Interesting stuff. Been on-and-off looking for a way to disassemble a binary for a long time, and this looks like the key!
Having teething issues with getting the python environment working at the moment, and I don't know 68000 (but familiar enough with 6502 so hopefully not too much to learn) but I thought I'd supply a little feedback! |
You're probably better off using Resource until I am a little further along the road.
|
@copse did you hit the road? :)
|
@copse that's exactly what "cheapres.py" does. finds the names passed to openlibrary and figures out the lib base variable.
But the program can be lost when there are wrappers around the OpenLibrary calls. For instance a C program adds a lot of wrappers and then you need to manually rename the calls for the tool to continue. Unless you execute the program formally, which is not a piece of cake. |
@Jotd
is there's a way to help cheapres.py to handle non recognzied lib call. Ex : MOVE.L D0,2016(A4) ;00000324: 294007e0 is saving localbase Can I tell cheapres that MOVE.L D0,2016(A4) = saving localbase to 2016(A4) so it could put the right function call when seeing things like move.l 2016(A4),a6 followed by a system call ? |
Not possible ATM. The only way is to change 2016(A4) to the library base then run the tool again. Which I admit is a weakness of the tool because you destroy the -offset(A4) address so the tool can detect LVOs. And if you want to reassemble the code, you can't. No biggie for me most of the time because i only use those sources for reverse engineering, but...
That would be much better to provide a configuration file to specify that those offsets are actually library bases. I may do that in a next future. About those A4 register-based variables that are hell... I know IRA can handle them, and so yesterday I added this feature as well here. say you have located the LEA to A4 in your code: Code:
LEA lb_00314+32766,A4 ;2b2be: 49f900008312 Code:
cheapres.py -i source.asm -b A4:2b2be Code:
MOVE.L A7,-13628(A4) ;2b268: 294fcac4 (links:aka=lb_04dd6) Code:
dc.w $4EF9 Code:
jmp some_func To conclude, cheapres also detects wrapper functions that just get args from stack and JMP to OS function. Both features above are illustrated below Code:
available in my repository now. |
Thanks I’ll look into it.
|
All times are GMT +2. The time now is 21:12. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.