ESP8266 Community Forum

- Thu Jun 25, 2015 11:46 am #21634 Moin,

I studied and de-compiled some methods of the ESP8266 firmware ROM to get a better understanding how they work and work together.
I am not alone on that but a lot of people seem to think it's some kind of magic.
It's not and I hope my analysis helps more people to try it out.

I did it on github because it's easy to modify for me to enhance it and fix bugs.

Please keep discussions of the analysis here and raise issues about bugs on the repository.

Have fun,
Cal

Get your modules here:

https://www.banggood.com/custlink/KvGGhGF4wG

- Tue Jun 30, 2015 10:50 am #22064 Cal,
Did not see this topic so continue my (offtopic for Re: Anybody interested in using a debugger) question here.

I already found the objdump -d -z option to get but have trouble to understand the output.
My goal is to get the SDK version number from dissembling the libmain.a.
Expected this to be possible as I hope the system_get_sdk_version is "just returning a string" and does not any fancy calculation to get the version number.

I found the system_get_sdk_version in user_interface.o, the part I thought to be relevant :
sdk111 :

Code: Select all    2eca:   1c0000           excw
    2ecd:   000000           ill

00002ed0 <system_get_sdk_version>:
    2ed0:   ffff21           l32r   a2, 2ecc <system_uart_de_swap+0x38>
    2ed3:   f00d         ret.n


sdk110

Code: Select all    2a5b:   001c00           excw
    2a5e:   210000           srai   a0, a0, 0

00002a60 <system_get_sdk_version>:
    2a60:   ffff21           l32r   a2, 2a5c <system_uart_swap+0x7c>
    2a63:   f00d         ret.n


However this looks like a very small function.
As far my reading the "l32r a2, 2a5c" goes, the instruction reads from the address 2a5c to register a2.
and this address 2a5c is just before the function.
then ret.n returns that to the caller.
But I am failing to see the "1.1.1" vs "1.0.1" (or coded) in this part of data/code so either I am mistaken in the way the instruction work or I am on a deadend in the way I wanted to get the version number from the library.

Can you indicate whether I a have wrong interpretation and/or point me to some further reading which might help me ?

- Tue Jun 30, 2015 4:21 pm #22088 The value at the address which will be the address of a string I guess will be set by the linker.
You can follow your way through the symbols using objdump on the lib.
But it's easier to do the objdump on the elf image of the firmware.
Then read the address from the location before the function and hex/ascii dump that.

Cal

Get your modules here:

https://www.banggood.com/custlink/KvGGhGF4wG

- Wed Jul 01, 2015 7:44 am #22148 Sorry to bother you again but I tried to understand and follow your advice and got stuck again.
1/ You can follow your way through the symbols using objdump on the lib.
That would mean going from this definition of <system_get_sdk_version>

Code: Select all    2eca:   1c0000           excw
    2ecd:   000000           ill

00002ed0 <system_get_sdk_version>:
    2ed0:   ffff21           l32r   a2, 2ecc <system_uart_de_swap+0x38>
    2ed3:   f00d         ret.n


What would be the way to : follow through the symbols ?
If there is a document/location where that is described, I be happy to go from there.

2/ do the objdump on the elf image of the firmware
Do you mean with the elf image of the firmware the output of the linker ?
In my case the linker output file is app.out.
When I do the objdump -d -z on that and look for the <system_get_sdk_version> I get

Code: Select all4020bf8a:   c40000           extui   a0, a0, 0, 13
4020bf8d:   3ffe87           bbsi   a14, 24, 4020bfd0 <divide+0x34>

4020bf90 <system_get_sdk_version>:
4020bf90:   ffff21           l32r   a2, 4020bf8c <system_uart_de_swap+0x34>
4020bf93:   f00d         ret.n
4020bf95:   000000           ill
4020bf98:   e268         l32i.n   a6, a2, 56
4020bf9a:   5d4000           excw


would then the location of the string 003ffe87, the value of 420bf8c ?
But that address is nowhere in the output of objdump and you mentioned hexdump.
Is this the way you suggested ? and in which file should I then be looking for the string ?

Herman