Download the multiple xip Image File Based on wince6.0

Note: Based on the USB download method, mlc nand Flash is k9g8g08u

 

1. File description of multiple xip Mode

In multiple xip mode, the generated files include chain. Bin, chain. lst, NK. Bin, xip. bin, and xipkernel. Bin, as shown in:

Figure 1

2. The order in which eboot downloads multiple xip image files

Download the chain. LST file. The chain. LST file defines which binfiles to download to flash and the order in which these binfiles are downloaded. We use ultraedit to open the chain. LST file. The content is as follows:

+ Xipkernel. Bin

NK. Bin

Chain. Bin

To download these binfiles to NAND Flash, and download xipkernel. Bin, NK. bin, and chain. bin in sequence.

Then, eboot automatically downloads the xipkernel. Bin, NK. bin, and chain. binfiles Based on the LST file, and then starts the wince6.0 system;

3. How to download the multiple xip image file using eboot

After pressing the U on the keyboard, the eboot enters the receiving PC's status of downloading the image file from USB to ram. What is the range of the image file downloaded from the PC to the ram region? This is specified by the eboot. bib file:

Usb_buf 83000000 03000000 Reserved

Figure 2

The maximum size of the image file that can be downloaded is 0x03000000 = 48 MB. To adjust the size, modify the size of the eboot file.

 

3.1 Processing Mechanism of dnw v0.60c.exe

 

How does dnw v0.60c.exe and eboot configure to download the multiple xip image file? Choose "USB port-> uboot" in dnw v0.60c.exe and select chain. during lst download, The dnw software obtained the chain. the path and content of the LST file. The image file to be downloaded contains xipkernel. bin, NK. BIN and chain. bin (three binfiles in total), and then open these three files in sequence to obtain their starting address, length, and name. The information is described using the multibininfo struct:

Figure 3

Obtain the information and calculate the verification code. Then, create ubootimage. UBI file, and then fill in the information in ubootimage in the form of multibininfo struct. the front of the ubi file, followed by xipkernel. bin, NK. BIN and chain. enter the binfile content in ubootimage. after the multibininfo struct description of the ubi file. the ubi file is sent to the specified RAM address via USB, which is the content before the file:

Figure 4

The following content is followed by the ubootimage. ubi file:

Figure 5

The ubootimage. ubi file format can be summarized as follows:

Figure 6

3.2 eboot supports the multiple xip Image File Download Processing Mechanism

3.2.1 eboot unzip the image file to the specified RAM address space

When we press the U button on the keyboard, eboot enters the process of calling the downloadimage function. Let's take a look at this function (I have removed some temporarily unrelated functions ):

Figure 7

These functions are described as follows:

(1) The getimagetype () function obtains the format of the wnce image file to be downloaded by reading the first seven magic number bytes of the image file. The file formats supported by wince6.0 eboot include the following:

"N000ff \ x0a" -- bl_image_type_manifest

"X000ff \ x0a" -- bl_image_type_multixip

"B000ff \ x0a" -- bl_image_type_bin

"S000ff \ x0a" -- bl_image_type_signed_bin

"R000ff \ x0a" -- bl_image_type_signed_nb0

No signature -- bl_image_type_unknown

The ubootimage. ubi file is downloaded in the bl_image_type_manifest format, as shown in figure 4.

The getimagetype () function calls a very important function, such:

Figure 8

 

(2) The checkimagemanifest () function is used to obtain and verify the multibininfo struct information of the multiple xip image files xipkernel. Bin, NK. bin, and chain. bin to be downloaded.

Figure 9

(3) The downloadbin () function reads xipkernel from the address 0x83000333 of RAM in sequence. bin, NK. BIN and chain. bin content to config. the ram memory specified in bib, which must be combined with config. in bib, eboot extracts the image file from Ram to other addresses in Ram as follows:

Figure 10

The downloadbin () function is described as follows:

① Read the image file (the first is xipkernel. Bin) and decompress it to the starting address in Ram. The actual valid data length of this image file.

Figure 11

(2) Check the starting address and length of the currently decompressed image file in Ram. If it is not within the range specified by config. bib, an error occurs.

Figure 12

③ Read the current image file cyclically until the last record is read. The dwrecaddr and dwrecchk values of the last record are both 0x00000000, so that you can determine whether the last record is reached.

Figure 13

Figure 14

Figure 15

The downloaded image file contains the "cece‑in" and "nk.exe" modules, and records the starting address of the file loaded into RAM. The file length and file start are executed.

Figure 16

It is necessary to analyze the iskernelregion function body.

Figure 17

The tocentry struct is defined as follows:

Typedef struct tocentry {// module bib section structure

DWORD dwfileattributes;

Filetime fttime;

DWORD nfilesize;

Lpstr lpszfilename;

Ulong ule32offset; // offset to E32 Structure

Ulong ulo32offset; // offset to o32 Structure

Ulong ulloadoffset; // module load buffer offset

} Tocentry, * lptocentry;

In addition, for better understanding, the romhdr and tocentry struct descriptions in xipkernel. Bin are provided.

Figure 18

 

In this way, do… 3 is executed in figure 7... After the while () loop, extract xipkernel. Bin, NK. bin, and chain. bin to ram, and then write them to flash.

 

3.2.2 eboot: Write the decompressed image file to flash

After eboot decompress the image file to the specified RAM address space, it is necessary to burn the decompressed image file to flash, this process goes back to the following section of the eboot main process control function bootloadermain:

Figure 19

The oemlaunch function is used to download and start the system image file:

Figure 20

The writeosimagetobootmedia function is analyzed as follows:

(1) calculate the number of logical sectors starting with MBR and format the flash size of the specified block quantity for MBR.

Figure 21

Find the ROM Extension Data in the binfile containing the nk.exe module and obtain the starting address of chain. bin in Ram and the actual length of chain. binfile.

Figure 22

The content in xipkernel. Bin can be better understood.

Figure 23

Typedef struct rompid {

Union {

DWORD dwpid [pid_length]; // PID

Struct {

Char name [(pid_length-4) * sizeof (DWORD)];

DWORD type;

Pvoid pdata;

DWORD length;

DWORD reserved;

};

};

Pvoid pnextext; // pointer to next extension if any

} Rompid, extension;

 

Typedef struct _ xipchain_summary {

Lpvoid pvaddr; // address of the xip

DWORD dwmaxlength; // The biggest it can grow

Ushort usorder; // where to put into romchain_t

Ushort usflags; // flags/Status of xip

DWORD reserved; // for future use

} Xipchain_summary, * pxipchain_summary;

 

(3) determine the maximum length of the binfile to be downloaded.

Figure 24

(4) create a binfs partition and write the bin image file to the partition.

Figure 25

⑸ Update TOC information and create a FAT partition for the remaining flash Space

Figure 26

 

Then, call the oemlaunch function in Figure 19 to start the system. Download the multiple xip image file and analyze it now.