Udumper code, can someone please explain it?

  • 7 Replies
  • 1554 Views
*

Offline RaduP

  • *****
  • 856
  • Publish
    Udumper code, can someone please explain it?
    « on: 16 / August / 2009, 18:15:30 »
    Advertisements
    Code: [Select]
    #define MIN_ADDRESS     0xFF810000
    #define FW_SIZE         0x400000

    #define START_SECTOR    2048


    typedef int (*f_w)(int, int, int, int); // drive(?), start sector, number of sectors, address
     
    int main() {
    int i;
    unsigned long sa;
            f_w wr;

      for (i=0x1900;i<0xF0000;i+=4)
       if ((*(unsigned int*)(i+0x34)==0) &&
           (*(unsigned int*)(i+0x38)==0) &&
           (*(unsigned int*)(i+0x3C)==3) &&
           (*(unsigned int*)(i+0x4C)>MIN_ADDRESS) &&
           (*(unsigned int*)(i+0x50)>MIN_ADDRESS) ) {

    wr=(f_w)*(unsigned int*)(i+0x50);

                  #if defined (DRYOS)
                    // #warning DRYOS
                    // jeff666: fill some memory with zeroes; "simulate" large diskboot
                    // WARNING: the starting address is a guess

    for (i = 0x1c00; i<0x30000; i+=4)  *(int*)i=0;

                  #elif defined (VXWORKS)
                 // #warning VXWORKS
                  #else
                    #error OS type must be defined
                  #endif

                    sa=(unsigned long)wr>0xFFC00000 ? 0xFFC00000 : 0xFF810000;

    wr(0, START_SECTOR, FW_SIZE/512, sa);
    }

    while(1);
    return 0;
    }

    I understand that it writes a raw stream of data, no FAT and stuff, and that the big empty file is supposed to catch the data (assuming that sectors are consecutive).
    But I do not understand how it does so.

    For example, I am totally confused by: typedef int (*f_w)(int, int, int, int); // drive(?), start sector, number of sectors, address. How exactly does it work?

    *

    Offline whim

    • ******
    • 2013
    • A495/590/620/630 ixus70/115/220/230/300/870 S95
  • Publish
    Re: Udumper code, can someone please explain it?
    « Reply #1 on: 16 / August / 2009, 19:11:23 »
    hi Radup !

    there's probably people who are better qualified to answer that, but here's how i've always understood
    it

    Quote
    #define MIN_ADDRESS     0xFF810000
    #define FW_SIZE         0x400000

    #define START_SECTOR    2048

    /* define a function type that takes 4 int params & returns a pointer to int */
    typedef int (*f_w)(int, int, int, int); // drive(?), start sector, number of sectors, address
     
    int main() {
       int i;
       unsigned long sa;
            f_w wr;

              /* search for the function's adress in memory using it's signature */
         for (i=0x1900;i<0xF0000;i+=4)
          if ((*(unsigned int*)(i+0x34)==0) &&
              (*(unsigned int*)(i+0x38)==0) &&
              (*(unsigned int*)(i+0x3C)==3) &&
              (*(unsigned int*)(i+0x4C)>MIN_ADDRESS) &&
              (*(unsigned int*)(i+0x50)>MIN_ADDRESS) ) {
     
          wr=(f_w)*(unsigned int*)(i+0x50);

                  #if defined (DRYOS)
                    // #warning DRYOS
                    // jeff666: fill some memory with zeroes; "simulate" large diskboot
                    // WARNING: the starting address is a guess

          for (i = 0x1c00; i<0x30000; i+=4)  *(int*)i=0;

                  #elif defined (VXWORKS)   
                 // #warning VXWORKS
                  #else
                    #error OS type must be defined
                  #endif
                    sa=(unsigned long)wr>0xFFC00000 ? 0xFFC00000 : 0xFF810000;

          /* call the function with 4 int params to dump the firmware */
          wr(0, START_SECTOR, FW_SIZE/512, sa);
       }
       /* since we don't know what happens after, an infinite loop is safest */
       
       while(1);

       return 0;
    }

    hope it helps,

    wim

    *

    Offline RaduP

    • *****
    • 856
  • Publish
    Re: Udumper code, can someone please explain it?
    « Reply #2 on: 16 / August / 2009, 19:22:23 »
    Oh, ok, now I understand, thanks!
    So the first part was looking for the signature, I was thinking it's some sort of sanity check to make sure the firmware is there. I always thought the signatures are longer :)

    *

    Offline RaduP

    • *****
    • 856
  • Publish
    Re: Udumper code, can someone please explain it?
    « Reply #3 on: 17 / August / 2009, 14:12:50 »
    Ok, one more quetion: Why is it searching in this address range:
    Code: [Select]
      for (i=0x1900;i<0xF0000;i+=4)Isn't the firmware way higher than that?


    *

    Offline fudgey

    • *****
    • 1705
    • a570is
  • Publish
    Re: Udumper code, can someone please explain it?
    « Reply #4 on: 17 / August / 2009, 14:35:43 »
    Ok, one more quetion: Why is it searching in this address range:
    Code: [Select]
      for (i=0x1900;i<0xF0000;i+=4)Isn't the firmware way higher than that?

    I'm just guessing, but until someone who knows better corrects me... If it's a registered event procedure or something similar, it's address will reside in RAM and it's faster to go through the entire RAM than it is to go through the entire ROM.

    *

    Offline whoever

    • ****
    • 280
    • IXUS950
  • Publish
    Re: Udumper code, can someone please explain it?
    « Reply #5 on: 17 / August / 2009, 15:06:04 »
    Ok, one more quetion: Why is it searching in this address range:
    Code: [Select]
      for (i=0x1900;i<0xF0000;i+=4)Isn't the firmware way higher than that?
    This is the Canon .data segment. It is initialized in the course of the OS init sequence (see boot()), and (in the current context) perhaps partly by the basic boot routine at FFFF0000 (sort-of BIOS) of the firmware. Diskboot.bin is also loaded at 0x1900, so it partly overwrites the data, which is probably why the udumper sometimes fails.

    *

    Offline RaduP

    • *****
    • 856
  • Publish
    Re: Udumper code, can someone please explain it?
    « Reply #6 on: 17 / August / 2009, 15:11:16 »
    Hmm, interesting.
    So what else is it stored there? Is there a pointer to any function, or just some of them?

    *

    Offline reyalp

    • ******
    • 9801
  • Publish
    Re: Udumper code, can someone please explain it?
    « Reply #7 on: 17 / August / 2009, 17:37:43 »
    Hmm, interesting.
    So what else is it stored there? Is there a pointer to any function, or just some of them?
    You can examine the area of ROM where this is initialized from (look for the first loop in the boot code at FFC0000 or FF81000 that copies data from ROM). There are some function pointers there, but obviously not all ROM functions.
    Don't forget what the H stands for.


     

    Related Topics