OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: March 2, 2007 08:11 CST by bodzcount .

Hi,

I am reversing PPC code. A register is used as base register for all variables stored in ram. This register is initialized with the base address only at the beginning of the code. IDA doesn't remember this value in all the other functions and the ram variables dont get recognized properly.

Is there a function something like "assume r13=0x400000" ?
Or do I have to write a script (if its possible to do it by script)

regards,
Bodz

PSUJobu		March 2, 2007 11:51.28 CST
It is certainly possible in a script. I'm not sure if IDA and the PPC processor module have a facility like you describe. You'd be better off asking the question on the Datarescue bulletin board -- Ilfak could probably answer it in his sleep. ;)

aeppert		March 2, 2007 13:39.53 CST
The PPC processor module does not have this capability as I am very familiar with that module :) Pretty quick IDC script will take care of it though. Plus, would be a good thing to kindly ask. Mr Guilfanov to put on his epicly long feature request list.

bodzcount		March 2, 2007 19:20.17 CST
aeppert, it looks like you have encountered the same problem before ;) Do you already have that "quick IDC script" :P If not, it might be the time for me to learn the IDC stuff now... regards, Bodz

aeppert		March 3, 2007 10:47.43 CST
I do have one, but, unfortunately, releasing it would cause me epic pain - as it is owned by someone else. You should be able to write the same script very quickly and it is not a bad idea to know IDC.

bodzcount		March 5, 2007 12:23.55 CST
I don't figure out how to do it with IDC, any hints? regards, bodz

bodzcount		March 5, 2007 13:51.33 CST
my script looks like this so far, I can not figure out how to set the r13 register, SetReg doesnt work :( #include <idc.idc> static main() { auto a; auto d; auto ea; auto regnumber; auto start,end; auto out; //ea=AskAddr(0x00,"Bitte eine Adresse aus der Funktion angeben"); ea=SelStart(); start=GetFunctionAttr(ea,FUNCATTR_START); end=GetFunctionAttr(ea,FUNCATTR_END); for (a=start;a<end;a=a+4) { Message("Hallo"); d=GetOpType(a,1); if (d==4) { regnumber=GetOperandValue(a,1); // here i have to set r13 to 0x4017F0 } } AnalyzeArea(start,end); Message("\n"); }

bodzcount		March 8, 2007 16:38.58 CST
help :(

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit