Deep understanding of TOC in wince6.0

* ****************************** Loongembedded ******* *****************

Author: loongembedded (Kandi)

Time: 2011.7.17

Category: wince System Development

* ****************************** Loongembedded ******* *****************

TOC: Table of Contents, OEM on disk structure.

 

1. Structure pointed to by the ptoc pointer

Ptoc is defined in \ wince600 \ public \ common \ oak \ drivers \ ethdbg \ blcommon. C, as follows:

Romhdr * volatile const ptoc = (romhdr *)-1; // gets replaced by romloader with real address

We can see that ptoc is a pointer to the romhdr struct, defined in \ wince600 \ public \ common \ oak \ Inc \ romldr. H, for example:

Figure 1

The information obtained through viewbin-r eboot. Bin and viewbin-r NK. Bin is as follows:

Figure 2

Figure 2 shows that the starting address of ptoc in eboot. Bin is 0x80070e7c and the memory size is 0x00000054. That is to say, the TOC information of eboot. Bin is stored in this memory area. The content of this memory area can be obtained through viewbin-D eboot. Bin de.txt as follows:

Figure 3

In the same way, we also paste the TOC information in NK. Bin:

Figure 4

The following uses figures 3 and 4 to learn the meanings of romhdr struct members:

1) dllfirst Member

This is assigned to NK. the starting address of the RoM DLL range of the virtual memory used by the bin dynamic connection library (DLL). In the wince system, the virtual memory space between 0x40000000 and 0x5fffffff is defined as the rom dll range. From figure 3 and figure 4, we can see that the value is 01c00140, Which is 0x4001c001, because arm uses the small-end data storage format, that is, the high-byte data is stored in the low-address space.

 

We know that eboot. Bin does not contain DLL files. The value here is meaningless for eboot. Bin.

2) dlllast

This is assigned to NK. the end address of the RoM DLL range of the virtual memory used by the dynamic connection library (DLL) of bin, eboot. the value in Bin is 0x4001c001, which is the same as that in dllfirst. This is expected because eboot. bin does not contain DLL; NK. in bin, the value is 0x416ec101, indicating that the actual Rom DLL space occupied by the DLL is 0x416ec101-0x4001c001 = 0x16d0100, about 22 m.

3) phyfirst

Image File (eboot. BIN and NK. BIN), which is equal to the image start of the image file. for bin, this value is 0x80030000. As shown in figure 2, eboot is used. the value of Bin's image start, which is in eboot. the bib definition is as follows:

Figure 5

The value in NK. Bin is 0x80100000.

Figure 6

We can see that this value is equal to the image start of NK. bin. This value is determined by the content in config. bib.

Figure 7

4) physlast

End storage address of the image file, eboot. in bin, the value is 0x80071df4. The value is image start + Length = 0x80030000 + 0x00041df4; NK. in bin, this value is 0x81cec494 or NK. image start + Length in Bin.

5) nummod

The number of TOC entries (entries), eboot. the value in Bin is 0x00000001, that is, eboot. bin has a TOC entry, and each module in the image file (exe or dll has a TOC entry), so eboot. bin contains a module. What is this module? See:

Figure 8

We can know that this token is nk.exe. this idea is nk.exeappseboot.exe. We can see through the content below eboot. bib:

Modules

; Name path memory type

;-----------------------------------------------------------------------

Nk.exe $ (_ targetplatroot) \ target \ $ (_ tgtcpu) \ $ (wincedebug) \ eboot.exe eboot

The value 0x000000fb in NK. Bin, that is, there is a 251toc entry in NK. Bin, that is, there are a total of 251 modules (DLL or EXE ).

6) ulramstart

Indicates the starting address of the RAM program memory area of the image file. Here, the RAM program memory area is not reserved by the system (reserved, see config. bib) is not used for Object Storage, nor is it used for storing operating system images during loading, instead, it can be used for the RAM memory space allocated by the operating system and applications during operation.

 

 

In eboot. Bin, the value is 0x800b0000, which is determined by the value of "Ram" in Figure 5. In NK. Bin, the value is 0x81cf0000. Why is this value? According to Figure 7, the value of "Ram" is 0x82900000? It is related to the following content in config. bib:

Autosize = on

Because on indicates that the ram space can be adjusted according to the actual situation, our current NK. bin's image start = 0x80100000, length = 0x01bec494, then NK. the end address of bin loaded to ram is image start + Length = 0x81cec494, because this value is smaller than the value of ramstart = 0x82900000 in figure 7, so the program memory area will be based on NK. the ram space occupied by bin to determine the starting address of the program memory area. In addition, we know that the memory of Wince is based on Page Management. The wince operating system supports two page sizes: 1 kb and 4 kb. In wince, the application for virtual memory is divided into reserve) and (COMMIT), the reserved virtual space is 64 KB (0x00010000), that is, in any virtual memory application, a 64 kB integer multiple address is returned, the commit of virtual memory to physical memory is based on the page (here is a page of 4 kb, that is, 0x00001000), so we can conclude that the starting address of the program memory area is 0x81cf0000. Of course, if autosize is off, the values of ulramstart and ulramfree are obtained based on the range specified in Figure 7. It can be better understood in combination:

Figure 9

7) ulramfree

The starting address of the idle zone of the RAM program memory, eboot. the value in Bin is 0x800b8000, indicating the memory space required for running the eboot program from 0x800b0000 to 0x800b7fff. Likewise, we can analyze NK. bin.

8) ulramend

End address of the program memory area, eboot. the value in Bin is 0x800c0000. See the description of the ram entry in squadron 5 for understanding. For NK. bin can be combined with config. see Figure 7.

9) ulcopyentries (number of copy section entries)

Description: The number of input records to be copied when the weight is changed. 0x00000001 in eboot.bin. the value of this parameter is 0x00000002 in NK. bin. Which of the following modules is the TOC entry for copying? I hope you can understand it later.

10) ulcopyoffset

The offset address of the entry to be copied when the global variable is relocated. For eboot. bin, we know that the load is stored in the starting memory of 0x80030000, and the memory size is 0x00041df4. See the eboot description in Figure 5. In eboot. Bin, the value is 0x80070ef0. What is the content corresponding to this address?

Figure 10

We can see that the offset address of the replication entry when the global variables in eboot. Bin are relocated is the light blue part. These values will be used in subsequent learning. NK. the value in Bin is 0x81759d78. We know that NK. the number of TOC entries to be copied during bin relocation is two. In the same way, let's look at the content at the address corresponding to 0x81759d78:

Figure 11

That is, the content of the copy section corresponding to NK. Bin.

11) ulprofilelen

The length of the entry for profile debugging. The value in eboot. Bin and NK. Bin is 0.

12) ulprofileoffset

The offset address of the entry used for profile debugging. This value is 0 in eboot. Bin and NK. Bin.

13) numfiles

The number of files contained in the image file, because eboot. bin does not contain files, so this value is 0, while NK. bin: The value is 0x00000075, that is, 117. We use viewbin-t nk. bin> nt.txt get NK. shows the files contained in Bin:

Figure 12

Paste the final files of files:

Figure 13

Based on figures 12 and 13, we can see that NK. Bin contains 417-301 + 1 = 117 files.

14) ulkernelflags

The flag mask of the optional attribute of the operating system kernel is recorded, because this flag is used for eboot. bin has no meaning, so this value is 0, while NK. this bit of bin may contain a flag mask value such:

Figure 14

This value is determined by the value of romflags of config. bib, because the content of this config. bib is as follows:

Romflags = 0

Therefore, the value is 0.

15) ulfsrampercent

Indicates the percentage of RAM memory used for the file system, because this flag is used for eboot. bin has no meaning, while NK. if the value in Bin is 0x0d0d0d, it indicates that the first 1 MB memory has 13 (0x0d) 4kb pages, and the second 1 MB memory has 13 (0x0d) 4kb pages, this is also true for the third and fourth bytes, so the percentage of memory space used as the file system = (13 + 13 + 13 + 13) * 4kb/4 MB = 5.07%, despite the calculation method, the RAM memory address allocated to the file system is continuous.

16) uldrivglobstart

The START storage address of the global variable of the device startup program. The value in eboot. Bin and NK. Bin is 0.

17) uldrivgloblen

The length of the byte occupied by the global variable of the device startup program. The value in eboot. Bin and NK. Bin is 0.

18) uscputype

Indicates the type of CPU in which the wince system runs. The value in eboot. Bin and NK. Bin is 0x000001c2.

19) usmiscflags

The hybrid flag option of the operating system image. The value of NK. Bin is 0x00000002.

.

20) pextensions

The pointer to the memory area that stores romhdr extended data. The value of eboot. Bin is 0, and the value of NK. Bin is 0x80101020. For details, see:

Figure 15

The memory address 0x80101020 stores romhdr extended data. The value is 0 because the data is not used in the current design (which should be used in the xip kernel.

21) ultrackingstart

The starting address of the memory area used for tracking debugging. The value in eboot. Bin and NK. Bin is 0.

22) ultrackinglen

The length of the memory area used for tracking debugging. The value in eboot. Bin and NK. Bin is 0.

 

The romhdr struct has been introduced. The following describes the application of TOC.

 

2. Where TOC is used

 

2.1 Where TOC is used in eboot

2.1.1 The main function calls the bootloadermain function, and this function starts to call the kernelrelocate function

Locate global variables:

If (! Kernelrelocate (ptoc ))

{

// Spin forever

Halt (blerr_kernelrelocate );

}

Here, ptoc is directed to the TOC data of eboo. bin. The kernelrelocate function is as follows:

Figure 16

The introduction to the romhdr struct is easier to understand.

2.1.2 when eboot updates NK, it will call writeosimagetobootmedia ()-> getkernelextpointerh

Here, we use the function named nk.exe and its extension pointer in the statement named nk.bin:

Figure 17

Figure 18

Figure 19

Figure 19 shows the content of the romhdr structure.

Figure 20

Where TOC is used in 2.2 NK

2.1.1 In the arminit Function

The arminit function is called during system startup. The function is as follows:

Figure 21

Next let's take a look at the findkernelentry function body.

Figure 22

Figure 23

TOC information is used in other places in the system. The importance of TOC information can be known from the above description. At this point, TOC is further learned and understood.