Auto-Disassembly Script
 

I've managed to find a copy of Acamus' auto-disassembly script (onload.idc) and I like it. However it seems to be very hard to find and there could be more in it. With that in mind, I've started a fork that I can put new things into.

It still finds the items that the original script, as well as label all the registers and interrupts.

I've uploaded it to the SVN repository, which means you can always download the latest version at: http://ecurom.googlecode.com/svn/trunk/asm/ecurom.idc

The other major change is that now this isn't part of the onload mechanism, because that really breaks if you have other IDA scripts loading at the same time. The instructions for this new version are:

1. Download the latest version and save it in your C:\Program Files\IDA\idc directory
2. Load a new ROM
3. From the File menu, select IDC File and locate the C:\Program Files\IDA\idc\ecurom.idc script
4. Profit

Tonight I'll be adding in some code to automatically locate and label 2d/3d maps and the associated axes.

I'd like it to find and label some "well known" functions, like the 2d/3d map routines and the axis lookup routines. Does anyone have a reasonable list of these?

This is awesome, thanks for the effort, I have been praying for something like this:-)

I've spent the last many hours hacking on this script, and it now does automatic axis and map discovery.

The way axis discovery works is:

1. Iterate through all the references to sub_CC6 which is the axis lookup function
2. Starting at each reference, look backwards through the code to find an instruction that sets r4 (the table location in RAM)
3. Jump to that location and label the fields in the table (result ptr, length, data) as well as the table itself (unknown_axis_x)

After this is done, the map discovery runs:

1. Iterate through all calls to sub_C28 and sub_E02 which are the map lookup functions
2. Look for the start of the map the same way the axis lookup does
3. Label the fields of the map (dimensions, adder, input ptrs, columns, data) and the map itself with unknown_[2|3]d_byte_map_x.
4. Look up all the references to each of the input pointers (both for 3d and just the one for 2d). One of those references will be the axis table which contains the size
5. Use either the single axis length (for 2d) or the multiple of height and width (for 3d) to work out the size of the map. Use that number to create an array in IDA with the right shape

This seems to work quite well for most of the maps. There are some maps that it doesn't find due to a number of indirections being used. Specifically it doesn't work for the ignition/fuel/WGDC maps when tephra's altmap patch is used. That's annoying and I'm going to try and fix it.

Also it doesn't find any maps that aren't used by the code. There are a LOT of maps that seem to contain something that is never referenced, so I don't think they're very useful.

The latest version is on the SVN repository, with a download link on post #1 of this topic. Please try it out and let me know what you think.

Nice work that man................... Good for us with poor coding skills.

Nice work. :thumbup:

Getting the following error.

Which version of IDA Pro are you using?

5.2.0.908 64 bit.

Any update on this thread?

Sorry, I've been overseas away from my development machine, and today is my first day back. I'll try and take a look at it tonight. Other people have had the same problem, and while that particular problem is easy to fix, the problem is that other things in the script don't work on older versions of IDA, and that's a much harder problem. If you can upgrade you'll find it works fine :)

6.1 IDA Pro is what you need. I had the same problems with 5.1. Script runs fine with 6.1

Is there any chance this script could get updated to work with newer versions of IDA and newer instructions for newer versions of IDA?

It is Hard to track down an old version to be able to disassemble a rom, and in newer versions the menu layout ect in the instructions differ.

found out the script was saved from the web site in html not as plain text the script now works.

Script mirror...
 

I was wondering if you could share a copy of the script with me? Can you PM met or post a mirror? I have been trying to get back into this looking at the FlexFuel patches and other items from MrFred and have had trouble with the download links...

You can find info on github under dparish/ecurom as below it is the fullest pack of info I could find it is the newest scripts I could find and was merged from goglecode to github sometime ago.:

dparrish/ecurom: Automatically exported from code.google.com/p/ecurom (github.com)

This may also be handy :
Evo ECU Dissassembly (evoscan.com)

You're the best!
 

Thank you very much for the links! I have spent lots of time digging and didn't find this github. IDK if I will get anywhere but have to start somewhere. Thanks again!