Disassemble HCS12 firmware with paged ROM (Flash)

All about https://www.hex-rays.com/products/ida/
Post Reply
Go4IT
Pro
Posts: 764
Joined: 08 Feb 2019, 12:25

Disassemble HCS12 firmware with paged ROM (Flash)

Post by Go4IT »

Hi, i recently come to the challenge to disassemble a MC9S12 microcontroller (HCS12 family with Motorolla 68K CPU) dump. Until now i only used to disassemble dumps having linear memory map, but this one is special. As you can see
mc9s12_flash_memory_map.png
The MCU has a PPAGE register to decide which page of the Flash should be visible in the page-window 0x8000-0xBFFF. The page is choosen by it's page-number (0x3C, 0x3D, ...). The page 0x3E has a fixed location/visibility from 0x4000-0x7FFF and also page 0x3F is fixed to 0xC000-0xFEFF (the upper space from 0xFF00-0xFFFF is reserved for vectors).
The CPU chooses a page using a CALL statement, where the page is added as a parameter, e.g. "CALL #$843A, #$3D". CPU set PPAGE to 3D and then calls to address.

Now i got the challenge of how to make IDA know that my linear dump file (or multiple page files) have that layout. This is where "segments" come to play:
ida_pages.png
You do not have the required permissions to view the files attached to this post.
User avatar
Stevebe
Pro
Posts: 257
Joined: 08 Feb 2019, 12:28

Re: Disassemble HCS12 firmware with paged ROM (Flash)

Post by Stevebe »

Njce work im just dumping the same chip
Digimod
Post Reply