#include
<windows.h>
#include
<stdio.h>
// Output to a text file.
void
output(char* str)
{
FILE *fp = fopen("output.txt", "a+");
fprintf(fp, "%s\n", str);
fclose(fp);
}
char
buff[500];
// Entry point (its a windows entry point).
int
_stdcall WinMain(HINSTANCE, HINSTANCE,
char* k, int
l)
{
// Open our file called simple.exe
FILE *pFile = fopen("simple.xbe", "rb");
char XBE_SIG[4];
fread(&XBE_SIG, 4, 1, pFile);
sprintf(buff, "XBE Signature: %c%c%c%c",
XBE_SIG[0],XBE_SIG[1],XBE_SIG[2],XBE_SIG[3]);
output(buff);
unsigned int
temparray[0x100];
fread(&temparray, 0x100, 1, pFile); // skip 100 byte xbe sec sig.
unsigned int
iBaseAddress;
fread(&iBaseAddress, 4, 1, pFile);
sprintf(buff, "Base address of image :0x%x", iBaseAddress);
output(buff);
unsigned int
temp;
fread(&temp, 4, 1, pFile);
sprintf(buff, "Size of headers :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Size of image :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Size of image header :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Time Date Stamp :0x%x", temp);
output(buff);
unsigned int
iCertAddress;
fread(&iCertAddress, 4, 1, pFile);
sprintf(buff, "Certificate area address :0x%x", iCertAddress);
output(buff);
unsigned int
iNumSections;
fread(&iNumSections, 4, 1, pFile);
sprintf(buff, "Number of sections :0x%x", iNumSections);
output(buff);
unsigned int
iSectionAddress;
fread(&iSectionAddress, 4, 1, pFile);
sprintf(buff, "Section headers address :0x%x", iSectionAddress);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Initialisation flags :0x%x", temp);
output(buff);
int EntryPoint;
fread(&EntryPoint, 4, 1, pFile);
sprintf(buff, "Entry point address :0x%x", EntryPoint);
// entry point of our code
// XOR real entry point with:
output(buff);
// Debug = 0x94859D4B, Retail = 0xA8FC57AB
// e.g. 0xa8fd4724 is really: 0x1108F e.g. 108F
fread(&temp, 4, 1, pFile);
sprintf(buff, "Thread local storage directory address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Size of stack commit :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Size of heap reserve :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Size of heap commit :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Original base address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Original size of image :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Original checksum :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Original time date stamp :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Debug path name address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Kernel image thunk address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Non-kernel import directory address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Number of library versions :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Library versions area addresses :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Kernel library version address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "XAPI library version address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Logo bitmap address :0x%x", temp);
output(buff);
fread(&temp, 4, 1, pFile);
sprintf(buff, "Logo bitmap size :0x%x", temp);
output(buff);
//<- HEADER SECTIONS
------------------------------------------>
//iBaseAddress
//iNumSections
//iSectionAddress
// Seek to the start of headers.
fseek(pFile, iSectionAddress - 0x10000, SEEK_SET);
sprintf(buff, "\n\nSECTIONS Start: 0x%x\n", iSectionAddress-0x10000);
output(buff);
struct stSectionHeader
{
unsigned
int Flags;
unsigned
int Virtual_Address;
unsigned
int Virtual_Size;
unsigned
int File_Pointer_Data;
unsigned
int Size_Data;
unsigned
int unknown1;
unsigned
int unknown2;
unsigned
int head_count_address;
unsigned
int tail_count_address;
unsigned
int unknown3[5];
};
stSectionHeader header;
fread(&header, sizeof(stSectionHeader), 1,
pFile);
sprintf(buff, "size of header :0x%x\n\n", sizeof(stSectionHeader));
output(buff);
sprintf(buff, "Flags :0x%x", header.Flags);
output(buff);
sprintf(buff, "Virtual Address :0x%x", header.Virtual_Address);
output(buff);
sprintf(buff, "Virtual Size :0x%x", header.Virtual_Size);
output(buff);
sprintf(buff, "File Pointer Raw Data :0x%x", header.File_Pointer_Data);
output(buff);
sprintf(buff, "Size of Raw Data :0x%x", header.Size_Data);
output(buff);
sprintf(buff, "head_count_address :0x%x", header.head_count_address);
output(buff);
sprintf(buff, "tail_count_address :0x%x", header.tail_count_address);
output(buff);
output("\n");
fread(&header, sizeof(stSectionHeader), 1,
pFile);
sprintf(buff, "Flags :0x%x", header.Flags);
output(buff);
sprintf(buff, "Virtual Address :0x%x", header.Virtual_Address);
output(buff);
sprintf(buff, "Virtual Size :0x%x", header.Virtual_Size);
output(buff);
sprintf(buff, "File Pointer Raw Data :0x%x", header.File_Pointer_Data);
output(buff);
sprintf(buff, "Size of Raw Data :0x%x", header.Size_Data);
output(buff);
sprintf(buff, "head_count_address :0x%x", header.head_count_address);
output(buff);
sprintf(buff, "tail_count_address :0x%x", header.tail_count_address);
output(buff);
output("\n");
fread(&header, sizeof(stSectionHeader), 1,
pFile);
sprintf(buff, "Flags :0x%x", header.Flags);
output(buff);
sprintf(buff, "Virtual Address :0x%x", header.Virtual_Address);
output(buff);
sprintf(buff, "Virtual Size :0x%x", header.Virtual_Size);
output(buff);
sprintf(buff, "File Pointer Raw Data :0x%x", header.File_Pointer_Data);
output(buff);
sprintf(buff, "Size of Raw Data :0x%x", header.Size_Data);
output(buff);
sprintf(buff, "head_count_address :0x%x", header.head_count_address);
output(buff);
sprintf(buff, "tail_count_address :0x%x", header.tail_count_address);
output(buff);
//<-- CERTIFICATE DATA
---------------------------------------->
//iCertAddress;
fseek(pFile, iCertAddress - 0x10000, SEEK_SET);
sprintf(buff, "\n\nCERTIFICATE DATA Start: 0x%x\n", iCertAddress-0x10000);
output(buff);
struct stCERTIFICATE
{
unsigned
int size_cert;
unsigned
int date_stamp;
unsigned
int title_id;
char title_name[0x50];
unsigned
int title_alt[40];
unsigned
int allowed_media;
unsigned
int game_region;
unsigned
int game_rating;
unsigned
int disk_num;
unsigned
int version;
unsigned
char lan[0x10];
unsigned
char sig_key[0x10];
unsigned
char alt_sig[0x100];
};
stCERTIFICATE cert;
fread(&cert, sizeof(stCERTIFICATE), 1, pFile);
sprintf(buff, "size_cert :0x%x", cert.size_cert);
output(buff);
sprintf(buff, "date_stamp :0x%x", cert.date_stamp);
output(buff);
sprintf(buff, "title_id :0x%x", cert.title_id);
output(buff);
sprintf(buff, "title name :");
output(buff);
output(cert.title_name);
sprintf(buff, "title_alt :0x%x", cert.title_alt);
output(buff);
sprintf(buff, "allowed_media :0x%x", cert.allowed_media);
output(buff);
sprintf(buff, "game_region :0x%x", cert.game_region);
output(buff);
sprintf(buff, "game_rating :0x%x", cert.game_rating);
output(buff);
sprintf(buff, "disk_num :0x%x", cert.disk_num);
output(buff);
sprintf(buff, "version :0x%x", cert.version);
output(buff);
sprintf(buff, "lan :0x%.1x,0x%.1x,0x%.1x,...",
cert.lan[0],cert.lan[2],cert.lan[2]);
output(buff);
sprintf(buff, "sig_key :0x%.1x,0x%.1x,0x%.1x,...",
cert.sig_key[0],cert.sig_key[1],cert.sig_key[2]);
output(buff);
sprintf(buff, "alt_sig :0x%.1x,0x%.1x,0x%.1x,...",
cert.alt_sig[0],cert.alt_sig[1],cert.alt_sig[2]);
output(buff);
fclose(pFile);
return 0;
}
// Demo File 'simple.xbe' - 40,960 bytes - 0xA000 bytes
/*
XBE File Format
by Andrew de Quincey and Lucien Murray-Pitt, 5 May 2002
XBE executable file format v0.2
Andrew de Quincey (adq@tardis.ed.ac.uk)
Lucien Murray-Pitts (lamp@tardis.ed.ac.uk)
HEADER AREA
0x000 4 "XBEH"
0x004 0x100 UNKNOWN: Could this be a digital signature?
0x104 4 Base address of image
0x108 4 Size of headers
0x10C 4 Size of image
0x110 4 Size of image header
0x114 4 Time Date Stamp (unix time)
0x118 4 Certificate area address
0x11C 4 Number of sections
0x120 4 Section headers address (array of individual section headers)
0x124 4 Initialisation flags
Bit 0: Mount utility drive
Bit 1: Format utility drive
Bit 2: Limit development kit memory
Bit 3: Don't setup hard disk
0x128 4 Entry point address
0x12C 4 Thread local storage directory address
0x130 4 Size of stack commit
0x134 4 Size of heap reserve
0x138 4 Size of heap commit
0x13C 4 Original base address (of source PE file I assume)
0x140 4 Original size of image (of source PE file I assume)
0x144 4 Original checksum (of source PE file I assume)
0x148 4 Original time date stamp (unix time) (of source PE file I assume)
0x14C 4 Debug path name address (0==missing)
0x150 4 Debug file name address
0x158 4 Kernel image thunk address
0x15C 4 Non-kernel import directory address
0x160 4 Number of library versions
0x164 4 Library versions area addresses (Array of Library version)
0x168 4 Kernel library version address
0x16C 4 XAPI library version address
0x170 4 Logo bitmap address
0x174 4 Logo bitmap size
CERTIFICATE AREA
0x000 4 size of certificate
0x004 4 Date time stamp (unix time)
0x008 4 Title ID
0x00C 0x50 Title name (UNICODE, zero terminated)
0x05C 4 Non-zero=>Title alternative title ID 0 (and alt signature 0 present)
0x060 4 Non-zero=>Title alternative title ID 1 (and alt signature 1 present)
0x064 4 Non-zero=>Title alternative title ID 2 (and alt signature 2 present)
0x068 4 Non-zero=>Title alternative title ID 3 (and alt signature 3 present)
0x06C 4 Non-zero=>Title alternative title ID 4 (and alt signature 4 present)
0x070 4 Non-zero=>Title alternative title ID 5 (and alt signature 5 present)
0x074 4 Non-zero=>Title alternative title ID 6 (and alt signature 6 present)
0x078 4 Non-zero=>Title alternative title ID 7 (and alt signature 7 present)
0x07C 4 Non-zero=>Title alternative title ID 8 (and alt signature 8 present)
0x080 4 Non-zero=>Title alternative title ID 9 (and alt signature 9 present)
0x084 4 Non-zero=>Title alternative title ID 10 (and alt signature 10
present)
0x088 4 Non-zero=>Title alternative title ID 11 (and alt signature 11
present)
0x08C 4 Non-zero=>Title alternative title ID 12 (and alt signature 12
present)
0x090 4 Non-zero=>Title alternative title ID 13 (and alt signature 13
present)
0x094 4 Non-zero=>Title alternative title ID 14 (and alt signature 14
present)
0x098 4 Non-zero=>Title alternative title ID 15 (and alt signature 15
present)
0x09C 4 Allowed media types
0x0A0 4 Game region
0x0A4 4 Game ratings
0x0A8 4 Disk number
0x0AC 4 Version
0x0B0 0x10 LAN key
0x0C0 0x10 Signature key
0x0D0 0x10 Alternative signature 0 (if alt title ID 0 non-zero)
0x0E0 0x10 Alternative signature 1 (if alt title ID 1 non-zero)
0x0F0 0x10 Alternative signature 2 (if alt title ID 2 non-zero)
0x100 0x10 Alternative signature 3 (if alt title ID 3 non-zero)
0x110 0x10 Alternative signature 4 (if alt title ID 4 non-zero)
0x120 0x10 Alternative signature 5 (if alt title ID 5 non-zero)
0x130 0x10 Alternative signature 6 (if alt title ID 6 non-zero)
0x140 0x10 Alternative signature 7 (if alt title ID 7 non-zero)
0x150 0x10 Alternative signature 8 (if alt title ID 8 non-zero)
0x160 0x10 Alternative signature 9 (if alt title ID 9 non-zero)
0x170 0x10 Alternative signature 10 (if alt title ID 10 non-zero)
0x180 0x10 Alternative signature 11 (if alt title ID 11 non-zero)
0x190 0x10 Alternative signature 12 (if alt title ID 12 non-zero)
0x1A0 0x10 Alternative signature 13 (if alt title ID 13 non-zero)
0x1B0 0x10 Alternative signature 14 (if alt title ID 14 non-zero)
0x1C0 0x10 Alternative signature 15 (if alt title ID 15 non-zero)
LIBRARY VERSION
0x000 0x8 Name of section (padded with zero)
0x008 0x2 Version part 1 XXX.0.0.0
0x00A 0x2 Version part 2 0.XXX.0.0
0x00C 0x2 Version part 3 0.0.XXX.0
0x00E 0x2 Version part 4 and flags:
Bits 0-8: Version part 4 0.0.0.XXX
Bits 9-12: Unknown
Bits 13,14: approval status (0: unapproved, 1: possibly approved, 2:
approved, 3:UNKNOWN)
Bit 15: Flag indicating library is debug version
THREAD LOCAL STORAGE DIRECTORY
0x000 4 Raw data start address
0x004 4 Raw data end address
0x008 4 TLS index address
0x00C 4 TLS callbacks address
0x010 4 Size of zero fill
0x014 4 Characteristics
SECTION HEADER
0x000 4 Flags
Bit 0: Writeable
Bit 1: Preload
Bit 2: Executable
Bit 3: Inserted file
Bit 4: Head page read only
Bit 5: Tail page read only
Bits 6-31: Unknown
0x004 4 Virtual address
0x008 4 Virtual size
0x00C 4 File pointer to raw data
0x010 4 Size of raw data
0x014 4 Unknown - address of section name
0x018 4 Unknown
0x01C 4 head shared page reference count address
0x020 4 tail shared page reference count address
0x024 4 Unknown
0x028 4 Unknown
0x02C 4 Unknown
0x030 4 Unknown
0x034 4 Unknown
*/ |