Ghidra for amiga disassembling - Page 2

copse · 15 February 2024, 20:58

I've tried my first export of my Federation of Free Traders project to assembler, and it's painful to say the least. Ghidra clips mnemonic src/dst columns in the export and the asm appears to be corrupted..

The exported asm (sans clipping corruption) doesn't look too far off Amiga syntaxes. I suspect if I spend an hour or two looking into it, and maybe write my own export plugin I can get something out of it.. but still.

copse · 15 February 2024, 21:07

Here's an example:

Code:

ram:00000930    0ab900008...    eori.l      #0x8000,(currentDoubleBufferOffsetMay...

Actually, there are column widths settable so I guess you just have to bump it up to avoid this clipping. In this case, that's 40 from the "#" to the "...".

copse · 28 February 2024, 08:28

Ghidra 11.0.1.
How to make a function from a pointer assigned to a table.

In Pool of Radiance an affects table is populated with function handlers by affect type as index (I exported my executable with symbols already defined from Resource hence the label names being Resource-created):

Code:

        002308e6 43 fa f7 14     lea        (-0x8ec,PC)=>lbC010FFC,A1
        002308ea 23 c9 00        move.l     A1,(DAT_00287b26).l
                 28 7b 26

Unfortunately these are not recognised as functions by Ghidra. Viewing the decompilation shows something like:

Code:

/* WARNING: Removing unreachable block (ram,0x0023003e) */

void UndefinedFunction_0022fffc(void)
...

Going back to the first snippet I double-click on lbC010FFC and view the label.

Code:

                             lbC010FFC                                       XREF[1]:     SetupAffectTables:002308e6(*)  
        0022fffc 4e 55 ff fc     link.w     A5,-0x4
        00230000 bf f9 00        cmpa.l     (hSPLower).l,SP
                 28 9d 28

The cursor is on the lbC010FFC label. I type F to create a function, then F again to edit the function signature. Then due to double-binding I get presented with a dialog with "Edit Function" as an option along with something else. I hit enter as "Edit Function" is the default selection.

The way I have found to define the standard affect handler function signature is to paste in:

Code:

void Affect00E46E (character_s * char_p, effect_s * effect_p, int param_3)

Then I edit the function name manually to include the 10FFC from the label and hit enter to commit the name and parameters in the dialog, then enter again to commit it as the function signature.

Hope this helps someone!

copse · 29 February 2024, 22:20

Ghidra 11.0.1.
Here's another minor quirk that doesn't happen too often related to decompilation, local variable types and reuse of stack-based local variables.

Code:

byte BuildNearTargets(character_s *char_p,byte max_range)

{
...
  character_s *local_14;
...
  local_14 = (character_s *)PlayerMapPosX_Thunk4(char_p);
  local_10 = PlayerMapPosY_Thunk4(char_p);
...
  if (DAT_0028783a != 0) {
    for (i = 1; bVar2 = result_count, i <= bVar1; i = i + 1) {
      local_14 = (&g_character_array)[*(byte *)((int)&g_map_to_background_tile + (uint)i * 3 + 2)];

In this case map pos x is a long stored at the same stack offset as the character_s pointer assigned below. Ghidra cannot share the variable type and forces it to the later usage.

Related issue: https://github.com/NationalSecurityA...ra/issues/2573

Not a big deal in the scheme of things, but useful to understand. Hope this helps someone!

alexh · 01 March 2024, 10:32

For Ambermoon I believe they wrote an exporter plugin?

But I think you're right exporting wasn't fun and Pyrdacor said numerous times he wanted to leave Ghidra environment following a successfull disassembly and re-assembly and continue working only on the exported files as soon as possible.

copse · 13 March 2024, 06:50

Ghidra 11.0.1

There's another likely m68k bug in ghidra decompilation, where the first variable of a struct is an array or pointer it will decompile references to later variables in the struct (even outside the fixed array bounds) as relative to that first variable.

For example:

Code:

struct character_s {
    char name[14];
    ...
    ushort x;
    ...
}

The decompilation will look something like:

Code:

void f(character_s *char_p) {
    ...
    ... (ushort)*(char_p->name + 30) ...
    ...
}

Perhaps not the exact syntax but you get hte idea.

15 February 2024, 21:07	#22
copse Registered User Join Date: Jul 2009 Location: Lala Land Posts: 522	Here's an example: Code: ram:00000930 0ab900008... eori.l #0x8000,(currentDoubleBufferOffsetMay... Actually, there are column widths settable so I guess you just have to bump it up to avoid this clipping. In this case, that's 40 from the "#" to the "...".

28 February 2024, 08:28	#23
copse Registered User Join Date: Jul 2009 Location: Lala Land Posts: 522	Ghidra 11.0.1. How to make a function from a pointer assigned to a table. In Pool of Radiance an affects table is populated with function handlers by affect type as index (I exported my executable with symbols already defined from Resource hence the label names being Resource-created): Code: 002308e6 43 fa f7 14 lea (-0x8ec,PC)=>lbC010FFC,A1 002308ea 23 c9 00 move.l A1,(DAT_00287b26).l 28 7b 26 Unfortunately these are not recognised as functions by Ghidra. Viewing the decompilation shows something like: Code: /* WARNING: Removing unreachable block (ram,0x0023003e) / void UndefinedFunction_0022fffc(void) ... Going back to the first snippet I double-click on lbC010FFC and view the label. Code: lbC010FFC XREF[1]: SetupAffectTables:002308e6() 0022fffc 4e 55 ff fc link.w A5,-0x4 00230000 bf f9 00 cmpa.l (hSPLower).l,SP 28 9d 28 The cursor is on the lbC010FFC label. I type F to create a function, then F again to edit the function signature. Then due to double-binding I get presented with a dialog with "Edit Function" as an option along with something else. I hit enter as "Edit Function" is the default selection. The way I have found to define the standard affect handler function signature is to paste in: Code: void Affect00E46E (character_s * char_p, effect_s * effect_p, int param_3) Then I edit the function name manually to include the 10FFC from the label and hit enter to commit the name and parameters in the dialog, then enter again to commit it as the function signature. Hope this helps someone! Last edited by copse; 29 February 2024 at 22:22.

29 February 2024, 22:20	#24
copse Registered User Join Date: Jul 2009 Location: Lala Land Posts: 522	Ghidra 11.0.1. Here's another minor quirk that doesn't happen too often related to decompilation, local variable types and reuse of stack-based local variables. Code: byte BuildNearTargets(character_s char_p,byte max_range) { ... character_s local_14; ... local_14 = (character_s )PlayerMapPosX_Thunk4(char_p); local_10 = PlayerMapPosY_Thunk4(char_p); ... if (DAT_0028783a != 0) { for (i = 1; bVar2 = result_count, i <= bVar1; i = i + 1) { local_14 = (&g_character_array)[(byte )((int)&g_map_to_background_tile + (uint)i 3 + 2)]; In this case map pos x is a long stored at the same stack offset as the character_s pointer assigned below. Ghidra cannot share the variable type and forces it to the later usage. Related issue: https://github.com/NationalSecurityA...ra/issues/2573 Not a big deal in the scheme of things, but useful to understand. Hope this helps someone!

13 March 2024, 06:50	#26
copse Registered User Join Date: Jul 2009 Location: Lala Land Posts: 522	Ghidra 11.0.1 There's another likely m68k bug in ghidra decompilation, where the first variable of a struct is an array or pointer it will decompile references to later variables in the struct (even outside the fixed array bounds) as relative to that first variable. For example: Code: struct character_s { char name[14]; ... ushort x; ... } The decompilation will look something like: Code: void f(character_s char_p) { ... ... (ushort)(char_p->name + 30) ... ... } Perhaps not the exact syntax but you get hte idea.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Help disassembling Wicked	moohorse	Coders. Asm / Hardware	33	04 June 2023 22:57
Ghidra disassembler / decompiler supports 68000	mark_k	Coders. Asm / Hardware	21	20 March 2019 12:09
Disassembling an A600	Revival9001	support.Hardware	2	31 January 2017 07:01
Disassembling resource	copse	Coders. General	1	02 April 2012 03:36
Disassembling and reassembling	absence	Coders. General	7	22 September 2009 15:30

15 February 2024, 20:58	#21
copse Registered User Join Date: Jul 2009 Location: Lala Land Posts: 522	I've tried my first export of my Federation of Free Traders project to assembler, and it's painful to say the least. Ghidra clips mnemonic src/dst columns in the export and the asm appears to be corrupted.. The exported asm (sans clipping corruption) doesn't look too far off Amiga syntaxes. I suspect if I spend an hour or two looking into it, and maybe write my own export plugin I can get something out of it.. but still.

01 March 2024, 10:32	#25
alexh Thalion Webshrine Join Date: Jan 2004 Location: Oxford Posts: 14,355	For Ambermoon I believe they wrote an exporter plugin? But I think you're right exporting wasn't fun and Pyrdacor said numerous times he wanted to leave Ghidra environment following a successfull disassembly and re-assembly and continue working only on the exported files as soon as possible.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)