Thank you very much for your tips, especially strace was very helpful. I actually had already tried to patch [SYS_mmap, SYS_munmap] like you said but I always got a python error that I could make no sense of. strace showed me that the syscall for mmap was performed, but the offset parameter was wrong. So I now have [SYS_mmap, SYS_munmap] = [192,91] I also had to add the line "offset = int(offset/4096)" because mmap2 seems to want the offset in 4096 byte units.
So the csscan tool works now, but I don't know if the output is of any use.
After starting the trace I get: @0x500dc000 0x23b 0x956 r0.0 <unknown part> ETM <no arch> - claimed:0x1
If I force it to be detected as ETM (by setting condition in line 1120 to TRUE) I get: @0x500dc000 0x23b 0x956 r0.0 <unknown part> ETM <no arch> devid=0x0 pdsr=0x00000001 etmid1=0x410cf250 ETMv3.5 claimed:0x1
When I pass the address of my rom table (without running the tracing), I get this output: @0x50080000 0x020 0x500 r2.0 ROM table @0x50082000 0x23b 0x101 r1.0 <unknown part> CoreSight timestamp generator disabled frequency: 0Hz time: 0 time: 0 measured frequency: 0MHz 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 @0x50083000 0x23b 0x914 r2.0 <unknown part> port <no arch> - @0x50090000 0x020 0x001 r0.0 ROM table @0x50091000 0x23b 0x908 r3.0 CS Funnel funnel <no arch> in-ports:5 ports enabled: 00000 hold time: 3 @0x50092000 0x23b 0x961 r1.0 CS TMC fifo <no arch> TMC:ETF size:8192 memwidth:128 mode: circular buffer flush control: formatting format-triggers stop-on-flush status: TMCready FtEmpty state: Disabled @0x50093000 0x23b 0x912 r5.0 CS TPIU port <no arch> TPIU @0x50094000 0x23b 0x906 r5.0 CS CTI CTI <no arch> channels:4 triggers:8 CTI disabled channel gate: 1111 trigger inputs: 00000010 latched: 00000000 trigger outputs: 00000000 channel inputs: 0000 channel outputs: 0000 @0x500a0000 0x23b 0x963 r1.0 CS STM-500 STM Arm STM rev1 ports:65536 @0x500d0000 0x23b 0xc07 r5.0 <unknown part> core-debug <no arch> - @0x500d1000 0x23b 0x9a7 r5.0 <unknown part> PMU (core) <no arch> - @0x500d2000 0x23b 0xc07 r5.0 <unknown part> core-debug <no arch> - @0x500d3000 0x23b 0x9a7 r5.0 <unknown part> PMU (core) <no arch> - @0x500d8000 0x23b 0x906 r4.0 CS CTI CTI <no arch> channels:4 triggers:8 CTI disabled channel gate: 1111 trigger inputs: 00010000 latched: 00000000 trigger outputs: 00000000 channel inputs: 0000 channel outputs: 0000 @0x500d9000 0x23b 0x906 r4.0 CS CTI CTI <no arch> channels:4 triggers:8 CTI disabled channel gate: 1111 trigger inputs: 00010000 latched: 00000000 trigger outputs: 00000000 channel inputs: 0000 channel outputs: 0000 @0x500dc000 0x23b 0x956 r0.0 <unknown part> ETM <no arch> - @0x500dd000 0x23b 0x956 r0.0 <unknown part> ETM <no arch>
Best regards, Finn