Difference between revisions of "RK3566 EBC Reverse-Engineering"
Jump to navigation
Jump to search
(→Reverse-Engineered Stuff: add ebc_buf_info struct) |
(→Finding Structs and Function Signatures: Add Ghidra info) |
||
| Line 69: | Line 69: | ||
<code>aarch64-linux-gnu-gcc -c -o ebc_dev_v8.o ebc_dev_v8.S</code> | <code>aarch64-linux-gnu-gcc -c -o ebc_dev_v8.o ebc_dev_v8.S</code> | ||
This gives us a <code>ebc_dev_v8.o</code> which we can feed into readelf | This gives us a <code>ebc_dev_v8.o</code> which we can feed into analysis tools. | ||
For both of these, keep in mind that we're only interested in stuff from ebc_dev.c, or any other files for which we don't have the source. There's no point in getting the struct description or reverse-engineering a function that we have the source code for. A lot more than ebc_dev will be in the object file due to inlining and such. | |||
Also make sure that if you are looking up known struct accesses, that you use struct definitions from the BSP kernel, not from mainline. The kernel has no internal ABI for drivers! | |||
== Faster and Easier - Ghidra == | |||
Import the file into Ghidra, open the code browser. After analysis, you should be able to find structs in the "Data Type Manager" marked with an S icon. You'll also find functions in the symbol tree. | |||
== Slow and Painful - readelf/objdump == | |||
Use this if you want to manually look up dwarf symbols for some reason. | |||
<code>readelf --debug-dump ebc_dev_v8.o</code> | <code>readelf --debug-dump ebc_dev_v8.o</code> | ||