Auto-Disassembly Script
#1
Evolving Member
Thread Starter
Join Date: Apr 2011
Location: Sydney
Posts: 145
Likes: 0
Received 0 Likes
on
0 Posts
Auto-Disassembly Script
I've managed to find a copy of Acamus' auto-disassembly script (onload.idc) and I like it. However it seems to be very hard to find and there could be more in it. With that in mind, I've started a fork that I can put new things into.
It still finds the items that the original script, as well as label all the registers and interrupts.
I've uploaded it to the SVN repository, which means you can always download the latest version at: http://ecurom.googlecode.com/svn/trunk/asm/ecurom.idc
The other major change is that now this isn't part of the onload mechanism, because that really breaks if you have other IDA scripts loading at the same time. The instructions for this new version are:
Tonight I'll be adding in some code to automatically locate and label 2d/3d maps and the associated axes.
I'd like it to find and label some "well known" functions, like the 2d/3d map routines and the axis lookup routines. Does anyone have a reasonable list of these?
It still finds the items that the original script, as well as label all the registers and interrupts.
I've uploaded it to the SVN repository, which means you can always download the latest version at: http://ecurom.googlecode.com/svn/trunk/asm/ecurom.idc
The other major change is that now this isn't part of the onload mechanism, because that really breaks if you have other IDA scripts loading at the same time. The instructions for this new version are:
- Download the latest version and save it in your C:\Program Files\IDA\idc directory
- Load a new ROM
- From the File menu, select IDC File and locate the C:\Program Files\IDA\idc\ecurom.idc script
- Profit
Tonight I'll be adding in some code to automatically locate and label 2d/3d maps and the associated axes.
I'd like it to find and label some "well known" functions, like the 2d/3d map routines and the axis lookup routines. Does anyone have a reasonable list of these?
#3
Evolving Member
Thread Starter
Join Date: Apr 2011
Location: Sydney
Posts: 145
Likes: 0
Received 0 Likes
on
0 Posts
I've spent the last many hours hacking on this script, and it now does automatic axis and map discovery.
The way axis discovery works is:
After this is done, the map discovery runs:
This seems to work quite well for most of the maps. There are some maps that it doesn't find due to a number of indirections being used. Specifically it doesn't work for the ignition/fuel/WGDC maps when tephra's altmap patch is used. That's annoying and I'm going to try and fix it.
Also it doesn't find any maps that aren't used by the code. There are a LOT of maps that seem to contain something that is never referenced, so I don't think they're very useful.
The latest version is on the SVN repository, with a download link on post #1 of this topic. Please try it out and let me know what you think.
The way axis discovery works is:
- Iterate through all the references to sub_CC6 which is the axis lookup function
- Starting at each reference, look backwards through the code to find an instruction that sets r4 (the table location in RAM)
- Jump to that location and label the fields in the table (result ptr, length, data) as well as the table itself (unknown_axis_x)
After this is done, the map discovery runs:
- Iterate through all calls to sub_C28 and sub_E02 which are the map lookup functions
- Look for the start of the map the same way the axis lookup does
- Label the fields of the map (dimensions, adder, input ptrs, columns, data) and the map itself with unknown_[2|3]d_byte_map_x.
- Look up all the references to each of the input pointers (both for 3d and just the one for 2d). One of those references will be the axis table which contains the size
- Use either the single axis length (for 2d) or the multiple of height and width (for 3d) to work out the size of the map. Use that number to create an array in IDA with the right shape
This seems to work quite well for most of the maps. There are some maps that it doesn't find due to a number of indirections being used. Specifically it doesn't work for the ignition/fuel/WGDC maps when tephra's altmap patch is used. That's annoying and I'm going to try and fix it.
Also it doesn't find any maps that aren't used by the code. There are a LOT of maps that seem to contain something that is never referenced, so I don't think they're very useful.
The latest version is on the SVN repository, with a download link on post #1 of this topic. Please try it out and let me know what you think.
Last edited by dparrish; Jun 2, 2011 at 12:41 AM.
Trending Topics
#10
Evolving Member
Thread Starter
Join Date: Apr 2011
Location: Sydney
Posts: 145
Likes: 0
Received 0 Likes
on
0 Posts
Sorry, I've been overseas away from my development machine, and today is my first day back. I'll try and take a look at it tonight. Other people have had the same problem, and while that particular problem is easy to fix, the problem is that other things in the script don't work on older versions of IDA, and that's a much harder problem. If you can upgrade you'll find it works fine
#12
found out the script was saved from the web site in html not as plain text the script now works.
Last edited by professor_jonny; Jun 6, 2020 at 05:36 AM.
#13
Newbie
iTrader: (3)
Script mirror...
found out the script was saved from the web site in html not as plain text the script now works.
#14
dparrish/ecurom: Automatically exported from code.google.com/p/ecurom (github.com)
This may also be handy :
Evo ECU Dissassembly (evoscan.com)
Last edited by professor_jonny; Mar 14, 2022 at 08:50 PM. Reason: add info
#15
Newbie
iTrader: (3)
You're the best!
You can find info on github under dparish/ecurom as below it is the fullest pack of info I could find it is the newest scripts I could find and was merged from goglecode to github sometime ago.:
dparrish/ecurom: Automatically exported from code.google.com/p/ecurom (github.com)
This may also be handy :
Evo ECU Dissassembly (evoscan.com)
dparrish/ecurom: Automatically exported from code.google.com/p/ecurom (github.com)
This may also be handy :
Evo ECU Dissassembly (evoscan.com)