Differences

This shows you the differences between two versions of the page.

--- reverse_engineering:ghidra:create_a_project [2022/03/12 10:45] – kitor
+++ reverse_engineering:ghidra:create_a_project [2022/04/01 17:46] (current) – [Initial analysis] kitor
@@ Line 33: / Line 33: @@
 Close by clicking OK on all dialogs, and then acknowledge the import result. File will appear in a project.
-===== Initial analysis =====
+===== Project preparation =====
 Click twice on newly imported file. It will bring up "Code Browser" window.
@@ Line 39: / Line 39: @@
 Ghidra will ask if you want to perform auto analysis now - select **No**.
-=== Run disassembly ===
+=== Load 2nd ROM file (where applicable) ===
-Jump to second level (DryOS) bootloader address (press 'G' in Listing window):
+Go to ''File -> Add to program''. Select second ROM file. Import dialog will appear, but this time it will have language settings already in place.
-^ CPU       ^ Address        ^
+Open ''Options'', set Block name to something meaningful and Base Address to ''0xF0000000'' for Digic 7,8,X
-| Digic 6   | ''0xFE0A0000'' |
-| Digic 7,8 | ''0xE0040000'' |
-| Digic X   | ''0xE0100000'' |
-Press F12 to disassemble in Thumb mode. Wait for Ghidra to finish a task - it will discover a lot of functions so it will take some time.
+=== Fix memory map ===
-After it is done, we name that function ''firmware_entry''
+Navigate to ''Window -> Memory Map''. In rows representing loaded ROM images __uncheck__ tick in "W" (writable) column. This may affect analysis, and affects decompiler results.
+=== Add other memory regions ===
-=== Fix memory map ===
+This topic has a separate Wiki section: [[reverse_engineering:ghidra:memory_map|Defining memory map in Ghidra project]]
-Navigate to ''Window -> Memory Map''. In the only existing row (representing loaded ROM image) __uncheck__ tick in "W" (writable) column. This may affect analysis, and affects decompiler results.
+== Result ==
-=== Run auto analysis ===
+Complete memory map for EOS R 1.8.0 (internal 7.3.9) firmware:
+{{ :reverse_engineering:ghidra:ghidra_r180_memory.jpg|}}
+===== Initial analysis =====
+Project is now ready to start disassembling.
+=== Configure auto analysis ===
 Navigate to ''Analysis -> Auto analysis "<file_name>"''.
@@ Line 67: / Line 73: @@
   * Disable "Create Address Tables". In worst cases this option exhausts system memory and crashes Ghidra.
-Run the analysis - it will take a long time. After it is done, you may want to run "one shot" analysis for Embedded media and for Create Address Tables - but YRMV.
+Click ''Apply'' (do not click ''Analyze''!). Close the window.
+=== Run disassembly ===
+Jump to second level (DryOS) bootloader address (press 'G' in Listing window):
+^ CPU       ^ Address        ^
+| Digic 6   | ''0xFE0A0000'' |
+| Digic 7,8 | ''0xE0040000'' |
+| Digic X   | ''0xE0100000'' |
+Press F12 to disassemble in Thumb mode. Wait for Ghidra to finish a task - it will discover a lot of functions so it will take some time.
+After it is done, we name that function ''firmware_entry''
+=== Run auto analysis ===
+Go back to ''Analysis -> Auto analysis "<file_name>"''.
+Run the analysis - it will take a long time. After it is done, you may want to run "one shot" analysis for Embedded media and for Create Address Tables - but YMMV.