chdk in the DIGIC6 world - page 11 - General Discussion and Assistance - CHDK Forum

chdk in the DIGIC6 world

  • 201 Replies
  • 172508 Views
*

Offline Ant

  • *****
  • 509
Re: chdk in the DIGIC6 world
« Reply #100 on: 23 / July / 2017, 13:48:33 »
Advertisements
An universal one, made with this script (I also posted this link earlier): http://pete.akeo.ie/2011/04/quick-and-dirty-script-to-compile.html

Objdump produced with this script generates the same "weird" disassembly.
Code: [Select]
ml@ml-pc:~/esp-open-sdk/crosstool-NG/.build/src/binutils-2.25.1/binutils$ ./objdump -i

./objdump: supported targets: elf64-x86-64 elf32-bigaarch64 elf32-littleaarch64 elf64-bigaarch64 elf64-littleaarch64 ecoff-littlealpha elf64-alpha elf64-alpha-freebsd nlm32-alpha vms-alpha vms-libtxt elf32-am33lin a.out-zero-big demo64 a.out.adobe elf32-bigarc elf32-littlearc a.out-arm-netbsd coff-arm-big coff-arm-little elf32-bigarm elf32-littlearm elf32-bigarm-symbian elf32-littlearm-symbian elf32-bigarm-vxworks elf32-littlearm-vxworks pe-arm-big pe-arm-little epoc-pe-arm-big epoc-pe-arm-little pe-arm-wince-big pe-arm-wince-little pei-arm-big pei-arm-little epoc-pei-arm-big epoc-pei-arm-little pei-arm-wince-big pei-arm-wince-little elf32-avr elf32-bfin elf32-bfinfdpic b.out.big b.out.little elf32-cr16 elf32-cr16c a.out-cris elf32-cris elf32-us-cris elf32-crx elf32-d10v elf32-d30v elf32-dlx elf32-big elf32-little elf64-big elf64-little elf32-epiphany elf32-fr30 elf32-frv elf32-frvfdpic coff-h8300 elf32-h8300 coff-h8500 elf32-hppa elf32-hppa-linux elf32-hppa-netbsd elf64-hppa elf64-hppa-linux som elf32-i370 a.out-i386 a.out-i386-bsd a.out-i386-freebsd a.out-i386-lynx a.out-i386-netbsd i386os9k coff-i386 coff-go32 coff-go32-exe coff-i386-lynx elf32-i386 elf32-i386-freebsd elf32-i386-nacl elf32-i386-sol2 elf32-i386-vxworks mach-o-i386 msdos nlm32-i386 pe-i386 pei-i386 coff-i860 elf32-i860 elf32-i860-little elf32-i960 elf32-ia64-hpux-big elf64-ia64-big elf64-ia64-little elf64-ia64-hpux-big elf64-ia64-vms pei-ia64 coff-Intel-big coff-Intel-little ieee elf32-ip2k elf32-iq2000 elf64-k1om elf64-k1om-freebsd elf64-l1om elf64-l1om-freebsd elf32-lm32 elf32-m32c elf32-m32r elf32-m32rle elf32-m32r-linux elf32-m32rle-linux elf32-m68hc11 elf32-m68hc12 a.out-hp300hpux a.out-m68k-netbsd a.out-newsos3 coff-m68k coff-m68k-sysv coff-m68k-un elf32-m68k versados a.out-m88k-mach3 a.out-m88k-openbsd coff-m88kbcs elf32-m88k mach-o-be mach-o-le mach-o-fat elf32-mcore-big elf32-mcore-little pe-mcore-big pe-mcore-little pei-mcore-big pei-mcore-little elf32-mep elf32-metag elf32-microblaze a.out-mips-little ecoff-bigmips ecoff-littlemips ecoff-biglittlemips elf32-bigmips elf32-littlemips elf32-nbigmips elf32-nlittlemips elf32-ntradbigmips elf32-ntradlittlemips elf32-ntradbigmips-freebsd elf32-ntradlittlemips-freebsd elf32-tradbigmips elf32-tradlittlemips elf32-tradbigmips-freebsd elf32-tradlittlemips-freebsd elf32-bigmips-vxworks elf32-littlemips-vxworks elf64-bigmips elf64-littlemips elf64-tradbigmips elf64-tradlittlemips elf64-tradbigmips-freebsd elf64-tradlittlemips-freebsd pe-mips pei-mips elf64-mmix mmo elf32-mn10200 elf32-mn10300 elf32-bigmoxie elf32-littlemoxie elf32-msp430 elf32-msp430 elf32-mt elf32-nds32be elf32-nds32le elf32-nds32be-linux elf32-nds32le-linux elf32-bignios2 elf32-littlenios2 a.out-pc532-mach a.out-ns32k-netbsd elf32-or1k a.out-pdp11 pef pef-xlib elf32-pj elf32-pjl plugin ppcboot elf32-powerpc elf32-powerpcle elf32-powerpc-freebsd elf32-powerpc-vxworks elf64-powerpc elf64-powerpcle elf64-powerpc-freebsd nlm32-powerpc pe-powerpc pe-powerpcle pei-powerpc pei-powerpcle elf32-rl78 aixcoff64-rs6000 aix5coff64-rs6000 aixcoff-rs6000 elf32-rx-be elf32-rx-be-ns elf32-rx-le elf32-s390 elf64-s390 elf32-bigscore elf32-littlescore elf32-sh64 elf32-sh64l elf32-sh64-linux elf32-sh64big-linux elf32-sh64-nbsd elf32-sh64l-nbsd elf64-sh64 elf64-sh64l elf64-sh64-linux elf64-sh64big-linux elf64-sh64-nbsd elf64-sh64l-nbsd coff-sh coff-shl coff-sh-small coff-shl-small elf32-sh elf32-shl elf32-shbig-fdpic elf32-sh-fdpic elf32-sh-linux elf32-shbig-linux elf32-sh-nbsd elf32-shl-nbsd elf32-shl-symbian elf32-sh-vxworks elf32-shl-vxworks pe-shl pei-shl a.out-sparc-little a.out-sparc-linux a.out-sparc-lynx a.out-sparc-netbsd a.out-sunos-big coff-sparc coff-sparc-lynx elf32-sparc elf32-sparc-sol2 elf32-sparc-vxworks elf64-sparc elf64-sparc-freebsd elf64-sparc-sol2 nlm32-sparc elf32-spu sym a.out-tic30 coff-tic30 coff0-beh-c54x coff0-c54x coff1-beh-c54x coff1-c54x coff2-beh-c54x coff2-c54x elf32-tic6x-be elf32-tic6x-le coff-tic80 elf32-tilegx-be elf32-tilegx-le elf64-tilegx-be elf64-tilegx-le elf32-tilepro elf32-v850-rh850 elf32-v850 a.out-vax1k-netbsd a.out-vax-bsd a.out-vax-netbsd elf32-vax coff-w65 coff-we32k coff-x86-64 elf32-x86-64 elf32-x86-64-nacl elf64-x86-64-freebsd elf64-x86-64-nacl elf64-x86-64-sol2 mach-o-x86-64 pe-x86-64 pe-bigobj-x86-64 pei-x86-64 elf32-xc16x elf32-xgate elf32-xstormy16 elf32-xtensa-be elf32-xtensa-le coff-z80 coff-z8k srec symbolsrec verilog tekhex binary ihex

*

Offline srsa_4c

  • ******
  • 4451
Re: chdk in the DIGIC6 world
« Reply #101 on: 23 / July / 2017, 14:38:01 »
Objdump produced with this script generates the same "weird" disassembly.
Code: [Select]
ml@ml-pc:~/esp-open-sdk/crosstool-NG/.build/src/binutils-2.25.1/binutils$ ./objdump -i

./objdump: supported targets: elf64-x86-64 elf32-bigaarch64 elf32-littleaarch64 elf64-bigaarch64 elf64-littleaarch64 ecoff-littlealpha elf64-alpha elf64-alpha-freebsd nlm32-alpha vms-alpha vms-libtxt elf32-am33lin a.out-zero-big demo64 a.out.adobe elf32-bigarc elf32-littlearc a.out-arm-netbsd coff-arm-big coff-arm-little elf32-bigarm elf32-littlearm elf32-bigarm-symbian elf32-littlearm-symbian elf32-bigarm-vxworks elf32-littlearm-vxworks pe-arm-big pe-arm-little epoc-pe-arm-big epoc-pe-arm-little pe-arm-wince-big pe-arm-wince-little pei-arm-big pei-arm-little epoc-pei-arm-big epoc-pei-arm-little pei-arm-wince-big pei-arm-wince-little elf32-avr elf32-bfin elf32-bfinfdpic b.out.big b.out.little elf32-cr16 elf32-cr16c a.out-cris elf32-cris elf32-us-cris elf32-crx elf32-d10v elf32-d30v elf32-dlx elf32-big elf32-little elf64-big elf64-little elf32-epiphany elf32-fr30 elf32-frv elf32-frvfdpic coff-h8300 elf32-h8300 coff-h8500 elf32-hppa elf32-hppa-linux elf32-hppa-netbsd elf64-hppa elf64-hppa-linux som elf32-i370 a.out-i386 a.out-i386-bsd a.out-i386-freebsd a.out-i386-lynx a.out-i386-netbsd i386os9k coff-i386 coff-go32 coff-go32-exe coff-i386-lynx elf32-i386 elf32-i386-freebsd elf32-i386-nacl elf32-i386-sol2 elf32-i386-vxworks mach-o-i386 msdos nlm32-i386 pe-i386 pei-i386 coff-i860 elf32-i860 elf32-i860-little elf32-i960 elf32-ia64-hpux-big elf64-ia64-big elf64-ia64-little elf64-ia64-hpux-big elf64-ia64-vms pei-ia64 coff-Intel-big coff-Intel-little ieee elf32-ip2k elf32-iq2000 elf64-k1om elf64-k1om-freebsd elf64-l1om elf64-l1om-freebsd elf32-lm32 elf32-m32c elf32-m32r elf32-m32rle elf32-m32r-linux elf32-m32rle-linux elf32-m68hc11 elf32-m68hc12 a.out-hp300hpux a.out-m68k-netbsd a.out-newsos3 coff-m68k coff-m68k-sysv coff-m68k-un elf32-m68k versados a.out-m88k-mach3 a.out-m88k-openbsd coff-m88kbcs elf32-m88k mach-o-be mach-o-le mach-o-fat elf32-mcore-big elf32-mcore-little pe-mcore-big pe-mcore-little pei-mcore-big pei-mcore-little elf32-mep elf32-metag elf32-microblaze a.out-mips-little ecoff-bigmips ecoff-littlemips ecoff-biglittlemips elf32-bigmips elf32-littlemips elf32-nbigmips elf32-nlittlemips elf32-ntradbigmips elf32-ntradlittlemips elf32-ntradbigmips-freebsd elf32-ntradlittlemips-freebsd elf32-tradbigmips elf32-tradlittlemips elf32-tradbigmips-freebsd elf32-tradlittlemips-freebsd elf32-bigmips-vxworks elf32-littlemips-vxworks elf64-bigmips elf64-littlemips elf64-tradbigmips elf64-tradlittlemips elf64-tradbigmips-freebsd elf64-tradlittlemips-freebsd pe-mips pei-mips elf64-mmix mmo elf32-mn10200 elf32-mn10300 elf32-bigmoxie elf32-littlemoxie elf32-msp430 elf32-msp430 elf32-mt elf32-nds32be elf32-nds32le elf32-nds32be-linux elf32-nds32le-linux elf32-bignios2 elf32-littlenios2 a.out-pc532-mach a.out-ns32k-netbsd elf32-or1k a.out-pdp11 pef pef-xlib elf32-pj elf32-pjl plugin ppcboot elf32-powerpc elf32-powerpcle elf32-powerpc-freebsd elf32-powerpc-vxworks elf64-powerpc elf64-powerpcle elf64-powerpc-freebsd nlm32-powerpc pe-powerpc pe-powerpcle pei-powerpc pei-powerpcle elf32-rl78 aixcoff64-rs6000 aix5coff64-rs6000 aixcoff-rs6000 elf32-rx-be elf32-rx-be-ns elf32-rx-le elf32-s390 elf64-s390 elf32-bigscore elf32-littlescore elf32-sh64 elf32-sh64l elf32-sh64-linux elf32-sh64big-linux elf32-sh64-nbsd elf32-sh64l-nbsd elf64-sh64 elf64-sh64l elf64-sh64-linux elf64-sh64big-linux elf64-sh64-nbsd elf64-sh64l-nbsd coff-sh coff-shl coff-sh-small coff-shl-small elf32-sh elf32-shl elf32-shbig-fdpic elf32-sh-fdpic elf32-sh-linux elf32-shbig-linux elf32-sh-nbsd elf32-shl-nbsd elf32-shl-symbian elf32-sh-vxworks elf32-shl-vxworks pe-shl pei-shl a.out-sparc-little a.out-sparc-linux a.out-sparc-lynx a.out-sparc-netbsd a.out-sunos-big coff-sparc coff-sparc-lynx elf32-sparc elf32-sparc-sol2 elf32-sparc-vxworks elf64-sparc elf64-sparc-freebsd elf64-sparc-sol2 nlm32-sparc elf32-spu sym a.out-tic30 coff-tic30 coff0-beh-c54x coff0-c54x coff1-beh-c54x coff1-c54x coff2-beh-c54x coff2-c54x elf32-tic6x-be elf32-tic6x-le coff-tic80 elf32-tilegx-be elf32-tilegx-le elf64-tilegx-be elf64-tilegx-le elf32-tilepro elf32-v850-rh850 elf32-v850 a.out-vax1k-netbsd a.out-vax-bsd a.out-vax-netbsd elf32-vax coff-w65 coff-we32k coff-x86-64 elf32-x86-64 elf32-x86-64-nacl elf64-x86-64-freebsd elf64-x86-64-nacl elf64-x86-64-sol2 mach-o-x86-64 pe-x86-64 pe-bigobj-x86-64 pei-x86-64 elf32-xc16x elf32-xgate elf32-xstormy16 elf32-xtensa-be elf32-xtensa-le coff-z80 coff-z8k srec symbolsrec verilog tekhex binary ihex
Mine is
Code: [Select]
> objdump-uni -v
GNU objdump (GNU Binutils) 2.26.20160125
Copyright (C) 2015 Free Software Foundation, Inc.
and the -i switch produces ~350kB output.

*

Offline Ant

  • *****
  • 509
Re: chdk in the DIGIC6 world
« Reply #102 on: 25 / July / 2017, 12:38:53 »
Finally  I made compatible objdump using these commands:
Code: [Select]
git clone git://sourceware.org/git/binutils-gdb.git
cd binutils-gdb
./configure --enable-targets=xtensa --disable-nls
make -j2

Sadly the IDA plugin doesn't work correctly with mzrm xtensa blobs...
« Last Edit: 25 / July / 2017, 13:30:40 by Ant »

*

Offline Ant

  • *****
  • 509
Re: chdk in the DIGIC6 world
« Reply #103 on: 28 / July / 2017, 17:26:37 »
I've slightly modified plugin above by adding some missing instructions.
Now disassembly code looks more similar to objdump output.

I'm not sure about Floating-Point Coprocessor and Boolean registers.
Is it used in D6?

How to display auto comments for strings referenced by offsets?
« Last Edit: 28 / July / 2017, 18:23:33 by Ant »

*

Offline reyalp

  • ******
  • 14128
Re: chdk in the DIGIC6 world
« Reply #104 on: 28 / July / 2017, 21:39:54 »
I'm not sure about Floating-Point Coprocessor and Boolean registers.
From strings, I'd expect an FPU is present, although it's possible those are just generic code for a feature that isn't enabled.
Don't forget what the H stands for.

*

Offline srsa_4c

  • ******
  • 4451
Re: chdk in the DIGIC6 world
« Reply #105 on: 29 / July / 2017, 06:11:33 »
I'm not sure about Floating-Point Coprocessor and Boolean registers.
Is it used in D6?
I have seen both kind in the disassembly.
Quote
How to display auto comments for strings referenced by offsets?
I have no idea, unfortunately. You'll have to dig in the IDA plugin docs.

*

Offline Ant

  • *****
  • 509
Re: chdk in the DIGIC6 world
« Reply #106 on: 01 / August / 2017, 11:11:05 »
I added about 80 more opcodes including boolean, floating point and cache related instructions.
How to increase the limit of 6 operands for instructions "all8" and "any8" ?

*

Offline srsa_4c

  • ******
  • 4451
Re: chdk in the DIGIC6 world
« Reply #107 on: 01 / August / 2017, 13:10:29 »
I added about 80 more opcodes including boolean, floating point and cache related instructions.
How to increase the limit of 6 operands for instructions "all8" and "any8" ?
I think that's a limitation of the script (meaning I don't think it's an IDA limit), so you need to change that (I'm not really familiar with Python or IDA plugins).
I have not found any valid all8 and any8 instructions in the M3 Xtensa blobs so far, so you don't necessarily need these instructions.

*

Offline Ant

  • *****
  • 509
Re: chdk in the DIGIC6 world
« Reply #108 on: 01 / August / 2017, 13:42:57 »
I think that's a limitation of the script (meaning I don't think it's an IDA limit), so you need to change that (I'm not really familiar with Python or IDA plugins).
It's limited somwhere inside IDA's binary. I was trying to modify UA_MAXOP in idaapi.py. There were no errors, but it only 6 operands were visible.

Quote
I have not found any valid all8 and any8 instructions in the M3 Xtensa blobs so far, so you don't necessarily need these instructions.
Yes, I know it.

P.S. It is convenient that the beginning of the subroutines is aligned to 4 bytes.

*

Offline srsa_4c

  • ******
  • 4451
Re: chdk in the DIGIC6 world
« Reply #109 on: 03 / August / 2017, 16:28:53 »
P.S. It is convenient that the beginning of the subroutines is aligned to 4 bytes.
Yes. Much less convenient is, however, that RET and J instructions are often followed by 'filler' zero bytes, in a seemingly random nature.

 

Related Topics


SimplePortal © 2008-2014, SimplePortal