search

Starting disassembly of a new binary

Building a symbol file for an unknown binary

hashtag
Initial symbol file

Using known fixed addresses in most (era appropriate) Mitsubishi ECU code, we can get started. Create a symbol file (ECU.sym as an example here) and add the following lines:

ECU.sym
org 8000
data	8000		epromStart
org	ceff
code	ceff		codeStart
data	cf02		empty2
data	d000		obdTable
code	d03e		reset
code	d052		ecuInit

Once you have that ready, test it out:

$ ./7675Disassm -l -r ECU.bin ECU.sym

At this point only a partial disassembly will be produced. It will probably halt on a line like this:

...
E0F2 02 11 12                        andm    $11, #$12
E0F5                                 0x13    
10000                                  .end

On line E0F5 there is a 13h (0x13) which means the byte it was decoding is an invalid OP code. This means that it is probably in a data area. Looking at the code further shows a number of TEST and NOP operations, which again is a sure sign of being in a data area:

Spotting a RTS just before tests and NOPs start showing up looks like valid code, so we tell the disassembler to start a data area just after it. Add the following to the symbol file:

At this point we should be getting most, if not all of the binary out, mostly as if it were data. Don't panic, we still have some known fixed addresses to help sort things out.

hashtag
Vector Table

Add the following to the symbol file:

At this point the disassembler should run through the entire binary, ending with a vector table.

PreviousThings you needNextMapping code vs. data areas

Last updated