social.noyu.me

I finally did a write-up of how touchHLE works. well, an important part of it, anyway!

new blog post: “touchHLE in depth, part 1: a day in the life of a function call”

https://hikari.noyu.me/blog/2023-04-13-touchhle-in-depth-1-function-calls.html

@hikari > Apple achieves this by adding two special sections to the app binary: __symbol_stub4, which contains lots of near-identical tiny stub functions, and __la_symbol_ptr, which contains lots of function pointers.

Technically it’s S_SYMBOL_STUBS/S_LAZY_SYMBOL_POINTERS ;)

@saagar ah, of course, there’s an integer type value on each section, and my code never looks at it… well, I can easily fix that :)

@saagar oh huh, it’s only these stub sections and a handful of other things that get special type values. all the Objective-C sections must be matched by name rather than by type, I guess:

touchHLE::mach_o: Reading "Monkey Ball"
touchHLE::mach_o: Section: "__text" 0x2000 (0x3d13c bytes), type 0
touchHLE::mach_o: Section: "__symbol_stub4" 0x3f13c (0x984 bytes), type 8
touchHLE::mach_o: Section: "__const" 0x3fac0 (0x683c bytes), type 0
touchHLE::mach_o: Section: "__cstring" 0x462fc (0x6150 bytes), type 2
touchHLE::mach_o: Section: "__dyld" 0x4d000 (0x1c bytes), type 0
touchHLE::mach_o: Section: "__la_symbol_ptr" 0x4d01c (0x32c bytes), type 7
touchHLE::mach_o: Section: "__mod_init_func" 0x4d348 (0x1a0 bytes), type 9
touchHLE::mach_o: Section: "__nl_symbol_ptr" 0x4d4e8 (0x1e8 bytes), type 6
touchHLE::mach_o: Section: "__const" 0x4d6d0 (0xc58 bytes), type 0
touchHLE::mach_o: Section: "__cfstring" 0x4e328 (0x150 bytes), type 0
touchHLE::mach_o: Section: "__gcc_except_tab" 0x4e478 (0x78c bytes), type 0
touchHLE::mach_o: Section: "__objc_selrefs" 0x4ec04 (0x19c bytes), type 5
touchHLE::mach_o: Section: "__objc_classrefs" 0x4eda0 (0x60 bytes), type 0
touchHLE::mach_o: Section: "__objc_superrefs" 0x4ee00 (0xc bytes), type 0
touchHLE::mach_o: Section: "__objc_classlist" 0x4ee0c (0xc bytes), type 0
touchHLE::mach_o: Section: "__objc_catlist" 0x4ee18 (0xc bytes), type 0
touchHLE::mach_o: Section: "__objc_protolist" 0x4ee24 (0xc bytes), type 0
touchHLE::mach_o: Section: "__objc_imageinfo" 0x4ee30 (0x8 bytes), type 0
touchHLE::mach_o: Section: "__data" 0x4ee38 (0x2720 bytes), type 0
touchHLE::mach_o: Section: "__bss" 0x51558 (0x3958 bytes), type 1
touchHLE::mach_o: Section: "__common" 0x54eb0 (0x300 bytes), type 1

@saagar the blog post is now out of date, touchHLE trunk now looks at the section type :)

@hikari These days it’s in __TEXT,__stubs, for example. In fact I have never heard of the section names you mentioned (as you can tell I have never reversed a 32-bit iOS app :P)

@saagar well, __la_symbol_ptr seems to be alive and well on x64 macOS, at least.

something I wonder about is why __symbol_stub4 (and __picsymbolstub4, which I omitted for simplicity) have that 4 suffix. 4 bytes per pointer? I can’t be bothered to figure it out though :)

@hikari No idea, maybe the iOS version it was introduced in?

@saagar nah, this is older than iOS 4

@saagar hmm, when I look at an iPhone OS 3.2 app, there’s __symbolstub1 instead :)