Topic created on: January 10, 2011 14:29 CST by jal2 .

Hi,

I'm trying to analyze a MIPS32 executable which is PIC as described here, i.e. the gp
register is set at each function entry by

li  $gp,immed
addu $gp,$t9

where t9 contains the entry address of the function.

I wrote an IDC script which calculates the value of gp and adds data and
code references for an access relative to gp. This helped in figuring out
where the functions are located, as function calls are implemented as

lw $t9, immed($gp)
...
jalr $t9


Unfortunately ascii strings references are still missing. They usually look like

lw $a0, immed($gp)
...
addiu $a0,immed2
...
jalr $t9


Do I have to keep track of $a0,...,$a3 as well in order to get references to strings?
Any other ideas how to handle this? I try to locate a part of the code where a
certain error string is generated.

There were some improvements in the MIPS module in IDA Pro 5.7, will the current
version handle the above stuff correctly?