xip 的 bin 文件分析
一个bin 文件在存储上是按以下的结构存储的
组成:标记(7)+Image開始地址(1)+Image长度(1)
记录0地址+记录0长+记录0校验和+记录0内容(文件内容)
记录1地址+记录1长+记录1校验和+记录1内容(文件内容)
......
最后一条记录是表示结束,Start = 0x00000000, Length = 0x8C072C3C是StartUp地址, Chksum = 0x00000000,我的xip.bin的最后12个字节就是00 00 00 00 E4 B4 29 80 00 00 00 00,
当RecAddr和RecChk为0时表示READDATA完成,即:DownloadBin()函数中的
while( OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecAddr) &&
OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecLen) &&
OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecChk) )
循环退出
由 if (!dwRecAddr && !dwRecChk)
{
break;
}
得出以上的结论
bin 文件的头部(不包含记录)能够用以下的结构表示
struct BinFile{
BYTE signature[7]; // = { ‘‘B‘‘, ‘‘0‘‘, ‘‘0‘‘, ‘‘0‘‘, ‘‘F‘‘, ‘‘F‘‘, ‘‘/a‘‘ }
DWORD ImageStart
DWORD ImageLength
};
一般xipkernel.bin,nk.bin 都符合正常bin文件格式,包括记录開始0,1,2 记录为特殊记录,2做为cece的标记,其后4byte表示 TOC地址(指向ROMHDR结构的数据),3记录開始都是文件记录,
比方coredll.dll等等。。。
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
比方nk.bin 文件的viewbin 查看的内容:
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
ViewBin... nk.bin
Image Start = 0x8C201000, length = 0x00DE9910
Record [ 0] : Start = 0x8C201000, Length = 0x00000040, Chksum = 0x00001A63 //->注意这里就是相应到结构struct Record{DWORD recaddress; DWORD reclength; DWORD chksum;void * recdata}的内容
0x8C201000 : 4083F601 8096F601 3C18F801 64D7F901 @.......<...d...
0x8C201010 : D025F701 0C85F601 6C26F701 C488F901 .%......l&......
0x8C201020 : 10B6F601 0C85F601 5830F601 E086F901 ........X0......
0x8C201030 : 2074F601 67776573 2E657865 00000000 t..gwes.exe....
Chksum valid
Record [ 1] : Start = 0x8C201040, Length = 0x00000008, Chksum = 0x0000032D
0x8C201040 : 45434543 048FFE8C ECEC.... //这里ECEC是我们设置的#define ROM_SIGNATURE 0x43454345 (Romldr.h),后面4byte就是pToc的内容
Chksum valid
Record [ 2] : Start = 0x8C201048, Length = 0x00000004, Chksum = 0x00000161
0x8C201048 : 047FDE00 ....
Chksum valid
Record [ 3] : Start = 0x8C202000, Length = 0x000A37BC, Chksum = 0x043BF7FA
0x8C202000 : 00000000 03407546 00000000 02000000 [email protected] ........
0x8C202010 : 78000000 D8530000 D8470000 20100100 x....S...G.. ...
0x8C202020 : 53005900 53005400 45004D00 2F004700 S.Y.S.T.E.M./.G.
。。。。。。
Chksum valid
Record [131] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000
Start address = 0x00000000
Checking record #129 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC = 0x8cfe8f04
ROMOFFSET = 0x00000000
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
xipkernel.bin viewbin 的内容:
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
ViewBin... xipkernel.bin
Image Start = 0x8C000000, length = 0x001BCE90
Record [ 0] : Start = 0x8C000000, Length = 0x00000004, Chksum = 0x000001C3
0x8C000000 : 0DCB01EA ....
Chksum valid
Record [ 1] : Start = 0x8C000040, Length = 0x00000008, Chksum = 0x00000327
0x8C000040 : 45434543 A0DA118C ECEC.... //注意这里的A0DA118C 就是8C11DAF4 指向record9 就是pToc的值
Chksum valid
Record [ 2] : Start = 0x8C000048, Length = 0x00000004, Chksum = 0x0000018B
0x8C000048 : A0DA1100 ....
Chksum valid
Record [ 3] : Start = 0x8C001000, Length = 0x000C5180, Chksum = 0x064E2C03
0x8C001000 : 00000000 96F37746 00000000 02000000 ......wF........
0x8C001010 : 55000000 DC2B0700 DC1F0700 41504953 U....+......APIS
0x8C001020 : 02060500 3010008C 00000000 00000000 ....0...........
0x8C001030 : B05A078C 7CA3078C 505B078C 0C5D078C .Z..|...P[...]..
0x8C001040 : 745D078C 00000000 08000000 41005200 t]..........A.R.
。。。。。。
0x8C072C30 : 00000000 73746172 740A0D00 060000EA ....start....... //###################
0x8C072C40 : FDFFFFEA FCFFFFEA FBFFFFEA FAFFFFEA ................
。。。。。。
Chksum valid
Record [ 9] : Start = 0x8C11DAA0, Length = 0x00000054, Chksum = 0x00000CB3 //就是上面的pToc所指块,是一个ROMHDR结构
0x8C11DAA0 : FF01F501 00000002 0000008C 90CE1B8C ................
0x8C11DAB0 : 08000000 0010208C 0000278C 00E0E68F ...... ...‘.....
0x8C11DAC0 : 01000000 F0FF1A8C 00000000 00000000 ................
0x8C11DAD0 : 05000000 00000000 10101010 00000000 ................
0x8C11DAE0 : 00000000 C2010200 1022008C 00000000 ........."......
0x8C11DAF0 : 00000000 ....
Chksum valid
Record [ 10] : Start = 0x8C11DAF4, Length = 0x0000018C, Chksum = 0x0000895E
0x8C11DAF4 : 07000000 005C33FC 84B2C701 00BE0C00 ...../3.........
0x8C11DB04 : D4BF118C CCDE0F8C 3CDF0F8C 0000008C ........<.......
0x8C11DB14 : 07000000 00A1CC46 EAB0C701 00600300 .......F.....`..
0x8C11DB24 : DCBF118C 6CFD1A8C 9CDF0F8C 00F0128C ....l...........
0x8C11DB34 : 07100000 0052626B C5B0C701 00380100 .....Rbk.....8..
0x8C11DB44 : E8BF118C DCFD1A8C 4CFE1A8C 0020178C ........L.... ..
。。。。。。
Chksum valid
Record [ 14] : Start = 0x00000000, Length = 0x8C072C3C, Chksum = 0x00000000 //这就是xipkernel.bin的最后一条记录其内容表示0x8C072C3C 是startup 的入口地址 //################### 那行就是
Start address = 0x8C072C3C //060000EA=>EA000060 的一条跳转指令 (1110[cond always] +1010[branch]+offset)
Checking record #9 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC = 0x8c11daa0
ROMOFFSET = 0x00000000
Done.
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
xip.bin viewbin 的内容: 是上面两个bin的结合
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
ViewBin... xip.bin
Image Start = 0x8C000000, length = 0x00FEA910
Start address = 0x8C072C3C
Checking record #9 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC = 0x8c11daa0
ROMOFFSET = 0x00000000
Checking record #9 for potential TOC (ROMOFFSET = 0xFF134B9C) //-》FF134B9C-》ECB464 =14m多??????
Checking record #144 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC = 0x8cfe8f04
ROMOFFSET = 0x00000000
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
chain.bin viewbin 的内容: 是上面两个bin的结合
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
ViewBin... chain.bin
Image Start = 0x8C200000, length = 0x00000528
Record [ 0] : Start = 0x8C200000, Length = 0x00000528, Chksum = 0x0000084B
0x8C200000 : 02000000 0000008C 90CE1B00 00002000 .............. . //填充xipkernel部分的_XIPCHAIN_ENTRY 的内容
0x8C200010 : 01000100 00000000 5849504B 45524E45 ........XIPKERNE
0x8C200020 : 4C000000 00000000 00000000 00000000 L...............
0x8C200030 : 00000000 00000000 00000000 00000000 ................
0x8C200040 : 00000000 00000000 00000000 00000000 ................
0x8C200050 : 00000000 00000000 00000000 00000000 ................
0x8C200060 : 00000000 00000000 00000000 00000000 ................
0x8C200070 : 00000000 00000000 00000000 00000000 ................
0x8C200080 : 00000000 00000000 00000000 00000000 ................
0x8C200090 : 00000000 00000000 00000000 00000000 ................
0x8C2000A0 : 00000000 00000000 00000000 00000000 ................
0x8C2000B0 : 00000000 00000000 00000000 00000000 ................
0x8C2000C0 : 00000000 00000000 00000000 00000000 ................
0x8C2000D0 : 00000000 00000000 00000000 00000000 ................
0x8C2000E0 : 00000000 00000000 00000000 00000000 ................
0x8C2000F0 : 00000000 00000000 00000000 00000000 ................
0x8C200100 : 00000000 00000000 00000000 00000000 ................
0x8C200110 : 00000000 00000000 00000000 00000000 ................
0x8C200120 : 00000000 00000000 00000000 00000000 ................
0x8C200130 : 00000000 00000000 00000000 00000000 ................
0x8C200140 : 00000000 00000000 00000000 00000000 ................
0x8C200150 : 00000000 00000000 00000000 00000000 ................
0x8C200160 : 00000000 00000000 00000000 00000000 ................
0x8C200170 : 00000000 00000000 00000000 00000000 ................
0x8C200180 : 00000000 00000000 00000000 00000000 ................
0x8C200190 : 00000000 00000000 00000000 00000000 ................
0x8C2001A0 : 00000000 00000000 00000000 00000000 ................
0x8C2001B0 : 00000000 00000000 00000000 00000000 ................
0x8C2001C0 : 00000000 00000000 00000000 00000000 ................
0x8C2001D0 : 00000000 00000000 00000000 00000000 ................
0x8C2001E0 : 00000000 00000000 00000000 00000000 ................
0x8C2001F0 : 00000000 00000000 00000000 00000000 ................
0x8C200200 : 00000000 00000000 00000000 00000000 ................
0x8C200210 : 00000000 00000000 00000000 00000000 ................
0x8C200220 : 00000000 00000000 00000000 00000000 ................
0x8C200230 : 00000000 00000000 00000000 00000000 ................
0x8C200240 : 00000000 00000000 00000000 00000000 ................
0x8C200250 : 00000000 00000000 00000000 00000000 ................
0x8C200260 : 00000000 00000000 00000000 00000000 ................
0x8C200270 : 00000000 00000000 00000000 00000000 ................
0x8C200280 : 00000000 00000000 00000000 00000000 ................
0x8C200290 : 00000000 0010208C 1099DE00 00009001 ...... ......... //0010208C 開始就是 填充nk部分的_XIPCHAIN_ENTRY 的内容
0x8C2002A0 : 02000100 00000000 4E4B0000 00000000 ........NK......
0x8C2002B0 : 00000000 00000000 00000000 00000000 ................
0x8C2002C0 : 00000000 00000000 00000000 00000000 ................
0x8C2002D0 : 00000000 00000000 00000000 00000000 ................
0x8C2002E0 : 00000000 00000000 00000000 00000000 ................
0x8C2002F0 : 00000000 00000000 00000000 00000000 ................
0x8C200300 : 00000000 00000000 00000000 00000000 ................
0x8C200310 : 00000000 00000000 00000000 00000000 ................
0x8C200320 : 00000000 00000000 00000000 00000000 ................
0x8C200330 : 00000000 00000000 00000000 00000000 ................
0x8C200340 : 00000000 00000000 00000000 00000000 ................
0x8C200350 : 00000000 00000000 00000000 00000000 ................
0x8C200360 : 00000000 00000000 00000000 00000000 ................
0x8C200370 : 00000000 00000000 00000000 00000000 ................
0x8C200380 : 00000000 00000000 00000000 00000000 ................
0x8C200390 : 00000000 00000000 00000000 00000000 ................
0x8C2003A0 : 00000000 00000000 00000000 00000000 ................
0x8C2003B0 : 00000000 00000000 00000000 00000000 ................
0x8C2003C0 : 00000000 00000000 00000000 00000000 ................
0x8C2003D0 : 00000000 00000000 00000000 00000000 ................
0x8C2003E0 : 00000000 00000000 00000000 00000000 ................
0x8C2003F0 : 00000000 00000000 00000000 00000000 ................
0x8C200400 : 00000000 00000000 00000000 00000000 ................
0x8C200410 : 00000000 00000000 00000000 00000000 ................
0x8C200420 : 00000000 00000000 00000000 00000000 ................
0x8C200430 : 00000000 00000000 00000000 00000000 ................
0x8C200440 : 00000000 00000000 00000000 00000000 ................
0x8C200450 : 00000000 00000000 00000000 00000000 ................
0x8C200460 : 00000000 00000000 00000000 00000000 ................
0x8C200470 : 00000000 00000000 00000000 00000000 ................
0x8C200480 : 00000000 00000000 00000000 00000000 ................
0x8C200490 : 00000000 00000000 00000000 00000000 ................
0x8C2004A0 : 00000000 00000000 00000000 00000000 ................
0x8C2004B0 : 00000000 00000000 00000000 00000000 ................
0x8C2004C0 : 00000000 00000000 00000000 00000000 ................
0x8C2004D0 : 00000000 00000000 00000000 00000000 ................
0x8C2004E0 : 00000000 00000000 00000000 00000000 ................
0x8C2004F0 : 00000000 00000000 00000000 00000000 ................
0x8C200500 : 00000000 00000000 00000000 00000000 ................
0x8C200510 : 00000000 00000000 00000000 00000000 ................
0x8C200520 : 00000000 00000000 ........
Chksum valid
Record [ 1] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000
Start address = 0x00000000
仅仅有1条有效记录,一条记录分成两部分相应xipkernel.bin 和nk.bin,使用结构
typedef struct _XIPCHAIN_ENTRY {
LPVOID pvAddr; // address of the XIP // 依据这个地址能够找到pToc!!!!!!
DWORD dwLength; // the size of the XIP
DWORD dwMaxLength; // the biggest it can grow to
USHORT usOrder; // where to put into ROMChain_t
USHORT usFlags; // flags/status of XIP
DWORD dwVersion; // version info
CHAR szName[XIP_NAMELEN]; // Name of XIP, typically the bin file‘s name, w/o .bin
DWORD dwAlgoFlags; // algorithm to use for signature verification
DWORD dwKeyLen; // length of key in byPublicKey
BYTE byPublicKey[596]; // public key data
} XIPCHAIN_ENTRY, *PXIPCHAIN_ENTRY;
//其它相关结构:
typedef struct ROMHDR {
ULONG dllfirst; // first DLL address
ULONG dlllast; // last DLL address
ULONG physfirst; // first physical address
ULONG physlast; // highest physical address
ULONG nummods; // number of TOCentry‘s
ULONG ulRAMStart; // start of RAM
ULONG ulRAMFree; // start of RAM free space
ULONG ulRAMEnd; // end of RAM
ULONG ulCopyEntries; // number of copy section entries
ULONG ulCopyOffset; // offset to copy section
ULONG ulProfileLen; // length of PROFentries RAM
ULONG ulProfileOffset; // offset to PROFentries
ULONG numfiles; // number of FILES
ULONG ulKernelFlags; // optional kernel flags from ROMFLAGS .bib config option
ULONG ulFSRamPercent; // Percentage of RAM used for filesystem
// from FSRAMPERCENT .bib config option
// byte 0 = #4K chunks/Mbyte of RAM for filesystem 0-2Mbytes 0-255
// byte 1 = #4K chunks/Mbyte of RAM for filesystem 2-4Mbytes 0-255
// byte 2 = #4K chunks/Mbyte of RAM for filesystem 4-6Mbytes 0-255
// byte 3 = #4K chunks/Mbyte of RAM for filesystem > 6Mbytes 0-255
ULONG ulDrivglobStart; // device driver global starting address
ULONG ulDrivglobLen; // device driver global length
USHORT usCPUType; // CPU (machine) Type
USHORT usMiscFlags; // Miscellaneous flags
PVOID pExtensions; // pointer to ROM Header extensions
ULONG ulTrackingStart; // tracking memory starting address
ULONG ulTrackingLen; // tracking memory ending address
} ROMHDR;
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/wu_ye_zhou/archive/2010/06/08/5656119.aspx