Difference between revisions of "ARM binaries"
(initial version) |
|||
| Line 49: | Line 49: | ||
*((u32 *)0xD800060) |= 0x20; | *((u32 *)0xD800060) |= 0x20; | ||
} | } | ||
| + | |||
| + | 0xD800000 seems to be the start of the (a?) hardware register space. | ||
After this, it loads the ELF file, and then '''zeroes out the memory area where the ELF file resides'''. Then it goes back to ARM mode and vectors to 0xFFFF0000 (the entrypoint of the ARM / vector table). The entire BOOT2 code seems to be relocatable: it can be loaded at any address and will still work, as long as it doesn't overlap with the destination of the ELF load. The entire BOOT2 wad file cleartext is loaded and then the loader is called, so the loader can calculate the offset of the header simply by subtracting 0x10 from the PC at its entrypoint. | After this, it loads the ELF file, and then '''zeroes out the memory area where the ELF file resides'''. Then it goes back to ARM mode and vectors to 0xFFFF0000 (the entrypoint of the ARM / vector table). The entire BOOT2 code seems to be relocatable: it can be loaded at any address and will still work, as long as it doesn't overlap with the destination of the ELF load. The entire BOOT2 wad file cleartext is loaded and then the loader is called, so the loader can calculate the offset of the header simply by subtracting 0x10 from the PC at its entrypoint. | ||
Revision as of 04:57, 23 January 2008
There are several formats for ARM binaries.
BOOT2 format
The BOOT2 ARM binary is contained inside a .wad file in update partitions. The .wad format and how to decrypt it is described in WAD files.
Once decrypted, the data has the following format:
| Start | End | Length | Description |
| 0x000 | 0x004 | 0x004 | Header size = 0x0010 |
| 0x004 | 0x008 | 0x004 | Offset to ELF file after header |
| 0x008 | 0x00C | 0x004 | Size of ELF file |
| 0x00C | 0x010 | 0x004 | 0x00 padding / unused |
| 0x010 | variable | variable | ELF file stub loader binary |
| variable | variable | variable | ELF file |
The BOOT2 elf stub loader sets up a stack, calculates its own address, and switches to THUMB mode. Then it does the following:
if( ! (*((u32 *)0xD800060) & 0x20) ) {
*((u32 *)0xD800060) |= 0x20;
}
0xD800000 seems to be the start of the (a?) hardware register space.
After this, it loads the ELF file, and then zeroes out the memory area where the ELF file resides. Then it goes back to ARM mode and vectors to 0xFFFF0000 (the entrypoint of the ARM / vector table). The entire BOOT2 code seems to be relocatable: it can be loaded at any address and will still work, as long as it doesn't overlap with the destination of the ELF load. The entire BOOT2 wad file cleartext is loaded and then the loader is called, so the loader can calculate the offset of the header simply by subtracting 0x10 from the PC at its entrypoint.