Embed Size (px)
DESCRIPTION
BinFS in WinCE. Bin FS = Binary + FSD. Relative technology Binary WinCE Image architecture Executable Format struct FSD Storage manager Partition driver Block driver. Binfs in explorer. Demond Page. 0x32000000. DLL EXE CPL … Files Modules. Program RAM. Reserved. NK - PowerPoint PPT Presentation
Citation preview
BinFS in WinCE
BinFS = Binary + FSD
Relative technology • Binary
WinCE Image architectureExecutable Format struct
• FSDStorage manager Partition driverBlock driver
Binfs in explorer
Demond Page
NK(ramimage) NK
(nandimage)
XIP(ramimage)
16M
14M
2M
Single region Multi region
ProgramRAM
ramimage
0x32000000
0x30000000
DLL EXE CPL … Files ModulesReserved
32M
DRAM
Loading & Startup BootPhase 0/14k
BootLoaderBL1
IPLBL2
UTOOLEBOOT
S3C2440/3
RamImage NandImageMBR Chain
SRAMRAM
0x30000000
Nand Driver
IPL
RamImage
Chain0x30200000
0x30201000
Jump to 0x30000000
Nk.exe (startup())
KernelStart()
FileSys/FSDMGR
Binfs.dll/flashdrv.dll
Start BootPhase 2
BootPhase 2 Load data
Kernel
FSDMGR
LoadModule
Binfs.dll
NandImage in Nand Flash
Bibdrv.dll
Device.exeExplorer.exe
Battdrv.dllOndisk.dllFatfs.dllEtc…
File access flow diagram
APPLICATION
AFS entry
File API
FSDMGR
File System Driver (FSD)
Filter/Cache
Partition Driver
Block device Driver
Storage device controller driver
Load FSD
File System Driver (FSD)
• BinFS
• FatFS/NTFS
• CDFS
• Your custom FSD
( 抽象模型 ) File Index Table
DATA
FSD interface (Perfix FSD_)
• MainFSD_MountFSD_UnmountDisk
• FileFSD_CreateFileWFSD_CloseFileFSD_ReadFileFSD_ReadFileWithSeekFSD_SetFilePointerFSD_DeviceIoControl …
• PathFSD_GetFileAttributesWFSD_GetDiskFreeSpaceW…
• FindFSD_FindFirstFileWFSD_FindNextFileWFSD_FindClose
Storage Manager and Partition Manager
Call By File API set
FSD Init
FSD_Mount (PDSK)
Part driver CreateDiskObject(HDSK)
Block Device DriverHandle HDSKCreateFile
Handle PDSK
RegisterVolume( pVolume);
CreateVolumeObject(PDSK) Handle pVolume
pVolumePATH name
AFS Manager
pVolume can get partition handle and block device driver handle
FSD AccessCreatFileEx(L”\\windows\\explorer.exe”,…)
Search AFS table to get pVolume Handle pVolume
FSD_CreateFileW(pVolume)
FSDMGR_CreateFileHandle(pVolume) Handle pFile
ReadFile(pFile,….)
FSD_ReadFile(pFile,….)
FSDMGR_DeviceIoctl( pFile-> pVolume->PDSK,….)
DeviceIoctl( pFile-> pVolume->PDSK->HDSK,….)
Enable Demond PageMEMORY section; NAME START ADDR SIZE TYPE; --------------------------------------------------------------------------------------------------------pdwXIPLoc 00000000 8C200000 FIXUPVARXIPKERNEL 8C000000 00200000 RAMIMAGECHAIN 8C200000 00001000 RESERVEDNK 8C201000 01400000 NANDIMAGERAM 8C201000 03D62000 RAM DISPLAY 8FF63000 00080000 RESERVED COMPRESSION=ON …XIPSCHAIN=8C200000MODULES section
nk.exe D:\WINCE500\pbworkspaces\....kern.exe XIPKERNEL SHFatfs.dll D:\WINCE500\pbworkspaces\....fatfs.dll nk SH
FILES sectionbinfs.dll D:\WINCE500\pbworkspaces\....binfs.dll XIPKERNEL SHsample.wav D:\WINCE500\pbworkspaces\.... sample.wav nk SH
PE files ( Portable Executable 可移植的执行体) PE 的意思就是 Portable Executable (可移植的执行体)。它是 Win32 环境自身所带的执行体文件格式。即使 Windows 运行在非 Intel 的 CPU 上,任何 win32 平台的 PE 装载器都能识别和使用该文件格式。当然,移植到不同的 CPU 上 PE 执行体必然得有一些改变。
如果我们将 PE 文件格式视为一逻辑磁盘, PE header 是 boot 扇区而 sections 是各种文件,但我们仍缺乏足够信息来定位磁盘上的不同文件,譬如,什么是 PE 文件格式中等价于目录的东东?别急,那就是 PE header 接下来的数组结构 section table (节表)。 每个结构包含对应节的属性、文件偏移量、虚拟偏移量等。
1 当 PE 文件被执行, PE 装载器检查 DOS MZ header 里的 PE header 偏移量。如果找到,则跳转到 PE header 。 PE 装载器检查 PE header 的有效性。如果有效,就跳转到 PE header 的尾部。 2 紧跟 PE header 的是节表。 PE 装载器读取其中的节信息,并采用文件映射方法将这些节映射到内存,同时付上节表里指定的节属性。 3 PE 文件映射入内存后, PE 装载器将处理 PE 文件中类似 import table (引入表)逻辑部分。
Nb0 file formatEA command60byte NUL
Is “ECEC”?
Data …
ROMHDR ---------------------------------------- DLL First : 0x01F501FF DLL Last : 0x02000000 Physical First : 0x8C000000 Physical Last : 0x8C175580 RAM Start : 0x8C201000 RAM Free : 0x8C34A000 RAM End : 0x8FF63000 Kernel flags : 0x00000000 Prof Symbol Offset : 0x00000000 Num Copy Entries : 1 Copy Entries Offset : 0x8C07DFC0 Num Modules : 9 Num Files : 12 MiscFlags : 0x00000002 CPU : 0x01c2 (Thumb) Extensions : 0x8C002210
0x8C000000
0x8C000040
0x8C000044 1 ROMHDR address Ex:0x8c0d9840
0x8c0d9840
8C002210
Data …
3 ROMHDR ExtensionsKernelExtPointer(_nk.exe exist)
0x8C000048- 8C002210
8C002210 - 0x8c07d560
2 ROMHDR Struct
ROMHDR Extensions ----------------------------- PID[0] = 0x00000000 PID[1] = 0x00000000 PID[2] = 0x00000000 PID[3] = 0x00000000 PID[4] = 0x00000000 PID[5] = 0x00000000 PID[6] = 0x00000000 PID[7] = 0x00000000 PID[8] = 0x00000000 PID[9] = 0x00000000 Next: 8c07d560
Data …
4 Chain information0x8c07d560
0x8c07d560 - 0x8c0d9840
Files and ModulesIndex data …
Name: chain information Type: 00000000 pData: 8c07d58c Length: 00000030 Reserved: 00000030 Next: 00000000 Addr: 8c200000 MaxLenth: 00001000 Order: 0000 Flags: 0000 reserved: 00000000 Addr: 8c000000 MaxLenth: 00200000 Order: 0000 Flags: 0001 reserved: 00000000 Addr: 8c201000 MaxLenth: 01400000 Order: 0001 Flags: 0001 reserved: 00000000
0x8CF00000
RAW Data
Into RAM
typedef struct stPIDun{
char name[(PID_LENGTH - 4) * sizeof(DWORD)];DWORD type;PVOID pdata;DWORD length;DWORD reserved;
}STPIDUN;
typedef struct _XIPCHAIN_SUMMARY { LPVOID pvAddr; // address of the XIP DWORD dwMaxLength; // the biggest it can grow to USHORT usOrder; // where to put into ROMChain_t USHORT usFlags; // flags/status of XIP DWORD reserved; // for future use}XIPCHAIN_SUMMARY, *PXIPCHAIN_SUMMARY;
Data …
typedef struct TOCentry { // MODULE BIB section structure DWORD dwFileAttributes; FILETIME ftTime; DWORD nFileSize; LPSTR lpszFileName; //gaojian ADD LPSTR ULONG ulE32Offset; // Offset to E32 structure ULONG ulO32Offset; // Offset to O32 structure ULONG ulLoadOffset; // MODULE load buffer offset} TOCentry, *LPTOCentry;
BinFS init
BinVolume Structuretypedef struct{ HVOL hVolume; HDSK hDsk; ChainData *pChain; DISK_INFO diskInfo; DWORD dwVolFlags; // per-volume flags, currently VOL_FLAG_XIP DWORD dwNumRegions; // Number of Bin Regions in the volume BinDirList *pDirectory; // Directory List // Compression support CRITICAL_SECTION csComp; // Protects current compression state BYTE *pReadBuf; // Compressed buffer BYTE pDecBuf[COMP_BLOCK_SIZE]; // Decompression Buffer; BinDirList *pCurCompDir; // Current directory entry being decompressed DWORD dwCurCompBlock; // Current Block being decompressed} BinVolume;
BinDirList Structure
• typedef struct _BinDirList {• WCHAR *szFileName;• DWORD dwRegion;• DWORD dwRealFileSize;• DWORD dwCompFileSize;• DWORD dwAttributes;• FILETIME ft;• DWORD dwAddress;• e32_rom *pe32;• o32_rom *po32;• struct _BinDirList *pNext;• } BinDirList, *PBinDirList;
Load exe/dll Sequence
Paging mode
Set
Read
Use
Different in Paging
Different between Module and File
Special Interface For Modules
