I have IDA..I want to learn....

**S2H** · 10-03-2005

I have acquired IDA Pro 4.8
and I am interested in the inner workings of the beast...
My dad and I are interested in sitting down..turning a bin into code...and seeing what the hell this Pcm is really doing...as a learning experience.

but neither of us knows what to do to properly disassemble this so it reads correctly when we are looking at it...
btw...he understand code...and I understand cars....
and inbetween him and I we are considering some custom os possibilities that we might want to embark on developing and passing on to HP Tuners maybe someday

just really looking for any advise on how to take the bin...
load it properly, and make it into useful code....

Thanks

**charliex** · 10-10-2005

find the processor type, see if ida supports it, if not use the sdk to make a processor pack

check the endian and byte swap the input if necessary, i never figured out if ida supported this, its just easier to do the byte swap offline.

find the code start point, and start off IDAs automatic disassembler, then work through the code seperating code from data, converting jump tables etc

for a motorola CPU32 based bin, the first long words are the stack, then the initial program counter, it has 256 32 bit values , which correspond to each of the interrupt vectors

very generic answer to a generic question though, sorry.

**S2H** · 10-10-2005

well. I figured out what to do...
there were 2 IDA's in the pack... one that looks to be a lesser one...doesnt seem to use as much processing power maybe?? I dont know for sure why its different.. the other is IDA64...and It works great...
was able to decompile it just fine...
now I just need to find time for my dad and I to sit and go thru every thing so we can sort it all out...

If anybody has maybe a listing of what parts of the bin doing what..that would be useful..
like byte 00000-02000 is this part and
and 02000-02ffff is this part...
I havent really started trying to figure it all out cause I'm not so much teh programmer...I'm just the guy with the ideas

**charliex** · 10-11-2005

ida64 is for 64 bit processors ,itanium, alpha etc

**S2H** · 10-11-2005

well..it seems to be the only way I can get the .bin files from HP Tuners to decompile correctly...so it must not be for only 64 bit.... caue the regular IDA program of the 2 doesnt even come close

tried so many times that I almost should have checked into an insane asylum...LOL

**felton316** · 12-30-2005

Originally Posted by soundengineer

well. I figured out what to do...
there were 2 IDA's in the pack... one that looks to be a lesser one...doesnt seem to use as much processing power maybe?? I dont know for sure why its different.. the other is IDA64...and It works great...
was able to decompile it just fine...
now I just need to find time for my dad and I to sit and go thru every thing so we can sort it all out...

If anybody has maybe a listing of what parts of the bin doing what..that would be useful..
like byte 00000-02000 is this part and
and 02000-02ffff is this part...
I havent really started trying to figure it all out cause I'm not so much teh programmer...I'm just the guy with the ideas

What processor type did you select in IDA for it to decompile? It seems everything I try doesn't do jack

**FastFieros** · 12-31-2005

I think I was using 5.6 if I remember correctly.

You select the 683xx I think is what it said. That harddrive is not working at this time, and I have not got a chance to recover it.

The disassembly has to start at the correct place. I think they are called jump vectors.

you dont start at 0000. If you start at 4000, the code is more meaningful to a point. Well, some BINs are at 6000. This is V6 BIN's is all I have worked with. The V8 BIN's have 8 segements.

Loyde

**charliex** · 01-08-2006

you'd get something like this

Code:

ROM:00000000 dword_0:        dc.l $FFE800            ; DATA XREF: sub_1128+D9Ao
ROM:00000000                                         ; sub_1128+DC0o ...
ROM:00000004 off_4:          dc.l initialise         ; DATA XREF: sub_13DFC+D4o
ROM:00000004                                         ; sub_1AFA6+38o
ROM:00000004                                         ; setup stack pointer
ROM:00000008 off_8:          dc.l loc_4D0            ; DATA XREF: sub_1830E+4Eo

the first 32bit longword is the address of the stack pointer
the second is the initial PC counter
the third is the start of the interrupt vector table, usually the PC points to the end of that that table, but thats not a given.

you can see i filled in names for the functions.

now thats the CPUs memory map, not all systems have a 1 to 1, but most do.

this is a fairly standard 68K startup routine.

Code:

ROM:00000400                 movea.l #$FFE800,sp     ; setup stack pointer
ROM:00000406                 movea.l #$FFE800,a0     ; Move Address
ROM:0000040C                 move    a0,usp          ; setup user stack pointer
ROM:0000040E                 movea.l #0,a0           ; Move Address
ROM:00000414                 movec   a0,vbr          ; setup vbr to 0
ROM:00000418                 move.w  #$FF,($FFFB44).l ; RAMBAH ram base address register high
ROM:00000418                                         ;

Thread: I have IDA..I want to learn....

Thread Tools

I have IDA..I want to learn....

Re: I have IDA..I want to learn....

Re: I have IDA..I want to learn....

Re: I have IDA..I want to learn....

Re: I have IDA..I want to learn....

Similar Threads

Detailed CASE Learn Function!

CASE Learn Question

Successful Case Learn w/ 1.5

Knock Sensor Active Counter determines KR learn