x10000
Size of heap reserve :0x100000
Size of heap commit :0x1000
Original base address :0x10d20
Original size of image :0x8f20
Original checksum :0x0
Original time date stamp :0x3f181715
Debug path name address :0x1045e
Kernel image thunk address :0x104b1
Non-kernel import directory address :0x10448
Number of library versions :0x5b6c3496
Library versions area addresses :0x0
Kernel library version address :0x3
XAPI library version address :0x10418
Logo bitmap address :0x10428
Logo bitmap size :0x10418


SECTIONS Start: 0x354

size of header :0x38
Flags :0x36
Virtual Address :0x11000
Virtual Size :0x6404
File Pointer Raw Data :0x1000
Size of Raw Data :0x6404
head_count_address :0x103fc
tail_count_address :0x103fe


Flags :0x16
Virtual Address :0x17420
Virtual Size :0xc4c
File Pointer Raw Data :0x8000
Size of Raw Data :0xc4c
head_count_address :0x103fe
tail_count_address :0x10400


Flags :0x7
Virtual Address :0x18080
Virtual Size :0x12e0
File Pointer Raw Data :0x9000
Size of Raw Data :0xcf0
head_count_address :0x10400
tail_count_address :0x10402


CERTIFICATE DATA Start: 0x178

size_cert :0x1dc
date_stamp :0x3f181715
title_id :0x0
title name :

title_alt :0x12fd08
allowed_media :0x0
game_region :0x0
game_rating :0x0
disk_num :0x0
version :0x0
lan :0x0,0x0,0x0,...
sig_key :0x0,0x0,0x0,...
alt_sig :0x0,0x0,0x0,...
 

 

 

Again we can sort of see what information is in the xbe file... of course at this stage a lot of it won't really make sense... and of course you don't really know what we can skip and change... but its great to see whats in there..hehe... Where on a journey of discovery :)

 

 

 

 

 

 
 Visitor: 9534626  { 209.237.238.175 } Copyright (c) 2002-2017 xbdev.net - All rights reserved.
Designated tutorial and software are the property of their respective owners.