|
Usuario Registrado
Fecha de ingreso: 12/oct/2005
Mensajes: 44
|
Llevo desensamblando la utilidad "FLASHWR" toda la mañana con el programa IDA, la verdad es que hay muchas direcciones de memoria muy interesantes, pero me falta mas conocimientos sobre ASM y sobre como hacer un DEBUG, esto nos seria de mucha utilidad, pues veriamos las llamadas a memoria y como el programa carga los registros para acceder a la CPU, yo estoy usando el prorama OLLYDGB para el debug , hasta el momento con resultado negativo, pero repito dentro del codigo tememos lo que buscamos, necesitamos la ayuda de alguien que tenga mas conocimientos sobre como usar estos programas, haber si alguien nos hecha un cable, aqui pongo la rutina donde se hace el reset al EJTAG:
.text:00404700 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00404700
.text:00404700 ; Attributes: bp-based frame
.text:00404700
.text:00404700 sub_404700 proc near ; CODE XREF: sub_401078�j
.text:00404700
.text:00404700 var_64 = dword ptr -64h
.text:00404700 var_24 = dword ptr -24h
.text:00404700 var_20 = dword ptr -20h
.text:00404700 var_1C = dword ptr -1Ch
.text:00404700 var_18 = dword ptr -18h
.text:00404700 var_14 = dword ptr -14h
.text:00404700 var_10 = dword ptr -10h
.text:00404700 var_C = dword ptr -0Ch
.text:00404700 var_8 = dword ptr -8
.text:00404700
.text:00404700 push ebp
.text:00404701 mov ebp, esp
.text:00404703 sub esp, 64h
.text:00404706 push ebx
.text:00404707 push esi
.text:00404708 push edi
.text:00404709 lea edi, [ebp+var_64]
.text:0040470C mov ecx, 19h
.text:00404711 mov eax, 0CCCCCCCCh
.text:00404716 rep stosd
.text:00404718 mov [ebp+var_8], 0
.text:0040471F mov [ebp+var_C], 0
.text:00404726 mov [ebp+var_24], 0
.text:0040472D mov esi, esp
.text:0040472F push offset aResetEjtag___ ; "Reset EJTAG..."
.text:00404734 call off_438A34
.text:0040473A add esp, 4
.text:0040473D cmp esi, esp
.text:0040473F call sub_40D860
.text:00404744 call sub_401041
.text:00404749 test eax, eax
.text:0040474B jz loc_404800
.text:00404751 mov esi, esp
.text:00404753 push offset aOk_1 ; "OK\n"
.text:00404758 call off_438A34
.text:0040475E add esp, 4
.text:00404761 cmp esi, esp
.text:00404763 call sub_40D860
.text:00404768 mov eax, BytesReturned
.text:0040476D xor edx, edx
.text:0040476F mov ecx, 100h
.text:00404774 div ecx
.text:00404776 mov [ebp+var_14], edx
.text:00404779 mov edx, BytesReturned
.text:0040477F shr edx, 8
.text:00404782 mov [ebp+var_18], edx
.text:00404785 mov eax, [ebp+var_14]
.text:00404788 cdq
.text:00404789 mov ecx, 0Ah
.text:0040478E idiv ecx
.text:00404790 mov esi, esp
.text:00404792 push edx
.text:00404793 mov eax, [ebp+var_14]
.text:00404796 cdq
.text:00404797 mov ecx, 0Ah
.text:0040479C idiv ecx
.text:0040479E push eax
.text:0040479F push offset aUsbIceCardFirm ; "USB ICE Card Firmware version is 1.%d.%"...
.text:004047A4 call off_438A34
.text:004047AA add esp, 0Ch
.text:004047AD cmp esi, esp
.text:004047AF call sub_40D860
.text:004047B4 mov eax, [ebp+var_18]
.text:004047B7 cdq
.text:004047B8 mov ecx, 0Ah
.text:004047BD idiv ecx
.text:004047BF mov esi, esp
.text:004047C1 push edx
.text:004047C2 mov eax, [ebp+var_18]
.text:004047C5 cdq
.text:004047C6 mov ecx, 0Ah
.text:004047CB idiv ecx
.text:004047CD push eax
.text:004047CE push offset aUsbIceCardDriv ; "USB ICE Card Driver version is 1.%d.%d\n"...
.text:004047D3 call off_438A34
.text:004047D9 add esp, 0Ch
.text:004047DC cmp esi, esp
.text:004047DE call sub_40D860
.text:004047E3 cmp [ebp+var_18], 0
.text:004047E7 jnz short loc_404800
.text:004047E9 mov esi, esp
.text:004047EB push offset aYouNeedUpdateT ; " *********\n !!! You need update the I"...
.text:004047F0 call off_438A34
.text:004047F6 add esp, 4
.text:004047F9 cmp esi, esp
.text:004047FB call sub_40D860
.text:00404800
.text:00404800 loc_404800: ; CODE XREF: sub_404700+4B�j
.text:00404800 ; sub_404700+E7�j
.text:00404800 call sub_401041
.text:00404805 lea edx, [ebp+var_20]
.text:00404808 push edx
.text:00404809 push 8
.text:0040480B call sub_4010E1
.text:00404810 add esp, 8
.text:00404813 mov esi, esp
.text:00404815 mov eax, [ebp+var_20]
.text:00404818 push eax
.text:00404819 push offset a1stPcFromCpu0x ; "\n1st PC from CPU 0x%08x\n"
.text:0040481E call off_438A34
.text:00404824 add esp, 8
.text:00404827 cmp esi, esp
.text:00404829 call sub_40D860
.text:0040482E cmp [ebp+var_20], 0FF200200h
.text:00404835 jz loc_404965
.text:0040483B mov esi, esp
.text:0040483D push offset aPleaseResetThe ; "Please reset the RISC..."
.text:00404842 call off_438A34
.text:00404848 add esp, 4
.text:0040484B cmp esi, esp
.text:0040484D call sub_40D860
.text:00404852
.text:00404852 loc_404852: ; CODE XREF: sub_404700+248�j
.text:00404852 call sub_401041
.text:00404857 call sub_401041
.text:0040485C lea ecx, [ebp+var_20]
.text:0040485F push ecx
.text:00404860 push 8
.text:00404862 call sub_4010E1
.text:00404867 add esp, 8
.text:0040486A cmp [ebp+var_20], 0FF203000h
.text:00404871 jnb loc_40492D
.text:00404877 cmp [ebp+var_20], 0FF200200h
.text:0040487E jbe loc_40492D
.text:00404884 mov [ebp+var_10], 0
.text:0040488B jmp short loc_404896
.text:0040488D ; ---------------------------------------------------------------------------
.text:0040488D
.text:0040488D loc_40488D: ; CODE XREF: sub_404700:loc_404928�j
.text:0040488D mov edx, [ebp+var_10]
.text:00404890 add edx, 1
.text:00404893 mov [ebp+var_10], edx
.text:00404896
.text:00404896 loc_404896: ; CODE XREF: sub_404700+18B�j
.text:00404896 cmp [ebp+var_10], 64h
.text:0040489A jge loc_40492D
.text:004048A0 push 1
.text:004048A2 push 1
.text:004048A4 call sub_401186
.text:004048A9 add esp, 8
.text:004048AC cmp eax, 1
.text:004048AF jnz short loc_404928
.text:004048B1 lea eax, [ebp+var_20]
.text:004048B4 push eax
.text:004048B5 push 8
.text:004048B7 call sub_4010E1
.text:004048BC add esp, 8
.text:004048BF cmp [ebp+var_20], 0FF200200h
.text:004048C6 jnz short loc_4048CA
.text:004048C8 jmp short loc_40492D
.text:004048CA ; ---------------------------------------------------------------------------
|