Title: AutoIT script to simplify ME7 binary loading Post by: prj on August 18, 2012, 04:37:46 PM I made a small script for AutoIT that simplifies loading binaries into IDA.
Usable with IDA Pro 6 and up, with some mods could be used on 5 as well. Instructions: 1. Start script 2. Open IDA Pro (idag.exe) and select "Go" (work on your own). 3. Find the ROM for the CPU, and select it in the dialog that pops up. 4. In a bit of time another dialog pops up, select the FLASH this time. Everything should be set up after this, and you will get a GUI. "Start Analysis" will track through the bin and try to convert everything to a function. You can just leave it running, or help it out a little. "Start Cleanup" will track through the code and remove any unreferenced code. This usually happens when you try to convert something to code, which is not actually code. "Stop" will stop all actions. After you are done, it is a good idea to Reanalyze the entire thing - Options -> General -> Reanalyze program. Good luck. Title: Re: AutoIT script to simplify ME7 binary loading Post by: littco on August 19, 2012, 06:45:08 AM Wow, thank you for this.. I'm going to go and hunt down V6 of IDA as was running V5.2.
I assume when you say load the ROM for the CPU you are refering to the first 64K of what would be what is downloaded from the ECU.. I personally appreciate the work that you put into this already so am not expecting to be spoon fed.. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on August 19, 2012, 11:02:54 AM This script is already spoon-feeding :D
You can mod the script so it will work for 5. Look where it sets the DPP's, I think 6 remembers last DPP you changed, whereas 5 does not. So you would have to change the "{DOWN}" to "{DOWN}{DOWN}" for the 2nd and "{DOWN}{DOWN}{DOWN}" for 3rd. That's all that should be needed to make it work for 5. Title: Re: AutoIT script to simplify ME7 binary loading Post by: littco on August 19, 2012, 01:49:55 PM Hi, I've version 5.2 and it remembers the dpp, so your version worked fine, however when it goes to select "default segment " it doesn't so you have to manually click it for the script to continue, it's no issue as once you selected that 3 times it just continues on its own perfectly.
I'm going to do a little write up on how to split the .bin you read off the ecu, so you can load the CPU rom and flash. I think this is another big step for the nef website having this script. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on August 19, 2012, 02:08:26 PM Well, just fix it so that it works for 5.2 completely. 5.2 probably does not have/or has a different keyboard shortcut for default segment...
You don't need to split the bin really, just download the dump from this website, it's the same for most of them. Title: Re: AutoIT script to simplify ME7 binary loading Post by: Gonzo on August 19, 2012, 05:45:38 PM Incredible! I must try this.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on August 20, 2012, 05:10:05 AM Do try, and give feedback :)
Title: Re: AutoIT script to simplify ME7 binary loading Post by: rob.mwpropane on August 26, 2012, 06:34:12 AM Thank you.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: RS4boost on August 26, 2012, 11:52:12 AM Nice work.
Thank you for sharing. ;) Title: Re: AutoIT script to simplify ME7 binary loading Post by: masterj on November 18, 2012, 08:17:52 PM Updated the script... For some odd reason it couldn't send the ALT+xxx commands so had to go back to mouse click recording... If anyone knows how to fix it for IDA v6 then please help here... :)
Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on November 19, 2012, 02:07:53 AM The script works perfectly with IDA 6 including alt keys.
If it does not work for you it is probably something wrong with your computer. Title: Re: AutoIT script to simplify ME7 binary loading Post by: littco on November 19, 2012, 04:54:16 AM Sorry going to have to agree with masterJ. I tried it on 3 computers with v6 and non worked . Maybe its my version of idapro. But it's still a great tool and you just need to manually click the parts that don't auto. I am in no way complaining as its a brilliant tool
Title: Re: AutoIT script to simplify ME7 binary loading Post by: rajivc666 on November 19, 2012, 05:42:38 AM Brilliant. very useful idea even though I am not able to make it work. I will recheck and report.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on November 19, 2012, 06:11:21 AM Well, it works fine for me on both IDA 6 and IDA 5...
So there must be something wrong. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on December 06, 2012, 06:50:55 AM Updated this script.
Now you can load a ME7Logger .ecu file and it will name all the variables for you... Title: Re: AutoIT script to simplify ME7 binary loading Post by: phila_dot on December 06, 2012, 08:54:39 AM Updated this script. Now you can load a ME7Logger .ecu file and it will name all the variables for you... Awesome feature. I wanted to write an IDA script for labelling variables. How does it handle condition bits? Enumerating bit fields? I personally like to split the files so that the map offsets reference the correct location (plus I'm weird and meticulous about this sort of thing), but if you have a good solution for condition bits then I might have to adopt this. Can the labelling feature be used exclusive of the loading script? Great contribution regardless. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on December 06, 2012, 09:04:09 AM The labeling feature can be used exclusive, as the whole GUI can.
Simply delete everything in the file until the first #Include. It does not handle bits at all. It only populates those variables where the bitmask is 0x0000. Look inside in the file, it's very simple code. It's just a text script... This is the ECU loading part: Code: Func LoadEcu() Title: Re: AutoIT script to simplify ME7 binary loading Post by: phila_dot on December 06, 2012, 09:54:10 AM The labeling feature can be used exclusive, as the whole GUI can. Simply delete everything in the file until the first #Include. It does not handle bits at all. It only populates those variables where the bitmask is 0x0000. Look inside in the file, it's very simple code. It's just a text script... This is the ECU loading part: Code: Func LoadEcu() I will definitely be giving this a try. It will be nice to quickly populate new databases. Thanks. Title: Re: AutoIT script to simplify ME7 binary loading Post by: jibberjive on January 24, 2013, 08:36:47 PM Much thanks.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on January 25, 2013, 04:16:04 AM You're welcome.
I wanted to say that, those people having problems with this. Make sure you don't run the 64 bit version of IDA! I tried it with that and nothing worked. There is no need to run the 64 bit version unless you want to disassemble 64 bit binaries anyway. So basically make sure you are starting it using "idag.exe". Title: Re: AutoIT script to simplify ME7 binary loading Post by: Bische on March 24, 2013, 01:23:37 PM Thanks again,
I noticed in the updated script attempts to convert to code if there was no function (pc^u vs. p^u), this pops a dialog where it asks if it should covert to code or not - halting the script. Is this a IDA version mismatch somehow? I am running 6.1. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on April 12, 2013, 07:45:14 AM Thanks again, I noticed in the updated script attempts to convert to code if there was no function (pc^u vs. p^u), this pops a dialog where it asks if it should covert to code or not - halting the script. Is this a IDA version mismatch somehow? I am running 6.1. If that dialog has an option to never ask again, then enable it :) Title: Re: AutoIT script to simplify ME7 binary loading Post by: Bische on April 15, 2013, 03:08:41 AM Its just Yes, No or Cancel. :(
Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on April 17, 2013, 07:15:51 AM Its just Yes, No or Cancel. :( It's when you go over stuff that has already been identified I think... Do a couple of binaries, and you will see a pattern as to where program code is located. There is no need to let it go over the entire binary. Title: Re: AutoIT script to simplify ME7 binary loading Post by: nyet on April 17, 2013, 09:05:25 AM Is there a way to share idapro setups w/o all this search stuff?
i freaking hate IDEs for this reason... all sorts of stupid shit hard coded into some idiotic binary "saved workspace" bullshit. Title: Re: AutoIT script to simplify ME7 binary loading Post by: nyet on May 11, 2013, 12:21:21 PM BTW this does not work with the ida pro 6.1.0110409 floating around the torrent sites.
Almost nothing in the autoit script matches up, not even the first WinWait() calls. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on May 11, 2013, 02:21:30 PM I am using IDA Pro 6 and everything is OK.
Well, I guess it has to be modified a little. Not that hard to do since the script is open source. So feel free to mod it and then post the modded version, and I'll put it in the first post. Title: Re: AutoIT script to simplify ME7 binary loading Post by: nyet on May 11, 2013, 03:28:32 PM Yea, working on it now. Some stuff got moved around, and there are some new delays needed (in particular !esc and !esu don't work)
I have it working up until the buttons. I will post it as soon as I get a working version. Right now I am working on the .ecu parser. The good news is that hacking this AutoIt script is teaching me stuff about IDA i didn't know :) Title: Re: AutoIT script to simplify ME7 binary loading Post by: nyet on May 11, 2013, 04:50:12 PM What I have so far for IDA PRO 6.1.0110409
.ecu loading was fine. I was a moron. Re-organized it into functions so you can load rom or flash whenever (or not, so you don't have to always start from scratch, say to import a new .ecu, or reanalyze). Title: Re: AutoIT script to simplify ME7 binary loading Post by: maZer.GTi on September 18, 2013, 03:19:11 PM I modded some timings in the 6.1 Script.
For me the timings was a way to short. I adjusted the timings, maybe someone need this script. Title: Re: AutoIT script to simplify ME7 binary loading Post by: guitar24t on November 28, 2013, 10:41:30 PM Hi guys,
Here's a spinoff of the script file that works for Volvo BIN files. You may have to change the processor type depending on what year the ECU is from. I set it up on a GitHub in case I want to make any changes to it later. https://github.com/guitar24t/VolvoDisassemblyHelper Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on November 29, 2013, 07:21:57 AM Cool, good job.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: B234R on December 25, 2013, 03:52:51 PM Quick remark on the script versions that nyet and maZer.GTi did for IDA 6.x and higher:
They apparently are targeted towards the Qt GUI version of IDA. (idaq.exe) Unfortunately I did not find a way to make AutoIT send the "alt" key commands properly on Qt based GUIs. At least on my System with Win7 64 Bit. I tried for some time even with a very simple test script, nothing seems to work. It properly sets the focus to the IDA GUI window, then the script just stops. Workaround: Rewrite the AutoIT script, so that it works with the original IDA Gui. (idag.exe) Of course that will only work for IDA versions that still ship with the old style GUI. If anyone has any clue why the Qt GUI version acts so weird when AutoIT is involved, please let me know. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on January 31, 2014, 03:58:08 PM My script is for idag.exe
Title: Re: AutoIT script to simplify ME7 binary loading Post by: B234R on January 31, 2014, 05:17:19 PM Yes, idag.exe works with AutoIT.
I modified the scripts to make it work. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on January 31, 2014, 05:41:27 PM It works for me without modification.
The issue is there are many versions of IDA floating out there, and everyone is using a different one. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on March 19, 2014, 03:12:13 PM Updated and fixed up script for use with idaq.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: dave926 on December 16, 2014, 11:18:07 PM I am not doing something right, only getting ~15 segments lol
Title: Re: AutoIT script to simplify ME7 binary loading Post by: dave926 on December 17, 2014, 08:46:16 PM I am not doing something right, only getting ~15 segments lol Once I 'Load ROM', after it does the initial analyzing when I click on 'Load Flash' nothing happens. Disassembly is well beyond what I understand, but I need to start somewhere. Title: Re: AutoIT script to simplify ME7 binary loading Post by: lsalt100 on January 01, 2015, 05:13:31 PM dear friends
thanx for loadbin_idaq.au3. I found that my button LOAD ECU to load RAM variables in IDA 6.1 works only after this correction on line192/col54 .a3u file. Func SetVarName($name, $addr) Send("MakeNameEx(" & $addr & ", """ & $name & """,, 0x01){ENTER}") EndFunc maybe help to someone.... I try to disassemble me7.1 022906032EM ecu: 0261 208 440 sw : 1037 368 653 due to correct .xdf, but still no luck ;-( Title: Re: AutoIT script to simplify ME7 binary loading Post by: gt-innovation on November 16, 2015, 06:35:22 AM Once I 'Load ROM', after it does the initial analyzing when I click on 'Load Flash' nothing happens. Disassembly is well beyond what I understand, but I need to start somewhere. Close script and open again and press load flash. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on November 27, 2015, 06:25:15 PM Script needs update for IDA Pro 6.5 most likely.
I seldom use it anymore though, as I have written some python functions for IDA to do what this script does, except much quicker. When it is in a shape to be released I'll do so. Title: Re: AutoIT script to simplify ME7 binary loading Post by: hackish on December 22, 2015, 12:29:37 PM Interesting way to do an IDA script. I've never used autoit before but I've given it a go with the latest IDA. Well actually a no-go. I think they changed the main window type.
I suppose I could write a real IDA script to do this but is there something I'm overlooking that autoit can do and the internal scripting language can't? Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on December 27, 2015, 05:54:41 PM I suppose I could write a real IDA script to do this but is there something I'm overlooking that autoit can do and the internal scripting language can't? No.Title: Re: AutoIT script to simplify ME7 binary loading Post by: dream3R on December 27, 2015, 08:54:47 PM No. It can be done to shift segments etc not sure about the super speed disam (brill) might be in the user guide. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on January 04, 2016, 05:44:38 PM It can be done to shift segments etc not sure about the super speed disam (brill) might be in the user guide. Already done.Title: Re: AutoIT script to simplify ME7 binary loading Post by: dream3R on January 04, 2016, 06:08:47 PM For you? Or the users here?
Title: Re: AutoIT script to simplify ME7 binary loading Post by: nyet on January 04, 2016, 06:12:27 PM For you? Or the users here? I wish there was a common use internet term for this phenomenon. Title: Re: AutoIT script to simplify ME7 binary loading Post by: dream3R on January 04, 2016, 07:40:22 PM He did say he was going to release it somewhere on here, let's hope.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: technic on January 06, 2016, 03:54:53 AM As a start, you can use this phyton script to convert to code from within IDA. You can extend it if you want it to set up processor type/family, TOC/SDA, segments etc...
Code: import idautils Title: Re: AutoIT script to simplify ME7 binary loading Post by: ktm733 on January 12, 2016, 03:59:19 PM hey guys, having a little problem. I run the script, Them open up Ida 6.1. the box opens up to select rom ect... I click it but nothing happens?
Title: Re: AutoIT script to simplify ME7 binary loading Post by: dream3R on January 13, 2016, 12:49:24 AM hey guys, having a little problem. I run the script, Them open up Ida 6.1. the box opens up to select rom ect... I click it but nothing happens? That's when YOU select the ROM :) Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on January 13, 2016, 03:32:23 AM As a start, you can use this phyton script to convert to code from within IDA. You can extend it if you want it to set up processor type/family, TOC/SDA, segments etc... Code: import idautils I did it like this: Code: def processrom(min, max): Better give addresses as argument. I would not do entire segments. Unless you create code segments. Title: Re: AutoIT script to simplify ME7 binary loading Post by: technic on January 15, 2016, 06:28:39 AM Agreed.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: TijnCU on March 04, 2016, 06:55:25 AM I have customized the script a little to use with existing idb files.
For example if someone only wants to add the variable names from the *.ecu Title: Re: AutoIT script to simplify ME7 binary loading Post by: Rl on May 25, 2016, 02:53:31 PM Just trying to load my bin with the script without success.1st of all at screen 1 i may only select c166. Do i need c167 option there? 2nd can somebody help me with adresses and sizes?
Although i ve filled them with some adresses found here and there no interaction from script. Title: Re: AutoIT script to simplify ME7 binary loading Post by: TijnCU on May 26, 2016, 02:54:49 AM Just trying to load my bin with the script without success.1st of all at screen 1 i may only select c166. Do i need c167 option there? 2nd can somebody help me with adresses and sizes? The script will fill in these things for you automatically! Unless you just used my version of the script (loadbin_existing), but if you are unable to read normal text, you are probably not capable to do disassembly ::)Although i ve filled them with some adresses found here and there no interaction from script. Title: Re: AutoIT script to simplify ME7 binary loading Post by: Rl on May 26, 2016, 06:25:11 AM The script will fill in these things for you automatically! Unless you just used my version of the script (loadbin_existing), but if you are unable to read normal text, you are probably not capable to do disassembly ::) Could you tell me what part of text i am unable to read? No i used prj's "loadbin" with ida version 6.1 (so compatible). As for the ability of disassembly i would prefer to find out myself. Title: Re: AutoIT script to simplify ME7 binary loading Post by: TijnCU on May 26, 2016, 07:32:09 AM Could you tell me what part of text i am unable to read? No i used prj's "loadbin" with ida version 6.1 (so compatible). As for the ability of disassembly i would prefer to find out myself. I dont mean nor have I meant to insult you, but I actually had to laugh about the fact you just missed the "unless you just used my version of the script" part in the quote ;DWhat I meant to imply was that prj's script fills in the data correctly (if it works), and my version does not. Does it start after you click Go work on your own? You do not need C167 option, the script fills in c166 normally. Title: Re: AutoIT script to simplify ME7 binary loading Post by: Rl on May 27, 2016, 03:51:46 PM Ok maybe i misunderstood. Anyway i managed to upload my bin with another version of the script so now starts the reading.. Just trying to understand some ram variables connection.
Title: Re: AutoIT script to simplify ME7 binary loading Post by: dgpb on July 16, 2016, 10:40:57 AM Hi mates
I'm having problems loading the bin by using the script. It seems it works as the different selections are automatically made. But when it finishes the only text I see is a ton of "db" instead of assembly instructions. I assume I'm doing something wrong or there's a compatibility problem due to the 64bit architecture (Installed the 32bit version but my pc is 64bit). Is there a guide to manually configure bin loadings? I don't need it to be automatic, what's more, I wanna know what I'm doing. Sorry if the solution is pretty obvious, I'm totally noob with IDApro. Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on September 30, 2016, 01:35:40 AM Code: def a2l(filename): Title: AutoIT script to simplify ME7 binary loading Post by: Iloprvof on October 16, 2016, 02:08:27 PM thats great.
On a slightly related topic, do you know how I can make the UirtTransmit function available to the AutoIt compiler? Title: Re: Re: AutoIT script to simplify ME7 binary loading Post by: QuickS4 on March 11, 2018, 03:43:05 PM Updated this script. I'm using "Loadbin_idaq" and when loading flash I get stuck at this point where its entering the loading segment "0x80000", what happens is it adds a "g" into that line, then halts. I've looked at the script, tho it doesn't appear to be out of place. I'm not sure how to proceed. Now you can load a ME7Logger .ecu file and it will name all the variables for you... Second part, when using the load .ecu, it runs, however gives me this Syntaxerror: invalid syntax. I've attached photos of both issues. (https://uploads.tapatalk-cdn.com/20180311/91f391324559eb59ad7e939dc87d77ab.jpg)(https://uploads.tapatalk-cdn.com/20180311/da05c37e36e42a4afc412ab3adcc9c4d.jpg) Sent from my Pixel XL using Tapatalk Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on March 11, 2018, 04:35:58 PM Don't use this, deprecated. Look at my IDA python script collection instead.
Title: Re: Re: AutoIT script to simplify ME7 binary loading Post by: QuickS4 on March 11, 2018, 05:18:01 PM Don't use this, deprecated. Look at my IDA python script collection instead. Alright I'll search for it. Unless you got a link. LolI figured out it needed another "enter" and such in the script. I'll just use the one you mentioned. Sent from my Pixel XL using Tapatalk Title: Re: AutoIT script to simplify ME7 binary loading Post by: QuickS4 on March 11, 2018, 06:01:12 PM Hate having to ask this. Where can I find your collection? I tried searching here for it, however I didn't find it. Either because I'm not searching the right keywords or because the search function doesn't like me.
Sent from my Pixel XL using Tapatalk Title: Re: AutoIT script to simplify ME7 binary loading Post by: prj on March 12, 2018, 04:20:51 AM http://nefariousmotorsports.com/forum/index.php?topic=13749.0title= (http://nefariousmotorsports.com/forum/index.php?topic=13749.0title=)
Mods should sticky that and unsticky this old stuff instead. Title: Re: AutoIT script to simplify ME7 binary loading Post by: QuickS4 on March 13, 2018, 08:41:38 PM Thanks PRJ. Can I paste this into your existing script I have, and place it under one of the button functions? Would that suffice to run it?
Reading the script you linked, I can't quite understand it yet or run it. The previous one, I was able to get the gist of it and correct some of the errors that would pop up on me. Made some changes like "Enter" where it would stall. Otherwise the E0 error I haven't figured out yet. For segment setup. Sent from my Pixel XL using Tapatalk Title: Re: AutoIT script to simplify ME7 binary loading Post by: TijnCU on March 14, 2018, 11:25:03 AM You should use IDApython for this code. It is a plugin that you can download.
Title: Re: Re: AutoIT script to simplify ME7 binary loading Post by: QuickS4 on March 17, 2018, 03:05:16 PM You should use IDApython for this code. It is a plugin that you can download. Thank you Tijncu, I've not played with plugins yet in Ida. I'll have to see about how to implement that into Ida.Sent from my Pixel XL using Tapatalk Title: Re: AutoIT script to simplify ME7 binary loading Post by: kruftindustries on August 26, 2021, 03:53:03 PM This one will define and name map addresses from an un-encrypted XDF file. Has the part that loads the bin removed so you'll need to get that part from a previous post above.
|