BinFS in WinCE

BinFS = Binary + FSD

Relative technology • Binary

WinCE Image architectureExecutable Format struct

• FSDStorage manager Partition driverBlock driver

Binfs in explorer

Demond Page

NK(ramimage) NK

(nandimage)

XIP(ramimage)

16M

14M

2M

Single region Multi region

ProgramRAM

ramimage

0x32000000

0x30000000

DLL EXE CPL … Files ModulesReserved

32M

DRAM

Loading & Startup BootPhase 0/14k

BootLoaderBL1

IPLBL2

UTOOLEBOOT

S3C2440/3

RamImage NandImageMBR Chain

SRAMRAM

0x30000000

Nand Driver

IPL

RamImage

Chain0x30200000

0x30201000

Jump to 0x30000000

Nk.exe (startup())

KernelStart()

FileSys/FSDMGR

Binfs.dll/flashdrv.dll

Start BootPhase 2

BootPhase 2 Load data

Kernel

FSDMGR

LoadModule

Binfs.dll

NandImage in Nand Flash

Bibdrv.dll

Device.exeExplorer.exe

Battdrv.dllOndisk.dllFatfs.dllEtc…

File access flow diagram

APPLICATION

AFS entry

File API

FSDMGR

File System Driver (FSD)

Filter/Cache

Partition Driver

Block device Driver

Storage device controller driver

Load FSD

File System Driver (FSD)

• BinFS

• FatFS/NTFS

• CDFS

• Your custom FSD

( 抽象模型 ) File Index Table

DATA

FSD interface (Perfix FSD_)

• MainFSD_MountFSD_UnmountDisk

• FileFSD_CreateFileWFSD_CloseFileFSD_ReadFileFSD_ReadFileWithSeekFSD_SetFilePointerFSD_DeviceIoControl …

• PathFSD_GetFileAttributesWFSD_GetDiskFreeSpaceW…

• FindFSD_FindFirstFileWFSD_FindNextFileWFSD_FindClose

Storage Manager and Partition Manager

Call By File API set

FSD Init

FSD_Mount (PDSK)

Part driver CreateDiskObject(HDSK)

Block Device DriverHandle HDSKCreateFile

Handle PDSK

RegisterVolume( pVolume);

CreateVolumeObject(PDSK) Handle pVolume

pVolumePATH name

AFS Manager

pVolume can get partition handle and block device driver handle

FSD AccessCreatFileEx(L”\\windows\\explorer.exe”,…)

Search AFS table to get pVolume Handle pVolume

FSD_CreateFileW(pVolume)

FSDMGR_CreateFileHandle(pVolume) Handle pFile

ReadFile(pFile,….)

FSD_ReadFile(pFile,….)

FSDMGR_DeviceIoctl( pFile-> pVolume->PDSK,….)

DeviceIoctl( pFile-> pVolume->PDSK->HDSK,….)

Enable Demond PageMEMORY section; NAME START ADDR SIZE TYPE; --------------------------------------------------------------------------------------------------------pdwXIPLoc 00000000 8C200000 FIXUPVARXIPKERNEL 8C000000 00200000 RAMIMAGECHAIN 8C200000 00001000 RESERVEDNK 8C201000 01400000 NANDIMAGERAM 8C201000 03D62000 RAM DISPLAY 8FF63000 00080000 RESERVED COMPRESSION=ON …XIPSCHAIN=8C200000MODULES section

nk.exe D:\WINCE500\pbworkspaces\....kern.exe XIPKERNEL SHFatfs.dll D:\WINCE500\pbworkspaces\....fatfs.dll nk SH

FILES sectionbinfs.dll D:\WINCE500\pbworkspaces\....binfs.dll XIPKERNEL SHsample.wav D:\WINCE500\pbworkspaces\.... sample.wav nk SH

PE files （ Portable Executable 可移植的执行体） PE 的意思就是 Portable Executable （可移植的执行体）。它是 Win32 环境自身所带的执行体文件格式。即使 Windows 运行在非 Intel 的 CPU 上，任何 win32 平台的 PE 装载器都能识别和使用该文件格式。当然，移植到不同的 CPU 上 PE 执行体必然得有一些改变。

如果我们将 PE 文件格式视为一逻辑磁盘， PE header 是 boot 扇区而 sections 是各种文件，但我们仍缺乏足够信息来定位磁盘上的不同文件，譬如，什么是 PE 文件格式中等价于目录的东东？别急，那就是 PE header 接下来的数组结构 section table （节表）。 每个结构包含对应节的属性、文件偏移量、虚拟偏移量等。

1 当 PE 文件被执行， PE 装载器检查 DOS MZ header 里的 PE header 偏移量。如果找到，则跳转到 PE header 。 PE 装载器检查 PE header 的有效性。如果有效，就跳转到 PE header 的尾部。 2 紧跟 PE header 的是节表。 PE 装载器读取其中的节信息，并采用文件映射方法将这些节映射到内存，同时付上节表里指定的节属性。 3 PE 文件映射入内存后， PE 装载器将处理 PE 文件中类似 import table （引入表）逻辑部分。

Nb0 file formatEA command60byte NUL

Is “ECEC”?

Data …

ROMHDR ---------------------------------------- DLL First : 0x01F501FF DLL Last : 0x02000000 Physical First : 0x8C000000 Physical Last : 0x8C175580 RAM Start : 0x8C201000 RAM Free : 0x8C34A000 RAM End : 0x8FF63000 Kernel flags : 0x00000000 Prof Symbol Offset : 0x00000000 Num Copy Entries : 1 Copy Entries Offset : 0x8C07DFC0 Num Modules : 9 Num Files : 12 MiscFlags : 0x00000002 CPU : 0x01c2 (Thumb) Extensions : 0x8C002210

0x8C000000

0x8C000040

0x8C000044 1 ROMHDR address Ex:0x8c0d9840

0x8c0d9840

8C002210

Data …

3 ROMHDR ExtensionsKernelExtPointer(_nk.exe exist)

0x8C000048- 8C002210

8C002210 - 0x8c07d560

2 ROMHDR Struct

ROMHDR Extensions ----------------------------- PID[0] = 0x00000000 PID[1] = 0x00000000 PID[2] = 0x00000000 PID[3] = 0x00000000 PID[4] = 0x00000000 PID[5] = 0x00000000 PID[6] = 0x00000000 PID[7] = 0x00000000 PID[8] = 0x00000000 PID[9] = 0x00000000 Next: 8c07d560

Data …

4 Chain information0x8c07d560

0x8c07d560 - 0x8c0d9840

Files and ModulesIndex data …

Name: chain information Type: 00000000 pData: 8c07d58c Length: 00000030 Reserved: 00000030 Next: 00000000 Addr: 8c200000 MaxLenth: 00001000 Order: 0000 Flags: 0000 reserved: 00000000 Addr: 8c000000 MaxLenth: 00200000 Order: 0000 Flags: 0001 reserved: 00000000 Addr: 8c201000 MaxLenth: 01400000 Order: 0001 Flags: 0001 reserved: 00000000

0x8CF00000

RAW Data

Into RAM

typedef struct stPIDun{

char name[(PID_LENGTH - 4) * sizeof(DWORD)];DWORD type;PVOID pdata;DWORD length;DWORD reserved;

}STPIDUN;

typedef struct _XIPCHAIN_SUMMARY { LPVOID pvAddr; // address of the XIP DWORD dwMaxLength; // the biggest it can grow to USHORT usOrder; // where to put into ROMChain_t USHORT usFlags; // flags/status of XIP DWORD reserved; // for future use}XIPCHAIN_SUMMARY, *PXIPCHAIN_SUMMARY;

Data …

typedef struct TOCentry { // MODULE BIB section structure DWORD dwFileAttributes; FILETIME ftTime; DWORD nFileSize; LPSTR lpszFileName; //gaojian ADD LPSTR ULONG ulE32Offset; // Offset to E32 structure ULONG ulO32Offset; // Offset to O32 structure ULONG ulLoadOffset; // MODULE load buffer offset} TOCentry, *LPTOCentry;

BinFS init

BinVolume Structuretypedef struct{ HVOL hVolume; HDSK hDsk; ChainData *pChain; DISK_INFO diskInfo; DWORD dwVolFlags; // per-volume flags, currently VOL_FLAG_XIP DWORD dwNumRegions; // Number of Bin Regions in the volume BinDirList *pDirectory; // Directory List // Compression support CRITICAL_SECTION csComp; // Protects current compression state BYTE *pReadBuf; // Compressed buffer BYTE pDecBuf[COMP_BLOCK_SIZE]; // Decompression Buffer; BinDirList *pCurCompDir; // Current directory entry being decompressed DWORD dwCurCompBlock; // Current Block being decompressed} BinVolume;

BinDirList Structure

• typedef struct _BinDirList {• WCHAR *szFileName;• DWORD dwRegion;• DWORD dwRealFileSize;• DWORD dwCompFileSize;• DWORD dwAttributes;• FILETIME ft;• DWORD dwAddress;• e32_rom *pe32;• o32_rom *po32;• struct _BinDirList *pNext;• } BinDirList, *PBinDirList;

Load exe/dll Sequence

Paging mode

Set

Read

Use

Different in Paging

Different between Module and File

Special Interface For Modules