A matsayin wani ɓangare na taron 0x0A DC7831 A ranar 16 ga Fabrairu, mun gabatar da rahoto kan ainihin ka'idodin binary code emulation da namu ci gaban - na'urar dandali na hardware .
A cikin wannan labarin za mu bayyana yadda ake gudanar da firmware na na'urar a cikin kwaikwayi, nuna hulɗa tare da mai gyara, da yin ƙaramin bincike mai ƙarfi na firmware.
prehistory
Da dadewa a cikin galaxy mai nisa
Shekaru biyu da suka gabata a cikin dakin gwaje-gwajenmu akwai buƙatar bincika firmware na na'urar. An matsa firmware kuma an cire shi tare da bootloader. Ya yi wannan ta hanya mai rikitarwa, yana canza bayanai a cikin ƙwaƙwalwar ajiya sau da yawa. Kuma firmware da kanta sannan ta yi hulɗa tare da abubuwan haɗin gwiwa. Kuma duk wannan akan MIPS core.
Don dalilai na haƙiƙa, abubuwan da ke akwai ba su dace da mu ba, amma har yanzu muna son gudanar da lambar. Sannan mun yanke shawarar yin namu emulator, wanda zai yi mafi ƙarancin kuma ya ba mu damar buɗe babban firmware. Mun gwada shi kuma ya yi aiki. Mun yi tunani, menene idan muka ƙara kayan aiki don yin babban firmware. Bai yi rauni sosai ba - kuma ya yi aiki ma. Mun sake tunani kuma muka yanke shawarar yin cikakken kwaikwaya.
Sakamakon ya kasance mai kwaikwayi tsarin kwamfuta .
Me yasa Kopycat?
Akwai wasa akan kalmomi.
- copycat (Turanci, suna [ˈkɒpɪkæt]) - mai koyi, mai koyi
- cat (Turanci, suna [ˈkæt]) - cat, cat - dabbar da aka fi so na ɗaya daga cikin masu kirkiro aikin
- Harafin "K" ya fito ne daga harshen shirye-shirye na Kotlin
Kwafi
Lokacin ƙirƙirar emulator, an saita takamaiman maƙasudai:
- da ikon haifar da sauri sabon na'urori masu auna sigina, kayayyaki, na'ura mai sarrafawa;
- ikon haɗa na'urar kama-da-wane daga sassa daban-daban;
- ikon ɗora duk wani bayanan binary (firmware) a cikin ƙwaƙwalwar ajiyar na'urar kama-da-wane;
- ikon yin aiki tare da hotuna (snapshots na yanayin tsarin);
- ikon yin hulɗa tare da kwaikwayi ta hanyar ginanniyar debugger;
- kyakkyawan harshe na zamani don ci gaba.
A sakamakon haka, an zaɓi Kotlin don aiwatarwa, tsarin gine-ginen bas (wannan shine lokacin da kayayyaki ke sadarwa da juna ta hanyar bas ɗin bayanan kama-da-wane), JSON a matsayin tsarin bayanin na'urar, da GDB RSP a matsayin ka'idar hulɗa tare da debugger.
Ana ci gaba da ci gaba na ɗan lokaci sama da shekaru biyu kuma yana ci gaba da gudana. A wannan lokacin, MIPS, x86, V850ES, ARM, da kuma na'urorin sarrafawa na PowerPC an aiwatar da su.
Aikin yana girma kuma lokaci yayi da za a gabatar da shi ga sauran jama'a. Za mu yi cikakken bayanin aikin daga baya, amma a yanzu za mu mayar da hankali kan yin amfani da Kopycat.
Don mafi yawan rashin haƙuri, ana iya sauke sigar talla ta emulator daga .
Rhino a cikin emulator
Bari mu tuna cewa a baya don taron SMARTRHINO-2018, an ƙirƙiri na'urar gwaji "Rhinoceros" don koyar da ƙwarewar injiniya na baya. An yi bayanin tsarin bincike na firmware a tsaye a ciki .
Yanzu bari mu yi ƙoƙarin ƙara "masu magana" kuma mu gudanar da firmware a cikin emulator.
Za mu buƙaci:
1) Java 1.8
2) Python da module don amfani da Python a cikin emulator. Kuna iya gina tsarin WHL Jep don Windows .
Don Windows:
1)
2)
Don Linux:
1) kowa
Kuna iya amfani da Eclipse, IDA Pro ko radare2 azaman abokin ciniki na GDB.
Yaya ta yi aiki?
Don yin firmware a cikin emulator, dole ne a "tattata" na'urar kama-da-wane, wanda shine analog na ainihin na'urar.
Ana iya nuna ainihin na'urar ("rhino") a cikin zane-zane:
Mai kwaikwayon yana da tsari na zamani kuma ana iya siffanta na'urar ta ƙarshe a cikin fayil ɗin JSON.
JSON 105 Lines
{
"top": true,
// Plugin name should be the same as file name (or full path from library start)
"plugin": "rhino",
// Directory where plugin places
"library": "user",
// Plugin parameters (constructor parameters if jar-plugin version)
"params": [
{ "name": "tty_dbg", "type": "String"},
{ "name": "tty_bt", "type": "String"},
{ "name": "firmware", "type": "String", "default": "NUL"}
],
// Plugin outer ports
"ports": [ ],
// Plugin internal buses
"buses": [
{ "name": "mem", "size": "BUS30" },
{ "name": "nand", "size": "4" },
{ "name": "gpio", "size": "BUS32" }
],
// Plugin internal components
"modules": [
{
"name": "u1_stm32",
"plugin": "STM32F042",
"library": "mcu",
"params": {
"firmware:String": "params.firmware"
}
},
{
"name": "usart_debug",
"plugin": "UartSerialTerminal",
"library": "terminals",
"params": {
"tty": "params.tty_dbg"
}
},
{
"name": "term_bt",
"plugin": "UartSerialTerminal",
"library": "terminals",
"params": {
"tty": "params.tty_bt"
}
},
{
"name": "bluetooth",
"plugin": "BT",
"library": "mcu"
},
{ "name": "led_0", "plugin": "LED", "library": "mcu" },
{ "name": "led_1", "plugin": "LED", "library": "mcu" },
{ "name": "led_2", "plugin": "LED", "library": "mcu" },
{ "name": "led_3", "plugin": "LED", "library": "mcu" },
{ "name": "led_4", "plugin": "LED", "library": "mcu" },
{ "name": "led_5", "plugin": "LED", "library": "mcu" },
{ "name": "led_6", "plugin": "LED", "library": "mcu" },
{ "name": "led_7", "plugin": "LED", "library": "mcu" },
{ "name": "led_8", "plugin": "LED", "library": "mcu" },
{ "name": "led_9", "plugin": "LED", "library": "mcu" },
{ "name": "led_10", "plugin": "LED", "library": "mcu" },
{ "name": "led_11", "plugin": "LED", "library": "mcu" },
{ "name": "led_12", "plugin": "LED", "library": "mcu" },
{ "name": "led_13", "plugin": "LED", "library": "mcu" },
{ "name": "led_14", "plugin": "LED", "library": "mcu" },
{ "name": "led_15", "plugin": "LED", "library": "mcu" }
],
// Plugin connection between components
"connections": [
[ "u1_stm32.ports.usart1_m", "usart_debug.ports.term_s"],
[ "u1_stm32.ports.usart1_s", "usart_debug.ports.term_m"],
[ "u1_stm32.ports.usart2_m", "bluetooth.ports.usart_m"],
[ "u1_stm32.ports.usart2_s", "bluetooth.ports.usart_s"],
[ "bluetooth.ports.bt_s", "term_bt.ports.term_m"],
[ "bluetooth.ports.bt_m", "term_bt.ports.term_s"],
[ "led_0.ports.pin", "u1_stm32.buses.pin_output_a", "0x00"],
[ "led_1.ports.pin", "u1_stm32.buses.pin_output_a", "0x01"],
[ "led_2.ports.pin", "u1_stm32.buses.pin_output_a", "0x02"],
[ "led_3.ports.pin", "u1_stm32.buses.pin_output_a", "0x03"],
[ "led_4.ports.pin", "u1_stm32.buses.pin_output_a", "0x04"],
[ "led_5.ports.pin", "u1_stm32.buses.pin_output_a", "0x05"],
[ "led_6.ports.pin", "u1_stm32.buses.pin_output_a", "0x06"],
[ "led_7.ports.pin", "u1_stm32.buses.pin_output_a", "0x07"],
[ "led_8.ports.pin", "u1_stm32.buses.pin_output_a", "0x08"],
[ "led_9.ports.pin", "u1_stm32.buses.pin_output_a", "0x09"],
[ "led_10.ports.pin", "u1_stm32.buses.pin_output_a", "0x0A"],
[ "led_11.ports.pin", "u1_stm32.buses.pin_output_a", "0x0B"],
[ "led_12.ports.pin", "u1_stm32.buses.pin_output_a", "0x0C"],
[ "led_13.ports.pin", "u1_stm32.buses.pin_output_a", "0x0D"],
[ "led_14.ports.pin", "u1_stm32.buses.pin_output_a", "0x0E"],
[ "led_15.ports.pin", "u1_stm32.buses.pin_output_a", "0x0F"]
]
}Kula da siga firmware sashe params shine sunan fayil ɗin da za'a iya lodawa cikin na'urar kama-da-wane azaman firmware.
Na'urar kama-da-wane da mu'amalarta da babban tsarin aiki ana iya wakilta ta da wannan zane mai zuwa:
Misalin gwaji na yanzu na mai kwaikwayon ya ƙunshi hulɗa tare da tashoshin COM na babban OS (debug UART da UART don tsarin Bluetooth). Waɗannan na iya zama tashoshin jiragen ruwa na gaske waɗanda na'urori ke haɗa su ko tashoshin COM na zahiri (don wannan kawai kuna buƙata com0com/socat).
A halin yanzu akwai manyan hanyoyi guda biyu don hulɗa tare da emulator daga waje:
- GDB RSP yarjejeniya (bisa ga haka, kayan aikin da ke goyan bayan wannan yarjejeniya sune Eclipse / IDA / radare2);
- layin umarni na ciki (Argparse ko Python).
Virtual COM tashar jiragen ruwa
Domin yin hulɗa tare da UART na na'urar kama-da-wane akan injin gida ta hanyar tasha, kuna buƙatar ƙirƙirar tashoshin jiragen ruwa na COM guda biyu masu alaƙa. A cikin yanayinmu, tashar jiragen ruwa ɗaya na amfani da emulator, na biyu kuma ana amfani da shi ta hanyar tashar tashar (PuTTY ko allo):
Yin amfani da com0com
Ana saita tashoshin jiragen ruwa na Virtual COM ta amfani da kayan aikin saitin daga kayan aikin com0com ( sigar na'ura mai kwakwalwa - C: Fayilolin Shirin (x86) com0comsetupс.exe, ko GUI version - C: Fayilolin Shirin (x86) com0comsetupg.exe):
Duba akwatunan kunna buffer wuce gona da iri ga duk tashoshin jiragen ruwa da aka ƙirƙira, in ba haka ba mai kwaikwayon zai jira amsa daga tashar COM.
Amfani da socat
A kan tsarin UNIX, kwaikwayi ana ƙirƙirar tashoshin COM kama-da-wane ta atomatik ta amfani da kayan aikin socat; don yin wannan, kawai saka prefix a cikin sunan tashar jiragen ruwa lokacin fara emulator. socat:.
Layin layin umarni na ciki (Argparse ko Python)
Tun da Kopycat aikace-aikacen wasan bidiyo ne, mai kwaikwayon yana ba da zaɓuɓɓukan ƙirar layin umarni guda biyu don hulɗa tare da abubuwan sa da masu canji: Argparse da Python.
Argparse shine CLI da aka gina a cikin Kopycat kuma koyaushe yana samuwa ga kowa.
Wani madadin CLI shine fassarar Python. Don amfani da shi, kuna buƙatar shigar da tsarin Jep Python kuma saita mai kwaikwayon don yin aiki tare da Python (za a yi amfani da fassarar Python da aka sanya akan babban tsarin mai amfani).
Shigar da tsarin Python Jep
A karkashin Linux Jep za a iya shigar ta hanyar pip:
pip install jepDon shigar da Jep akan Windows, dole ne ka fara shigar da Windows SDK da Microsoft Visual Studio mai dacewa. Mun dan yi muku sauki kuma JEP don nau'ikan Python na yanzu don Windows, don haka ana iya shigar da tsarin daga fayil ɗin:
pip install jep-3.8.2-cp27-cp27m-win_amd64.whlDon bincika shigarwar Jep, kuna buƙatar gudu akan layin umarni:
python -c "import jep"Ya kamata a karɓi saƙon mai zuwa don amsawa:
ImportError: Jep is not supported in standalone Python, it must be embedded in Java.A cikin fayil ɗin tsari na emulator don tsarin ku (kwafi.bat - don Windows, kwafi - don Linux) zuwa jerin sigogi DEFAULT_JVM_OPTS ƙara ƙarin siga Djava.library.path - dole ne ya ƙunshi hanyar zuwa tsarin Jep da aka shigar.
Sakamakon Windows ya kamata ya zama layi kamar haka:
set DEFAULT_JVM_OPTS="-XX:MaxMetaspaceSize=256m" "-XX:+UseParallelGC" "-XX:SurvivorRatio=6" "-XX:-UseGCOverheadLimit" "-Djava.library.path=C:/Python27/Lib/site-packages/jep"Ana ƙaddamar da Kopycat
Eilator shine aikace-aikacen JVM na console. Ana aiwatar da ƙaddamarwa ta hanyar rubutun layin umarni (sh/cmd).
Umurnin yin aiki a ƙarƙashin Windows:
binkopycat -g 23946 -n rhino -l user -y library -p firmware=firmwarerhino_pass.bin,tty_dbg=COM26,tty_bt=COM28Umurnin yin aiki a ƙarƙashin Linux ta amfani da socat utility:
./bin/kopycat -g 23946 -n rhino -l user -y library -p firmware=./firmware/rhino_pass.bin, tty_dbg=socat:./COM26,tty_bt=socat:./COM28-g 23646- TCP tashar jiragen ruwa da za a bude don samun dama ga uwar garken GDB;-n rhino- sunan babban tsarin tsarin (na'urar da aka haɗa);-l user- sunan ɗakin karatu don bincika babban tsarin;-y library- hanyar neman kayayyaki da aka haɗa a cikin na'urar;firmwarerhino_pass.bin- hanyar zuwa fayil ɗin firmware;- COM26 da COM28 tashoshin COM ne na kama-da-wane.
A sakamakon haka, za a nuna alamar tambaya Python > (ko Argparse >):
18:07:59 INFO [eFactoryBuilder.create ]: Module top successfully created as top
18:07:59 INFO [ Module.initializeAndRes]: Setup core to top.u1_stm32.cortexm0.arm for top
18:07:59 INFO [ Module.initializeAndRes]: Setup debugger to top.u1_stm32.dbg for top
18:07:59 WARN [ Module.initializeAndRes]: Tracer wasn't found in top...
18:07:59 INFO [ Module.initializeAndRes]: Initializing ports and buses...
18:07:59 WARN [ Module.initializePortsA]: ATTENTION: Some ports has warning use printModulesPortsWarnings to see it...
18:07:59 FINE [ ARMv6CPU.reset ]: Set entry point address to 08006A75
18:07:59 INFO [ Module.initializeAndRes]: Module top is successfully initialized and reset as a top cell!
18:07:59 INFO [ Kopycat.open ]: Starting virtualization of board top[rhino] with arm[ARMv6Core]
18:07:59 INFO [ GDBServer.debuggerModule ]: Set new debugger module top.u1_stm32.dbg for GDB_SERVER(port=23946,alive=true)
Python >Yin hulɗa tare da IDA Pro
Don sauƙaƙe gwaji, muna amfani da firmware na Rhino azaman fayil ɗin tushen don bincike a cikin IDA a cikin tsari (ana adana bayanan meta a can).
Hakanan zaka iya amfani da babban firmware ba tare da bayanin meta ba.
Bayan ƙaddamar da Kopycat a cikin IDA Pro, a cikin menu na Debugger je zuwa abu "Canja mai gyara kuskure…"Kuma zabi"Mai gyara GDB mai nisa". Na gaba, saita haɗin: menu Mai gyara kuskure - Zaɓuɓɓukan aiwatarwa…
Saita ƙimar:
- Aikace-aikace - kowace ƙima
- Sunan mai watsa shiri: 127.0.0.1 (ko adireshin IP na injin nesa inda Kopycat ke gudana)
- Port: 23946
Yanzu maɓallin cirewa ya zama samuwa (maɓallin F9):
Danna shi don haɗawa zuwa tsarin gyara kurakurai a cikin emulator. IDA yana shiga yanayin lalata, ƙarin windows suna samuwa: bayanai game da rajista, game da tari.
Yanzu za mu iya amfani da duk daidaitattun fasalulluka na debugger:
- aiwatar da umarnin mataki-mataki (Mataki zuwa и Takowa - maɓallan F7 da F8, bi da bi;
- farawa da dakatar da aiwatarwa;
- Ƙirƙirar wuraren karyawa don duka lamba da bayanai (maɓallin F2).
Haɗa zuwa mai gyara kuskure baya nufin gudanar da lambar firmware. Matsayin kisa na yanzu dole ne ya zama adireshin 0x08006A74 - fara aiki Sake saitin_Handler. Idan ka gungura ƙasa lissafin, zaka iya ganin kiran aikin main. Kuna iya sanya siginan kwamfuta akan wannan layin (address 0x08006ABE) da kuma aiwatar da aikin Gudu har sai siginan kwamfuta (kullin F4).
Na gaba, zaku iya danna F7 don shigar da aikin main.
Idan kun gudanar da umarni Ci gaba da tsari (Maɓallin F9), sannan taga "Don Allah jira" zai bayyana tare da maɓalli ɗaya Dakatar da shi:
Lokacin da ka danna Dakatar da shi An dakatar da aiwatar da lambar firmware kuma ana iya ci gaba daga wannan adireshin a cikin lambar inda aka katse ta.
Idan kun ci gaba da aiwatar da lambar, zaku ga layin masu zuwa a cikin tashoshi masu alaƙa da tashoshin COM na kama-da-wane:
Kasancewar layin “jihar wucewa” yana nuna cewa ƙirar Bluetooth mai kama da ita ta canza zuwa yanayin karɓar bayanai daga tashar COM mai amfani.
Yanzu a cikin tashar Bluetooth (COM29 a cikin hoton) zaku iya shigar da umarni daidai da ka'idar Rhino. Misali, umarnin "MEOW" zai dawo da kirtan "mur-mur" zuwa tashar Bluetooth:
Yi koyi da ni gaba daya
Lokacin gina emulator, zaku iya zaɓar matakin daki-daki/ kwaikwayi na wata na'ura. Misali, ana iya yin koyi da tsarin Bluetooth ta hanyoyi daban-daban:
- na'urar tana da cikakken kwaikwayi tare da cikakken tsari na umarni;
- Ana yin koyi da umarnin AT, kuma ana karɓar rafin bayanai daga tashar COM na babban tsarin;
- na'urar kama-da-wane tana ba da cikakkiyar juyar da bayanai zuwa na'urar ta ainihi;
- a matsayin stub mai sauƙi wanda koyaushe yana dawowa "Ok".
Nau'in na'urar kwaikwayo ta yanzu tana amfani da hanya ta biyu - ƙirar Bluetooth mai kama da ita tana yin tsari, bayan haka ta canza zuwa yanayin "wakili" daga tashar COM na babban tsarin zuwa tashar jiragen ruwa na UART na emulator.
Bari mu yi la'akari da yiwuwar kayan aiki mai sauƙi na lambar idan ba a aiwatar da wani ɓangare na gefen ba. Misali, idan ba a ƙirƙiri mai ƙidayar lokaci da ke da alhakin sarrafa canja wurin bayanai zuwa DMA ba (ana yin rajistan a cikin aikin. ws2812b_dakatadake a 0x08006840), sannan firmware koyaushe zai jira don sake saita tutar mdake a 0x200004C4wanda ke nuna kasancewar layin bayanan DMA:
Za mu iya shawo kan wannan yanayin ta hanyar sake saita tuta da hannu m nan da nan bayan installing shi. A cikin IDA Pro, zaku iya ƙirƙirar aikin Python kuma ku kira shi a cikin madaidaicin wuri, kuma sanya madaidaicin kanta a cikin lambar bayan rubuta ƙimar 1 zuwa tutar. m.
Mai sarrafa Breakpoint
Da farko, bari mu ƙirƙiri aikin Python a cikin IDA. Menu Fayil - Umurnin Rubutun...
Ƙara sabon snippet a cikin jeri na hagu, ba shi suna (misali, CPM),
A cikin filin rubutu a dama, shigar da lambar aiki:
def skip_dma():
print "Skipping wait ws2812..."
value = Byte(0x200004C4)
if value == 1:
PatchDbgByte(0x200004C4, 0)
return False
Bayan haka muna danna Run kuma rufe taga rubutun.
Yanzu bari mu je ga code a 0x0800688A, saita wurin hutu (maɓallin F2), gyara shi (menu na yanayi Gyara wurin warwarewa...), kar a manta saita nau'in rubutun zuwa Python:
Idan darajar tuta na yanzu m daidai 1, to ya kamata ku aiwatar da aikin tsallake_dma a cikin layin rubutun:
Idan kuna gudanar da firmware don aiwatarwa, ana iya ganin farawar lambar mai sarrafa breakpoint a cikin taga IDA. Output ta layi Skipping wait ws2812.... Yanzu firmware ba zai jira a sake saita tutar ba m.
Yin hulɗa tare da emulator
Yin kwaikwayi don kwaikwayi ba shi yiwuwa ya haifar da ni'ima da jin daɗi. Yana da matukar ban sha'awa idan mai kwaikwayon ya taimaka wa mai bincike don ganin bayanai a cikin ƙwaƙwalwar ajiya ko kafa hulɗar zaren.
Za mu nuna muku yadda ake kafa hulɗa tsakanin ayyukan RTOS. Da farko ka dakatar da aiwatar da lambar idan tana gudana. Idan kun je aikin bluetooth_task_shiga zuwa reshen sarrafawa na umarnin "LED" (adireshi 0x080057B8), to, za ku iya ganin abin da aka fara ƙirƙira sa'an nan kuma aika zuwa tsarin layi ledControlQueueHandle wani sako.
Ya kamata ku saita wurin hutu don samun dama ga mai canjin ledControlQueueHandledake a 0x20000624 kuma ci gaba da aiwatar da lambar:
A sakamakon haka, tasha zai fara faruwa a adireshin 0x080057CA kafin kiran aikin osMailAlloc, sannan a adireshin 0x08005806 kafin kiran aikin osMailPut, sannan bayan wani lokaci - zuwa adireshin 0x08005BD4 (kafin kiran aikin osMailGet), wanda ke cikin aikin leds_task_shiga (LED-task), wato, ayyukan sun canza, kuma yanzu aikin LED ya sami iko.
Ta wannan hanya mai sauƙi za ku iya kafa yadda ayyukan RTOS ke hulɗa da juna.
Tabbas, a zahiri, hulɗar ayyuka na iya zama mafi rikitarwa, amma ta amfani da abin koyi, bin diddigin wannan hulɗar ya zama ƙasa da wahala.
Kuna iya kallon ɗan gajeren bidiyo na ƙaddamarwa da hulɗa tare da IDA Pro.
Kaddamar da Radare2
Ba za ku iya yin watsi da irin wannan kayan aikin duniya kamar Radare2 ba.
Don haɗawa da emulator ta amfani da r2, umarnin zai yi kama da haka:
radare2 -A -a arm -b 16 -d gdb://localhost:23946 rhino_fw42k6.elfKaddamar da akwai yanzu (dc) da kuma dakatar da aiwatarwa (Ctrl+C).
Abin takaici, a halin yanzu, r2 yana da matsaloli yayin aiki tare da uwar garken gdb hardware da tsarin ƙwaƙwalwar ajiya; saboda wannan, wuraren karyawa da Matakan ba sa aiki (umurni ds). Muna fatan za a gyara nan ba da jimawa ba.
Gudu da Eclipse
Ɗaya daga cikin zaɓuɓɓukan amfani da kwaikwayi shine cire firmware na na'urar da aka haɓaka. Don tsabta, za mu kuma yi amfani da firmware na Rhino. Kuna iya saukar da tushen firmware .
Za mu yi amfani da Eclipse daga saitin azaman IDE .
Domin emulator ya loda firmware wanda aka haɗa kai tsaye a cikin Eclipse, kuna buƙatar ƙara siga firmware=null zuwa umarnin ƙaddamar da emulator:
binkopycat -g 23946 -n rhino -l user -y modules -p firmware=null,tty_dbg=COM26,tty_bt=COM28Saita saitin gyara kuskure
A cikin Eclipse, zaɓi menu Gudu - Tsare-tsaren Gyara... A cikin taga da ke buɗewa, a cikin sashin Gyara Hardware GDB kana buƙatar ƙara sabon tsari, sannan a kan "Babban" shafin saka aikin na yanzu da aikace-aikacen gyara kuskure:
A shafin "Debugger" kuna buƙatar saka umarnin GDB:
${openstm32_compiler_path}arm-none-eabi-gdb
Kuma kuma shigar da sigogi don haɗawa zuwa uwar garken GDB (mai watsa shiri da tashar jiragen ruwa):
A shafin “Farawa”, dole ne ku saka sigogi masu zuwa:
- kunna akwati Load da hoto (saboda haka an ɗora hoton firmware ɗin da aka haɗa a cikin emulator);
- kunna akwati Alamun lodi;
- ƙara umarnin ƙaddamarwa:
set $pc = *0x08000004(saita rajistar PC zuwa ƙimar daga ƙwaƙwalwar ajiya a adireshin0x08000004- an adana adireshin a wurin Sake saitaHandler).
Kula, idan ba kwa son sauke fayil ɗin firmware daga Eclipse, to zaɓin Load da hoto и Gudun umarni babu bukatar nunawa.
Bayan danna Debug, zaku iya aiki a cikin yanayin debugger:
- mataki-mataki code kisa
- hulɗa tare da wuraren karyawa
Примечание. Eclipse yana da, hmm...wasu shuru...kuma dole sai ka zauna dasu. Misali, idan lokacin fara gyara saƙon “Babu tushen da ke akwai don “0x0” ya bayyana, sannan aiwatar da umarnin mataki (F5)
Maimakon a ƙarshe
Kwaikwayi lambar asali abu ne mai ban sha'awa sosai. Zai yuwu ga mai haɓaka na'urar don cire firmware ba tare da na'urar ta gaske ba. Ga mai bincike, wata dama ce don gudanar da bincike na lamba mai ƙarfi, wanda ba koyaushe yana yiwuwa koda da na'ura ba.
Muna so mu samar da ƙwararrun ƙwararrun kayan aiki wanda ya dace, matsakaici mai sauƙi kuma baya ɗaukar ƙoƙari da lokaci mai yawa don saitawa da gudu.
Rubuta a cikin sharhi game da gogewar ku ta amfani da kayan aikin kwaikwaiyo. Muna gayyatar ku ku tattauna kuma za mu yi farin cikin amsa tambayoyi.
Masu amfani da rajista kawai za su iya shiga cikin binciken. don Allah.
Menene kuke amfani da kwaikwaiyo don?
-
Ina haɓaka (debug) firmware
-
Ina binciken firmware
-
Na ƙaddamar da wasanni (Dendi, Sega, PSP)
-
wani abu (rubuta a cikin comments)
7 masu amfani sun kada kuri'a. Masu amfani 2 sun kaurace.
Wace software kuke amfani da ita don yin koyi da lambar asali?
-
QEMU
-
Injin Unicorn
-
Proteus
-
wani abu (rubuta a cikin comments)
6 masu amfani sun kada kuri'a. Masu amfani 2 sun kaurace.
Me kuke so ku inganta a cikin kwailin da kuke amfani da shi?
-
Ina son sauri
-
Ina son sauƙi na saitin / ƙaddamarwa
-
Ina son ƙarin zaɓuɓɓuka don yin hulɗa tare da emulator (API, hooks)
-
Ina farin ciki da komai
-
wani abu (rubuta a cikin comments)
Masu amfani 8 sun kada kuri'a. 1 mai amfani ya ƙi.
source: www.habr.com