|
phila_dot
|
 |
« Reply #15 on: November 22, 2012, 01:31:40 PM »
|
|
|
How do we find axis in disassemble? For example by looking at the winols hex dump I see some axis @ 181c7. But when i open dissasembled bin I see no xrefs or anything: seg003:181C7 db 0Ah seg003:181C8 db 17h seg003:181C9 db 29h ; ) seg003:181CA db 40h ; @ seg003:181CB db 54h ; T seg003:181CC db 6Bh ; k seg003:181CD db 80h ; Ć seg003:181CE db 0A3h ; Ż seg003:181CF db 0CCh ; _ seg003:181D0 db 0FEh ; _ his part supposed to be axis, but how do we look which maps access this axis?  Alt + t -> 1C7h -> show all occurences |
|
|
|
|
Logged
|
|
|
|
|
phila_dot
|
|
« Reply #16 on: November 22, 2012, 01:33:28 PM »
|
|
|
As a total beginner to disassembly, reading machine code is a very steep stair to try to climb, no doubt. I have been trying to grasp some basics by reading the information on here over and over, now after a couple of weeks I think I have gotten as far as setting up my file correctly.
Alot of my questions were answered just by watching the script setting up the CPU ROM with the rest of the readout, I really want to thank prj for sharing his script as this has saved me alot of time. I attached a screenshot of where im at now.
Now im going to tattoo the C167 manual on the inside of my eyelids and start staring at the code, I really want to learn how to do this. I have started to look a little bit at trying to follow init -> KRKTE as of now.
Set your DPP's. |
|
|
|
|
Logged
|
|
|
|
|
masterj
|
|
« Reply #17 on: November 22, 2012, 01:49:30 PM »
|
|
|
Alt + t -> 1C7h -> show all occurences
ida doesn't find any occurences... |
|
|
|
|
Logged
|
|
|
|
|
phila_dot
|
|
« Reply #18 on: November 22, 2012, 02:03:38 PM »
|
|
|
ida doesn't find any occurences...
Look at the hex, is there an axis length defined before the axis? The lookup method will determine how the axis is referenced, if it's even used. |
|
|
|
« Last Edit: November 22, 2012, 02:05:19 PM by phila_dot »
|
Logged
|
|
|
|
|
masterj
|
|
« Reply #19 on: November 22, 2012, 03:30:58 PM »
|
|
|
Look at the hex, is there an axis length defined before the axis?
The lookup method will determine how the axis is referenced, if it's even used.
Yes, there's 0A -> 10 |
|
|
|
|
Logged
|
|
|
|
|
phila_dot
|
|
« Reply #20 on: November 22, 2012, 04:23:25 PM »
|
|
|
Yes, there's 0A -> 10
X axis only? X and y axis? Does it preceed a map? Search as above for the first address. |
|
|
|
|
Logged
|
|
|
|
|
masterj
|
|
« Reply #21 on: November 22, 2012, 05:52:23 PM »
|
|
|
X axis only? X and y axis? Does it preceed a map?
Search as above for the first address.
Here's whole axis in asm (including the size in front): seg003:181C6 db 0Ah
seg003:181C6 ; End of function sub_8175B8
seg003:181C6
seg003:181C7 db 0Ah
seg003:181C8 db 17h
seg003:181C9 db 29h ; )
seg003:181CA db 40h
seg003:181CB db 54h ; T
seg003:181CC db 6Bh ; k
seg003:181CD db 80h ; Ć
seg003:181CE db 0A3h ; Ż
seg003:181CF db 0CCh ; _
seg003:181D0 db 0FEh The map does not precede after this axis. It goes like this: END OF PROKONAL MAPS > 0A 0A 17 29 40 54 6B 80 A3 CC FE > other axes without maps. It is one of those shared between different maps axes i think, like in the beginning area of flash 010000. |
|
|
|
|
Logged
|
|
|
|
|
matchew
|
|
« Reply #22 on: November 22, 2012, 06:21:53 PM »
|
|
|
Axis description is at 0x181C6 and is referenced at 0x9D628. This is only an axis for the table found at 0x19FE0.
|
|
|
|
|
Logged
|
|
|
|
|
masterj
|
|
« Reply #23 on: November 23, 2012, 01:49:21 AM »
|
|
|
Axis description is at 0x181C6 and is referenced at 0x9D628. This is only an axis for the table found at 0x19FE0.
thank you, matchew. could you tell me steps (with this example) you did to find it? I mean I know that axis description is at 0x181C6, but how did you found out about reference to this axis? |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #24 on: November 23, 2012, 02:17:46 AM »
|
|
|
Look at the code and you will have the answer. It's right there staring at you  |
|
|
|
|
Logged
|
|
|
|
|
Bische
|
|
« Reply #25 on: November 23, 2012, 10:57:53 AM »
|
|
|
Set your DPP's.
Thanks /senseibow |
|
|
|
|
Logged
|
|
|
|
|
masterj
|
|
« Reply #26 on: November 23, 2012, 12:22:11 PM »
|
|
|
Look at the code and you will have the answer. It's right there staring at you hehe Ok, so let's try this again: if I see no xref in ida, my very first step should be search for text with the last 3 digits from axis/"unknown" map address? For example at the moment I'm trying to check if i have correctly defined ZATMIKML, but this is first map that has no xref set by ida (both in known ols bin and also in my definition). This map is @ 1D748 in known ols. It is 16bit and size of 7x1 seg003:1D748 db 1Fh
seg003:1D749 db 5
seg003:1D74A db 50h ; P
seg003:1D74B db 6
seg003:1D74C db 89h ; ē
seg003:1D74D db 8
seg003:1D74E db 0CCh ; _
seg003:1D74F db 0Ch
seg003:1D750 db 3
seg003:1D751 db 17h
seg003:1D752 db 0ABh ; ½
seg003:1D753 db 2Ah ; *
seg003:1D754 db 33h ; 3
seg003:1D755 db 33h ; 3 So I'm thinking that first I should convert it to dw? This is what I get: seg003:1D748 dw 51Fh
seg003:1D74A dw 650h
seg003:1D74C dw 889h
seg003:1D74E dw 0CCCh
seg003:1D750 dw 1703h
seg003:1D752 dw 2AABh
seg003:1D754 dw 3333h Should I search alt+t > 748h? |
|
|
|
« Last Edit: November 23, 2012, 12:25:05 PM by masterj »
|
Logged
|
|
|
|
|
prj
|
|
« Reply #27 on: November 23, 2012, 02:34:33 PM »
|
|
|
No point to convert it.
You can take the page number where it occurs, subtract it from it (like I detailed before) and then search for the bytes that are left.
I would use alt+b, it's quicker.
This should yield the map access routine... I already told you everything in the first reply on how to find the map access. If you read this, then you will figure it out.
|
|
|
|
|
Logged
|
|
|
|
|
masterj
|
|
« Reply #28 on: November 23, 2012, 02:51:48 PM »
|
|
|
No point to convert it.
You can take the page number where it occurs, subtract it from it (like I detailed before) and then search for the bytes that are left.
I would use alt+b, it's quicker.
This should yield the map access routine... I already told you everything in the first reply on how to find the map access. If you read this, then you will figure it out.
Thank you, then one last thing I want to ask today: how do you find out page number?  Is there somewhere post on nefmoto maybe on that subject? |
|
|
|
|
Logged
|
|
|
|
rajivc666
Full Member
Karma: +23/-2
 Offline
Posts: 127
|
|
« Reply #29 on: November 23, 2012, 03:35:39 PM »
|
|
|
Its unlikely you will find this map, it is one of those multiple maps which are conditionally accessed depending on RAM variables , You can get the location where this map is accessed using the axis of the map which will be shared by some other maps, why dont you choose some simpler maps to begin with like kfzw etc.
Edit: The above is valid only for the HN and not 4B0906018DC, in which it is quite straight forward.
|
|
|
|
« Last Edit: November 23, 2012, 11:25:05 PM by rajivc666 »
|
Logged
|
|
|
|
|
