Kernel transfer independence layer (KITL) Analysis of Windows CE 6.0 (2)

 

(3) Windows CE 6.0
KITL Initialization Process Analysis

Secret file. You cannot directly call the KITL initialization function like WinCE5.0. According to the principle of mutual access between shared variables or functions in Windows CE 6.0 (see the startup Analysis Section of Windows CE 6.0 ), they can only be implemented through the OEMGLOBAL and NKGLOBAL struct defined by the system.
Options) When Enable KITL is selected, the compiler will. dll dynamic link library is linked to the kernel, and the OEMGLOBAL struct defines the use of the KITLOEM macro to convert kitl. the dll entry function KitlDllMain is compiled to the system. This is the system-Linked Library oemmain_statickitl.lib. The following is the definition of kitl in the oemglobal struct:

// Platform specific information passed from OAL to KITL.

NULL, // LPVOID pKitlInfo

# Ifdef KITLOEM

KitlDllMain, // KITL entry point (KITL is part of OEM)

# Else

NULL, // KITL entry point (KITL is in a separate DLL)

# Endif

Once kitl. when the dll is started, the KITLIoctl function address is assigned to the pfnKITLIoctl pointer of NKGLOBAL in the entry function KitlDllMain, And the OEMGLOBAL struct pointer is also obtained from the kernel startup parameter struct (KDataStruct) g_pKData, in this way, mutual access between shared variables and functions can be achieved. That is, the OEMInit () function in OAL indirectly calls KITLIoctl through the NKGLOBAL struct.
Function to start KITL initialization.

$ (_ PRIVATEROOT) \ WINCEOS \ COREOS \ NK \ KITL \ ethdbg. c

Bool winapi KitlDllMain (HINSTANCE DllInstance, DWORD dwReason, LPVOID Reserved)

{

If (DLL_PROCESS_ATTACH = dwReason ){

PFN_KLIBIOCTL pfnKLibIoctl = (PFN_KLIBIOCTL) Reserved;

G_kpriv.pfnExtKITLIoctl = ExtKITLIoctl;

(* PfnKLibIoctl) (HANDLE) KMOD_KITL, IOCTL_KLIB_KITL_INIT, NULL, 0, & g_kpriv, sizeof (g_kpriv), NULL );

G_pKData = g_kpriv.pKData;

G_pprcNK = g_kpriv.pprcNK;

G_pnkglobal = g_pkdata-> PNK;

G_poemglobal = g_pkdata-> poem;

G_pnkglobal-> pfnkitlioctl = kitlioctl;

# Ifdef debug

G_pnkglobal-> pkitldbgzone = & dpcursettings;

# Endif

}

Return true;

}

 

$ (_ Privateroot) \ winceos \ coreos \ nk \ oemstub. c

Void oeminit (void)

{

G_poemglobal-> pfninitplatform ();

}

 

$ (_ Privateroot) \ winceos \ coreos \ nk \ nkstub \ kitlstub. c

Bool kitlioctl (DWORD dwcode, lpvoid pinbuf, DWORD ninsize, lpvoid poutbuf, DWORD noutsize, lpdword pcbret)

{

Return g_pnkglobal-> pfnkitlioctl (dwcode, pinbuf, ninsize, poutbuf, noutsize, pcbret );

}

 

$ (_ Platformroot) \ xsbase270 \ SRC \ oal \ oallib \ init. c

Void oeminit ()

{

Volatile xsbase270_cpld_regs * pcpldregs = (volatile xsbase270_cpld_regs *) oalpatova (xsbase270_base_reg_pa_cpld, false );

Volatile xsbase270_membcr_regs * pmembcrregs = (volatile xsbase270_membcr_regs *) oalpatova (xsbase270_base_pa_pfs, false );

......

// Initialize the kitl connection if required.

Kitlioctl (ioctl_kitl_startup, null, 0, null, 0, null );

.......

OALMSG (OAL_FUNC, (L "-OEMInit \ r \ n "));

}

$ (_ PRIVATEROOT) \ WINCEOS \ COREOS \ NK \ KITL \ ethdbg. c

BOOL KITLIoctl (DWORD dwIoControlCode, LPVOID lpInBuf, DWORD nInBufSize, LPVOID lpOutBuf, DWORD nOutBufSize, LPDWORD lpBytesReturned)

{

BOOL retval = FALSE;

Switch (dwIoControlCode ){

Case IOCTL_KITL_STARTUP:

Retval = OEMKitlStartup ();

Break;

......

Return retval;

}

Based on the above analysis and the above five pieces of code, let's take a look at the call sequence of the function.

Kernel call $ (_ PRIVATEROOT) \ WINCEOS \ COREOS \ NK \ OEMMAIN \ oemstub. the OEMInit function in c. This function uses the function pointer pfnInitPlatform (in OEMGLOBAL. c initialization) call $ (_ PLATFORMROOT) \ xsbase270 \ src \ oal \ OalLib \ Init. the OEMInit function in c. when calling the KITLIoctl function, the function actually calls $ (_ PRIVATEROOT) \ WINCEOS \ COREOS \ NK \ NKSTUB \ kitlstub. the KITLIoctl function in c uses the pfnKITLIoctl function pointer in the NKGLOBAL struct to call $ (_ PRIVATEROOT) \ WINCEOS \ COREOS \ NK \ KITL \ ethdbg. c's KITLIoctl function. Windows
In CE 6.0, function calls seem to be in a circle, which is also its secret. After straighten out the order of the above functions, the subsequent function calls are quite simple.

The first parameter for calling the KITLIoctl (IOCTL_KITL_STARTUP, NULL, 0, NULL, 0, NULL) function in the OEMInit function is IOCTL_KITL_STARTUP, the KITLIoctl function is finally called at $ (_ PRIVATEROOT) \ WINCEOS \ COREOS \ NK \ KITL \ ethdbg. the KITLIoctl function in c can be found from the source code that the selection statement for IOCTL_KITL_STARTUP is retval = OEMKitlStartup (), that is, the function is called back to a Windows-like
In CE 5.0, The OALKitlStart () function is mentioned in the porting steps of Windows CE 6.0 KITL. You need to rename the OALKitlStart () function in Windows CE 5.0 to the OEMKitlStartup () function. If you are familiar with the KITL function calling sequence of Windows CE 5.0, you can skip the subsequent content.