Using IDA Pro?

[Mclaneinc]

Hi folks, saw someone mention the them using IDA Pro, so being a nosey person I downloaded it.

 

I opened a file and set the processor type to 6502 but it produces a disassembly of purely byte statements.

 

Obviously I'm doing something wrong so could some kind person tell me the correct way to look at a file please.

[Rybags]

Wrathchild has it, I'm fairly sure.

 

I've got it but not used it a lot.

 

I think it's "normal" that you'll get a whole bunch of byte statements at the start. It appears to give a label as such to any RAM location that's addressed in the main code.

 

Try scrolling to where your program should be and see what's there.

[Mclaneinc]

Wrathchild has it, I'm fairly sure.

 

I've got it but not used it a lot.

 

I think it's "normal" that you'll get a whole bunch of byte statements at the start. It appears to give a label as such to any RAM location that's addressed in the main code.

 

Try scrolling to where your program should be and see what's there.

 

I'll have to check but I swear it was all byte statements...

 

EDIT: Confirmed, all bytes, no real code although it's visually there in the hex code...

Edited February 24, 2010 by Mclaneinc

[Rybags]

Here's an example from the disasm he did from the Pole Position ROM:

 

 

 

; ; Target assembler: SVENSON ELECTRONICS 6502/65C02 ASSEMBLER - V.1.0 - MAY, 1988

; IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII

; Segment type:	Regular
	;.segment zp
byte_0_10:	.BYTE 0	; (uninited)
byte_0_13:	.BYTE 0	; (uninited)
byte_0_14:	.BYTE 0	; (uninited)
byte_0_42:	.BYTE 0	; (uninited)
byte_0_4D:	.BYTE 0	; (uninited)
byte_0_7D:	.BYTE 0	; (uninited)
unk_0_7F:	; 0 .BYTE uninited & unexplored
byte_0_80:	.BYTE 0	; (uninited)
byte_0_81:	.BYTE 0	; (uninited)

 ... Big chunk removed here ...

loc_0_8000:
	CLD	
	LDA	#0
	LDX	#$20 ; ' '

loc_0_8005:				; CODE XREF: seg002:8009j
	STA	unk_0_47F,X
	DEX	
	BNE	loc_0_8005
	LDA	#4
	STA	byte_0_491
	LDA	#1
	STA	byte_0_48F

  ... another big chunk removed here ...

; UUUUUUUUUUUUUUU S U B	R O U T	I N E UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU


sub_0_9232:				; CODE XREF: sub_0_8CA5+75p
	LDA	byte_0_48F
	ASL	A
	ASL	A
	ASL	A
	ADC	byte_0_48F
	ADC	byte_0_480
	TAY	
	LDA	unk_0_9BC0,Y

 

 

[Mclaneinc]

That's what I expected to see, I'm sure it's me and the GUI is quite daunting.

 

Hopefully Wraith may have some pointers, it's not the end of the world, was just keen to see what was so hot about this all round reverse engineering tool (kind of answered myself there )

 

Normally I'd play with DIS6502, just wanted to see the pro in action

[Rybags]

It prompted me to move into the data and press "C" to identify start of a code block.

 

You should note that if you're feeding it .exe files, or most other common types that it'll have the header info which you don't really want it to process.

[Wrathchild]

Hi,

 

Rybags has it, the 6502 processor stuff can't identify the start of code when loading, say, a memory dump from an emulator. So typically you'd have found that somehow, e.g. examining the load header of the disk/exe you are playing with. Goto (g) that address and then hit 'C' to start the code analysis. IDA Pro will jump into JMP/JSR calls and resolve code there too however you will then have to manually find bits it didn't catch, e.g. vertical blank and display list interrupt routines. Feel free to PM me if you need any help.

 

BTW: if anyone wants the 'free' DOS version it was available here.

 

Regards,

Mark

Edited February 24, 2010 by Wrathchild

[ilmenit]

Rybags has it, the 6502 processor stuff can't identify the start of code when loading, say, a memory dump from an emulator. So typically you'd have found that somehow, e.g. examining the load header of the disk/exe you are playing with. Goto (g) that address and then hit 'C' to start the code analysis. IDA Pro will jump into JMP/JSR calls and resolve code there too however you will then have to manually find bits it didn't catch, e.g. vertical blank and display list interrupt routines. Feel free to PM me if you need any help.

 

I do have it too. First you have to load the binary file at the proper address. I could write a script/loader for XEX files, but you still need a full version of IDA PRO that supports 6502 CPU.

With the new IDA you could even create a debugger attached to Altirra or Atari800Win

[Mclaneinc]

Thanks guys got the gist of it.....

 

I get the feeling I'll be playing more with DIS6502, it's nice but way more than I need..

[Heaven/TQA]

Mark, where can I find the last free version of IDA Pro with 6502 support?

 

your dos version is out of question on W7...

 

Or better... if there is an OSX version out there...

[Shamus]

Dunno if there's a Mac version but it works quite nicely under Wine.

 

Seems kinda like killing a flea with a flamethrower, using IDA for 6502 code--a bit of overkill.

[Rybags]

Maybe so, but it's a lot quicker than doing repeated runs of a batch utility, continuously needing to specify the code/data boundaries.

 

One thing I've found annoying is that it seems to do auto-labelling for Absolute stuff just fine, but doesn't bother doing so for Indexed or Indirect stuff.

 

But that aside, in 2 recent projects I've been able to go from a simple binary file or RAM dump and come up with a 1:1 module assembled from the generated source in a matter of half an hour or so.

[Heaven/TQA]

Rybags... compared to DSI6502? DIS6502 is more Atari specific esp. 800 OS stuff included... can load EXE files... (used that for Gridrunner, Metagallactic Llamas etc) but with non scalable GUI and "8x8" font seems not good use on HD monitors...

[Heaven/TQA]

I have to admit after playing around with Moon Patrol that IDA is not bad at all... much faster than DIS6502 with its analysis functions.

[evilmoo]

If someone wants to pick an example binary, I'll walk you through the IDA PRO commands I use to disassemble it.

[marcokitt2000]

If someone wants to pick an example binary, I'll walk you through the IDA PRO commands I use to disassemble it.

 

 

 

 

 

Hello wath version from ida pro i don't like the dos version

dis6502 is a good programm version 2.2 what is greater ida pro ???? need more info maybe you can post a video

[Wrathchild]

From what I can tell, the Freeware 4.1 (DOS) and 4.3 (WIN) versions didn't support the 6502 and so only the DOS based version would be your best bet. I'd bought the full thing back in 1999 and certainly using the Window's GUI helps a lot and it has regular expression matching in text searches which speeds up the 'tidying' phase a processing a binary file. Saying that, I recall the DOS version being very certainly usable.

 

[Edit] Possibly if you dump the M65.* files from a full 4.3 into the installed freeware program folder it may work?

Edited March 21, 2011 by Wrathchild