接到客户一个项目是基本GD32F301C8XX的,尝试用手上的劳特巴赫仿真器对它进行开发操作,发现总是提示“FLASH algorithm did not execute completely”
怀疑是底层调用用烧录固件“~~/demo/arm/flash/word/stm32f300.bin”与芯片不兼容造成的,于是有了这编研究文档,多的不说直接上代码吧,具体的操作,请自行查代码理解。另外发了一篇C语言版本的在付费专栏
劳特巴赫ICD调试器CMM调用烧录框架固件研究之C语言版本
以下是反汇编代码
;-------------------------------------------------------------------------------
;---- DISASSEMBLE INFORMATION :
;---- File Name: ~~/demo/arm/flash/word/stm32f300.bin
;---- CPU Family: ARM
;---- CPU Factory: STM
;---- CPU Model: STM32F300C8
;---- Time Stamp: 621073228816300
;----
;---- Writen by: beacon_light@163.com
;---- Wechat: JingtongACT
;---- QQ: 351217023
;-------------------------------------------------------------------------------
AREA ROM, CODE, READWRITE, ALIGN=0
CODE16; =========================================================
reset_0PUSH {R4,LR}LDR R1, [R0,#0x1C]CMP R1, #1BEQ ll_C CMP R1, #0x21 ; '!'BNE ll_12
ll_C BL respond_program_60 POP {R4,PC}
ll_12 CMP R1, #2BEQ ll_1ACMP R1, #0x22 ; '"' BNE ll_20ll_1A BL respond_erase_page_FE POP {R4,PC}
ll_20 CMP R1, #5BEQ ll_28CMP R1, #0x25 ; '%' BNE ll_2Ell_28 BL respond_erase_chip_13A POP {R4,PC}
ll_2E CMP R1, #8BNE ll_38BL respond_unsuppond_1_174 POP {R4,PC}
ll_38 CMP R1, #9BNE ll_42BL respond_unsuppond_2_17A POP {R4,PC}
ll_42 CMP R1, #0xABEQ ll_4ACMP R1, #0xC BNE ll_50
ll_4A BL respond_verify_180 POP {R4,PC}
ll_50 CMP R1, #4BNE ll_5ABL respond_unsuppond_3_204 POP {R4,PC}
ll_5A MOVS R1, #0x8D STR R1, [R0,#0x1C]POP {R4,PC} ; ====================================
respond_program_60 PUSH {R4-R7,LR}MOVS R7, R0MOVS R0, #0SUB SP, SP, #0xCSTR R0, [SP,#8] LDR R0, off_20C LDR R0, [R0,#0x10]MOVS R1, #0x80ANDS R0, R1STR R0, [SP,#4] BL flash_unlock_246MOVS R0, #0x35 ; '5'BL set_flash_sts_670 LDR R4, [R7,#0x10]LDR R5, [R7,#0x14]MOVS R0, R4ORRS R0, R5MOVS R6, R7LSLS R0, R0, #0x1EADDS R6, #0x20 ; ' 'CMP R0, #0BEQ ll_BECMP R5, #0BLE ll_ECll_94 LDRH R1, [R6]MOVS R0, R4BL program_word_34ACMP R0, #4BNE ll_A8LDRH R1, [R4]LDRH R2, [R6]CMP R1, R2BEQ ll_B2ll_A8 MOVS R1, #0x68 ; 'h' CMP R0, #2BEQ ll_DCll_AE MOVS R1, #0x64 ; 'd'B ll_DC
ll_B2 ADDS R4, R4, #2 SUBS R5, R5, #2 ADDS R6, R6, #2 CMP R5, #0BGT ll_94B ll_EC
ll_BE CMP R5, #0BLE ll_EC
ll_C2 LDR R1, [R6] MOVS R0, R4BL program_off_30C CMP R0, #4BNE ll_D6LDR R1, [R4]LDR R2, [R6]CMP R1, R2 BEQ ll_E2
ll_D6 MOVS R1, #0x68 ; 'h'CMP R0, #2BNE ll_AE
ll_DC STR R1, [SP,#0x20+var_18]STR R4, [R7,#0x10]B ll_EC
ll_E2 ADDS R4, R4, #4 SUBS R5, R5, #4 ADDS R6, R6, #4 CMP R5, #0BGT ll_C2ll_EC LDR R0, [SP,#0x20+var_1C] CMP R0, #0BEQ ll_F6BL flash_lock_258ll_F6 LDR R0, [SP,#0x20+var_18]STR R0, [R7,#0x1C]ADD SP, SP, #0xCPOP {R4-R7,PC}; ====================================
respond_erase_page_FE PUSH {R4-R6,LR}MOVS R4, R0LDR R0, off_20C LDR R6, [R0,#0x10]MOVS R0, #0x80ANDS R6, R0BL flash_unlock_246MOVS R0, #0x35 ; '5'BL set_flash_sts_670 LDR R0, [R4,#0x10]BL erase_page_2A8MOVS R5, R0CMP R6, #0BEQ ll_124BL flash_lock_258ll_124 CMP R5, #4BNE ll_12E MOVS R0, #0STR R0, [R4,#0x1C]POP {R4-R6,PC}
ll_12E MOVS R1, #0x68 ; 'h'CMP R5, #2BEQ ll_136 MOVS R1, #0x65 ; 'e' ll_136 STR R1, [R4,#0x1C]POP {R4-R6,PC}; ====================================
respond_erase_chip_13APUSH {R4-R6,LR}MOVS R4, R0LDR R0, off_20C LDR R6, [R0,#0x10]MOVS R0, #0x80ANDS R6, R0BL flash_unlock_246MOVS R0, #0x35 ; '5'BL set_flash_sts_670 BL erase_chip_2DCMOVS R5, R0CMP R6, #0BEQ ll_15EBL flash_lock_258ll_15E CMP R5, #4BNE ll_168 MOVS R0, #0STR R0, [R4,#0x1C]POP {R4-R6,PC}
ll_168 MOVS R1, #0x68 ; 'h'CMP R5, #2BEQ ll_170 MOVS R1, #0x66 ; 'f'll_170 STR R1, [R4,#0x1C]POP {R4-R6,PC} ; ====================================
respond_unsuppond_1_174 MOVS R1, #0x8DSTR R1, [R0,#0x1C]BX LR ; ====================================
respond_unsuppond_2_17A MOVS R1, #0x8DSTR R1, [R0,#0x1C]BX LR ; ====================================
respond_verify_180 PUSH {R0,R4-R7,LR}SUB SP, SP, #4LDR R0, [SP,#4] LDR R0, [R0,#0x18]STR R0, [SP] LDR R0, [SP,#4]LDR R5, [R0,#0x10]MOVS R2, R0LDR R0, [SP]ADDS R2, #0x20 ; ' ' CMP R0, #0BLT ll_1FA ll_198 MOVS R6, #0LDR R0, [SP,#4] MOVS R4, R6LDR R3, [R0,#0x14]MOVS R1, R6CMP R3, #0MOV R12, R6 MOV LR, R6BEQ ll_1D6 ll_1AA LDR R0, [R5] ADDS R7, R0, #1 BEQ ll_1B4MOVS R7, #1MOV LR, R7ll_1B4 MOV R7, R12EORS R7, R0MOV R12, R7LSRS R7, R4, #0x1F LSLS R4, R4, #1ORRS R4, R7ADDS R6, R6, R0 EORS R4, R0CMP R7, #0BEQ ll_1CE LSRS R7, R1, #0x1FLSLS R1, R1, #1ORRS R1, R7ll_1CE ADDS R1, R1, R0 ADDS R5, R5, #4 SUBS R3, R3, #4 BNE ll_1AA ll_1D6 MOVS R0, #0xB4MOV R3, LRCMP R3, #0BEQ ll_1E0MOVS R0, #0xB5 ll_1E0 STR R0, [R2]MOVS R0, #1ADDS R3, R2, #4 STM R3!, {R0,R6} STR R4, [R2,#0x10]MOV R0, R12STR R1, [R2,#0x14]STR R0, [R2,#0xC] LDR R0, [SP]ADDS R2, #0x18 SUBS R0, R0, #1STR R0, [SP]BPL ll_198 ll_1FA LDR R0, [SP,#4]MOVS R1, #0xB7STR R1, [R0,#0x1C]ADD SP, SP, #8POP {R4-R7,PC} ; ====================================
respond_unsuppond_3_204 MOVS R1, #0x8DSTR R1, [R0,#0x1C]BX LR ; ------------------------------------------------------
DCB 0
DCB 0
off_20C DCD 0x40022000; ====================================
set_flash_delay_210LDR R2, off_5FCLDR R1, [R2]LSRS R1, R1, #2LSLS R1, R1, #2 ORRS R1, R0STR R1, [R2]BX LR ; ====================================
sub_21ELDR R1, off_5FCMOVS R2, #8CMP R0, #0LDR R0, [R1] BEQ ll_22CORRS R0, R2B ll_22E
ll_22C BICS R0, R2ll_22E STR R0, [R1]BX LR ; ====================================
set_preFlushBuffer_232LDR R1, off_5FCMOVS R2, #0x10CMP R0, #0LDR R0, [R1] BEQ ll_240 ORRS R0, R2B ll_242
ll_240 BICS R0, R2ll_242 STR R0, [R1]BX LR ; ====================================
flash_unlock_246 LDR R0, off_5FCLDR R1, [R0,#0x10]LSLS R1, R1, #0x18BPL ll_256 LDR R1, off_600 STR R1, [R0,#4]LDR R1, off_604 STR R1, [R0,#4]ll_256 BX LR ; ====================================
flash_lock_258 LDR R0, off_5FCLDR R1, [R0,#0x10]MOVS R2, #0x80ORRS R1, R2STR R1, [R0,#0x10]BX LR ; ====================================
test_flash_sts_264 LDR R1, off_5FCMOVS R0, #4LDR R2, [R1,#0xC] LSLS R2, R2, #0x1FBEQ ll_272 MOVS R0, #1BX LR
ll_272 LDR R2, [R1,#0xC] LSLS R2, R2, #0x1BBPL ll_27C MOVS R0, #2ll_27A BX LR
ll_27C LDR R1, [R1,#0xC] LSLS R1, R1, #0x1DBPL ll_27A MOVS R0, #3BX LR ; ====================================
wait_flash_success_286PUSH {LR}MOVS R3, R0BL test_flash_sts_264 B ll_296
ll_290 BL test_flash_sts_264SUBS R3, R3, #1 ll_296 CMP R0, #1BNE ll_2A0 CMP R3, #0BNE ll_290B ll_2A4
ll_2A0 CMP R3, #0BNE ll_2A6 ll_2A4 MOVS R0, #5ll_2A6 POP {PC} ; ====================================
erase_page_2A8 PUSH {R4-R7,LR}MOVS R7, #0xBMOVS R6, R0LSLS R7, R7, #0x10MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_2DA LDR R4, off_5FCLDR R0, [R4,#0x10]MOVS R5, #2ORRS R0, R5STR R0, [R4,#0x10]STR R6, [R4,#0x14]LDR R0, [R4,#0x10]MOVS R1, #0x40 ; '@'ORRS R0, R1STR R0, [R4,#0x10]MOVS R0, R7BL wait_flash_success_286 LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]ll_2DA POP {R4-R7,PC} ; ====================================
erase_chip_2DC PUSH {R4-R6,LR}MOVS R5, #0xB0000MOVS R0, R5BL wait_flash_success_286 CMP R0, #4BNE ll_30A LDR R4, off_5FCLDR R0, [R4,#0x10]MOVS R6, #4ORRS R0, R6STR R0, [R4,#0x10]LDR R0, [R4,#0x10]MOVS R1, #0x40 ; '@'ORRS R0, R1STR R0, [R4,#0x10]MOVS R0, R5BL wait_flash_success_286 LDR R1, [R4,#0x10]BICS R1, R6STR R1, [R4,#0x10]ll_30A POP {R4-R6,PC} ; ====================================
program_off_30C PUSH {R4-R7,LR}MOVS R7, #0xBMOVS R5, R0LSLS R7, R7, #0x10MOVS R6, R1MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_348 LDR R4, off_5FCLDR R0, [R4,#0x10]MOVS R1, #1ORRS R0, R1STR R0, [R4,#0x10]STRH R6, [R5] MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_340LSRS R0, R6, #0x10 STRH R0, [R5,#2] MOVS R0, R7BL wait_flash_success_286 ll_340 LDR R1, [R4,#0x10]LSRS R1, R1, #1LSLS R1, R1, #1 STR R1, [R4,#0x10]ll_348 POP {R4-R7,PC} ; ====================================
program_word_34A PUSH {R4-R7,LR}MOVS R7, #0x0000000BMOVS R5, R0LSLS R7, R7, #0x10MOVS R6, R1MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_378 LDR R4, off_5FCLDR R0, [R4,#0x10]MOVS R1, #1ORRS R0, R1STR R0, [R4,#0x10]STRH R6, [R5] MOVS R0, R7BL wait_flash_success_286 LDR R1, [R4,#0x10]LSRS R1, R1, #1 LSLS R1, R1, #1STR R1, [R4,#0x10]ll_378 POP {R4-R7,PC} ; ====================================
flash_unlock_37ALDR R0, off_5FCLDR R1, [R0,#0x10]LSLS R1, R1, #0x16 BMI ll_38A LDR R1, off_600 STR R1, [R0,#8]LDR R1, off_604 STR R1, [R0,#8]ll_38A BX LR ; ====================================
flash_lock_option_38CLDR R1, off_5FCLDR R0, [R1,#0x10]ASRS R2, R1, #0x15BICS R0, R2STR R0, [R1,#0x10]BX LR ; ====================================
sub_398LDR R0, off_5FCLDR R1, [R0,#0x10]MOVS R2, #0x2000ORRS R1, R2STR R1, [R0,#0x10]BX LR ; ====================================
check_rdp1_statu_3A6LDR R1, off_5FCMOVS R0, #0LDR R1, [R1,#0x1C]LSLS R1, R1, #0x1DLSRS R1, R1, #0x1E BEQ ll_3B4MOVS R0, #1ll_3B4 BX LR ; ====================================
program_option_user_3B6PUSH {R4-R7,LR}MOVS R4, #0xAA BL check_rdp1_statu_3A6 CMP R0, #0BEQ ll_3C4 MOVS R4, #0ll_3C4 MOVS R7, #0xB0000MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_412 LDR R5, off_5FCLDR R0, [R5,#0x10]MOVS R6, #0x20 ; ' 'ORRS R0, R6STR R0, [R5,#0x10]LDR R0, [R5,#0x10]MOVS R1, #0x40 ; '@'ORRS R0, R1STR R0, [R5,#0x10]MOVS R0, R7BL wait_flash_success_286 MOVS R1, #0x10CMP R0, #4BNE ll_414 LDR R0, [R5,#0x10]BICS R0, R6STR R0, [R5,#0x10]LDR R0, [R5,#0x10]MOVS R6, R1ORRS R0, R1STR R0, [R5,#0x10]LDR R0, off_608STRH R4, [R0]MOVS R0, R7BL wait_flash_success_286 CMP R0, #5BEQ ll_412 LDR R1, [R5,#0x10]BICS R1, R6STR R1, [R5,#0x10]ll_412 POP {R4-R7,PC}
ll_414 CMP R0, #5BEQ ll_412 LDR R2, [R5,#0x10]BICS R2, R1STR R2, [R5,#0x10]POP {R4-R7,PC} ; ====================================
write_option_wrpn_420PUSH {R4-R7,LR}MVNS R0, R0LSLS R4, R0, #0x18 LSLS R0, R0, #0x10 LSRS R5, R0, #0x18MOVS R0, #0xBLSRS R4, R4, #0x18LSLS R0, R0, #0x10BL wait_flash_success_286 CMP R0, #4BNE ll_470 LDR R6, off_5FCLDR R1, [R6,#0x10]MOVS R2, #0x10ORRS R1, R2STR R1, [R6,#0x10]LDR R7, off_608CMP R4, #0xFFBEQ ll_456 STRH R4, [R7,#8] MOVS R0, #0xB0000 BL wait_flash_success_286 CMP R0, #4BNE ll_464 ll_456 CMP R5, #0xFF BEQ ll_468 STRH R5, [R7,#0xA] MOVS R0, #0xB0000 BL wait_flash_success_286 ll_464 CMP R0, #5BEQ ll_470 ll_468 LDR R1, [R6,#0x10]MOVS R2, #0x10 BICS R1, R2STR R1, [R6,#0x10]ll_470 POP {R4-R7,PC} ; ====================================
reprogram_option_472PUSH {R4-R7,LR}MOVS R7, #0xBMOVS R6, R0LSLS R7, R7, #0x10MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_4C2 LDR R4, off_5FCLDR R0, [R4,#0x10]MOVS R5, #0x20 ; ' 'ORRS R0, R5STR R0, [R4,#0x10]LDR R0, [R4,#0x10]MOVS R1, #0x40 ; '@'ORRS R0, R1STR R0, [R4,#0x10]MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_4B8LDR R0, [R4,#0x10]BICS R0, R5STR R0, [R4,#0x10]LDR R0, [R4,#0x10]MOVS R5, #0x10ORRS R0, R5STR R0, [R4,#0x10]LDR R0, off_608STRH R6, [R0]MOVS R0, R7BL wait_flash_success_286 ll_4B8 CMP R0, #5BEQ ll_4C2 LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]ll_4C2 POP {R4-R7,PC} ; ====================================
set_1ffff802_to_f8_4C4PUSH {R4-R7,LR}MOVS R6, R0LDR R0, off_600LDR R4, off_5FCMOVS R7, R1MOV R12, R2STR R0, [R4,#8] LDR R0, off_604STR R0, [R4,#8] MOVS R0, #0xB0000BL wait_flash_success_286 CMP R0, #4BNE ll_50A LDR R0, [R4,#0x10]MOVS R5, #0x10ORRS R0, R5STR R0, [R4,#0x10]ORRS R6, R7MOV R0, R12ORRS R6, R0MOVS R0, #0xF8ORRS R6, R0LDR R0, off_608STRH R6, [R0,#2] MOVS R0, #0xB0000BL wait_flash_success_286 CMP R0, #5BEQ ll_50A LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]ll_50A POP {R4-R7,PC} ; ====================================
set_1ffff802_to_ef_50CPUSH {R4-R7,LR}MOVS R6, R0LDR R0, off_600LDR R4, off_5FCSTR R0, [R4,#8] LDR R0, off_604STR R0, [R4,#8] MOVS R7, #0xB0000MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_548 LDR R0, [R4,#0x10]MOVS R5, #0x10ORRS R0, R5STR R0, [R4,#0x10]MOVS R0, #0xEFORRS R6, R0LDR R0, off_608STRH R6, [R0,#2] MOVS R0, R7BL wait_flash_success_286CMP R0, #5BEQ ll_548 LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]ll_548 POP {R4-R7,PC} ; ====================================
set_1ffff802_to_df_54APUSH {R4-R7,LR}MOVS R6, R0LDR R0, off_600LDR R4, off_5FCSTR R0, [R4,#8] LDR R0, off_604STR R0, [R4,#8] MOVS R7, #0xB0000MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_586 LDR R0, [R4,#0x10]MOVS R5, #0x10ORRS R0, R5STR R0, [R4,#0x10]MOVS R0, #0xDFORRS R6, R0LDR R0, off_608STRH R6, [R0,#2] MOVS R0, R7BL wait_flash_success_286CMP R0, #5BEQ ll_586 LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]ll_586 POP {R4-R7,PC} ; ====================================
write_option_user_to_bf_588PUSH {R4-R7,LR}MOVS R7, #0xBMOVS R6, R0LSLS R7, R7, #0x10MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_5BC LDR R4, off_5FCLDR R0, [R4,#0x10]MOVS R5, #0x10ORRS R0, R5STR R0, [R4,#0x10]MOVS R0, #0xBFORRS R6, R0LDR R0, off_608 STRH R6, [R0,#2]MOVS R0, R7BL wait_flash_success_286 CMP R0, #5BEQ ll_5BC LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]ll_5BC POP {R4-R7,PC} ; ====================================
write_option_user_to_88_5BEPUSH {R4-R7,LR}MOVS R6, R0LDR R0, off_600LDR R4, off_5FCSTR R0, [R4,#8] LDR R0, off_604STR R0, [R4,#8] MOVS R7, #0xB0000MOVS R0, R7BL wait_flash_success_286 CMP R0, #4BNE ll_5FA LDR R0, [R4,#0x10]MOVS R5, #0x10ORRS R0, R5STR R0, [R4,#0x10]MOVS R0, #0x88ORRS R6, R0LDR R0, off_608STRH R6, [R0,#2] MOVS R0, R7BL wait_flash_success_286 CMP R0, #5BEQ ll_5FA LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]ll_5FA POP {R4-R7,PC} ; ------------------------------------------------------
off_5FC DCD 0x40022000
off_600 DCD 0x45670123
off_604 DCD 0xCDEF89AB
off_608 DCD 0x1FFFF800; ====================================
write_option_byte_60CPUSH {R4-R7,LR}MOVS R6, R0MOVS R0, #0xBMOVS R7, R1LSLS R0, R0, #0x10BL wait_flash_success_286 CMP R0, #4BNE ll_5FA LDR R4, off_678LDR R0, [R4,#0x10]MOVS R5, #0x10ORRS R0, R5STR R0, [R4,#0x10]STRH R7, [R6] MOVS R0, #0xB0000BL wait_flash_success_286 CMP R0, #5BEQ ll_5FA LDR R1, [R4,#0x10]BICS R1, R5STR R1, [R4,#0x10]B ll_5FA ; ====================================
get_flash_ob_high_63ELDR R0, off_678LDR R0, [R0,#0x1C]LSLS R0, R0, #0x10 LSRS R0, R0, #0x18BX LR; ====================================
get_flash_wrp_648LDR R0, off_678LDR R0, [R0,#0x20]BX LR; ====================================
update_flash_ctrll_64ELDR R2, off_678CMP R1, #0LDR R1, [R2,#0x10]BEQ ll_65A ORRS R1, R0B ll_65C
ll_65A BICS R1, R0ll_65C STR R1, [R2,#0x10]BX LR; ====================================
test_flash_sts_660LDR R1, off_678MOVS R2, R0LDR R1, [R1,#0xC] MOVS R0, #0TST R1, R2BEQ ll_66EMOVS R0, #1ll_66E BX LR; ====================================
set_flash_sts_670 LDR R1, off_678STR R0, [R1,#0xC] BX LR; ------------------------------------------------------
DCB 0
DCB 0
off_678 DCD 0x40022000
rightlight DCB "(C) Lauterbach - $Rev: 2382 $"END
