supplierdeeply
« previous next »
Pages: 1 2 3 [4]   Go Down

finsig and other tools for thumb2 (was Re: chdk in the DIGIC6 world)

  • 31 Replies
  • 1808 Views
*

Offline reyalp

  • ******
  • 9957
  • Publish
    Re: finsig and other tools for thumb2 (was Re: chdk in the DIGIC6 world)
    « Reply #30 on: 12 / January / 2016, 02:06:31 »
    Advertisements
    Quote from: srsa_4c on 11 / January / 2016, 14:15:26
    So the following would be my guess for a fix (arch/ARM/ARMInstPrinter.c, this is from the next branch but this part of the code hasn't changed since 3.0.4):
    ...
    I only verified the code snippet from your example, so it's possible that I'm wrong.
    Thanks. That seems to work for me. So does replacing the whole _ALIGN_DOWN thing with imm &= ~3;

    I'll put something on the capstone issue tracker.

    I suspect this has gone unnoticed because it only affects addresses that have the high bit set.

    I've checked in my lastest finsig_thumb2 work. This finds a lot more tasks and includes more code to handle arm/thumb transitions, but requires a patched capstone. I also fixed a bug get_call_const_args that caused a mis-identified eventproc on some firmwares.

    FWIW, if you are building capstone, you can make an ARM (including thumb) only library using.
    CAPSTONE_ARCHS="arm" ./make.sh default

    I've uploaded a patched windows library to https://app.box.com/s/sshu7dv0mebvnee6gvpsex46y2m18w51
    Logged
    Don't forget what the H stands for.
    *

    Offline reyalp

    • ******
    • 9957
  • Publish
    Re: finsig and other tools for thumb2 (was Re: chdk in the DIGIC6 world)
    « Reply #31 on: 19 / January / 2016, 00:32:16 »
    Quote from: reyalp on 03 / January / 2016, 16:23:28
    capdis
    * Load known function names from csv, use in listing
    * Show string refs
    These are both implemented. If -stubs is used, functions are loaded form funcs_by_name.csv, stubs_entry.S and stubs_entry_2.S

    It also uses the firmware_load code to identify RAM regions (by default, can be disabled with -nofwdata), so you can specify RAM addresses directly.

    The output is pretty usable now. I expect there are quite a few bugs still lurking, but it can now be used to disassemble large chunks of code with string refs and functions named. e.g., to get the g7x RAM code disassembled at the right location, I used

    ./capdis.exe ../../dumps/g7x/sub/100d/PRIMARY.BIN 0xfc000000 -stubs=../platform/g7x/sub/100d -s=0x10e1001 -e=0x110dc1c -f=objdump -d-const -d-addr -d-bin > ../../dumps/g7x/sub/100d/RAMCODE.DIS

    Note capdis now sets the initial arm/thumb mode based on the start address.
    Logged
    Don't forget what the H stands for.
    Pages: 1 2 3 [4]   Go Up
    « previous next »
     

    Related Topics