Current Status on E38, E67, etc.. Hacking Toys

[Tre-Cool]

so found a small interesting difference/offset between os 12609099 & 12612381.

Since i already had some tables mapped out in 12612381 I went looking for the same data in 099. Looks like everything is identical & there is an offset difference.

Now this might change as the newer OS evolved, but thought it was interesting at least. So if someone was smart enough & had a full file definition it could be easy to map out various operating systems.

[gmtech825]

it's very common to see similar data at different addresses with gm. it can be very helpful

[hjtrbo]

Torque convertor time! The learning curve is step aye. A lot to learn.

[gmtech825]

setting up your r13 value will clean it up a lot

[In-Tech]

Hiya's
It's been quite a few years since I reversed anything(cost me an over 15 BILLION dollar law suit... I won). I used to start at the IO register and go backwards from there. Then discern what I wanted to learn and it will be a shit ton.
Have fun

[hjtrbo]

Complete Ghidra and PPC newb and anything disassembly for that matter. Happy dabbling in a little bit of C with a PIC 8 bit micro. Never used assembly language.

r13, doing some reading, it is the stack pointer?

To find the r13 address, I need to look for reference(s) for r13 where it is written to?

I found

Code: Select all

 00010290 3d a0 00 40 lis r13,0x40 #load immediate shift left by 16 bits

Does that mean the r13 address is 0x40 << 16 = 0x40 0000?

Here are the settings for anyone that want's to play along:
Language ID: PowerPC:BE:32:MPC8270 (1.5)
Compiler ID: default
Processor: PowerPC
Endian: Big
Disassembly options were left at default.

A note on the address workbook. It contains all the common tuning tables. It's approx 2/3 of what HP has defined for this OS.

[hjtrbo]

(cost me an over 15 BILLION dollar law suit... I won)

I haven't been around here for long. Sounds like one hell of a story!

[hjtrbo]

I want to doc things here in case I forget.

Search for r13. If required enlarge search results. Copy results to excel. Use text to columns to split up the line contents so we can filter for destructive instances of r13. That should be it.

In the listing view, ctrl+A to select the whole file, right click -> set address -> set the r13 address. After clicking ok, re-analyse the file (Analyse -> Re-analyse)

setting up your r13 value will clean it up a lot

Yes it did, thank you. Same code snippet from earlier, much better to look at.

[hjtrbo]

Question: The text in the olive colour is not in memory I.e. it's address is greater than the length of the binary. Presuming the answer is I need to read and understand the memory structure of the CPU?

[kur4o]

r13=3fe800
r2=0

That not referenced area is RAM and some external registers. You need to map them as a separate segment, so they can be referenced in disassembly.

Ram usually starts from 200000 and goes upto 800000, based on cpu and pcm being used.