由于eboot虽小但是各个功能都具有,所以也是一个比较复杂的过程,下面将对它下面的主要函数进行说明,这里面好多函数都是与nk共用的,所以大多代码并不在eboot下面,而是在public下面。
1)KernelRelocate()
第一个函数KernelRelocate (pTOC)这个函数实际是将片上一些变量移动到可读写的区域:他的原型就在blcommon.c下面:
static BOOL KernelRelocate (ROMHDR *const pTOC)
{
ULONG loop;
COPYentry *cptr;
if (pTOC == (ROMHDR *const) -1) {
return FALSE; // spin forever!
}
// This is where the data sections become valid... don't read globals until after this
for (loop = 0; loop < pTOC->ulCopyEntries; loop++) {
cptr = (COPYentry *)(pTOC->ulCopyOffset + loop*sizeof(COPYentry));
if (cptr->ulCopyLen)
memcpy((LPVOID)cptr->ulDest,(LPVOID)cptr->ulSource,cptr->ulCopyLen);
if (cptr->ulCopyLen != cptr->ulDestLen)
memset((LPVOID)(cptr->ulDest+cptr->ulCopyLen),0,cptr->ulDestLen-cptr->ulCopyLen);
}
return TRUE;
}
它的主要参数pToc是在制作镜像的时候编译生成的,指向一个ROMHDR的结构体,关于这个结构体在这里就不再详细叙述,函数的主要目的是将一些变量搬移到RAM中,这是为了防止对变量的写操作(FLASH中不能直接进行写操作)。
2)OEMDebugInit ()
第二个函数OEMDebugInit ()实际是为了调试而需要初始化的,如果是产品这块东西可以去掉,他的原型在main.c里面。在这里调用和内核共用的串口代码:
BOOL OEMDebugInit()
{
// Assign callback functions to be usec by blcommon.
//
g_pOEMReportError = OEMReportError;
g_pOEMVerifyMemory = OEMVerifyMemory; // Verify memory to be used by downloaded image...
g_pOEMMultiBINNotify = OEMMultiBINNotify; // Notified of all the BIN files to be downloaded...
OEMInitDebugSerial();
return TRUE;
}
关于OEMInitDebugSerial()在内核代码中,关于串口的配置和使用比较简单,这里不再多讲,顺便让大家注意一下就是检查你的串口是UART0还是UART1,同时在加载内核的时候务必不要让同样的资源进行冲突,不然系统会报错的。
3)OEMPlatformInit ()
这里初始化串口后会在PC机上打印出一些调试和版本信息。接下来的一个函数是EBOOT里面比较重要的: OEMPlatformInit (),这个函数在下载之前做了大量的硬件和资源方面的准备工作,其原型也在main.c里面,其作用由于相当的重要,所以我进行了详细的注释,如下:
BOOL OEMPlatformInit()
{
SYSTEMTIME st;
SYSTEMTIME defst = {2002, 1, 0, 1, 12, 0, 0, 0};
DWORD dwStartTime, dwPrevTime, dwCurrTime;
int cKeySelect = 0;
DWORD dwBootDelay = 10; // seconds. N.B: change for retail device!
#ifdef SIMULATOR
EdbgOutputDebugString("Microsoft Windows CE SMDK2440 Bootloader *** SIMULATOR *** /r/n");
#else
EdbgOutputDebugString("Microsoft Windows CE SMDK2440 Bootloader Version %d.%d Built %s %s /r/n",
EBOOT_VERSION_MAJOR, EBOOT_VERSION_MINOR, __DATE__, __TIME__);
#endif
// Initialize the globals
//
memset((LPVOID) &(pDriverGlobals->eth), 0, DBG_ETH_GLOBALS_SIZE);
memset((LPVOID) &g_TOC, 0, sizeof(g_TOC));
//对全局变量清零初始化
// This should not change unless reserved blocks are added/removed;
// made global to do the calc only once.
g_dwImageStartBlock = IMAGE_START_BLOCK;
// Check real time clock, initialize if necessary (used for polling in net routines)
//
OEMGetRealTime(&st);
if ((st.wYear < 2000) ||
(st.wMonth < 1) ||
(st.wMonth > 12) ||
(st.wDay < 1) ||
(st.wDay > 31) ||
(st.wHour > 23) ||
(st.wMinute > 59) ||
(st.wSecond > 59) ||
(st.wMilliseconds > 999)) {
OEMSetRealTime(&defst);
}
else {
OEMSetRealTime(&st);
}
//获取并且初始化实时时钟
if (!InitUSB())
{
DEBUGMSG(1, (TEXT("OEMPlatformInit: Failed to initialize USB./r/n")));
return(FALSE);
}
//这块相当重要,虽然EBOOT是基于网络下载内核的,但是这里是基于USB,所以在这里初始化USB的参数,后面还将详细的说明
Isr_Init();
//中断初始化,这里是为USB下载做准备工作
// Try to initialize the boot media block driver and BinFS partition.
//
if ( !BP_Init((LPBYTE)BINFS_RAM_START, BINFS_RAM_LENGTH, NULL, NULL, NULL) )
{
//这里是对磁盘初始化,为后期将内核下载后存入FLASH做准备
EdbgOutputDebugString("WARNING: OEMPlatformInit failed to initialize Boot Media./r/n/r/n");
g_bBootMediaExist = FALSE;
}
else
g_bBootMediaExist = TRUE;
// Try to retrieve TOC (and Boot config) from boot media
//
if ( !TOC_Read( ) ) {
// use default settings
TOC_Init(DEFAULT_IMAGE_DESCRIPTOR, (IMAGE_TYPE_RAMIMAGE|IMAGE_TYPE_BINFS), 0, 0, 0);
}
//TOC的初始化
// Start boot monitor prompt
//
dwBootDelay = g_pBootCfg->BootDelay;
if (g_pBootCfg->ConfigFlags & BOOT_TYPE_DIRECT)
{
EdbgOutputDebugString ( "Press [ENTER] to launch image stored on boot media, or [SPACE] to enter boot monitor./r/n");
EdbgOutputDebugString ( "/r/nInitiating image launch in %d seconds. ", dwBootDelay--);
} else
{
EdbgOutputDebugString ( "Press [ENTER] to download image now, or [SPACE] to enter boot monitor./r/n");
EdbgOutputDebugString ( "/r/nInitiating image download in %d seconds. ", dwBootDelay--);
}
dwStartTime = OEMEthGetSecs();
dwPrevTime = dwStartTime;
dwCurrTime = dwStartTime;
// allow the user to break into boot monitor
while((dwCurrTime - dwStartTime) < dwBootDelay)
{
cKeySelect = OEMReadDebugByte();
if ((cKeySelect == 0x20) || (cKeySelect == 0x0d))
break;
dwCurrTime = OEMEthGetSecs();
if (dwCurrTime > dwPrevTime)
{
int i=0, j;
// 1 Second has elapsed - update the countdown timer.
dwPrevTime = dwCurrTime;
if (dwBootDelay < 9)
i = 11;
else if (dwBootDelay < 99)
i = 12;
else if (dwBootDelay < 999)
i = 13;
for(j = 0; j < i; j++)
OEMWriteDebugByte((BYTE)0x08); // print back space
EdbgOutputDebugString ( "%d seconds. ", dwBootDelay--);
}
}
EdbgOutputDebugString ( "/r/n");
//上面的代码虽然多,但是功能简单,就是等待用户选择是从USB下载还是从硬盘读取
switch(cKeySelect)
{
case 0x20: // Boot monitor.
g_bDownloadImage = BootMonitor( );
//如果是下载,给出菜单选择,否则从硬盘读取
break;
case 0x00: // Fall through if no keys were pressed -or-
case 0x0d: // the user cancelled the countdown.
default:
EdbgOutputDebugString ("/r/n direct_g_pBootCfg->ConfigFlags =%x/r/n",g_pBootCfg->ConfigFlags);
if (g_pBootCfg->ConfigFlags & BOOT_TYPE_DIRECT)
{
EdbgOutputDebugString ( "/r/nLaunching image from boot media ... /r/n");
g_bDownloadImage = FALSE;
}
else
{
EdbgOutputDebugString ( "/r/nStarting auto-download ... /r/n");
g_bDownloadImage = TRUE;
}
break;
}
// NOTE - right now, we assume that if we're downloading, it's done over Ethernet.
// In the future, this may include other transports (USB, etc.).
//
if ( !g_bDownloadImage )
{
// User doesn't want to download image - load it from the boot media.
// We could read an entire nk.bin or nk.nb0 into ram and jump.
if ( !VALID_TOC(g_pTOC) ) {
EdbgOutputDebugString("OEMPlatformInit: ERROR_INVALID_TOC, can not autoboot./r/n");
return FALSE;
}
EdbgOutputDebugString ( "/r/ng_ImageType_from =%x/r/n",g_ImageType);
switch (g_ImageType) {
//开始从硬盘读取内核,检验内核格式,在这里是
case IMAGE_TYPE_LOADER:
EdbgOutputDebugString("OEMPlatformInit: IMAGE_TYPE_LOADER/r/n");
break;
case IMAGE_TYPE_RAMIMAGE:
EdbgOutputDebugString("OEMPlatformInit: IMAGE_TYPE_RAMIMAGE/r/n");
if ( !ReadRamImageFromBootMedia( ) ) {
RETAILMSG(1, (TEXT("OEMPlatformInit ERROR: Failed to load kernel region into RAM./r/n")));
return FALSE;
}
break;
case (IMAGE_TYPE_RAMIMAGE|IMAGE_TYPE_BINFS):
case (IMAGE_TYPE_RAMIMAGE|IMAGE_TYPE_BINFS|IMAGE_TYPE_MXIP):
EdbgOutputDebugString("OEMPlatformInit: IMAGE_TYPE_RAMIMAGE|IMAGE_TYPE_BINFS|IMAGE_TYPE_MXIP/r/n");
// N.B: this assumes the image is setup as multi-bin for BinFS.
if ( !ReadKernelRegionFromBootMedia( ) ) {
//从硬盘加载内核
RETAILMSG(1, (TEXT("OEMPlatformInit ERROR: Failed to load kernel region into RAM./r/n")));
return FALSE;
}
break;
default:
EdbgOutputDebugString("OEMPlatformInit ERROR: unknown image type: 0x%x /r/n", g_ImageType );
return FALSE;
}
}
// If user specified a static IP address, use it (don't use DHCP).
//
if (g_bDownloadImage && !(g_pBootCfg->ConfigFlags & CONFIG_FLAGS_DHCP))
{
pDriverGlobals->eth.TargetAddr.dwIP = g_pBootCfg->EdbgAddr.dwIP;
pDriverGlobals->eth.SubnetMask = g_pBootCfg->SubnetMask;
}
// Configure Ethernet controller.
//
if ( g_pBootCfg->ConfigFlags & CONFIG_FLAGS_DEBUGGER )
{
if ( g_bUSBDownload == FALSE )
{
/* if (!InitEthDevice(g_pBootCfg))
{
DEBUGMSG(1, (TEXT("OEMPlatformInit: Failed to initialize Ethernet controller./r/n")));
return(FALSE);
}*/
}
}
return TRUE;
}
这个函数初始化了USB、中断、BIFS硬盘格式以及TOC,然后与用户交互选择是在USB下载还是直接从硬盘直接读取。由于涉及东西比较关键,下面会分析这些东西:
首先是InitUSB(),这个函数在$(_TARGETPLATROOT)/EBOOT/USB.C下面,首先进行了USB描述符的初始化,后然进行各个端点的配置:
BOOL InitUSB()
{
BYTE index;
UCHAR cRxChar;
volatile INTreg *s2440INT = (INTreg *)INT_BASE;
pUSBCtrlAddr = (PUSHORT)(USB_BASE);
InitDescriptorTable();//USB标准描述符初始化,有兴趣的可以仔细研究一下,函数在同一个文件下面
//
// Initialize the USBD Controller
//这里USB使用的slave模式,ep0为控制端点,ep1/2/3/4为数据端点
index = pUSBCtrlAddr->INDEX.index;
// suspend mode disable
pUSBCtrlAddr->PMR.sus_en = 0x0;
// setup endpoint 0
pUSBCtrlAddr->INDEX.index = 0;
pUSBCtrlAddr->MAXP.maxp = 0x1; // 8 BYTE
pUSBCtrlAddr->EP0ICSR1.sopr_cdt = 1; //清除 OUT_PKT_RDY
pUSBCtrlAddr->EP0ICSR1.sse_ = 1; // 清除SETUP_END
// setup endpoint 1
pUSBCtrlAddr->INDEX.index = 1;
pUSBCtrlAddr->MAXP.maxp = 0x8; // 64 BYTE
pUSBCtrlAddr->EP0ICSR1.de_ff = 1;
pUSBCtrlAddr->EP0ICSR1.sopr_cdt = 1;
pUSBCtrlAddr->ICSR2.mode_in = 1; // IN
pUSBCtrlAddr->ICSR2.iso = 0; // BULK
// setup endpoint 3
pUSBCtrlAddr->INDEX.index = 3;
pUSBCtrlAddr->MAXP.maxp = 0x8; // 64 BYTE
pUSBCtrlAddr->EP0ICSR1.de_ff = 1;
pUSBCtrlAddr->EP0ICSR1.sopr_cdt = 1;
pUSBCtrlAddr->ICSR2.mode_in = 0; // OUT
pUSBCtrlAddr->OCSR2.iso = 0; // BULK
// clear all EP interrupts
pUSBCtrlAddr->EIR.ep0_int = 0x1;
pUSBCtrlAddr->EIR.ep1_int = 0x1;
pUSBCtrlAddr->EIR.ep2_int = 0x1;
pUSBCtrlAddr->EIR.ep3_int = 0x1;
pUSBCtrlAddr->EIR.ep4_int = 0x1;
// clear reset int
pUSBCtrlAddr->UIR.reset_int = 0x1;
// EP0, 1, & 3 Enabled, EP2, 4 Disabled
pUSBCtrlAddr->EIER.ep0_int_en = 0x1;
pUSBCtrlAddr->EIER.ep2_int_en = 0x0;
pUSBCtrlAddr->EIER.ep4_int_en = 0x0;
pUSBCtrlAddr->EIER.ep1_int_en = 0x1;
pUSBCtrlAddr->EIER.ep3_int_en = 0x1;
// enable reset int
pUSBCtrlAddr->UIER.reset_int_en = 0x1;
return TRUE;
}
之后的Isr_Init()其实也是针对USB的一些东西,我们查看原型:
void Isr_Init(void)
{
volatile INTreg *s2440INT = (INTreg *)INT_BASE;
s2440INT->rINTMOD=0x0; // All=IRQ mode
s2440INT->rINTMSK=BIT_ALLMSK; // All interrupt is masked.
// make value to assemble code "b IsrHandler"
pISR =(unsigned)(0xEA000000)+(((unsigned)IsrHandler - (0x8c000000 + 0x18 + 0x8) )>>2);
//跳转到isrHandler进行中断访问
s2440INT->rSRCPND = BIT_USBD;
if (s2440INT->rINTPND & BIT_USBD) s2440INT->rINTPND = BIT_USBD;
s2440INT->rINTMSK &= ~BIT_USBD; // USB Interrupt enable.
s2440INT->rSRCPND = BIT_DMA2;
if (s2440INT->rINTPND & BIT_DMA2) s2440INT->rINTPND = BIT_DMA2;
s2440INT->rINTMSK |= BIT_DMA2;
//s2440INT->rINTMSK &= ~BIT_DMA2; // DMA Interrupt enable.
}
这里面由于没有中断机制的建立,所以用了一种很特别的方式实现了中断:
#define pISR (*(unsigned *)(0x30000000+0x18)),这里0x30000000可以换为0x80000000,也可以换为0x00000000,这是因为将虚拟地址0 map到了0x30000000,同时映射到了0x80000000。(因为系统的reset为0地址开始)。再结合 pISR =(unsigned)(0xEA000000)+(((unsigned)IsrHandler - (0x8c000000 + 0x18 + 0x8) )>>2),不难发现当发生中断的时候会自动跳转到isrHandler,关于上面这句的翻译有很多资料已经详细说明,这里就不再多说了。有兴趣的朋友可以给我发邮件咨询。
同时我们可以查看到下面一段汇编:
LEAF_ENTRY IsrHandler
; sub sp,sp,#4 ;decrement sp(to store jump address)
sub lr, lr, #4
stmfd sp!, {r0-r12,lr}
mov r0, lr
bl IsrUsbd
ldmfd sp!, {r0-r12,lr}
movs pc, lr
ENDP ; |IsrHandler|
END
这个是IsrHandler,实际上它将现场保护之后进入了IsrUsbd。通过上面的详细叙述,我们最终发现做了这么大工作的目的就是为了进行中断跳转到IsrUsbd()。也就是开启USB中断。
接下来我们看看BP_Init((LPBYTE)BINFS_RAM_START, BINFS_RAM_LENGTH, NULL, NULL, NULL),WINCE500/PUBLIC/COMMON/OAK/DRIVERS/ETHDBG/BOOTPART/bootpart.cpp下面有这个函数。这个函数主要是对分区的一些全局变量初始化:
BOOL BP_Init (LPBYTE pMemory, DWORD dwSize, LPCTSTR lpActiveReg, PPCI_REG_INFO pRegIn, PPCI_REG_INFO pRegOut)
{
DWORD dwBufferSize;
if (!pMemory) {
RETAILMSG(1,(TEXT("BP_Init Fails No memory fails!!!/r/n")));
return FALSE;
}
if (!FMD_Init (lpActiveReg, pRegIn, pRegOut))
return FALSE;
if (!FMD_GetInfo (&g_FlashInfo)) {
RETAILMSG(1,(TEXT("BP_Init Fails FMD_GetInfo fails!!!/r/n")));
return FALSE;
}
// Check to make sure size is enough for one sector, one block, and sectorinfo buffer for one block
g_dwDataBytesPerBlock = g_FlashInfo.wDataBytesPerSector * g_FlashInfo.wSectorsPerBlock;
dwBufferSize = g_FlashInfo.wDataBytesPerSector + g_dwDataBytesPerBlock +
g_FlashInfo.wSectorsPerBlock * sizeof(SectorInfo);
if (dwSize < dwBufferSize) {
RETAILMSG(1,(TEXT("BP_Init Fails buffer size = %x < required = %x!!!/r/n"),dwSize,dwBufferSize));
return FALSE;
}
for (int i = 0; i < NUM_PARTS; i++) {
g_partStateTable[i].pPartEntry= NULL;
g_partStateTable[i].dwDataPointer = 0;
}
g_pbMBRSector = pMemory; //size = g_FlashInfo.wDataBytesPerSector;
g_pbBlock = pMemory + g_FlashInfo.wDataBytesPerSector; //size = g_dwDataBytesPerBlock;
g_pSectorInfoBuf = (PSectorInfo)(g_pbBlock + g_dwDataBytesPerBlock); //size = g_FlashInfo.wSectorsPerBlock * sizeof(SectorInfo);
g_dwLastLogSector = 0;
return TRUE;
}
主要是对全局变量g_pbMBRSector 、g_pbBlock和g_pSectorInfoBuf 进行初始化,分配内存后g_pbMBRSector是最开始的地址,占用一个sector(512B),接下来是一个BLOCK的缓存,开始地址为g_pbBlock,最后是g_pSectorInfoBuf,占用10个sector地址。所以在这里g_pbMBRSector开始地址是(BIN_FS 8c021000 00005000 RESERVED)的开始地址,由于是不能缓存的,所以是在0xAc021000。大小为5000是因为size >= 1 sector(g_pbMBRSector所用) + 1 block(g_pbBlock所用) + 32 个sector信息(16B)大小(g_pSectorInfoBuf所用) = 512B + 512B X 32 + 32 X 16B = 0x4400B。故这里大小选为5000,如果flash型号不一样这些参数都需要改变。
下面主要是对g_pbMBRSector指向的1个sector的结构体进行一下描述和说明,从下面的图中可以看到对于这一个sector(512B)的资源分配:
其中:
· 主引导程序(偏移地址0000H--0088H ),它负责从活动分区中装载,并运行系统引导程序。
· 出错信息数据区,偏移地址0089H--00E1H 为出错信息,00E2H--01BDH 全为0 字节。
· 分区表(DPT,Disk Partition Table )含4 个分区项,偏移地址01BEH--01FDH, 每个分区表项长16 个字节,共64 字节为分区项1 、分区项2 、分区项3 、分区项4 。
· 结束标志字,偏移地址01FE--01FF 的2 个字节值为结束标志55AA, 如果该标志错误系统就不能启动。(这里参考http://blog.csdn.net/wu_ye_zhou/archive/2010/06/12/5667136.aspx)
而对于每个分区其结构体定义如下表所示,其中在bootpart.h中也定义了这个结构体:
在这里所谓的磁头就是block,扇区就是sector,柱面在这里没有意思。结构体如下:
typedef struct _PARTENTRY {
BYTE Part_BootInd; // If 80h means this is boot partition
BYTE Part_FirstHead; // Partition starting head based 0
BYTE Part_FirstSector; // Partition starting sector based 1
BYTE Part_FirstTrack; // Partition starting track based 0
BYTE Part_FileSystem; // Partition type signature field
BYTE Part_LastHead; // Partition ending head based 0
BYTE Part_LastSector; // Partition ending sector based 1
BYTE Part_LastTrack; // Partition ending track based 0
DWORD Part_StartSector; // Logical starting sector based 0
DWORD Part_TotalSectors; // Total logical sectors in partition
} PARTENTRY;
typedef PARTENTRY UNALIGNED *PPARTENTRY;
下面是TOC_Read( )与TOC_Init()函数,这两个函数是对TOC结构体进行的操作,主要用于数据从硬盘读到RAM中的引导操作。其原型都在$(_TARGETPLATROOT)/eboot/fmd.cpp中。其中对TOC结构体的定义在$(_TARGETPLATROOT)/inc/loader.h中。
typedef struct _TOC {
DWORD dwSignature;
// How to boot the images in this TOC.
// This could be moved into the image descriptor if desired,
// but I prefer to conserve space.
BOOT_CFG BootCfg;
// Array of Image Descriptors.
IMAGE_DESCRIPTOR id[MAX_TOC_DESCRIPTORS];
// UCHAR Pad[12]; // align on SECTOR_SIZE
CHAININFO chainInfo;
} TOC, *PTOC; // 512 bytes
从上面可以看出这里主要是IMAGE_DESCRIPTOR这个结构体,关于它的定义也在同一个目录下面:
typedef struct _IMAGE_DESCRIPTOR {
// File version info
DWORD dwVersion; // e.g: build number
DWORD dwSignature; // e.g: "EBOT", "CFSH", etc
UCHAR ucString[IMAGE_STRING_LEN]; // e.g: "PocketPC_2002"
DWORD dwImageType; // IMAGE_TYPE_ flags
DWORD dwTtlSectors; // TTL image size in sectors.
// We store size in sectors instead of bytes
// to simplify sector reads in Nboot.
DWORD dwLoadAddress; // Virtual address to load image (ImageStart)
DWORD dwJumpAddress; // Virtual address to jump (StartAddress/LaunchAddr)
// This array equates to a sector-based MXIP MultiBINInfo in blcommon.
// Unused entries are zeroed.
// You could chain image descriptors if needed.
SG_SECTOR sgList[MAX_SG_SECTORS];//描述在FLASH的存储地址和大小
// BinFS support to load nk region only
//struct
//{
ULONG dwStoreOffset; // byte offset - not needed - remove!
//ULONG RunAddress; // nk dwRegionStart address
//ULONG Length; // nk dwRegionLength in bytes
//ULONG LaunchAddress; // nk dwLaunchAddr
//} NKRegion;
} IMAGE_DESCRIPTOR, *PIMAGE_DESCRIPTOR;
typedef struct _SG_SECTOR {
DWORD dwSector; // Starting sector of the image segment
DWORD dwLength; // Image length of this segment, in contigious sectors.
} SG_SECTOR, *PSG_SECTOR;
对这个结构体了解之后我们先来看
BOOL TOC_Read(void)
{
SectorInfo si;
// EdbgOutputDebugString("TOC_Read/r/n");
if ( !g_bBootMediaExist ) {
EdbgOutputDebugString("TOC_Read ERROR: no boot media/r/n");
return FALSE;
}
if ( !FMD_ReadSector(TOC_SECTOR, (PUCHAR)g_pTOC, &si, 1) ) {
EdbgOutputDebugString("TOC_Read ERROR: Unable to read TOC/r/n");
return FALSE;
}//读取硬盘中的TOC参数
// is it a valid TOC?
if ( !VALID_TOC(g_pTOC) ) {
EdbgOutputDebugString("TOC_Read ERROR: INVALID_TOC Signature: 0x%x/r/n", g_pTOC->dwSignature);
return FALSE;
}//判断是否有效
// is it an OEM block?
if ( (si.bBadBlock != BADBLOCKMARK) || !(si.bOEMReserved & (OEM_BLOCK_RESERVED | OEM_BLOCK_READONLY)) ) {
EdbgOutputDebugString("TOC_Read ERROR: SectorInfo verify failed: %x %x %x %x/r/n",
si.dwReserved1, si.bOEMReserved, si.bBadBlock, si.wReserved2);
return FALSE;
}
// update our boot config
g_pBootCfg = &g_pTOC->BootCfg;
// update our index
g_dwTocEntry = g_pBootCfg->ImageIndex;
// debugger enabled?
g_bWaitForConnect = (g_pBootCfg->ConfigFlags & CONFIG_FLAGS_DEBUGGER) ? TRUE : FALSE;
// cache image type
g_ImageType = g_pTOC->id[g_dwTocEntry].dwImageType;
//更新关于TOC的全局变量
//TOC_Print( );
// EdbgOutputDebugString("-TOC_Read/r/n");
return TRUE;
}
实际在刚开始硬盘中没东西的时候这个函数返回是错误的(TOC存在block1中),然后就开始初始化TOC,函数如下:
// init the TOC to defaults
BOOL TOC_Init(DWORD dwEntry, DWORD dwImageType, DWORD dwImageStart, DWORD dwImageLength, DWORD dwLaunchAddr)
{
DWORD dwSig = 0;
EdbgOutputDebugString("TOC_Init: dwEntry:%u, dwImageType: 0x%x, dwImageStart: 0x%x, dwImageLength: 0x%x, dwLaunchAddr: 0x%x/r/n",
dwEntry, dwImageType, dwImageStart, dwImageLength, dwLaunchAddr);
if (0 == dwEntry) {
EdbgOutputDebugString("/r/n*** WARNING: TOC_Init blasting Eboot ***/r/n");
TEST_TRAP;
}
switch (dwImageType) {
case IMAGE_TYPE_LOADER:
dwSig = IMAGE_EBOOT_SIG;
break;
case IMAGE_TYPE_RAMIMAGE:
dwSig = IMAGE_RAM_SIG;
break;
case (IMAGE_TYPE_RAMIMAGE|IMAGE_TYPE_BINFS):
dwSig = IMAGE_BINFS_SIG;
break;
default:
EdbgOutputDebugString("ERROR: OEMLaunch: unknown image type: 0x%x /r/n", dwImageType);
return FALSE;
}//确认dwSig为哪一个,对于我们硬盘启动方式为IMAGE_BINFS_SIG
memset(g_pTOC, 0, sizeof(g_TOC));
// init boof cfg
BootConfigInit(dwEntry);//这里索引为block索引,为1
// update our index
g_dwTocEntry = dwEntry;
// debugger enabled?
g_bWaitForConnect = (g_pBootCfg->ConfigFlags & CONFIG_FLAGS_DEBUGGER) ? TRUE : FALSE;
// init TOC...
g_pTOC->dwSignature = TOC_SIGNATURE;
// init TOC entry for Eboot
// Those are hard coded numbers from boot.bib
g_pTOC->id[0].dwVersion = (EBOOT_VERSION_MAJOR << 16) | EBOOT_VERSION_MINOR;
g_pTOC->id[0].dwSignature = IMAGE_EBOOT_SIG;
memcpy(g_pTOC->id[0].ucString, "eboot.nb0", sizeof("eboot.nb0")+1); // NUll terminate
g_pTOC->id[0].dwImageType = IMAGE_TYPE_RAMIMAGE;
g_pTOC->id[0].dwLoadAddress = EBOOT_RAM_IMAGE_BASE;
g_pTOC->id[0].dwJumpAddress = EBOOT_RAM_IMAGE_BASE;
g_pTOC->id[0].dwTtlSectors = FILE_TO_SECTOR_SIZE(EBOOT_RAM_IMAGE_SIZE);
// 1 contigious segment
g_pTOC->id[0].sgList[0].dwSector = BLOCK_TO_SECTOR(EBOOT_BLOCK);
g_pTOC->id[0].sgList[0].dwLength = g_pTOC->id[0].dwTtlSectors;
//这部分是id[0]存储EBOOT的调用,当EBOOT烧写在block2的时候,nboot将用TOC引导其运行在RAM中
// init the TOC entry
g_pTOC->id[dwEntry].dwVersion = 0x001;
g_pTOC->id[dwEntry].dwSignature = dwSig;
memset(g_pTOC->id[dwEntry].ucString, 0, IMAGE_STRING_LEN);
g_pTOC->id[dwEntry].dwImageType = dwImageType;
g_pTOC->id[dwEntry].dwLoadAddress = dwImageStart;
g_pTOC->id[dwEntry].dwJumpAddress = dwLaunchAddr;
g_pTOC->id[dwEntry].dwStoreOffset = 0;
g_pTOC->id[dwEntry].dwTtlSectors = FILE_TO_SECTOR_SIZE(dwImageLength);
// 1 contigious segment
g_pTOC->id[dwEntry].sgList[0].dwSector = BLOCK_TO_SECTOR(g_dwImageStartBlock);
g_pTOC->id[dwEntry].sgList[0].dwLength = g_pTOC->id[dwEntry].dwTtlSectors;
//这部分在第一次初始化的时候仅仅是填充了一些0,而在真正下载内核到RAM后会填写上内核的一些基本信息,包括启动地址和大小
TOC_Print();
return TRUE;
}
上面这个地方的初始化其实也很简单,主要是对EBOOT和NK的一些磁盘中起始地址和大小,以及移动到RAM中的运行地址进行了描述,在启动系统的时候索引调用。
如果是从磁盘启动,我们首先来看一下ReadKernelRegionFromBootMedia( )这个函数,这个函数的意义是将内核代码移动到内存中。原型也在同一个目录下的fmd.cpp中。(注意这些函数由于内核也会用到,所以都属于eboot和内核共用代码),实际这个函数是很复杂的,里面涉及了好多关于磁盘的知识,后面我将专门设置一节来分析,所以关于这一块的详细东西可以查看附录。
BOOL ReadKernelRegionFromBootMedia( )
{
HANDLE hPart;
SectorInfo si;
DWORD chainaddr, flashaddr;
int i;
if (!g_bBootMediaExist) {
EdbgOutputDebugString("ERROR: ReadKernelRegionFromBootMedia: device doesn't exist./r/n");
return(FALSE);
}
if ( !VALID_TOC(g_pTOC) ) {
EdbgOutputDebugString("ERROR: ReadKernelRegionFromBootMedia: INVALID_TOC/r/n");
return(FALSE);
}
if ( !(IMAGE_TYPE_BINFS & g_pTOC->id[g_dwTocEntry].dwImageType) ) {
EdbgOutputDebugString("ERROR:ReadKernelRegionFromBootMedia: INVALID_IMAGE_TYPE: 0x%x/r/n",
g_pTOC->id[g_dwTocEntry].dwImageType);
return(FALSE);
}
if ( !VALID_IMAGE_DESCRIPTOR(&g_pTOC->id[g_dwTocEntry]) ) {
EdbgOutputDebugString("OEMPlatformInit: ERROR_INVALID_IMAGE_DESCRIPTOR: 0x%x/r/n",
g_pTOC->id[g_dwTocEntry].dwSignature);
return FALSE;
}
if ( !OEMVerifyMemory(g_pTOC->id[g_dwTocEntry].dwLoadAddress, sizeof(DWORD)) ||
!OEMVerifyMemory(g_pTOC->id[g_dwTocEntry].dwJumpAddress, sizeof(DWORD)) ||
!g_pTOC->id[g_dwTocEntry].dwTtlSectors )
{
EdbgOutputDebugString("OEMPlatformInit: ERROR_INVALID_ADDRESS: (address=0x%x, sectors=0x%x, launchaddress=0x%x).../r/n",g_pTOC->id[g_dwTocEntry].dwLoadAddress,g_pTOC->id[g_dwTocEntry].dwTtlSectors, g_pTOC->id[g_dwTocEntry].dwJumpAddress);
return FALSE;
}
EdbgOutputDebugString("INFO: Loading image from Boot Media to RAM (address=0x%x, sectors=0x%x, launchaddress=0x%x).../r/n",g_pTOC->id[g_dwTocEntry].dwLoadAddress,g_pTOC->id[g_dwTocEntry].dwTtlSectors, g_pTOC->id[g_dwTocEntry].dwJumpAddress);
// Open the BINFS partition (it must exist).
//
hPart = BP_OpenPartition( NEXT_FREE_LOC,
USE_REMAINING_SPACE,
PART_BINFS,
TRUE,
PART_OPEN_EXISTING);
//打开并且找到MBR的索引
if (hPart == INVALID_HANDLE_VALUE )
{EdbgOutputDebugString("ERROR: ReadKernelRegionFromBootMedia: Failed to open existing BINFS partition./r/n");
return(FALSE);
}
// Set the partition file pointer to the correct offset for the kernel region.
if ( !BP_SetDataPointer(hPart, g_pTOC->id[g_dwTocEntry].dwStoreOffset) )
{
EdbgOutputDebugString("ERROR: ReadKernelRegionFromBootMedia: Failed to set data pointer in BINFS partition (offset=0x%x)./r/n", g_pTOC->id[g_dwTocEntry].dwStoreOffset);
return(FALSE);
}//如果数据存储有偏移,设置补偿
// Read the kernel region from the Boot Media into RAM.
if ( !BP_ReadData( hPart,
(LPBYTE)(g_pTOC->id[g_dwTocEntry].dwLoadAddress),
SECTOR_TO_FILE_SIZE(g_pTOC->id[g_dwTocEntry].dwTtlSectors)) )
{
EdbgOutputDebugString("ERROR: ReadKernelRegionFromBootMedia: Failed to read kernel region from BINFS partition./r/n");
return(FALSE);
}
//这里是代码的关键,将内核读取到RAM中
EdbgOutputDebugString("g_pTOC->chainInfo.dwLength=0x%x/r/n", g_pTOC->chainInfo.dwLength);
chainaddr = g_pTOC->chainInfo.dwLoadAddress;
flashaddr = g_pTOC->chainInfo.dwFlashAddress;
for ( i = 0; i < (g_pTOC->chainInfo.dwLength); i++ )
{
EdbgOutputDebugString("chainaddr=0x%x, flashaddr=0x%x/r/n", chainaddr, flashaddr+i);
if ( !FMD_ReadSector(flashaddr+i, (PUCHAR)(chainaddr), &si, 1) ) {
EdbgOutputDebugString("TOC_Write ERROR: Unable to read/verify TOC/r/n");
return FALSE;
}
chainaddr += 512;
}
//读取chain到内存
return(TRUE);
}
(待续。。。。)
5003
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
