Ive made a script to find and parse MED17 registers values / addresing and so on
IDA 7.4+ / ida_python required
Howto:
-load bin with start address, loading address = 0x80000000, tricore cpu
-make autoanalyse of pflash segment to get raw code
-file -> script file
Whats inside:
-searching for global registers values (simply assignment)
-parse em in code, converts to offset (based on prjs indirect() script)
-searching for a9 global register offset
-parse direct addressing mode (sometimes not)
-handle double pointer offset // this part might be buggy (offset applies until target register assignment with some other value or 'rets')
Initial code
PFLASH:800F0076 st32.b byte_D000209F, d15
PFLASH:800F007A ld32.bu d15, byte_D00000CE
PFLASH:800F007E jnz32.t d15:5, locret_800F00A2
PFLASH:800F0082 ld32.a a4, [a9]0x52C
PFLASH:800F0086 ld32.a a15, [a9]0x798
PFLASH:800F008A ld32.w d5, [a0]-0x6DC0
PFLASH:800F008E lea a4, [a4]0xBDD
PFLASH:800F0092 ld32.bu d4, [a15]0x150
PFLASH:800F0096 ld32.w d6, [a0]-0x6DF0
PFLASH:800F009A call32 sub_800FC9C8
PFLASH:800F009E st32.b byte_D0002097, d2
After script apply
PFLASH:800F0076 st32.b byte_D000209F, d15
PFLASH:800F007A ld32.bu d15, byte_D00000CE
PFLASH:800F007E jnz32.t d15:5, locret_800F00A2
PFLASH:800F0082 ld32.a a4, [a9](off_80174B70 - off_80174644)
PFLASH:800F0086 ld32.a a15, [a9](off_80174DDC - off_80174644)
PFLASH:800F008A ld32.w d5, [a0](dword_D0003B98 - word_D000A958)
PFLASH:800F008E lea a4, [a4](dword_80057E58+0x1D - dword_80057298)
PFLASH:800F0092 ld32.bu d4, [a15](unk_80062CDE - dword_80062B8E)
PFLASH:800F0096 ld32.w d6, [a0](dword_D0003B68 - word_D000A958)
PFLASH:800F009A call32 sub_800FC9C8
PFLASH:800F009E st32.b byte_D0002097, d2