當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

bin文件格式分析

發(fā)布時間：2025/5/22 编程问答 27 豆豆

生活随笔收集整理的這篇文章主要介紹了 bin文件格式分析小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.

xip 的 bin 文件分析
???

一個bin 文件在存儲上是按以下的結(jié)構(gòu)存儲的

???? 組成：標記(7)+Image開始地址(1)+Image長度(1)
?????????? 記錄0地址+記錄0長+記錄0校驗和+記錄0內(nèi)容(文件內(nèi)容)
??????? 記錄1地址+記錄1長+記錄1校驗和+記錄1內(nèi)容(文件內(nèi)容)
?????????? ......
???? 最后一條記錄是表示結(jié)束,Start = 0x00000000, Length = 0x8C072C3C是StartUp地址, Chksum = 0x00000000，我的xip.bin的最后12個字節(jié)就是00 00 00 00 E4 B4 29 80 00 00 00 00,

當RecAddr和RecChk為0時表示READDATA完成,即：DownloadBin（）函數(shù)中的

??????? while( OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecAddr) &&
??????????? OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecLen)?? &&
??????????? OEMReadData (sizeof (DWORD), (LPBYTE) &dwRecChk) )

???????? 循環(huán)退出

?????? 由 if (!dwRecAddr && !dwRecChk)
?????????? {
????????????? break;
??????????? }

?????? 得出以上的結(jié)論

???? bin 文件的頭部(不包含記錄)能夠用以下的結(jié)構(gòu)表示
????? struct BinFile{
????????????????? BYTE signature[7]; // = { ''B'', ''0'', ''0'', ''0'', ''F'', ''F'', ''/a'' }
????????????????? DWORD ImageStart
????????????????? DWORD ImageLength
??????????? };

一般xipkernel.bin,nk.bin 都符合正常bin文件格式,包括記錄開始0,1,2 記錄為特殊記錄,2做為cece的標記,其后4byte表示 TOC地址(指向ROMHDR結(jié)構(gòu)的數(shù)據(jù)),3記錄開始都是文件記錄,
比方coredll.dll等等。。。

Chksum valid
Record [ 1] : Start = 0x8C201040, Length = 0x00000008, Chksum = 0x0000032D
0x8C201040 : 45434543 048FFE8C?????????????????? ECEC....????????????????????????? //這里ECEC是我們設(shè)置的#define ROM_SIGNATURE 0x43454345 (Romldr.h),后面4byte就是pToc的內(nèi)容

Chksum valid
Record [ 2] : Start = 0x8C201048, Length = 0x00000004, Chksum = 0x00000161
0x8C201048 : 047FDE00??????????????????????????? ....???????????

Chksum valid
Record [ 3] : Start = 0x8C202000, Length = 0x000A37BC, Chksum = 0x043BF7FA
0x8C202000 : 00000000 03407546 00000000 02000000 .....@uF ........
0x8C202010 : 78000000 D8530000 D8470000 20100100 x....S...G.. ...
0x8C202020 : 53005900 53005400 45004D00 2F004700 S.Y.S.T.E.M./.G.

。。。。。。

Chksum valid
Record [131] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000
?? Start address = 0x00000000
Checking record #129 for potential TOC (ROMOFFSET = 0x00000000)???
Found pTOC = 0x8cfe8f04
ROMOFFSET = 0x00000000

Chksum valid
Record [ 1] : Start = 0x8C000040, Length = 0x00000008, Chksum = 0x00000327
0x8C000040 : 45434543 A0DA118C?????????????????? ECEC....????????????????????????? //注意這里的A0DA118C 就是8C11DAF4 指向record9 就是pToc的值

Chksum valid
Record [ 2] : Start = 0x8C000048, Length = 0x00000004, Chksum = 0x0000018B
0x8C000048 : A0DA1100??????????????????????????? ....???????????

Chksum valid
Record [ 3] : Start = 0x8C001000, Length = 0x000C5180, Chksum = 0x064E2C03
0x8C001000 : 00000000 96F37746 00000000 02000000 ......wF........
0x8C001010 : 55000000 DC2B0700 DC1F0700 41504953 U....+......APIS
0x8C001020 : 02060500 3010008C 00000000 00000000 ....0...........
0x8C001030 : B05A078C 7CA3078C 505B078C 0C5D078C .Z..|...P[...]..
0x8C001040 : 745D078C 00000000 08000000 41005200 t]..........A.R.
。。。。。。
0x8C072C30 : 00000000 73746172 740A0D00 060000EA ....start.......????????????????? //###################
0x8C072C40 : FDFFFFEA FCFFFFEA FBFFFFEA FAFFFFEA ................

。。。。。。

Chksum valid
Record [ 9] : Start = 0x8C11DAA0, Length = 0x00000054, Chksum = 0x00000CB3???????? //就是上面的pToc所指塊,是一個ROMHDR結(jié)構(gòu)
0x8C11DAA0 : FF01F501 00000002 0000008C 90CE1B8C ................
0x8C11DAB0 : 08000000 0010208C 0000278C 00E0E68F ...... ...'.....
0x8C11DAC0 : 01000000 F0FF1A8C 00000000 00000000 ................
0x8C11DAD0 : 05000000 00000000 10101010 00000000 ................
0x8C11DAE0 : 00000000 C2010200 1022008C 00000000 ........."......
0x8C11DAF0 : 00000000??????????????????????????? ....???????????

Chksum valid
Record [ 10] : Start = 0x8C11DAF4, Length = 0x0000018C, Chksum = 0x0000895E
0x8C11DAF4 : 07000000 005C33FC 84B2C701 00BE0C00 ...../3.........
0x8C11DB04 : D4BF118C CCDE0F8C 3CDF0F8C 0000008C ........<.......
0x8C11DB14 : 07000000 00A1CC46 EAB0C701 00600300 .......F.....`..
0x8C11DB24 : DCBF118C 6CFD1A8C 9CDF0F8C 00F0128C ....l...........
0x8C11DB34 : 07100000 0052626B C5B0C701 00380100 .....Rbk.....8..
0x8C11DB44 : E8BF118C DCFD1A8C 4CFE1A8C 0020178C ........L.... ..

。。。。。。

Chksum valid
Record [ 14] : Start = 0x00000000, Length = 0x8C072C3C, Chksum = 0x00000000????? //這就是xipkernel.bin的最后一條記錄其內(nèi)容表示0x8C072C3C 是startup 的入口地址 //################### 那行就是
?? Start address = 0x8C072C3C?????????????????????????????????????????????? //060000EA=>EA000060 的一條跳轉(zhuǎn)指令 (1110[cond always] +1010[branch]+offset)
Checking record #9 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC = 0x8c11daa0
ROMOFFSET = 0x00000000
Done.

Checking record #9 for potential TOC (ROMOFFSET = 0xFF134B9C)?? //-》FF134B9C-》ECB464 =14m多？？？？？？
Checking record #144 for potential TOC (ROMOFFSET = 0x00000000)
Found pTOC = 0x8cfe8f04
ROMOFFSET = 0x00000000

//---------------------------------------------------------------------------------------------------------------------------------------------------------------
chain.bin viewbin 的內(nèi)容：是上面兩個bin的結(jié)合
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
ViewBin... chain.bin
Image Start = 0x8C200000, length = 0x00000528
Record [ 0] : Start = 0x8C200000, Length = 0x00000528, Chksum = 0x0000084B
0x8C200000 : 02000000 0000008C 90CE1B00 00002000 .............. .?? //填充xipkernel部分的_XIPCHAIN_ENTRY 的內(nèi)容
0x8C200010 : 01000100 00000000 5849504B 45524E45 ........XIPKERNE
0x8C200020 : 4C000000 00000000 00000000 00000000 L...............
0x8C200030 : 00000000 00000000 00000000 00000000 ................
0x8C200040 : 00000000 00000000 00000000 00000000 ................
0x8C200050 : 00000000 00000000 00000000 00000000 ................
0x8C200060 : 00000000 00000000 00000000 00000000 ................
0x8C200070 : 00000000 00000000 00000000 00000000 ................
0x8C200080 : 00000000 00000000 00000000 00000000 ................
0x8C200090 : 00000000 00000000 00000000 00000000 ................
0x8C2000A0 : 00000000 00000000 00000000 00000000 ................
0x8C2000B0 : 00000000 00000000 00000000 00000000 ................
0x8C2000C0 : 00000000 00000000 00000000 00000000 ................
0x8C2000D0 : 00000000 00000000 00000000 00000000 ................
0x8C2000E0 : 00000000 00000000 00000000 00000000 ................
0x8C2000F0 : 00000000 00000000 00000000 00000000 ................
0x8C200100 : 00000000 00000000 00000000 00000000 ................
0x8C200110 : 00000000 00000000 00000000 00000000 ................
0x8C200120 : 00000000 00000000 00000000 00000000 ................
0x8C200130 : 00000000 00000000 00000000 00000000 ................
0x8C200140 : 00000000 00000000 00000000 00000000 ................
0x8C200150 : 00000000 00000000 00000000 00000000 ................
0x8C200160 : 00000000 00000000 00000000 00000000 ................
0x8C200170 : 00000000 00000000 00000000 00000000 ................
0x8C200180 : 00000000 00000000 00000000 00000000 ................
0x8C200190 : 00000000 00000000 00000000 00000000 ................
0x8C2001A0 : 00000000 00000000 00000000 00000000 ................
0x8C2001B0 : 00000000 00000000 00000000 00000000 ................
0x8C2001C0 : 00000000 00000000 00000000 00000000 ................
0x8C2001D0 : 00000000 00000000 00000000 00000000 ................
0x8C2001E0 : 00000000 00000000 00000000 00000000 ................
0x8C2001F0 : 00000000 00000000 00000000 00000000 ................
0x8C200200 : 00000000 00000000 00000000 00000000 ................
0x8C200210 : 00000000 00000000 00000000 00000000 ................
0x8C200220 : 00000000 00000000 00000000 00000000 ................
0x8C200230 : 00000000 00000000 00000000 00000000 ................
0x8C200240 : 00000000 00000000 00000000 00000000 ................
0x8C200250 : 00000000 00000000 00000000 00000000 ................
0x8C200260 : 00000000 00000000 00000000 00000000 ................
0x8C200270 : 00000000 00000000 00000000 00000000 ................
0x8C200280 : 00000000 00000000 00000000 00000000 ................
0x8C200290 : 00000000 0010208C 1099DE00 00009001 ...... .........?? //0010208C 開始就是填充nk部分的_XIPCHAIN_ENTRY 的內(nèi)容
0x8C2002A0 : 02000100 00000000 4E4B0000 00000000 ........NK......
0x8C2002B0 : 00000000 00000000 00000000 00000000 ................
0x8C2002C0 : 00000000 00000000 00000000 00000000 ................
0x8C2002D0 : 00000000 00000000 00000000 00000000 ................
0x8C2002E0 : 00000000 00000000 00000000 00000000 ................
0x8C2002F0 : 00000000 00000000 00000000 00000000 ................
0x8C200300 : 00000000 00000000 00000000 00000000 ................
0x8C200310 : 00000000 00000000 00000000 00000000 ................
0x8C200320 : 00000000 00000000 00000000 00000000 ................
0x8C200330 : 00000000 00000000 00000000 00000000 ................
0x8C200340 : 00000000 00000000 00000000 00000000 ................
0x8C200350 : 00000000 00000000 00000000 00000000 ................
0x8C200360 : 00000000 00000000 00000000 00000000 ................
0x8C200370 : 00000000 00000000 00000000 00000000 ................
0x8C200380 : 00000000 00000000 00000000 00000000 ................
0x8C200390 : 00000000 00000000 00000000 00000000 ................
0x8C2003A0 : 00000000 00000000 00000000 00000000 ................
0x8C2003B0 : 00000000 00000000 00000000 00000000 ................
0x8C2003C0 : 00000000 00000000 00000000 00000000 ................
0x8C2003D0 : 00000000 00000000 00000000 00000000 ................
0x8C2003E0 : 00000000 00000000 00000000 00000000 ................
0x8C2003F0 : 00000000 00000000 00000000 00000000 ................
0x8C200400 : 00000000 00000000 00000000 00000000 ................
0x8C200410 : 00000000 00000000 00000000 00000000 ................
0x8C200420 : 00000000 00000000 00000000 00000000 ................
0x8C200430 : 00000000 00000000 00000000 00000000 ................
0x8C200440 : 00000000 00000000 00000000 00000000 ................
0x8C200450 : 00000000 00000000 00000000 00000000 ................
0x8C200460 : 00000000 00000000 00000000 00000000 ................
0x8C200470 : 00000000 00000000 00000000 00000000 ................
0x8C200480 : 00000000 00000000 00000000 00000000 ................
0x8C200490 : 00000000 00000000 00000000 00000000 ................
0x8C2004A0 : 00000000 00000000 00000000 00000000 ................
0x8C2004B0 : 00000000 00000000 00000000 00000000 ................
0x8C2004C0 : 00000000 00000000 00000000 00000000 ................
0x8C2004D0 : 00000000 00000000 00000000 00000000 ................
0x8C2004E0 : 00000000 00000000 00000000 00000000 ................
0x8C2004F0 : 00000000 00000000 00000000 00000000 ................
0x8C200500 : 00000000 00000000 00000000 00000000 ................
0x8C200510 : 00000000 00000000 00000000 00000000 ................
0x8C200520 : 00000000 00000000?????????????????? ........???????

Chksum valid
Record [ 1] : Start = 0x00000000, Length = 0x00000000, Chksum = 0x00000000
?? Start address = 0x00000000
僅僅有1條有效記錄,一條記錄分成兩部分相應(yīng)xipkernel.bin 和nk.bin,使用結(jié)構(gòu)
typedef struct _XIPCHAIN_ENTRY {
??? LPVOID pvAddr;???????????????? // address of the XIP?????? // 依據(jù)這個地址能夠找到pToc!!!!!!
??? DWORD?? dwLength;?????????????? // the size of the XIP
??? DWORD?? dwMaxLength;??????????? // the biggest it can grow to
??? USHORT usOrder;??????????????? // where to put into ROMChain_t
??? USHORT usFlags;??????????????? // flags/status of XIP
??? DWORD?? dwVersion;????????????? // version info
??? CHAR??? szName[XIP_NAMELEN];??? // Name of XIP, typically the bin file's name, w/o .bin
??? DWORD?? dwAlgoFlags;??????????? // algorithm to use for signature verification
??? DWORD?? dwKeyLen;?????????????? // length of key in byPublicKey
??? BYTE??? byPublicKey[596];?????? // public key data
} XIPCHAIN_ENTRY, *PXIPCHAIN_ENTRY;

//其它相關(guān)結(jié)構(gòu):
typedef struct ROMHDR {
??? ULONG?? dllfirst;?????????????? // first DLL address
??? ULONG?? dlllast;??????????????? // last DLL address
??? ULONG?? physfirst;????????????? // first physical address
??? ULONG?? physlast;?????????????? // highest physical address
??? ULONG?? nummods;??????????????? // number of TOCentry's
??? ULONG?? ulRAMStart;???????????? // start of RAM
??? ULONG?? ulRAMFree;????????????? // start of RAM free space
??? ULONG?? ulRAMEnd;?????????????? // end of RAM
??? ULONG?? ulCopyEntries;????????? // number of copy section entries
??? ULONG?? ulCopyOffset;?????????? // offset to copy section
??? ULONG?? ulProfileLen;?????????? // length of PROFentries RAM
??? ULONG?? ulProfileOffset;??????? // offset to PROFentries
??? ULONG?? numfiles;?????????????? // number of FILES
??? ULONG?? ulKernelFlags;????????? // optional kernel flags from ROMFLAGS .bib config option
??? ULONG?? ulFSRamPercent;???????? // Percentage of RAM used for filesystem
??????????????????????????????????????? // from FSRAMPERCENT .bib config option
??????????????????????????????????????? // byte 0 = #4K chunks/Mbyte of RAM for filesystem 0-2Mbytes 0-255
??????????????????????????????????????? // byte 1 = #4K chunks/Mbyte of RAM for filesystem 2-4Mbytes 0-255
??????????????????????????????????????? // byte 2 = #4K chunks/Mbyte of RAM for filesystem 4-6Mbytes 0-255
??????????????????????????????????????? // byte 3 = #4K chunks/Mbyte of RAM for filesystem > 6Mbytes 0-255

??? ULONG?? ulDrivglobStart;??????? // device driver global starting address
??? ULONG?? ulDrivglobLen;????????? // device driver global length
??? USHORT usCPUType;????????????? // CPU (machine) Type
??? USHORT usMiscFlags;??????????? // Miscellaneous flags
??? PVOID?? pExtensions;??????????? // pointer to ROM Header extensions
??? ULONG?? ulTrackingStart;??????? // tracking memory starting address
??? ULONG?? ulTrackingLen;????????? // tracking memory ending address
} ROMHDR;

本文來自CSDN博客，轉(zhuǎn)載請標明出處：http://blog.csdn.net/wu_ye_zhou/archive/2010/06/08/5656119.aspx

轉(zhuǎn)載于:https://www.cnblogs.com/gcczhongduan/p/4036722.html

總結(jié)

以上是生活随笔為你收集整理的bin文件格式分析的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。