Topic created on: March 6, 2010 06:38 CST by secursig .

Hello all,

nice to find a nice community such as openRCE where I can actually find people that know what they're doing.

i'm working on trying to decompile an image that was designed in an older version of VxWorks ( circa yr. 2000). I don't know if it's format is in ELF... I do not think so. I have successfully been able to decompress the image using code that does what the bootloader has inside of it to inflate from flash. Now that I have the proper uncompressed image, I can't get IDA to recognize any part of it, it just thinks it's a binary file. I know the file was built for the powerpc architecture. I tried using a linux tool to convert the binary to elf called powerpc-rtems-binutils/objcopy and it will properly build an ELF header, but I don't think this is going to do me any good without feeding it the loading address / entry point. Running strings on the file yielded very good results..so I know the uncompressed image is good.

I have already tried to look for potential addresses of where strings or functions are located, and compare those addresses with the actual location of the string, ( subtract  the value of what I think is the entry in a table from the actual address of the string ) to try to find the entry point but i'm not having much luck.

How can I go about finding the entry point / whatever I need to disassemble this in IDA?

thanks in advance for your time.