/********************************************************** * Waits until the flashloader reports that it is ready **********************************************************/ void waitForFlashloader(void) { uint32_t status; int retry = FLASHLOADER_RETRY_COUNT; /* Wait until flashloader has acknowledged the command */ do { status = readMem((uint32_t)&(flState->debuggerStatus)); retry--; } while ( status != DEBUGGERCMD_NONE && retry > 0 ); /* Wait until command has completed */ retry = FLASHLOADER_RETRY_COUNT; do { delayUs(500); status = readMem((uint32_t)&(flState->flashLoaderStatus)); retry--; } while ( status == FLASHLOADER_STATUS_NOT_READY && retry > 0 ); /* Raise an error if we timed out or flashloader has reported an error */ if ( status == FLASHLOADER_STATUS_NOT_READY ) { printf("Timed out while waiting for flashloader\n"); RAISE(SWD_ERROR_FLASHLOADER_ERROR); } else if ( status != FLASHLOADER_STATUS_READY ) { printf("Flashloader returned error code %d\n", status); RAISE(SWD_ERROR_FLASHLOADER_ERROR); } }
HRESULT WINAPI DObjectView(DWORD dwAddress, DEBUGHELPER *pHelper, int nBase, BOOL bUniStrings, char *pResult, size_t max, DWORD reserved) { DWORDLONG qwAddress = dwAddress; if(pHelper->dwVersion >= 0x20000) qwAddress = pHelper->GetRealAddress(pHelper); if(qwAddress == 0) { strncpy(pResult,"null", max); return S_OK; } int proc = 0; if(pHelper->dwVersion >= 0x20000) proc = pHelper->GetProcessorType(pHelper); int sizeOfPtr = proc == 0 ? 4 : 8; DWORD read; DWORDLONG vtablePtr = 0; if (readMem(pHelper, qwAddress, sizeOfPtr, &vtablePtr, &read) != S_OK) { strncpy(pResult,"Cannot access object", max); return S_OK; } DWORDLONG classinfoPtr = 0; if (readMem(pHelper, vtablePtr, sizeOfPtr, &classinfoPtr, &read) != S_OK) { strncpy(pResult,"Cannot access vtable", max); return S_OK; } char strdata[16]; if (readMem(pHelper, classinfoPtr + 4*sizeOfPtr, 2*sizeOfPtr, strdata, &read) != S_OK) { strncpy(pResult,"Cannot access class info", max); return S_OK; } DWORDLONG length, data; if(sizeOfPtr > 4) { length = *(DWORDLONG*) strdata; data = *(DWORDLONG*) (strdata + sizeOfPtr); } else { length = *(DWORD*) strdata; data = *(DWORD*) (strdata + sizeOfPtr); } DWORD cnt = (DWORD)(length < max - 1 ? length : max - 1); if (readMem(pHelper, data, cnt, pResult, &read) != S_OK) { strncpy(pResult,"Cannot access name data", max); return S_OK; } pResult[cnt] = 0; return S_OK; }
/********************************************************** * Reads the unique ID of the target from the DI page. * * @returns * The unique ID of target **********************************************************/ uint64_t readUniqueId(void) { uint64_t uniqueId; /* Retrive high part of unique ID */ uniqueId = readMem(UNIQUE_ID_HIGH_ADDR); uniqueId = uniqueId << 32; /* Retrive low part of unique ID */ uniqueId |= readMem(UNIQUE_ID_LOW_ADDR); return uniqueId; }
/********************************************************** * Waits for the REGRDY bit in DCRSR. This bit indicates * that the DCRDR/DCRSR registers are ready to accept * new data. **********************************************************/ void waitForRegReady(void) { uint32_t dhcsr; do { dhcsr = readMem((uint32_t)&CoreDebug->DHCSR); } while ( !(dhcsr & CoreDebug_DHCSR_S_REGRDY_Msk) ); }
int analyze_struct_size (ea_t addr) { int size = -1; #if 0 // this code is now obsolete because functions // are hooked in emufuncs.cpp. char fname[128]; struct _alloc_function *func = &alloc_functions[0]; // check if this ea is a call // if call, check if call is an allocator function we know of ua_outop(addr, fname, sizeof(fname) - 1, 0); tag_remove(fname, fname, 0); while(func) { if(!strncmp(func->name, fname, strlen(func->name))) return readMem(esp + func->offset, SIZE_DWORD); func++; } #endif return size; }
/********************************************************** * Retrieves page size from the DI page of the target * * @returns * The page size in bytes **********************************************************/ int getPageSize(void) { uint32_t part = readMem((uint32_t)&(DEVINFO->PART)); uint32_t msize = readMem((uint32_t)&(DEVINFO->MSIZE)); uint32_t prodRev = (part & _DEVINFO_PART_PROD_REV_MASK) >> _DEVINFO_PART_PROD_REV_SHIFT; uint32_t family = (part & _DEVINFO_PART_DEVICE_FAMILY_MASK) >> _DEVINFO_PART_DEVICE_FAMILY_SHIFT; uint32_t pageSize; /* Figure out the size of the flash pages. */ switch(family) { case _DEVINFO_PART_DEVICE_FAMILY_GG: /* Giant Gecko */ if (prodRev < 13) { /* All Giant Gecko rev B, with prod rev. < 13 use 2048 as page size, not 4096 */ pageSize = 2048; } else { pageSize = 4096; } break; case _DEVINFO_PART_DEVICE_FAMILY_LG: /* Leopard Gecko */ case _DEVINFO_PART_DEVICE_FAMILY_WG: /* Wonder Gecko */ pageSize = 2048; break; case _DEVINFO_PART_DEVICE_FAMILY_G: case _DEVINFO_PART_DEVICE_FAMILY_TG: pageSize = 512; break; case _DEVINFO_PART_DEVICE_FAMILY_ZG: pageSize = 1024; break; default: pageSize = 512; break; } return pageSize; }
/********************************************************** * Resets the target CPU by using the AIRCR register. * Does not reset the debug interface **********************************************************/ void resetTarget(void) { uint32_t dhcsr; int timeout = DEBUG_EVENT_TIMEOUT; /* Clear the VC_CORERESET bit */ writeMem((uint32_t)&(CoreDebug->DEMCR), 0); /* Do a dummy read of sticky bit to make sure it is cleared */ readMem((uint32_t)&(CoreDebug->DHCSR)); dhcsr = readMem((uint32_t)&(CoreDebug->DHCSR)); /* Reset CPU */ writeMem((uint32_t)&(SCB->AIRCR), AIRCR_RESET_CMD); /* Wait for reset to complete */ /* First wait until sticky bit is set. This means we are * or have been in reset */ delayUs(100); do { delayUs(10); dhcsr = readMem((uint32_t)&(CoreDebug->DHCSR)); timeout--; } while ( !(dhcsr & CoreDebug_DHCSR_S_RESET_ST_Msk) && timeout > 0 ); /* Throw error if sticky bit is never set */ if ( !(dhcsr & CoreDebug_DHCSR_S_RESET_ST_Msk) ) { RAISE(SWD_ERROR_TIMEOUT_WAITING_RESET); } /* Wait for sticky bit to be cleared. When bit is cleared are we out of reset */ timeout = DEBUG_EVENT_TIMEOUT; do { delayUs(10); dhcsr = readMem((uint32_t)&(CoreDebug->DHCSR)); timeout--; } while ( dhcsr & CoreDebug_DHCSR_S_RESET_ST_Msk && timeout > 0 ); /* Throw error if bit is never cleared */ if ( dhcsr & CoreDebug_DHCSR_S_RESET_ST_Msk ) { RAISE(SWD_ERROR_TIMEOUT_WAITING_RESET); } }
void doSehException(EXCEPTION_RECORD *rec) { unsigned int err_ptr = readMem(fsBase, SIZE_DWORD); unsigned int handler = readMem(err_ptr + 4, SIZE_DWORD); //err->handler //do sanity checks on handler here? cpuToContext(); unsigned int ctx_ptr = pushContext(); unsigned int rec_ptr = pushExceptionRecord(rec); push(ctx_ptr, SIZE_DWORD); push(err_ptr, SIZE_DWORD); //err_ptr == fsBase?? push(rec_ptr, SIZE_DWORD); push(SEH_MAGIC, SIZE_DWORD); //handler return address //need to execute exception handler here setup flag to trap ret //set eip to start of exception handler and resume fetching cpu.eip = handler; }
// given an output path and pid, pull a file, write to output void pullPidMemory(FILE *out_file, int target_pid) { FILE *mem_maps_file; char *maps_path = calloc(1, 256); char *name = calloc(1, 256); unsigned int mem_low = 0; unsigned int mem_high = 0; int i; errno = 0; i = ptrace(PTRACE_ATTACH, target_pid, 0, 0); if(i == -1 && errno) { #ifdef DBGR char tmp[80]; sprintf(tmp, "Error attaching to this PID's process %d", target_pid); perror(tmp); #endif free(maps_path); free(name); return; } waitpid(target_pid, NULL, 0); snprintf(maps_path, 255, "/proc/%d/maps", target_pid); #ifdef DBGR printf("%s\n", maps_path); #endif mem_maps_file = fopen(maps_path, "r"); if(mem_maps_file == NULL) { perror("Error opening memory map for this PID"); goto leave; } // read the entire memory map while(!feof(mem_maps_file)) { // retrieve the memory range and its label fscanf(mem_maps_file, "%x-%x %[^\n]", &mem_low, &mem_high, name); // we want this PID's heap if(strstr(name, "[heap]") || strstr(name, "[stack]") || strstr(name, "deleted")) { readMem(target_pid, mem_low, mem_high-mem_low, out_file); } } leave: ptrace(PTRACE_DETACH, target_pid, 0, 0); free(maps_path); free(name); }
void popExceptionRecord(EXCEPTION_RECORD *rec) { unsigned char *ptr = (unsigned char*) &rec; unsigned int addr, i; unsigned int rec_size = (sizeof(EXCEPTION_RECORD) + 3) & ~3; //round up to next unsigned int addr = esp; for (i = 0; i < sizeof(EXCEPTION_RECORD); i++) { *ptr++ = (unsigned char) readMem(addr++, SIZE_BYTE); } esp += rec_size; }
/********************************************************** * Retrieves total flash size from the DI page of the target * * @returns * The flash size in bytes **********************************************************/ int getFlashSize(void) { /* Read memory size from the DI page */ uint32_t msize = readMem((uint32_t)&(DEVINFO->MSIZE)); /* Retrieve flash size (in kB) */ uint32_t flashSize = (msize & _DEVINFO_MSIZE_FLASH_MASK) >> _DEVINFO_MSIZE_FLASH_SHIFT; /* Return value in bytes */ return flashSize * 1024; }
void popContext() { unsigned char *ptr = (unsigned char*) &ctx; unsigned int addr, i; unsigned int ctx_size = (sizeof(WIN_CONTEXT) + 3) & ~3; //round up to next unsigned int addr = esp; for (i = 0; i < sizeof(WIN_CONTEXT); i++) { *ptr++ = (unsigned char) readMem(addr++, SIZE_BYTE); } esp += ctx_size; contextToCpu(); }
void readHDF5_MeasList(std::vector<int> & ml, int & mlN, std::string const & ifn) { H5Reader reader(ifn); int fN = reader.sizeOfFile(); std::vector<H5Reader::Value_t> readMem(fN, 0.); reader.read(&readMem[0]); std::vector<T> fMem(fN, 0.); for(int i=0; i<fN; i++) fMem[i] = T(readMem[i]); mlN = findNnz(&fMem[0], fN); ml.resize(mlN); makeMeasList(&ml[0], &fMem[0], fN); }
/********************************************************** * Resets the target CPU by using the AIRCR register. * The target will be halted immediately when coming * out of reset. Does not reset the debug interface. **********************************************************/ void resetAndHaltTarget(void) { uint32_t dhcsr; int timeout = DEBUG_EVENT_TIMEOUT; /* Halt target first. This is necessary before setting * the VECTRESET bit */ haltTarget(); /* Set halt-on-reset bit */ writeMem((uint32_t)&(CoreDebug->DEMCR), CoreDebug_DEMCR_VC_CORERESET_Msk); /* Clear exception state and reset target */ writeAP(AP_TAR, (uint32_t)&(SCB->AIRCR)); writeAP(AP_DRW, (0x05FA << SCB_AIRCR_VECTKEY_Pos) | SCB_AIRCR_VECTCLRACTIVE_Msk | SCB_AIRCR_VECTRESET_Msk); /* Wait for target to reset */ do { delayUs(10); timeout--; dhcsr = readMem((uint32_t)&(CoreDebug->DHCSR)); } while ( dhcsr & CoreDebug_DHCSR_S_RESET_ST_Msk ); /* Check if we timed out */ dhcsr = readMem((uint32_t)&(CoreDebug->DHCSR)); if ( dhcsr & CoreDebug_DHCSR_S_RESET_ST_Msk ) { RAISE(SWD_ERROR_TIMEOUT_WAITING_RESET); } /* Verify that target is halted */ if ( !(dhcsr & CoreDebug_DHCSR_S_HALT_Msk) ) { RAISE(SWD_ERROR_TARGET_NOT_HALTED); } }
// Loads the old save by constructing a new save containing the old save's data bool SaveConverter_v4::load() { clear(); uint32 varSize = SaveHandler::getVarSize(_vm); if (varSize == 0) return false; Common::InSaveFile *save; // Test if it's an old savd if (!isOldSave(&save) || !save) return false; displayWarning(); SaveWriter writer(3, 0); SavePartInfo *info = readInfo(*save, kSlotNameLength, false); if (!info) return loadFail(0, 0, 0, save); SavePartVars *vars = readVars(*save, varSize, true); if (!vars) return loadFail(info, 0, 0, save); SavePartMem *props = readMem(*save, 256000, true); if (!props) return loadFail(info, vars, 0, save); // We don't need the save anymore delete save; // Write all parts if (!writer.writePart(0, info)) return loadFail(info, vars, props, 0); if (!writer.writePart(1, vars)) return loadFail(info, vars, props, 0); if (!writer.writePart(2, props)) return loadFail(info, vars, props, 0); // We don't need those anymore delete info; delete vars; delete props; // Create the final read stream if (!createStream(writer)) return loadFail(0, 0, 0, 0); return true; }
/********************************************************** * This function will check if a Zero Gecko device is * locked. The method is different from other MCUs, * we have to read the AAP registers from the internal * memory space. * * This process can fail (we receive a FAULT response) on * other devices so wee need to check for failure on the AP * transaction and clear the STICKYERR flag in CTRL/STAT * before continuing. **********************************************************/ void checkIfZeroGeckoIsLocked(void) { int readError = SWD_ERROR_OK; uint32_t readVal; uint32_t apId; /* Try reading the AAP_IDR register on Zero. * Do in a separate TRY/CATCH block in case to allow * failure in this transaction. */ TRY apId = readMem(AAP_IDR_ZERO); CATCH /* If transaction failed. Store error code */ readError = errorCode; ENDTRY /* If the transaction was OK we check if we got * access to the AAP registers. If we do, the device * is locked. */ if ( readError == SWD_ERROR_OK ) { if ( apId == EFM32_AAP_ID ) { RAISE(SWD_ERROR_MCU_LOCKED); } } /* We received a FAULT or WAIT error. This is normal on non-ZG devices. * If this happens we have to clear the STICKYERR flag before continuing. * If we do not do this all subsequent AP transactions will fail. */ else if ( readError == SWD_ERROR_FAULT || readError == SWD_ERROR_WAIT ) { /* Read CTRL/STAT register */ readDP(DP_CTRL, &readVal); /* See if STICKYERR is set */ if ( readVal & (1 << 5) ) { /* Clear sticky error */ writeDP(DP_ABORT, (1 << 2)); } } /* We received another error, e.g. protocol error. * Report the error back to the calling function */ else { RAISE(readError); } }
/********************************************************** * Retrieve the device name from the DI page of the target * * @param deviceName[out] * Device name is stored in this buffer when * the function returns. The calling function is * responsible for allocating memory for the string **********************************************************/ void getDeviceName(char deviceName[]) { char familyCode[3]; uint32_t part = readMem((uint32_t)&(DEVINFO->PART)); uint32_t msize = readMem((uint32_t)&(DEVINFO->MSIZE)); uint32_t flashSize = (msize & _DEVINFO_MSIZE_FLASH_MASK) >> _DEVINFO_MSIZE_FLASH_SHIFT; uint32_t family = (part & _DEVINFO_PART_DEVICE_FAMILY_MASK) >> _DEVINFO_PART_DEVICE_FAMILY_SHIFT; uint32_t partNum = (part & _DEVINFO_PART_DEVICE_NUMBER_MASK) >> _DEVINFO_PART_DEVICE_NUMBER_SHIFT; switch (family) { case _DEVINFO_PART_DEVICE_FAMILY_GG: /* Giant Gecko */ sprintf(familyCode, "%s", "GG"); break; case _DEVINFO_PART_DEVICE_FAMILY_LG: /* Leopard Gecko */ sprintf(familyCode, "%s", "LG"); break; case _DEVINFO_PART_DEVICE_FAMILY_WG: /* Wonder Gecko */ sprintf(familyCode, "%s", "WG"); break; case _DEVINFO_PART_DEVICE_FAMILY_G: /* Gecko */ sprintf(familyCode, "%s", "G"); break; case _DEVINFO_PART_DEVICE_FAMILY_TG: /* Tiny Gecko */ sprintf(familyCode, "%s", "TG"); break; case _DEVINFO_PART_DEVICE_FAMILY_ZG: /* Zero Gecko */ sprintf(familyCode, "%s", "ZG"); break; default: sprintf(familyCode, "%s", "XX"); /* Unknown family */ break; } sprintf(deviceName, "EFM32%s%dF%d", familyCode, partNum, flashSize); }
int MemMapper::readMemPtr(int virtAddress, byte *data, int length, bool forceFlash) { for (int i = 0; i < length; i++) { int result; result = readMem(virtAddress + i, data[i], forceFlash); if (result != MEM_MAPPER_SUCCESS) { return result; } } return MEM_MAPPER_SUCCESS; }
static ssize_t dm_read(struct file *filp, char *buf, size_t count, loff_t *f_pos) { struct drvr_device * dev = filp->private_data; /* for other methods */ switch (dev->type) { case prog: return -1; case mem: return readMem(filp, buf, count, f_pos); default: return -1; }; }
void readHDF5_MeasVct(std::vector<int> & vctId, std::vector<T> & vctVal, int & vctNnz, std::string const & ifn) { H5Reader reader(ifn); int fN = reader.sizeOfFile(); std::vector<H5Reader::Value_t> readMem(fN, 0.); reader.read(&readMem[0]); vctNnz = findNnz(&readMem[0], fN); vctId.resize(vctNnz); vctVal.resize(vctNnz); std::vector<T> fMem(fN, 0.); for(int i=0; i<fN; i++) { fMem[i] = T(readMem[i]); } makeSparseVct(&vctId[0], &vctVal[0], &fMem[0], fN); }
/********************************************************** * Verifies that the flashloader is ready. Will throw an * exception if the flashloader is not ready within a * timeout. **********************************************************/ void verifyFlashloaderReady(void) { uint32_t status; uint32_t timeout = FLASHLOADER_RETRY_COUNT; do { status = readMem( (uint32_t)&(flState->flashLoaderStatus) ); timeout--; } while ( status == FLASHLOADER_STATUS_NOT_READY && timeout > 0 ); if ( status == FLASHLOADER_STATUS_READY ) { printf("Flashloader ready\n"); } else { printf("Flashloader not ready. Status: 0x%.8x\n", status); RAISE(SWD_ERROR_FLASHLOADER_ERROR); } }
unsigned int MemMapper::getUIntX(int virtAddress, int length) { unsigned int ret = 0; int address; for(int i = 0; i < length; i++) { byte b; if(endianess == BIG_ENDIAN) address = virtAddress + i; else address = virtAddress + length - i - 1; readMem( address , b); ret <<= 8; ret |= (unsigned int)b; } return ret; }
void erasePagesWithFlashloader(int size) { /* Get page size from flashloader */ uint32_t pageSize = readMem( (uint32_t)&(flState->pageSize) ); /* Calculate number of pages needed to store image */ uint32_t usedPages = size / pageSize; if ( usedPages * pageSize < size ) usedPages++; printf("Erasing %d page(s)\n", usedPages); /* Tell flashloader to erase all pages we are going to write to */ int addr = 0; while ( addr < size ) { sendErasePageCmd(addr); addr += pageSize; } }
/********************************************************** * Get the wrap-around period for the TAR register. This * is device dependent and affects the burst write * algorithms. This function hard-codes the values * based on information from the DI-page. * * @returns * The wrap-around period of the TAR register **********************************************************/ uint32_t getTarWrap(void) { uint32_t part = readMem((uint32_t)&(DEVINFO->PART)); uint32_t family = (part & _DEVINFO_PART_DEVICE_FAMILY_MASK) >> _DEVINFO_PART_DEVICE_FAMILY_SHIFT; /* Hard-code result based on device family. ZG has 1kB * wrap. G/TG/LG/WG/GG has 4kB. Default to 1 kB on unknown * devices */ switch (family) { case _DEVINFO_PART_DEVICE_FAMILY_GG: /* Giant Gecko */ case _DEVINFO_PART_DEVICE_FAMILY_LG: /* Leopard Gecko */ case _DEVINFO_PART_DEVICE_FAMILY_WG: /* Wonder Gecko */ case _DEVINFO_PART_DEVICE_FAMILY_G: /* Gecko */ case _DEVINFO_PART_DEVICE_FAMILY_TG: /* Tiny Gecko */ return 0xFFF; case _DEVINFO_PART_DEVICE_FAMILY_ZG: /* Zero Gecko */ return 0x3FF; default: /* Unknown family */ return 0x3FF; } }
/* * I/O functions * blk start block number * this is not a block number within a partition, but * it is a disk-wide block number unique inside the whole disk. * nblk number of blocks * buf buffer (* ) * wrt FALSE : read * TRUE : write * return value error code * argument marked with (* ) may be an address specified from external sources. */ LOCAL ER rwdisk( DISKCB *dcb, W blk, W nblk, void *buf, BOOL wrt ) { MDINFO *mdi = (MDINFO*)dcb->info; W sz, asz; void *adr; if ( dcb->blksz <= 0 ) return E_NOEXS; /* not yet initialized */ adr = (void*)(mdi->rd_saddr + blk * dcb->blksz); sz = nblk * dcb->blksz; if ( wrt ) { /* write */ if ( mdi->rd_type == ROMDISK ) return E_RONLY; asz = readMem((UW)buf, adr, sz, 1); } else { /* read */ asz = writeMem((UW)buf, adr, sz, 1); } if ( asz < sz ) return E_IO; return E_OK; }
/********************************************************** * Verify that the flash is cleared. To save time * we only check the first word on every page. * this could be modified to check every word. **********************************************************/ void verifyFlashIsErased(void) { printf("Verifying that flash is erased\n"); uint32_t addr = 0; uint32_t value; /* Get flash page size and total size from the target DI page */ int flashSize = getFlashSize(); int pageSize = getPageSize(); while ( addr < flashSize ) { value = readMem(addr); if ( value != 0xFFFFFFFF ) { printf("Error at address 0x%.8x\n" "Value should be 0xFFFFFFFF, is 0x%.8x\n", addr, value); RAISE(SWD_ERROR_DEVICE_ERASE_FAILED); } addr += pageSize; } }
/********************************************************** * Locks the target by clearing the Debug Lock Word and * then performing a pin reset. **********************************************************/ void lockTarget(void) { uint32_t apId; printf("Locking target\n"); /* Clear Debug Lock Word */ writeWordToFlash(DEBUG_LOCK_WORD, 0); printf("Verifying that Debug Lock Word is cleared\n"); /* Verify that DLW is cleared */ uint32_t dlw = readMem(DEBUG_LOCK_WORD); if ( dlw != 0 ) { RAISE(SWD_ERROR_CLR_DLW_FAILED); } /* Perform a pin reset. After this the target should be locked. */ hardResetTarget(); delayMs(100); /* Verify that target is locked by reading the AAP ID */ initDp(); apId = readApId(); if ( apId == EFM32_AAP_ID ) { printf("Target successfully locked\n"); return; } else { RAISE(SWD_ERROR_LOCK_FAILED); } }
DWORD Process::jumpToPersInventory() { return readMem(jumpToPersStruct() + PersInv); }
DWORD Process::jumpToPersStruct(){ return readMem(readMem(GameAddr) + PersStruct); }
static ssize_t dm_read(struct file *filp, char *buf, size_t count, loff_t *f_pos) { return readMem(filp, buf, count, f_pos); }