Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Appendix A
Obtaining CMS Memory ImagesThe majority of the information in this report was derived from a static analysis of a CMS 4.4.03 binary image derived from [5]. If you download and extract all files from the Windows installer archive in [5], there will be a cms4.4.03raptor.cru file. Use the following Linux commands to prepare this file according to the CMS Image Format section:
dd if=cms4.4.03raptor.cru of=cms4.4.03raptor.gz bs=192 skip=1
zcat cms4.4.03raptor.gz > cms4.4.03raptor.tmp
dd if=cms4.4.03raptor.tmp of=cms4.4.03raptor bs=1024 seek=568
The last command inserts 0x8e000 zero bytes before the final image to match its native logical base address, as described in the Memory Map section.
This gives the CMS binary image file cms4.4.03raptor that is used for all further static analysis.
Alternately, CMS can be dumped from a running Crusoe system as described in the CMS Image Format section; however, that method is much more difficult unless runtime analysis is required.
TM58xx Disassembler and Analysis Software
A full disassembler and analysis toolset for TM58xx CMS images is provided in source form as CrusoeReport-Part2-Disasm.cpp. This program was designed and tested under Linux only. It will take an appropriately decompressed and padded CMS binary image (see previous section) and disassemble it, complete with basic block analysis and statistical report generation. Both of these features are useful for further reverse engineering.
Sample Code Sequences
To present some idea of the nature of Crusoe native code, the included file CrusoeReport-Part2-Samples.S contains disassembled and commented listings of a few key CMS functions. Each instruction is given in both binary and symbolic form, along with comments to demonstrate understanding of the actual high level meaning the corresponding source code expressed.
Pages: « Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Next »
Discuss (6 comments)