550D 1.0.8 .idc database

[indy arm]

Please find a dump of my database for 550D/1.0.8.

Only 0xff010000-0xff19fa88 are done today:

- based on Trammel IDC (sent August 2nd, 2010)
- code / data separation
- functions naming

Arm.Indy

[Zibri]

How to dump the firmware?

>  20100904_indy_ROM0.idc.bz2
> 2295KViewDownload

[arm.indy]

Zibri,

Install, run existing MagicLantern for 550d and inspect your SDCard,
something magic happened.

Arm.Indy

[Zibri]

Thanks.. I didn't install ML on my 550D for now...
I just wanted a dump to start digging into it..

> --
> http://magiclantern.wikia.com/
>
> To post to this group, send email to ml-d...@googlegroups.com
> To unsubscribe from this group, send email to
> ml-devel+u...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/ml-devel?hl=en

[Alex]

Hello,

Here is a small script which attempts to generate a stubs file from the IDC database.

Usage:
python idc2stubs.py 20100904_indy_ROM0.idc stubs-550d.108.from.idc.S

The script searches the IDC for MakeName(addr, "name") and MakeCode(addr). There is a simple filter for including/excluding the function names. Output is sorted by name. Please see the comments in the script file for more details.

Attached is the script and its output generated from Arm.Indy's database. ML seems to compile without extra errors/warnings with this file. I hope it will be useful.

Alex

--

[arm.indy]

Thanks Alex,

good job!
this is an interesting tool, which gives access to functions name and
location to people without IDA.

Be carreful anyway, each name function is mostly a good guess, which
should be correct 80-90% of the time only.

Alex,
what about adding in comment the end address of each function if it is
available ?

Arm.Indy

On Sep 14, 9:37 pm, Alex <broscutama...@gmail.com> wrote:
> Hello,
>
> Here is a small script which attempts to generate a stubs file from the IDC
> database.
>
> Usage:
> python idc2stubs.py 20100904_indy_ROM0.idc stubs-550d.108.from.idc.S
>
> The script searches the IDC for MakeName(addr, "name") and MakeCode(addr).
> There is a simple filter for including/excluding the function names. Output
> is sorted by name. Please see the comments in the script file for more
> details.
>
> Attached is the script and its output generated from Arm.Indy's database. ML
> seems to compile without extra errors/warnings with this file. I hope it
> will be useful.
>
> Alex
>

> On Sat, Sep 4, 2010 at 7:42 PM, indy arm <arm.indi...@gmail.com> wrote:
> > Please find a dump of my database for 550D/1.0.8.
>
> > Only 0xff010000-0xff19fa88 are done today:
>
> > - based on Trammel IDC (sent August 2nd, 2010)
> > - code / data separation
> > - functions naming
>
> > Arm.Indy
>
> > --
> >http://magiclantern.wikia.com/
>
> > To post to this group, send email to ml-d...@googlegroups.com
> > To unsubscribe from this group, send email to

> > ml-devel+u...@googlegroups.com<ml-devel%2Bunsu...@googlegroups.com>

> > For more options, visit this group at
> >http://groups.google.com/group/ml-devel?hl=en
>
>
>

>  idc2stubs.py
> 5KViewDownload
>
>  stubs-550d.108.from.idc.S
> 148KViewDownload

[Alex]

Thanks for the quick feedback!

Of course, there are still some problems with the function names. Two
of them (con_printf and lens_info) are already defined in ML code, so
they should be renamed in the database IMHO. Some of them have invalid
characters, like []$. These are skipped right now.

Can you give me an example of a function whose end address is
available? I don't know how to recognize them...

Also, some hints about the arguments of those functions would be nice.
Can I find something like this in the database?

Alex

[arm.indy]

you're welcome.

about this script, I think the output should be used as documentation
only, and not yet as code.

about functions end address, it seems
MakeFunction (0XFF04DC00,0XFF04DC28);
give this

I'm at 0xFF2EE9E0 in my analysis task now... I'll release it when
finished or upon request.

Arm.Indy

[Alex]

Here it is! It outputs end address for most functions, and also the flags.

What does MakeFrame do? I found this in the IDA Pro book preview:

func_t *f = get_func(ea);
set_frame_size(f, lvsize, frregs, argsize);
return f->frame;

For documentation, which format do you think it is the most appropriate? Doxygen does not like those comments...

Alex

[Alex]

I have just made the output Doxygen-friendly. After each NSTUB macro it expected a semicolon, and also a special syntax for inline comments.

You should put this into the Doxyfile:

FILE_PATTERNS = *.c *.h *.S

Now Doxygen outputs something like this:

  NSTUB (0xFF0FA548, CheckFaceArea)
  End address: 0xFF0FA78C; Flags: 0x0.
 
  NSTUB (0xFF116CE0, CheckPatternFES)
  End address: 0xFF1172B0; Flags: 0x400.

Alex

[indy arm]

Hi,

Please find an updated version (upto ff353668) of the IDC database.

Remember that function naming is generally based on "good guess", not 100% guaranted.

Arm.Indy

2010/9/4 indy arm <arm.i...@gmail.com>

[Alex]

Thanks for the hard work!

This function seems interesting:
0XFF312A68, "SetMicroAdjustCompData"
(and also a few related strings)

Could this mean that AF microadjustment will be possible? That would
be great!
Related topic: http://chdk.setepontos.com/index.php/topic,4953.0.html

On Sep 22, 10:13 pm, indy arm <arm.indi...@gmail.com> wrote:
> Hi,
>
> Please find an updated version (upto ff353668) of the IDC database.
>
> Remember that function naming is generally based on "good guess", not 100%
> guaranted.
>
> Arm.Indy
>

> 2010/9/4 indy arm <arm.indi...@gmail.com>

>
> > Please find a dump of my database for 550D/1.0.8.
>
> > Only 0xff010000-0xff19fa88 are done today:
>
> > - based on Trammel IDC (sent August 2nd, 2010)
> > - code / data separation
> > - functions naming
>
> > Arm.Indy
>
>
>

>  20100922_indy_ROM0.idc.bz2
> 2405KViewDownload