 |
RomRaiderOpen Source ECU Tools |
|
RomRaider
Documentation
Community
Developers
|
 
|
Page 1 of 1
|
[ 5 posts ] |
|
| Author |
Message |
|
rimwall
|
Post subject: Properly loading 16bit 0x28000 ROM in IDA  Posted: Wed Aug 21, 2024 1:19 pm |
|
 |
| Experienced |
Joined: Fri Aug 21, 2020 10:05 am
Posts: 321
|
|
When I load this ROM into IDA and use the Format16bitROM.idc script, it sets it up with:
- first part of ROM from 0x0 to 0x20000
- RAM from 0x20000 to 0x28000
- second part of ROM from 0x28000 to 0x30000
IDA fails to disassemble most of the second part of the ROM because it doesn't recognise the addresses of the functions. For example, at file address 0x26204 (which IDA displays as "ROM:E204") there is a jsr to 0x2e256. IDA disassembles the instruction correctly to 'jsr 0x2e256' but it doesn't realise this is at "ROM: E256", so it doesn't recognise the address. It seems this second part of the ROM needs an offset of 0x20000 before IDA can line up the addresses correctly. How do I fix this in IDA?
Thanks!
You do not have the required permissions to view the files attached to this post.
|
|
| Top |
|
 |
|
MiikaS
|
Post subject: Re: Properly loading 16bit 0x28000 ROM in IDA Posted: Sat Aug 24, 2024 12:34 pm |
|
|
| Experienced |
Joined: Tue Jun 06, 2017 6:11 pm
Posts: 215
|
|
Does it help any if you add 0x8000 bytes long area to 0x20000 so file size matches?
|
|
| Top |
|
|
|
dschultz
|
Post subject: Re: Properly loading 16bit 0x28000 ROM in IDA Posted: Sat Aug 24, 2024 4:07 pm |
|
|
| RomRaider Developer |
Joined: Thu May 21, 2009 1:49 am
Posts: 7323
Location: Canada eh!
|
|
The second ROM segment is created with a base of 0x2000<<4 (0x20000). You can see this in the Program Segmentation view.
In the second ROM segment there are a number of JSR and JMP commands that include the Extended 20-bit address in the operand. I'm not sure how to get IDA to recognize that the EXT20 address is linear and to not apply the segment base to it and use the address directly.
You can press Alt-F1 and manually change the operand value, such as, change jsr 2D2E8h to ROM:D2E8. It then sees the address destination correctly.
It may even be better to edit the segments and rename the second ROM segment to ROM2 to distinguish it from the first ROM segment (with the same name). You will come across JMP/JSR commands that refer back to the first ROM segment.
The second segment will convert to code but you may have to got through it and manually press the C or P button at the start of the subs. You will then see the JMP and JSR operands with the EXT20 address in red and they don't x-ref to the destination.
|
|
| Top |
|
|
|
rimwall
|
Post subject: Re: Properly loading 16bit 0x28000 ROM in IDA Posted: Sun Aug 25, 2024 4:25 am |
|
|
| Experienced |
Joined: Fri Aug 21, 2020 10:05 am
Posts: 321
|
|
Thanks @dschultz, @MiikaS.
I thought I might have been missing some simple trick, seeing as folks have been REing these ROMs for years. But it seems not.
A bit daunting, but I’m tempted to try writing a Ghidra processor module for these 16bit MCUs.
|
|
| Top |
|
|
|
dschultz
|
Post subject: Re: Properly loading 16bit 0x28000 ROM in IDA Posted: Sat Aug 31, 2024 3:06 pm |
|
|
| RomRaider Developer |
Joined: Thu May 21, 2009 1:49 am
Posts: 7323
Location: Canada eh!
|
|
It might be easier to write and IDA/Python script to search for the bad addresses in the RAM segment and correct the address. Or figure out why IDA does this incorrectly with the JMP/JSR instructions?
I thought I had a script but I can't seem to find it at the moment.
|
|
| Top |
|
|
|
|
Page 1 of 1
|
[ 5 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 7 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
|
