Thread: Discussion Walkera DEVO Tx Hacking
View Single Post
Old Apr 06, 2012, 10:25 AM
PhracturedBlue is offline
Find More Posts by PhracturedBlue
Registered User
Joined Jan 2012
682 Posts
Originally Posted by FDR_ View Post
I see, but thought it starts at 0x08000000 mapped to 0x00000000 because of the BOOT0 & BOOT1 configured to boot from flash. Why is there an other vector table at 0x08004000?

I should dig deeper into the reference manuals, I think...
Your understanding is correct, but the bootloader changes things. Walkera is using a custom bootloader (not the built-in one), which executes as regular code. The bootloader lives at 0x08000000. A normal bootloader, will let the user redefine the vector table in the code being loaded. Normally it would redefine the vector-table start at the program load address (0x08004000 for us) and then jump to the reset vector, thus acting for the most part as if the program had been loaded at 0x08000000. However, the code at the reset address in the dfu at 08004000 makes little sense to me, so I am wondering if they've tweaked things a bit (this is one reason we want to extract the we can see what it is up to)
PhracturedBlue is offline Find More Posts by PhracturedBlue
Reply With Quote