前言preface
最近在漏洞挖掘过程中,涉及到了一些基础的知识比如BIOS,uboot,qemu模拟的方面。
首先开始我们需要了解机器是怎么运行的
一般我们使用的机器都是windows或者Linux,(本人是高端MAC本🤣),
Recently, in the process of vulnerability mining, some basic knowledge has been involved, such as BIOS, uboot and QEMU simulation.
First, we need to understand how the machine works
Generally, the machines we use are windows or Linux (I am a high-end MAC🤣),
什么是BIOS?他有什么用,他做了什么?按下开机键的时候机器干了啥?
问:
计算机是最讲逻辑,他会按照他的规则去运行,但是我们不知道他是怎么运行的,我们点开一个程序,或者说我们开机,计算机都会反馈给我们结果但是里面是怎样的呢,它对我们来说就像一个黑盒子,我们只要双击按钮。回到底层,当我们按下开机按钮的那一瞬间,计算机在干嘛呢?
Q:
The computer is the most logical. It will run according to its rules, but we don’t know how it runs. When we click a program or turn it on, the computer will feed back to us the results. But what’s inside? It’s like a black box to us. We just need to double-click the button. Back to the bottom, what is the computer doing when we press the start button?
我是研究IOT方向与二进制方向所以逆向程序会非常多,(打开IDA好手就是我😁),当我们IDA打开程序,IDA会模拟程序,然后给出一串汇编指令和地址,我们运行程序CPU的指令指针寄存器就会指向到运行程序的汇编代码处。这里扯偏了。
回到问题,按下开机键,其实我们的机器不会马上开始运行内核而是
CPU会上点,CS:IP复位好0xffff0 (其实就是IP寄存器)
此时的话啥也没运行,内存没工作,显示器没亮CPU的IP寄存器访问到的地址就是我们大名鼎鼎的BIOS的ROM区
然后就会接一个跳转指令跳转到BIOS的代码去运行,当运行完的时候又会接一个跳转指令,这时候我们的硬盘大哥马上就要来了
硬盘大哥的引导分区,第一个扇区存储这boot的代码,当我们BIOS执行完就会跳到这里,当然boot执行完后也会接一个跳转跳转到load
(translate):
I study IOT direction and binary direction, so there will be a lot of reverse programs. (I’m a good hand in opening IDA 😁), When IDA opens the program, IDA will simulate the program, and then give a series of assembly instructions and addresses. The instruction pointer register of our running program CPU will point to the assembly code of the running program. It’s biased here.
Back to the problem, press the start button. In fact, our machine will not start running the kernel immediately, but
The CPU will go up and reset CS: IP 0xffff0 (actually IP register)
At this time, nothing is running, the memory is not working, the display is not lit, and the address accessed by the CPU’s IP register is the ROM area of our famous BIOS
Then it will take a jump instruction to jump to the BIOS code to run. When it is finished, it will take another jump instruction. At this time, our big brother of hard disk will come soon
The first sector of the boot partition of the big brother of the hard disk stores the boot code. When the BIOS is executed, we will jump here. Of course, after the boot is executed, we will jump to load one by one
1 | boot作用: |
到这里就应该知道急需要干啥了,load段就会把内核加载的内存中然后跳过去执行。然后内核操作系统就会控制显示屏键盘亮等一些列现象
这就是windows电脑在开机时的动作(ps当然这是比较老的),我们看到电脑马上亮屏之前电脑还做了很多的操作,默默感叹…..
At this point, you should know what to do urgently. The load section will load the kernel into the memory and then jump to execute. Then the kernel operating system will control the display screen, keyboard light and other phenomena
This is the action of the windows computer when it is turned on (PS of course, this is relatively old). We see that the computer has done a lot of operations before the computer immediately lights up. We sigh silently
答:
计算机首先会执行bios然后bootload清屏加载内核点亮屏幕
BIOS是个人电脑启动时加载的第一个软件。其实,它是一组固化到计算机内主板上一个ROM芯片上的程序,它保存着计算机最重要的基本输入输出的程序、开机后自检程序和系统自启动程序,它可从CMOS中读写系统设置的具体信息。 (来源百度百科)
A:
The computer will first execute BIOS, and then boot load will clear the screen and load the kernel to light up the screen
**BIOS is the first software loaded when the PC starts. In fact, it is a set of programs solidified on a ROM chip on the main board of the computer. It stores the most important basic input and output programs of the computer, post startup self-test programs and system self startup programs. It can read and write the specific information of system settings from CMOS. (source: Baidu** Encyclopedia)
Linux的Uboot
前面说过我其实主要研究的是linux,因为大多数嵌入式设备内部都是linux,所以问题又来了,嵌入式设备是怎么启动的呢,为啥嵌入式设备启动这么快,像路由器,摄像头是即插即用
As mentioned earlier, I mainly study Linux, because most embedded devices are Linux, so the problem comes again. How do embedded devices start? Why do embedded devices start so fast? Like routers and cameras, they are plug and play
问:
嵌入式设备是怎么启动的呢,为啥嵌入式设备启动这么快,像路由器,摄像头是即插即用
Q:
How do embedded devices start? Why do embedded devices start so fast? Like routers, cameras are plug and play
再次回到什么也没发生之前,应该都有了解嵌入式设备一般都是使用的精简指令集,所以一般来说也就不是我们常见的x86了,这里已嵌入式开发板为列子。
1.首先嵌入式开发板上电,然后cpu开始运行
2.然后cpu将固化在flash/ROM中的代码加载到RAM中运行,这段代码就是bootloader(uboot)
Once again, before nothing happened, we should know that embedded devices generally use the reduced instruction set, so generally speaking, it is not our common x86. Here, the embedded development board is listed.
1.First power on the embedded development board, and then the CPU starts running
2.Then the CPU loads the code solidified in flash / ROM into RAM to run. This code is bootloader (uboot)
If you press the space, you will enter the uboot command line, where you can perform basic mechanical command operations
Then continue to execute, uboot will set some basic information and then load the kernel.
最后从flash中加载文件系统执行,配置网络服务等,执行preinit初始化脚本
Finally, load the file system from flash, configure network services, and execute the Preinit initialization script
答:
嵌入式设备分2中一种是linux内核一种是RTOS,RTOS的系统启动很快,linux相对较慢,由于内存较小,通过uboot加载内核,然后加载文件系统
Answer:
**Embedded devices are divided into two types: one is Linux kernel and the other is RTOS. RTOS system starts quickly and Linux is relatively slow. Due to the small memory, load the kernel through uboot and then load the file system**
最后可以通过查看/proc/mtd文件查看flash的文件分区情况TOTOLINK EX200如下
#### RTOS
RTOS是即时操作系统,非常明显的是其固件非常小通过1M-2M,其中并没有像linux那样的完整的操作系统,将任务与进程挂钩,开机就会启动进程,所以速度较快,而且通常固件较难分析
RTOS is a real-time operating system. It is obvious that its firmware is very small. Through 1m-2m, there is no complete operating system like Linux. If the task is linked to the process, the process will be started after startup, so the speed is fast, and it is usually difficult to analyze the firmware
