.Hello all,
First, I apologize if my english is not perfect, it's not my primary language.
I'm having some problems defining "user-defined offsets" under IDA 5.2. In fact, it's a piece of disassembly some friend sent me a while ago, and some offsets were already defined, though, they are incorrectly defined, so I'm trying to fix them up.
Here is the useful part of the code (yep, it's 68000 assembly, but I don't think it will be a problem anyway) :
00010792 0240 0006 andi.w #6,d0
00010796 323B 0056 move.w off_107EE(pc,d0.w),d1
0001079A 4EBB 1052 jsr off_107EE(pc,d1.w)
[...]
000107EE 0008 007A 00A8 00CA off_107EE: dc.w loc_7F2+4-off_107EE
000107EE dc.w loc_864+4-off_107EE
000107EE dc.w loc_892+4-off_107EE
000107EE dc.w loc_8B6+2-off_107EE
000107F6 loc_107F6:
000107F6 1038 F603 move.b ($FFFFF603).w,d0While the desired result for the offset table should be as follows :
000107EE 0008 007A 00A8 00CA off_107EE: dc.w loc_107F6-off_107EE
000107EE dc.w loc_10868-off_107EE
000107EE dc.w loc_10896-off_107EE
000107EE dc.w loc_108B8-off_107EEThe labels loc_107F6, loc_10868, loc_10896 and loc_108b8 are already defined, and that's where the offsets in the offset table should point to.
Here is what I did to try defining the offsets :
- I selected the 4 lines of the offset table in the first listing
- I undefuned their current offset definition and selected them again
- I pressed Ctrl+R, so the "user-defined offset" window shows
- I entered the following data : OFF16, Base : 0x107EE, Target : 0x107F6, Delta : 0, and pressed OK
- IDA told me it's not necessary to specify a traget, and that it can calculate it by itself if I wish so ; the problem is that if I answer yes, the offsets will be defined as they are in the first listing... So I replied 'no' to this message.
- A "Convert to Offset en masse" window appeared
- As Lower Value, I entered : 0x107F6, and pressed OK
Result : only the first line shows correctly, the other lines just stayed in hex :
000107EE 0008 007A 00A8 00CA off_107EE: dc.w loc_107F6-off_107EE
000107EE dc.w $7A
000107EE dc.w $A8
000107EE dc.w $CAIf I only select one line among the 4, I can change it as desired, but doing so, all the other lines change back to hex...
I tried everything I could, I even tried to use IDC scripts to modify the offsets one by one, but didn't suceed.
Now, could it be a bug in IDA ?
If we calculate the resulting offset, we have, for example (first offset) :
In the first listing (erratic) : (loc_7F2 + 4 - off_107EE) : 0x07F2 + 4 - 0x107EE = FFFF 0008
In the second listing (desired) : (loc_107F6 - off_107EE) : 0x107F6 - 0x107EE = 0000 0008
The absolute value is indeed 8 (that is, the value at address 107EE)... But in the first case, the offset is negative. Moreover, the signed 32-bit value FFFF 0008 can't fit in a signed 16-bit value (as we're using 16-bit offsets). But it seems IDA just ignores this, and thinks it calculated a correct offset...
Well, this is a bit long, though I hope somebody will be able to help.
Thanks in advance.
EDIT : Some news
I was able to make a script that works in most cases, with the notable exception of negative offsets.
#include <idc.idc>
static ConvertOffsets()
{
auto ea,end,x,d;
ea = SelStart();
end = SelEnd();
if (ea == BADADDR) {
Message("Bad address !\n");
return;
}
x = ea;
while (x < end)
{
MakeWord(x);
d = Word(x);
if (d & 0x8000) d = d + 0xFFFF0000;
d = d + ea;
if (!OpOffEx(x, 0, REF_OFF16, d, ea, 0)) Message("%08x : failure ! (%08x)\n", x, d);
x = x + 2;
}
}
static main()
{
AddHotkey("Shift-O", "ConvertOffsets");
}
Here's the portion of code I'm using this script on :
00012C3A 0040 off_12C3A: dc.w $40
00012C3C 004A dc.w $4A
00012C3E FEC8 dc.w $FEC8
00012C40 FED2 dc.w $FED2
And the result being :
00012C3A 0040 off_12c3a: dc.w byte_12C7A-off_12c3a
00012C3C 004A dc.w byte_12C84-off_12c3a
00012C3E FEC8 dc.w $FEC8
00012C40 FED2 dc.w $FED2
The negative offsets (FEC8 / FED2) get colored in red, but I don't understand why they won't change to the expected result (labels byte_12b02 and byte_12b0c do exist).
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}