Topic created on: January 23, 2008 17:50 CST by
joejinkx 
.
I know that SuperH reverse engineering is not all that popular out there, but I need some help with indirect addressing on SH.
IDA has some built in option where I can set a offset to a variable, but it takes a lot of time and I know there are some plug-ins out there that will automatically figure out offset for you.... Andy Whitaker has a tutorial video on his
website of a plug in that he has that will figure out the indirect addressing for a Bosch processor and resolve it automatically.
Does anyone have source code on how to do this?
Joe
> igorsk: Do you have an example? It might be possible to do with IDC.
Okay here is short example with two versions of what I am dealing with. The first uses a passed in value as an offset and the second one uses a constant as an offset.
mov.l @(h'AC,pc), r6 ; [000880B0] = dword_FFFF2630
mov.w @(h'98,pc), r0 ; [0008809E] = h'914
mov.l @(h'A4,pc), r13 ; [000880AC] = unk_7E40
mov.b @(r0,r6), r2 ; this will move @(0xFFFF2630+h'914) into r2
mov.b @(7,r13), r0 ; this will move @(unk_7E0+7) into r0
IDA can be used to modify the variables to look like this:
mov.l @(h'AC,pc), r6 ; [000880B0] = dword_FFFF2630
mov.w @(h'98,pc), r0 ; [0008809E] = (unk_FFFF2F44 - dword_FFFF2630)
mov.l @(h'A4,pc), r13 ; [000880AC] = unk_7E40
mov.b @(r0,r6), r2
mov.b @((byte_7E47 - unk_7E40),r13), r0
And this is fine, but it is very time consuming to go through 512 K of code and do this for a million times.
What I would like to do is figure out how to make the code look like this:
mov.l @(h'AC,pc), r6 ; [000880B0] = dword_FFFF2630
mov.w @(h'98,pc), r0 ; [0008809E] = unk_FFFF2F44
mov.l @(h'A4,pc), r13 ; [000880AC] = unk_7E40
mov.b @(r0,r6), r2
mov.b @((byte_7E47),r13), r0
The difference here is that The offsets have been taken into account and the actual address have replace the offset+base.
Thanks.
Joe
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}