diff --git a/examples/mcu/stm32f407_ai_sine_display.py b/examples/mcu/stm32f407_gpio_hook.py similarity index 100% rename from examples/mcu/stm32f407_ai_sine_display.py rename to examples/mcu/stm32f407_gpio_hook.py diff --git a/examples/mcu/stm32f407_mnist_oled.py b/examples/mcu/stm32f407_mnist_oled.py new file mode 100644 index 000000000..365a0005c --- /dev/null +++ b/examples/mcu/stm32f407_mnist_oled.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python3 +# +# Cross Platform and Multi Architecture Advanced Binary Emulation Framework +# + +import sys +sys.path.append("../..") + +from qiling.core import Qiling +from qiling.const import QL_VERBOSE +from qiling.extensions.mcu.stm32f4 import stm32f407 +from qiling.hw.external_device.oled.ssd1306 import PyGameSSD1306Spi + + +ql = Qiling(["../rootfs/mcu/stm32f407/mnist.bin", 0x8000000], + archtype="cortex_m", env=stm32f407, verbose=QL_VERBOSE.DEFAULT) + +ql.hw.create('rcc') +ql.hw.create('gpiod') +ql.hw.create('spi1') +ql.hw.create('crc') + +oled = PyGameSSD1306Spi(dc=(ql.hw.gpiod, 5)) +ql.hw.spi1.connect(oled) + +ql.hw.systick.ratio = 1000 + +## a temporary method +def hook_smlabb(ql): + ql.reg.r3 = ql.reg.r2 + ql.reg.r1 * ql.reg.r3 + ql.reg.pc = (ql.reg.pc + 4) | 1 + +ql.hook_address(hook_smlabb, 0x8007a12) +ql.hook_address(hook_smlabb, 0x8007b60) + +ql.run() diff --git a/examples/rootfs b/examples/rootfs index 7963756c7..3a1e3352c 160000 --- a/examples/rootfs +++ b/examples/rootfs @@ -1 +1 @@ -Subproject commit 7963756c754fc90dc76a5742ff71631391259aa8 +Subproject commit 3a1e3352cfa20dfecbd452b5bcdd210408bf2765 diff --git a/qiling/arch/cortex_m.py b/qiling/arch/cortex_m.py index d83a43626..d1b4c0bcd 100644 --- a/qiling/arch/cortex_m.py +++ b/qiling/arch/cortex_m.py @@ -85,6 +85,7 @@ def step(self): self.ql.hw.step() def stop(self): + self.ql.emu_stop() self.runable = False def run(self, count=-1, end=None): @@ -112,13 +113,34 @@ def init_context(self): self.ql.reg.write('pc' , self.ql.mem.read_ptr(0x4)) def soft_interrupt_handler(self, ql, intno): - if intno == EXCP.SWI: - ql.hw.nvic.set_pending(IRQ.SVCALL) - - elif intno == EXCP.EXCEPTION_EXIT: - ql.emu_stop() - - else: + forward_mapper = { + EXCP.UDEF : IRQ.HARD_FAULT, # undefined instruction + EXCP.SWI : IRQ.SVCALL, # software interrupt + EXCP.PREFETCH_ABORT : IRQ.HARD_FAULT, + EXCP.DATA_ABORT : IRQ.HARD_FAULT, + EXCP.EXCEPTION_EXIT : IRQ.NOTHING, + # EXCP.KERNEL_TRAP : IRQ.NOTHING, + # EXCP.HVC : IRQ.NOTHING, + # EXCP.HYP_TRAP : IRQ.NOTHING, + # EXCP.SMC : IRQ.NOTHING, + # EXCP.VIRQ : IRQ.NOTHING, + # EXCP.VFIQ : IRQ.NOTHING, + # EXCP.SEMIHOST : IRQ.NOTHING, + EXCP.NOCP : IRQ.USAGE_FAULT, # v7M NOCP UsageFault + EXCP.INVSTATE : IRQ.USAGE_FAULT, # v7M INVSTATE UsageFault + EXCP.STKOF : IRQ.USAGE_FAULT, # v8M STKOF UsageFault + # EXCP.LAZYFP : IRQ.NOTHING, + # EXCP.LSERR : IRQ.NOTHING, + EXCP.UNALIGNED : IRQ.USAGE_FAULT, # v7M UNALIGNED UsageFault + } + + ql.emu_stop() + + try: + handle = forward_mapper.get(intno) + if handle != IRQ.NOTHING: + ql.hw.nvic.set_pending(handle) + except IndexError: raise QlErrorNotImplemented(f'Unhandled interrupt number ({intno})') def hard_interrupt_handler(self, ql, intno): diff --git a/qiling/arch/cortex_m_const.py b/qiling/arch/cortex_m_const.py index e5ec6a5be..cae4f4393 100644 --- a/qiling/arch/cortex_m_const.py +++ b/qiling/arch/cortex_m_const.py @@ -48,6 +48,7 @@ class IRQ(IntEnum): SVCALL = -5 PENDSV = -2 SYSTICK = -1 + NOTHING = 0 class CONTROL(IntEnum): FPCA = 0b100 @@ -55,11 +56,29 @@ class CONTROL(IntEnum): PRIV = 0b001 class EXC_RETURN(IntEnum): - MASK = 0xfffffff0 + MASK = 0xfffffff0 RETURN_SP = 0b0100 RETURN_MODE = 0b1000 class EXCP(IntEnum): - SWI = 2 # software interrupt - EXCEPTION_EXIT = 8 # Return from v7M exception - \ No newline at end of file + UDEF = 1 # undefined instruction + SWI = 2 # software interrupt + PREFETCH_ABORT = 3 + DATA_ABORT = 4 + IRQ = 5 + FIQ = 6 + BKPT = 7 + EXCEPTION_EXIT = 8 # Return from v7M exception. + KERNEL_TRAP = 9 # Jumped to kernel code page. + HVC = 11 # HyperVisor Call + HYP_TRAP = 12 + SMC = 13 # Secure Monitor Call + VIRQ = 14 + VFIQ = 15 + SEMIHOST = 16 # semihosting call + NOCP = 17 # v7M NOCP UsageFault + INVSTATE = 18 # v7M INVSTATE UsageFault + STKOF = 19 # v8M STKOF UsageFault + LAZYFP = 20 # v7M fault during lazy FP stacking + LSERR = 21 # v8M LSERR SecureFault + UNALIGNED = 22 # v7M UNALIGNED UsageFault diff --git a/qiling/extensions/mcu/bes/__init__.py b/qiling/extensions/mcu/bes/__init__.py new file mode 100644 index 000000000..5a4ae94da --- /dev/null +++ b/qiling/extensions/mcu/bes/__init__.py @@ -0,0 +1,6 @@ +#!/usr/bin/env python3 +# +# Cross Platform and Multi Architecture Advanced Binary Emulation Framework +# + +from .bes2300 import bes2300 diff --git a/qiling/extensions/mcu/bes/bes2300.py b/qiling/extensions/mcu/bes/bes2300.py new file mode 100644 index 000000000..55c7ee683 --- /dev/null +++ b/qiling/extensions/mcu/bes/bes2300.py @@ -0,0 +1,127 @@ +#!/usr/bin/env python3 +# +# Cross Platform and Multi Architecture Advanced Binary Emulation Framework +# + +bes2300 = { + "ROM": { + "base":0x0, + "size":0xc000, + "type": "memory" + }, + "RAM": { + "base":0x200a0000, + "size":0x20000, + "type": "memory" + }, + "FLASH": { + "base": 0x3C000000, + "size": 0x100000, + "type": "memory" + }, + "CMU": { + "struct": "BES2300Cmu", + "base":0x40000000, + "type": "peripheral" + }, + "I2C0": { + "struct": "BES2300I2c", + "base":0x40005000, + "type": "peripheral" + }, + "I2C1": { + "struct": "BES2300I2c", + "base":0x40006000, + "type": "peripheral" + }, + "SPI": { + "struct": "BES2300Spi", + "base":0x40007000, + "type": "peripheral" + }, + "SPILCD": { + "struct": "BES2300Spi", + "base":0x40008000, + "type": "peripheral" + }, + "SPIPHY": { + "struct": "BES2300Spi", + "base":0x4000a000, + "type": "peripheral" + }, + "UART0": { + "struct": "BES2300Uart", + "base":0x4000b000, + "type": "peripheral" + }, + "UART1": { + "struct": "BES2300Uart", + "base":0x4000c000, + "type": "peripheral" + }, + "UART2": { + "struct": "BES2300Uart", + "base":0x4000d000, + "type": "peripheral" + }, + "BTPCM": { + "struct": "BES2300Btpcm", + "base":0x4000e000, + "type": "peripheral" + }, + "I2S0": { + "struct": "BES2300I2s", + "base":0x4000f000, + "type": "peripheral" + }, + "SPDIF0": { + "struct": "BES2300Spdif", + "base":0x40010000, + "type": "peripheral" + }, + "SDMMC": { + "struct": "BES2300Sdmmc", + "base":0x40110000, + "type": "peripheral" + }, + "I2C_SLAVE": { + "struct": "BES2300I2c", + "base":0x40160000, + "type": "peripheral" + }, + "USB": { + "struct": "BES2300Usb", + "base":0x40180000, + "type": "peripheral" + }, + "CODEC": { + "struct": "BES2300Codec", + "base":0x40300000, + "type": "peripheral" + }, + "IOMUX": { + "struct": "BES2300Iomux", + "base":0x40086000, + "type": "peripheral" + }, + "GPIO": { + "struct": "BES2300Gpio", + "base":0x40081000, + "type": "peripheral" + }, + "PWM": { + "struct": "BES2300Pwm", + "base":0x40083000, + "type": "peripheral" + }, + "TIMER0": { + "struct": "BES2300Timer", + "base":0x40002000, + "type": "peripheral" + }, + "TIMER1": { + "struct": "BES2300Timer", + "base":0x40003000, + "type": "peripheral" + } +} \ No newline at end of file diff --git a/qiling/extensions/mcu/stm32f4/stm32f401.py b/qiling/extensions/mcu/stm32f4/stm32f401.py index e591f7eef..ad6c63def 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f401.py +++ b/qiling/extensions/mcu/stm32f4/stm32f401.py @@ -57,8 +57,20 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x10000, + "alias": 0x0, + "type": "remap" + }, + "CODE": { + "base": 0x08000000, + "size": 0x80000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x80000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f405.py b/qiling/extensions/mcu/stm32f4/stm32f405.py index 1f3d8b4ff..880feaa0a 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f405.py +++ b/qiling/extensions/mcu/stm32f4/stm32f405.py @@ -94,8 +94,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x100000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x100000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f407.py b/qiling/extensions/mcu/stm32f4/stm32f407.py index a83531fb2..1f08ee1c3 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f407.py +++ b/qiling/extensions/mcu/stm32f4/stm32f407.py @@ -111,8 +111,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x100000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x100000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f410.py b/qiling/extensions/mcu/stm32f4/stm32f410.py index c3a78c48a..fe5ecc9fa 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f410.py +++ b/qiling/extensions/mcu/stm32f4/stm32f410.py @@ -62,8 +62,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x20000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x20000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f411.py b/qiling/extensions/mcu/stm32f4/stm32f411.py index e5f535a1a..830a64415 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f411.py +++ b/qiling/extensions/mcu/stm32f4/stm32f411.py @@ -57,8 +57,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x80000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x80000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f412.py b/qiling/extensions/mcu/stm32f4/stm32f412.py index 626908bad..e45ff23a1 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f412.py +++ b/qiling/extensions/mcu/stm32f4/stm32f412.py @@ -79,8 +79,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x100000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x100000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f413.py b/qiling/extensions/mcu/stm32f4/stm32f413.py index 1c0920919..641685a6c 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f413.py +++ b/qiling/extensions/mcu/stm32f4/stm32f413.py @@ -95,8 +95,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x180000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x180000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f415.py b/qiling/extensions/mcu/stm32f4/stm32f415.py index f068c1ee7..18922b4af 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f415.py +++ b/qiling/extensions/mcu/stm32f4/stm32f415.py @@ -102,8 +102,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x100000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x100000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f417.py b/qiling/extensions/mcu/stm32f4/stm32f417.py index 9803f2a77..8111285af 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f417.py +++ b/qiling/extensions/mcu/stm32f4/stm32f417.py @@ -119,8 +119,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x100000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x100000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f423.py b/qiling/extensions/mcu/stm32f4/stm32f423.py index 6cbd1f8c1..e4ef4bb89 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f423.py +++ b/qiling/extensions/mcu/stm32f4/stm32f423.py @@ -103,8 +103,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x180000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x180000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f427.py b/qiling/extensions/mcu/stm32f4/stm32f427.py index 0cbc30e21..f16a87007 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f427.py +++ b/qiling/extensions/mcu/stm32f4/stm32f427.py @@ -119,8 +119,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x200000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x200000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f429.py b/qiling/extensions/mcu/stm32f4/stm32f429.py index 966683fa3..2fe71f815 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f429.py +++ b/qiling/extensions/mcu/stm32f4/stm32f429.py @@ -119,8 +119,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x200000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x200000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f437.py b/qiling/extensions/mcu/stm32f4/stm32f437.py index c0d46148c..98500a2ee 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f437.py +++ b/qiling/extensions/mcu/stm32f4/stm32f437.py @@ -127,8 +127,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x200000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x200000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f439.py b/qiling/extensions/mcu/stm32f4/stm32f439.py index de768a513..64da47b10 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f439.py +++ b/qiling/extensions/mcu/stm32f4/stm32f439.py @@ -127,8 +127,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x200000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x200000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f446.py b/qiling/extensions/mcu/stm32f4/stm32f446.py index d5a9395f9..cc8f6b086 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f446.py +++ b/qiling/extensions/mcu/stm32f4/stm32f446.py @@ -110,8 +110,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x80000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x80000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f469.py b/qiling/extensions/mcu/stm32f4/stm32f469.py index 57668d948..a96643678 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f469.py +++ b/qiling/extensions/mcu/stm32f4/stm32f469.py @@ -127,8 +127,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x200000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x200000, "type": "memory" }, diff --git a/qiling/extensions/mcu/stm32f4/stm32f479.py b/qiling/extensions/mcu/stm32f4/stm32f479.py index f0bc9e291..9a605bf3c 100644 --- a/qiling/extensions/mcu/stm32f4/stm32f479.py +++ b/qiling/extensions/mcu/stm32f4/stm32f479.py @@ -135,8 +135,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x200000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x200000, "type": "memory" }, diff --git a/qiling/hw/__init__.py b/qiling/hw/__init__.py index 876f8e04b..0ab9cef33 100644 --- a/qiling/hw/__init__.py +++ b/qiling/hw/__init__.py @@ -11,5 +11,6 @@ from .math import * from .misc import * from .power import * +from .sd import * from .spi import * from .timer import * \ No newline at end of file diff --git a/qiling/hw/peripheral.py b/qiling/hw/peripheral.py index 9a605eb9f..b437f229d 100644 --- a/qiling/hw/peripheral.py +++ b/qiling/hw/peripheral.py @@ -18,7 +18,7 @@ def decorator(func): def read(self, offset: int, size: int) -> int: retval = func(self, offset, size) if self.verbose: - self.ql.log.info(f'[{self.label.upper()}] [R] {self.find_field(offset, size):{width}s} = {hex(retval)}') + self.ql.log.info(f'[{self.label.upper()}] [{hex(self.ql.reg.pc)}] [R] {self.find_field(offset, size):{width}s} = {hex(retval)}') return retval @@ -28,7 +28,7 @@ def write(self, offset: int, size: int, value: int): if field.startswith('DR') and value <= 255: extra = f'({repr(chr(value))})' - self.ql.log.info(f'[{self.label.upper()}] [W] {field:{width}s} = {hex(value)} {extra}') + self.ql.log.info(f'[{self.label.upper()}] [{hex(self.ql.reg.pc)}] [W] {field:{width}s} = {hex(value)} {extra}') return func(self, offset, size, value) diff --git a/qiling/hw/sd/__init__.py b/qiling/hw/sd/__init__.py new file mode 100644 index 000000000..ced2ff4b0 --- /dev/null +++ b/qiling/hw/sd/__init__.py @@ -0,0 +1,6 @@ +#!/usr/bin/env python3 +# +# Cross Platform and Multi Architecture Advanced Binary Emulation Framework +# + +from .stm32f4xx_sdio import STM32F4xxSdio \ No newline at end of file diff --git a/qiling/hw/sd/stm32f4xx_sdio.py b/qiling/hw/sd/stm32f4xx_sdio.py new file mode 100644 index 000000000..26897075a --- /dev/null +++ b/qiling/hw/sd/stm32f4xx_sdio.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python3 +# +# Cross Platform and Multi Architecture Advanced Binary Emulation Framework +# + +import ctypes + +from qiling.core import Qiling +from qiling.hw.peripheral import QlPeripheral + + +class STM32F4xxSdio(QlPeripheral): + class Type(ctypes.Structure): + """ the structure available in : + stm32f401xc + stm32f401xe + stm32f405xx + stm32f407xx + stm32f411xe + stm32f412cx + stm32f412rx + stm32f412vx + stm32f412zx + stm32f413xx + stm32f415xx + stm32f417xx + stm32f423xx + stm32f427xx + stm32f429xx + stm32f437xx + stm32f439xx + stm32f446xx + stm32f469xx + stm32f479xx + """ + + _fields_ = [ + ("POWER" , ctypes.c_uint32), #SDIO power control register, Address offset: 0x00 + ("CLKCR" , ctypes.c_uint32), #SDI clock control register, Address offset: 0x04 + ("ARG" , ctypes.c_uint32), #SDIO argument register, Address offset: 0x08 + ("CMD" , ctypes.c_uint32), #SDIO command register, Address offset: 0x0C + ("RESPCMD" , ctypes.c_uint32), #SDIO command response register, Address offset: 0x10 + ("RESP1" , ctypes.c_uint32), #SDIO response 1 register, Address offset: 0x14 + ("RESP2" , ctypes.c_uint32), #SDIO response 2 register, Address offset: 0x18 + ("RESP3" , ctypes.c_uint32), #SDIO response 3 register, Address offset: 0x1C + ("RESP4" , ctypes.c_uint32), #SDIO response 4 register, Address offset: 0x20 + ("DTIMER" , ctypes.c_uint32), #SDIO data timer register, Address offset: 0x24 + ("DLEN" , ctypes.c_uint32), #SDIO data length register, Address offset: 0x28 + ("DCTRL" , ctypes.c_uint32), #SDIO data control register, Address offset: 0x2C + ("DCOUNT" , ctypes.c_uint32), #SDIO data counter register, Address offset: 0x30 + ("STA" , ctypes.c_uint32), #SDIO status register, Address offset: 0x34 + ("ICR" , ctypes.c_uint32), #SDIO interrupt clear register, Address offset: 0x38 + ("MASK" , ctypes.c_uint32), #SDIO mask register, Address offset: 0x3C + ("RESERVED0", ctypes.c_uint32 * 2), #Reserved, 0x40-0x44 + ("FIFOCNT" , ctypes.c_uint32), #SDIO FIFO counter register, Address offset: 0x48 + ("RESERVED1", ctypes.c_uint32 * 13), #Reserved, 0x4C-0x7C + ("FIFO" , ctypes.c_uint32), #SDIO data FIFO register, Address offset: 0x80 + ] + + def __init__(self, ql: Qiling, label: str, intn: int = None): + super().__init__(ql, label) + + self.intn = intn + self.sdio = self.struct() + + @QlPeripheral.monitor() + def read(self, offset: int, size: int) -> int: + buf = ctypes.create_string_buffer(size) + ctypes.memmove(buf, ctypes.addressof(self.sdio) + offset, size) + return int.from_bytes(buf.raw, byteorder='little') + + @QlPeripheral.monitor() + def write(self, offset: int, size: int, value: int): + data = (value).to_bytes(size, 'little') + ctypes.memmove(ctypes.addressof(self.sdio) + offset, data, size) diff --git a/qiling/loader/mcu.py b/qiling/loader/mcu.py index b669504b5..4cd4b5c7e 100644 --- a/qiling/loader/mcu.py +++ b/qiling/loader/mcu.py @@ -119,9 +119,12 @@ def load_env(self): size = args['size'] base = args['base'] self.ql.mem.map(base, size, info=f'[{name}]') - - if name == 'FLASH': - self.ql.hw.setup_remap(0, base, size, info=f'[CODE]') + + if memtype == 'remap': + size = args['size'] + base = args['base'] + alias = args['alias'] + self.ql.hw.setup_remap(alias, base, size, info=f'[{name}]') if memtype == 'bitband': size = args['size'] * 32 diff --git a/tests/profiles/stm32f411.yml b/tests/profiles/stm32f411.yml index 10a303a44..96efeee15 100644 --- a/tests/profiles/stm32f411.yml +++ b/tests/profiles/stm32f411.yml @@ -52,8 +52,14 @@ "struct": "STM32F4xxExti", "type": "peripheral" }, + "CODE": { + "base": 0x08000000, + "size": 0x10000, + "alias": 0x0, + "type": "remap" + }, "FLASH": { - "base": 0x8000000, + "base": 0x08000000, "size": 0x80000, "type": "memory" },