social.noyu.me

I finally did a write-up of how touchHLE works. well, an important part of it, anyway!

new blog post: “touchHLE in depth, part 1: a day in the life of a function call”

https://hikari.noyu.me/blog/2023-04-13-touchhle-in-depth-1-function-calls.html

@hikari > Apple achieves this by adding two special sections to the app binary: __symbol_stub4, which contains lots of near-identical tiny stub functions, and __la_symbol_ptr, which contains lots of function pointers.

Technically it’s S_SYMBOL_STUBS/S_LAZY_SYMBOL_POINTERS ;)

@saagar oh no, can those sections be renamed? the way touchHLE loads Mach-O files probably deviates substantially from how Apple’s code does, because I basically started by looking inside some binaries to find interesting things and worked backwards from there to figure out how to load them.

@hikari These days it’s in __TEXT,__stubs, for example. In fact I have never heard of the section names you mentioned (as you can tell I have never reversed a 32-bit iOS app :P)

@saagar well, __la_symbol_ptr seems to be alive and well on x64 macOS, at least.

something I wonder about is why __symbol_stub4 (and __picsymbolstub4, which I omitted for simplicity) have that 4 suffix. 4 bytes per pointer? I can’t be bothered to figure it out though :)

@hikari No idea, maybe the iOS version it was introduced in?

@saagar hmm, when I look at an iPhone OS 3.2 app, there’s __symbolstub1 instead :)