Re: Memory Layout
Posted: Sat Sep 06, 2014 2:43 am
hackrid wrote:How did you do it?
Looks like RE the XTCOM protocol to read single memory location and Python scripts to perform massive dump
-->
Open Community Forum for ESP8266, Come share Arduino and IoT (Internet of Things)
https://www.esp8266.com/
hackrid wrote:How did you do it?
Memory Protection/MMU: Region Protection
System RAM start address / size 0x60000000 / 64M
System ROM start address / size 0x50000000 / 16M
Local Memory
Instruction RAM [0] start address / size 0x40000000 / 1M [busy]
Instruction RAM [1] start address / size 0x40100000 / 1M [busy]
Instruction ROM start address / size 0x40200000 / 1M [busy]
Data RAM [0] start address / size 0x3ffc0000 / 256K [busy]
Data RAM [1] start address / size 0x3ff80000 / 256K [busy]
Data ROM start address / size 0x3ff40000 / 256K [busy]
XLMI start address / size 0x3ff00000 / 256K [busy]
Vector configuration
Reset Vector start address / size 0x50000000 / 0x300
Kernel (Stacked) Exception Vector start address / size 0x40000030 / 0x1c
User (Program) Exception Vector start address / size 0x40000050 / 0x1c
Double Exception Vector start address / size 0x40000070 / 0x10
Level 2 Interrupt Vector start address / size 0x40000010 / 0xc
Level 3 Interrupt Vector (NMI vector) start address / size 0x40000020 / 0xc
Bert wrote:Just FYI, here are the (more or less) meaningful strings in the binary:Code: Select allets_unpack_flash_code
ets %s,rst cause:%d, boot mode:(%d,%d)
Jan 8 2013
wdt reset
ets_main.c
unknown reset
user code done
waiting for host
load 0x%08x, len %d, room %d
flash read err, %s
tailtail
chksum 0x%02x
csum 0x%02x
csum err
ho %d tail %d room %d
sp %p
sf_dump[%d] a0: 0x%08x a1: 0x%08x a2: 0x%08x a3: 0x%08x
epc1=0x%08x, epc2=0x%08x, epc3=0x%08x, excvaddr=0x%08x, depc=0x%08x
Fatal exception (%d):
eprintf no bno b0123456789
<null>
ets_timer.c
bootup , addr 0x%08x
no rds
sip bogus rx done
rx done unknown
sip bogus tx
seq %u, %u ds %p
tx unknown
rxiq_get_mis: s_pwr=%lld, %d-%d,
stagstag: CGAIN=%d FGAIN=%d, DC_OS=(%d,%d), DAC=(%d,%d)
pwctrl: rate_i=%d, target_power=%d, detect_power=%d
num_k=%d, power_out=%d,
reg_i=%d, indata=%d
txiq: tone_atten=%d
txiq_gain=%d
txiq_phase=%d
bt:
Seems like the AT-stuff is implemented in flash memory, yay!
Bert wrote:@kongo: you have been dumping the I-RAM instead of the I-ROM.
From the lx106 configuration file:Code: Select allMemory Protection/MMU: Region Protection
System RAM start address / size 0x60000000 / 64M
System ROM start address / size 0x50000000 / 16M
Local Memory
Instruction RAM [0] start address / size 0x40000000 / 1M [busy]
Instruction RAM [1] start address / size 0x40100000 / 1M [busy]
Instruction ROM start address / size 0x40200000 / 1M [busy]
Data RAM [0] start address / size 0x3ffc0000 / 256K [busy]
Data RAM [1] start address / size 0x3ff80000 / 256K [busy]
Data ROM start address / size 0x3ff40000 / 256K [busy]
XLMI start address / size 0x3ff00000 / 256K [busy]
Vector configuration
Reset Vector start address / size 0x50000000 / 0x300
Kernel (Stacked) Exception Vector start address / size 0x40000030 / 0x1c
User (Program) Exception Vector start address / size 0x40000050 / 0x1c
Double Exception Vector start address / size 0x40000070 / 0x10
Level 2 Interrupt Vector start address / size 0x40000010 / 0xc
Level 3 Interrupt Vector (NMI vector) start address / size 0x40000020 / 0xc
I wouldn't count on the sizes being correct (as in: actually implemented in hardware), though.