How to enlarge a ELF file ?

[tryphon]

Hi!

For translating and hacking purposes, I'd like to add free space on a Playstation 2 ELF file, at the end of the file to avoid breaking previous pointers and code.

Is there a tool for doing that ?

I tried manually, updating sections and program tables, but failed, getting various results (from crashing the game to having my new section appearing in PS2DIS but not in PS2 Memory - I checked with PCXS2 debugger).

Thanks in advance.

[Hiei-]

Seems no one really know anythigng about PS2 hacking 

[FallenAngel2387]

Well, I wouldn't say no one knows about it, but I don't know if they have accounts here, or if they do, that they had to use the same method...

I don't know if any will be of use to you, but these are the Ps2 specific utilities on this site: http://www.romhacking.net/?page=utilities&category=&platform=18&game=&author=&os=&level=&perpage=20&title=&desc=&utilsearch=Go

[Hiei-]

According to this :

PCSX2 0.9.2 with better debugger   DQ5r   This is an upgraded version of pcsx2 0.9.2's debugger. I used this version because it was the last version that the debugger worked properly for me. It really helped speed up DQ5r hacking. Here are some of the features I added: Modifications:....

It seems some guy did the PS2 version of Dragon Quest V (http://www.dqtranslations.com/projects/dq5r) but dunno if some of them visit this forum.

[tryphon]

Thanks, I've already checked RHDN's PS2 tools but no one seems related to my problem.

The tool that brought me some hope was GNU objcopy, but sadly it didn't recognize the PS2 ELF file.

I don't know what method they use, but I'd gladly accept any advice.

I made some attemps, trying to locate my new section here and there, but it's always overwritten (at least I suppose so since I can't see the junk data I put here for testing) by data I don't know where they come from.

[neige]

If your section appear in PS2DIS but not in the PS2 memory, it usually means that it was not correctly added to the program header table or that it is being overwritten at some point. I had a problem like that not long ago, the data I added was being overwritten, in this case it was because I added the section at a location that was part of the stack so it was eventually overwritten during the normal execution of the game.

You can check the start-up code of the game to learn the location and size of the stack and heap. Here is an example from Persona 3 FES Japanese:

Code Select Expand


main:00100198     lui     $a0, 0x7D          # gp
main:0010019C     lui     $a1, 0x1F6         # stack
main:001001A0     lui     $a2, 0xA           # stack_size
main:001001A4     lui     $a3, 0x96          # args
main:001001A8     lui     $t0, 0x10          # root_func
main:001001AC     la      $a0, unk_7D4BF0    # gp
main:001001B0     li      $a1, 0x1F60000     # stack
main:001001B4     li      $a2, 0xA0000       # stack_size
main:001001B8     la      $a3, dword_95E180  # args
main:001001BC     la      $t0, sub_100220    # root_func
main:001001C0     or      $gp, $a0
main:001001C4     li      $v1, 60            # SetupThread
main:001001C8     syscall 0
main:001001CC     or      $sp, $v0
main:001001D0     lui     $a0, 0x9B          # heap_start
main:001001D4     lui     $a1, 0             # heap_size
main:001001D8     la      $a0, 0x9AEB80      # heap_start
main:001001DC     li      $a1, 0xFFFFFFFF    # heap_size
main:001001E0     li      $v1, 61            # SetupHeap
main:001001E4     syscall 0


You can edit the ELF headers with HT but I don't know if it can add sections to to a file. There are probably other editors but I don't know about them.

If you can program, there are some libraries designed to edit and add data to ELF files for different programming languages.

I personally use the ELFIO C++ library version 2.0.0-beta1. It has a bug that cause a crash if you try to expand or create sections but the following patch fixes that:

Code Select Expand


diff -ru ELFIO-2.0.0/elfio/elfio_section.hpp ELFIO-2.0.0-mod/elfio/elfio_section.hpp
--- ELFIO-2.0.0/elfio/elfio_section.hpp 2012-03-09 19:52:16.000000000 -0500
+++ ELFIO-2.0.0-mod/elfio/elfio_section.hpp     2012-09-04 13:47:38.000000000 -0400
@@ -199,7 +199,7 @@
         stream.seekg( header_offset );
         stream.read( reinterpret_cast<char*>( &header ), sizeof( header ) );

-        Elf_Xword size = get_size();
+        Elf_Xword size = data_size = get_size();
         if ( 0 == data && SHT_NULL != get_type() && SHT_NOBITS != get_type() &&
              0 != size ) {
             data = new char[size];
@@ -251,7 +251,7 @@
     Elf_Half                    index;
     std::string                 name;
     mutable char*               data;
-    Elf_Word                    data_size;
+    mutable Elf_Word            data_size;
     const endianess_convertor*  convertor;
};


I have reported this bug but it was already fixed in the git repository. The problem is that the git version (as of 2012-09-06) contain a bug that is worst, preventing the creation of files that can be loaded.

One downside with ELFIO is that you have to add the sections back to program headers to produce a loadable file but it beats having to manage the position and size of the sections by hand.

I have been using ELFIO to add a small cheat handler to a few game with success.

~ edited gross misinformation about ELFIO ~

[tryphon]

Thanks a lot for the answer and the links. I'll start with HL (that seems to support adding sections and seems simpler to use : I just don't like C++).

[neige]

Glad I could help, I wasn't sure that I was making sense.

Also, looking back through my files, I realized that I made some errors when writing about my usage of ELFIO. I fixed my post above.

I'm also not a big C++ lover, I just mentionned ELFIO because that what I have been using but there are others like pyelftools for python. It is mostly used for getting information about ELF files but, according to its author (here, 8th and 9th comments), it can be coerced into writing back ELF files.

~ edit ~

I just reread the excellent teensy ELF tutorial again and it got me thinking.

I started experimenting with Persona 3 FES Japanese. I set the e_shoff, e_shnum and e_shstrndx members of the elf header to 0, I also removed all sections headers and the data of the sections that were not loaded by the program headers. The PS2 was able to load the game and it ran perfectly.

Unless I'm mistaken, this means that the PS2 doesn't care about the sections at all, so to add data to an ELF file for the PS2, you just have to make sure that it is loaded by the program header and that its permissions are correct.

To test this, I appended my cheat engine to the ELF file, added a program header to load it, fixed the p_offset of the other program headers to account for the new one and finally incremented the e_phnum member of the ELF header. It worked like a charm.

[tryphon]

It is really interesting. Thank you