1 / 23

BinFS in WinCE

BinFS in WinCE. Bin FS = Binary + FSD. Relative technology Binary WinCE Image architecture Executable Format struct FSD Storage manager Partition driver Block driver. Binfs in explorer. Demond Page. 0x32000000. DLL EXE CPL … Files Modules. Program RAM. Reserved. NK

cleary
Download Presentation

BinFS in WinCE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BinFS in WinCE

  2. BinFS = Binary + FSD Relative technology • Binary WinCE Image architecture Executable Format struct • FSD Storage manager Partition driver Block driver

  3. Binfs in explorer

  4. Demond Page 0x32000000 DLL EXE CPL … Files Modules Program RAM Reserved NK (ramimage) XIP (ramimage) 2M NK (nandimage) 32M DRAM 16M 14M ramimage Single region Multi region 0x30000000

  5. Loading & Startup BootPhase 0/1 4k BootLoader BL1 IPL BL2 UTOOL EBOOT Nand Driver Nk.exe (startup()) RAM S3C2440/3 SRAM IPL KernelStart() FileSys/FSDMGR Binfs.dll/flashdrv.dll 0x30201000 Chain 0x30200000 RamImage Jump to 0x30000000 0x30000000 MBR RamImage Chain NandImage Start BootPhase 2

  6. BootPhase 2 Load data Device.exe Explorer.exe Battdrv.dll Ondisk.dll Fatfs.dll Etc… Kernel LoadModule FSDMGR Binfs.dll Bibdrv.dll NandImage in Nand Flash

  7. File access flow diagram APPLICATION File API AFS entry FSDMGR Filter/Cache File System Driver (FSD) Partition Driver Block device Driver Storage device controller driver

  8. Load FSD

  9. File System Driver (FSD) • BinFS • FatFS/NTFS • CDFS • Your custom FSD (抽象模型) File Index Table DATA

  10. FSD interface (Perfix FSD_) • Main FSD_Mount FSD_UnmountDisk • File FSD_CreateFileW FSD_CloseFile FSD_ReadFile FSD_ReadFileWithSeek FSD_SetFilePointer FSD_DeviceIoControl … • Path FSD_GetFileAttributesW FSD_GetDiskFreeSpaceW… • Find FSD_FindFirstFileW FSD_FindNextFileW FSD_FindClose Storage Manager and Partition Manager Call By File API set

  11. FSD Init AFS Manager CreateFile Block Device Driver Handle HDSK Part driver CreateDiskObject(HDSK) Handle PDSK FSD_Mount (PDSK) pVolume PATH name CreateVolumeObject(PDSK) Handle pVolume RegisterVolume( pVolume); pVolume can get partition handle and block device driver handle

  12. FSD Access CreatFileEx(L”\\windows\\explorer.exe”,…) Search AFS table to get pVolume Handle pVolume FSD_CreateFileW(pVolume) FSDMGR_CreateFileHandle(pVolume) Handle pFile ReadFile(pFile,….) FSD_ReadFile(pFile,….) FSDMGR_DeviceIoctl( pFile-> pVolume->PDSK,….) DeviceIoctl( pFile-> pVolume->PDSK->HDSK,….)

  13. Enable Demond Page MEMORY section ; NAME START ADDR SIZE TYPE ; -------------------------------------------------------------------------------------------------------- pdwXIPLoc 00000000 8C200000 FIXUPVAR XIPKERNEL 8C000000 00200000 RAMIMAGE CHAIN 8C200000 00001000 RESERVED NK 8C201000 01400000 NANDIMAGE RAM 8C201000 03D62000 RAM DISPLAY 8FF63000 00080000 RESERVED COMPRESSION=ON … XIPSCHAIN=8C200000 MODULES section nk.exe D:\WINCE500\pbworkspaces\....kern.exe XIPKERNEL SH Fatfs.dll D:\WINCE500\pbworkspaces\....fatfs.dll nk SH FILES section binfs.dll D:\WINCE500\pbworkspaces\....binfs.dll XIPKERNEL SH sample.wav D:\WINCE500\pbworkspaces\.... sample.wav nk SH

  14. PE files ( Portable Executable可移植的执行体) 1 当PE文件被执行,PE装载器检查 DOS MZ header 里的 PE header 偏移量。如果找到,则跳转到 PE header。 PE装载器检查 PE header 的有效性。如果有效,就跳转到PE header的尾部。 2 紧跟 PE header 的是节表。PE装载器读取其中的节信息,并采用文件映射方法将这些节映射到内存,同时付上节表里指定的节属性。 3 PE文件映射入内存后,PE装载器将处理PE文件中类似 import table(引入表)逻辑部分。 PE 的意思就是 Portable Executable(可移植的执行体)。它是 Win32环境自身所带的执行体文件格式。即使Windows运行在非Intel的CPU上,任何win32平台的PE装载器都能识别和使用该文件格式。当然,移植到不同的CPU上PE执行体必然得有一些改变。 如果我们将PE文件格式视为一逻辑磁盘,PE header是boot扇区而sections是各种文件,但我们仍缺乏足够信息来定位磁盘上的不同文件,譬如,什么是PE文件格式中等价于目录的东东?别急,那就是 PE header 接下来的数组结构section table(节表)。 每个结构包含对应节的属性、文件偏移量、虚拟偏移量等。

  15. Nb0 file format typedef struct stPIDun { char name[(PID_LENGTH - 4) * sizeof(DWORD)]; DWORD type; PVOID pdata; DWORD length; DWORD reserved; }STPIDUN; Name: chain information Type: 00000000 pData: 8c07d58c Length: 00000030 Reserved: 00000030 Next: 00000000 Addr: 8c200000 MaxLenth: 00001000 Order: 0000 Flags: 0000 reserved: 00000000 Addr: 8c000000 MaxLenth: 00200000 Order: 0000 Flags: 0001 reserved: 00000000 Addr: 8c201000 MaxLenth: 01400000 Order: 0001 Flags: 0001 reserved: 00000000 0x8C000000 EA command 60byte NUL 0x8C000040 Is “ECEC”? 1 ROMHDR address typedef struct _XIPCHAIN_SUMMARY { LPVOID pvAddr; // address of the XIP DWORD dwMaxLength; // the biggest it can grow to USHORT usOrder; // where to put into ROMChain_t USHORT usFlags; // flags/status of XIP DWORD reserved; // for future use }XIPCHAIN_SUMMARY, *PXIPCHAIN_SUMMARY; 0x8C000044 Ex:0x8c0d9840 Data … 0x8C000048- 8C002210 RAW Data Into RAM 3 ROMHDR Extensions KernelExtPointer(_nk.exe exist) 8C002210 8C002210 - 0x8c07d560 Data … 0x8c07d560 4 Chain information 0x8c07d560 - 0x8c0d9840 Data … ROMHDR ---------------------------------------- DLL First : 0x01F501FF DLL Last : 0x02000000 Physical First : 0x8C000000 Physical Last : 0x8C175580 RAM Start : 0x8C201000 RAM Free : 0x8C34A000 RAM End : 0x8FF63000 Kernel flags : 0x00000000 Prof Symbol Offset : 0x00000000 Num Copy Entries : 1 Copy Entries Offset : 0x8C07DFC0 Num Modules : 9 Num Files : 12 MiscFlags : 0x00000002 CPU : 0x01c2 (Thumb) Extensions : 0x8C002210 2 ROMHDR Struct 0x8c0d9840 ROMHDR Extensions ----------------------------- PID[0] = 0x00000000 PID[1] = 0x00000000 PID[2] = 0x00000000 PID[3] = 0x00000000 PID[4] = 0x00000000 PID[5] = 0x00000000 PID[6] = 0x00000000 PID[7] = 0x00000000 PID[8] = 0x00000000 PID[9] = 0x00000000 Next: 8c07d560 Files and Modules Index data … typedef struct TOCentry { // MODULE BIB section structure DWORD dwFileAttributes; FILETIME ftTime; DWORD nFileSize; LPSTR lpszFileName; //gaojian ADD LPSTR ULONG ulE32Offset; // Offset to E32 structure ULONG ulO32Offset; // Offset to O32 structure ULONG ulLoadOffset; // MODULE load buffer offset } TOCentry, *LPTOCentry; Data … 0x8CF00000

  16. BinFS init

  17. BinVolume Structure typedef struct { HVOL hVolume; HDSK hDsk; ChainData *pChain; DISK_INFO diskInfo; DWORD dwVolFlags; // per-volume flags, currently VOL_FLAG_XIP DWORD dwNumRegions; // Number of Bin Regions in the volume BinDirList *pDirectory; // Directory List // Compression support CRITICAL_SECTION csComp; // Protects current compression state BYTE *pReadBuf; // Compressed buffer BYTE pDecBuf[COMP_BLOCK_SIZE]; // Decompression Buffer; BinDirList *pCurCompDir; // Current directory entry being decompressed DWORD dwCurCompBlock; // Current Block being decompressed } BinVolume;

  18. BinDirList Structure • typedef struct _BinDirList { • WCHAR *szFileName; • DWORD dwRegion; • DWORD dwRealFileSize; • DWORD dwCompFileSize; • DWORD dwAttributes; • FILETIME ft; • DWORD dwAddress; • e32_rom *pe32; • o32_rom *po32; • struct _BinDirList *pNext; • } BinDirList, *PBinDirList;

  19. Load exe/dll Sequence

  20. Paging mode Set Read Use

  21. Different in Paging

  22. Different between Module and File

  23. Special Interface For Modules

More Related