7

I have been unable to get IDA pro to do a simple disassembly of a flat 16-bit binary (bootloader) file. I'm just getting started, and it seems to be harder than it should be.

There's a simple set of instructions, that do

seg000:7C5D                 push    7C0h
seg000:7C60                 pop     ds
seg000:7C61                 assume ds:nothing
seg000:7C61                 push    ds
seg000:7C62                 push    (offset unk_7C66 - offset loc_7C00)
seg000:7C65                 retf
seg000:7C65 ; --------------------------------------------------------------------------
seg000:7C66 unk_7C66        db  88h ; ê             ; DATA XREF: seg000:7C62o

Right under push 7c0h; pop ds it says assume ds:nothing. retf actually uses the values in the stack to set the segment and offset. Is there a way to manually enable such analysis? Are there more intelligent disassemblers out there? I'm having trouble following the flow and IDA isn't helping at ALL.

Milind R
  • 203
  • 1
  • 8

1 Answers1

4

Apologies for bringing this up after half a year; hope the question is still relevant.

If this is occurring in multiple places, I would suggest to write a simple IDC script to solve the issue. The script would:

  • Match the push/pop/push/push/retf instruction sequence;
  • Set up a code cross-reference from the retf instruction to the calculated address;
  • Place a comment;
  • Mark the destination for analysis by IDA (optional, I think IDA should automatically start exploring after xref creation).

This should solve the issue at hand. Unfortunately, IDA is not as smart as we would like it to be.

Dmitry Janushkevich
  • 493
  • 3
  • 14
  • Thanks.. I'll try to write the IDC script myself; if that doesn't work out, I'll be back on RE.SE! :) – Milind R Jul 29 '14 at 08:55