PDA

View Full Version : ida/disassembly help needed



HNaga
08-12-2007, 07:14 PM
hello
I'm trying to patch some functions
I'm using IDA to disasm
replace the functions I need.

compile the new asm

but I have a problem in non symblic refs

e.g
lui $s0, 0x1111 # Load Upper Immediate
addiu $s0, $s0, 0x222 # Add Immediate Unsigned

Address 0x11110222 has been changed

Any idea how to do it?

regs

HNaga
08-13-2007, 06:05 PM
no single reply!!!!!!!!!!!!

ciper
08-13-2007, 06:35 PM
The people who would be able to answer your question probably saw the title of the thread and ignored it. This might just be the first time when a title like yours is accurate! Usually a thread with a similar title ends up asking a question like "how can I turn on telnet?"

Oh and sorry for being unable to help. Have you considered posting the same topic over at the tivocommunity forum underground section?

HNaga
08-14-2007, 05:51 PM
@ciper
Thanks for reply anyway.

@Moderators, you may change the topic to whatever you see.

regs

mrpenguin
08-15-2007, 08:46 PM
Not sure I understand the question. There really is no re-assembly. Just find the address you want to change, get the new opcodes, hexedit the app and you are done. You can even disassemble the newly edited app and see that your editing was done correctly.

HNaga
08-17-2007, 08:38 AM
Not sure I understand the question. There really is no re-assembly. Just find the address you want to change, get the new opcodes, hexedit the app and you are done. You can even disassemble the newly edited app and see that your editing was done correctly.

@mrpenguin
thanks for your reply.
This is a manual process and it's very difficult to modify each and every non symbolic link.

I want to know how patching is done generally- talking in consideration that the new size is not the same as the original.

regs

Jamie
08-17-2007, 11:52 AM
@mrpenguin
thanks for your reply.
This is a manual process and it's very difficult to modify each and every non symbolic link.

I want to know how patching is done generally- talking in consideration that the new size is not the same as the original.

regsIn general, tivoapp patches are done an instruction at a time. There is no size change: it is a one for one replacement of instructions. I don't know anyone who has tried replacing whole functions, though someone might have done it. The closest thing is the "long patch" in the superpatch, where a new function is written on top of an old one that was no longer called. It's all done manually.

HNaga
08-18-2007, 10:14 AM
I think I need decompiler not disassembler.
I don't know if there is one for MIPS BE.

regs

Jamie
08-18-2007, 10:34 AM
Here's (http://www.dealdatabase.com/forum/showthread.php?p=186919&highlight=decompiler#post186919) a post with links to available tools. It may be dated. Let us know if you find better tools.

HNaga
08-18-2007, 12:29 PM
Here's (http://www.dealdatabase.com/forum/showthread.php?p=186919&highlight=decompiler#post186919) a post with links to available tools. It may be dated. Let us know if you find better tools.

@Jamie
Thank you, I'll take a look .

HNaga
08-18-2007, 12:33 PM
BTW , any one has used MULTI before?

mrpenguin
08-18-2007, 04:09 PM
never heard of it, or forgot it.

HNaga
08-18-2007, 05:57 PM
it's green Hills software for MIPS