Current Status on E38, E67, etc.. Hacking Toys
- Tre-Cool
- Posts: 318
- Joined: Tue Oct 16, 2012 12:17 pm
- cars: VY SS UTE, VX Drag Car
- Location: Perth
- Contact:
Re: Current Status on E38, E67, etc.. Hacking Toys
so found a small interesting difference/offset between os 12609099 & 12612381.
Since i already had some tables mapped out in 12612381 I went looking for the same data in 099. Looks like everything is identical & there is an offset difference.
Now this might change as the newer OS evolved, but thought it was interesting at least. So if someone was smart enough & had a full file definition it could be easy to map out various operating systems.
Since i already had some tables mapped out in 12612381 I went looking for the same data in 099. Looks like everything is identical & there is an offset difference.
Now this might change as the newer OS evolved, but thought it was interesting at least. So if someone was smart enough & had a full file definition it could be easy to map out various operating systems.
Re: Current Status on E38, E67, etc.. Hacking Toys
it's very common to see similar data at different addresses with gm. it can be very helpful
Re: Current Status on E38, E67, etc.. Hacking Toys
Torque convertor time! The learning curve is step aye. A lot to learn.
Re: Current Status on E38, E67, etc.. Hacking Toys
setting up your r13 value will clean it up a lot
Re: Current Status on E38, E67, etc.. Hacking Toys
Hiya's
It's been quite a few years since I reversed anything(cost me an over 15 BILLION dollar law suit... I won). I used to start at the IO register and go backwards from there. Then discern what I wanted to learn and it will be a shit ton.
Have fun
It's been quite a few years since I reversed anything(cost me an over 15 BILLION dollar law suit... I won). I used to start at the IO register and go backwards from there. Then discern what I wanted to learn and it will be a shit ton.
Have fun
Re: Current Status on E38, E67, etc.. Hacking Toys
Complete Ghidra and PPC newb and anything disassembly for that matter. Happy dabbling in a little bit of C with a PIC 8 bit micro. Never used assembly language.
r13, doing some reading, it is the stack pointer?
To find the r13 address, I need to look for reference(s) for r13 where it is written to?
I found
Does that mean the r13 address is 0x40 << 16 = 0x40 0000?
Here are the settings for anyone that want's to play along:
Language ID: PowerPC:BE:32:MPC8270 (1.5)
Compiler ID: default
Processor: PowerPC
Endian: Big
Disassembly options were left at default.
A note on the address workbook. It contains all the common tuning tables. It's approx 2/3 of what HP has defined for this OS.
r13, doing some reading, it is the stack pointer?
To find the r13 address, I need to look for reference(s) for r13 where it is written to?
I found
Code: Select all
00010290 3d a0 00 40 lis r13,0x40 #load immediate shift left by 16 bits
Does that mean the r13 address is 0x40 << 16 = 0x40 0000?
Here are the settings for anyone that want's to play along:
Language ID: PowerPC:BE:32:MPC8270 (1.5)
Compiler ID: default
Processor: PowerPC
Endian: Big
Disassembly options were left at default.
A note on the address workbook. It contains all the common tuning tables. It's approx 2/3 of what HP has defined for this OS.
- Attachments
-
- Simplified Mnemonics for PowerPC Assembly.pdf
- (90.78 KiB) Downloaded 75 times
-
- Address Workbook.xlsx
- (47.94 KiB) Downloaded 66 times
-
- 24264923.bin
- (2 MiB) Downloaded 62 times
Re: Current Status on E38, E67, etc.. Hacking Toys
I haven't been around here for long. Sounds like one hell of a story!In-Tech wrote:(cost me an over 15 BILLION dollar law suit... I won)
Re: Current Status on E38, E67, etc.. Hacking Toys
I want to doc things here in case I forget.
Search for r13. If required enlarge search results. Copy results to excel. Use text to columns to split up the line contents so we can filter for destructive instances of r13. That should be it.
In the listing view, ctrl+A to select the whole file, right click -> set address -> set the r13 address. After clicking ok, re-analyse the file (Analyse -> Re-analyse)
Search for r13. If required enlarge search results. Copy results to excel. Use text to columns to split up the line contents so we can filter for destructive instances of r13. That should be it.
In the listing view, ctrl+A to select the whole file, right click -> set address -> set the r13 address. After clicking ok, re-analyse the file (Analyse -> Re-analyse)
Yes it did, thank you. Same code snippet from earlier, much better to look at.gmtech825 wrote:setting up your r13 value will clean it up a lot
Re: Current Status on E38, E67, etc.. Hacking Toys
Question: The text in the olive colour is not in memory I.e. it's address is greater than the length of the binary. Presuming the answer is I need to read and understand the memory structure of the CPU?
Re: Current Status on E38, E67, etc.. Hacking Toys
r13=3fe800
r2=0
That not referenced area is RAM and some external registers. You need to map them as a separate segment, so they can be referenced in disassembly.
Ram usually starts from 200000 and goes upto 800000, based on cpu and pcm being used.
r2=0
That not referenced area is RAM and some external registers. You need to map them as a separate segment, so they can be referenced in disassembly.
Ram usually starts from 200000 and goes upto 800000, based on cpu and pcm being used.