bin文件格式分析

技术2024-11-06 3

xip 的 bin 文件分析

一个bin 文件在存储上是按下面的结构存储的

组成：标记(7)+Image开始地址(1)+Image长度(1) 记录0地址+记录0长+记录0校验和+记录0内容(文件内容) 记录1地址+记录1长+记录1校验和+记录1内容(文件内容) ...... 最后一条记录是表示结束,Start = 0x00000000, Length = 0x8C072C3C是StartUp地址, Chksum = 0x00000000，我的xip.bin的最后12个字节就是00 00 00 00 E4 B4 29 80 00 00 00 00,

当RecAddr和RecChk为0时表示READDATA完毕,即：DownloadBin（）函数中的

while( OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecAddr) && OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecLen) && OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecChk) )

循环退出

由 if (!dwRecAddr && !dwRecChk) { break; }

得出以上的结论

bin 文件的头部(不包括记录)可以用下面的结构表示 struct BinFile{ BYTE signature[7]; // = { ''B'', ''0'', ''0'', ''0'', ''F'', ''F'', ''/a'' } DWORD ImageStart DWORD ImageLength };

一般xipkernel.bin,nk.bin 都符合正常bin文件格式,包含记录开始0,1,2 记录为特殊记录,2做为cece的标记,其后4byte表示 TOC地址(指向ROMHDR结构的数据),3记录开始都是文件记录,比如coredll.dll等等。。。

Chksum validRecord [ 1] : Start = 0x8C201040, Length = 0x00000008, Chksum = 0x0000032D0x8C201040 : 45434543 048FFE8C ECEC.... //这里ECEC是我们设置的#define ROM_SIGNATURE 0x43454345 (Romldr.h),后面4byte就是pToc的内容

Chksum validRecord [ 2] : Start = 0x8C201048, Length = 0x00000004, Chksum = 0x000001610x8C201048 : 047FDE00 ....

Chksum validRecord [ 3] : Start = 0x8C202000, Length = 0x000A37BC, Chksum = 0x043BF7FA0x8C202000 : 00000000 03407546 00000000 02000000 .....@uF ........ 0x8C202010 : 78000000 D8530000 D8470000 20100100 x....S...G.. ... 0x8C202020 : 53005900 53005400 45004D00 2F004700 S.Y.S.T.E.M./.G.

。。。。。。

Chksum validRecord [131] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000 Start address = 0x00000000Checking record #129 for potential TOC (ROMOFFSET = 0x00000000) Found pTOC = 0x8cfe8f04ROMOFFSET = 0x00000000

Chksum validRecord [ 1] : Start = 0x8C000040, Length = 0x00000008, Chksum = 0x000003270x8C000040 : 45434543 A0DA118C ECEC.... //注意这里的A0DA118C 就是8C11DAF4 指向record9 就是pToc的值

Chksum validRecord [ 2] : Start = 0x8C000048, Length = 0x00000004, Chksum = 0x0000018B0x8C000048 : A0DA1100 ....

Chksum validRecord [ 3] : Start = 0x8C001000, Length = 0x000C5180, Chksum = 0x064E2C030x8C001000 : 00000000 96F37746 00000000 02000000 ......wF........ 0x8C001010 : 55000000 DC2B0700 DC1F0700 41504953 U....+......APIS 0x8C001020 : 02060500 3010008C 00000000 00000000 ....0........... 0x8C001030 : B05A078C 7CA3078C 505B078C 0C5D078C .Z..|...P[...].. 0x8C001040 : 745D078C 00000000 08000000 41005200 t]..........A.R. 。。。。。。0x8C072C30 : 00000000 73746172 740A0D00 060000EA ....start....... //###################0x8C072C40 : FDFFFFEA FCFFFFEA FBFFFFEA FAFFFFEA ................

。。。。。。

Chksum validRecord [ 9] : Start = 0x8C11DAA0, Length = 0x00000054, Chksum = 0x00000CB3 //就是上面的pToc所指块,是一个ROMHDR结构0x8C11DAA0 : FF01F501 00000002 0000008C 90CE1B8C ................ 0x8C11DAB0 : 08000000 0010208C 0000278C 00E0E68F ...... ...'..... 0x8C11DAC0 : 01000000 F0FF1A8C 00000000 00000000 ................ 0x8C11DAD0 : 05000000 00000000 10101010 00000000 ................ 0x8C11DAE0 : 00000000 C2010200 1022008C 00000000 ........."...... 0x8C11DAF0 : 00000000 ....

Chksum validRecord [ 10] : Start = 0x8C11DAF4, Length = 0x0000018C, Chksum = 0x0000895E0x8C11DAF4 : 07000000 005C33FC 84B2C701 00BE0C00 ...../3......... 0x8C11DB04 : D4BF118C CCDE0F8C 3CDF0F8C 0000008C ........<....... 0x8C11DB14 : 07000000 00A1CC46 EAB0C701 00600300 .......F.....`.. 0x8C11DB24 : DCBF118C 6CFD1A8C 9CDF0F8C 00F0128C ....l........... 0x8C11DB34 : 07100000 0052626B C5B0C701 00380100 .....Rbk.....8.. 0x8C11DB44 : E8BF118C DCFD1A8C 4CFE1A8C 0020178C ........L.... ..

。。。。。。

Chksum validRecord [ 14] : Start = 0x00000000, Length = 0x8C072C3C, Chksum = 0x00000000 //这就是xipkernel.bin的最后一条记录其内容表示0x8C072C3C 是startup 的入口地址 //################### 那行就是 Start address = 0x8C072C3C //060000EA=>EA000060 的一条跳转指令 (1110[cond always] +1010[branch]+offset)Checking record #9 for potential TOC (ROMOFFSET = 0x00000000)Found pTOC = 0x8c11daa0ROMOFFSET = 0x00000000Done.

Checking record #9 for potential TOC (ROMOFFSET = 0xFF134B9C) //-》FF134B9C-》ECB464 =14m多？？？？？？Checking record #144 for potential TOC (ROMOFFSET = 0x00000000)Found pTOC = 0x8cfe8f04ROMOFFSET = 0x00000000

//---------------------------------------------------------------------------------------------------------------------------------------------------------------chain.bin viewbin 的内容：是上面两个bin的结合//---------------------------------------------------------------------------------------------------------------------------------------------------------------ViewBin... chain.bin Image Start = 0x8C200000, length = 0x00000528Record [ 0] : Start = 0x8C200000, Length = 0x00000528, Chksum = 0x0000084B0x8C200000 : 02000000 0000008C 90CE1B00 00002000 .............. . //填充xipkernel部分的_XIPCHAIN_ENTRY 的内容0x8C200010 : 01000100 00000000 5849504B 45524E45 ........XIPKERNE 0x8C200020 : 4C000000 00000000 00000000 00000000 L............... 0x8C200030 : 00000000 00000000 00000000 00000000 ................ 0x8C200040 : 00000000 00000000 00000000 00000000 ................ 0x8C200050 : 00000000 00000000 00000000 00000000 ................ 0x8C200060 : 00000000 00000000 00000000 00000000 ................ 0x8C200070 : 00000000 00000000 00000000 00000000 ................ 0x8C200080 : 00000000 00000000 00000000 00000000 ................ 0x8C200090 : 00000000 00000000 00000000 00000000 ................ 0x8C2000A0 : 00000000 00000000 00000000 00000000 ................ 0x8C2000B0 : 00000000 00000000 00000000 00000000 ................ 0x8C2000C0 : 00000000 00000000 00000000 00000000 ................ 0x8C2000D0 : 00000000 00000000 00000000 00000000 ................ 0x8C2000E0 : 00000000 00000000 00000000 00000000 ................ 0x8C2000F0 : 00000000 00000000 00000000 00000000 ................ 0x8C200100 : 00000000 00000000 00000000 00000000 ................ 0x8C200110 : 00000000 00000000 00000000 00000000 ................ 0x8C200120 : 00000000 00000000 00000000 00000000 ................ 0x8C200130 : 00000000 00000000 00000000 00000000 ................ 0x8C200140 : 00000000 00000000 00000000 00000000 ................ 0x8C200150 : 00000000 00000000 00000000 00000000 ................ 0x8C200160 : 00000000 00000000 00000000 00000000 ................ 0x8C200170 : 00000000 00000000 00000000 00000000 ................ 0x8C200180 : 00000000 00000000 00000000 00000000 ................ 0x8C200190 : 00000000 00000000 00000000 00000000 ................ 0x8C2001A0 : 00000000 00000000 00000000 00000000 ................ 0x8C2001B0 : 00000000 00000000 00000000 00000000 ................ 0x8C2001C0 : 00000000 00000000 00000000 00000000 ................ 0x8C2001D0 : 00000000 00000000 00000000 00000000 ................ 0x8C2001E0 : 00000000 00000000 00000000 00000000 ................ 0x8C2001F0 : 00000000 00000000 00000000 00000000 ................ 0x8C200200 : 00000000 00000000 00000000 00000000 ................ 0x8C200210 : 00000000 00000000 00000000 00000000 ................ 0x8C200220 : 00000000 00000000 00000000 00000000 ................ 0x8C200230 : 00000000 00000000 00000000 00000000 ................ 0x8C200240 : 00000000 00000000 00000000 00000000 ................ 0x8C200250 : 00000000 00000000 00000000 00000000 ................ 0x8C200260 : 00000000 00000000 00000000 00000000 ................ 0x8C200270 : 00000000 00000000 00000000 00000000 ................ 0x8C200280 : 00000000 00000000 00000000 00000000 ................ 0x8C200290 : 00000000 0010208C 1099DE00 00009001 ...... ......... //0010208C 开始就是填充nk部分的_XIPCHAIN_ENTRY 的内容0x8C2002A0 : 02000100 00000000 4E4B0000 00000000 ........NK...... 0x8C2002B0 : 00000000 00000000 00000000 00000000 ................ 0x8C2002C0 : 00000000 00000000 00000000 00000000 ................ 0x8C2002D0 : 00000000 00000000 00000000 00000000 ................ 0x8C2002E0 : 00000000 00000000 00000000 00000000 ................ 0x8C2002F0 : 00000000 00000000 00000000 00000000 ................ 0x8C200300 : 00000000 00000000 00000000 00000000 ................ 0x8C200310 : 00000000 00000000 00000000 00000000 ................ 0x8C200320 : 00000000 00000000 00000000 00000000 ................ 0x8C200330 : 00000000 00000000 00000000 00000000 ................ 0x8C200340 : 00000000 00000000 00000000 00000000 ................ 0x8C200350 : 00000000 00000000 00000000 00000000 ................ 0x8C200360 : 00000000 00000000 00000000 00000000 ................ 0x8C200370 : 00000000 00000000 00000000 00000000 ................ 0x8C200380 : 00000000 00000000 00000000 00000000 ................ 0x8C200390 : 00000000 00000000 00000000 00000000 ................ 0x8C2003A0 : 00000000 00000000 00000000 00000000 ................ 0x8C2003B0 : 00000000 00000000 00000000 00000000 ................ 0x8C2003C0 : 00000000 00000000 00000000 00000000 ................ 0x8C2003D0 : 00000000 00000000 00000000 00000000 ................ 0x8C2003E0 : 00000000 00000000 00000000 00000000 ................ 0x8C2003F0 : 00000000 00000000 00000000 00000000 ................ 0x8C200400 : 00000000 00000000 00000000 00000000 ................ 0x8C200410 : 00000000 00000000 00000000 00000000 ................ 0x8C200420 : 00000000 00000000 00000000 00000000 ................ 0x8C200430 : 00000000 00000000 00000000 00000000 ................ 0x8C200440 : 00000000 00000000 00000000 00000000 ................ 0x8C200450 : 00000000 00000000 00000000 00000000 ................ 0x8C200460 : 00000000 00000000 00000000 00000000 ................ 0x8C200470 : 00000000 00000000 00000000 00000000 ................ 0x8C200480 : 00000000 00000000 00000000 00000000 ................ 0x8C200490 : 00000000 00000000 00000000 00000000 ................ 0x8C2004A0 : 00000000 00000000 00000000 00000000 ................ 0x8C2004B0 : 00000000 00000000 00000000 00000000 ................ 0x8C2004C0 : 00000000 00000000 00000000 00000000 ................ 0x8C2004D0 : 00000000 00000000 00000000 00000000 ................ 0x8C2004E0 : 00000000 00000000 00000000 00000000 ................ 0x8C2004F0 : 00000000 00000000 00000000 00000000 ................ 0x8C200500 : 00000000 00000000 00000000 00000000 ................ 0x8C200510 : 00000000 00000000 00000000 00000000 ................ 0x8C200520 : 00000000 00000000 ........

Chksum validRecord [ 1] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000 Start address = 0x00000000只有1条有效记录,一条记录分成两部分对应xipkernel.bin 和nk.bin,使用结构typedef struct _XIPCHAIN_ENTRY { LPVOID pvAddr; // address of the XIP // 根据这个地址可以找到pToc!!!!!! DWORD dwLength; // the size of the XIP DWORD dwMaxLength; // the biggest it can grow to USHORT usOrder; // where to put into ROMChain_t USHORT usFlags; // flags/status of XIP DWORD dwVersion; // version info CHAR szName[XIP_NAMELEN]; // Name of XIP, typically the bin file's name, w/o .bin DWORD dwAlgoFlags; // algorithm to use for signature verification DWORD dwKeyLen; // length of key in byPublicKey BYTE byPublicKey[596]; // public key data} XIPCHAIN_ENTRY, *PXIPCHAIN_ENTRY;

//其他相关结构:typedef struct ROMHDR { ULONG dllfirst; // first DLL address ULONG dlllast; // last DLL address ULONG physfirst; // first physical address ULONG physlast; // highest physical address ULONG nummods; // number of TOCentry's ULONG ulRAMStart; // start of RAM ULONG ulRAMFree; // start of RAM free space ULONG ulRAMEnd; // end of RAM ULONG ulCopyEntries; // number of copy section entries ULONG ulCopyOffset; // offset to copy section ULONG ulProfileLen; // length of PROFentries RAM ULONG ulProfileOffset; // offset to PROFentries ULONG numfiles; // number of FILES ULONG ulKernelFlags; // optional kernel flags from ROMFLAGS .bib config option ULONG ulFSRamPercent; // Percentage of RAM used for filesystem // from FSRAMPERCENT .bib config option // byte 0 = #4K chunks/Mbyte of RAM for filesystem 0-2Mbytes 0-255 // byte 1 = #4K chunks/Mbyte of RAM for filesystem 2-4Mbytes 0-255 // byte 2 = #4K chunks/Mbyte of RAM for filesystem 4-6Mbytes 0-255 // byte 3 = #4K chunks/Mbyte of RAM for filesystem > 6Mbytes 0-255

ULONG ulDrivglobStart; // device driver global starting address ULONG ulDrivglobLen; // device driver global length USHORT usCPUType; // CPU (machine) Type USHORT usMiscFlags; // Miscellaneous flags PVOID pExtensions; // pointer to ROM Header extensions ULONG ulTrackingStart; // tracking memory starting address ULONG ulTrackingLen; // tracking memory ending address} ROMHDR;

本文来自博客，转载请标明出处：http://blog.csdn.net/wu_ye_zhou/archive/2010/06/08/5656119.aspx

最新回复(0)