IDA Disassembler

BippyM · 10 July 2008, 13:45

Has anyone got experience of this?

What can it do, and how is it comparable to resource (Resource can insert lib offsets, hardware offsets etc)

StingRay · 10 July 2008, 14:26

IDA is quite powerful, you can f.e. code your own plugins for it if you need a disassembler for an unknown/exotic CPU. However, for Amiga stuff I still prefer ReSource as it's a native Amiga disassembler and thus features many Amiga specific things not found in IDA.

zenox98 · 10 July 2008, 14:39

I've used IDA quite extensively in combination with w32dasm to reverse certain protections - for educational purposes you understand - all of which were Windoze based. I did try an amiga file, but found Resource more suitable because of it's built-in library offset functions.

Regardless of which one you choose, they both require a lot of time, effort and considerable patience.

heavy · 10 July 2008, 20:42

I use it for both platform win and amiga exe.
very good. (old version a little bit buggy with information window

)

hitchhikr · 11 July 2008, 10:54

As i already said here for executable files, resource have an edge, for absolute addresses files IDA may be more suited.

Also IDA reports how some data are referenced (by data or by code) so it helps to determine what's what during disassembling and the navigation is generally easier than with resource.

Edit: and Resource have troubles disassembling anything than plain 68000 instructions.

crabfists · 11 July 2008, 22:51

Well I may not have a very balanced opinion because I have used IDA pro heavily and ReSource not so much but what I can tell is that IDA is very easy to use compared to ReSource and has some nice features such as a graph view (can visualise routines and the flow of execution with a graphical "node view"). Having multiple windows onto the disassembly is nice too. Windows can show hex data, which other routines call current routine, strings etc.

As has already been mentioned, if you are working with some code which uses a lot of custom chips or library routines then I would recommend using ReSource as it much better at giving meaningful disassembly as it knows about library offsets and custom chip flags etc.

One thing which I like is the way you can create memory segments in IDA. For the disassembly of Ruff'n'Tumble I create one big memory segment which starts at address 0 (start of chipram) and ends at address $1000000 (end of rom). Then I load in a memory dump from WinUae of the chipram to location 0 and the slowram to location $c00000 and then disassemble. This gives me a nice big picture of what is going on and any memory locations referenced outside of the chipram and slowram will be marked and given an auto generated name. These can be renamed to something meaningful. Eg $df000 == custom_base etc. One thing I find frustrating about IDA is if you have something like this... :

Code:

lea (custom_base).l, a5
move $7C7F, $96(a5)

... I haven't figured out how to make it substitute the $96(a5) with the name set for memory location custom_base+$96 (which I have named as dmacon in IDA).

hitchhikr · 12 July 2008, 10:22

On the other hand Resource provides ways to handle word sized jump tables and base registers relative variables (x(ax)) quite efficiently.

crabfists · 20 July 2008, 11:19

I've been mucking about figuring out how to write IDA plugins over the past few days and I've worked it out now - it's quite straight forward really. Somehow I thought there would be more of a learning curve but it's really not too bad. As something easy to start with I've written a "Copper list annotater" which, if you tell it where a copper list starts, will "disassemble" the copper list and add comments telling you what each copper instruction does (exactly the same as if you use the "o" command in the WinUAE debugger). I actually based it on the code from WinUAE to save re-inventing the wheel.

I'll post a link to it including source code when I get a chance as I think somebody might find it useful. I was thinking it would hopefully not be a huge job to write a plugin which filled in custom chip names or names of library calls. I may do the custom chip one as a next step perhaps depending on my motivation and interest from others. The library routine name one wouldn't be that useful at the moment to me so I may not look at that. Be quite easy for someone else to do though. Would be great if we could get to the stage where we've got a nice suite of Amiga plugins for IDA Pro.

heavy · 20 July 2008, 11:37

nice. or post it in the zone

crabfists · 22 July 2008, 00:19

Here is the IDA plugin and source code for disassembling copper lists. Attached is a screen shot of what it does.

Instructions:

1 - Copy this plw file to the "plugin" directory of your IDA install directory - (C:\Program Files\IDA\plugins) by default.
2 - Start IDA.
3 - Move cursor to start of where you think the copper list is located.
4 - Run plugin by selecting "Edit->Plugins->Annotate copper list".

Any comments, suggestions or bug reports welcome!

Useful links...

pdf book on IDA Plugin writing - useful for getting started with plugins.
Wizard for writing plugins in Visual Studio.

zenox98 · 22 July 2008, 09:16

Nice, crabfists. I'll try it out later

kamelito · 29 June 2014, 13:52

Not IDA but ODA online disassembler might be handy if you're not at home and wanted to try something...

http://onlinedisassembler.com/odaweb/
Kamelito

Lonewolf10 · 29 June 2014, 19:50

Quote:

Originally Posted by kamelito

Not IDA but ODA online disassembler might be handy if you're not at home and wanted to try something...

http://onlinedisassembler.com/odaweb/
Kamelito

It seems to work for the 68000 (remember to set the endian correctly!), but the disassembled output is not quite in the format I am used to. It is still very much readable though

phx · 30 June 2014, 15:14

It's the MIT syntax, suitable for the GNU assembler.

I found the online disassembler quite slow, and it always flips back into i386 mode, when you paste something. Only useful for small pieces of code, when you have no disassembler at hand.

Lonewolf10 · 01 July 2014, 23:22

Quote:

Originally Posted by phx

It's the MIT syntax, suitable for the GNU assembler.

Ahhh

Quote:

Originally Posted by phx

I found the online disassembler quite slow

Yes, it does seem to take a while to update. Not sure if it updates each time you enter a line of code, or whether it waits 10 seconds before deciding to update (if code has been altered).

The list of CPU's is impressive though, atleast 100+ (no I didn't bother to count them

)

demolition · 02 July 2014, 00:04

Quote:

Originally Posted by Lonewolf10

The list of CPU's is impressive though, atleast 100+ (no I didn't bother to count them

)

Meh, I can't even find a 6502 in the list..

kamelito · 02 July 2014, 13:44

Quote:

Originally Posted by demolition

Meh, I can't even find a 6502 in the list..

Z80 is there

demolition · 02 July 2014, 13:55

Quote:

Originally Posted by kamelito

Z80 is there

And how is that in any way related to the 6502? :-)

copse · 03 July 2014, 07:21

This is loosely similar to what I planned for my own disassembler. Ideally in the long run, wanting to see collaborative and version controlled online UI. So you could see that Nignog disassembled Ironlord (god knows why) back in 2014 and continue from where they left off with their comments. A pipe dream, but would be nice. Could do it as an HTML5 application that worked offline (would have to).

SparkyNZ · 04 March 2015, 19:14

Quote:

Originally Posted by crabfists

Here is the IDA plugin and source code for disassembling copper lists. Attached is a screen shot of what it does.

These links appear to have disappeared. Can you please repost these?

10 July 2008, 13:45	#1
BippyM Global Moderator Join Date: Nov 2001 Location: Derby, UK Age: 48 Posts: 9,355	IDA Disassembler Has anyone got experience of this? What can it do, and how is it comparable to resource (Resource can insert lib offsets, hardware offsets etc)

11 July 2008, 10:54	#5
hitchhikr Registered User Join Date: Jun 2008 Location: somewhere else Posts: 511	As i already said here for executable files, resource have an edge, for absolute addresses files IDA may be more suited. Also IDA reports how some data are referenced (by data or by code) so it helps to determine what's what during disassembling and the navigation is generally easier than with resource. Edit: and Resource have troubles disassembling anything than plain 68000 instructions. Last edited by hitchhikr; 11 July 2008 at 16:39.

11 July 2008, 22:51	#6
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	Well I may not have a very balanced opinion because I have used IDA pro heavily and ReSource not so much but what I can tell is that IDA is very easy to use compared to ReSource and has some nice features such as a graph view (can visualise routines and the flow of execution with a graphical "node view"). Having multiple windows onto the disassembly is nice too. Windows can show hex data, which other routines call current routine, strings etc. As has already been mentioned, if you are working with some code which uses a lot of custom chips or library routines then I would recommend using ReSource as it much better at giving meaningful disassembly as it knows about library offsets and custom chip flags etc. One thing which I like is the way you can create memory segments in IDA. For the disassembly of Ruff'n'Tumble I create one big memory segment which starts at address 0 (start of chipram) and ends at address $1000000 (end of rom). Then I load in a memory dump from WinUae of the chipram to location 0 and the slowram to location $c00000 and then disassemble. This gives me a nice big picture of what is going on and any memory locations referenced outside of the chipram and slowram will be marked and given an auto generated name. These can be renamed to something meaningful. Eg $df000 == custom_base etc. One thing I find frustrating about IDA is if you have something like this... : Code: lea (custom_base).l, a5 move $7C7F, $96(a5) ... I haven't figured out how to make it substitute the $96(a5) with the name set for memory location custom_base+$96 (which I have named as dmacon in IDA).

22 July 2008, 00:19	#10
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	Here is the IDA plugin and source code for disassembling copper lists. Attached is a screen shot of what it does. Instructions: 1 - Copy this plw file to the "plugin" directory of your IDA install directory - (C:\Program Files\IDA\plugins) by default. 2 - Start IDA. 3 - Move cursor to start of where you think the copper list is located. 4 - Run plugin by selecting "Edit->Plugins->Annotate copper list". Any comments, suggestions or bug reports welcome! Useful links... pdf book on IDA Plugin writing - useful for getting started with plugins. Wizard for writing plugins in Visual Studio. Attached Thumbnails

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Disassembler	copse	Coders. General	86	01 January 2023 20:34
Peasauce disassembler	copse	Coders. General	1	31 January 2021 20:54
Sandisk EXTREME III 4GB CF card compatible with IDA-CF adapter ?	Overdoc	support.Hardware	4	27 December 2008 13:44
ReSource disassembler	gizmomelb	request.Apps	5	21 January 2006 23:50
Built in disassembler	XDread	request.UAE Wishlist	4	24 April 2004 02:20

10 July 2008, 14:26	#2
StingRay move.l #$c0ff33,throat Join Date: Dec 2005 Location: Berlin/Joymoney Posts: 6,863	IDA is quite powerful, you can f.e. code your own plugins for it if you need a disassembler for an unknown/exotic CPU. However, for Amiga stuff I still prefer ReSource as it's a native Amiga disassembler and thus features many Amiga specific things not found in IDA.

10 July 2008, 14:39	#3
zenox98 Joy Division Join Date: Nov 2006 Location: East Yorkshire Age: 60 Posts: 239	I've used IDA quite extensively in combination with w32dasm to reverse certain protections - for educational purposes you understand - all of which were Windoze based. I did try an amiga file, but found Resource more suitable because of it's built-in library offset functions. Regardless of which one you choose, they both require a lot of time, effort and considerable patience.

10 July 2008, 20:42	#4
heavy noodle Join Date: Jun 2007 Location: europe Posts: 247	I use it for both platform win and amiga exe. very good. (old version a little bit buggy with information window )

12 July 2008, 10:22	#7
hitchhikr Registered User Join Date: Jun 2008 Location: somewhere else Posts: 511	On the other hand Resource provides ways to handle word sized jump tables and base registers relative variables (x(ax)) quite efficiently.

20 July 2008, 11:19	#8
crabfists Registered User Join Date: Feb 2008 Location: warrington UK Posts: 118	I've been mucking about figuring out how to write IDA plugins over the past few days and I've worked it out now - it's quite straight forward really. Somehow I thought there would be more of a learning curve but it's really not too bad. As something easy to start with I've written a "Copper list annotater" which, if you tell it where a copper list starts, will "disassemble" the copper list and add comments telling you what each copper instruction does (exactly the same as if you use the "o" command in the WinUAE debugger). I actually based it on the code from WinUAE to save re-inventing the wheel. I'll post a link to it including source code when I get a chance as I think somebody might find it useful. I was thinking it would hopefully not be a huge job to write a plugin which filled in custom chip names or names of library calls. I may do the custom chip one as a next step perhaps depending on my motivation and interest from others. The library routine name one wouldn't be that useful at the moment to me so I may not look at that. Be quite easy for someone else to do though. Would be great if we could get to the stage where we've got a nice suite of Amiga plugins for IDA Pro.

20 July 2008, 11:37	#9
heavy noodle Join Date: Jun 2007 Location: europe Posts: 247	nice. or post it in the zone

22 July 2008, 09:16	#11
zenox98 Joy Division Join Date: Nov 2006 Location: East Yorkshire Age: 60 Posts: 239	Nice, crabfists. I'll try it out later

29 June 2014, 13:52	#12
kamelito Zone Friend Join Date: May 2006 Location: France Posts: 1,801	Not IDA but ODA online disassembler might be handy if you're not at home and wanted to try something... http://onlinedisassembler.com/odaweb/ Kamelito

30 June 2014, 15:14	#14
phx Natteravn Join Date: Nov 2009 Location: Herford / Germany Posts: 2,496	It's the MIT syntax, suitable for the GNU assembler. I found the online disassembler quite slow, and it always flips back into i386 mode, when you paste something. Only useful for small pieces of code, when you have no disassembler at hand.

03 July 2014, 07:21	#19
copse Registered User Join Date: Jul 2009 Location: Lala Land Posts: 520	This is loosely similar to what I planned for my own disassembler. Ideally in the long run, wanting to see collaborative and version controlled online UI. So you could see that Nignog disassembled Ironlord (god knows why) back in 2014 and continue from where they left off with their comments. A pipe dream, but would be nice. Could do it as an HTML5 application that worked offline (would have to).

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)