def parse_mpu():
"""
NOTE: to find this symbol, run find_mcr.py and look for the MPU config instructions.
Backtrace that function to a wrapper; backtrace that one to the MPU initialization function,
which calls the wrapper in a loop using values from an array. That array is MPU_region_configs.
"""
mpu_struct_addr = idc.LocByName("MPU_region_configs")
if mpu_struct_addr == 0xFFFFFFFF:
print "NOTE: to find this symbol, run find_mcr.py and look for the MPU config instructions.\nBacktrace that function to a wrapper; backtrace that one to the MPU initialization function,\nwhich calls the wrapper in a loop using values from an array. That array is MPU_region_configs."
return
while(1):
r = Region(mpu_struct_addr)
if r.num == 0xFF:
print "Delimiter found!"
break
else:
r.pprint()
mpu_struct_addr += 40
new_region = Region()
new_region.set_DRNR(14)
new_region.set_DRBAR(0x404E6000) # mo_call_establishment_trace_setup_msg
new_region.set_size(0b01011) # 256*(2**4) aka 0x1000 aka 4096 bytes
new_region.set_en(1) # enabled
new_region.set_TEX_C_B(0b001,0,0) # non-cacheble
new_region.set_XN(0) # no XN bit
new_region.set_AP(0b011) # RW
new_region.set_S(1) # shareable
new_region.pprint()
评论列表
文章目录
