这个函数是在load bin的时候用的，必须得找到ROMHDR，找到了之后才去真正load bin文件的每个sector。关于ROMHDR，相信大家应该经常见到了，在eboot的bootloadermain函数中有ROMHDR * volatile const pTOC = (ROMHDR *)-1; 这样一个语句。Bootloader在启动之后主要作用就是拷贝内核到指定地址的ram中去，而boot代码之所以知道需要拷贝哪些代码或数据段到目标地址，是因为它根据一个约定的数据结构来拷贝的，这个数据结构就是ROMHDR。它是在产生ROM image的时候由OS linker来填充的。也就是这里所说的以“CECE”开头的数据段。

 

// Search for a valid ROMHDR.  This callback looks for sections that
// are 8 bytes long and that contain a "CECE" signature.  It then
// enumerates all sections looking for one whose offset matches the
// offset following the "CECE" signature.  That will be the ROMHDR
// itself.
HeaderCallbackCode FindROMHDR(unsigned __int8 *RomImage, DWORD FileSize, const CESectionHeader *pSection)
{
 CESectionHeader sectionHeaderLocal;
 if ( !safe_copy((void*)&sectionHeaderLocal, (void *)pSection, sizeof(CESectionHeader) ))
 {
  return Error_StopEnumerating;
 }

 if (sectionHeaderLocal.fSectionSize != 8) {
  return ContinueEnumerating;
 }

 unsigned __int32 ContentsLocal[2];
 if ( !safe_copy((void*)&ContentsLocal[0], (void *)&pSection[1], sizeof(ContentsLocal) ))
 {
  return Error_StopEnumerating;
 }

 if (ContentsLocal[0] != 0x43454345) {
  return ContinueEnumerating;
 }

 ROMHDRAddress = ContentsLocal[1];
 pROMHDR = NULL;

 if (ForEachSectionHeader(RomImage, FileSize, FindROMHDRFromAddress)) {
  // Enumerating completed successfully.  Now... did we find a ROMHDR for our pSection?
  if (pROMHDR) {
   return Success_StopEnumerating;
  } else {
   return ContinueEnumerating;
  }
 }
 return Error_StopEnumerating;
}