Advantage(s): Correct calling convention for syscalls, stack-based syscalls are nice
Disadvantage(s): Thunks in the jumptable don't automatically update name/function prototype
- Make a dump using dump.py.
- Add binary_ninja/loader and https://github.com/ubuntor/binaryninja-m68k to Binary Ninja plugins.
- Open the dump. The loader should run automatically and start disassembling.
Advantage(s): Syscalls are functions (so xrefs work), nicer handling of thunks
Disadvantage(s): Return value for syscalls that use pascal calling convention disappears (Ghidra Issue), stack-based syscall arguments are ugly
- Make a dump using dump.py.
- Put the files in ghidra/processor in
$GHIDRA_INSTALL/Ghidra/Processors/68000/data/languages/
. - Put the files in ghidra/data in
$GHIDRA_INSTALL/Ghidra/Features/Base/data/
. - Add the scripts in ghidra/scripts to Ghidra scripts. These will be in the
Analysis/M68k
category. - Open the dump as processor
68000
, variantMac
. - Run
M68kMacJankLoader.java
(find functions from jumptable),M68kMacSymbols.java
(find symbols),M68kMacPropagateThunks.java
(propagate thunk calls), andM68kMacSyscallScript.java
(markup syscalls) in that order.
_FP68K
(and_*Dispatch
,_Pack*
, etc.) routine number labelling- Finish all syscalls
- Figure out ghidra issue
- Direct loader for Ghidra from binhex/derez