Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

show default_exception_vsr addr for eCos #520

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

show default_exception_vsr addr for eCos #520

wants to merge 1 commit into from

Conversation

cq674350529
Copy link

Add another magic to try to get default_exception_vsr address in eCos firmware (mipsel), for this address may be helpful for locating the base_addr.

Currently, the eCos magic will try to match the following code in the firmware.

rom:80040000 rom_entry:
rom:80040000                 mfc0    $k0, Cause       # Cause of last exception
rom:80040004                 nop
rom:80040008                 andi    $k0, 0x7F
rom:8004000C                 li      $k1, 0x80000200
rom:80040014                 add     $k1, $k0
rom:80040018                 lw      $k1, 0($k1)
rom:8004001C                 jr      $k1
rom:80040020                 nop

In my recent analysis on an eCos mipsel firmware. I need to figure out the load base_addr of the firmware. The address 0x80000200 shown above is not really helpful. Finally I used a small trick to figure out the base_addr (0x80040000).

When I looked the firmware again, there is a code snippet (maybe) related to hal_mon_init. As we can see, the address of __default_exception_vsr is 0x80040224. From my perspective, it's helpful for locating the base_addr. (Page Align: 0x80040224 & ~((1<<12)-1) = 0x80040000)

rom:80040118                 li      $gp, 0x809A1140
rom:80040120                 li      $a0, 0x8099B7D0
rom:80040128                 move    $sp, $a0
rom:8004012C                 li      $v0, loc_80040224     <=== __default_exception_vsr
rom:80040134                 li      $v1, 0x80000200       <=== hal_vsr_table
rom:8004013C                 sw      $v0, 4($v1)
rom:80040140                 sw      $v0, 8($v1)
rom:80040144                 sw      $v0, 0xC($v1)
rom:80040148                 sw      $v0, 0x10($v1)
rom:8004014C                 sw      $v0, 0x14($v1)
rom:80040150                 sw      $v0, 0x18($v1)
rom:80040154                 sw      $v0, 0x1C($v1)
rom:80040158                 sw      $v0, 0x20($v1)
rom:8004015C                 sw      $v0, 0x24($v1)
rom:80040160                 sw      $v0, 0x28($v1)
rom:80040164                 sw      $v0, 0x2C($v1)

So I add this magic to match it. In addition, I manually test against 10 eCos firmwares approximately, and all work well. By the way, all the eCos firmwares I find are mipsel endian, so only add the little endian magic.

$ binwalk RGS200-12P.bin 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             eCos kernel exception handler, architecture: MIPSEL, exception vector table base address: 0x80000200
128           0x80            eCos kernel exception handler, architecture: MIPSEL, exception vector table base address: 0x80000200
300           0x12C           eCos vector table initialization handler, architecture: MIPSEL, default exception vector table base address: 0x80040224, hal_vsr_table base address: 0x80000200
# ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cq674350529