Author Topic: Finding Syscalls  (Read 5038 times)

0 Members and 1 Guest are viewing this topic.

Offline Legimet

  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 336
  • Rating: +29/-0
    • View Profile
Finding Syscalls
« on: September 09, 2013, 09:43:22 pm »
I would like to know how Ndless syscalls are found. How do you do it?

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: Finding Syscalls
« Reply #1 on: September 10, 2013, 01:41:10 am »
Such things are usually found through comparison of disassembly with older versions, and more disassembly :)
« Last Edit: September 10, 2013, 01:41:42 am by Lionel Debroux »
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline Legimet

  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 336
  • Rating: +29/-0
    • View Profile
Re: Finding Syscalls
« Reply #2 on: September 10, 2013, 06:53:16 pm »
So what file has to be disassembled, and what is a good disassembler?

Offline lkj

  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 485
  • Rating: +58/-1
    • View Profile
Re: Finding Syscalls
« Reply #3 on: September 10, 2013, 08:16:57 pm »
You need to disassemble the unencrypted OS. I think the easiest way to get that is dumping the memory to a file in nspire_emu. You can do that with the "wm" command in the integrated debugger.
IDA is the normally used disassembler.

Offline Legimet

  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 336
  • Rating: +29/-0
    • View Profile
Re: Finding Syscalls
« Reply #4 on: September 10, 2013, 09:14:41 pm »
OK, I'll take a look at IDA. What arguments should I pass to wm? It looks like you need the start address and the size.

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: Finding Syscalls
« Reply #5 on: September 11, 2013, 01:22:19 am »
The boot1 is loaded at 0 (when execution starts - it's unmapped later), the boot2 and diags are loaded at 0x11800000, the OS is loaded at 0x10000000.
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline Legimet

  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 336
  • Rating: +29/-0
    • View Profile
Re: Finding Syscalls
« Reply #6 on: September 11, 2013, 08:05:22 pm »
Thanks, I got it disassembled. :)