The default c166 memory map that comes with IDA is not accurate for the MS41 memory layout.
In reference to the memory map posted above I created a custom c166.cfg file to replace the one that comes with IDA tailored for the MS41.
Save it in the "C:\Program Files (x86)\IDA 6.7\cfg\" folder.
Before you play, make a copy of your current .idb file so you can go back to what you had before.
Open your
.mem file with IDA. Select Siemens c166 family as the processor. OK all the dialogues to open the ROM.
Once you have it open Load the script file to set the DPPs and format each segment.
Once you run the IDA script you should have a ROM that is >75% disassembled. A few functions need to be visited in the 0x20000 and 0x30000 segments. The ones with red prefix lines, you can go to the start of each red section and press 'p' to create a function. You will see more of the code gets disassembled and in ~10 minutes you can get it all disassembled.
You will need to go to the jump table ~0x2400 and convert the data to words and then set the appropriate offset (ctrl-R) to either 0x20000 or 0x30000 whichever references a sub_.
How the C166 deals with DPP Registers -
http://www.hitex.com/fileadmin/img/down ... isters.pdfI used this instructions to dissembled MS41.2, script didn't change DPP values. But flash look like it is good disassembled
