virtd为编译后产生的中间文件,可使用ELF格式逆向
1、ELF文件内容解析
readelf: 可解析ELF文件的所有内容;
strings: 查看ELF文件中的字符串;
file : 查看ELF文件的信息;
nm : 查看ELF文件中的符号信息;
ldd : 查看ELF文件所依赖的库文件;
2、objdump
用于对ELF文件进行反汇编;
objdump -d ;反汇编部分可执行的二进制代码;
objdump -D ;反汇编全部的可执行的二进制代码;
objdump -S ;尽量把可执行的二进制代码反汇编成源码;
3、hexdump
以十六进制格式查看ELF格式的二进制可执行文件的内容;
hexdump -C elf_file_name
readelf -a virtd
查看文件信息
ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: REL (Relocatable file) Machine: ARM Version: 0x1 Entry point address: 0x0 Start of program headers: 0 (bytes into file) Start of section headers: 7532 (bytes into file) Flags: 0x5000000, Version5 EABI Size of this header: 52 (bytes) Size of program headers: 0 (bytes) Number of program headers: 0 Size of section headers: 40 (bytes) Number of section headers: 32 Section header string table index: 29 Section Headers: [Nr] Name Type Addr Off Size ES Flg Lk Inf Al [ 0] NULL 00000000 000000 000000 00 0 0 0 [ 1] .text PROGBITS 00000000 000034 001728 00 AX 0 0 4 [ 2] .rel.text REL 00000000 00226c 000490 08 30 1 4 [ 3] .init.text PROGBITS 00000000 00175c 000090 00 AX 0 0 4 [ 4] .rel.init.text REL 00000000 0026fc 000060 08 30 3 4 [ 5] .exit.text PROGBITS 00000000 0017ec 00000c 00 AX 0 0 4 [ 6] .rel.exit.text REL 00000000 00275c 000010 08 30 5 4 [ 7] .rodata PROGBITS 00000000 0017f8 000090 00 A 0 0 4 [ 8] .rel.rodata REL 00000000 00276c 000030 08 30 7 4 [ 9] .rodata.str1.1 PROGBITS 00000000 001888 000158 01 AMS 0 0 1 [10] .ARM.extab.init.t PROGBITS 00000000 0019e0 000000 00 A 0 0 1 [11] .ARM.exidx.init.t ARM_EXIDX 00000000 0019e0 000008 00 AL 3 0 4 [12] .rel.ARM.exidx.in REL 00000000 00279c 000010 08 30 11 4 [13] .ARM.extab.exit.t PROGBITS 00000000 0019e8 000000 00 A 0 0 1 [14] .ARM.exidx.exit.t ARM_EXIDX 00000000 0019e8 000008 00 AL 5 0 4 [15] .rel.ARM.exidx.ex REL 00000000 0027ac 000010 08 30 14 4 [16] .ARM.extab PROGBITS 00000000 0019f0 00000c 00 A 0 0 4 [17] .ARM.exidx ARM_EXIDX 00000000 0019fc 000130 00 AL 1 0 4 [18] .rel.ARM.exidx REL 00000000 0027bc 000158 08 30 17 4 [19] .data PROGBITS 00000000 001b2c 000048 00 WA 0 0 4 [20] .rel.data REL 00000000 002914 000028 08 30 19 4 [21] .exitcall.exit PROGBITS 00000000 001b74 000004 00 WA 0 0 4 [22] .rel.exitcall.exi REL 00000000 00293c 000008 08 30 21 4 [23] .initcall7s.init PROGBITS 00000000 001b78 000004 00 WA 0 0 4 [24] .rel.initcall7s.i REL 00000000 002944 000008 08 30 23 4 [25] .bss NOBITS 00000000 001b7c 000024 00 WA 0 0 4 [26] .note.GNU-stack PROGBITS 00000000 001b7c 000000 00 0 0 1 [27] .comment PROGBITS 00000000 001b7c 00008d 01 MS 0 0 1 [28] .ARM.attributes ARM_ATTRIBUTES 00000000 001c09 00002f 00 0 0 1 [29] .shstrtab STRTAB 00000000 001c38 000134 00 0 0 1 [30] .symtab SYMTAB 00000000 00294c 000b80 10 31 115 4 [31] .strtab STRTAB 00000000 0034cc 0005fc 00 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings) I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown) O (extra OS processing required) o (OS specific), p (processor specific) There are no section groups in this file. There are no program headers in this file. Relocation section '.rel.text' at offset 0x226c contains 146 entries: Offset Info Type Sym.Value Sym. Name 00000078 00000102 R_ARM_ABS32 00000000 .text 0000007c 00000102 R_ARM_ABS32 00000000 .text 00000080 00000102 R_ARM_ABS32 00000000 .text 00000084 00000102 R_ARM_ABS32 00000000 .text 00000088 00000102 R_ARM_ABS32 00000000 .text 00000114 00009e1c R_ARM_CALL 00000000 memset 00000134 00009e1c R_ARM_CALL 00000000 memset 0000014c 00009e1c R_ARM_CALL 00000000 memset 00000164 00009e1c R_ARM_CALL 00000000 memset 000001a4 0000871c R_ARM_CALL 00000000 sg_init_one 000001c4 0000981c R_ARM_CALL 00000000 mmc_set_data_timeout 000001d0 0000a31c R_ARM_CALL 00000000 mmc_wait_for_req 000001ec 00009c1c R_ARM_CALL 00000000 dev_err 00000210 00009c1c R_ARM_CALL 00000000 dev_err 00000228 00007a1c R_ARM_CALL 00000000 ioctl_rpmb_card_status 00000248 00009c1c R_ARM_CALL 00000000 dev_err 00000258 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 0000025c 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00000260 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00000290 0000961c R_ARM_CALL 00000000 warn_slowpath_null 000002d0 0000801c R_ARM_CALL 00000000 mmc_get_card 000002dc 0000a91c R_ARM_CALL 00000000 mmc_blk_part_switch 000002fc 00009c1c R_ARM_CALL 00000000 dev_err 0000030c 0000991c R_ARM_CALL 00000000 mmc_blk_reset 00000320 0000b41c R_ARM_CALL 00000000 mmc_blk_reset_success 00000338 00009c1c R_ARM_CALL 00000000 dev_err 000003a8 00009c1c R_ARM_CALL 00000000 dev_err 000003b0 0000771c R_ARM_CALL 00000000 dev_get_drvdata 000003bc 0000a91c R_ARM_CALL 00000000 mmc_blk_part_switch 000003c4 0000ab1c R_ARM_CALL 00000000 mmc_put_card 000003e0 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 000003e4 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 000003e8 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 000003ec 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00000400 0000ae1c R_ARM_CALL 00000000 mmc_blk_get 00000434 0000931c R_ARM_CALL 00000000 mmc_blk_put 00000484 0000771c R_ARM_CALL 00000000 dev_get_drvdata 000004a4 00008a1c R_ARM_CALL 00000000 kmem_cache_alloc_trace 000004bc 00009b1c R_ARM_CALL 00000000 __mutex_init 000004dc 0000b702 R_ARM_ABS32 00000000 kmalloc_caches 000004e0 00000f02 R_ARM_ABS32 00000000 .bss 000004e4 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 000004e8 00000c02 R_ARM_ABS32 00000000 .data 000005c4 00008f02 R_ARM_ABS32 00000000 arm_delay_ops 000005cc 00000f02 R_ARM_ABS32 00000000 .bss 000006c4 00008f02 R_ARM_ABS32 00000000 arm_delay_ops 00000714 0000901c R_ARM_CALL 000005e8 rk312x_efuse_readregs_ 00000758 0000941c R_ARM_CALL 00000000 crc32_le 00000768 0000941c R_ARM_CALL 00000000 crc32_le 00000784 00008e02 R_ARM_ABS32 00000000 rockchip_soc_id 00000790 00000f02 R_ARM_ABS32 00000000 .bss 00000794 00000f02 R_ARM_ABS32 00000000 .bss 000007b4 0000821c R_ARM_CALL 000006d0 system_efuse_serial 000007dc 00008c02 R_ARM_ABS32 00000000 system_serial_low 000007e0 0000a802 R_ARM_ABS32 00000000 system_serial_high 000007e8 00007b1d R_ARM_JUMP24 00000000 complete 000007ec 00000c02 R_ARM_ABS32 00000000 .data 000007f4 0000a21d R_ARM_JUMP24 00000000 wait_for_completion 000007f8 00000c02 R_ARM_ABS32 00000000 .data 0000080c 0000771c R_ARM_CALL 00000000 dev_get_drvdata 00000834 00008a1c R_ARM_CALL 00000000 kmem_cache_alloc_trace 0000084c 0000831c R_ARM_CALL 00000000 memcpy 00000894 0000861d R_ARM_JUMP24 000007e4 drm_dev_complete 00000898 0000b702 R_ARM_ABS32 00000000 kmalloc_caches 0000089c 00000c02 R_ARM_ABS32 00000000 .data 000008b0 0000851c R_ARM_CALL 00000000 kfree 000008c0 0000851c R_ARM_CALL 00000000 kfree 000008cc 00000f02 R_ARM_ABS32 00000000 .bss 000008d0 00000c02 R_ARM_ABS32 00000000 .data 000008e0 00000f02 R_ARM_ABS32 00000000 .bss 00000954 0000951c R_ARM_CALL 00000000 mutex_lock 0000097c 0000a71c R_ARM_CALL 000008e4 drm_cmd_fixup 000009a8 0000aa1c R_ARM_CALL 00000000 mutex_unlock 00000a18 00000102 R_ARM_ABS32 00000000 .text 00000a1c 00000102 R_ARM_ABS32 00000000 .text 00000a20 00000102 R_ARM_ABS32 00000000 .text 00000a24 00000102 R_ARM_ABS32 00000000 .text 00000a50 0000a01c R_ARM_CALL 00000000 __memzero 00000ac0 0000951c R_ARM_CALL 00000000 mutex_lock 00000ad0 0000a71c R_ARM_CALL 000008e4 drm_cmd_fixup 00000af4 0000aa1c R_ARM_CALL 00000000 mutex_unlock 00000bf8 0000951c R_ARM_CALL 00000000 mutex_lock 00000c08 0000a71c R_ARM_CALL 000008e4 drm_cmd_fixup 00000c2c 0000aa1c R_ARM_CALL 00000000 mutex_unlock 00000c4c 0000951c R_ARM_CALL 00000000 mutex_lock 00000c60 0000831c R_ARM_CALL 00000000 memcpy 00000c6c 0000aa1d R_ARM_JUMP24 00000000 mutex_unlock 00000ca4 0000831c R_ARM_CALL 00000000 memcpy 00000cb4 00008a1c R_ARM_CALL 00000000 kmem_cache_alloc_trace 00000cc8 00008a1c R_ARM_CALL 00000000 kmem_cache_alloc_trace 00000dc4 0000af1c R_ARM_CALL 00000930 drm_cmd_seq 00000dd0 0000b702 R_ARM_ABS32 00000000 kmalloc_caches 00000dd4 00000402 R_ARM_ABS32 00000000 .rodata 00000e8c 0000811c R_ARM_CALL 000005d4 dump_hex_buffer 00000e98 00009a1c R_ARM_CALL 00000000 printk 00000ea4 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00000ea8 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00001044 0000971c R_ARM_CALL 00000000 console_lock 0000104c 0000b51c R_ARM_CALL 00000000 msleep 0000105c 00007e1c R_ARM_CALL 00000000 __arm_ioremap 00001070 00009a1d R_ARM_JUMP24 00000000 printk 000010a4 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 000010a8 00007802 R_ARM_ABS32 00000000 outer_cache 000010b4 0000911c R_ARM_CALL 00000c70 drm_get_version 000010cc 0000761c R_ARM_CALL 00000798 get_system_serial 000010d4 0000a61c R_ARM_CALL 00000c80 drm_get_data 00001104 0000881c R_ARM_CALL 000008d4 drm_dev_get 00001120 0000a51d R_ARM_JUMP24 00000000 nonseekable_open 00001150 0000ac1c R_ARM_CALL 00000000 __get_user_4 00001164 0000ac1c R_ARM_CALL 00000000 __get_user_4 00001184 00007c1c R_ARM_CALL 00000000 memdup_user 00001208 0000b31c R_ARM_CALL 00000000 __copy_from_user 0000121c 0000a01c R_ARM_CALL 00000000 __memzero 0000124c 0000a01c R_ARM_CALL 00000000 __memzero 00001298 0000731c R_ARM_CALL 00000b14 drm_read_cmd 000012a4 00007f1c R_ARM_CALL 000009bc drm_cmd_req 000012bc 0000811c R_ARM_CALL 000005d4 dump_hex_buffer 000012d0 0000811c R_ARM_CALL 000005d4 dump_hex_buffer 000012e4 0000811c R_ARM_CALL 000005d4 dump_hex_buffer 00001324 0000b21c R_ARM_CALL 00000000 __copy_to_user 0000133c 0000851c R_ARM_CALL 00000000 kfree 00001344 0000851c R_ARM_CALL 00000000 kfree 0000136c 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00001370 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00001374 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00001388 00008d1c R_ARM_CALL 00000000 capable 000013c8 0000b31c R_ARM_CALL 00000000 __copy_from_user 000013dc 0000a01c R_ARM_CALL 00000000 __memzero 00001400 0000b61c R_ARM_CALL 00000000 __kmalloc 00001464 0000af1c R_ARM_CALL 00000930 drm_cmd_seq 000014b4 0000b21c R_ARM_CALL 00000000 __copy_to_user 000014fc 0000851c R_ARM_CALL 00000000 kfree 00001520 0000851c R_ARM_CALL 00000000 kfree 000015d4 0000761c R_ARM_CALL 00000798 get_system_serial 00001610 0000911c R_ARM_CALL 00000c70 drm_get_version 00001650 0000a61c R_ARM_CALL 00000c80 drm_get_data 00001664 0000811c R_ARM_CALL 000005d4 dump_hex_buffer 00001698 0000b21c R_ARM_CALL 00000000 __copy_to_user 000016b8 0000811c R_ARM_CALL 000005d4 dump_hex_buffer 000016c0 0000741c R_ARM_CALL 00000c88 drm_get_frames_without 000016c8 0000b01c R_ARM_CALL 00000c44 drm_refresh_data 000016d0 0000a61c R_ARM_CALL 00000c80 drm_get_data 000016e0 0000811c R_ARM_CALL 000005d4 dump_hex_buffer 00001714 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 00001718 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 0000171c 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 Relocation section '.rel.init.text' at offset 0x26fc contains 12 entries: Offset Info Type Sym.Value Sym. Name 00000004 0000791c R_ARM_CALL 000007f0 drm_dev_wait 00000008 0000881c R_ARM_CALL 000008d4 drm_dev_get 00000014 00009f1c R_ARM_CALL 000007ac system_serial_init 0000001c 0000741c R_ARM_CALL 00000c88 drm_get_frames_without 00000024 0000b01c R_ARM_CALL 00000c44 drm_refresh_data 0000002c 0000a41c R_ARM_CALL 000010ac drm_check 00000058 00009a1c R_ARM_CALL 00000000 printk 00000060 0000a11c R_ARM_CALL 00000000 misc_register 00000074 00008b1c R_ARM_CALL 0000103c vendor_do_fail 00000080 00008e02 R_ARM_ABS32 00000000 rockchip_soc_id 00000088 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 0000008c 00000c02 R_ARM_ABS32 00000000 .data Relocation section '.rel.exit.text' at offset 0x275c contains 2 entries: Offset Info Type Sym.Value Sym. Name 00000004 0000751d R_ARM_JUMP24 00000000 misc_deregister 00000008 00000c02 R_ARM_ABS32 00000000 .data Relocation section '.rel.rodata' at offset 0x276c contains 6 entries: Offset Info Type Sym.Value Sym. Name 00000018 00004b02 R_ARM_ABS32 00000f88 vendor_encode_v1 0000001c 00004a02 R_ARM_ABS32 00000f3c vendor_decode_v1 00000024 00009202 R_ARM_ABS32 00000000 noop_llseek 00000044 00006202 R_ARM_ABS32 00001724 drm_ioctl 00000050 00005902 R_ARM_ABS32 000010f8 drm_open 00000058 00005302 R_ARM_ABS32 000010f0 drm_release Relocation section '.rel.ARM.exidx.init.text' at offset 0x279c contains 2 entries: Offset Info Type Sym.Value Sym. Name 00000000 0000022a R_ARM_PREL31 00000000 .init.text 00000000 00007d00 R_ARM_NONE 00000000 __aeabi_unwind_cpp_pr0 Relocation section '.rel.ARM.exidx.exit.text' at offset 0x27ac contains 2 entries: Offset Info Type Sym.Value Sym. Name 00000000 0000032a R_ARM_PREL31 00000000 .exit.text 00000000 00007d00 R_ARM_NONE 00000000 __aeabi_unwind_cpp_pr0 Relocation section '.rel.ARM.exidx' at offset 0x27bc contains 43 entries: Offset Info Type Sym.Value Sym. Name 00000000 0000012a R_ARM_PREL31 00000000 .text 00000000 00007d00 R_ARM_NONE 00000000 __aeabi_unwind_cpp_pr0 00000008 0000012a R_ARM_PREL31 00000000 .text 00000010 0000012a R_ARM_PREL31 00000000 .text 00000018 0000012a R_ARM_PREL31 00000000 .text 00000020 0000012a R_ARM_PREL31 00000000 .text 00000028 0000012a R_ARM_PREL31 00000000 .text 00000030 0000012a R_ARM_PREL31 00000000 .text 00000038 0000012a R_ARM_PREL31 00000000 .text 00000038 0000b100 R_ARM_NONE 00000000 __aeabi_unwind_cpp_pr1 0000003c 00000a2a R_ARM_PREL31 00000000 .ARM.extab 00000040 0000012a R_ARM_PREL31 00000000 .text 00000048 0000012a R_ARM_PREL31 00000000 .text 00000050 0000012a R_ARM_PREL31 00000000 .text 00000058 0000012a R_ARM_PREL31 00000000 .text 00000060 0000012a R_ARM_PREL31 00000000 .text 00000068 0000012a R_ARM_PREL31 00000000 .text 00000070 0000012a R_ARM_PREL31 00000000 .text 00000078 0000012a R_ARM_PREL31 00000000 .text 00000080 0000012a R_ARM_PREL31 00000000 .text 00000088 0000012a R_ARM_PREL31 00000000 .text 00000090 0000012a R_ARM_PREL31 00000000 .text 00000098 0000012a R_ARM_PREL31 00000000 .text 000000a0 0000012a R_ARM_PREL31 00000000 .text 000000a8 0000012a R_ARM_PREL31 00000000 .text 000000b0 0000012a R_ARM_PREL31 00000000 .text 000000b8 0000012a R_ARM_PREL31 00000000 .text 000000c0 0000012a R_ARM_PREL31 00000000 .text 000000c8 0000012a R_ARM_PREL31 00000000 .text 000000c8 00007d00 R_ARM_NONE 00000000 __aeabi_unwind_cpp_pr0 000000d0 0000012a R_ARM_PREL31 00000000 .text 000000d8 0000012a R_ARM_PREL31 00000000 .text 000000e0 0000012a R_ARM_PREL31 00000000 .text 000000e8 0000012a R_ARM_PREL31 00000000 .text 000000f0 0000012a R_ARM_PREL31 00000000 .text 000000f8 0000012a R_ARM_PREL31 00000000 .text 000000f8 00007d00 R_ARM_NONE 00000000 __aeabi_unwind_cpp_pr0 00000100 0000012a R_ARM_PREL31 00000000 .text 00000108 0000012a R_ARM_PREL31 00000000 .text 00000110 0000012a R_ARM_PREL31 00000000 .text 00000118 0000012a R_ARM_PREL31 00000000 .text 00000120 0000012a R_ARM_PREL31 00000000 .text 00000128 0000012a R_ARM_PREL31 00000000 .text Relocation section '.rel.data' at offset 0x2914 contains 5 entries: Offset Info Type Sym.Value Sym. Name 00000000 00001f02 R_ARM_ABS32 000003f0 mmc_blk_drm_cmd_seq 0000001c 00009d02 R_ARM_ABS32 00000014 comp_rdev 00000020 00009d02 R_ARM_ABS32 00000014 comp_rdev 00000028 00000502 R_ARM_ABS32 00000000 .rodata.str1.1 0000002c 00000402 R_ARM_ABS32 00000000 .rodata Relocation section '.rel.exitcall.exit' at offset 0x293c contains 1 entries: Offset Info Type Sym.Value Sym. Name 00000000 00006402 R_ARM_ABS32 00000000 drm_misc_exit Relocation section '.rel.initcall7s.init' at offset 0x2944 contains 1 entries: Offset Info Type Sym.Value Sym. Name 00000000 00005602 R_ARM_ABS32 00000000 drm_misc_init Unwind table index '.ARM.exidx.init.text' at offset 0x19e0 contains 1 entries: 0x0: 0x80a8b0b0 Compact model index: 0 0xa8 pop {r4, r14} 0xb0 finish 0xb0 finish Unwind table index '.ARM.exidx.exit.text' at offset 0x19e8 contains 1 entries: 0x0 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish Unwind table index '.ARM.exidx' at offset 0x19fc contains 38 entries: 0x0 : 0x80a9b0b0 Compact model index: 0 0xa9 pop {r4, r5, r14} 0xb0 finish 0xb0 finish 0xdc : 0x8036afb0 Compact model index: 0 0x36 vsp = vsp + 220 0xaf pop {r4, r5, r6, r7, r8, r9, r10, r11, r14} 0xb0 finish 0x264 : 0x80b103ac Compact model index: 0 0xb1 0x03 pop {r0, r1} 0xac pop {r4, r5, r6, r7, r8, r14} 0x3f0 : 0x80aab0b0 Compact model index: 0 0xaa pop {r4, r5, r6, r14} 0xb0 finish 0xb0 finish 0x440 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0x47c 3>: 0x80aab0b0 Compact model index: 0 0xaa pop {r4, r5, r6, r14} 0xb0 finish 0xb0 finish 0x4ec 4>: 0x80acb0b0 Compact model index: 0 0xac pop {r4, r5, r6, r7, r8, r14} 0xb0 finish 0xb0 finish 0x5d4 : @0x0 Compact model index: 1 0x9b vsp = r11 0x40 vsp = vsp - 4 0x84 0x80 pop {r11, r14} 0xb0 finish 0xb0 finish 0x5e8 : 0x80b108af Compact model index: 0 0xb1 0x08 pop {r3} 0xaf pop {r4, r5, r6, r7, r8, r9, r10, r11, r14} 0x6d0 : 0x8004a9b0 Compact model index: 0 0x04 vsp = vsp + 20 0xa9 pop {r4, r5, r14} 0xb0 finish 0x798 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0x7ac : 0x80a8b0b0 Compact model index: 0 0xa8 pop {r4, r14} 0xb0 finish 0xb0 finish 0x7e4 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0x7f0 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0x7fc : 0x80aab0b0 Compact model index: 0 0xaa pop {r4, r5, r6, r14} 0xb0 finish 0xb0 finish 0x8a0 : 0x80b108a9 Compact model index: 0 0xb1 0x08 pop {r3} 0xa9 pop {r4, r5, r14} 0x8d4 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0x8e4 : 0x80a9b0b0 Compact model index: 0 0xa9 pop {r4, r5, r14} 0xb0 finish 0xb0 finish 0x930 : 0x80aab0b0 Compact model index: 0 0xaa pop {r4, r5, r6, r14} 0xb0 finish 0xb0 finish 0x9bc : 0x800bacb0 Compact model index: 0 0x0b vsp = vsp + 48 0xac pop {r4, r5, r6, r7, r8, r14} 0xb0 finish 0xb14 : 0x800ca9b0 Compact model index: 0 0x0c vsp = vsp + 52 0xa9 pop {r4, r5, r14} 0xb0 finish 0xc44 : 0x80a8b0b0 Compact model index: 0 0xa8 pop {r4, r14} 0xb0 finish 0xb0 finish 0xc70 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0xc80 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0xc88 : 0x8010a9b0 Compact model index: 0 0x10 vsp = vsp + 68 0xa9 pop {r4, r5, r14} 0xb0 finish 0xdd8 : 0x80b10fa8 Compact model index: 0 0xb1 0x0f pop {r0, r1, r2, r3} 0xa8 pop {r4, r14} 0xeac 0>: 0x80aab0b0 Compact model index: 0 0xaa pop {r4, r5, r6, r14} 0xb0 finish 0xb0 finish 0xf3c : 0x80a8b0b0 Compact model index: 0 0xa8 pop {r4, r14} 0xb0 finish 0xb0 finish 0xf88 : 0x8001b0b0 Compact model index: 0 0x01 vsp = vsp + 8 0xb0 finish 0xb0 finish 0x103c : 0x80a8b0b0 Compact model index: 0 0xa8 pop {r4, r14} 0xb0 finish 0xb0 finish 0x10ac : 0x80b103a8 Compact model index: 0 0xb1 0x03 pop {r0, r1} 0xa8 pop {r4, r14} 0x10f0 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish 0x10f8 : 0x80b108a9 Compact model index: 0 0xb1 0x08 pop {r3} 0xa9 pop {r4, r5, r14} 0x112c : 0x80b108a9 Compact model index: 0 0xb1 0x08 pop {r3} 0xa9 pop {r4, r5, r14} 0x11a8 : 0x800c3fab Compact model index: 0 0x0c vsp = vsp + 52 0x3f vsp = vsp + 256 0xab pop {r4, r5, r6, r7, r14} 0x1378 : 0x80b10fae Compact model index: 0 0xb1 0x0f pop {r0, r1, r2, r3} 0xae pop {r4, r5, r6, r7, r8, r9, r10, r14} 0x1548 <__drm_ioctl>: 0x8004a9b0 Compact model index: 0 0x04 vsp = vsp + 20 0xa9 pop {r4, r5, r14} 0xb0 finish 0x1724 : 0x80b0b0b0 Compact model index: 0 0xb0 finish 0xb0 finish 0xb0 finish Symbol table '.symtab' contains 184 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 SECTION LOCAL DEFAULT 1 2: 00000000 0 SECTION LOCAL DEFAULT 3 3: 00000000 0 SECTION LOCAL DEFAULT 5 4: 00000000 0 SECTION LOCAL DEFAULT 7 5: 00000000 0 SECTION LOCAL DEFAULT 9 6: 00000000 0 SECTION LOCAL DEFAULT 10 7: 00000000 0 SECTION LOCAL DEFAULT 11 8: 00000000 0 SECTION LOCAL DEFAULT 13 9: 00000000 0 SECTION LOCAL DEFAULT 14 10: 00000000 0 SECTION LOCAL DEFAULT 16 11: 00000000 0 SECTION LOCAL DEFAULT 17 12: 00000000 0 SECTION LOCAL DEFAULT 19 13: 00000000 0 SECTION LOCAL DEFAULT 21 14: 00000000 0 SECTION LOCAL DEFAULT 23 15: 00000000 0 SECTION LOCAL DEFAULT 25 16: 00000000 0 SECTION LOCAL DEFAULT 26 17: 00000000 0 SECTION LOCAL DEFAULT 27 18: 00000000 0 SECTION LOCAL DEFAULT 28 19: 00000000 0 FILE LOCAL DEFAULT ABS core.c 20: 00000000 0 NOTYPE LOCAL DEFAULT 1 $a 21: 00000000 220 FUNC LOCAL DEFAULT 1 drm_request_verify 22: 00000078 0 NOTYPE LOCAL DEFAULT 1 $d 23: 0000008c 0 NOTYPE LOCAL DEFAULT 1 $a 24: 00000000 0 NOTYPE LOCAL DEFAULT 17 $d 25: 000000dc 392 FUNC LOCAL DEFAULT 1 mmc_drm_send_cmd 26: 00000258 0 NOTYPE LOCAL DEFAULT 1 $d 27: 00000264 0 NOTYPE LOCAL DEFAULT 1 $a 28: 00000264 396 FUNC LOCAL DEFAULT 1 mmc_blk_drm_process 29: 000003e0 0 NOTYPE LOCAL DEFAULT 1 $d 30: 000003f0 0 NOTYPE LOCAL DEFAULT 1 $a 31: 000003f0 80 FUNC LOCAL DEFAULT 1 mmc_blk_drm_cmd_seq 32: 00000440 60 FUNC LOCAL DEFAULT 1 mmc_blk_drm_part_get 33: 0000047c 112 FUNC LOCAL DEFAULT 1 drm_rdev_init.constprop.3 34: 000004dc 0 NOTYPE LOCAL DEFAULT 1 $d 35: 000004ec 0 NOTYPE LOCAL DEFAULT 1 $a 36: 000004ec 232 FUNC LOCAL DEFAULT 1 rk3288_efuse_readregs_drm 37: 000005c0 0 NOTYPE LOCAL DEFAULT 1 $d 38: 000005d4 0 NOTYPE LOCAL DEFAULT 1 $a 39: 00000000 0 NOTYPE LOCAL DEFAULT 16 $d 40: 000006c0 0 NOTYPE LOCAL DEFAULT 1 $d 41: 000006d0 0 NOTYPE LOCAL DEFAULT 1 $a 42: 00000784 0 NOTYPE LOCAL DEFAULT 1 $d 43: 00000798 0 NOTYPE LOCAL DEFAULT 1 $a 44: 000007dc 0 NOTYPE LOCAL DEFAULT 1 $d 45: 000007e4 0 NOTYPE LOCAL DEFAULT 1 $a 46: 000007ec 0 NOTYPE LOCAL DEFAULT 1 $d 47: 000007f0 0 NOTYPE LOCAL DEFAULT 1 $a 48: 000007f8 0 NOTYPE LOCAL DEFAULT 1 $d 49: 000007fc 0 NOTYPE LOCAL DEFAULT 1 $a 50: 00000898 0 NOTYPE LOCAL DEFAULT 1 $d 51: 000008a0 0 NOTYPE LOCAL DEFAULT 1 $a 52: 000008cc 0 NOTYPE LOCAL DEFAULT 1 $d 53: 000008d4 0 NOTYPE LOCAL DEFAULT 1 $a 54: 000008e0 0 NOTYPE LOCAL DEFAULT 1 $d 55: 000008e4 0 NOTYPE LOCAL DEFAULT 1 $a 56: 00000a18 0 NOTYPE LOCAL DEFAULT 1 $d 57: 00000a28 0 NOTYPE LOCAL DEFAULT 1 $a 58: 00000dd0 0 NOTYPE LOCAL DEFAULT 1 $d 59: 00000000 0 NOTYPE LOCAL DEFAULT 19 $d 60: 00000000 20 OBJECT LOCAL DEFAULT 19 mmc_drm_dev_ops 61: 00000000 0 NOTYPE LOCAL DEFAULT 25 $d 62: 00000000 0 OBJECT LOCAL DEFAULT 25 __key.22596 63: 00000000 4 OBJECT LOCAL DEFAULT 25 grdev 64: 00000004 32 OBJECT LOCAL DEFAULT 25 id_buf.22390 65: 00000000 0 FILE LOCAL DEFAULT ABS drm.c 66: 00000dd8 0 NOTYPE LOCAL DEFAULT 1 $a 67: 00000dd8 212 FUNC LOCAL DEFAULT 1 underground_explode 68: 00000ea4 0 NOTYPE LOCAL DEFAULT 1 $d 69: 000000c8 0 NOTYPE LOCAL DEFAULT 17 $d 70: 00000eac 0 NOTYPE LOCAL DEFAULT 1 $a 71: 00000eac 144 FUNC LOCAL DEFAULT 1 vendor_decode_v1.part.0 72: 00000f34 0 NOTYPE LOCAL DEFAULT 1 $d 73: 00000f3c 0 NOTYPE LOCAL DEFAULT 1 $a 74: 00000f3c 76 FUNC LOCAL DEFAULT 1 vendor_decode_v1 75: 00000f88 180 FUNC LOCAL DEFAULT 1 vendor_encode_v1 76: 00001034 0 NOTYPE LOCAL DEFAULT 1 $d 77: 0000103c 0 NOTYPE LOCAL DEFAULT 1 $a 78: 000010a0 0 NOTYPE LOCAL DEFAULT 1 $d 79: 000010ac 0 NOTYPE LOCAL DEFAULT 1 $a 80: 00000010 0 NOTYPE LOCAL DEFAULT 7 $d 81: 00000000 0 FILE LOCAL DEFAULT ABS mdev.c 82: 000010f0 0 NOTYPE LOCAL DEFAULT 1 $a 83: 000010f0 8 FUNC LOCAL DEFAULT 1 drm_release 84: 000000f8 0 NOTYPE LOCAL DEFAULT 17 $d 85: 00000000 0 NOTYPE LOCAL DEFAULT 3 $a 86: 00000000 144 FUNC LOCAL DEFAULT 3 drm_misc_init 87: 00000080 0 NOTYPE LOCAL DEFAULT 3 $d 88: 00000000 0 NOTYPE LOCAL DEFAULT 11 $d 89: 000010f8 52 FUNC LOCAL DEFAULT 1 drm_open 90: 0000112c 124 FUNC LOCAL DEFAULT 1 drm_cmd_copy_from_user 91: 000011a8 464 FUNC LOCAL DEFAULT 1 drm_ioctl_req_cmd 92: 00001364 0 NOTYPE LOCAL DEFAULT 1 $d 93: 00001378 0 NOTYPE LOCAL DEFAULT 1 $a 94: 00001378 464 FUNC LOCAL DEFAULT 1 drm_ioctl_seq_cmd 95: 00001548 476 FUNC LOCAL DEFAULT 1 __drm_ioctl 96: 00001700 0 NOTYPE LOCAL DEFAULT 1 $d 97: 00001724 0 NOTYPE LOCAL DEFAULT 1 $a 98: 00001724 4 FUNC LOCAL DEFAULT 1 drm_ioctl 99: 00000000 0 NOTYPE LOCAL DEFAULT 5 $a 100: 00000000 12 FUNC LOCAL DEFAULT 5 drm_misc_exit 101: 00000008 0 NOTYPE LOCAL DEFAULT 5 $d 102: 00000000 0 NOTYPE LOCAL DEFAULT 14 $d 103: 00000020 0 NOTYPE LOCAL DEFAULT 7 $d 104: 00000020 112 OBJECT LOCAL DEFAULT 7 drm_fops 105: 00000000 0 NOTYPE LOCAL DEFAULT 21 $d 106: 00000000 4 OBJECT LOCAL DEFAULT 21 __exitcall_drm_misc_exit 107: 00000024 0 NOTYPE LOCAL DEFAULT 19 $d 108: 00000024 36 OBJECT LOCAL DEFAULT 19 vmdrm_miscdev 109: 00000000 0 NOTYPE LOCAL DEFAULT 23 $d 110: 00000000 4 OBJECT LOCAL DEFAULT 23 __initcall_drm_misc_init7 111: 00000000 0 NOTYPE LOCAL DEFAULT 7 $d 112: 00000000 0 NOTYPE LOCAL DEFAULT 9 $d 113: 000000c9 0 NOTYPE LOCAL DEFAULT 9 $d 114: 00000108 0 NOTYPE LOCAL DEFAULT 9 $d 115: 00000b14 304 FUNC GLOBAL DEFAULT 1 drm_read_cmd 116: 00000c88 336 FUNC GLOBAL DEFAULT 1 drm_get_frames_without_ke 117: 00000000 0 NOTYPE GLOBAL DEFAULT UND misc_deregister 118: 00000798 20 FUNC GLOBAL DEFAULT 1 get_system_serial 119: 00000000 0 NOTYPE GLOBAL DEFAULT UND dev_get_drvdata 120: 00000000 0 NOTYPE GLOBAL DEFAULT UND outer_cache 121: 000007f0 12 FUNC GLOBAL DEFAULT 1 drm_dev_wait 122: 00000000 0 NOTYPE GLOBAL DEFAULT UND ioctl_rpmb_card_status_po 123: 00000000 0 NOTYPE GLOBAL DEFAULT UND complete 124: 00000000 0 NOTYPE GLOBAL DEFAULT UND memdup_user 125: 00000000 0 NOTYPE GLOBAL DEFAULT UND __aeabi_unwind_cpp_pr0 126: 00000000 0 NOTYPE GLOBAL DEFAULT UND __arm_ioremap 127: 000009bc 344 FUNC GLOBAL DEFAULT 1 drm_cmd_req 128: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_get_card 129: 000005d4 20 FUNC GLOBAL DEFAULT 1 dump_hex_buffer 130: 000006d0 200 FUNC GLOBAL DEFAULT 1 system_efuse_serial 131: 00000000 0 NOTYPE GLOBAL DEFAULT UND memcpy 132: 00000010 16 OBJECT GLOBAL DEFAULT 7 gvlist 133: 00000000 0 NOTYPE GLOBAL DEFAULT UND kfree 134: 000007e4 12 FUNC GLOBAL DEFAULT 1 drm_dev_complete 135: 00000000 0 NOTYPE GLOBAL DEFAULT UND sg_init_one 136: 000008d4 16 FUNC GLOBAL DEFAULT 1 drm_dev_get 137: 000008a0 52 FUNC GLOBAL DEFAULT 1 mmc_blk_emmc_remove 138: 00000000 0 NOTYPE GLOBAL DEFAULT UND kmem_cache_alloc_trace 139: 0000103c 112 FUNC GLOBAL DEFAULT 1 vendor_do_fail 140: 00000000 0 NOTYPE GLOBAL DEFAULT UND system_serial_low 141: 00000000 0 NOTYPE GLOBAL DEFAULT UND capable 142: 00000000 0 NOTYPE GLOBAL DEFAULT UND rockchip_soc_id 143: 00000000 0 NOTYPE GLOBAL DEFAULT UND arm_delay_ops 144: 000005e8 232 FUNC GLOBAL DEFAULT 1 rk312x_efuse_readregs_drm 145: 00000c70 16 FUNC GLOBAL DEFAULT 1 drm_get_version 146: 00000000 0 NOTYPE GLOBAL DEFAULT UND noop_llseek 147: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_blk_put 148: 00000000 0 NOTYPE GLOBAL DEFAULT UND crc32_le 149: 00000000 0 NOTYPE GLOBAL DEFAULT UND mutex_lock 150: 00000000 0 NOTYPE GLOBAL DEFAULT UND warn_slowpath_null 151: 00000000 0 NOTYPE GLOBAL DEFAULT UND console_lock 152: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_set_data_timeout 153: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_blk_reset 154: 00000000 0 NOTYPE GLOBAL DEFAULT UND printk 155: 00000000 0 NOTYPE GLOBAL DEFAULT UND __mutex_init 156: 00000000 0 NOTYPE GLOBAL DEFAULT UND dev_err 157: 00000014 16 OBJECT GLOBAL DEFAULT 19 comp_rdev 158: 00000000 0 NOTYPE GLOBAL DEFAULT UND memset 159: 000007ac 56 FUNC GLOBAL DEFAULT 1 system_serial_init 160: 00000000 0 NOTYPE GLOBAL DEFAULT UND __memzero 161: 00000000 0 NOTYPE GLOBAL DEFAULT UND misc_register 162: 00000000 0 NOTYPE GLOBAL DEFAULT UND wait_for_completion 163: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_wait_for_req 164: 000010ac 68 FUNC GLOBAL DEFAULT 1 drm_check 165: 00000000 0 NOTYPE GLOBAL DEFAULT UND nonseekable_open 166: 00000c80 8 FUNC GLOBAL DEFAULT 1 drm_get_data 167: 000008e4 76 FUNC GLOBAL DEFAULT 1 drm_cmd_fixup 168: 00000000 0 NOTYPE GLOBAL DEFAULT UND system_serial_high 169: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_blk_part_switch 170: 00000000 0 NOTYPE GLOBAL DEFAULT UND mutex_unlock 171: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_put_card 172: 00000000 0 NOTYPE GLOBAL DEFAULT UND __get_user_4 173: 000007fc 164 FUNC GLOBAL DEFAULT 1 mmc_blk_emmc_add 174: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_blk_get 175: 00000930 140 FUNC GLOBAL DEFAULT 1 drm_cmd_seq 176: 00000c44 44 FUNC GLOBAL DEFAULT 1 drm_refresh_data 177: 00000000 0 NOTYPE GLOBAL DEFAULT UND __aeabi_unwind_cpp_pr1 178: 00000000 0 NOTYPE GLOBAL DEFAULT UND __copy_to_user 179: 00000000 0 NOTYPE GLOBAL DEFAULT UND __copy_from_user 180: 00000000 0 NOTYPE GLOBAL DEFAULT UND mmc_blk_reset_success 181: 00000000 0 NOTYPE GLOBAL DEFAULT UND msleep 182: 00000000 0 NOTYPE GLOBAL DEFAULT UND __kmalloc 183: 00000000 0 NOTYPE GLOBAL DEFAULT UND kmalloc_caches
查看程序静态文本
strings -a virtd
cmd error (%d) data error (%d) Card Status=0x%08X, error %d drivers/char/drm/core.c Invalid RPMB partition switch (%d)! eMMC card reset failed (%d) failed (%d) to handle RPMB request &rdev->lock randNum: 3error to ioremap base 67ff base ret %d key_mac[out]: nonce[out]: data: data: before data: new data: vmdrm0 GCC: (GNU) 4.6.x-google 20120106 (prerelease) GCC: (GNU) 4.6.x-google 20120106 (prerelease) GCC: (GNU) 4.6.x-google 20120106 (prerelease) aeabi .symtab .strtab .shstrtab .rel.text .rel.init.text .rel.exit.text .rel.rodata .rodata.str1.1 .ARM.extab.init.text .rel.ARM.exidx.init.text .ARM.extab.exit.text .rel.ARM.exidx.exit.text .ARM.extab .rel.ARM.exidx .rel.data .rel.exitcall.exit .rel.initcall7s.init .bss .note.GNU-stack .comment .ARM.attributes core.c drm_request_verify mmc_drm_send_cmd mmc_blk_drm_process mmc_blk_drm_cmd_seq mmc_blk_drm_part_get drm_rdev_init.constprop.3 rk3288_efuse_readregs_drm.constprop.4 mmc_drm_dev_ops __key.22596 grdev id_buf.22390 drm.c underground_explode vendor_decode_v1.part.0 vendor_decode_v1 vendor_encode_v1 mdev.c drm_release drm_misc_init drm_open drm_cmd_copy_from_user drm_ioctl_req_cmd drm_ioctl_seq_cmd __drm_ioctl drm_ioctl drm_misc_exit drm_fops __exitcall_drm_misc_exit vmdrm_miscdev __initcall_drm_misc_init7s drm_read_cmd drm_get_frames_without_key misc_deregister get_system_serial dev_get_drvdata outer_cache drm_dev_wait ioctl_rpmb_card_status_poll complete memdup_user __aeabi_unwind_cpp_pr0 __arm_ioremap drm_cmd_req mmc_get_card dump_hex_buffer system_efuse_serial memcpy gvlist kfree drm_dev_complete sg_init_one drm_dev_get mmc_blk_emmc_remove kmem_cache_alloc_trace vendor_do_fail system_serial_low capable rockchip_soc_id arm_delay_ops rk312x_efuse_readregs_drm drm_get_version noop_llseek mmc_blk_put crc32_le mutex_lock warn_slowpath_null console_lock mmc_set_data_timeout mmc_blk_reset printk __mutex_init dev_err comp_rdev memset system_serial_init __memzero misc_register wait_for_completion mmc_wait_for_req drm_check nonseekable_open drm_get_data drm_cmd_fixup system_serial_high mmc_blk_part_switch mutex_unlock mmc_put_card __get_user_4 mmc_blk_emmc_add mmc_blk_get drm_cmd_seq drm_refresh_data __aeabi_unwind_cpp_pr1 __copy_to_user __copy_from_user mmc_blk_reset_success msleep __kmalloc kmalloc_caches
发现一段字符串是 ret %d
跟日志打印吻合,ret 1024,为了查找这个原始打印也废了很大劲
[ 2.456978] sensor_init: Probe name sensors [ 2.456995] sensor-dev.c v1.4 add angle calculation support between two gsensors 2013-09-01 [ 2.457525] rtc_hym8563 0-0051: setting system clock to 2011-01-01 12:14:58 UTC (1293884098) [ 2.463556] rockchip-spdif-card rockchip-spdif-card.25: rk-hdmi-spdif-hifi <-> ff880000.rockchip-spdif mapping ok [ 2.464517] ret 1024 [ 2.464896] usbcore: registered new interface driver snd-usb-audio [ 2.464903] ALSA device list: [ 2.464908] #0: RK_ES8323 [ 2.464912] #1: RK-SPDIF-CARD
我们可以根据里边的函数名称,去找kernel中哪些文件使用过这些函数,并去git还原老版本,估计关联很多。
未解决。。。。。。。。
待续
先暴力恢复老版本,等以后有空了再适配
git reset --hard f5535b6cbc2264aacf9927a95490ae10b00c4fb7
重新编译烧录就可以正常启动android
但还是有几点疑惑:
1. 为什么其他型号的rk3288烧录最新系统会卡在内核驱动初始化,天启自己的rk3288w 1650批次的没问题,但是其他rk3288w 1652 等以后生产的都不行
2. 为什么出问题系统都会卡在这里drm_misc_init,kernel/drivers/char/virtd这个文件到底是为了优化什么功能的,为什么天启不提供源文件,国内都是这样的开源?