Pages: 1 [2] 3 4 ... 7
Author Topic: First disassemble - questions  (Read 81470 times)
phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #15 on: November 22, 2012, 01:31:40 PM »

How do we find axis in disassemble? For example by looking at the winols hex dump I see some axis @ 181c7. But when i open dissasembled bin I see no xrefs or anything:

seg003:181C7                 db  0Ah
seg003:181C8                 db  17h
seg003:181C9                 db  29h ; )
seg003:181CA                 db  40h ; @
seg003:181CB                 db  54h ; T
seg003:181CC                 db  6Bh ; k
seg003:181CD                 db  80h ; Ć
seg003:181CE                 db 0A3h ; Ż
seg003:181CF                 db 0CCh ; _
seg003:181D0                 db 0FEh ; _

his part supposed to be axis, but how do we look which maps access this axis? Shocked

Alt + t -> 1C7h -> show all occurences
Logged
phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #16 on: November 22, 2012, 01:33:28 PM »

As a total beginner to disassembly, reading machine code is a very steep stair to try to climb, no doubt. I have been trying to grasp some basics by reading the information on here over and over, now after a couple of weeks I think I have gotten as far as setting up my file correctly.

Alot of my questions were answered just by watching the script setting up the CPU ROM with the rest of the readout, I really want to thank prj for sharing his script as this has saved me alot of time. I attached a screenshot of where im at now.

Now im going to tattoo the C167 manual on the inside of my eyelids and start staring at the code, I really want to learn how to do this. I have started to look a little bit at trying to follow init -> KRKTE as of now.

Set your DPP's.
Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #17 on: November 22, 2012, 01:49:30 PM »

Alt + t -> 1C7h -> show all occurences

ida doesn't find any occurences...
Logged

phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #18 on: November 22, 2012, 02:03:38 PM »

ida doesn't find any occurences...

Look at the hex, is there an axis length defined before the axis?

The lookup method will determine how the axis is referenced, if it's even used.
« Last Edit: November 22, 2012, 02:05:19 PM by phila_dot » Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #19 on: November 22, 2012, 03:30:58 PM »

Look at the hex, is there an axis length defined before the axis?

The lookup method will determine how the axis is referenced, if it's even used.

Yes, there's 0A -> 10
Logged

phila_dot
Hero Member
*****

Karma: +173/-11
Offline Offline

Posts: 1709


« Reply #20 on: November 22, 2012, 04:23:25 PM »

Yes, there's 0A -> 10

X axis only? X and y axis? Does it preceed a map?

Search as above for the first address.
Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #21 on: November 22, 2012, 05:52:23 PM »

X axis only? X and y axis? Does it preceed a map?

Search as above for the first address.

Here's whole axis in asm (including the size in front):
Code:
seg003:181C6                 db 0Ah
seg003:181C6 ; End of function sub_8175B8
seg003:181C6
seg003:181C7                 db  0Ah
seg003:181C8                 db  17h
seg003:181C9                 db  29h ; )
seg003:181CA                 db 40h
seg003:181CB                 db  54h ; T
seg003:181CC                 db  6Bh ; k
seg003:181CD                 db  80h ; Ć
seg003:181CE                 db 0A3h ; Ż
seg003:181CF                 db 0CCh ; _
seg003:181D0                 db 0FEh

The map does not precede after this axis.

It goes like this:
END OF PROKONAL MAPS > 0A 0A 17 29 40 54 6B 80 A3 CC FE > other axes without maps. It is one of those shared between different maps axes i think, like in the beginning area of flash 010000.
Logged

matchew
Hero Member
*****

Karma: +47/-22
Offline Offline

Posts: 503


« Reply #22 on: November 22, 2012, 06:21:53 PM »

Axis description is at 0x181C6 and is referenced at 0x9D628. This is only an axis for the table found at 0x19FE0.
Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #23 on: November 23, 2012, 01:49:21 AM »

Axis description is at 0x181C6 and is referenced at 0x9D628. This is only an axis for the table found at 0x19FE0.

thank you, matchew. could you tell me steps (with this example) you did to find it?

I mean I know that axis description is at 0x181C6, but how did you found out about reference to this axis?
Logged

prj
Hero Member
*****

Karma: +1072/-480
Offline Offline

Posts: 6035


« Reply #24 on: November 23, 2012, 02:17:46 AM »

Look at the code and you will have the answer. It's right there staring at you Smiley
Logged

PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
Bische
Sr. Member
****

Karma: +25/-4
Offline Offline

Posts: 397



WWW
« Reply #25 on: November 23, 2012, 10:57:53 AM »

Set your DPP's.

Thanks /senseibow
Logged
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #26 on: November 23, 2012, 12:22:11 PM »

Look at the code and you will have the answer. It's right there staring at you Smiley

hehe Smiley Ok, so let's try this again: if I see no xref in ida, my very first step should be search for text with the last 3 digits from axis/"unknown" map address?

For example at the moment I'm trying to check if i have correctly defined ZATMIKML, but this is first map that has no xref set by ida (both in known ols bin and also in my definition).

This map is @ 1D748 in known ols. It is 16bit and size of 7x1 Smiley

Code:
seg003:1D748                 db  1Fh
seg003:1D749                 db    5
seg003:1D74A                 db  50h ; P
seg003:1D74B                 db    6
seg003:1D74C                 db  89h ; ē
seg003:1D74D                 db    8
seg003:1D74E                 db 0CCh ; _
seg003:1D74F                 db  0Ch
seg003:1D750                 db    3
seg003:1D751                 db  17h
seg003:1D752                 db 0ABh ; ½
seg003:1D753                 db  2Ah ; *
seg003:1D754                 db  33h ; 3
seg003:1D755                 db  33h ; 3

So I'm thinking that first I should convert it to dw?

This is what I get:
Code:
seg003:1D748                 dw 51Fh
seg003:1D74A                 dw 650h
seg003:1D74C                 dw 889h
seg003:1D74E                 dw 0CCCh
seg003:1D750                 dw 1703h
seg003:1D752                 dw 2AABh
seg003:1D754                 dw 3333h

Should I search alt+t > 748h?
« Last Edit: November 23, 2012, 12:25:05 PM by masterj » Logged

prj
Hero Member
*****

Karma: +1072/-480
Offline Offline

Posts: 6035


« Reply #27 on: November 23, 2012, 02:34:33 PM »

No point to convert it.

You can take the page number where it occurs, subtract it from it (like I detailed before) and then search for the bytes that are left.
I would use alt+b, it's quicker.

This should yield the map access routine... I already told you everything in the first reply on how to find the map access. If you read this, then you will figure it out.
Logged

PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
masterj
Hero Member
*****

Karma: +62/-5
Offline Offline

Posts: 1049



WWW
« Reply #28 on: November 23, 2012, 02:51:48 PM »

No point to convert it.

You can take the page number where it occurs, subtract it from it (like I detailed before) and then search for the bytes that are left.
I would use alt+b, it's quicker.

This should yield the map access routine... I already told you everything in the first reply on how to find the map access. If you read this, then you will figure it out.

Thank you, then one last thing I want to ask today: how do you find out page number?  Huh Is there somewhere post on nefmoto maybe on that subject?
Logged

rajivc666
Full Member
***

Karma: +23/-2
Offline Offline

Posts: 127



« Reply #29 on: November 23, 2012, 03:35:39 PM »

Its unlikely you will find this map, it is one of those multiple maps which are conditionally accessed depending on RAM variables  , You can get the location where this map is accessed using the axis of the map  which will be shared by some other maps, why dont you choose some simpler maps to begin with like kfzw etc.
Edit: The above is valid only for the HN and not 4B0906018DC, in which  it is quite straight forward.
« Last Edit: November 23, 2012, 11:25:05 PM by rajivc666 » Logged
Pages: 1 [2] 3 4 ... 7
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.026 seconds with 17 queries. (Pretty URLs adds 0.001s, 0q)