Note: Based on the USB download method, mlc nand Flash is k9g8g08u
1. File description of multiple xip Mode
In multiple xip mode, the generated files include chain. Bin, chain. lst, NK. Bin, xip. bin, and xipkernel. Bin, as shown in:
Figure 1
2. The order in which eboot downloads multiple xip image files
Download the chain. LST file. The chain. LST file defines which binfiles to download to flash and the order in which these binfiles are downloaded. We use ultraedit to open the chain. LST file. The content is as follows:
+ Xipkernel. Bin
NK. Bin
Chain. Bin
To download these binfiles to NAND Flash, and download xipkernel. Bin, NK. bin, and chain. bin in sequence.
Then, eboot automatically downloads the xipkernel. Bin, NK. bin, and chain. binfiles Based on the LST file, and then starts the wince6.0 system;
3. How to download the multiple xip image file using eboot
After pressing the U on the keyboard, the eboot enters the receiving PC's status of downloading the image file from USB to ram. What is the range of the image file downloaded from the PC to the ram region? This is specified by the eboot. bib file:
Usb_buf 83000000 03000000 Reserved
Figure 2
The maximum size of the image file that can be downloaded is 0x03000000 = 48 MB. To adjust the size, modify the size of the eboot file.
3.1 Processing Mechanism of dnw v0.60c.exe
How does dnw v0.60c.exe and eboot configure to download the multiple xip image file? Choose "USB port-> uboot" in dnw v0.60c.exe and select chain. during lst download, The dnw software obtained the chain. the path and content of the LST file. The image file to be downloaded contains xipkernel. bin, NK. BIN and chain. bin (three binfiles in total), and then open these three files in sequence to obtain their starting address, length, and name. The information is described using the multibininfo struct:
Figure 3
Obtain the information and calculate the verification code. Then, create ubootimage. UBI file, and then fill in the information in ubootimage in the form of multibininfo struct. the front of the ubi file, followed by xipkernel. bin, NK. BIN and chain. enter the binfile content in ubootimage. after the multibininfo struct description of the ubi file. the ubi file is sent to the specified RAM address via USB, which is the content before the file:
Figure 4
The following content is followed by the ubootimage. ubi file:
Figure 5
The ubootimage. ubi file format can be summarized as follows:
Figure 6
3.2 eboot supports the multiple xip Image File Download Processing Mechanism
3.2.1 eboot unzip the image file to the specified RAM address space
When we press the U button on the keyboard, eboot enters the process of calling the downloadimage function. Let's take a look at this function (I have removed some temporarily unrelated functions ):
Figure 7
These functions are described as follows:
(1) The getimagetype () function obtains the format of the wnce image file to be downloaded by reading the first seven magic number bytes of the image file. The file formats supported by wince6.0 eboot include the following:
"N000ff \ x0a" -- bl_image_type_manifest
"X000ff \ x0a" -- bl_image_type_multixip
"B000ff \ x0a" -- bl_image_type_bin
"S000ff \ x0a" -- bl_image_type_signed_bin
"R000ff \ x0a" -- bl_image_type_signed_nb0
No signature -- bl_image_type_unknown
The ubootimage. ubi file is downloaded in the bl_image_type_manifest format, as shown in figure 4.
The getimagetype () function calls a very important function, such:
Figure 8
(2) The checkimagemanifest () function is used to obtain and verify the multibininfo struct information of the multiple xip image files xipkernel. Bin, NK. bin, and chain. bin to be downloaded.
Figure 9
(3) The downloadbin () function reads xipkernel from the address 0x83000333 of RAM in sequence. bin, NK. BIN and chain. bin content to config. the ram memory specified in bib, which must be combined with config. in bib, eboot extracts the image file from Ram to other addresses in Ram as follows:
Figure 10
The downloadbin () function is described as follows:
① Read the image file (the first is xipkernel. Bin) and decompress it to the starting address in Ram. The actual valid data length of this image file.
Figure 11
(2) Check the starting address and length of the currently decompressed image file in Ram. If it is not within the range specified by config. bib, an error occurs.
Figure 12
③ Read the current image file cyclically until the last record is read. The dwrecaddr and dwrecchk values of the last record are both 0x00000000, so that you can determine whether the last record is reached.
Figure 13
Figure 14
Figure 15
The downloaded image file contains the "cece‑in" and "nk.exe" modules, and records the starting address of the file loaded into RAM. The file length and file start are executed.
Figure 16
It is necessary to analyze the iskernelregion function body.
Figure 17
The tocentry struct is defined as follows:
Typedef struct tocentry {// module bib section structure
DWORD dwfileattributes;
Filetime fttime;
DWORD nfilesize;
Lpstr lpszfilename;
Ulong ule32offset; // offset to E32 Structure
Ulong ulo32offset; // offset to o32 Structure
Ulong ulloadoffset; // module load buffer offset
} Tocentry, * lptocentry;
In addition, for better understanding, the romhdr and tocentry struct descriptions in xipkernel. Bin are provided.
Figure 18
In this way, do… 3 is executed in figure 7... After the while () loop, extract xipkernel. Bin, NK. bin, and chain. bin to ram, and then write them to flash.
3.2.2 eboot: Write the decompressed image file to flash
After eboot decompress the image file to the specified RAM address space, it is necessary to burn the decompressed image file to flash, this process goes back to the following section of the eboot main process control function bootloadermain:
Figure 19
The oemlaunch function is used to download and start the system image file:
Figure 20
The writeosimagetobootmedia function is analyzed as follows:
(1) calculate the number of logical sectors starting with MBR and format the flash size of the specified block quantity for MBR.
Figure 21
Find the ROM Extension Data in the binfile containing the nk.exe module and obtain the starting address of chain. bin in Ram and the actual length of chain. binfile.
Figure 22
The content in xipkernel. Bin can be better understood.
Figure 23
Typedef struct rompid {
Union {
DWORD dwpid [pid_length]; // PID
Struct {
Char name [(pid_length-4) * sizeof (DWORD)];
DWORD type;
Pvoid pdata;
DWORD length;
DWORD reserved;
};
};
Pvoid pnextext; // pointer to next extension if any
} Rompid, extension;
Typedef struct _ xipchain_summary {
Lpvoid pvaddr; // address of the xip
DWORD dwmaxlength; // The biggest it can grow
Ushort usorder; // where to put into romchain_t
Ushort usflags; // flags/Status of xip
DWORD reserved; // for future use
} Xipchain_summary, * pxipchain_summary;
(3) determine the maximum length of the binfile to be downloaded.
Figure 24
(4) create a binfs partition and write the bin image file to the partition.
Figure 25
⑸ Update TOC information and create a FAT partition for the remaining flash Space
Figure 26
Then, call the oemlaunch function in Figure 19 to start the system. Download the multiple xip image file and analyze it now.