Kernel
The Xbox kernel is called xboxkrnl.exe. It is closely related to the Windows NT ntoskrnl.exe. Its image base address is always 0x80010000.
Contents
Header modifications
xboxkrnl.exe is a mostly standard exe file. However, the MS-DOS header was patched to contain Xbox specific data in the reserved 20 byte block starting at offset 40:
| Offset | Meaning |
|---|---|
| 40 | Size of uninitialized portion of the .data section |
| 44 | Size of initialized portion of the .data section |
| 48 | Memory address of initialized portion of the .data section (usually in Flash). Used to re-initialize the data section pointed to by the next field. Note that the pointer might be invalid during normal execution as the Flash might not be mapped at all times. |
| 52 | Memory address where the .data section is stored (usually the same as in the section header + image base). |
Sections
All sections are identity mapped (meaning file offsets and offsets in RAM match). This is because the kernel is not loaded through a traditional PE / exe loader, but just unpacked into memory.
.text
The .text section contains the kernel exports.
.data
The .data section stores initialized and uninitialized data. A copy of the initialized portion of this section is usually stored in the BIOS.
STICKY
Stores variables which must be preserved across a quick-reboot.
IDEXPRDT
A Physical Region Descriptor Table (PRDT) for the IDE bus. This section serves as a memory allocation only, it does not have to be initialized when loading the kernel[citation needed].
INIT
This section is always the last one. It contains the entrypoint of the kernel. This does all the cold-boot kernel initialization as described here. Later kernels[FIXME] will discard this section after initialization. INIT also contains the Boot Animation, so once the kernel has finished booting it can't do a full hardware re-initialization or play the boot animation anymore.
