{"id":67,"date":"2008-12-08T21:20:47","date_gmt":"2008-12-08T13:20:47","guid":{"rendered":"http:\/\/www.ppcg.com.cn\/?p=67"},"modified":"2011-04-12T10:20:21","modified_gmt":"2011-04-12T02:20:21","slug":"xip%e7%a7%bb%e6%a4%8d%e6%95%99%e7%a8%8b%ef%bc%88%e4%bb%a5touch-pro-19971%e4%b8%ba%e5%9f%ba%e7%a1%80%e7%a7%bb%e6%a4%8dhd%e7%9a%8420764%e4%b8%ba%e4%be%8b%ef%bc%89","status":"publish","type":"post","link":"https:\/\/wp.pcgpcg.net\/?p=67","title":{"rendered":"XIP\u79fb\u690d\u6559\u7a0b\uff08\u4ee5touch pro 19971\u4e3a\u57fa\u7840\u79fb\u690dHD\u768420764\u4e3a\u4f8b\uff09"},"content":{"rendered":"

\u524d\u8a00\uff1a\u672c\u6765\u4e0a\u4e00\u7bc7\u6559\u7a0b\u662f\u6700\u540e\u4e00\u7bc7\u7684\u4e86\uff0c\u4e0d\u8fc7\u8003\u8651\u5230\u66ff\u6362wince.nls\u65f6\u6ca1\u6709\u51b2\u7a81\u5730\u5740\uff0c\u8fd9\u6837\u4e0e\u5b9e\u9645\u7684XIP\u79fb\u690d\u8fd8\u6709\u4e00\u70b9\u4e0d\u540c\u7684\u6b65\u9aa4\uff0c\u518d\u52a0\u4e0a\u524d\u6bb5\u65f6\u95f4\u79fb\u690d20757\u7684XIP\u65f6\u6709\u4e86\u4e0d\u5c11\u5fc3\u5f97\uff0c\u56e0\u6b64\u518d\u5199\u4e00\u7bc7\u6559\u7a0b\u4e0e\u5927\u5bb6\u5206\u4eab\u4e00\u4e0b\u5fc3\u5f97\u5427\u3002\u8fd8\u662f\u90a3\u53e5\u8bdd\uff0c\u65b0\u624b\u4e0a\u8def\uff0c\u6709\u9519\u8bef\u4e4b\u5904\u8bf7\u5927\u5bb6\u6307\u6b63\uff0c\u8c22\u8c22~<\/p>\n

\u5f00\u59cb\u5427~
\n\u4e00\u3001\u4e00\u822cXIP\u7684\u76ee\u5f55\u7ed3\u6784\u5982\u56fe
\n

\"\"<\/div>
\n\u5176\u4e2dMSXIP\u5f00\u5934\u7684\u76ee\u5f55\u662f\u5404\u79cd\u673a\u578b\u901a\u7528\u7684\u9a71\u52a8\u90e8\u5206\uff08\u5fae\u8f6fXIP\uff0c\u5475\u5475\uff09\uff0c\u5176\u4e2dOEM\u5f00\u5173\u7684\u76ee\u5f55\u662f\u8be5\u673a\u578b\u4e13\u7528\u7684\u9a71\u52a8\uff0c\u800cWINCE\u76ee\u5f55\u5219\u662f\u653ewince.nls\u7684\uff0clangdb\u76ee\u5f55\u6211\u4e5f\u4e0d\u77e5\u9053\u662f\u4ec0\u4e48\u2026\u2026\uff08\u91cc\u9762\u6ca1\u4ec0\u4e48\u6587\u4ef6\u7684\uff0c\u4e0d\u7ba1\u5b83\uff09\uff0c\u56e0\u6b64\u79fb\u690dXIP\uff0c\u5176\u5b9e\u5c31\u662f\u66ff\u6362XIP\u91cc\u9762MSXIP\u5f00\u5934\u7684\u76ee\u5f55\u91cc\u7684\u6587\u4ef6\u3002
\n\u4e8c\u3001\u9996\u5148\u63d0\u53d6\u51fatouch pro 19971\u548cHD 20764\u7684XIP\uff08\u8fc7\u7a0b\u7565\uff0c\u8bf7\u7ffb\u770b\u5176\u4ed6\u6559\u7a0b\uff0c\u6211\u4f1a\u5728\u9644\u4ef6\u91cc\u9644\u4e0a\u8fd9\u4e24\u4e2aXIP\uff09\uff0c\u7136\u540e\u4f7f\u7528XIPPort.exe\u5c06\u8fd9\u4e24\u4e2aXIP dump\u4e0b\u6765
\n1\u3001\u9996\u5148\u5c0619971\u7684XIP\u4e0eXIPPort.exe\u653e\u5728\u540c\u4e00\u4e2a\u76ee\u5f55\uff0cxip\u7684\u6587\u4ef6\u540d\u4e3axip.bin\uff0c\u5982\u679c\u662f\u5176\u4ed6\u6587\u4ef6\u540d\u8bf7\u91cd\u547d\u4ee4\u3002\u7136\u540e\u8fd0\u884cxipport.exe
\n
\"\"<\/div>
\n\uff081\uff09\u70b9\u51fbdump xip.bin\uff0c\u5c06xip.bin\u89e3\u5f00\u6765\uff0c\u6b64\u65f6\u4f1a\u51fa\u73b0\u4e00\u4e2aOUT\u76ee\u5f55
\n\uff082\uff09\u518d\u70b9\u51fbwrite maps\uff0c\u5c06\u6a21\u5757\u5730\u5740\u90fd\u5199\u5728map.txt\u91cc
\n\uff083\uff09\u6700\u540e\u70b9\u51fbmake pkgs\uff0c\u5c06OUT\u91cc\u9762\u7684\u6587\u4ef6\u5206\u7c7b\u6574\u7406\u6210\u5404\u4e2a\u76ee\u5f55
\n2\u3001\u7136\u540e\u5c06OUT\u76ee\u5f55\u6539\u540d\u6210OUT19971\u5427\uff0c\u4ee5\u4fbf\u8bb0\u5fc6
\n3\u3001\u540c\u4e0adump\u51fa20764\u7684XIP\uff0c\u7136\u540e\u6539\u540d\u6210OUT20764\u76ee\u5f55
\n\u4e09\u3001\u5c06OUT19971\u590d\u5236\u4e00\u4efd\uff0c\u6539\u540d\u4e3aOUT\u76ee\u5f55
\n\u56db\u3001\u5c06OUT20764\u91ccMSXIP\u5f00\u5934\u7684\u76ee\u5f55\u91cc\u7684\u6587\u4ef6\u5168\u90e8\u590d\u5236\u66ff\u6362OUT\u91cc\u7684\u76f8\u5e94\u76ee\u5f55\u6587\u4ef6\uff0c\u4f7f\u7528Beyond Compare\u6bd4\u8f83\u65b9\u4fbf\uff0c\u5f53\u7136\u624b\u5de5\u590d\u5236\u7c98\u8d34\u4e5f\u662f\u4e00\u6837\u7684\u3002
\n\u4e94\u3001\u8fd9\u6837\u5c31\u79fb\u690d\u7684\u8fd9\u4e00\u6b65\u5c31\u505a\u5b8c\u4e86\uff0c\u63a5\u4e0b\u6765\u4e3b\u8981\u662f\u770b\u770b\u6709\u4ec0\u4e48\u5730\u5740\u51b2\u7a81\u53ca\u89e3\u51b3\u7684\u65b9\u6cd5
\n\u516d\u3001\u63a5\u7740\u6211\u4eec\u7528xipport\u770b\u770b\u6709\u4ec0\u4e48\u9519\u8bef\u5427
\n\u4e03\u3001\u5148\u70b9\u51fbundo\uff0c\u5c06\u90a3\u4e9b\u76ee\u5f55\u91cd\u65b0\u8fd8\u539f\u6210\u5f00\u59cb\u72b6\u6001\uff0c\u518d\u70b9\u51fbrealloc p\uff0c\u6709\u4e9b\u673a\u578b\u4f1a\u5f39\u51fa\u56db\u4e2aerror!unknown o32 region flags\u7684\u9519\u8bef\u7a97\u53e3\uff0c\u8fd9\u4e2a\u662f\u4e0d\u8981\u7d27\u7684\uff0c\u70b9\u51fb\u786e\u5b9a\u5173\u6389\u5c31\u53ef\u4ee5\u4e86
\n\u516b\u3001\u4e0d\u51fa\u6240\u79d1\u51fa\u73b0\u4e86not enough space\u9519\u8bef\uff0c\u8fd9\u662f\u56e0\u4e3a\u4e00\u822c\u9ad8\u6838\u5fc3\u7684\u6587\u4ef6\u6bd4\u4f4e\u6838\u5fc3\u7684\u8981\u5927\uff0c\u56e0\u6b64\u7a7a\u95f4\u4e0d\u8db3\u4e86\uff0c\u6211\u4eec\u5148\u5c06\u7a7a\u95f4\u6539\u5927\u4e9b\u5427\uff0c\u5148\u70b9\u51fb\u7ee7\u7eed\u6216\u9000\u51fa\u5427\u3002
\n
\"\"<\/div><\/p>\n

\u4e5d\u3001\u6253\u5f00OUT\u76ee\u5f55\u91cc\u7684ROMHDR.txt\uff0c\u53ef\u4ee5\u770b\u5230\u5982\u4e0b\uff1a
\ndllfirst: D=01F801FC
\ndlllast: 02000000
\nphysfirst: P=80000000
\nphyslast: 80477E8C
\nnummods: (00000000)
\nulRAMStart: R=80478000
\nulRAMFree: 80517000
\nulRAMEnd: 83400000
\nulCopyEntries: (00000000)
\nulCopyOffset: P+001E5FAC<\/p>\n

\u5341\u3001\u6211\u4eec\u5c06physlast\u3001ulramstart\u3001ulramfree\u90fd\u52a0\u5927100000\u5427
\ndllfirst: D=01F801FC
\ndlllast: 02000000
\nphysfirst: P=80000000
\nphyslast: 80577E8C
\nnummods: (00000000)
\nulRAMStart: R=80578000
\nulRAMFree: 80617000
\nulRAMEnd: 83400000
\nulCopyEntries: (00000000)
\nulCopyOffset: P+001E5FAC<\/p>\n

\u5341\u4e00\u3001\u4fdd\u5b58\u9000\u51fa\uff0c\u518d\u6253\u5f00xipport\uff08\u5982\u679c\u521a\u624d\u662f\u70b9\u51fb\u7ee7\u7eed\u5c31\u4e0d\u5fc5\u91cd\u65b0\u6253\u5f00\uff09\uff0c\u518d\u6b21\u70b9\u51fbrealloc p\uff0c\u8fd9\u6b21\u6ca1\u6709\u7a7a\u95f4\u4e0d\u8db3\u7684\u9519\u8bef\u4e86\uff0c\u7a0d\u7b49\u4e00\u4f1a\u513f\u518d\u6309write maps\u5c06\u65b0\u6392\u5217\u51fa\u7684\u5730\u5740\u5199\u8fdbmap.txt\u91cc\u5427
\n\u5341\u4e8c\u3001\u5982\u679cfirst DLL address\u91cc\u7684\u6a21\u5757\u5730\u5740\u6709\u91cd\u590d\u7684\u8bdd\uff0cxipport\u6709\u53ef\u80fd\u5728\u70b9\u51fbwrite maps\u91cc\u63d0\u793a\u6709\u91cd\u8981\u5730\u5740\u800c\u4e0d\u80fd\u5199\u5165map.txt\uff0c\u8fd9\u65f6\u6700\u597d\u5229\u7528\u5176\u4ed6\u8f6f\u4ef6\u4fee\u6539\u91cd\u590d\u7684\u5730\u5740\uff08\u5982\u7528XIPAddrTools\uff09\uff0c\u8fd9\u91cc\u6211\u4eec\u5e76write maps\u5e76\u4e0d\u62a5\u9519\uff0c\u56e0\u6b64\u6211\u4eec\u5c31\u8df3\u8fc7\u8fd9\u4e00\u6b65\u5427
\n\u5341\u4e09\u3001\u6211\u4eec\u770b\u770bmaps\u6709\u6ca1\u6709\u51b2\u7a81\u7684\u90e8\u5206\uff08\u79fb\u690d\u6ca1\u6709\u51b2\u7a81\u7b80\u76f4\u8981\u6bd4\u4e2d\u5934\u5956\u8fd8\u8981\u5e78\u8fd0\uff0c\u5475\u5475\uff09\uff0c\u6253\u5f00maps.txt\uff0c\u641c\u7d22!!!!\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u6709\u4e09\u4e2a\u51b2\u7a81\u90e8\u5206\uff0c\u4ece\u7b2c\u4e00\u90e8\u5206\u5f00\u59cb\u770b\u8d77\u5427\uff1a
\n02000000 – 02000000 L00000000 End: last DLL address<\/p>\n

02000000 – 03db2000 L01db2000 NUL
\n03db2000 – 03dbb000 L00009000 Virtual base address of wce_rex.DLL
\n03dbb000 – 03dc2000 L00007000 Virtual base address of smem.dll
\n03dc2000 – 03dc9000 L00007000 Virtual base address of relfsd.dll
\n03dc9000 – 03dce000 L00005000 Virtual base address of MMMAP.dll
\n03dce000 – 03dd5000 L00007000 Virtual base address of htcfsfilter.DLL
\n03dd5000 – 03dda000 L00005000 Virtual base address of GxDMA.dll
\n03dda000 – 03dfa000 L00020000 Virtual base address of FLASHDRV.DLL
\n03dfa000 – 03e4a000 L00050000 Virtual base address of DDI.dll
\n03e4a000 – 03e51000 L00007000 Virtual base address of ceddk.dll
\n03e51000 – 03e55000 L00004000 Virtual base address of cecompr.dll
\n03e53000 – 03e55000 L00002000 !!!!!!!!!!!!!!!!!!
\n03e53000 – 03e57000 L00004000 Virtual base address of regenum.dll
\n03e57000 – 03e66000 L0000f000 Virtual base address of pm.dll
\n03e66000 – 03e6e000 L00008000 Virtual base address of mspart.dll
\n03e6e000 – 03e7e000 L00010000 Virtual base address of mencfilt.dll
\n03e7e000 – 03e8a000 L0000c000 Virtual base address of imgfs.dll
\n03e8a000 – 03e94000 L0000a000 Virtual base address of fsreplxfilt.dll
\n03e94000 – 03eaa000 L00016000 Virtual base address of fsdmgr.dll
\n03eaa000 – 03eb3000 L00009000 Virtual base address of fatutil.dll
\n03eb3000 – 03ec6000 L00013000 Virtual base address of fatfsd.dll
\n03ec6000 – 03ecc000 L00006000 Virtual base address of diskcache.dll
\n03ecc000 – 03ed8000 L0000c000 Virtual base address of devmgr.dll
\n03ed8000 – 03f4a000 L00072000 Virtual base address of crypt32.dll
\n03f4a000 – 03fe1000 L00097000 Virtual base address of coredll.dll
\n03fe1000 – 03fef000 L0000e000 Virtual base address of certmod.dll
\n03fef000 – 03ffa000 L0000b000 Virtual base address of cachefilt.dll
\n03ffa000 – 04000000 L00006000 Virtual base address of busenum.dll
\n04000000 – 80000000 L7c000000 NUL<\/p>\n

1\u3001\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u51b2\u7a81\u7684\u5730\u65b9\uff1a
\n03e51000 – 03e55000 L00004000 Virtual base address of cecompr.dll
\n03e53000 – 03e55000 L00002000 !!!!!!!!!!!!!!!!!!
\n03e53000 – 03e57000 L00004000 Virtual base address of regenum.dll
\n2\u3001\u7b2c\u4e00\u884c\u662f\u6307cecompr.dll\u7684\u5730\u5740\u662f\u753103e51000\u81f303e55000\uff0c\u5176\u4e2d\u957f\u5ea6\u662f4000
\n\u7b2c\u4e8c\u884c\u7684\u611f\u53f9\u53f7\u63d0\u793a\u6709\u51b2\u7a81\u4e86\uff0c\u51b2\u7a81\u5730\u5740\u662f03e53000\u523003e55000\uff0c\u5176\u4e2d\u67092000\u957f\u5ea6\u7684\u5730\u5740\u662f\u91cd\u590d\u4e86
\n\u7b2c\u4e09\u884c\u662fregenum.dll\u7684\u5730\u5740\uff0c\u753103e53000\u523003e57000\uff0c\u957f\u5ea6\u662f4000<\/p>\n

3\u3001\u53ef\u4ee5\u770b\u5230\uff0c\u6b63\u5e38\u65f6\u5e94\u8be5\u662f\u4e00\u4e2a\u5730\u5740\u63a5\u7740\u4e00\u4e2a\u5730\u5740\u7684\uff0ccecompr.dll\u7684\u7ed3\u675f\u5730\u5740\u662f03e55000\uff0c\u90a3\u5e94\u8be5\u4e0b\u4e2a\u6587\u4ef6\u7684\u5730\u5740\u7684\u8d77\u59cb\u5730\u5740\u81f3\u5c11\u662f03e55000\u624d\u53ef\u4ee5\uff0c\u4f46regenum.dll\u7684\u8d77\u59cb\u5730\u5740\u662f03e53000\uff0c\u63d0\u524d\u4e862000\uff0c\u56e0\u6b64\u8fd9\u91cc\u5c31\u67092000\u957f\u5ea6\u7684\u5730\u5740\u662f\u91cd\u590d\u4f7f\u7528\u4e86\uff0c\u9020\u6210\u51b2\u7a81\uff0c\u56e0\u6b64\u6211\u4eec\u8981\u89e3\u51b3\u8fd9\u4e2a\u51b2\u7a81\u624d\u53ef\u4ee5
\n4\u3001\u89e3\u51b3\u51b2\u7a81\u7684\u65b9\u6cd5\u5f88\u7b80\u5355\uff0c\u53ea\u8981\u5c06\u51b2\u7a81\u7684\u6587\u4ef6\u79fb\u5230\u5176\u4ed6\u7a7a\u4f59\u7684\u5730\u5740\u91cc\u5c31\u53ef\u4ee5\u4e86\uff0c\u8fd9\u91cc\u6709\u4e09\u79cd\u65b9\u6848\uff1a
\n\uff081\uff09\u4e00\u662f\u5c06regenum.dll\u79fb\u5230\u6700\u524d\u9762\u53bb\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u6700\u524d\u9762\u662f\uff1a
\n02000000 – 03db2000 L01db2000 NUL
\n03db2000 – 03dbb000 L00009000 Virtual base address of wce_rex.DLL
\n\u7b2c\u4e00\u884c\u7684\u610f\u601d\u662f\u4ece02000000\u523003db2000\u67091db2000\u7684\u7a7a\u4f59\uff08\u672a\u4f7f\u7528\uff09\u5730\u5740\uff0c\u7b2c\u4e8c\u884c\u662fwce_rex.DLL\u7684\u8d77\u59cb\u5730\u574003db2000\u523003dbb000
\n\u56e0\u6b64\u6211\u4eec\u53ef\u4ee5\u5c06regenum.dll\u79fb\u5230wce_rex.DLL\u7684\u524d\u9762\u3002\u56e0\u4e3aregenum.dll\u7684\u957f\u5ea6\u662f4000\uff0c\u56e0\u6b64\u5c06wce_rex.DLL\u7684\u8d77\u59cb\u5730\u574003db2000-4000\u5c31\u662fregenum.dll\u7684\u8d77\u59cb\u5730\u5740\uff0c3db2000-4000=3DAE000\uff0c\u6211\u4eec\u53ea\u8981\u5c06regenum.dll\u7684\u5730\u5740\u4fee\u6539\u62103DAE000\u5c31\u89e3\u51b3\u8fd9\u4e2a\u51b2\u7a81\u4e86\uff0c\u5177\u4f53\u4fee\u6539\u65b9\u6cd5\u7b49\u4e0b\u518d\u8bf4\uff0c\u6211\u4eec\u5148\u770b\u770b\u5176\u4ed6\u7684\u89e3\u51b3\u65b9\u6848
\n\uff082\uff09\u7b2c\u4e8c\u4e2a\u89e3\u51b3\u65b9\u6848\u662f\u5c06regenum.dll\u79fb\u5230busenum.dll\u7684\u540e\u9762\uff0c\u5373\u79fb\u523004000000
\n\uff083\uff09\u7b2c\u4e09\u4e2a\u89e3\u51b3\u65b9\u6848\u662f\uff0c\u4fdd\u6301\u6587\u4ef6\u7684\u6392\u5217\u987a\u5e8f\u4e0d\u53d8\uff0c\u5c06\u524d\u9762\u7684DLL\u7684\u5730\u5740\u5168\u90e8\u5f80\u4e0a\u79fb\u52a8\u3002\u6211\u4eec\u521a\u624d\u5df2\u7ecf\u8bf4\u4e86\u67092000\u5730\u5740\u662f\u91cd\u590d\u9020\u6210\u51b2\u7a81\u4e86\uff0c\u56e0\u6b64\u6211\u4eec\u53ef\u4ee5\u7531\u7b2c\u4e00\u4e2aDLL\uff08wce_rex.DLL\uff09\u5f00\u59cb\u5c06\u5730\u5740\u5411\u524d\u79fb\u52a82000\uff0c\u4e00\u76f4\u5230\u51b2\u7a81\u7684\u5730\u65b9\u4e3a\u6b62\u3002\u8fd9\u4e2a\u770b\u4e0a\u53bb\u6700\u5b8c\u7f8e\uff0c\u56e0\u4e3a\u4e2d\u95f4\u6ca1\u6709\u7a7a\u51fa\u7684\u5730\u5740\uff0c\u8fd9\u91cc\u6211\u4eec\u5c31\u7528\u8fd9\u4e2a\u65b9\u6848\u5427\u3002\uff08\u4e00\u3001\u4e8c\u65b9\u6848\u7b80\u5355\u4e9b\uff0c\u540c\u6837\u662f\u53ef\u4ee5\u6210\u529f\u7684\uff09
\n\u5341\u56db\u3001\u9996\u5148\u5c06wce_rex.DLL\u5411\u524d\u79fb2000\u5730\u5740\uff0c\u5373\u628a\u8d77\u59cb\u5730\u574003db2000\u6539\u621003db0000\uff0c\u8fd9\u91cc\u6709\u4e00\u70b9\u662f\u8981\u6ce8\u610f\u7684\uff0c\u8fd9\u91cc\u4e00\u5b9a\u8981\u7528mreloc.exe\u4fee\u6539\uff0c\u800c\u4e0d\u80fd\u76f4\u63a5\u7528WINHEX\u4fee\u6539\u3002\u4e4b\u524d\u6211\u6ca1\u7559\u610f\uff0c\u7ed3\u679c\u8fd9\u91cc\u6b7b\u4e86\u597d\u591a\u6b21\uff0c\u5475\u5475\u3002
\n1\u3001\u6253\u5f00mreloc.exe
\n

\"\"<\/div>
\n2\u3001\u70b9\u51fbchoose module\uff0c\u9009\u62e9OUT\u76ee\u5f55\u91cc\u7684wce_rex.DLL
\n
\"\"<\/div>
\n3\u3001\u5c06\u4e0a\u9762\u768403D32000\u4fee\u6539\u621003D30000\uff0c\u7136\u540e\u70b9\u51fbDoit!
\n4\u3001\u8fdb\u5165OUT\u91cc\u7684wce_rex.DLL\u76ee\u5f55\uff0c\u6253\u5f00imageinfo.txt\uff0c\u53ef\u4ee5\u770b\u5230\u524d\u9762\u51e0\u884c\u662f\u8fd9\u6837\u7684\uff1a
\nModule name: wce_rex.DLL
\ne32_objcnt: 00000005
\ne32_imageflags: 0000212E
\ne32_entryrva: 00003684
\ne32_vbase: V=03DB2000
\ne32_subsysmajor: 00000005<\/p>\n

5\u3001\u6211\u4eec\u5c06V=03DB2000\u6539\u6210V=03DB0000\uff0c\u7136\u540e\u4fdd\u5b58\u9000\u51fa\uff0c\u8fd9\u6837\u8fd9\u4e2aDLL\u5c31\u4fee\u6539\u5b8c\u6bd5
\n\u5341\u4e94\u3001\u5982\u4e0a\u65b9\u6cd5\u5c06regenum.dll\u524d\u9762\u7684DLL\u90fd\u5f80\u4e0a\u79fb\u52a82000\u5730\u5740\u5427\uff0c\u7136\u540e\u6211\u4eec\u518d\u7528xipport.exe realloc p\u4e00\u6b21\uff0c\u518dwrite maps\uff0c\u518d\u6253\u5f00maps.txt\u770b\u4e00\u4e0b
\n\u5341\u516d\u3001\u8fd9\u91cc\u5df2\u7ecf\u5b8c\u7f8e\u4e86\uff1a
\n02000000 – 03db0000 L01db0000 NUL
\n03db0000 – 03db9000 L00009000 Virtual base address of wce_rex.DLL
\n03db9000 – 03dc0000 L00007000 Virtual base address of smem.dll
\n03dc0000 – 03dc7000 L00007000 Virtual base address of relfsd.dll
\n03dc7000 – 03dcc000 L00005000 Virtual base address of MMMAP.dll
\n03dcc000 – 03dd3000 L00007000 Virtual base address of htcfsfilter.DLL
\n03dd3000 – 03dd8000 L00005000 Virtual base address of GxDMA.dll
\n03dd8000 – 03df8000 L00020000 Virtual base address of FLASHDRV.DLL
\n03df8000 – 03e48000 L00050000 Virtual base address of DDI.dll
\n03e48000 – 03e4f000 L00007000 Virtual base address of ceddk.dll
\n03e4f000 – 03e53000 L00004000 Virtual base address of cecompr.dll
\n03e53000 – 03e57000 L00004000 Virtual base address of regenum.dll
\n03e57000 – 03e66000 L0000f000 Virtual base address of pm.dll
\n03e66000 – 03e6e000 L00008000 Virtual base address of mspart.dll
\n03e6e000 – 03e7e000 L00010000 Virtual base address of mencfilt.dll
\n03e7e000 – 03e8a000 L0000c000 Virtual base address of imgfs.dll
\n03e8a000 – 03e94000 L0000a000 Virtual base address of fsreplxfilt.dll
\n03e94000 – 03eaa000 L00016000 Virtual base address of fsdmgr.dll
\n03eaa000 – 03eb3000 L00009000 Virtual base address of fatutil.dll
\n03eb3000 – 03ec6000 L00013000 Virtual base address of fatfsd.dll
\n03ec6000 – 03ecc000 L00006000 Virtual base address of diskcache.dll
\n03ecc000 – 03ed8000 L0000c000 Virtual base address of devmgr.dll
\n03ed8000 – 03f4a000 L00072000 Virtual base address of crypt32.dll
\n03f4a000 – 03fe1000 L00097000 Virtual base address of coredll.dll
\n03fe1000 – 03fef000 L0000e000 Virtual base address of certmod.dll
\n03fef000 – 03ffa000 L0000b000 Virtual base address of cachefilt.dll
\n03ffa000 – 04000000 L00006000 Virtual base address of busenum.dll
\n04000000 – 80000000 L7c000000 NUL<\/p>\n

\u5341\u4e03\u3001\u6211\u4eec\u7ee7\u7eed\u641c\u7d22!!!\u5427\uff0c\u53ef\u4ee5\u53d1\u73b0\u8fd9\u91cc\u6709\u4e24\u5904!!!\uff1a
\n80000000 – 80000000 L00000000 Start: first physical address
\n80000000 – 80001000 L00001000 RomLDR.PARTHDR
\n80001000 – 8007d5f4 L0007c5f4 o32 region_0 rva=00001000 vsize=0007c5f4 real=80001000 psize=0007c5f4 f=60000020 for nk.exe
\n80074000 – 8007d5f4 L000095f4 !!!!!!!!!!!!!!!!!!
\n80074000 – 8007595d L0000195d o32 region_0 rva=00001000 vsize=0000195d real=80074000 psize=00001960 f=60000020 for hd.dll
\n8007595d – 80076000 L000006a3 NUL
\n80076000 – 800760a0 L000000a0 o32 region_2 rva=00003000 vsize=000000a0 real=80076000 psize=000000a0 f=40000040 for hd.dll
\n800760a0 – 80078000 L00001f60 NUL
\n80078000 – 800816e4 L000096e4 o32 region_0 rva=00001000 vsize=000096e4 real=80078000 psize=000096e4 f=60000020 for osaxst0.dll
\n8007e000 – 800816e4 L000036e4 !!!!!!!!!!!!!!!!!!
\n8007e000 – 80081238 L00003238 o32 region_3 rva=0007e000 vsize=00003238 real=8007e000 psize=00003238 f=40000040 for nk.exe
\n80081238 – 80082000 L00000dc8 NUL
\n80082000 – 800822e8 L000002e8 o32 region_2 rva=0000b000 vsize=000002e8 real=80082000 psize=000002e8 f=40000040 for osaxst0.dll
\n800822e8 – 80093000 L00010d18 NUL
\n80093000 – 8009d775 L0000a775 o32 region_0 rva=00001000 vsize=0000a775 real=80093000 psize=0000a778 f=60000020 for kd.dll
\n8009d775 – 8009e000 L0000088b NUL
\n8009e000 – 8009e398 L00000398 o32 region_2 rva=0000c000 vsize=00000398 real=8009e000 psize=00000398 f=40000040 for kd.dll
\n8009e398 – 800a0000 L00001c68 NUL
\n800a0000 – 800a2ee4 L00002ee4 o32 region_0 rva=00001000 vsize=00002ee4 real=800a0000 psize=00002ee4 f=60000020 for osaxst1.dll
\n800a2ee4 – 800a3000 L0000011c NUL
\n800a3000 – 800a3148 L00000148 o32 region_2 rva=00004000 vsize=00000148 real=800a3000 psize=00000148 f=40000040 for osaxst1.dll
\n800a3148 – 800a4000 L00000eb8 NUL
\n800a4000 – 800a696d L0000296d o32 region_0 rva=00001000 vsize=0000296d real=03ffb000 psize=00002970 f=60000020 for busenum.dll
\n800a6970 – 800a6f70 L00000600 o32 region_1 rva=00003000 vsize=00000954 real=803bf000 psize=00000600 f=c0000040 for hd.dll<\/p>\n

\u5341\u516b\u3001\u8fd9\u91cc\u6211\u4eec\u53ef\u4ee5\u53d1\u73b0nk.exe o32 region_0\u7684\u7ed3\u675f\u5730\u5740\u662f8007d5f4\uff0c\u4f46\u57288007d5f4\u4e4b\u524d\u5374\u6709\u4e09\u4e2a\u5730\u5740\u91cd\u590d\u4e86\u2026\u2026\u8fd9\u91cc\u6211\u4eec\u53d1\u73b0\u662fhd.dll\u3001osaxst0.dll\u51b2\u7a81\u4e86\uff0c\u8fd9\u4e24\u4e2aDLL\u53caosaxst1\u3001kd.dll\u7b49\u5927\u5bb6\u53ef\u4ee5\u53d1\u73b0\u6709\u5f88\u591a\u4eba\u90fd\u76f4\u63a5\u5220\u6389\uff0c\u8fd9\u4e24\u4e2aDLL\u6709\u4ec0\u4e48\u7528\u5462\uff1f\u6211\u95ee\u8fc7\u8001\u9ea6\uff0c\u8001\u9ea6\u8bf4\u662f\u5185\u90e8debug\u7528\u7684\uff0c\u4e00\u822c\u7528\u6237\u662f\u7528\u4e0d\u4e0a\u7684\uff0c\u76f4\u63a5\u5220\u53bb\u65e0\u5f71\u54cd\uff0c\u800c\u4e14\u5220\u53bb\u5904\u7406\u51b2\u7a81\u5c31\u7b80\u5355\u591a\u4e86\u3002\u4e0d\u8fc7\u65e2\u7136\u5b98\u65b9\u6709\u8fd9\u4e9bDLL\u5b58\u5728\uff0c\u6211\u8fd8\u662f\u559c\u6b22\u4fdd\u7559\u7684\uff0c\u56e0\u6b64\u8fd9\u91cc\u6211\u5c31\u4e0d\u5220\u4e86\uff0c\u6211\u4eec\u8981\u5c06\u8fd9\u91cc\u7684\u51b2\u7a81\u5904\u7406\u4e00\u4e0b\u5427\u3002
\n\u5341\u4e5d\u3001Start: first physical address\u8fd9\u91cc\u7684\u4fee\u6539\uff0c\u6211\u4eec\u4fee\u6539imageinfo.txt\u53ca\u7528WINHEX\u4fee\u6539imageinfo.bin\u5c31\u53ef\u4ee5\u4e86\uff08\u7ecf\u6211\u7684\u8bd5\u9a8c\uff0c\u5176\u5b9e\u53ea\u9700\u4fee\u6539imageinfo.txt\u4e5f\u53ef\u6b63\u5e38\u542f\u52a8\u7684\uff0c\u4e0d\u8fc7\u6211\u4eec\u8fd8\u662f\u4fee\u6539\u4e00\u4e0bimageinfo.bin\u5427\uff09\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u6bcf\u4e2aDLL\u7684\u540e\u9762\u90fd\u4f1a\u6709\u4e2a\u7a7a\u4f59\u5730\u5740\u6bb5\uff0c\u6211\u4eec\u6253\u5f0019971\u7684MAP\u770b\u770b\u8fd9\u91cc\u662f\u600e\u6837\u7684\u5427\uff1a
\n80000000 – 80000000 L00000000 Start: first physical address
\n80000000 – 80001000 L00001000 RomLDR.PARTHDR
\n80001000 – 8007d5f4 L0007c5f4 o32 region_0 rva=00001000 vsize=0007c5f4 real=80001000 psize=0007c5f4 f=60000020 for nk.exe
\n8007d5f4 – 8007e000 L00000a0c NUL
\n8007e000 – 80081238 L00003238 o32 region_3 rva=0007e000 vsize=00003238 real=8007e000 psize=00003238 f=40000040 for nk.exe
\n80081238 – 80083000 L00001dc8 NUL
\n80083000 – 8008495d L0000195d o32 region_0 rva=00001000 vsize=0000195d real=80083000 psize=00001960 f=60000020 for hd.dll
\n8008495d – 80085000 L000006a3 NUL
\n80085000 – 800850a0 L000000a0 o32 region_2 rva=00003000 vsize=000000a0 real=80085000 psize=000000a0 f=40000040 for hd.dll
\n800850a0 – 80087000 L00001f60 NUL
\n80087000 – 800906e4 L000096e4 o32 region_0 rva=00001000 vsize=000096e4 real=80087000 psize=000096e4 f=60000020 for osaxst0.dll
\n800906e4 – 80091000 L0000091c NUL
\n80091000 – 800912e8 L000002e8 o32 region_2 rva=0000b000 vsize=000002e8 real=80091000 psize=000002e8 f=40000040 for osaxst0.dll
\n800912e8 – 80093000 L00001d18 NUL
\n80093000 – 8009d775 L0000a775 o32 region_0 rva=00001000 vsize=0000a775 real=80093000 psize=0000a778 f=60000020 for kd.dll
\n8009d775 – 8009e000 L0000088b NUL
\n8009e000 – 8009e398 L00000398 o32 region_2 rva=0000c000 vsize=00000398 real=8009e000 psize=00000398 f=40000040 for kd.dll
\n8009e398 – 800a0000 L00001c68 NUL
\n800a0000 – 800a2ee4 L00002ee4 o32 region_0 rva=00001000 vsize=00002ee4 real=800a0000 psize=00002ee4 f=60000020 for osaxst1.dll
\n800a2ee4 – 800a3000 L0000011c NUL
\n800a3000 – 800a3148 L00000148 o32 region_2 rva=00004000 vsize=00000148 real=800a3000 psize=00000148 f=40000040 for osaxst1.dll
\n800a3148 – 800a4000 L00000eb8 NUL
\n800a4000 – 800a696d L0000296d o32 region_0 rva=00001000 vsize=0000296d real=03ffb000 psize=00002970 f=60000020 for busenum.dll
\n800a6970 – 800a6f70 L00000600 o32 region_1 rva=00003000 vsize=00000954 real=80478000 psize=00000600 f=c0000040 for hd.dll
\n1\u3001\u53ef\u4ee5\u770b\u5230\u6bcf\u4e2a\u6a21\u5757\u7684\u8d77\u59cb\u5730\u5740\u90fd\u662fXXXXX000\uff0c\u800c\u6bcf\u4e2a\u6a21\u5757\u81f3\u5c11\u95f4\u96942000\u4ee5\u4e0a\u7684\u5730\u5740\u3002
\n2\u3001\u867d\u7136\u4e0d\u6e05\u695a\u5b98\u65b9MAP\u8fd9\u91cc\u4e3a\u4ec0\u4e48\u8fd9\u6837\u5904\u7406\uff0c\u4e0d\u8fc7\u6211\u4eec\u8fd8\u662f\u5c3d\u91cf\u6309\u7167\u5b98\u65b9\u7684\u65b9\u5f0f\u6765\u5904\u7406\u5427\uff08\u4e8b\u5b9e\u6211\u4e5f\u8bd5\u8fc7\u76f4\u63a5\u5c06\u6a21\u5757\u5730\u5740\u8fde\u63a5\u8d77\u6765\u4e0d\u7559\u7a7a\u4f4d\uff0c\u4e5f\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u7684\uff0c\u4e0d\u8fc7\u8fd8\u662f\u6309\u5b98\u65b9\u98ce\u683c\u5904\u7406\u5427\uff09
\n\u4e8c\u5341\u3001\u7ee7\u7eed\u521a\u624d\u7684\u51b2\u7a81\u5904\u7406\uff0c\u53ef\u4ee5\u770b\u5230\u4e24\u4e2aNK\u5730\u5740\u662f\u63a5\u7740\u7684\uff0c\u56e0\u6b64\u6211\u4eec\u5c06\u4e24\u4e2aNK\u4e4b\u95f4\u7684\u6a21\u5757\u79fb\u5230\u7b2c\u4e8c\u4e2aNK\u5730\u5740\u4e4b\u4e0b\u5427
\n1\u3001\u770b\u770b\u8fd9\u884c\uff1a8007e000 – 80081238 L00003238 o32 region_3 rva=0007e000 vsize=00003238 real=8007e000 psize=00003238 f=40000040 for nk.exe
\n\u7167\u521a\u624d\u7684\u63a8\u8bba\uff0c\u63a5\u7740\u8fd9\u4e2a\u6a21\u5757\u7684\u5730\u5740\u5e94\u8be5\u662f80082000\u624d\u5bf9\uff0c\u6211\u4eec\u6309\u539f\u987a\u5e8f\u653e\u5427\uff0c\u653ehd.dll o32 region_0\u7684\uff0c\u8fd9\u4e2a\u7684\u5927\u5c0f\u662f195d\uff0c\u5c11\u4e8e2000\uff0c\u56e0\u6b64\u4e0b\u4e2a\u6a21\u5757\u5f00\u59cb\u5730\u5740\u5c31\u662f80084000\uff0c\u8fd9\u4e2a\u5c31\u5230hd.dll o32 region_2\u4e86\uff0c\u6211\u4eec\u6253\u5f00hd.dll\u76ee\u5f55\u91ccimageinfo.txt\uff0c\u53ef\u4ee5\u770b\u5230\u5982\u4e0b\uff1a
\no32[0].o32_vsize: 0000195D
\no32[0].o32_rva: 00001000
\no32[0].o32_psize: 00001960
\no32[0].o32_dataptr: P+00074000
\no32[0].o32_realaddr: P+00074000
\no32[0].o32_flags: 60000020<\/p>\n

o32[1].o32_vsize: 00000954
\no32[1].o32_rva: 00003000
\no32[1].o32_psize: 00000600
\no32[1].o32_dataptr: P+000A6970
\no32[1].o32_realaddr: P+003BF000
\no32[1].o32_flags: C0000040<\/p>\n

o32[2].o32_vsize: 000000A0
\no32[2].o32_rva: 00003000
\no32[2].o32_psize: 000000A0
\no32[2].o32_dataptr: P+00076000
\no32[2].o32_realaddr: P+00076000
\no32[2].o32_flags: 40000040
\n\uff081\uff09region_0\u4ee3\u8868o32[0].o32\uff0cregion_2\u4ee3\u8868o32[2].o32\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230o32[0].o32_dataptr\u548co32[0].o32_realaddr\u90fd\u662fP+00074000\uff0c\u8fd9\u91cc\u6709\u4e24\u4e2a\u76f8\u540c\u7684\u5730\u5740\u6211\u4eec\u5e94\u8be5\u6539\u54ea\u4e2a\u5462\uff1f\u8fd8\u662f\u4ee5\u5b98\u65b9\u4e3a\u51c6\uff0c\u6211\u4eec\u53ef\u4ee5\u6253\u5f00\u5176\u4ed6DLL\u7684imageinfo.txt\u770b\u770b\uff0c\u8fd9\u4e24\u4e2a\u6570\u503c\u90a3\u51e0\u4e2aDLL\u90fd\u662f\u4e00\u6837\u7684\uff0c\u6240\u4ee5\u8fd9\u91cc\u6211\u4eec\u5e94\u8be5\u4e24\u4e2a\u5730\u65b9\u90fd\u8981\u4fee\u6539\uff08\u5e0c\u671b\u6709\u4eba\u80fd\u544a\u8bc9\u4e3a\u4ec0\u4e48\u2026\u2026\uff09
\n\uff082\uff09\u6211\u4eec\u53ef\u4ee5\u770b\u5230P+00074000\uff0c\u800c\u8fd9\u4e2aP\u662f\u4ee3\u8868physfirst\uff0c\u800c\u6211\u4eec\u901a\u8fc7ROMHDR.txt\u53ef\u4ee5\u770b\u5230P=80000000\uff0c\u56e0\u6b64\u8fd9\u91cc\u539f\u672c\u7684\u5730\u5740\u662fP+74000=80000000+74000=80074000\uff0c\u8fd9\u4e2a\u5730\u5740\u7b26\u5408map.txt\u91cc\u7684hd.dll\u7684o32 region_0\uff0c\u800c\u6211\u4eec\u8981\u4fee\u6539\u621080082000\uff0c\u56e0\u6b64=\u5730\u5740-P=80082000-80000000=82000\uff0c\u56e0\u6b64\u6211\u4eec\u628aP+00074000\u6539\u6210P+00082000\u5373\u53ef
\n\uff083\uff09\u540c\u7406\u4e0b\u9762\u7684o32[2].o32_dataptr\u548co32[2].o32_realaddr\u628aP+00076000\u6539\u6210P+00084000
\n\uff084\uff09\u6539\u5b8c\u540e\u7684imageinfo.txt\u5982\u4e0b\uff1a
\no32[0].o32_vsize: 0000195D
\no32[0].o32_rva: 00001000
\no32[0].o32_psize: 00001960
\no32[0].o32_dataptr: P+00082000
\no32[0].o32_realaddr: P+00082000
\no32[0].o32_flags: 60000020<\/p>\n

o32[1].o32_vsize: 00000954
\no32[1].o32_rva: 00003000
\no32[1].o32_psize: 00000600
\no32[1].o32_dataptr: P+000A6970
\no32[1].o32_realaddr: P+003BF000
\no32[1].o32_flags: C0000040<\/p>\n

o32[2].o32_vsize: 000000A0
\no32[2].o32_rva: 00003000
\no32[2].o32_psize: 000000A0
\no32[2].o32_dataptr: P+00084000
\no32[2].o32_realaddr: P+00084000
\no32[2].o32_flags: 40000040
\n\uff085\uff09\u6211\u4eec\u518d\u7528WINHEX\u6253\u5f00imageinfo.bin
\n

\"\"<\/div>
\n\u539f\u672cregion_0\u7684\u5730\u5740\u662f80076000\uff0c\u5728\u5341\u516d\u8fdb\u5236\u7f16\u8f91\u5668\u91cc\u5730\u5740\u662f\u5012\u8fc7\u6765\u7684\uff0c\u6bcf\u4e2a\u5b57\u8282\u662f\u4e24\u4f4d\u6570\uff0c\u56e0\u6b6480 07 60 00\u5e94\u8be5\u662f\u663e\u793a00 60 07 80\u624d\u5bf9\uff0c\u6211\u4eec\u53ef\u4ee5\u53d1\u73b07C\u7684\u5730\u5740\u5c31\u662fo32[0].o32_dataptr\u7684\u6570\u503c\u5730\u5740\uff0c80\u7684\u5730\u5740\u662fo32[0].o32_realaddr\u7684\u5730\u5740\uff0cAC\u7684\u5730\u5740\u662fo32[2].o32_dataptr\uff0cB0\u7684\u5730\u5740\u662fo32[2].o32_realaddr\u7684\u5730\u5740\uff0c\u56e0\u6b64\u6211\u4eec\u5c06\u90a3\u91cc\u7684\u6570\u503c\u90fd\u4fee\u6539\u5427\uff0c\u4fee\u6539\u540e\u5982\u4e0b\uff1a
\n
\"\"<\/div><\/p>\n

\u4e8c\u5341\u4e00\u3001\u63a5\u7740\u5c31\u5230osaxst0.dll\uff0c\u56e0\u4e3ahd.dll\u7684o32 region_2\u5927\u5c0f\uff08\u957f\u5ea6\uff09\u662fa0\uff0c\u5c0f\u4e8e2000\uff0c\u56e0\u6b64osaxst0.dll\u7684o32 region_0\u8d77\u59cb\u5730\u5740\u662f80084000+2000=80086000\uff0c\u800cosaxst0.dll\u7684o32 region_0\u5927\u5c0f\u662f96e4\uff0c\u53d6\u6574\u6570\u662fA000\uff0c\u56e0\u6b64o32 region_2\u7684\u8d77\u59cb\u5730\u5740\u662f80086000+A000=80090000
\n\uff081\uff09\u6211\u4eec\u5148\u6253\u5f00imageinfo.txt\u5427\uff1a
\no32[0].o32_vsize: 000096E4
\no32[0].o32_rva: 00001000
\no32[0].o32_psize: 000096E4
\no32[0].o32_dataptr: P+00078000
\no32[0].o32_realaddr: P+00078000
\no32[0].o32_flags: 60000020<\/p>\n

o32[1].o32_vsize: 00003378
\no32[1].o32_rva: 0000B000
\no32[1].o32_psize: 00000A00
\no32[1].o32_dataptr: P+000BB254
\no32[1].o32_realaddr: P+003EB000
\no32[1].o32_flags: C0000040<\/p>\n

o32[2].o32_vsize: 000002E8
\no32[2].o32_rva: 0000B000
\no32[2].o32_psize: 000002E8
\no32[2].o32_dataptr: P+00082000
\no32[2].o32_realaddr: P+00082000
\no32[2].o32_flags: 40000040
\n\uff082\uff09\u540c\u4e0a\uff0c\u5c06o32[0].o32_dataptr\u548co32[0].o32_realaddr\u7531P+00078000\u4fee\u6539\u6210P+00086000\uff0co32[2].o32_dataptr\u548co32[2].o32_realaddr\u7531P+00082000\u4fee\u6539\u6210P+00090000\uff0c\u4fee\u6539\u540e\u5982\u4e0b\uff1a
\no32[0].o32_vsize: 000096E4
\no32[0].o32_rva: 00001000
\no32[0].o32_psize: 000096E4
\no32[0].o32_dataptr: P+00086000
\no32[0].o32_realaddr: P+00086000
\no32[0].o32_flags: 60000020<\/p>\n

o32[1].o32_vsize: 00003378
\no32[1].o32_rva: 0000B000
\no32[1].o32_psize: 00000A00
\no32[1].o32_dataptr: P+000BB254
\no32[1].o32_realaddr: P+003EB000
\no32[1].o32_flags: C0000040<\/p>\n

o32[2].o32_vsize: 000002E8
\no32[2].o32_rva: 0000B000
\no32[2].o32_psize: 000002E8
\no32[2].o32_dataptr: P+00090000
\no32[2].o32_realaddr: P+00090000
\no32[2].o32_flags: 40000040
\n\uff083\uff09\u540c\u4e0a\u7528WINHEX\u4fee\u6539imageinfo.bin\u5427<\/p>\n

\u4e8c\u5341\u4e8c\u3001\u51b2\u7a81\u5904\u7406\u5b8c\u6bd5~\u6211\u4eec\u7528xipport.exe realloc p\u518dwrite maps\u770b\u770b\u5427~
\n\u4e8c\u5341\u4e09\u3001\u5df2\u7ecf\u641c\u7d22\u4e0d\u5230!!!\u4e86~\u539f\u672c\u51b2\u7a81\u7684\u5730\u65b9\u5982\u4e0b\uff1a
\n80000000 – 80000000 L00000000 Start: first physical address
\n80000000 – 80001000 L00001000 RomLDR.PARTHDR
\n80001000 – 8007d5f4 L0007c5f4 o32 region_0 rva=00001000 vsize=0007c5f4 real=80001000 psize=0007c5f4 f=60000020 for nk.exe
\n8007d5f4 – 8007e000 L00000a0c NUL
\n8007e000 – 80081238 L00003238 o32 region_3 rva=0007e000 vsize=00003238 real=8007e000 psize=00003238 f=40000040 for nk.exe
\n80081238 – 80082000 L00000dc8 NUL
\n80082000 – 8008395d L0000195d o32 region_0 rva=00001000 vsize=0000195d real=80082000 psize=00001960 f=60000020 for hd.dll
\n8008395d – 80084000 L000006a3 NUL
\n80084000 – 800840a0 L000000a0 o32 region_2 rva=00003000 vsize=000000a0 real=80084000 psize=000000a0 f=40000040 for hd.dll
\n800840a0 – 80086000 L00001f60 NUL
\n80086000 – 8008f6e4 L000096e4 o32 region_0 rva=00001000 vsize=000096e4 real=80086000 psize=000096e4 f=60000020 for osaxst0.dll
\n8008f6e4 – 80090000 L0000091c NUL
\n80090000 – 800902e8 L000002e8 o32 region_2 rva=0000b000 vsize=000002e8 real=80090000 psize=000002e8 f=40000040 for osaxst0.dll
\n800902e8 – 80093000 L00002d18 NUL
\n80093000 – 8009d775 L0000a775 o32 region_0 rva=00001000 vsize=0000a775 real=80093000 psize=0000a778 f=60000020 for kd.dll
\n8009d775 – 8009e000 L0000088b NUL
\n8009e000 – 8009e398 L00000398 o32 region_2 rva=0000c000 vsize=00000398 real=8009e000 psize=00000398 f=40000040 for kd.dll
\n8009e398 – 800a0000 L00001c68 NUL
\n800a0000 – 800a2ee4 L00002ee4 o32 region_0 rva=00001000 vsize=00002ee4 real=800a0000 psize=00002ee4 f=60000020 for osaxst1.dll
\n800a2ee4 – 800a3000 L0000011c NUL
\n800a3000 – 800a3148 L00000148 o32 region_2 rva=00004000 vsize=00000148 real=800a3000 psize=00000148 f=40000040 for osaxst1.dll
\n800a3148 – 800a4000 L00000eb8 NUL
\n800a4000 – 800a696d L0000296d o32 region_0 rva=00001000 vsize=0000296d real=03ffb000 psize=00002970 f=60000020 for busenum.dll<\/p>\n

\u4e8c\u5341\u56db\u3001\u6211\u4eec\u518d\u63a5\u7740\u5904\u7406RAM\u91cc\u7684\u6a21\u5757\u5427\uff0c\u770b\u770bMAP\u6700\u540e\u7684\u5730\u5740\uff1a
\n80477114 – 8047aab9 L000039a5 filedata sysroots.p7b
\n8047aabc – 8047be8a L000013ce filedata e163825b-6e7b-b284-7373-da8c33ae39cd.dsm
\n8047be8a – 80577e8c L000fc002 NUL
\n80577e8c – 80577e8c L00000000 End: highest physical address<\/p>\n

80577e8c – 80578000 L00000174 NUL<\/p>\n

80578000 – 80578000 L00000000 Start: start of RAM
\n80578000 – 80617000 L0009f000 NUL
\n80617000 – 80617000 L00000000 —— start of RAM free space
\n80617000 – 83400000 L02de9000 NUL
\n83400000 – 83400000 L00000000 End: end of RAM<\/p>\n

\u4e8c\u5341\u4e94\u3001\u53ef\u4ee5\u770b\u5230\u5230highest physical address\u52308047be8a\u5c31\u6ca1\u6709\u6a21\u5757\u4e86\uff0c\u56e0\u6b64physlast\u7684\u5730\u5740\u5c31\u662f\u8fd9\u4e2a\u624d\u5408\u7406\uff0c\u4e0d\u8fc7\u5b98\u65b9\u4e00\u822c\u4f1a+2\u505a\u4e3aphyslast\u5730\u5740\u7684\uff0c\u56e0\u6b64\u6211\u4eec\u4e5f\u4f9d\u7167\u5b98\u65b9\uff0c\u5c06physlast\u7684\u5730\u5740\u6539\u4e3a8047be8c\u5427\uff0c\u6211\u4eec\u6253\u5f00ROMHDR.txt\uff0c\u5c06physlast\u7684\u5730\u5740\u6539\u4e3a8047be8c\uff0c\u800culRAMStart\u4e3aphyslast\u6700\u5c0f\u76841000\u500d\uff08\u5373\u5343\u4f4d\u6570\u52a01\uff0c\u540e\u9762\u4e3a0\uff09\uff0c\u6240\u4ee5ulRAMStart\u4e3a8047c000\uff0c\u6211\u4eec\u4e00\u6837\u4fee\u6539\u5427\uff0c\u4fee\u6539\u540e\u518d\u7528xipport realloc p\u3001write maps\u770b\u770b
\n\u4e8c\u5341\u516d\u3001\u73b0\u5728map.txt\u7684\u540e\u9762\u53d8\u6210\u8fd9\u6837\u4e86\uff1a
\n8047aabc – 8047be8a L000013ce filedata e163825b-6e7b-b284-7373-da8c33ae39cd.dsm
\n8047be8c – 8047be8c L00000000 End: highest physical address<\/p>\n

8047be8c – 8047c000 L00000174 NUL<\/p>\n

8047c000 – 8047c000 L00000000 Start: start of RAM
\n8047c000 – 8047d000 L00001000 NUL
\n8047d000 – 8047e000 L00001000 initialized data of region_1 osaxst1.dll
\n8047e000 – 80480000 L00002000 NUL
\n80480000 – 80486000 L00006000 uninitialized data of region_1 nk.exe
\n80486000 – 80504000 L0007e000 initialized data of region_2 nk.exe
\n80504000 – 80517000 L00013000 initialized data of region_1 kd.dll
\n80517000 – 80617000 L00100000 NUL
\n80617000 – 80617000 L00000000 —— start of RAM free space
\n80617000 – 83400000 L02de9000 NUL
\n83400000 – 83400000 L00000000 End: end of RAM<\/p>\n

\u6211\u4eec\u53ef\u4ee5\u5bf9\u6bd419971\u7684map.txt\u770b\u770b\uff1a
\n80476abc – 80477e8a L000013ce filedata e163825b-6e7b-b284-7373-da8c33ae39cd.dsm
\n80477e8c – 80477e8c L00000000 End: highest physical address<\/p>\n

80477e8c – 80478000 L00000174 NUL<\/p>\n

80478000 – 80478000 L00000000 Start: start of RAM
\n80478000 – 80479000 L00001000 initialized data of region_1 hd.dll
\n80479000 – 8047d000 L00004000 initialized data of region_1 osaxst0.dll
\n8047d000 – 8047e000 L00001000 initialized data of region_1 osaxst1.dll
\n8047e000 – 80480000 L00002000 NUL
\n80480000 – 80486000 L00006000 uninitialized data of region_1 nk.exe
\n80486000 – 80504000 L0007e000 initialized data of region_2 nk.exe
\n80504000 – 80517000 L00013000 initialized data of region_1 kd.dll
\n80517000 – 80517000 L00000000 —— start of RAM free space
\n80517000 – 83400000 L02ee9000 NUL
\n83400000 – 83400000 L00000000 End: end of RAM<\/p>\n

\u4e8c\u5341\u4e03\u3001\u53ef\u4ee5\u53d1\u73b0region_1 hd.dll\u548cregion_1 osaxst0.dll\u6d88\u5931\u4e86\uff0c\u6211\u4eec\u8981\u628a\u8fd9\u4e24\u4e2a\u52a0\u56de\u6765\u624d\u53ef\u4ee5\uff08\u4ee5\u4e0b\u7b80\u5355\u8bf4\u660e\uff0c\u5982\u679c\u4e0d\u6e05\u695a\u8bf7\u770b\u7b2c\u4e8c\u7bc7\u66ff\u6362wince.nls\u7684\u6559\u7a0b\uff09
\n\u4e8c\u5341\u516b\u3001NK\u4e4b\u95f4\u7684\u5730\u5740\u662f4000\uff0c\u800cregion_1 osaxst0.dll\u7684\u5927\u5c0f\u521a\u597d\u662f4000\uff0c\u4e3a\u4e86\u4e0d\u6d6a\u8d39\u5185\u5b58\uff0c\u6211\u4eec\u5c06region_1 osaxst0.dll\u653e\u5728NK\u7684\u524d\u9762\uff0c\u518d\u5c06region_1 hd.dll\u548cregion_1 osaxst1.dll\u653e\u5728\u540e\u9762\u5427
\n1\u3001\u8fdb\u5165osaxst0.dll\u76ee\u5f55\uff0c\u6253\u5f00imageinfo.txt\uff0c\u5c06o32[1].o32_realaddr: P+003EB000\u6539\u6210o32[1].o32_realaddr: P+0047c000\uff0c\u7136\u540e\u5c06imageinfo.bin\u91cc98\u5730\u5740\u7684\u768400b0e380\u6539\u621000c04780
\n2\u3001\u8fdb\u5165hd.dll\u76ee\u5f55\uff0c\u6253\u5f00imageinfo.txt\uff0c\u5c06o32[1].o32_realaddr: P+003BF000\u6539\u6210o32[1].o32_realaddr: P+00517000\uff0c\u7136\u540e\u5c06imageinfo.bin\u91cc98\u5730\u5740\u7684\u768400f03b80\u6539\u621000705180
\n3\u3001\u8fdb\u5165osaxst1.dll\u76ee\u5f55\uff0c\u6253\u5f00imageinfo.txt\uff0c\u5c06o32[1].o32_realaddr: R=8047D000\u6539\u6210o32[1].o32_realaddr: P+00518000\uff0c\u7136\u540e\u5c06imageinfo.bin\u91cc98\u5730\u5740\u7684\u768400d04780\u6539\u621000805180
\n\u4e8c\u5341\u4e5d\u3001\u518d\u7528xipport.exe realloc p\u3001write maps\uff0c\u770b\u770b\u6700\u540e\uff1a<\/p>\n

8047c000 – 8047c000 L00000000 Start: start of RAM
\n8047c000 – 80480000 L00004000 initialized data of region_1 osaxst0.dll
\n80480000 – 80486000 L00006000 uninitialized data of region_1 nk.exe
\n80486000 – 80504000 L0007e000 initialized data of region_2 nk.exe
\n80504000 – 80517000 L00013000 initialized data of region_1 kd.dll
\n80517000 – 80518000 L00001000 initialized data of region_1 hd.dll
\n80518000 – 80519000 L00001000 initialized data of region_1 osaxst1.dll
\n80519000 – 80617000 L000fe000 NUL
\n80617000 – 80617000 L00000000 —— start of RAM free space
\n80617000 – 83400000 L02de9000 NUL
\n83400000 – 83400000 L00000000 End: end of RAM<\/p>\n

\u4e09\u5341\u3001OK\uff0c\u90a3\u4e9bDLL\u90fd\u56de\u6765\u4e86\uff0c\u7136\u540e\u6211\u4eec\u8fd8\u8981\u6700\u540e\u4e00\u6b65\u5904\u7406\uff0c\u5c31\u662f\u4fee\u6539ulRAMFree\uff0c\u6211\u4eec\u53ef\u4ee5\u4ece\u4e0a\u9762\u770b\u5230\uff0cRAM\u533a\u6700\u540e\u523080519000\u65f6\u540e\u9762\u7684\u5730\u5740\u90fd\u662f\u7a7a\u4f59\u7684\uff0c\u56e0\u6b64ulRAMFree\u6700\u540e\u4fee\u6539\u621080519000\uff0c\u6253\u5f00romhdr.txt\uff0c\u5c06ulRAMFree:80617000\u6539\u621080519000\uff0c\u7136\u540e\u4fdd\u5b58\u9000\u51fa\uff0c\u518d\u7528xipport.exe realloc p\u3001write maps\uff0c\u770b\u770b\u6700\u540e\uff1a
\n8047c000 – 8047c000 L00000000 Start: start of RAM
\n8047c000 – 80480000 L00004000 initialized data of region_1 osaxst0.dll
\n80480000 – 80486000 L00006000 uninitialized data of region_1 nk.exe
\n80486000 – 80504000 L0007e000 initialized data of region_2 nk.exe
\n80504000 – 80517000 L00013000 initialized data of region_1 kd.dll
\n80517000 – 80518000 L00001000 initialized data of region_1 hd.dll
\n80518000 – 80519000 L00001000 initialized data of region_1 osaxst1.dll
\n80519000 – 80519000 L00000000 —— start of RAM free space
\n80519000 – 83400000 L02ee7000 NUL
\n83400000 – 83400000 L00000000 End: end of RAM<\/p>\n

\u4e09\u5341\u4e00\u3001OK~~~\u5df2\u7ecf\u5b8c\u7f8e\u4e86~~~~
\n\u4e09\u5341\u4e8c\u3001\u6709\u4e9b\u6559\u7a0b\u5199\u7740\u8fd8\u8981\u4fee\u6539NK\u91ccs000\u7684rom_00\uff0c\u8fd9\u4e2a\u4e8b\u5b9e\u53ea\u662f\u8de8\u7248\u672c\u79fb\u690d\u624d\u9700\u8981\u4fee\u6539\u7684\uff0c\u59826.0\u79fb\u690d6.1\u7684\uff0c\u8fd9\u91cc\u6211\u4eec\u5c31\u4e0d\u4fee\u6539\u4e86\u3002
\n\u4e09\u5341\u4e09\u3001\u70b9\u51fbbuild xip_out.bin\u5427\uff0c\u7136\u540e\u5bfc\u5165XIP\u5237\u673a\u9a8c\u8bc1\u4e00\u4e0b\u5427~\u672c\u6559\u7a0b\u5230\u65f6\u7ed3\u675f\uff0c\u8c22\u8c22~
\n\u4e09\u5341\u56db\u3001\u5176\u5b9e\u4e5f\u53ef\u4ee5\u4f7f\u7528XIPAddrTools.exe\u6765\u4fee\u6539\uff0c\u4e0d\u8fc7\u6211\u8bd5\u8fc7\u7528\u8fd9\u4e2a\u8f6f\u4ef6\u4fee\u6539\u540eddi.dll\u91cc\u6709\u4e9b\u5730\u5740\u4f1a\u88ab\u6539\u4e71\uff0c\u5728\u91cc\u9762\u663e\u793a\u662ffffffffff\u6765\u7684\u2026\u2026\uff08\u8c22\u8c22\u706b\u5c71\u53e3\u63d0\u9192\uff09\u56e0\u6b64\u8fd9\u91cc\u5c31\u4e0d\u7528\u8fd9\u4e2a\u8f6f\u4ef6\u4e86<\/p>\n

\u603b\u7ed3\u51e0\u70b9\u5427\uff1a
\n1\u3001\u79fb\u690dXIP\u53ea\u9700\u5c06\u8981\u79fb\u690d\u7684XIP\u91cc\u7684MSXIP\u5f00\u5934\u7684\u76ee\u5f55\u590d\u5236\u5230\u539fXIP\u76f8\u5e94\u7684\u76ee\u5f55
\n2\u3001End: last DLL address\u540e\u9762\u7684\u6a21\u5757\u5730\u5740\u8c03\u6574\u8981\u7528mreloc.exe\u4fee\u6539\u53ca\u4fee\u6539\u76f8\u5e94\u7684imageinfo.txt\uff08\u6b7b\u4e86\u51e0\u5341\u6b21\u7684\u7ecf\u9a8c\uff0c\u5475\u5475\uff09
\n3\u3001Start: first physical address\u540e\u9762\u7684\u6a21\u5757\u53ea\u9700\u4fee\u6539imageinfo.txt\u548cimageinfo.bin\uff08\u4e8b\u5b9e\u4e0a\u6211\u8bd5\u8fc7imageinfo.bin\u4e0d\u4fee\u6539\u4e5f\u80fd\u6210\u529f\uff09
\n4\u3001RAM\u533a\u6709\u65f6\u4f1a\u6324\u6389\u4e00\u4e9bDLL\uff0c\u8981\u6309\u539fMAP\u52a0\u56de\u6765\uff08\u4fee\u6539imageinfo.txt\u548cimageinfo.bin\uff09
\n5\u3001\u4e0a\u6b21\u66ff\u6362WINCE\u7684\u6559\u7a0b\u5df2\u7ecf\u8bf4\u8fc7\u4e86\uff0culRAMStart\u4e3aphyslast\u7684\u6700\u5c0f1000\u500d\uff08\u5373physlast\u7684\u5343\u4f4d\u52a01\uff0c\u540e\u9762\u4e3a0\uff09\uff0cNK\u7684\u5730\u5740\u4e3aulRAMStart\u7684\u6700\u5c0f10000\u500d\uff08\u5373\u4e07\u4f4d\u52a01\uff0c\u540e\u9762\u4e3a0\uff09\u3002NK\u8981\u7528M’Reloc_nk.exe\u518d\u4fee\u6539imageinfo.txt\u3002\uff08\u4e8b\u5b9e\u4e0aNK\u5f88\u7279\u6b8a\u7684\uff0c\u6709\u4e9bXIP\u7684NK\u4e0d\u6309\u8fd9\u79cd\u89c4\u5f8b\uff0c\u6709\u4e9bXIP\u751a\u81f3\u6839\u672c\u4e0d\u80fd\u79fb\u52a8\u5730\u5740\uff0c\u5426\u5219\u80af\u5b9a\u6b7b\u6389\u2026\u2026\uff09<\/p>\n

\u6700\u540e\u611f\u8c22\u8001\u9ea6\u3001fjzhang\u3001\u7f51\u7edc\u4e0a\u7684\u5404\u79cd\u6559\u7a0b~\u6709\u7a7a\u518d\u5199\u5199\u7528XIPAddrTools.exe\u79fb\u690d\u7684\u65b9\u6cd5\u5427\uff08\u4e8b\u5b9e\u8fd9\u4e2a\u8f6f\u4ef6\u662f\u50bb\u74dc\u8f6f\u4ef6\uff0c\u6240\u4ee5\u5f88\u5927\u53ef\u80fd\u6211\u4e0d\u4f1a\u5199\u7684\uff0c\u5475\u5475\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"

\u524d\u8a00\uff1a\u672c\u6765\u4e0a\u4e00\u7bc7\u6559\u7a0b\u662f\u6700\u540e\u4e00\u7bc7\u7684\u4e86\uff0c\u4e0d\u8fc7\u8003\u8651\u5230\u66ff\u6362wince.nls\u65f6\u6ca1\u6709\u51b2\u7a81\u5730\u5740\uff0c\u8fd9\u6837\u4e0e\u5b9e\u9645\u7684XIP\u79fb\u690d\u8fd8\u6709 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0},"categories":[16],"tags":[22,19,20],"_links":{"self":[{"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=\/wp\/v2\/posts\/67"}],"collection":[{"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=67"}],"version-history":[{"count":2,"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=\/wp\/v2\/posts\/67\/revisions"}],"predecessor-version":[{"id":148,"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=\/wp\/v2\/posts\/67\/revisions\/148"}],"wp:attachment":[{"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.pcgpcg.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}