Starting disassembly of a new binary
Building a symbol file for an unknown binary
Initial symbol file
Using known fixed addresses in most (era appropriate) Mitsubishi ECU code, we can get started. Create a symbol file (ECU.sym as an example here) and add the following lines:
org 8000
data 8000 epromStart
org ceff
code ceff codeStart
data cf02 empty2
data d000 obdTable
code d03e reset
code d052 ecuInitOnce you have that ready, test it out:
$ ./7675Disassm -l -r ECU.bin ECU.symAt this point only a partial disassembly will be produced. It will probably halt on a line like this:
...
E0F2 02 11 12 andm $11, #$12
E0F5 0x13
10000 .endOn line E0F5 there is a 13h (0x13) which means the byte it was decoding is an invalid OP code. This means that it is probably in a data area. Looking at the code further shows a number of TEST and NOP operations, which again is a sure sign of being in a data area:
...
E0DA 39 rts
E0DB 02 00 40 andm $00, #$40
E0DE 00 test
E0DF 80 00 suba #$00
E0E1 00 test
E0E2 01 nop
E0E3 00 test
E0E4 08 inx
E0E5 00 test
E0E6 10 sba
E0E7 00 test
E0E8 40 nega
E0E9 20 00 bra L4346
E0EB 00 L4346 test
E0EC 04 lsrd
E0ED 04 lsrd
E0EE 00 test
E0EF 08 inx
E0F0 00 test
E0F1 00 test
E0F2 02 11 12 andm $11, #$12
E0F5 0x13
...Spotting a RTS just before tests and NOPs start showing up looks like valid code, so we tell the disassembler to start a data area just after it. Add the following to the symbol file:
data E0DB moredataAt this point we should be getting most, if not all of the binary out, mostly as if it were data. Don't panic, we still have some known fixed addresses to help sort things out.
Vector Table
Add the following to the symbol file:
org ffe0
vector ffe0 intVectorAt this point the disassembler should run through the entire binary, ending with a vector table.
Last updated
Was this helpful?