Find out unknown flags of ModuleFlags

[FluffyOMC]

The names for the Bitflags in rtld are openly available. @ultimaweapon

https://github.com/freebsd/freebsd-src/blob/releng/9.1/libexec/rtld-elf/rtld.h#L291-L298

[ultimaweapon]

The problem is we don't know which one.

[FluffyOMC]

Also, where'd you get the u16 value from? They're booleans in FreeBSD's source code

[ultimaweapon]

If you mean the ModuleFlags it is bit fields in the Struct_Obj_Entry.

[FluffyOMC]

Is there a certain Structure you used to find them? If so... Just gimme all your structures lmao

[ultimaweapon]

You cannot use the same technique like the syscall table in most cases.

[FluffyOMC]

Are you sure your own bitflags are proper? It seems like it'd be:

MAIN_PROG | 0x0001
RTLD | 0x0002
RELOCATED |  0x0004
VER_CHECKED | 0x0008
TEXTREL | 0x0010
SYMBOLIC | 0x0020
BIND_NOW | 0x0040
TRACED | traced | 0x0080
JMPSLOT_DONE |  0x0100
INIT_DONE | 0x0200
TLS_DONE | 0x0400
PHDR_ALLOC | 0x0800
Z_ORIGIN | 0x1000
Z_NODELETE | 0x2000
Z_NOOPEN | 0x4000
Z_LOADFLTR | 0x8000
Z_INTERPOSE | 0x10000
Z_NODEFLIB | 0x20000
REF_NODEL | 0x40000
INIT_SCANNED | 0x80000
ON_FINI_LIST | 0x100000
DAG_INITED | 0x200000
FILTEES_LOADED | 0x400000
IRELATIVE | 0x800000
GNU_IFUNC |  0x1000000
CRT_NO_INIT |  0x2000000
VALID_HASH_SYSV | 0x4000000
VALID_HASH_GNU | 0x8000000

[ultimaweapon]

If you got that from the FreeBSD source it is wrong.

[FluffyOMC]

Huh, so Sony is doing some jank shit? Fun... Hmmm... Well, wanna tell me how you got some of the initial bitflags so I can branch from that?

[ultimaweapon]

It is scattered in various places. You need to analyze multiple of functions to see it behavior in order to identify its name. obj_new function should be a good starting point.