CE5.0 - Lanch地址是怎么获得的_romimage和viewbin工具
使用ADS仿真软件AXD以加载memory的方式 加载eboot.nb0或者nk.nb0,会发现它们image的头4个字节就是相对跳转指令b,
它们都会向后跳转使用viewbin看到的偏移 值大小,比如下面的b 0x2B7B4,所以对于nk.nb0位于TOC中的jumpaddr,完全可以是
nk.nb0的编译地址,而不用非要是 它的经过b 0x2B7B4相加该偏移地址之后0x80001000+0x2B7B4=0x8002C7B4虚拟地址,直接跳到0x80001000虚拟地址即可,
该 处的b 0x2B7B4指令会自动向后跳0x2B7B4字节,去执行程序,eboot.nb0原理类似[lutehr.gliethttp]
可 以将C:/WINCE500/PUBLIC/COMMON/OAK/BIN/I386目录添加到系统环境PATH中,最好将它追加大路径最后,这样保证只 有当在所有路径都找不到指令后才来这里查找,
让这里的.exe文件优先级最低[luther.gliethttp].
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.
C:/WINCE500/PBWorkspaces/QT2440/RelDir/smdk2440a_ARMV4I_Release>viewbin
Filename required
Usage: viewbin [ options ] <filename>
Options:
-d[ata] Prints all data bytes (potentially huge output!)
-t[oc] Prints Table of Contents
-o[bj] Prints Table of Contents and Objects Information //可以打印该bin文件包含的所有module对象[luther.gliethttp]
-r[ec] Prints Record Information
-sym Prints Profiling Symbol Information
C:/WINCE500/PBWorkspaces/QT2440/RelDir/smdk2440a_ARMV4I_Release>viewbin -o NK.bin
ViewBin... NK.bin
Image Start = 0x80001000, length = 0x0190FD94
Start address = 0x8002C7B4 //这就是pTOC中的dwJumpAddress地址,也就是nk.exe的存储地址[luther.gliethttp]
//其值等效于 《CE5.0 - eboot烧写NK.nb0的详细流程》中*pdwLaunchAddr = 0x8002C794;// lanch地址也是固定的
//所以对于该nk.nb0这里就应该改为*pdwLaunchAddr = 0x8002C7B4;[luther.gliethttp]
Checking record #152 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC = 0x8190edc8
ROMOFFSET = 0x00000000
ROMHDR ----------------------------------------
DLL First : 0x01DA01E3
DLL Last : 0x02000000
Physical First : 0x80001000
Physical Last : 0x81910D94
RAM Start : 0x8C200000
RAM Free : 0x8C229000
RAM End : 0x8E000000
Kernel flags : 0x00000002
Prof Symbol Offset : 0x00000000
Num Copy Entries : 1
Copy Entries Offset : 0x80C23E44
Num Modules : 173
Num Files : 90
MiscFlags : 0x00000002
CPU : 0x01c2 (Thumb)
Extensions : 0x80003210
ROMHDR Extensions -----------------------------
PID[0] = 0x00000000
PID[1] = 0x00000000
PID[2] = 0x00000000
PID[3] = 0x00000000
PID[4] = 0x00000000
PID[5] = 0x00000000
PID[6] = 0x00000000
PID[7] = 0x00000000
PID[8] = 0x00000000
PID[9] = 0x00000000
Next: 00000000
COPY Sections ---------------------------------
Src: 0x80C88BF4 Dest: 0x8C206000 CLen: 0x3F4 DLen: 0x2266C
MODULES ---------------------------------------
==== nk.exe ===============================
TOCentry (nk.exe) -------------------------
dwFileAttributes : 0x7
ftTime : 3/25/2009 04:37:48
nFileSize : 0x6B000 (438272)
ulE32Offset : 0x8085BF7C //入口虚拟地址,对应nk.nb0偏移值为0x8085BF7C-0x80001000=0x85AF7C
//从 nk.nb0的0x85AF7C偏移处读到如下数据:
//0085AF70 : 00 00 00 00 00 00 00 00 E0 11 72 03 04 00 2E 01
//0085AF80 : B4 B7 02 00 00 10 00 80 05 00 00 00 00 00 01 00
//0085AF90 : 00 70 09 00 00 00 00 00 00 00 00 00 1B B5 C9 49
//e32_rom->e32_objcnt = 0x0004;
//e32_rom->e32_imageflags = 0x012E;
//e32_rom->e32_entryrva = 0x0002B7B4;
//e32_rom->e32_vbase = 0x80001000;
//e32_rom->e32_subsysmajor = 0x0005;
//e32_rom->e32_subsysminor = 0x0000;
//e32_rom->e32_stackmax = 0x00010000;
//e32_rom->e32_vsize = 0x00097000;
//e32_rom->e32_sect14rva = 0x00000000;
//e32_rom->e32_sect14size = 0x00000000;
//e32_rom->e32_timestamp = 0x49C9B51B;
romimage.exe 源码位于WINCE500/PRIVATE/WINCEOS/COREOS/NK/TOOLS/ROMIMAGE/ROMIMAGE目录下
经过 romimage加工成的nk.nb0[luther.gliethttp]
其e32_exe数据不遵循个下面的比较完全的typedef struct e32_exe结构体,而是这样的一个精简必须项typedef struct e32_rom结构体[luther.gliethttp]
typedef struct e32_rom {
unsigned short e32_objcnt; /* Number of memory objects */
unsigned short e32_imageflags; /* Image flags */
unsigned long e32_entryrva; /* Relative virt. addr. of entry point */
unsigned long e32_vbase; /* Virtual base address of module */
unsigned short e32_subsysmajor;/* The subsystem major version number */
unsigned short e32_subsysminor;/* The subsystem minor version number */
unsigned long e32_stackmax; /* Maximum stack size */
unsigned long e32_vsize; /* Virtual size of the entire image */
unsigned long e32_sect14rva; /* section 14 rva */
unsigned long e32_sect14size; /* section 14 size */
unsigned long e32_timestamp; /* Time EXE/DLL was created/modified */
struct info e32_unit[ROM_EXTRA]; /* Array of extra info units */
unsigned short e32_subsys; /* The subsystem type */
} e32_rom;
nk.bin其对应数据结构为
typedef struct e32_exe { /* PE 32-bit .EXE header */
unsigned char e32_magic[4]; /* Magic number E32_MAGIC */
unsigned short e32_cpu; /* The CPU type */
unsigned short e32_objcnt; /* Number of memory objects */
unsigned long e32_timestamp; /* Time EXE file was created/modified */
unsigned long e32_symtaboff; /* Offset to the symbol table */
unsigned long e32_symcount; /* Number of symbols */
unsigned short e32_opthdrsize; /* Optional header size */
unsigned short e32_imageflags; /* Image flags */
unsigned short e32_coffmagic; /* Coff magic number (usually 0x10b) */
unsigned char e32_linkmajor; /* The linker major version number */
unsigned char e32_linkminor; /* The linker minor version number */
unsigned long e32_codesize; /* Sum of sizes of all code sections */
unsigned long e32_initdsize; /* Sum of all initialized data size */
unsigned long e32_uninitdsize;/* Sum of all uninitialized data size */
unsigned long e32_entryrva; /* Relative virt. addr. of entry point */
unsigned long e32_codebase; /* Address of beginning of code section*/
unsigned long e32_database; /* Address of beginning of data section*/
unsigned long e32_vbase; /* Virtual base address of module */
unsigned long e32_objalign; /* Object Virtual Address align. factor*/
unsigned long e32_filealign; /* Image page alignment/truncate factor*/
unsigned short e32_osmajor; /* The operating system major ver. no. */
unsigned short e32_osminor; /* The operating system minor ver. no. */
unsigned short e32_usermajor; /* The user major version number */
unsigned short e32_userminor; /* The user minor version number */
unsigned short e32_subsysmajor;/* The subsystem major version number */
unsigned short e32_subsysminor;/* The subsystem minor version number */
unsigned long e32_res1; /* Reserved bytes - must be 0 */
unsigned long e32_vsize; /* Virtual size of the entire image */
unsigned long e32_hdrsize; /* Header information size */
unsigned long e32_filechksum; /* Checksum for entire file */
unsigned short e32_subsys; /* The subsystem type */
unsigned short e32_dllflags; /* DLL flags */
unsigned long e32_stackmax; /* Maximum stack size */
unsigned long e32_stackinit; /* Initial committed stack size */
unsigned long e32_heapmax; /* Maximum heap size */
unsigned long e32_heapinit; /* Initial committed heap size */
unsigned long e32_res2; /* Reserved bytes - must be 0 */
unsigned long e32_hdrextra; /* Number of extra info units in header*/
struct info e32_unit[STD_EXTRA]; /* Array of extra info units */
} e32_exe, *LPe32_exe;
ulO32Offset : 0x80C20FA0
ulLoadOffset : 0x80001000
e32_rom (nk.exe) --------------------------
e32_objcnt : 4
e32_imageflags : 0x12E
e32_entryrva : 0x2B7B4 //这个就是偏移地址,所以0x80001000+0x2B7B4=0x8002C7B4
e32_vbase : 0x80001000
e32_subsysmajor : 0x5
e32_subsysminor : 0x0
e32_stackmax : 0x10000
e32_vsize : 0x97000
e32_timestamp : 0x49C9B51B
o32_rom[0] (nk.exe) ------------------------
o32_vsize : 0x660E8
o32_rva : 0x1000
o32_psize : 0x66200
o32_dataptr : 0x80002000
o32_realaddr : 0x80002000
o32_flags : 0x60000020
o32_rom[1] (nk.exe) ------------------------
o32_vsize : 0x6000
o32_rva : 0x68000
o32_psize : 0x0
o32_dataptr : 0x806AAFFC
o32_realaddr : 0x8C200000
o32_flags : 0xC0000080
o32_rom[2] (nk.exe) ------------------------
o32_vsize : 0x2266C
o32_rva : 0x6E000
o32_psize : 0x3F4
o32_dataptr : 0x80C88BF4
o32_realaddr : 0x8C206000
o32_flags : 0xC0000040
o32_rom[3] (nk.exe) ------------------------
o32_vsize : 0x2098
o32_rva : 0x68000
o32_psize : 0x2200
o32_dataptr : 0x80069000
o32_realaddr : 0x80092000
o32_flags : 0x40000040
==== coredll.dll ===============================
TOCentry (coredll.dll) -------------------------
dwFileAttributes : 0x1007
ftTime : 3/25/2009 04:38:32
nFileSize : 0x88400 (558080)
ulE32Offset : 0x80386F5C
ulO32Offset : 0x8045FF94
ulLoadOffset : 0x80099000
e32_rom (coredll.dll) --------------------------
e32_objcnt : 4
e32_imageflags : 0x212E
e32_entryrva : 0x7A68
e32_vbase : 0x3F70000
e32_subsysmajor : 0x5
e32_subsysminor : 0x0
e32_stackmax : 0x10000
e32_vsize : 0x8D000
e32_timestamp : 0x49C9B41E
o32_rom[0] (coredll.dll) ------------------------
o32_vsize : 0x78298
o32_rva : 0x1000
o32_psize : 0x78400
o32_dataptr : 0x8006C000
o32_realaddr : 0x3F71000
o32_flags : 0x60000020
o32_rom[1] (coredll.dll) ------------------------
o32_vsize : 0x12A4
o32_rva : 0x7A000
o32_psize : 0x58C
o32_dataptr : 0x80BE8A40
o32_realaddr : 0x1FFE000
o32_flags : 0xC0002040
o32_rom[2] (coredll.dll) ------------------------
o32_vsize : 0x5040
o32_rva : 0x7C000
o32_psize : 0x2489
o32_dataptr : 0x80D1B000
o32_realaddr : 0x3FEC000
o32_flags : 0x40002040
o32_rom[3] (coredll.dll) ------------------------
o32_vsize : 0x62AC
o32_rva : 0x82000
o32_psize : 0x6400
o32_dataptr : 0x800E5000
o32_realaddr : 0x3FF2000
o32_flags : 0x40000040
==== filesys.exe ===============================
TOCentry (filesys.exe) -------------------------
dwFileAttributes : 0x7
ftTime : 3/25/2009 04:38:32
nFileSize : 0x37E00 (228864)
ulE32Offset : 0x8034AF84
ulO32Offset : 0x8041CF98
ulLoadOffset : 0x80127000
e32_rom (filesys.exe) --------------------------
e32_objcnt : 4
e32_imageflags : 0x12F
e32_entryrva : 0xBBD0
e32_vbase : 0x10000
e32_subsysmajor : 0x5
e32_subsysminor : 0x0
e32_stackmax : 0x10000
e32_vsize : 0x45000
e32_timestamp : 0x49C9B0E2
......
C:/WINCE500/PBWorkspaces/QT2440/RelDir/smdk2440a_ARMV4I_Release>
viewbin.exe 源码位于:PRIVATE/WINCEOS/COREOS/NK/TOOLS/ROMIMAGE/VIEWBIN/viewbin.c [luther.gliethttp]
CE5.0 - Lanch地址是怎么获得的_romimage和viewbin工具
最新推荐文章于 2022-12-28 23:28:12 发布
扫一扫
5656
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
