|
花了2天时间,逆向ceemmc工具时的学习记录 。
想通过修改二进制ceemmc的方式,将CE_FLASH分区调整为1024MB。
通过在arm64主机上编写想要的赋值语句,然后用反编译工具ida-pro反编译,查看复制语句的汇编代码
#include
int main(){
printf("Free space of 'partition %s': %lldMB\n", "CE_FLASH", 2048LL);
printf("Free space of 'partition %s': %lldMB\n", "CE_FLASH", 1024LL);
printf("Free space of 'partition %s': %lldbytes\n", "CE_FLASH", 0x80000000LL);
printf("Free space of 'partition %s': %lldbytes\n", "CE_FLASH", 0x40000000LL);
printf("Free space of 'partition %s': %lldbytes\n", "CE_FLASH", -0x80000000LL);
printf("Free space of 'partition %s': %lldbytes\n", "CE_FLASH", -0x40000000LL);
}
0x80000000LL x1
01 00 B0 D2
D2B00001
1101 00 1 010 1100000000000000000001
-->
0x40000000LL x1
01 00 A8 D2
D2A80001
1101 00 1 010 1010000000000000000001
------------------以上是x1寄存器的,ceemmc用x1寄存器存储flash大小,修改地址为51A0,53c4
2048LL
02 00 81 D2
0xD2810002
1101 00 1 0100 0 0001 0000 0000 00000010
-->
1024LL
02 80 80 D2
0xD2808002
1101 00 1 0100 0 0000 1000 0000 00000010
------------------以上是x2寄存器的,ceemmc用x2寄存器存储printf中的flash大小MB,修改地址为53CC
-0x80000000LL x2
E2 83 61 B2
B26183E2
1011 00 1 00 11 000 011000001111100010
-0x80000000LL x0
E0 83 61 B2
B26183E0
1011 00 1 0011 000 011000001111100000
-0x40000000LL x2
E2 87 62 B2
-0x40000000LL x0 ?
E0 87 62 B2
|