I need a disassembler for AMD 188

Ada Pro.

(whoops) _Ida_ Pro.

Is that an 80188? Then anything that claims to be 8086 compatible will work.

Yes. Ida Pro is very nice, though. Saves considerable time in reverse-engineering (vs. say DEBUG.COM :)

I have IDA pro but when I try to decompile IDA ask for the Starting point, I don=B4t know exactly the starting point and when I specify the starting the result code do not has sense, that say that I have specified a wrong Address.

How Can I know where the program start? AM188 is a microcontroller from AMD.

Thanks. S=2EL

Coder scrobe on the papyrus:

Read the data sheet and find out about the reset address, then you will know where to start from.

--
John B

The 80186 family processors start at 16 bytes below the top of address range, here: 0xffff:0. Try 16 bytes below the top of your PROM.

--

Tauno Voipio
tauno voipio (at) iki fi

The system uses a EPROM 27C4001 4096kB. So I will 4096kb - 16b = 4095984b This is the address of starting . And How can I find the Check Sum procedure.

Thanks.

OK...

- You started asking for a disassembler. You got connected up with one. It was unclear whether you were aware that the AMD and Intel architecture are the same.

- Then you asked where the program starts. This tells me that you are not especially familiar with the architecture at all.

- Then you asked where the checksum procedure is. It's not necessary that a checksum procedure exists. If it does, it could be anywhere in the address space of the processor. You're not going to find it without a lot of work.

There are many people in this newsgroup who make a living doing exactly the kind of work that you appear to be trying to avoid.

I think you have two paths:

1) Get some books on the Intel 8086 architecture and read them, cover to cover. Start at 0xFFFF:0 and look at what's there. It's probably a jump to somewhere else. Look there and follow the code.

2) Pay someone to reverse-engineer whatever your target is, in which case, they'll start at 0xFFFF:0, etc.

GS

Op 28 May 2006 13:40:16 -0700 schreef Coder:

First, learn that 1 kb is not 1000, it equals 1024. So 4096 Kb - 16 = 4194288 But doing it hexadecimal is way simpler:

4096 Kb = 0x400000, minus 16 is 0x3FFFFF0

But I think Tauno has it right, the reset address still is FFFF:0000 because the 188 is a 16 bit processor with 20 bit address. At least it starts running like one, the Pentia still do this. Later on the latter switches to protected, 32 bit mode. I think the 188 won't.

--
Coos

I need a sugestion of How can I find the part of code I looking for.

I=B4m using IDA but I dont know if the code is correct. I have specified to IDA where start each procedure.

I think that if I specify the starting point it woul be enough.

The end of the binary file has:

0007FFF0h 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0007FFF0h EA 00 00 F0 FF 00 00 00 00 00 00 00 00 00 00 00

but this address is with 00 and the next line has code:

0000FFF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00010000 C8 06 00 00 1E B8 3C 48 8E D8 C6 46 FF 00 C7 46,

I think that the program begin here but I need to press =A8C=A8 for each procedure.

Op 5 Jun 2006 15:07:47 -0700 schreef Coder:

This is a far jump to address FFF0:0000

This is address: 0000:FFF0 so not the same as above.

This can not be the beginning of a program, it starts with an ENTER instruction. It's the beginning of a procedure/subroutine.

I don't know IDA and I have no idea what the C-key does. I can't help you here. Read the documentation that without a doubt comes with IDA ...

--
Coos

Can you suggest me a decompiler for 80188.

Op 7 Jun 2006 14:43:53 -0700 schreef Coder:

Since the early days of MS-DOS up to Windows XP, DEBUG is included. SYMDEB would do, or Turbo Debugger (Borland) There must exist much newer debuggers, I don't know ;-)

--
Coos

??? - Do not expect to get very different answers from what you got when you asked the same question two weeks ago. (OK, almost the same question. I will ignore the issue of how a 'decompiler' is different from a 'dissasembler') From the lowly debug.com that came with older versions of MS-DOS, to Ida-Pro, that you claim you have. You must learn to use it, and you must know the architecture and instruction set of the '188 to make sense of any dissasembler output. Nobody can do this for you.

There's no such thing - there is plenty of the information of the original source code lost when it has been translated (compiled, assembled and linked). There's no way to re-generate that information reliably fromthe binaries.

You can help the tedium a little by using a good dis-assembler in an intelligent way. But expect the de-compilation to be a task resembling solving a giant Sunday paper crossword puzzle.

(been there - done that)

--

Tauno Voipio
tauno voipio (at) iki fi

This program is for Arcade machine, so I didn=B4t think it could be disassembled with debug.com .

The system uses a EPROM 27C4001 4096kB the max address is 0007FFF0h in this line > 0007FFF0h EA 00 00 F0 FF 00 00 00 00 00 00 00 00 00 00

00

This is a far jump to address FFF0:0000 so this address is not the memory space. What is going on here?

Thanks.

I'll tell you what, before you ask any more questions, answer this question:

FFF0:0000 is a 32 bit address, the 80188 has a 20 bit address bus. How does the 32 bit logical address get converted to a 20 bit physical address?

If you get the correct answer, we'll know that you've spent at least a little time understanding the processor. If you get the wrong answer, we'll know that you're probably a fool and needs to do his own homework.

GS

He still needs to do his homework, but his address may still be valid in a 20-bit address space. It's common to represent x86 addresss as segment:offset which, in this case would be an absolute address of 0xFFF00.