Topic created on: April 2, 2009 16:37 CDT by silviu  .
Hi,
I apologize if this question is placed in a wrong forum.
I know that my problem is piece of cake for you. It's not a PE, DLL or whatever windows application for which IDA was mainly created.
Is just a simple and ordinary 8086 disassembling of 1MB memory space linear address.
I'm trying to disassemble an embedded application , a 1.048.576 bytes binary file, 8086 compatible.
The starting address is as usual , linear 0xFFFF0 or F000:FFF0 segment:offset notation.
OK, IDA is interpreting the code at this address as a jmp far ptr 0FEBFh:0 acccording to the binary file. It's a far pointer thus both the CS and PC register are loaded.
So far so good.
But somewhere at linear address 0xF8004 we have the code 0x74 0x37 which is correctly interpreted by IDA as a short jump from current segment with a displacement of 55 bytes, but IDA is pointing with red arrow the short jump to linear address 0x0803D rather than 0xF803D. It's obvious that IDA is doing this because it's only one segment defined by default seg000
OK, I've tried to set segments to 64K but I think I'm not doing this as it should be, because I never succeed to get the label F000:8004 instead of the default seg000:F8004 , which I pressume will solve the problem. Or maybe I'm wrong again and the assignment that IDA is doing for the short jump above is due to another reason. I've used the path : Edit/Segments/Create segment...
Can someone help a dumb and dummy engineer ?
IDA was created in 1993 or so, do you think PEs and DLLs were in much use back then? :)
Create a segment from FEBF0 to FFFF0 with base FEBF, this should give you correct references inside that segment. Do the same for other CS values (e.g. 0xF8000 to 0xFE000 or whatever with base 0xF800). You'll have to figure out ranges from the code.
|
|
Reverse engineering a BIOS I see.
|
Igorsk, thank you. My mistake was related to setting the base.
Problem solved. Finally I've done this long script.
#include <idc.idc>
static main()
{
Message("creating target segment (inside entry point function main)...\n");
SegCreate([0x0000, 0], [0x1000, 0], 0x0000, 0, 0, 0);
SegRename([0x0000, 0], "0000");
SegCreate([0x1000, 0], [0x2000, 0], 0x1000, 0, 0, 0);
SegRename([0x1000, 0], "1000");
SegCreate([0x2000, 0], [0x3000, 0], 0x2000, 0, 0, 0);
SegRename([0x2000, 0], "2000");
SegCreate([0x3000, 0], [0x4000, 0], 0x3000, 0, 0, 0);
SegRename([0x3000, 0], "3000");
SegCreate([0x4000, 0], [0x5000, 0], 0x4000, 0, 0, 0);
SegRename([0x4000, 0], "4000");
SegCreate([0x5000, 0], [0x6000, 0], 0x5000, 0, 0, 0);
SegRename([0x5000, 0], "5000");
SegCreate([0x6000, 0], [0x7000, 0], 0x6000, 0, 0, 0);
SegRename([0x6000, 0], "6000");
SegCreate([0x7000, 0], [0x8000, 0], 0x7000, 0, 0, 0);
SegRename([0x7000, 0], "7000");
SegCreate([0x8000, 0], [0x9000, 0], 0x8000, 0, 0, 0);
SegRename([0x8000, 0], "8000");
SegCreate([0x9000, 0], [0xA000, 0], 0x9000, 0, 0, 0);
SegRename([0x9000, 0], "9000");
SegCreate([0xA000, 0], [0xB000, 0], 0xA000, 0, 0, 0);
SegRename([0xA000, 0], "A000");
SegCreate([0xB000, 0], [0xC000, 0], 0xB000, 0, 0, 0);
SegRename([0xB000, 0], "B000");
SegCreate([0xC000, 0], [0xD000, 0], 0xC000, 0, 0, 0);
SegRename([0xC000, 0], "C000");
SegCreate([0xD000, 0], [0xE000, 0], 0xD000, 0, 0, 0);
SegRename([0xD000, 0], "D000");
SegCreate([0xE000, 0], [0xF000, 0], 0xE000, 0, 0, 0);
SegRename([0xE000, 0], "E000");
SegCreate([0xF000, 0], [0x10000, 0], 0xF000, 0, 0, 0);
SegRename([0xF000, 0], "F000");
}
Indeed IDA is interactive but it must knew what are you trying to do. I mean IDA was not designed for dummy as me. Definitely.
Apollo, I'm not reverse engineering a BIOS. As I said , is an embedded application using a compatible 8086 processor that has nothing to do with PC BIOS or whatever.
I'm not the one who set the starting address to F000:FFF0 after reset.
When I'm reffering to PEs and DLLs is because my question was really dumb comparing to other forum questions and I didn't hope that someone will advice a newbie. Probably in the near future, if I'll focus to PC applications rather than embedded ones, I'll comeback with decent questions.
Thank you for attention.
|
Note: Registration is required to post to the forums.
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}