1,359
edits
Changes
Created page with "'''DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT''' === Entrypoint === Entrypoint is at binary_ptr+0. At this offset, there is a branch..."
'''DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT'''
=== Entrypoint ===
Entrypoint is at binary_ptr+0. At this offset, there is a branch instruction that jumps past the NRO0 header. This is for compatibility with NSO0.
=== Entrypoint Arguments ===
'''NSO0:''' the system executes binary_ptr+0 with X0=NULL, X1=main_thread_handle.
'''NRO0:''' the homebrew loader puts X1=0xFFFFFFFFFFFFFFFF [INVALID_HANDLE] and X0=loader_config_ptr.
=== Loader Config ===
Loader config allows overriding functionality to workaround limitations in a limited homebrew environment.
It is an array of tuples:
struct LoaderConfig {
LoaderConfigEntry Entries[];
};
Each entry is key-value pair:
struct LoaderConfigEntry {
u32 Key;
u8 IsMandatory;
u8 Reserved[3];
u64 Value[2];
};
=== Loader Config Keys ===
* 0: [[#EndOfList]] [MANDATORY]
* 1: [[#MainThreadHandle]] [MANDATORY]
* 2: [[#OverrideHeap]]
* 3: [[#OverrideService]]
==== EndOfList ====
EndOfList is the final entry in the LoaderConfig.
* '''Key:''' 0
* '''IsMandatory:''' True
* '''Value[0]:''' Ignored.
* '''Value[1]:''' Ignored.
==== MainThreadHandle ====
This is the handle to the thread that is executing the entrypoint. Required for mutex to function.
* '''Key:''' 1
* '''IsMandatory:''' True
* '''Value[0]:''' Handle to the main thread.
* '''Value[1]:''' Ignored.
==== OverrideHeap ====
If the NRO loader has reserved some space in the heap for itself, the application must not manipulate the heap.
* '''Key:''' 2
* '''IsMandatory:''' False
* '''Value[0]:''' Base address of heap. Must be MemoryType 4, 5, or 9 with all reference counts being zero.
* '''Value[1]:''' Size of heap.
* '''DefaultBehavior:''' Allocates heap using svcSetHeapSize instead.
==== OverrideService ====
The NRO loader should be able to steal handles from more priliveged processes. In this case, the homebrew should use this handle instead of the normal one.
Note: For services that authenticate with pid, the app should not attempt re-authentication with an overridden handle.
* '''Key:''' 1
* '''IsMandatory:''' False
* '''Value[0]:''' Name of service, same format as for sm.
* '''Value[1]:''' Service handle.
* '''DefaultBehavior:''' Fetches service from "sm:" named port.
=== Entrypoint ===
Entrypoint is at binary_ptr+0. At this offset, there is a branch instruction that jumps past the NRO0 header. This is for compatibility with NSO0.
=== Entrypoint Arguments ===
'''NSO0:''' the system executes binary_ptr+0 with X0=NULL, X1=main_thread_handle.
'''NRO0:''' the homebrew loader puts X1=0xFFFFFFFFFFFFFFFF [INVALID_HANDLE] and X0=loader_config_ptr.
=== Loader Config ===
Loader config allows overriding functionality to workaround limitations in a limited homebrew environment.
It is an array of tuples:
struct LoaderConfig {
LoaderConfigEntry Entries[];
};
Each entry is key-value pair:
struct LoaderConfigEntry {
u32 Key;
u8 IsMandatory;
u8 Reserved[3];
u64 Value[2];
};
=== Loader Config Keys ===
* 0: [[#EndOfList]] [MANDATORY]
* 1: [[#MainThreadHandle]] [MANDATORY]
* 2: [[#OverrideHeap]]
* 3: [[#OverrideService]]
==== EndOfList ====
EndOfList is the final entry in the LoaderConfig.
* '''Key:''' 0
* '''IsMandatory:''' True
* '''Value[0]:''' Ignored.
* '''Value[1]:''' Ignored.
==== MainThreadHandle ====
This is the handle to the thread that is executing the entrypoint. Required for mutex to function.
* '''Key:''' 1
* '''IsMandatory:''' True
* '''Value[0]:''' Handle to the main thread.
* '''Value[1]:''' Ignored.
==== OverrideHeap ====
If the NRO loader has reserved some space in the heap for itself, the application must not manipulate the heap.
* '''Key:''' 2
* '''IsMandatory:''' False
* '''Value[0]:''' Base address of heap. Must be MemoryType 4, 5, or 9 with all reference counts being zero.
* '''Value[1]:''' Size of heap.
* '''DefaultBehavior:''' Allocates heap using svcSetHeapSize instead.
==== OverrideService ====
The NRO loader should be able to steal handles from more priliveged processes. In this case, the homebrew should use this handle instead of the normal one.
Note: For services that authenticate with pid, the app should not attempt re-authentication with an overridden handle.
* '''Key:''' 1
* '''IsMandatory:''' False
* '''Value[0]:''' Name of service, same format as for sm.
* '''Value[1]:''' Service handle.
* '''DefaultBehavior:''' Fetches service from "sm:" named port.