Page 1 of 1
Easiest way to dissassemble an (pure) binary?
Posted: Thu Aug 24, 2006 3:38 am
by Npl
Im fooling around with exceptions ATM and Im interested in what exactly the syscalls would do. For this I´m dissassembling Rom0-Modules, but I havent found an easy way to do so.
1. via bin2s & objdump - works, but I dont like how the binary is shifted down a few bytes. Makes tracing absolute adresses troublesome.
2. via objcopy & objdump. Im using objcopy the following way, I cant find a -B target that fits the EE though.
Code: Select all
ee-objcopy -I binary -O elf32-littlemips -B mips:5900 \
--rename-section .data=.text,alloc,load,readonly,code,contents \
--change-section-address .data=0x80000000 \
KERNEL KERNEL.o
Dissassembling works, but EE-specific OPcodes arent decoded, the ELF-Header apparently doesnt contain the right information. I fix this by copying 0x01409220 into bytes 0x24-0x27 of the file, from thereon it works as it should.
Is this a bug/shortcoming of ee-objcopy or am I lacking some switches?
Posted: Thu Aug 24, 2006 7:37 am
by cheriff
I played with doing this at one stage, and what I did was dump ps2's kernel memory to a file and ran ee-objdump over it.
I can't recall the exact cmdline options I used, but IIRC:
-b sets the file format, ee-objdump -i will list all available. I dont have the toolchain with me now, but my i686-objdump seems to list binary as a fromat, so I guess that's the one.
--adjust-vma=offset to set where the dump was taken from, else it will be assumed that the start of the dump is at 0x00000000. (This could also be used with your bin2s method?)
and the usual -d or -D.
- cher
Posted: Thu Aug 24, 2006 11:13 pm
by Npl
cheriff wrote:I played with doing this at one stage, and what I did was dump ps2's kernel memory to a file and ran ee-objdump over it.
I can't recall the exact cmdline options I used, but IIRC:
-b sets the file format, ee-objdump -i will list all available. I dont have the toolchain with me now, but my i686-objdump seems to list binary as a fromat, so I guess that's the one.
I dint knew objdump had the some switches as objcopy. -b is just the overall file format (ie elf or binary), the disassembler needs to know which ISA is used - which would be the -m switch.
Similar to obcopy however, I cant specify the EE as architecture, mips:5900 appears to be the closest, but still missing out alot of things (EE-specific opcodes for sure, I think the Mips4/5 opcodes too). And the only way I can "list" the architectures supported is to run the executable in a hex-editor ;)
cheriff wrote:--adjust-vma=offset to set where the dump was taken from, else it will be assumed that the start of the dump is at 0x00000000. (This could also be used with your bin2s method?)
and the usual -d or -D.
- cher
Not quite sure, but bin2s also adds a symbol with the size of the binary in front, shifting everything down (so I´d need to add a neg. offset). Need to test this.
Its not like I couldnt help myself with workarounds, but I feel there should be something trivial like "ee-objdump -I binary -B mips:ee KERNEL" that Im lacking to see
Posted: Fri Aug 25, 2006 12:20 am
by jbit
I have a (little hacky) EE disassembler I wrote a few months ago.
It can operate on any ELF that the PS2 can load (GNU binutils requires "full" ELFs, or something).
It does most EE specific instructions, however I know that some instructions blocks aren't implemented (mainly COP instructions), but should be trivial to add if required.
It does some slightly helpful extras too, like syscall identification, external symbol table loading, and I recently added address calculation.
I can upload it if it'd be helpful (it should run on any unixy system without much trouble), the code isn't great though.
EDIT: I'll be away for the next few days so here's the source, just in case anybody is interested. It should be pretty self explanatory to anybody who knows what they're doing. (read: no documentation is provided).
I usually do something like "mipsdis somefile.bin -f bin -a 0x80000 -t somefile.syms > somefile.pasm", where somefile.bin is the binary, 0x80000 is the start address, and somefile.syms specifies any symbols you know about.
mipsdis-0.0.2.tar.bz2 - MIPS disassembler super alpha