Page 8 of 9 FirstFirst ... 6789 LastLast
Results 106 to 120 of 126

Thread: Mips disassembler v0.1

  1. #106
    Join Date
    Nov 2004
    Posts
    295
    Interesting, I just found this post:
    http://dealdatabase.com/forum/showpo...4&postcount=26

    DrNull added to the original script to catch the string loading assembly pattern I am getting from my builds which makes me wonder if the other pattern is created from a different code construct.

    Update: Ok, doing some research on the web has led me to understand that the lw\addiu vs. lui\ori doesn't have anything to do with string loading per se, they are just different ways to reference a memory location. You use lui\ori for larger addresses that can't be loaded 'immediately' with lw\addiu.

    I don't know much about the gcc compiler, but I assume that it puts all the string literals in a string table somewhere? Possibly towards the end of the executable? This might explain why my tiny helloworld app refers to strings using a direct load, but tivoapp, which is much much larger has to load strings using high word, low word memory addressing.
    Last edited by SpoonsJTD; 10-22-2006 at 11:02 PM.

  2. #107
    Join Date
    May 2002
    Posts
    314

    BRF strings

    For anyone looking for a huge boost to the number of strings referenced by the 6.3a disassembly...

    The routine ResourceManager::LookupResource() is a very large "if" statement that maps values from 0x4c4b40 through 0x4fd032 into strings from 24 different BRFs. Those BRFs are simple in that they each consist of only a single list of strings. Combined, they will provide you with over 2100 strings. The strings are referenced about 1900 times in the code, which should help orient you within the code considerably.

    The routine also maps values from 0x4fd033 through 0x517b7f into PNG images from 11 different BRFs.

    Other versions of tivoapp also have LookupResource() (easily found by looking for that string), but of course the numbers above are all different.

    Hope that helps some...

    P.S. The LookupResource() routine itself isn't called that many times directly... it's called by FetchResource (at 0x499a40 in v6.3a) that *is* called about 1400 times. For instance:

    Code:
      9e95e4:	3c05004f 	lui	a1,0x4f
      9e95e8:	02002021 	move	a0,s0
      9e95ec:	0c126690 	jal	0x499a40         ;: <FetchResource>
      9e95f0:	34a5cfc7 	ori	a1,a1,0xcfc7     ;: a1 = 004fcfc7 (BRF_STR "Sorry, recording of music and audio-only programs is not supported at this time.")
    Last edited by MuscleNerd; 11-18-2006 at 12:21 AM.

  3. #108
    Join Date
    Sep 2007
    Posts
    1

    35 how do you use it

    sorry im noob how do you use the mipsdisassemble

  4. #109
    Join Date
    Aug 2004
    Posts
    4,075
    Quote Originally Posted by jacko101 View Post
    sorry im noob how do you use the mipsdisassemble
    The instructions are listed in the very first post in this thread. If they don't make sense to you, then you are in way over your head and it is unlikely the tool will be of any use to you.

  5. #110
    Join Date
    Feb 2006
    Posts
    64
    Please post tivoapp.proc files for any versions you may have. It would be helpful if you could help me find the version of tivoapp to match the tivoapp.proc file you post. Thanks.
    Last edited by woracan; 09-11-2009 at 01:30 PM.

  6. #111
    Join Date
    Nov 2004
    Posts
    420
    There were never very many folks producing *.proc files to begin with, and the versions that you're asking for are circa 2005 (and 6.1 is for a combo box). So I'm not sure how much of a response you'll get.

    I see your post of the NoCSO patch for 7.2.0a-oth, were you looking for any other patches in particular, or just wanting to explore a bit more?

  7. #112
    Join Date
    Feb 2006
    Posts
    64
    Quote Originally Posted by tivo4mevo View Post
    There were never very many folks producing *.proc files to begin with, and the versions that you're asking for are circa 2005 (and 6.1 is for a combo box). So I'm not sure how much of a response you'll get.

    I see your post of the NoCSO patch for 7.2.0a-oth, were you looking for any other patches in particular, or just wanting to explore a bit more?
    I'd like to explore the tivoapp more.
    Last edited by woracan; 09-11-2009 at 01:27 PM.

  8. #113
    Join Date
    Nov 2004
    Posts
    420
    You're correct that hacking related to guide data isn't discussed here.

    If no one has a *.proc file for your specific tivoapp, you may be able to obtain a tivoapp for which the proc file has already been posted, explore that, and then extrapolate that to your specific versions.

  9. #114
    Join Date
    Jun 2006
    Location
    Dougal County
    Posts
    1,007
    here's some symbol information from 11.0d tivoapp and libtmk.so, mostly ported from the stuff posted here previously

    the tmesis script missed quite a few strings in the 'tivoapp_main()' function, but after manually matching up the missing references, it was a snap to identify most of tivoapp's subprograms

    off to bed...

    [edit]see post below for updated tivoapp.proc
    Last edited by jt1134; 09-27-2009 at 07:47 PM.

  10. #115
    Join Date
    Jan 2005
    Posts
    127
    Here's some more stuff.

    There's an updated mips.dasm (0.4.5). This fixes some bugs and adds some new features. Some of the updates are mine, and others came from another contributor. Unfortunately, I don't have a good change log. It includes most of the updates from this thread. One notable thing still missing is the resource string reference lookup suggested by MuscleNerd.

    mips.dasm now dumps a .refcount file that lists procedure reference counts.

    It also dumps a .proc.new file with candidate .proc entries based on a simple heuristic that a reference to a string that looks like a function prototype might be a good candidate for the containing function prototype.

    There's a perl script, libSymbols.pl, that scans the name list from a set of .so files to produce a .proc. This is basically the code that nova1 suggested here, but taken out of mips.dasm so it can be applied to multiple libraries to produce a .proc file.

    There's a perl script, fsmSymbols.pl that scans the data sections of tivoapp looking for string references next to code references. The idea is that the string might be a good identifier for the function. This seems to work well for functions called from the BRF Finite State Machines.

    Finally, there's a 11.0d tivoapp.proc. This starts with jt1134's as a base, adds some of the know patches, and the functions identified with the scripts above. There's a lot of cruft in there, but the cruft doesn't seem to cause problems, and some of the additions found by the heuristics are useful.

  11. #116
    Join Date
    Jun 2006
    Location
    Dougal County
    Posts
    1,007
    thanks for the update 7.1 (and the unnamed contributor)! i've been trying to get up to speed with perl so that i could try to implement most of this stuff

    here's an updated 11.0d tivoapp.proc including everything from above with ~100 more libtmk.so routines and a handful more from tivoapp

  12. #117
    Join Date
    Jan 2005
    Posts
    127
    Here's another little addition: brf strings based on MuscleNerds post.

    brfstrings.tcl is a variation on this script.

    brf.sh uses brfstrings.tcl and produces a tivoapp.brfstrings file used by mips.dasm. It is hand written based on the code in ResourceManager::LookupResource. It could probably be automated, but it isn't that hard to do it by hand. I've done 11.0d and 7.2.2b.

    mips.dasm-0.4.6.pl now looks up string references in registers from tivoapp.brfstrings.

    This all works nicely in 7.2.2b, finding 1800 BRF strings. Unfortunately, there are a lot less in 11.0d: only 206.
    Last edited by 7.1; 10-09-2009 at 11:42 AM. Reason: correct brfstrings.tcl script name (renamed from original brfparse.tcl).

  13. #118
    Join Date
    Feb 2006
    Posts
    64
    Thanks for the excellent contribution 7.1!

    Shouldn't the locations for sp2 and sp3 in the 7.2.2b tivoapp.proc file be unique?

    Code:
    0x00c593d0	sp2
    0x00c593d0	sp3

  14. #119
    Join Date
    Feb 2006
    Posts
    64
    In the 7.2.2b tivoapp.proc file,
    Code:
    0x00e3834c	sp12
    should be
    Code:
    0x00e3934c	sp12

  15. #120
    Join Date
    Dec 2003
    Location
    Indianapolis
    Posts
    297
    Quote Originally Posted by 7.1 View Post
    brf.sh uses brfstrings.tcl and produces a tivoapp.brfstrings file used by mips.dasm. It is hand written based on the code in ResourceManager::LookupResource. It could probably be automated, but it isn't that hard to do it by hand. I've done 11.0d and 7.2.2b.
    How do you go about creating or modifying the brf.sh file for 6.4a software. I'm playing around with MIPS disassembler and am interested in what this adds to the output.
    (2) UltimateTV - upgraded w/160GB
    (1) HR10-250 2TB 6.4a
    (1) HR10-250 620GB 6.4a
    (1) HR10-250 300GB 6.4a
    (3) HR21 (2) with AM21 & internal 2TB Seagate
    RandC

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •