Disassemble HCS12 firmware with paged ROM (Flash)
Posted: 09 Sep 2021, 07:02
Hi, i recently come to the challenge to disassemble a MC9S12 microcontroller (HCS12 family with Motorolla 68K CPU) dump. Until now i only used to disassemble dumps having linear memory map, but this one is special. As you can see
The MCU has a PPAGE register to decide which page of the Flash should be visible in the page-window 0x8000-0xBFFF. The page is choosen by it's page-number (0x3C, 0x3D, ...). The page 0x3E has a fixed location/visibility from 0x4000-0x7FFF and also page 0x3F is fixed to 0xC000-0xFEFF (the upper space from 0xFF00-0xFFFF is reserved for vectors).
The CPU chooses a page using a CALL statement, where the page is added as a parameter, e.g. "CALL #$843A, #$3D". CPU set PPAGE to 3D and then calls to address.
Now i got the challenge of how to make IDA know that my linear dump file (or multiple page files) have that layout. This is where "segments" come to play:
The CPU chooses a page using a CALL statement, where the page is added as a parameter, e.g. "CALL #$843A, #$3D". CPU set PPAGE to 3D and then calls to address.
Now i got the challenge of how to make IDA know that my linear dump file (or multiple page files) have that layout. This is where "segments" come to play: