IDA
Select the 80C166 processor in IDA and go to x20000h where the program section starts. Hit "C" on the keyboard and IDA will disassemble the hex into opcodes. Then hit "Ctrl + U" and the cursor will skip forward to the next unexplored area. Hit "C" again to convert the hex into opcodes. Keep doing this until the entire program section is converted to 'code'. For MS41.2 this ends somewhere near x3C000h.
Here is a little rundown of some important IDA functions. Keep in mind I am learning this program from a friend, so my knowledge at this point is somewhat limited. If you understand how programming works though these basic commands should help you make more sense of the code as its not written in a linear fashion.
ctrl-x Look at cross-references to the current location of code. This will usually tell you what other code executes or calls the current code.
g How to go to a specific address in the image.
u Undefine a region of data or code.
c Define a region as code.
shift-F12 Jump to the strings tab. This is useful when looking for clues. Usually helpful in cases where debug strings are left in a retail image.
n Label a piece of code. The idea here is that if a piece of code looks like it does something label it as 'looks_like_it_controls_ignition'. Keep doing this until you have a better idea of what it does, then go back and label it as 'sets dwell'.
; Add a comment.
d Convert current piece of code to data, or if already data convert it to a different size of data.
a Label data as an ascii string, null terminated
spacebar Let's you change the view from text to graph, etc.
esc Basically the same as clicking back on your web browser. Goes back to look at the last thing you were looking at.
alt-t Perform a search. This works in many views.
ctrl-t Cycle between matches for a search (must do alt-t first).
I find switching between text and graph with the spacebar to be the most helpful. The graph mode allows you to follow the logic and see which portions of the code apply to the line you were looking at in text view.
As an example, you can start by looking at the reset vector at the beginning of the code and see everything that is done during initialization in order.
Comments