find automatically addresses of known functions for a new firmware: gensig and finsig
48 vues
Accéder directement au premier message non lu
indy arm
12 nov. 2010, 14:23:0212/11/2010
à ml-d...@googlegroups.com
Hi,
CHDK people manage code and ports for tons of camera, they have written gensig and finsig to find addresses of known functions for new firmwares.
Can this be used for DSLR and Magic Lantern ? YES!
As explained here
http://magiclantern.wikia.com/wiki/Gensig_finsig
I used known addresses of functions from 5d2 and 550d stubs (from ML), and created signatures ("sig_ref_dryos_model_version.txt") for gensig.
Then applied finsig on latest firmwares versions (5d2 208, 7d 122) and 7d 110 (since some have a dump here).
Required files are attached (except dumps of course), I'll put this on bitbucket soon (in tools/).
On 5d2, you can write a dumper if you have FIO_* addresses (and the skills), this email give you the first ;-)
Once a new firmware is out, we can use finsig to generate a "draft" stubs file, which gives you recognized functions and their addresses.
When this firmware is ported (the stubs has been verified), a gensig signature file ("sig_ref_dryos_model_version.txt") can be written to generate better "finsig" signatures for upcoming firmwares, and so on...
Matches are better on a firmware version close to an existing finsig signature.
Signatures can be also added when we are 98-100% sure for a function name and its address.
I also tested signatures using DryOs CHDK cameras, VxWorks DSLR (40D and 400D): results is better with DryOS recent camera from CHDK.
I can send the results for the curious.
Now, I have a lot of GUI functions matches (dialog_*) for 550D (from 3 versions of 5d2 firmwares, thanks Trammel), so that I can continue RE this...
Indy
CHDK people manage code and ports for tons of camera, they have written gensig and finsig to find addresses of known functions for new firmwares.
Can this be used for DSLR and Magic Lantern ? YES!
As explained here
http://magiclantern.wikia.com/wiki/Gensig_finsig
I used known addresses of functions from 5d2 and 550d stubs (from ML), and created signatures ("sig_ref_dryos_model_version.txt") for gensig.
Then applied finsig on latest firmwares versions (5d2 208, 7d 122) and 7d 110 (since some have a dump here).
Required files are attached (except dumps of course), I'll put this on bitbucket soon (in tools/).
On 5d2, you can write a dumper if you have FIO_* addresses (and the skills), this email give you the first ;-)
Once a new firmware is out, we can use finsig to generate a "draft" stubs file, which gives you recognized functions and their addresses.
When this firmware is ported (the stubs has been verified), a gensig signature file ("sig_ref_dryos_model_version.txt") can be written to generate better "finsig" signatures for upcoming firmwares, and so on...
Matches are better on a firmware version close to an existing finsig signature.
Signatures can be also added when we are 98-100% sure for a function name and its address.
I also tested signatures using DryOs CHDK cameras, VxWorks DSLR (40D and 400D): results is better with DryOS recent camera from CHDK.
I can send the results for the curious.
Now, I have a lot of GUI functions matches (dialog_*) for 550D (from 3 versions of 5d2 firmwares, thanks Trammel), so that I can continue RE this...
Indy
0 nouveau message