Omnimaga
Omnimaga => Our Projects => Ndless => Topic started by: Legimet on September 09, 2013, 09:43:22 pm
-
I would like to know how Ndless syscalls are found. How do you do it?
-
Such things are usually found through comparison of disassembly with older versions, and more disassembly :)
-
So what file has to be disassembled, and what is a good disassembler?
-
You need to disassemble the unencrypted OS. I think the easiest way to get that is dumping the memory to a file in nspire_emu. You can do that with the "wm" command in the integrated debugger.
IDA is the normally used disassembler.
-
OK, I'll take a look at IDA. What arguments should I pass to wm? It looks like you need the start address and the size.
-
The boot1 is loaded at 0 (when execution starts - it's unmapped later), the boot2 and diags are loaded at 0x11800000, the OS is loaded at 0x10000000.
-
Thanks, I got it disassembled. :)