1 Jan
2013
1 Jan
'13
5:44 p.m.
> which is nonsensical enough (movzwl $0 rather than
clrl or even
> movzbl $0?) to suggest to me that 20046858 is an entry mask, and
> indeed disassembling it that way gives [...] which makes a whole lot
> more sense.
Just to mention: If you're using binutils's
objdump to disassemble
the ROM, you can use (multiple times) -M entry:0x.... to mark
certain addresses as entry masks (thus, as function start addresses.)
Holm's email which I was excerpting included two lines (which I didn't
quote) which made it clear that disassembly was done with my
disassembler, which is capable of recording, for each byte in the file,
what it is: instruction, entry mask, data, text string, etc. It also
supports annotating the disassembly with comments; it is specifically
designed for making sense out of an otherwise undocumented binary (it
was first written to deal with a captured piece of malware).
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B