我們知道Adnroid的Boot.img包其實就是就是把kernel和ramdisk.img再加一個page的頭碼成的。其結構就如下所示
/*
** +-----------------+
** | boot header | 1 page
** +-----------------+
** | kernel | n pages
** +-----------------+
** | ramdisk | m pages
** +-----------------+
** | second stage | o pages
** +-----------------+
**
** n = (kernel_size + page_size - 1) / page_size
** m = (ramdisk_size + page_size - 1) / page_size
** o = (second_size + page_size - 1) / page_size
**
** 0. all entities are page_size aligned in flash
** 1. kernel and ramdisk are required (size != 0)
** 2. second is optional (second_size == 0 -> no second)
** 3. load each element (kernel, ramdisk, second) at
** the specified physical address (kernel_addr, etc)
** 4. prepare tags at tag_addr. kernel_args[] is
** appended to the kernel commandline in the tags.
** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
** 6. if second_size != 0: jump to second_addr
** else: jump to kernel_addr
*/
參考android的mkbootfs的源碼和網上的一些資料寫了一個解壓boot.img的程序。代碼實在是太丑了。寫得有點急,就只管功能了~(大神繞過)
費話不說,上代碼。
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
//#include "mincrypt/sha.h"
//typedef struct boot_img_hdr boot_img_hdr;
#define BOOT_MAGIC "ANDROID!"
#define BOOT_MAGIC_SIZE 8
#define BOOT_NAME_SIZE 16
#define BOOT_ARGS_SIZE 512
struct boot_img_hdr
{
unsigned char magic[BOOT_MAGIC_SIZE];
unsigned kernel_size;
unsigned kernel_addr;
unsigned ramdisk_size;
unsigned ramdisk_addr;
unsigned second_size;
unsigned second_addr;
unsigned tags_addr;
unsigned page_size;
unsigned unused[2];
unsigned char name[BOOT_NAME_SIZE];
unsigned char cmdline[BOOT_ARGS_SIZE];
unsigned id[8];
};
static void *load_file(const char *fname)
{
int fd;
int img_size;
char *buffer;
fd=open(fname, O_RDONLY);
if(fd < 0)
{
return 0;
}
img_size = lseek(fd, 0, SEEK_END);
if(img_size < 0) goto oops;
printf("\nimg_size is %d\n",img_size);
if(lseek(fd, 0, SEEK_SET) !=0) goto oops;
buffer = (char *) malloc(img_size);
if(buffer == 0) goto oops;
if(read(fd, buffer, img_size) != img_size) goto oops;
return buffer;
printf("you cant't see this\n");
oops:
close(fd);
if(buffer != 0) free(buffer);
return 0;
}
int main(int argc, char ** argv)
{
struct boot_img_hdr hdr;
int pagesize=2048;
char boot_name[10];
char *ramdisk_name="ramdisk.img";
char *kernel_name="kernel";
int num_kpage;
int img_size;
void *image_buffer;
char * kernel_buffer;
char * ramdisk_buffer;
int kfd;
int rfd;
memset(&hdr, 0, sizeof(hdr));
if(argc != 2)
{
printf("Paramater error\n");
exit(0);
}
strcpy(boot_name, argv[1]);
image_buffer = load_file(boot_name);
memcpy(&hdr, image_buffer, sizeof(hdr));
printf("kernel_size is%d\nkernel_addr is%d\nramdisk_size is%d\nramdisk_addr is%d\ncommand_line%s\n", hdr.kernel_size, hdr.kernel_addr,hdr.ramdisk_size, hdr.ramdisk_addr,hdr.cmdline);
kernel_buffer = (char *) malloc(hdr.kernel_size);
memcpy(kernel_buffer, image_buffer+2048, hdr.kernel_size);
kfd = open(kernel_name, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if((write(kfd,kernel_buffer,hdr.kernel_size)!=hdr.kernel_size))
{
printf(" write kernel fail\n");
}
num_kpage= (hdr.kernel_size+ pagesize -1)/pagesize;
num_kpage++;
ramdisk_buffer = (char *) malloc(hdr.ramdisk_size);
memcpy(ramdisk_buffer, image_buffer+num_kpage*2048, hdr.ramdisk_size);
rfd = open(ramdisk_name, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if((write(rfd,ramdisk_buffer,hdr.ramdisk_size)!=hdr.ramdisk_size))
{
printf(" write ramdisk.img fail\n");
}
printf("\nUnpack to %s , %s \n",kernel_name,ramdisk_name);
printf("unpacking finished!\n\n");
free(kernel_buffer);
close(kfd);
free(ramdisk_buffer);
close(rfd);
free(image_buffer);
printf("=======================================\n\n");
return (0);
}
作者:華
轉載請注明出處:http://blog.csdn.net/godisagirl2/article/details/8664808