Chinaunix首页 | 论坛 | 博客
  • 博客访问: 13334744
  • 博文数量: 2005
  • 博客积分: 11986
  • 博客等级: 上将
  • 技术积分: 22365
  • 用 户 组: 普通用户
  • 注册时间: 2007-05-17 13:56
文章分类

全部博文(2005)

文章存档

2014年(2)

2013年(2)

2012年(16)

2011年(66)

2010年(368)

2009年(743)

2008年(491)

2007年(317)

分类:

2009-03-29 19:39:43

CE5.0 - Lanch地址是怎么获得的_romimage和viewbin工具

使用ADS仿真软件AXD以加载memory的方式加载eboot.nb0或者nk.nb0,会发现它们image的头4个字节就是相对跳转指令b,
它们都会向后跳转使用viewbin看到的偏移值大小,比如下面的b 0x2B7B4,所以对于nk.nb0位于TOC中的jumpaddr,完全可以是
nk.nb0的编译地址,而不用非要是它的经过b 0x2B7B4相加该偏移地址之后0x80001000+0x2B7B4=0x8002C7B4虚拟地址,直接跳到0x80001000虚拟地址即可,
该处的b 0x2B7B4指令会自动向后跳0x2B7B4字节,去执行程序,eboot.nb0原理类似[lutehr.gliethttp]

可以将C:\WINCE500\PUBLIC\COMMON\OAK\BIN\I386目录添加到系统环境PATH中,最好将它追加大路径最后,这样保证只有当在所有路径都找不到指令后才来这里查找,
让这里的.exe文件优先级最低[luther.gliethttp].
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\WINCE500\PBWorkspaces\QT2440\RelDir\smdk2440a_ARMV4I_Release>viewbin
Filename required
Usage: viewbin [ options ]
Options:
  -d[ata]     Prints all data bytes (potentially huge output!)
  -t[oc]      Prints Table of Contents
  -o[bj]      Prints Table of Contents and Objects Information  //可以打印该bin文件包含的所有module对象[luther.gliethttp]
  -r[ec]      Prints Record Information
  -sym        Prints Profiling Symbol Information

C:\WINCE500\PBWorkspaces\QT2440\RelDir\smdk2440a_ARMV4I_Release>viewbin -o NK.bin
ViewBin... NK.bin
Image Start = 0x80001000, length = 0x0190FD94
                Start address = 0x8002C7B4  //这就是pTOC中的dwJumpAddress地址,也就是nk.exe的存储地址[luther.gliethttp]
//其值等效于《CE5.0 - eboot烧写NK.nb0的详细流程》中*pdwLaunchAddr   = 0x8002C794;// lanch地址也是固定的
//所以对于该nk.nb0这里就应该改为*pdwLaunchAddr = 0x8002C7B4;[luther.gliethttp]
Checking record #152 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC  = 0x8190edc8
ROMOFFSET = 0x00000000

ROMHDR ----------------------------------------
    DLL First           : 0x01DA01E3  
    DLL Last            : 0x02000000  
    Physical First      : 0x80001000  
    Physical Last       : 0x81910D94  
    RAM Start           : 0x8C200000  
    RAM Free            : 0x8C229000  
    RAM End             : 0x8E000000  
    Kernel flags        : 0x00000002  
    Prof Symbol Offset  : 0x00000000  
    Num Copy Entries    :          1    
    Copy Entries Offset : 0x80C23E44  
    Num Modules         :        173    
    Num Files           :         90    
    MiscFlags           : 0x00000002  
    CPU                 :     0x01c2 (Thumb)
    Extensions          : 0x80003210

ROMHDR Extensions -----------------------------
    PID[0] = 0x00000000
    PID[1] = 0x00000000
    PID[2] = 0x00000000
    PID[3] = 0x00000000
    PID[4] = 0x00000000
    PID[5] = 0x00000000
    PID[6] = 0x00000000
    PID[7] = 0x00000000
    PID[8] = 0x00000000
    PID[9] = 0x00000000
    Next: 00000000

COPY Sections ---------------------------------
    Src: 0x80C88BF4   Dest: 0x8C206000   CLen: 0x3F4      DLen: 0x2266C

MODULES ---------------------------------------
    ==== nk.exe ===============================
    TOCentry (nk.exe) -------------------------
        dwFileAttributes    : 0x7
        ftTime              :  3/25/2009  04:37:48
        nFileSize           : 0x6B000 (438272)
        ulE32Offset         : 0x8085BF7C //入口虚拟地址,对应nk.nb0偏移值为0x8085BF7C-0x80001000=0x85AF7C
//从nk.nb0的0x85AF7C偏移处读到如下数据:
//0085AF70 : 00 00 00 00 00 00 00 00 E0 11 72 03 04 00 2E 01
//0085AF80 : B4 B7 02 00 00 10 00 80 05 00 00 00 00 00 01 00
//0085AF90 : 00 70 09 00 00 00 00 00 00 00 00 00 1B B5 C9 49
//e32_rom->e32_objcnt       = 0x0004;
//e32_rom->e32_imageflags   = 0x012E;
//e32_rom->e32_entryrva     = 0x0002B7B4;
//e32_rom->e32_vbase        = 0x80001000;
//e32_rom->e32_subsysmajor  = 0x0005;
//e32_rom->e32_subsysminor  = 0x0000;
//e32_rom->e32_stackmax     = 0x00010000;
//e32_rom->e32_vsize        = 0x00097000;
//e32_rom->e32_sect14rva    = 0x00000000;
//e32_rom->e32_sect14size   = 0x00000000;
//e32_rom->e32_timestamp    = 0x49C9B51B;
romimage.exe源码位于WINCE500\PRIVATE\WINCEOS\COREOS\NK\TOOLS\ROMIMAGE\ROMIMAGE目录下
经过romimage加工成的nk.nb0[luther.gliethttp]
其e32_exe数据不遵循个下面的比较完全的typedef struct e32_exe结构体,而是这样的一个精简必须项typedef struct e32_rom结构体[luther.gliethttp]
typedef struct e32_rom {
    unsigned short  e32_objcnt;     /* Number of memory objects            */
    unsigned short  e32_imageflags; /* Image flags                         */
    unsigned long   e32_entryrva;   /* Relative virt. addr. of entry point */
    unsigned long   e32_vbase;      /* Virtual base address of module      */
    unsigned short  e32_subsysmajor;/* The subsystem major version number  */
    unsigned short  e32_subsysminor;/* The subsystem minor version number  */
    unsigned long   e32_stackmax;   /* Maximum stack size                  */
    unsigned long   e32_vsize;      /* Virtual size of the entire image    */
    unsigned long   e32_sect14rva;  /* section 14 rva */
    unsigned long   e32_sect14size; /* section 14 size */
    unsigned long   e32_timestamp;  /* Time EXE/DLL was created/modified   */
    struct info     e32_unit[ROM_EXTRA]; /* Array of extra info units      */
    unsigned short  e32_subsys;     /* The subsystem type                  */
} e32_rom;

nk.bin其对应数据结构为
typedef struct e32_exe {            /* PE 32-bit .EXE header               */
    unsigned char   e32_magic[4];   /* Magic number E32_MAGIC              */
    unsigned short  e32_cpu;        /* The CPU type                        */
    unsigned short  e32_objcnt;     /* Number of memory objects            */
    unsigned long   e32_timestamp;  /* Time EXE file was created/modified  */
    unsigned long   e32_symtaboff;  /* Offset to the symbol table          */
    unsigned long   e32_symcount;   /* Number of symbols                   */
    unsigned short  e32_opthdrsize; /* Optional header size                */
    unsigned short  e32_imageflags; /* Image flags                         */
    unsigned short  e32_coffmagic;  /* Coff magic number (usually 0x10b)   */
    unsigned char   e32_linkmajor;  /* The linker major version number     */
    unsigned char   e32_linkminor;  /* The linker minor version number     */
    unsigned long   e32_codesize;   /* Sum of sizes of all code sections   */
    unsigned long   e32_initdsize;  /* Sum of all initialized data size    */
    unsigned long   e32_uninitdsize;/* Sum of all uninitialized data size  */
    unsigned long   e32_entryrva;   /* Relative virt. addr. of entry point */
    unsigned long   e32_codebase;   /* Address of beginning of code section*/
    unsigned long   e32_database;   /* Address of beginning of data section*/
    unsigned long   e32_vbase;      /* Virtual base address of module      */
    unsigned long   e32_objalign;   /* Object Virtual Address align. factor*/
    unsigned long   e32_filealign;  /* Image page alignment/truncate factor*/
    unsigned short  e32_osmajor;    /* The operating system major ver. no. */
    unsigned short  e32_osminor;    /* The operating system minor ver. no. */
    unsigned short  e32_usermajor;  /* The user major version number       */
    unsigned short  e32_userminor;  /* The user minor version number       */
    unsigned short  e32_subsysmajor;/* The subsystem major version number  */
    unsigned short  e32_subsysminor;/* The subsystem minor version number  */
    unsigned long   e32_res1;       /* Reserved bytes - must be 0  */
    unsigned long   e32_vsize;      /* Virtual size of the entire image    */
    unsigned long   e32_hdrsize;    /* Header information size             */
    unsigned long   e32_filechksum; /* Checksum for entire file            */
    unsigned short  e32_subsys;     /* The subsystem type                  */
    unsigned short  e32_dllflags;   /* DLL flags                           */
    unsigned long   e32_stackmax;   /* Maximum stack size                  */
    unsigned long   e32_stackinit;  /* Initial committed stack size        */
    unsigned long   e32_heapmax;    /* Maximum heap size                   */
    unsigned long   e32_heapinit;   /* Initial committed heap size         */
    unsigned long   e32_res2;       /* Reserved bytes - must be 0  */
    unsigned long   e32_hdrextra;   /* Number of extra info units in header*/
    struct info     e32_unit[STD_EXTRA]; /* Array of extra info units      */
} e32_exe, *LPe32_exe;
        ulO32Offset         : 0x80C20FA0
        ulLoadOffset        : 0x80001000
    e32_rom (nk.exe) --------------------------
        e32_objcnt          : 4
        e32_imageflags      : 0x12E
        e32_entryrva        : 0x2B7B4   //这个就是偏移地址,所以0x80001000+0x2B7B4=0x8002C7B4
        e32_vbase           : 0x80001000
        e32_subsysmajor     : 0x5
        e32_subsysminor     : 0x0
        e32_stackmax        : 0x10000
        e32_vsize           : 0x97000
        e32_timestamp       : 0x49C9B51B
    o32_rom[0] (nk.exe) ------------------------
        o32_vsize           : 0x660E8
        o32_rva             : 0x1000
        o32_psize           : 0x66200
        o32_dataptr         : 0x80002000
        o32_realaddr        : 0x80002000
        o32_flags           : 0x60000020
    o32_rom[1] (nk.exe) ------------------------
        o32_vsize           : 0x6000
        o32_rva             : 0x68000
        o32_psize           : 0x0
        o32_dataptr         : 0x806AAFFC
        o32_realaddr        : 0x8C200000
        o32_flags           : 0xC0000080
    o32_rom[2] (nk.exe) ------------------------
        o32_vsize           : 0x2266C
        o32_rva             : 0x6E000
        o32_psize           : 0x3F4
        o32_dataptr         : 0x80C88BF4
        o32_realaddr        : 0x8C206000
        o32_flags           : 0xC0000040
    o32_rom[3] (nk.exe) ------------------------
        o32_vsize           : 0x2098
        o32_rva             : 0x68000
        o32_psize           : 0x2200
        o32_dataptr         : 0x80069000
        o32_realaddr        : 0x80092000
        o32_flags           : 0x40000040

    ==== coredll.dll ===============================
    TOCentry (coredll.dll) -------------------------
        dwFileAttributes    : 0x1007
        ftTime              :  3/25/2009  04:38:32
        nFileSize           : 0x88400 (558080)
        ulE32Offset         : 0x80386F5C
        ulO32Offset         : 0x8045FF94
        ulLoadOffset        : 0x80099000
    e32_rom (coredll.dll) --------------------------
        e32_objcnt          : 4
        e32_imageflags      : 0x212E
        e32_entryrva        : 0x7A68
        e32_vbase           : 0x3F70000
        e32_subsysmajor     : 0x5
        e32_subsysminor     : 0x0
        e32_stackmax        : 0x10000
        e32_vsize           : 0x8D000
        e32_timestamp       : 0x49C9B41E
    o32_rom[0] (coredll.dll) ------------------------
        o32_vsize           : 0x78298
        o32_rva             : 0x1000
        o32_psize           : 0x78400
        o32_dataptr         : 0x8006C000
        o32_realaddr        : 0x3F71000
        o32_flags           : 0x60000020
    o32_rom[1] (coredll.dll) ------------------------
        o32_vsize           : 0x12A4
        o32_rva             : 0x7A000
        o32_psize           : 0x58C
        o32_dataptr         : 0x80BE8A40
        o32_realaddr        : 0x1FFE000
        o32_flags           : 0xC0002040
    o32_rom[2] (coredll.dll) ------------------------
        o32_vsize           : 0x5040
        o32_rva             : 0x7C000
        o32_psize           : 0x2489
        o32_dataptr         : 0x80D1B000
        o32_realaddr        : 0x3FEC000
        o32_flags           : 0x40002040
    o32_rom[3] (coredll.dll) ------------------------
        o32_vsize           : 0x62AC
        o32_rva             : 0x82000
        o32_psize           : 0x6400
        o32_dataptr         : 0x800E5000
        o32_realaddr        : 0x3FF2000
        o32_flags           : 0x40000040

    ==== filesys.exe ===============================
    TOCentry (filesys.exe) -------------------------
        dwFileAttributes    : 0x7
        ftTime              :  3/25/2009  04:38:32
        nFileSize           : 0x37E00 (228864)
        ulE32Offset         : 0x8034AF84
        ulO32Offset         : 0x8041CF98
        ulLoadOffset        : 0x80127000
    e32_rom (filesys.exe) --------------------------
        e32_objcnt          : 4
        e32_imageflags      : 0x12F
        e32_entryrva        : 0xBBD0
        e32_vbase           : 0x10000
        e32_subsysmajor     : 0x5
        e32_subsysminor     : 0x0
        e32_stackmax        : 0x10000
        e32_vsize           : 0x45000
        e32_timestamp       : 0x49C9B0E2
    ......
C:\WINCE500\PBWorkspaces\QT2440\RelDir\smdk2440a_ARMV4I_Release>

viewbin.exe源码位于:PRIVATE\WINCEOS\COREOS\NK\TOOLS\ROMIMAGE\VIEWBIN\viewbin.c [luther.gliethttp]
阅读(2509) | 评论(1) | 转发(0) |
给主人留下些什么吧!~~