Skyeye is an open-source ARM emulator with a GDB stub, allowing you to use GDB to debug code running within the emulator.
Skyeye can be obtained at: gro.clinux.org/projects/skyeye/
All files are at: http://www.bradgoodman.com/skyeye The patch for skyeye-v1 is here: http://www.bradgoodman.com/skyeye/bkg_skyeye.patch (It's a little messy - i.e. adding a bunch of lines that are commented out - but I'll clean it up later.) The patch fixes a few things:
- Allows halfword and word read to 32-bit I/O ports via GDB (instead of 4 individual byte reads - which are not the same thing)
- Fixes in UART FIFO status registers which were not implemented and would break Linux S3C44B0X serial driver.
- Internal Interrupt status bits were not actually updated when things like the interrupt mask registers were modified - breaking interrupt suport.
My skyeye.conf file is here: http://www.bradgoodman.com/skyeye/skyeye.conf Note the memory images:
mem_bank: map=M, type=RW, addr=0x00000000, size=0x00400000, file=newboot.rom mem_bank: map=I, type=RW, addr=0x01c00000, size=0x00400000 mem_bank: map=M, type=RW, addr=0x0c000000, size=0x00400000, file=./linux
The file "newboot.rom" is a slightly modified version of the JuiceBox ROM file from emsoft's web site (boot.rom). It is actually importiant to have this loaded, because the ARM boot and (more important) interrupt vectors are down in this area (0x000000) - and point up to your installed kernel - the "./linux" file at 0xc000000.
(My linux and newboot.rom are included)
The Linux kernel I built was also from emsoft's web site - using the arm-elf-tools-20030314.sh toolchain to build it.
Also, the RAMdisk is in this image too - a ROMFS filesystem at address 0x100000 (0x10000 offset in this ROM file.)
The "slight modification" to the boot.rom is in the /etc/rc file in the RAMdisk. I added a command here to launch a shell /bin/sh:
/bin/sh < /dev/ttyS0 > /dev/ttyS0
To modify the ROMFS filesystem within the ROM image, you need to do a couple things:
- Get genromfs off of Source Forge
2. Yank the ROMFS image out of the boot.rom. Remember, this starts at offset 0x100000 from the file - so you can do this with:
dd if=boot.rom of=romfs.img bs=1024 skip=1024
(Note: For all you Dee-Dee-Dee types, 1024*1024=0x100000)
3. Mount the ROMFS filesytem: mount -t romfs romfs.img /mnt
4. Make your modifications to the filesytem, then use genfromfs to re-create it.
NOTEwhen you unpackage the ROMFS filesystem, all of the links become "normal" files. Since most of the stuff in the /bin directory (and maybe /sbin?) are links to /bin/busybox - this will make it a whopping 16M ROMFS image. To fix this, you're going to want to copy the old filesystem image (cp -ax /mnt /newdir). Then, find all the files in the /bin directory which as the same size as /bin/busybox, delete them, and make them symlinks to busybox. Then use *this* directory to rom genromfs on.
genromfs -a 16 -f newimage.img -d /newdir
5. Then put this image back into the ROM - copying it back to the 0x100000 offset of the file:
dd if=newimage.img of=newboot.rom bs=1024 seek=1024