其实,HELLOWORLD无非作用是验证编译出来的程序是不是正确,只要能执行,能够看到结果的代码都可以成为HELLOWORLD。
那其实,都不用另写,也不需要重新编译。
只要找到原始u-boot,ELF格式那个,先反汇编一下,找到其中一个复位函数do_reset所在的内存地址,然后再go 过去,看看系统能不能复位,就可以确认这个UBOOT编译得正不正确了。
<RGS>tftp 80200000 uboot.bin
File: cmd_net.c, Func: do_tftpb, Line: 56
load addr= 0x80200000
boot file= uboot.bin
TFTP from server 192.168.100.191; our IP address is 192.168.100.2
Filename 'uboot.bin'.
Loading: ###################Bytes transferred = 96408 (17898 hex)
<RGS>
File: cmd_net.c, Func: do_tftpb, Line: 56
load addr= 0x80200000
boot file= uboot.bin
TFTP from server 192.168.100.191; our IP address is 192.168.100.2
Filename 'uboot.bin'.
Loading: Got ARP REQUEST, return our IP
Got ARP REQUEST, return our IP
Got ARP REQUEST, return our IP
###################Bytes transferred = 96088 (17758 hex)
<RGS>md 80200000
80200000: 100000ff 00000000 100000fd 00000000 ................
80200010: 10000312 00000000 10000310 00000000 ................
80200020: 1000030e 00000000 1000030c 00000000 ................
80200030: 1000030a 00000000 10000308 00000000 ................
80200040: 10000306 00000000 10000304 00000000 ................
80200050: 10000302 00000000 10000300 00000000 ................
80200060: 100002fe 00000000 100002fc 00000000 ................
80200070: 100002fa 00000000 100002f8 00000000 ................
80200080: 100002f6 00000000 100002f4 00000000 ................
80200090: 100002f2 00000000 100002f0 00000000 ................
802000a0: 100002ee 00000000 100002ec 00000000 ................
802000b0: 100002ea 00000000 100002e8 00000000 ................
802000c0: 100002e6 00000000 100002e4 00000000 ................
802000d0: 100002e2 00000000 100002e0 00000000 ................
802000e0: 100002de 00000000 100002dc 00000000 ................
802000f0: 100002da 00000000 100002d8 00000000 ................
<RGS>md 8020cd4c
8020cd4c: 3c1c8021 27bdfec0 279c71f0 8f990260 !..<...'.q.'`...
8020cd5c: afa60148 27a60144 afbf013c afbc0010 H...D..'<.......
8020cd6c: afa7014c afa60018 afa50144 00802821 L.......D...!(..
8020cd7c: 0411111a 27a4001c 0c083348 27a4001c .......'H3.....'
8020cd8c: 8fbf013c 03e00008 27bd0140 3c1c8021 <.......@..'!..<
8020cd9c: 279c71f0 27bdfec8 8f990260 00801021 .q.'...'`...!...
8020cdac: afbf0134 afbc0010 00a03021 27a40018 4.......!0.....'
8020cdbc: 0411110a 00402821 0c083348 27a40018 ....!(@.H3.....'
8020cdcc: 8fbf0134 03e00008 27bd0138 3c028023 4.......8..'#..<
8020cddc: 8c42e920 27bdffe0 afb00018 afbf001c .B....'........
8020cdec: 14400011 00008021 8f42000c 1040000f ..@.!.....B...@.
8020cdfc: 8fbf001c 0c083332 00000000 1040000b ....23........@.
8020ce0c: 8fbf001c 0c083328 00000000 24030003 ....(3.........$
8020ce1c: 14430006 8fbf001c 24030001 3c028023 ..C........$#..<
8020ce2c: ac43e924 24100001 8fbf001c 02001021 $.C....$....!...
8020ce3c: 8fb00018 03e00008 27bd0020 3c038023 ........ ..'#..<
<RGS>go 80212544
## Starting application at 0x80212544 ...
111
[05000C07][05000C0C]
DDR Calibration DQS reg = 00008A87
U-Boot 1.1.3 (Jan 15 2023 - 10:07:22)
Board: Ralink APSoC DRAM: 64 MB
relocate_code Pointer at: 83fb4000
******************************
Software System Reset Occurred
******************************
flash manufacture id: b, device id 40 18
spi device id: b 40 18 0 e5 (401800e5)
find flash: XT25F128F
icache: sets:512, ways:4, linesz:32 ,total:65536
dcache: sets:256, ways:4, linesz:32 ,total:32768
RESET MT7628 PHY!!!!!!
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$
$ ASIC 7628_MP (Port5<->None)
$ DRAM component: 512 Mbits DDR, width 16
$ DRAM bus: 16 bit
$ Total memory: 64 MBytes
$ Flash component: SPI Flash
$ Date:Jan 15 2023 Time:10:07:22
$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
****************************************************************************
* *
* RGS IOT100 Boot, Version 1.0.0 *
* *
****************************************************************************
Press Esc to enter Boot Menu...0
<RGS>
步骤如下:
步骤1:tftp 80200000 uboot.bin
是把uboot.bin加载到80200000地址
步骤2: md 80200000
是确认80200000加载地址的内容与uboot.bin的内容一致
步骤3: …/…/…/…/tools-chain/buildroot-gcc463/usr/bin/mipsel-linux-objdump -d u-boot > u-boot.asm
是把编译出来ELF格式u-boot反汇编出来
步骤4:vi u-boot.asm 查找do_reset所在地址:80212544
19055 80212544 <do_reset>:
19056 80212544: 24030001 li v1,1
19057 80212548: 3c02b000 lui v0,0xb000
19058 8021254c: ac430034 sw v1,52(v0)
19059 80212550: 03e00008 jr ra
19060 80212554: 24020001 li v0,1
步骤5:go 80212544
跳转到这个地址执行。执行成功,板子成功复位。
步骤6:如果加一个printf在do_reset的实现里,在复位前打印一点什么吧。
加完之后的反汇编代码:
19055 80212544 <do_reset>:
19056 80212544: 3c1c8021 lui gp,0x8021
19057 80212548: 279c7240 addiu gp,gp,29248
19058 8021254c: 27bdffe0 addiu sp,sp,-32
19059 80212550: 8f990018 lw t9,24(gp)
19060 80212554: 3c048021 lui a0,0x8021
19061 80212558: afbf001c sw ra,28(sp)
19062 8021255c: afbc0010 sw gp,16(sp)
19063 80212560: 0411e9fa bal 8020cd4c <printf>
19064 80212564: 24846584 addiu a0,a0,25988
19065 80212568: 8fbf001c lw ra,28(sp)
19066 8021256c: 24030001 li v1,1
19067 80212570: 3c02b000 lui v0,0xb000
19068 80212574: ac430034 sw v1,52(v0)
19069 80212578: 24020001 li v0,1
19070 8021257c: 03e00008 jr ra
19071 80212580: 27bd0020 addiu sp,sp,32
看到确实增加了我的printf调用。
好,加载到内存中,再执行do_reset,没打印出来,系统卡死:
<RGS>tftp 80200000 uboot.bin
File: cmd_net.c, Func: do_tftpb, Line: 56
load addr= 0x80200000
boot file= uboot.bin
TFTP from server 192.168.100.191; our IP address is 192.168.100.2
Filename 'uboot.bin'.
Loading: ###################Bytes transferred = 96168 (177a8 hex)
<RGS>md 80212544
80212544: 3c1c8021 279c7240 27bdffe0 8f990018 !..<@r.'...'....
80212554: 3c048021 afbf001c afbc0010 0411e9fa !..<............
80212564: 24846584 8fbf001c 24030001 3c02b000 .e.$.......$...<
80212574: ac430034 24020001 03e00008 27bd0020 4.C....$.... ..'
80212584: 27bdffd8 afbf0024 afb00020 40028001 ...'$... ......@
80212594: 000214c2 30420007 10400003 00008021 ......B0..@.!...
802125a4: 24100002 00508004 afa40018 0c084948 ...$..P.....HI..
802125b4: afa5001c 8fa5001c 10a00016 8fa40018 ................
802125c4: 2487ffff 00023023 00e52821 00c41824 ...$#0..!(..$...
802125d4: 16020007 00c53024 bc750000 bc700000 ....$0....u...p.
802125e4: 1066000c 00621821 08084977 00000000 ..f.!.b.wI......
802125f4: bc750000 1466fffe 00621821 00101023 ..u...f.!.b.#...
80212604: 00442024 00452824 bc900000 1485fffe $ D.$(E.........
80212614: 00902021 8fbf0024 8fb00020 03e00008 ! ..$... .......
80212624: 27bd0028 27bdffd8 afa40018 afa5001c (..'...'........
80212634: afbf0024 0c084948 00000000 8fa5001c $...HI..........
<RGS>go 80212544
## Starting application at 0x80212544 ...
111
由于执行过程中没有打印OOPS信息,暂不清楚死在哪一步了。
总而言之,原版的do_reset就是一个最原始的HELLOWORLD测试程序。
当然了,没有自行增加一个代码,执行一下,总不甘心。在do_reset上面增加一个do_clear2
对80001000的内存清零,置为初值0x1a2b3c5d
<RGS>md 0x80001000 -- 先看原始值
80001000: dfeffbfd dfeee9fb ffdfe0e7 efebfb2b ............+...
<RGS>mm 80001000 - 手工修改成全0
80001000: dfeffbfd ? 00000000
80001004: dfeee9fb ?
<RGS>md 80001000 --检查修改正确性
80001000: 00000000 dfeee9fb ffdfe0e7 efebfb2b ............+...
80001010: 3fbdebef 77bb6b6e fbddfbfa fbbbe6fd ...?nk.w........
80001020: bffba3f2 dbb334bf 2fbcbbea eb6fbbe7 .....4...../..o.
80001030: c17eb9cb 4126b27f afcbfee9 3f83be19 ..~...&A.......?
80001040: bbaefdae 7fffbfe6 3c9ffbdc cfbf7dee ...........<.}..
80001050: 9f7cfb9b dff97fea dfdbfbbf e4fbfdbf ..|.............
80001060: fd2faee6 e8fbf62c fbfddbff bac8cfff ../.,...........
80001070: f9fdaadb fddbabfb febeee7f fffe2fe5 ............./..
80001080: 6ef4eff6 7fc5cabc fbffffdc ffdbbfdd ...n............
80001090: d7e5fefb bfe1f7ef 9beeecf5 df5bec34 ............4.[.
800010a0: bbbd1fff bf2eabff 7fbdafbf ffbfffbf ................
800010b0: 3cfcb47e fcbc71af 0b5fffef 44ffffcb ~..<.q...._....D
800010c0: deff35f8 befdeeaf bdfffbff bca76ffe .5...........o..
800010d0: 98dc1b2f fbe7fbaf ba3fff5f dffaff37 /......._.?.7...
800010e0: 3e6ffeff 7dbeffbe dbd0f1bb f6dcafd4 ..o>...}........
800010f0: fddbfffb f6fffbfb 7f7dfaf1 5bfffcf1 ..........}....[
<RGS>tftp 80200000 uboot.bin --下载新uboot.bin
File: cmd_net.c, Func: do_tftpb, Line: 56
load addr= 0x80200000
boot file= uboot.bin
TFTP from server 192.168.100.191; our IP address is 192.168.100.2
Filename 'uboot.bin'.
Loading: Got ARP REQUEST, return our IP
Got ARP REQUEST, return our IP
Got ARP REQUEST, return our IP
T ###################Bytes transferred = 96136 (17788 hex)
<RGS>go 80212558 --执行自定义的do_clear2函数
## Starting application at 0x80212558 ...
111
## Application terminated, rc = 0x0
<RGS>md 0x80001000 -- 再查看执行结果,符合预期
80001000: 1a2b3c5d dfeee9fb ffdfe0e7 efebfb2b ]<+.........+...
80001010: 3fbdebef 77bb6b6e fbddfbfa fbbbe6fd ...?nk.w........
80001020: bffba3f2 dbb334bf 2fbcbbea eb6fbbe7 .....4...../..o.
80001030: c17eb9cb 4126b27f afcbfee9 3f83be19 ..~...&A.......?
80001040: bbaefdae 7fffbfe6 3c9ffbdc cfbf7dee ...........<.}..
80001050: 9f7cfb9b dff97fea dfdbfbbf e4fbfdbf ..|.............
80001060: fd2faee6 e8fbf62c fbfddbff bac8cfff ../.,...........
80001070: f9fdaadb fddbabfb febeee7f fffe2fe5 ............./..
80001080: 6ef4eff6 7fc5cabc fbffffdc ffdbbfdd ...n............
80001090: d7e5fefb bfe1f7ef 9beeecf5 df5bec34 ............4.[.
800010a0: bbbd1fff bf2eabff 7fbdafbf ffbfffbf ................
800010b0: 3cfcb47e fcbc71af 0b5fffef 44ffffcb ~..<.q...._....D
800010c0: deff35f8 befdeeaf bdfffbff bca76ffe .5...........o..
800010d0: 98dc1b2f fbe7fbaf ba3fff5f dffaff37 /......._.?.7...
800010e0: 3e6ffeff 7dbeffbe dbd0f1bb f6dcafd4 ..o>...}........
800010f0: fddbfffb f6fffbfb 7f7dfaf1 5bfffcf1 ..........}....[
<RGS>
do_clear2代码如下:
54 #define SDXADDR 0x80001000
64 int do_clear2()
65 {
66 unsigned int* myaddr =(unsigned int*)(SDXADDR);
67 *myaddr = 0x1a2b3c5d;
68 return 0;
69 }
相应汇编
19061
19062 80212558 <do_clear2>:
19063 80212558: 3c031a2b lui v1,0x1a2b
19064 8021255c: 24633c5d addiu v1,v1,15453
19065 80212560: 3c028000 lui v0,0x8000 - v0 = 0x80000000
19066 80212564: ac431000 sw v1,4096(v0) - sw: store word, 0x1a2b3c5d-> 0x80000000+0x1000=0x80001000
19067 80212568: 03e00008 jr ra
19068 8021256c: 00001021 move v0,zero