Just for laughs, what happens if you run cygwin native objdump on the dismipper.exe and feed to create a bogus firmware.bin and feed that into dismipper? Works for me - I mean it complains about it not matching the hint file very well, but it processes it without the sorts of errors you've been seeing.
The changes I had to make from the ogirinal (all in sections.c) where:
- Replacing strcasestr with strstr and -*test*-('") to "Disassembly", also adding a -*test*-('") for "SYMBOLS" if the objdump output has a symbol table due to -t or because it just feels like giving you one
- Implementing some version of strlcpy such as the one posted above. It can simply be put near the beginning of sections.c without a prototype... crude, but effective.
comple with gcc -mno-cygwin -o dismipper <all the .c files with main.c last>
Ok, did all that and got same results as you did from bogus firmware.bin
and got "Unable to allocate 0xd8420200 bytes for section :" error when running real firmware through it.
I ran your posted excerpt through my build of dismipper, and it seemed to sort of work, except that it kept complaining like this on about every line, due to the obvious ommisions.
Attempted to trace execution to address 8012e60e in section <somethingorother>, but not in input file.
I'd be particularly interested to hear what you got for the line where I got
Headers read: 12 sections, 15637 kB allocated. (firmware size 0x145c9c, 1303 kB)
Did you still get that malloc failure?
zapped- 08-29-2005
actually, I was the one that got "Headers read: 12 sections, 15637 kB allocated. (firmware size 0x145c9c, 1303 kB)"...I got that when running my modified version of dismipper.exe when I used a Makefile and didn't use your strlcpy hack, but just added int strlcpy (char *dst, const char *src, int size); to sections.h
Yes, when I modified dismipper per your instructions, I still get the malloc error. (if only I had at least 3gigs of memory free in this machine ;) )
Corscaria- 08-29-2005
BTW, IDA identifies the processor as "MIPS R5900 (Sony Playstation2) little endian"
zapped- 08-29-2005
BTW, IDA identifies the processor as "MIPS R5900 (Sony Playstation2) little endian"
Which version of IDA are you using?
thehardway- 08-29-2005
BTW, IDA identifies the processor as "MIPS R5900 (Sony Playstation2) little endian"
Well now we know what to buy as a development environment ;-)
Zapped... wierd... have you tried pasting your post into firmware.hd and running that? Because it works on my cygwin... And I really don't think I'm mallocing 3GB...
zapped- 08-29-2005
BTW, IDA identifies the processor as "MIPS R5900 (Sony Playstation2) little endian"
Well now we know what to buy as a development environment ;-)
Zapped... wierd... have you tried pasting your post into firmware.hd and running that? Because it works on my cygwin... And I really don't think I'm mallocing 3GB...
yep, and I probably get the same as you, a bunch of "Attempted to trace execution to address 80000640 in section .text, but not in input file." (with various addresses and sections)
thehardway- 08-29-2005
So when do you get the malloc error then?
Rammer- 08-29-2005
BTW, IDA identifies the processor as "MIPS R5900 (Sony Playstation2) little endian"
Well now we know what to buy as a development environment ;-)
So. you plan on compiling your own firmware natively on the camcorder? :lol: Or just setting up a toolchain for cross-compiling? ;)
I'd say the compiler was probably this Green Hills compiler.
The feature I will miss the most in "dismipper" is IDA Pro's fast library identification and recognition technology. It uses signatures to recognize standard library functions generated by supported compilers. Unfortunately, Green Hills C Compiler is not one of the compilers that is supported. However, if someone had access to that compiler, a program could be written that called most of the common C functions. That program could then be disassembled and annotated with the source. It's then possible to quickly recognize certain patterns in other disassembled binaries from the same compiler.
pure analog- 08-29-2005
Anyone know where I can get objdump for mips?
morcheeba- 08-29-2005
Here's what the start of my output looks like:
Headers read: 12 sections, 15637 kB allocated. (firmware size 0x145c9c, 1303 kB)
Pass zero: Reading data... done. (bytes read = 0x1363d0)
Pass one: tracing program execution
Warning - bad var address in firmware.comments:
var=0xb0010170,"UART write register?"
exploring 874 entry points (0 instructions disassembled, 0% of code).
warning: failed to trace execution at computed goto @ bfc080a0 (thread .spc0)
successful jumptable trace - jump @ 80001734, table @ 80118008, 8 entries
successful jumptable trace - jump @ 80004750, table @ 80118500, 20 entries
successful jumptable trace - jump @ 80005488, table @ 80118568, 8 entries
successful jumptable trace - jump @ 80006ae0, table @ 80118610, 18 entries
successful jumptable trace - jump @ 800095e0, table @ 80118808, 5 entries
successful jumptable trace - jump @ 80027494, table @ 8011a300, 443 entries
successful jumptable trace - jump @ 8002a31c, table @ 8011b0a8, 5 entries
warning: failed to trace execution at computed goto @ 8002f44c (thread Browse Audio_2)
successful jumptable trace - jump @ 8002f568, table @ 8011b578, 32 entries
... plus lots more warnings before getting to the good stuff.
Pure analog - objdump is part of the binutils - download version 2.16 here. I compiled it from the source, and used this configure line:./configure --target=mips powerpc-apple-darwin8.1.0... but if you're not on a mac, you'd probably need something else
pure analog- 08-29-2005
I got it, had to get bison and flex first though.
pure analog- 08-29-2005
i got my firmware and tried to run the program, but it crashes on this line of sections.c:
(void) vsnprintf(add_note_str, note_buffer_len, fmt, ap); va_end(ap);
add_note_str is not a null pointer
note_buffer_len is 2048, but that's been true before without crashing it
Forumer™ is Voted #1 Free Forum Hosting provider
Build your own community today with the largest message board hosting company.