Eboot 编译编译器决定中断向量及其实现单一性的原因

                    ---------------by nasiry 
                                     转载请说明出处,并通知我
首先看看eboot的source文件，该文件约束了eboot下文件的编译方式和参与编译的文件等等信息

SYNCHRONIZE_DRAIN=1

TARGETNAME=EBOOT
TARGETTYPE=PROGRAM
WINCECPU=1RELEASETYPE=PLATFORM
WINCETARGETFILES=$(_RELEASEDIR)\$(TARGETNAME).nb0
EXEENTRY=StartUp
EXEBASE=0x80000000

INCLUDES=..\inc;$(_PUBLICROOT)\common\oak\drivers\block\msflashfmd\inc
#INCLUDES=$(_TARGETPLATROOT)\eboot\inc;$(INCLUDES)
INCLUDES=$(_TARGETPLATROOT)\Drivers\NandFlsh\FMD;$(INCLUDES)
ADEFINES=-pd "ALLOCATE_TABLE SETS \"FALSE\"" $(ADEFINES)

LDEFINES=-subsystem:native /DEBUG /DEBUGTYPE:CV /FIXED:NO
CDEFINES= $(CDEFINES) -DPPSH_PROTOCOL_NOTIMEOUT -DCOREDLL -DPLAT_ONBOARDEDBG=1 -DBOOT_LOADER=1 -DNOSYSCALL=1

TARGETLIBS=\
.......

Source文件仅仅提供了PROGRAM/LIBRARY/DYNLINK三个选项参数(见oak\MISC\makefile.def line 324),分别对应.exe,.lib,.dll文件。.exe和.dll文件都是符合windows程序要求的带头文件，而.lib仅仅是可重定位的函数集。这三者都不是我们通常用作loader的headless程序。所谓headless，不包含文件执行头，按照最后所在的地址信息进行链接，不可重定位为特点，这与通常的单片机程序是相似的。而上面所能指定的三种编译目标模式是用于winCE执行所用，其中包含了一个所谓类似PE头的信息部。这样产生的程序显然就不能满足运行的要求。下面是编译后产生的程序用实例来看看：

00000000h: 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 ; MZ?..........
00000010h: B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ; ?......@.......
00000020h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000030h: 00 00 00 00 00 00 00 00 00 00 00 00 D8 00 00 00 ; ............?..
00000040h: 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 ; ..?.???L?Th
00000050h: 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F ; is program canno
00000060h: 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 ; t be run in DOS
00000070h: 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 ; mode....$.......
00000080h: 6A 57 E0 F7 2E 36 8E A4 2E 36 8E A4 2E 36 8E A4 ; jW圜.6帳.6帳.6帳
00000090h: A1 13 BF A4 2C 36 8E A4 A1 13 BE A4 22 36 8E A4 ; ?郡,6帳?兢"6帳
000000a0h: 01 10 BE A4 29 36 8E A4 01 10 BF A4 2F 36 8E A4 ; ..兢)6帳..郡/6帳
000000b0h: 2E 36 8E A4 3F 36 8E A4 D6 3D D8 A4 2F 36 8E A4 ; .6帳?6帳?丐/6帳
000000c0h: 52 69 63 68 2E 36 8E A4 00 00 00 00 00 00 00 00 ; Rich.6帳........
000000d0h: 00 00 00 00 00 00 00 00 50 45 00 00 C2 01 04 00 ; ........PE..?..
000000e0h: B2 42 8F 41 00 00 00 00 00 00 00 00 E0 00 2E 01 ; 睟廇........?..
000000f0h: 0B 01 06 18 00 38 01 00 00 28 00 00 00 00 00 00 ; .....8...(......
00000100h: 00 10 00 00 00 10 00 00 00 50 01 00 00 00 00 80 ; .........P.....€
00000110h: 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 ; ................
00000120h: 04 00 14 00 00 00 00 00 00 90 01 00 00 04 00 00 ; .........?.....
00000130h: 28 2F 02 00 09 00 00 00 00 00 01 00 00 10 00 00 ; (/..............
00000140h: 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ; ................
00000150h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000160h: 00 00 00 00 00 00 00 00 00 70 01 00 C8 05 00 00 ; .........p..?..
00000170h: 00 00 00 00 00 00 00 00 00 80 01 00 04 07 00 00 ; .........€......
00000180h: D0 14 00 00 1C 00 00 00 00 00 00 00 00 00 00 00 ; ?..............
00000190h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000001a0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000001b0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000001c0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000001d0h: 2E 74 65 78 74 00 00 00 9C 36 01 00 00 10 00 00 ; .text...?......
000001e0h: 00 38 01 00 00 04 00 00 00 00 00 00 00 00 00 00 ; .8..............
000001f0h: 00 00 00 00 20 00 00 60 2E 64 61 74 61 00 00 00 ; .... ..`.data...
00000200h: C8 18 00 00 00 50 01 00 00 02 00 00 00 3C 01 00 ; ?...P.......<..
00000210h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..?
00000220h: 2E 70 64 61 74 61 00 00 C8 05 00 00 00 70 01 00 ; .pdata..?...p..
00000230h: 00 06 00 00 00 3E 01 00 00 00 00 00 00 00 00 00 ; .....>..........
00000240h: 00 00 00 00 40 00 00 40 2E 72 65 6C 6F 63 00 00 ; ....@..@.reloc..
00000250h: F0 07 00 00 00 80 01 00 00 08 00 00 00 44 01 00 ; ?...€.......D..
00000260h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 ; ............@..B
00000270h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000280h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000290h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000002a0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000002b0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000002c0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000002d0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000002e0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000002f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000300h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000310h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000320h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000330h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000340h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000350h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000360h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000370h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000380h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000390h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000003a0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000003b0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000003c0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000003d0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000003e0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000003f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000400h: 2A 00 00 EA FD FF FF EA FC FF FF EA FB FF FF EA ; *..挲挈犒?
00000410h: FA FF FF EA F9 FF FF EA F8 FF FF EA 74 00 9F E5 ; ?犍犋阾.熷
00000420h: 55 1C A0 E3 00 10 80 E5 6C 00 9F E5 20 10 A0 E3 ; U.犮..€錶.熷 .犮
00000430h: 00 10 80 E5 64 50 9F E5 00 60 95 E5 01 65 86 E3 ; ..€錮P熷.`曞.e嗐
00000440h: 5C 30 9F E5 00 40 93 E5 06 48 84 E3 07 46 C4 E3 ; \0熷.@撳.H勩.F你
00000450h: 06 46 84 E3 4C 20 9F E5 4C 10 9F E5 10 00 A0 E3 ; .F勩L 熷L.熷..犮
从上面dump出来的内容可以看到，程序的前0x400区域都是由windowsCE的编译器产生的头文件，而这部分内容本身不是我们的代码指定的内容也不具备可执行的能力，所以实际的执行内容是在0x400位置开始的，但是是不是考虑直接拷贝0x400后的区域去掉头的位置就可以直接作为我们需要的执行入口点呢？答案是否定的，这中间还有一个偏移量的问题，由于偏移不同的原因，绝对跳转的代码在程序中不会得到正确执行。所以这个程序需要使用romimage命令处理后才能成为可用的image.

romimage使用的是boot.bib的内容来对上面的程序进行处理的。我们来看看这部分的内容。

MEMORY
   DRV_GLB  8c020000  00001000  RESERVED
    BIN_FS   8c021000  00005000  RESERVED
    RAM      8c026000  00006000  RAM
    STACK    8c02c000  00004000  RESERVED
    EBOOT    8c038000  00020000  RAMIMAGE
;    EBOOT    8c038000  00040000  RAMIMAGE

     FLSCACHE 8D000000  01000000  RESERVED

CONFIG
         COMPRESSION=OFF
         PROFILE=OFF
         KERNELFIXUPS=ON
         SRE=ON
         ROMSTART=8c038000
         ROMWIDTH=32

        ROMSIZE=16000

MODULES
nk.exe $(_TARGETPLATROOT)\target\$(_TGTCPU)\$(WINCEDEBUG)\EBOOT.exe EBOOT

简单说一次上面的内容的意义：

1.MEMORY部：
这部分指定了一些空间分配的情况，eboot的位置就是上面指定的，romimage通过该信息重新定位上面eboot.exe的偏移，以及内存使用的静态分布信息.
2.Config部
该部分描述生成image的规则，包括压缩与否，sre文件是否产生，起始地址,image的存放介质位宽，单片介质大小等等。
3.Modules部
该部分描述的是参与该image生成的元文件列表。

通过上面的信息，按道理romimage就会将0x400后的部分重新计算偏移后放到0x8c038000的位置。也就是我们文件的0x0位置。事实上呢？

我们来看看是什么样的情况。

00000000h: FE 03 00 EA 00 00 00 00 00 00 00 00 00 00 00 00 ; ?.?...........
00000010h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000020h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000030h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000040h: 45 43 45 43 88 C7 04 8C 00 00 00 00 00 00 00 00 ; ECEC埱.?.......
00000050h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000060h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
.................. zero .................................................
00000fc0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000fd0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000fe0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000ff0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00001000h: 2A 00 00 EA FD FF FF EA FC FF FF EA FB FF FF EA ; *..挲挈犒?
00001010h: FA FF FF EA F9 FF FF EA F8 FF FF EA 74 00 9F E5 ; ?犍犋阾.熷
00001020h: 55 1C A0 E3 00 10 80 E5 6C 00 9F E5 20 10 A0 E3 ; U.犮..€錶.熷 .犮
00001030h: 00 10 80 E5 64 50 9F E5 00 60 95 E5 01 65 86 E3 ; ..€錮P熷.`曞.e嗐
00001040h: 5C 30 9F E5 00 40 93 E5 06 48 84 E3 07 46 C4 E3 ; \0熷.@撳.H勩.F你
00001050h: 06 46 84 E3 4C 20 9F E5 4C 10 9F E5 10 00 A0 E3 ; .F勩L 熷L.熷..犮
00001060h: 06 00 00 EA 00 00 00 00 00 00 00 00 00 00 00 00 ; ...?...........
00001070h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00001080h: 00 60 85 E5 01 00 50 E2 FD FF FF 1A 00 40 83 E5 ; .`呭..P恺..@冨

结果是程序最前端的4Kb空出来了！！！windowsCE的编译器是否保留这部分作为chain的空间还无法得知，但是这样一来所有的中断向量在这里都无法使能了。除reset的中断向量是可以间接生效的外，其他的所有的中断向量都被写成了0x0如果产生一个任意的异常/中断的话，就只会连续的产程一系列数据异常，无法复位也无法执行。这就是为什么在windowsCE的启动代码中都不直接使用0x0区域的rom作为中断向量的安装手段。
 
后1：
这个现象造成的原因是eboot和应用程序使用相同的编译器，该编译器会将开始的4KB作为PE头的放置，所以该部分要空出来。