Modules

The PSVita ELF loaded in memory is called a module. A module is distinctive by its dbg_fingerprint and in most cases its name, but the same module name can be used in both the non-secure kernel and the secure kernel (example: SceSysmem).

SceModuleInfo
The first SCE specific section .sceModuleInfo.rodata is located in the same program segment as .text. It contains metadata on the module.

SceModuleInfo location

 * For ET SCE EXEC executables, SceModuleInfo structure is located in text segment at offset e_entry.


 * For ET SCE RELEXEC executables, the segment containing SceModuleInfo structure is indexed by the upper two bits of e_entry of the ELF header. The structure is stored at the base offset of the segment plus the offset defined by the bottom 30 bits of e_entry.

SceModuleInfo structure
Some fields are optional and can be set to zero. The other fields determine how this module is loaded and linked. All offset fields are formatted as follows: top 2 bits is an index to the segment to start at and bottom 30 bits is an offset from the segment start. Currently, the segment start index must match the segment that the module information structure is in.

Modules imports-exports
Each module contains zero or more library exports and zero or more library imports. An exported library groups together related functions along with their NID and exports it for SceKernelModulemgr to link with a library import in another module.

Exports
An array of export entries defines all the libraries exported by the module.

There is a special export entry that always shows up (even when the module exports no libraries) with flags 0x8000 and NID 0x00000000 that exports the module_start, module_stop, module_exit functions, module_info variable (if available).

The NIDs for these exports are common for all modules. On 0.940-1.00 psp2ld.exe (linker) these NIDs are hardcoded:

A way to generate NONAME exports NIDs was found in 0.945 armlibgen.exe: uint32_t nid = sha1(name + suffix); where suffix can be found on https://playstationdev.wiki/psvitadevwiki/index.php?title=Keys#PSVITA_noname_exports.

Kernel modules that export user accessible libraries also get entries added to the syscall table. The table is randomized on each boot so the same function will likely get a different syscall number assigned each time.

Imports
Each module can import any number of libraries from other modules by specifying the library NID to import along with a list of functions/variables NIDs to import. SceKernelModulemgr does the dynamic linking by either jumping to an address if the two modules are in the same privilege level, or making a syscall if it is userland module importing a library exported by a kernel module. Kernel modules cannot import user libraries.

Library attribute flags
Flags are ORed together and identified as follows:

Relocations
Relocations are stored within the PT_SCE_RELA segment.

Relocation entry format can be one of 10 types which is determined by r_format (the first 4 bits).

List of Modules
Below is a list of all known Modules in the system along with the lowest version number it was seen on.

3.60 Retail Modules
Module name obtained in decrypted SELF at offset (elf_hdr.entrypoint+4) and program-authority-id in SELF header at offset 0x80.