Ghidra needs to understand which memory locations are RAM, ROM, I/O space, etc. for proper analysis.

Canon firmware loads some binary parts from ROM into a various memory locations. Those needs to be properly defined / loaded into a project before reverse engineering starts.

The goal of this article is to combine those two together into a memory map in Ghidra

Because Ghidra “overlay” function is meant mostly for memory banking, this means we cannot use it in “logical way”: first define that RAM is from `x to y`, then “overlay” ROMCOPY regions over that.

Usual workflow is to first add all rom copies into a memory map, then define all the memory map regions, working around those already occupied by ROMCOPY regions.

Visual explanation may make more sense. Image below contains a complete memory map for EOS R 1.8.0 (7.3.9) ROM. Cacheable RAM mirror on this model is available between 0x40000000 and '0xBFFFFFFF. Because DryOS loads some chunks into locations inside that region (see 0x40100000 and 40700000), those were added to a memory map first. Later all remaining “undefined” area between 0x40000000 and '0xBFFFFFFF was defined as uninitialized RAM to complete that part of a memory map.