Gẹgẹbi apakan ti ipade 0x0A DC7831 Ni Oṣu Keji ọjọ 16, a ṣafihan ijabọ kan lori awọn ipilẹ ipilẹ ti emulation koodu alakomeji ati idagbasoke tiwa - emulator Syeed ohun elo kan .
Ninu àpilẹkọ yii a yoo ṣe apejuwe bi o ṣe le ṣiṣe famuwia ẹrọ ni emulator, ṣe afihan ibaraenisepo pẹlu debugger, ati ṣe itupalẹ agbara kekere ti famuwia naa.
prehistory
A gun akoko seyin ni a galaxy jina kuro
Ni ọdun meji sẹhin ninu yàrá wa iwulo lati ṣe iwadii famuwia ti ẹrọ kan. Famuwia naa jẹ fisinuirindigbindigbin ati ṣiṣi silẹ pẹlu bootloader kan. O ṣe eyi ni ọna idiju pupọ, yiyipada data ni iranti ni igba pupọ. Ati famuwia funrararẹ lẹhinna ṣe ajọṣepọ pẹlu awọn agbeegbe. Ati gbogbo eyi lori MIPS mojuto.
Fun awọn idi idi, awọn emulators ti o wa ko baamu wa, ṣugbọn a tun fẹ lati ṣiṣẹ koodu naa. Lẹhinna a pinnu lati ṣe emulator tiwa, eyiti yoo ṣe o kere julọ ati gba wa laaye lati ṣii famuwia akọkọ. A gbiyanju o ati pe o ṣiṣẹ. A ro, kini ti a ba ṣafikun awọn agbeegbe lati tun ṣe famuwia akọkọ. Ko ṣe ipalara pupọ - ati pe o ṣiṣẹ paapaa. A tun ronu lẹẹkansi ati pinnu lati ṣe emulator ti o ni kikun.
Abajade jẹ emulator awọn ọna ṣiṣe kọnputa kan .
Kini idi ti Kopycat?
Ere kan wa lori awọn ọrọ.
- ẹda apamọ (Gẹẹsi, nọun [ˈkɒpɪkæt]) - alafarawe, alafarawe
- o nran (Gẹẹsi, nọun [ˈkæt]) - ologbo, ologbo - ẹranko ayanfẹ ti ọkan ninu awọn ti o ṣẹda iṣẹ naa
- Lẹta naa “K” wa lati ede siseto Kotlin
Daakọ
Nigbati o ba ṣẹda emulator, awọn ibi-afẹde kan pato ti ṣeto:
- agbara lati yara ṣẹda awọn agbeegbe tuntun, awọn modulu, awọn ohun kohun ero isise;
- agbara lati ṣajọ ẹrọ foju kan lati awọn modulu oriṣiriṣi;
- agbara lati fifuye eyikeyi data alakomeji (famuwia) sinu iranti ẹrọ foju kan;
- agbara lati ṣiṣẹ pẹlu awọn snapshots (awọn aworan iwoye ti ipo eto);
- agbara lati ṣe ajọṣepọ pẹlu emulator nipasẹ olutọpa ti a ṣe sinu;
- nice igbalode ede fun idagbasoke.
Bi abajade, Kotlin ti yan fun imuse, faaji ọkọ akero (eyi ni nigbati awọn modulu ba ara wọn sọrọ nipasẹ awọn ọkọ akero data foju), JSON gẹgẹbi ọna kika apejuwe ẹrọ, ati GDB RSP gẹgẹbi ilana fun ibaraenisepo pẹlu olutọpa.
Idagbasoke ti n lọ fun diẹ diẹ sii ju ọdun meji lọ ati pe o nlọ lọwọ. Lakoko yii, MIPS, x86, V850ES, ARM, ati awọn ohun kohun ero isise PowerPC ni imuse.
Ise agbese na n dagba ati pe o to akoko lati ṣafihan rẹ si gbogbo eniyan. A yoo ṣe alaye apejuwe ti ise agbese nigbamii, ṣugbọn fun bayi a yoo dojukọ lori lilo Kopycat.
Fun ainisuuru pupọ julọ, ẹya ipolowo ti emulator le ṣe igbasilẹ lati .
Agbanrere ni emulator
Jẹ ki a ranti pe ni iṣaaju fun apejọ SMARTRHINO-2018, ẹrọ idanwo kan "Rhinoceros" ni a ṣẹda fun kikọ awọn ọgbọn imọ-ẹrọ iyipada. Ilana ti itupalẹ famuwia aimi ni a ṣe apejuwe ninu .
Bayi jẹ ki a gbiyanju lati ṣafikun “awọn agbọrọsọ” ati ṣiṣe famuwia ni emulator.
A yoo nilo:
1) Java 1.8
2) Python ati module lati lo Python inu emulator. O le kọ module WHL Jep fun Windows .
Fun Windows:
1)
2)
Fun Linux:
1) socat
O le lo Eclipse, IDA Pro tabi radare2 gẹgẹbi alabara GDB kan.
Bawo ni o ṣiṣẹ?
Lati le ṣe famuwia ninu emulator, o jẹ dandan lati “pejọ” ẹrọ foju kan, eyiti o jẹ afọwọṣe ti ẹrọ gidi kan.
Ẹrọ gidi (“rhino”) le ṣe afihan ninu aworan atọka bulọki:
Emulator naa ni eto apọjuwọn ati ẹrọ foju ti o kẹhin ni a le ṣapejuwe ninu faili JSON kan.
JSON 105 ila
{
"top": true,
// Plugin name should be the same as file name (or full path from library start)
"plugin": "rhino",
// Directory where plugin places
"library": "user",
// Plugin parameters (constructor parameters if jar-plugin version)
"params": [
{ "name": "tty_dbg", "type": "String"},
{ "name": "tty_bt", "type": "String"},
{ "name": "firmware", "type": "String", "default": "NUL"}
],
// Plugin outer ports
"ports": [ ],
// Plugin internal buses
"buses": [
{ "name": "mem", "size": "BUS30" },
{ "name": "nand", "size": "4" },
{ "name": "gpio", "size": "BUS32" }
],
// Plugin internal components
"modules": [
{
"name": "u1_stm32",
"plugin": "STM32F042",
"library": "mcu",
"params": {
"firmware:String": "params.firmware"
}
},
{
"name": "usart_debug",
"plugin": "UartSerialTerminal",
"library": "terminals",
"params": {
"tty": "params.tty_dbg"
}
},
{
"name": "term_bt",
"plugin": "UartSerialTerminal",
"library": "terminals",
"params": {
"tty": "params.tty_bt"
}
},
{
"name": "bluetooth",
"plugin": "BT",
"library": "mcu"
},
{ "name": "led_0", "plugin": "LED", "library": "mcu" },
{ "name": "led_1", "plugin": "LED", "library": "mcu" },
{ "name": "led_2", "plugin": "LED", "library": "mcu" },
{ "name": "led_3", "plugin": "LED", "library": "mcu" },
{ "name": "led_4", "plugin": "LED", "library": "mcu" },
{ "name": "led_5", "plugin": "LED", "library": "mcu" },
{ "name": "led_6", "plugin": "LED", "library": "mcu" },
{ "name": "led_7", "plugin": "LED", "library": "mcu" },
{ "name": "led_8", "plugin": "LED", "library": "mcu" },
{ "name": "led_9", "plugin": "LED", "library": "mcu" },
{ "name": "led_10", "plugin": "LED", "library": "mcu" },
{ "name": "led_11", "plugin": "LED", "library": "mcu" },
{ "name": "led_12", "plugin": "LED", "library": "mcu" },
{ "name": "led_13", "plugin": "LED", "library": "mcu" },
{ "name": "led_14", "plugin": "LED", "library": "mcu" },
{ "name": "led_15", "plugin": "LED", "library": "mcu" }
],
// Plugin connection between components
"connections": [
[ "u1_stm32.ports.usart1_m", "usart_debug.ports.term_s"],
[ "u1_stm32.ports.usart1_s", "usart_debug.ports.term_m"],
[ "u1_stm32.ports.usart2_m", "bluetooth.ports.usart_m"],
[ "u1_stm32.ports.usart2_s", "bluetooth.ports.usart_s"],
[ "bluetooth.ports.bt_s", "term_bt.ports.term_m"],
[ "bluetooth.ports.bt_m", "term_bt.ports.term_s"],
[ "led_0.ports.pin", "u1_stm32.buses.pin_output_a", "0x00"],
[ "led_1.ports.pin", "u1_stm32.buses.pin_output_a", "0x01"],
[ "led_2.ports.pin", "u1_stm32.buses.pin_output_a", "0x02"],
[ "led_3.ports.pin", "u1_stm32.buses.pin_output_a", "0x03"],
[ "led_4.ports.pin", "u1_stm32.buses.pin_output_a", "0x04"],
[ "led_5.ports.pin", "u1_stm32.buses.pin_output_a", "0x05"],
[ "led_6.ports.pin", "u1_stm32.buses.pin_output_a", "0x06"],
[ "led_7.ports.pin", "u1_stm32.buses.pin_output_a", "0x07"],
[ "led_8.ports.pin", "u1_stm32.buses.pin_output_a", "0x08"],
[ "led_9.ports.pin", "u1_stm32.buses.pin_output_a", "0x09"],
[ "led_10.ports.pin", "u1_stm32.buses.pin_output_a", "0x0A"],
[ "led_11.ports.pin", "u1_stm32.buses.pin_output_a", "0x0B"],
[ "led_12.ports.pin", "u1_stm32.buses.pin_output_a", "0x0C"],
[ "led_13.ports.pin", "u1_stm32.buses.pin_output_a", "0x0D"],
[ "led_14.ports.pin", "u1_stm32.buses.pin_output_a", "0x0E"],
[ "led_15.ports.pin", "u1_stm32.buses.pin_output_a", "0x0F"]
]
}San ifojusi si paramita firmware ni apakan params ni orukọ faili ti o le ṣe kojọpọ sinu ẹrọ foju kan bi famuwia.
Ẹrọ foju ati ibaraenisepo rẹ pẹlu ẹrọ ṣiṣe akọkọ le jẹ aṣoju nipasẹ aworan atẹle:
Apeere idanwo lọwọlọwọ ti emulator jẹ ibaraenisepo pẹlu awọn ebute oko oju omi COM ti OS akọkọ (UART yokokoro ati UART fun module Bluetooth). Iwọnyi le jẹ awọn ebute oko oju omi gidi si eyiti awọn ẹrọ ti sopọ tabi awọn ebute oko oju omi COM foju (fun eyi o kan nilo com0com/socat).
Lọwọlọwọ awọn ọna akọkọ meji wa lati ṣe ajọṣepọ pẹlu emulator lati ita:
- Ilana GDB RSP (ni ibamu, awọn irinṣẹ ti o ṣe atilẹyin ilana yii jẹ Eclipse / IDA / radare2);
- laini aṣẹ emulator inu (Argparse tabi Python).
Foju COM ibudo
Lati le ṣe ajọṣepọ pẹlu UART ti ẹrọ foju kan lori ẹrọ agbegbe nipasẹ ebute, o nilo lati ṣẹda bata ti awọn ebute oko oju omi COM foju kan. Ninu ọran wa, ibudo kan lo nipasẹ emulator, ati ekeji nipasẹ eto ebute (PuTTY tabi iboju):
Lilo com0com
Awọn ebute oko oju omi COM foju jẹ tunto nipa lilo ohun elo iṣeto lati ohun elo com0com (ẹya console - C: Awọn faili eto (x86) comsetupс.exe, tabi ẹya GUI - C: Awọn faili eto (x86) comsetupg.exe):
Ṣayẹwo awọn apoti jeki saarin overrun fun gbogbo awọn ebute oko oju omi ti a ṣẹda, bibẹẹkọ emulator yoo duro fun esi lati ibudo COM.
Lilo socat
Lori awọn eto UNIX, awọn ebute oko oju omi COM jẹ adaṣe laifọwọyi nipasẹ emulator nipa lilo ohun elo socat; socat:.
Ni wiwo laini aṣẹ inu (Argparse tabi Python)
Niwọn igba ti Kopycat jẹ ohun elo console, emulator pese awọn aṣayan wiwo laini aṣẹ meji fun ibaraenisepo pẹlu awọn nkan rẹ ati awọn oniyipada: Argparse ati Python.
Argparse jẹ CLI ti a ṣe sinu Kopycat ati pe o wa nigbagbogbo fun gbogbo eniyan.
CLI miiran jẹ onitumọ Python. Lati lo, o nilo lati fi sori ẹrọ module Jep Python ati tunto emulator lati ṣiṣẹ pẹlu Python (olutumọ Python ti a fi sori ẹrọ akọkọ olumulo yoo ṣee lo).
Fifi Python module Jep
Labẹ Linux Jep le fi sii nipasẹ pip:
pip install jepLati fi Jep sori Windows, o gbọdọ kọkọ fi Windows SDK sori ẹrọ ati Microsoft Visual Studio ti o baamu. A ti jẹ ki o rọrun diẹ fun ọ ati JEP fun awọn ẹya lọwọlọwọ ti Python fun Windows, nitorinaa module le fi sii lati faili naa:
pip install jep-3.8.2-cp27-cp27m-win_amd64.whlLati ṣayẹwo fifi sori Jep, o nilo lati ṣiṣẹ lori laini aṣẹ:
python -c "import jep"Ifiranṣẹ atẹle yii yẹ ki o gba ni idahun:
ImportError: Jep is not supported in standalone Python, it must be embedded in Java.Ninu faili ipele emulator fun eto rẹ (adaakọ.adan - fun Windows, daakọ - fun Linux) si atokọ ti awọn paramita DEFAULT_JVM_OPTS fi afikun paramita Djava.library.path - o gbọdọ ni ọna si module Jep ti a fi sii.
Abajade fun Windows yẹ ki o jẹ laini bii eyi:
set DEFAULT_JVM_OPTS="-XX:MaxMetaspaceSize=256m" "-XX:+UseParallelGC" "-XX:SurvivorRatio=6" "-XX:-UseGCOverheadLimit" "-Djava.library.path=C:/Python27/Lib/site-packages/jep"Ifilọlẹ Kopycat
Emulator jẹ ohun elo JVM console kan. Ifilọlẹ naa ni a ṣe nipasẹ iwe afọwọkọ laini aṣẹ ẹrọ (sh/cmd).
Paṣẹ lati ṣiṣẹ labẹ Windows:
binkopycat -g 23946 -n rhino -l user -y library -p firmware=firmwarerhino_pass.bin,tty_dbg=COM26,tty_bt=COM28Paṣẹ lati ṣiṣẹ labẹ Linux nipa lilo ohun elo socat:
./bin/kopycat -g 23946 -n rhino -l user -y library -p firmware=./firmware/rhino_pass.bin, tty_dbg=socat:./COM26,tty_bt=socat:./COM28-g 23646- ibudo TCP ti yoo ṣii fun iraye si olupin GDB;-n rhino- orukọ ti module eto akọkọ (ẹrọ ti o pejọ);-l user- orukọ ile-ikawe lati wa module akọkọ;-y library- ọna lati wa awọn modulu ti o wa ninu ẹrọ;firmwarerhino_pass.bin- ọna si faili famuwia;- COM26 ati COM28 jẹ awọn ebute oko oju omi COM foju.
Bi abajade, itọka kan yoo han Python > (tabi Argparse >):
18:07:59 INFO [eFactoryBuilder.create ]: Module top successfully created as top
18:07:59 INFO [ Module.initializeAndRes]: Setup core to top.u1_stm32.cortexm0.arm for top
18:07:59 INFO [ Module.initializeAndRes]: Setup debugger to top.u1_stm32.dbg for top
18:07:59 WARN [ Module.initializeAndRes]: Tracer wasn't found in top...
18:07:59 INFO [ Module.initializeAndRes]: Initializing ports and buses...
18:07:59 WARN [ Module.initializePortsA]: ATTENTION: Some ports has warning use printModulesPortsWarnings to see it...
18:07:59 FINE [ ARMv6CPU.reset ]: Set entry point address to 08006A75
18:07:59 INFO [ Module.initializeAndRes]: Module top is successfully initialized and reset as a top cell!
18:07:59 INFO [ Kopycat.open ]: Starting virtualization of board top[rhino] with arm[ARMv6Core]
18:07:59 INFO [ GDBServer.debuggerModule ]: Set new debugger module top.u1_stm32.dbg for GDB_SERVER(port=23946,alive=true)
Python >Ibaraṣepọ pẹlu IDA Pro
Lati ṣe idanwo ni irọrun, a lo famuwia Rhino bi faili orisun fun itupalẹ ni IDA ni fọọmu naa (alaye meta ti wa ni ipamọ nibẹ).
O tun le lo famuwia akọkọ laisi alaye meta.
Lẹhin ifilọlẹ Kopycat ni IDA Pro, ninu akojọ aṣayan Debugger lọ si nkan naa “Yipada atunkọ…"ki o si yan"Latọna GDB yokokoro". Nigbamii, ṣeto asopọ: akojọ Atunṣe - Awọn aṣayan ilana…
Ṣeto awọn iye:
- Ohun elo - eyikeyi iye
- Orukọ ogun: 127.0.0.1 (tabi adiresi IP ti ẹrọ latọna jijin nibiti Kopycat nṣiṣẹ)
- Ibudo: 23946
Bayi bọtini n ṣatunṣe aṣiṣe yoo wa (bọtini F9):
Tẹ o lati sopọ si module yokokoro ninu emulator. IDA lọ sinu ipo n ṣatunṣe aṣiṣe, awọn window afikun wa: alaye nipa awọn iforukọsilẹ, nipa akopọ.
Bayi a le lo gbogbo awọn ẹya ara ẹrọ boṣewa ti n ṣatunṣe aṣiṣe:
- igbese-nipasẹ-igbese ipaniyan ti awọn ilana (Igbese sinu и Igbese lori - awọn bọtini F7 ati F8, lẹsẹsẹ);
- ibẹrẹ ati idaduro ipaniyan;
- ṣiṣẹda breakpoints fun awọn mejeeji koodu ati data (F2 bọtini).
Sisopọ si atunkọ ko tumọ si ṣiṣiṣẹ koodu famuwia. Ipo ipaniyan lọwọlọwọ gbọdọ jẹ adirẹsi naa 0x08006A74 - bẹrẹ iṣẹ Atunto_Handler. Ti o ba yi lọ si isalẹ akojọ, o le wo ipe iṣẹ naa akọkọ. O le gbe kọsọ sori laini yii (adirẹsi 0x08006ABE) ati ṣiṣe iṣẹ naa Ṣiṣe titi kọsọ (bọtini F4).
Nigbamii, o le tẹ F7 lati tẹ iṣẹ naa sii akọkọ.
Ti o ba ṣiṣẹ aṣẹ naa Tesiwaju ilana (bọtini F9), lẹhinna window "Jọwọ duro" yoo han pẹlu bọtini kan Duro:
Nigbati o ba tẹ Duro ipaniyan koodu famuwia ti daduro ati pe o le tẹsiwaju lati adirẹsi kanna ni koodu nibiti o ti ni idilọwọ.
Ti o ba tẹsiwaju ṣiṣe koodu naa, iwọ yoo rii awọn laini wọnyi ninu awọn ebute ti a ti sopọ si awọn ebute oko oju omi COM foju:
Iwaju laini “ofin ipinlẹ” tọkasi pe module Bluetooth foju ti yipada si ipo gbigba data lati ibudo COM olumulo.
Bayi ni ebute Bluetooth (COM29 ninu aworan) o le tẹ awọn aṣẹ sii ni ibamu pẹlu ilana Rhino. Fun apẹẹrẹ, aṣẹ “MEOW” yoo da okun “mur-mur” pada si ebute Bluetooth:
Emulate mi ko patapata
Nigbati o ba n kọ emulator kan, o le yan ipele ti awọn alaye / imulation ti ẹrọ kan pato. Fun apẹẹrẹ, module Bluetooth le jẹ afarawe ni awọn ọna oriṣiriṣi:
- ẹrọ naa jẹ apẹẹrẹ ni kikun pẹlu eto kikun ti awọn aṣẹ;
- Awọn aṣẹ AT jẹ apẹẹrẹ, ati ṣiṣan data ti gba lati ibudo COM ti eto akọkọ;
- awọn foju ẹrọ pese pipe data redirection si awọn gidi ẹrọ;
- bi awọn kan stub ti o nigbagbogbo pada "DARA".
Ẹya lọwọlọwọ ti emulator nlo ọna keji - module Bluetooth foju n ṣe iṣeto ni, lẹhin eyi o yipada si ipo ti data “aṣoju” lati ibudo COM ti eto akọkọ si ibudo UART ti emulator.
Jẹ ki a ronu iṣeeṣe ti ohun elo ti o rọrun ti koodu ti o ba jẹ pe apakan kan ti ẹba ko ni imuse. Fun apẹẹrẹ, ti aago kan ti o ni iduro fun ṣiṣakoso gbigbe data si DMA ko ti ṣẹda (ayẹwo naa ni a ṣe ni iṣẹ naa. ws2812b_durobe ni 0x08006840), lẹhinna famuwia yoo ma duro nigbagbogbo fun asia lati tunto ṣiṣẹbe ni 0x200004C4eyiti o ṣe afihan gbigbe ti laini data DMA:
A le wa ni ayika ipo yii nipa ṣiṣe atunṣe asia pẹlu ọwọ ṣiṣẹ lẹsẹkẹsẹ lẹhin fifi sori ẹrọ. Ni IDA Pro, o le ṣẹda iṣẹ Python kan ki o pe ni aaye fifọ, ki o fi aaye fifọ funrararẹ sinu koodu lẹhin kikọ iye 1 si asia. ṣiṣẹ.
Breakpoint olutọju
Ni akọkọ, jẹ ki a ṣẹda iṣẹ Python ni IDA. Akojọ aṣyn Faili - aṣẹ iwe afọwọkọ...
Ṣafikun snippet tuntun ninu atokọ ni apa osi, fun ni orukọ kan (fun apẹẹrẹ, BPT),
Ni aaye ọrọ ni apa ọtun, tẹ koodu iṣẹ sii:
def skip_dma():
print "Skipping wait ws2812..."
value = Byte(0x200004C4)
if value == 1:
PatchDbgByte(0x200004C4, 0)
return False
Lẹhin iyẹn, tẹ Run ki o si pa awọn iwe afọwọkọ window.
Bayi jẹ ki a lọ si koodu ni 0x0800688A, ṣeto aaye fifọ (bọtini F2), ṣatunkọ rẹ (akojọ ọrọ ọrọ Ṣatunkọ aaye isinmi...), maṣe gbagbe lati ṣeto iru iwe afọwọkọ si Python:
Ti o ba ti isiyi Flag iye ṣiṣẹ dogba 1, lẹhinna o yẹ ki o ṣiṣẹ iṣẹ naa foo_dma ninu ila iwe afọwọkọ:
Ti o ba ṣiṣẹ famuwia fun ipaniyan, o le rii okunfa ti koodu olutọju breakpoint ni window IDA o wu nipa ila Skipping wait ws2812.... Bayi famuwia kii yoo duro fun asia lati tunto ṣiṣẹ.
Ibaraenisepo pẹlu emulator
Emulation nitori imulation ko ṣeeṣe lati fa idunnu ati ayọ. O jẹ iyanilenu pupọ diẹ sii ti emulator ba ṣe iranlọwọ fun oniwadi lati rii data ni iranti tabi ṣe agbekalẹ ibaraenisepo ti awọn okun.
A yoo fihan ọ bi o ṣe le ṣe agbekalẹ ibaraenisepo laarin awọn iṣẹ ṣiṣe RTOS. O yẹ ki o kọkọ da idaduro ipaniyan ti koodu naa ti o ba nṣiṣẹ. Ti o ba lọ si iṣẹ naa bluetooth_task_entry si ẹka processing ti aṣẹ “LED” (adirẹsi 0x080057B8), lẹhinna o le rii ohun ti a ṣẹda akọkọ ati lẹhinna firanṣẹ si isinyi eto ledControlQueueHandle diẹ ninu awọn ifiranṣẹ.
O yẹ ki o ṣeto aaye fifọ lati wọle si oniyipada naa ledControlQueueHandlebe ni 0x20000624 ati tẹsiwaju ṣiṣe koodu naa:
Bi abajade, iduro yoo kọkọ waye ni adirẹsi 0x080057CA ṣaaju pipe iṣẹ naa osMailAlloc, lẹhinna ni adirẹsi 0x08005806 ṣaaju pipe iṣẹ naa osMailPut, lẹhinna lẹhin igba diẹ - si adirẹsi naa 0x08005BD4 (ṣaaju ki o to pe iṣẹ naa osMailGet), eyiti o jẹ ti iṣẹ naa leds_task_iwọle (LED-ṣiṣe), iyẹn ni, awọn iṣẹ-ṣiṣe yipada, ati bayi iṣẹ-ṣiṣe LED gba iṣakoso.
Ni ọna ti o rọrun yii o le fi idi bi awọn iṣẹ-ṣiṣe RTOS ṣe nlo pẹlu ara wọn.
Nitoribẹẹ, ni otitọ, ibaraenisepo ti awọn iṣẹ-ṣiṣe le jẹ idiju diẹ sii, ṣugbọn lilo emulator, ipasẹ ibaraenisepo yii di alaapọn.
O le wo fidio kukuru kan ti ifilọlẹ emulator ati ibaraenisepo pẹlu IDA Pro.
Lọlẹ pẹlu Radare2
O ko le foju iru ohun elo gbogbo agbaye bi Radare2.
Lati sopọ si emulator nipa lilo r2, aṣẹ naa yoo dabi eyi:
radare2 -A -a arm -b 16 -d gdb://localhost:23946 rhino_fw42k6.elfIfilọlẹ wa ni bayi (dc) ati idaduro ipaniyan (Ctrl+C).
Laanu, ni akoko, r2 ni awọn iṣoro nigbati o n ṣiṣẹ pẹlu olupin gdb hardware ati ifilelẹ iranti; ds). A nireti pe eyi yoo ṣe atunṣe laipẹ.
Nṣiṣẹ pẹlu Eclipse
Ọkan ninu awọn aṣayan fun lilo emulator ni lati yokokoro famuwia ti ẹrọ ti n dagbasoke. Fun wípé, a yoo tun lo Rhino famuwia. O le ṣe igbasilẹ awọn orisun famuwia .
A yoo lo Eclipse lati ṣeto bi IDE .
Ni ibere fun emulator lati gbe famuwia taara ti o ṣajọpọ ni Eclipse, o nilo lati ṣafikun paramita naa firmware=null si aṣẹ ifilọlẹ emulator:
binkopycat -g 23946 -n rhino -l user -y modules -p firmware=null,tty_dbg=COM26,tty_bt=COM28Ṣiṣeto iṣeto yokokoro
Ni Oṣupa, yan akojọ aṣayan Ṣiṣe - Awọn atunto yokokoro... Ninu ferese ti o ṣii, ni apakan GDB Hardware N ṣatunṣe aṣiṣe o nilo lati ṣafikun iṣeto tuntun, lẹhinna lori taabu “Ikọkọ” pato iṣẹ akanṣe lọwọlọwọ ati ohun elo fun n ṣatunṣe aṣiṣe:
Lori taabu “Atunṣe” o nilo lati pato aṣẹ GDB:
${openstm32_compiler_path}arm-none-eabi-gdb
Ati tun tẹ awọn ayeraye sii fun sisopọ si olupin GDB (ogun ati ibudo):
Lori taabu "Ibẹrẹ", o gbọdọ pato awọn paramita wọnyi:
- jeki apoti ayẹwo Aworan fifuye (ki aworan famuwia ti o pejọ jẹ ti kojọpọ sinu emulator);
- jeki apoti ayẹwo Awọn aami fifuye;
- fi aṣẹ ifilọlẹ sii:
set $pc = *0x08000004(ṣeto iforukọsilẹ PC si iye lati iranti ni adirẹsi0x08000004- adirẹsi ti wa ni ipamọ nibẹ AtuntoHandler).
San ifojusi, ti o ko ba fẹ lati ṣe igbasilẹ faili famuwia lati Eclipse, lẹhinna awọn aṣayan Aworan fifuye и Ṣiṣe awọn aṣẹ ko si ye lati fihan.
Lẹhin titẹ Ṣatunkọ, o le ṣiṣẹ ni ipo yokokoro:
- igbese nipa igbese koodu ipaniyan
- ibaraenisepo pẹlu breakpoints
Daakọ. Eclipse ni, hmm... diẹ ninu awọn quirks... ati pe o ni lati gbe pẹlu wọn. Fun apẹẹrẹ, ti o ba bẹrẹ aṣiṣe aṣiṣe ifiranṣẹ naa “Ko si orisun ti o wa fun “0x0″” yoo han, lẹhinna ṣiṣẹ pipaṣẹ Igbese (F5)
Dipo ti pinnu
Emulating koodu abinibi jẹ ohun ti o nifẹ pupọ. Fun olupilẹṣẹ ẹrọ, o ṣee ṣe lati ṣatunṣe famuwia laisi ẹrọ gidi kan. Fun oniwadi kan, o jẹ aye lati ṣe itupalẹ koodu ti o ni agbara, eyiti ko ṣee ṣe nigbagbogbo paapaa pẹlu ẹrọ kan.
A fẹ lati pese awọn alamọja pẹlu ohun elo ti o rọrun, niwọntunwọnsi ati pe ko gba ipa pupọ ati akoko lati ṣeto ati ṣiṣe.
Kọ sinu awọn asọye nipa iriri rẹ nipa lilo awọn emulators hardware. A ké sí ẹ láti jíròrò, inú rẹ yóò sì dùn láti dáhùn àwọn ìbéèrè.
Awọn olumulo ti o forukọsilẹ nikan le kopa ninu iwadi naa. , Jowo.
Kini o nlo emulator fun?
-
Mo se agbekale (yokokoro) famuwia
-
Mo n ṣe iwadii famuwia
-
Mo ṣe ifilọlẹ awọn ere (Dendi, Sega, PSP)
-
nkan miiran (kọ ninu awọn asọye)
7 olumulo dibo. 2 olumulo abstained.
Sọfitiwia wo ni o lo lati farawe koodu abinibi?
-
QEMU
-
Unicorn engine
-
Proteus
-
nkan miiran (kọ ninu awọn asọye)
6 olumulo dibo. 2 olumulo abstained.
Kini iwọ yoo fẹ lati ni ilọsiwaju ninu emulator ti o nlo?
-
Mo fẹ iyara
-
Mo fẹ irọrun iṣeto / ifilọlẹ
-
Mo fẹ awọn aṣayan diẹ sii fun ibaraenisepo pẹlu emulator (API, hooks)
-
Mo dun pẹlu ohun gbogbo
-
nkan miiran (kọ ninu awọn asọye)
8 olumulo dibo. 1 olumulo abstained.
orisun: www.habr.com