Pages: [1]
Author Topic: ME7.5 disassembly help  (Read 6319 times)
Colt45
Jr. Member
**

Karma: +0/-1
Offline Offline

Posts: 36


« on: February 26, 2017, 02:25:44 PM »

Hi, I'm trying to do my first disassemble of an ME7.5, I've tried a few different things (andy plugin, etc)

What gave me the most sane looking thing is setting it up as tony said in a post here:

make segments like so:

0x0-0x7FFF: Internal ROM on the C167 processor -> loaded IROM bin here
0xE000-0xFFFF: Internal RAM
0x380000-0x38FFFF: External RAM
0x800000-0x8FFFFF: External Flash -> loaded flash bin here.

and set dpp defaults to:
DPP0: 0x0204
DPP1: 0x0205
DPP2: 0x00E0
DPP3: 0x0003

Then move to start of flash, and then step everything through with the autoIT script afterwards (I couldn't get it to set up the above, I did that by hand instead. maybe version problem). and run clean with the script as well.

But theres a lot of really weird stuff, I don't really understand being so new. Some spots that are obviously not instructions (0xff empty fields) are set as such. There are a lot of references to addresses in SFR space that don't seem to exist on a C167CR (eg. FE0Ah).

Maybe someone can export a sane ME7.5 .asm from IDA, I can try disassembling the same bin and see if I get similar result?

Any suggestions otherwise?

file im using is 8E0909518F 0003, but I'm open to trying anything that someone has well disassembled already.

big thanks in advance.

Logged
littco
Hero Member
*****

Karma: +52/-7
Offline Offline

Posts: 903


« Reply #1 on: March 01, 2017, 01:48:50 AM »

Hi, I'm trying to do my first disassemble of an ME7.5, I've tried a few different things (andy plugin, etc)

What gave me the most sane looking thing is setting it up as tony said in a post here:

make segments like so:

0x0-0x7FFF: Internal ROM on the C167 processor -> loaded IROM bin here
0xE000-0xFFFF: Internal RAM
0x380000-0x38FFFF: External RAM
0x800000-0x8FFFFF: External Flash -> loaded flash bin here.

and set dpp defaults to:
DPP0: 0x0204
DPP1: 0x0205
DPP2: 0x00E0
DPP3: 0x0003

Then move to start of flash, and then step everything through with the autoIT script afterwards (I couldn't get it to set up the above, I did that by hand instead. maybe version problem). and run clean with the script as well.

But theres a lot of really weird stuff, I don't really understand being so new. Some spots that are obviously not instructions (0xff empty fields) are set as such. There are a lot of references to addresses in SFR space that don't seem to exist on a C167CR (eg. FE0Ah).

Maybe someone can export a sane ME7.5 .asm from IDA, I can try disassembling the same bin and see if I get similar result?

Any suggestions otherwise?

file im using is 8E0909518F 0003, but I'm open to trying anything that someone has well disassembled already.

big thanks in advance.



The Andy plugin was pretty primitive to be honest, and whilst it works things have moved on. If you look for PRJ's Autoit script it will load the file into IDA for you. Its been a while since I've used it but most of the ME7 stuff ive done used that to load into IDA and never had an issue, otherthan it only seemed to work on the verison of IDApro it was written for, IE if it was written for v6 it didn't work without changes on V6.8...

I doubt you'll get anyone to post the .asm for you as it's time most people wont have ..
There threads on here on how to setup an me7.5 file in IDA so maybe best just looking through
Logged
TijnCU
Hero Member
*****

Karma: +60/-4
Offline Offline

Posts: 690


flying brick


« Reply #2 on: March 01, 2017, 03:44:00 AM »

Maybe someone can export a sane ME7.5 .asm from IDA, I can try disassembling the same bin and see if I get similar result?

Hey man, take a look in this topic:
http://nefariousmotorsports.com/forum/index.php?action=;topic=8059.0
« Last Edit: March 01, 2017, 03:46:02 AM by TijnCU » Logged

Colt45
Jr. Member
**

Karma: +0/-1
Offline Offline

Posts: 36


« Reply #3 on: March 01, 2017, 06:30:27 PM »

Thanks for info. Now I'll need to find older IDA so I can load that, and see how it goes Smiley
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.015 seconds with 16 queries. (Pretty URLs adds 0s, 0q)