Reveal the secret of the. nb0.bin file generated by romimage (absolutely original, not reprinted)

 

If you want to use Microsoft's romimage tool to generate an image, you must define the following global variable in your EXE file:

Romhdr * volatile const ptoc = (romhdr *)-1;

Romimage will help you fill in its address. Therefore, this is a post-compilation link. Then, when the generated image is loaded into the memory, the reference to ptoc in your code will be valid, rather than-1 defined here.

Do not change-1 to another value. At least I tried zero.

The image generated by romimage requires a kernelrelocate action at the beginning of the Code. Its action is to relocate a block of data in the image. The criteria for relocation are:

Typedef struct copyentry {

Ulong ulsource; // copy Source Address

Ulong uldest; // copy Destination Address

Ulong ulcopylen; // copy Length

Ulong uldestlen; // copy destination Length

// (Zero fill to end if> ulcopylen)

} Copyentry;

We can see that the address ulsource is relocated to uldest, and both ulcopylen and uldestlen are the copy length.

So why do we need to set two lengths?

This rule uldestlen can be larger than the length defined in ulcopylen, that is, the copy action is applied to the ulcopylen block.

So how does uldestlen-ulcopylen process the data?

This rule clears the data. Initialization of this variable.

But what kind of things will be defined by romimage as needing to be relocated?

Global variables in your code, if they are non-zero content, will be arranged to the scope of the copy action. If they are for initialization or zero, they will be arranged to the zeroed area. Therefore, uldestlen> = ulcopylen is often used.

What does fixupvar in the configuration file *. bib of romimage mean?

Fixupvar is easy to understand from the name, which is the meaning of a variable with a fixed address. For example, we define the size of the page pool:

Cbnkpagingpoolsize 00000000 10000 fixupvar

Its base address is 0 x, indicating that it is not defined. This is basically a fixed writing method.

In fact, there are also corresponding definitions in your code

DWORD cbnkpagingpoolsize = (DWORD)-1;

These two definitions are actually

DWORD cbnkpagingpoolsize = (DWORD) 0x10000;

However, Microsoft provides some flexibility to do so.

By the way, the global variable cbnkpagingpoolsize is eventually placed in the area to be redefined. That's why romimage has the opportunity to modify it.