pcmhacking.net

Anyone have an idiots guide to usung Ida for disassembling the holden bins ?

Well, its no simple thing, you need to have very good understanding of exactly how the processor works, how the memory is mapped, how computers work, whats in the ecu and how to use ida. For 90s delcos you need know motorola hc11 aka 6811, or for 99+ ls1 its (close enough to for practical purposes) motorola 68332.

have a scan over something like

http://www.clear.rice.edu/elec201/Book/6811_asm.html

or

http://etidweb.tamu.edu/classes/entc349 ... sGuide.PDF

Then google using ida to disassemble roms. I found a few hits on other site for other ecus or console roms and theres a few threads on the hptuner forums.

Sorry dont have an idiots guide. but there is a book:

http://nostarch.com/idapro2.htm

I often use a 68HC11 disassembler called DHC11 and it's re-assembler ASHC11. Find them attached. It's only small but very powerful. Unfortunatly it's DOS based, but will happily run under a command window or DOSBox.

It doesn't have the bells and whistles that IDA has, so it may suit a beginner

As ANTUS said, you'll need a good understanding of how a 68HC11 processor operates to make any sense of the output files. It also supports code block identifiers to help in your decompiling- see attached BPYS.TXT file for examples

Stu

Yep, those tools are good for bin files 64kb or less and works well for those.

They come from techedge, and were created by Peter Gargano, one of the pioneers, looking at this in the 90s before ida even had a free version or a gui. The home page for DHC11 can be found here: http://www.techedge.com.au/utils/dhc11.htm

has anyone been able to get IDA to disassemble the Holden 128k bins?

it will do it, but no good for reassembly obviously. There isn't anything out there that supports 128k bins.

thanks, I might give it a go. Yes I understand the challenges with reassembly

any special config needed to load it up?

nar ive just used 68HC11F1 config before.

You need to cut the bin like the bank switching does in the computer and put together 2 bins. One for what the processor sees when the low bank is active, and one for the high bank. Then disassembled them seperately. Essentially 0-32kb is always in scope and contains the calibration and common code, and 32-64kb is e-side and 96-128k contains the transmission bank. Once you map the ram areas and the common code it's worth exporting the database to .idc and then importing it to the other file, but its a pain in the ass not having changes in the low bank automatically shared across both and you dont want to overload data to the top side. Its been a while since ive needed to do this, cant remember if it was case of editing the idc (i think it was?) or exporting/importing only a range from ida.